The Centre for Internet and Society
https://cis-india.org
These are the search results for the query, showing results 2881 to 2895.
A Compilation of Research on the PDP Bill
https://cis-india.org/internet-governance/blog/compilation-of-research-on-data-protection
<b>The most recent step in India’s initiative to create an effective and comprehensive Data Protection regime was the call for comments to the Personal Data Protection Bill, 2019, which closed last month. Leading up to the comments, CIS has published numerous research pieces with the goal of providing a comprehensive overview of how this legislation would place India within the global scheme, and how the local situation has developed, as well as analysing its impacts on citizens’ rights.</b>
<p> </p>
<p>In addition to general and clause-by-clause comments and recommendations, we
have compiled an annotated version of the Personal Data Protection
Bill, which lays out our <a class="external-link" href="https://cis-india.org/internet-governance/blog/comments-to-the-personal-data-protection-bill-2019">commentary</a> in an easy-to-follow format.</p>
<p> </p>
<p><img src="https://cis-india.org/internet-governance/pdp-bill-compilation-post-image/" alt="null" width="100%" /></p>
<p> </p>
<p>Below, you can find our other recent research on Data Protection:</p>
<p> </p>
<ul><li>Pallavi Bedi has put together a <a class="external-link" href="https://cis-india.org/internet-governance/blog/divergence-between-the-general-data-protection-regulation-and-the-personal-data-protection-bill-2019">note</a> on the Divergence between EU’s General Data Protection Regulation (GDPR) and the Personal Data Protection Bill.</li></ul>
<div> </div>
<ul><li>In addition, Pallavi has also <a class="external-link" href="https://cis-india.org/internet-governance/blog/comparison-of-the-personal-data-protection-bill-with-the-general-data-protection-regulation-and-the-california-consumer-protection-act-2">contrasted</a> the Personal Data Protection Bill with the GDPR and California Consumer Protection Act, in the contexts of jurisdiction and scope, rights of the data principal, obligations of data fiduciaries, exemptions, data protection authority, and breach of personal data. </li></ul>
<div> </div>
<ul><li>On IAPP’s blog <em>Privacy Perspectives</em>, D. Shweta Reddy has <a class="external-link" href="https://iapp.org/news/a/grade-sheet-for-indias-adequacy-status/">assessed</a> whether the Personal Data Protection Bill 2019 is sufficient for India to receive adequacy status from the EU.</li></ul>
<div> </div>
<ul><li>Along with Justin Sherman, Arindrajit Basu has <a class="external-link" href="https://www.lawfareblog.com/key-global-takeaways-indias-revised-personal-data-protection-bill">outlined</a> the key global takeaways from the Personal Data Protection Bill 2019 on <em>Lawfare</em>.</li></ul>
<div> </div>
<ul><li>On <em>The Diplomat</em>, Arindrajit has also <a class="external-link" href="https://thediplomat.com/2020/01/the-retreat-of-the-data-localization-brigade-india-indonesia-and-vietnam/">traced</a> the narrowing localization provisions in India, as well as Vietnam and Indonesia, and studied the actors and geopolitical tussle that has shaped these provisions.</li></ul>
<div> </div>
<ul><li>Through a string of publicly available submissions, press statements, and other media reports, Arindrajit and Amber Sinha have <a class="external-link" href="https://www.epw.in/engage/article/politics-indias-data-protection-ecosystem">tracked</a> the political evolution of the data protection ecosystem in India, and how this has, and will continue to impact legislative and policy developments on <em>EPW Engage</em>.</li></ul>
<div> </div>
<ul><li>Gurshabad Grover and Tanaya Rajwade have <a class="external-link" href="https://thewire.in/tech/indias-privacy-bill-regulates-social-media-platforms">written</a> on <em>The Wire</em> about how the Personal Data Protection Bill regulates social media.</li></ul>
<div> </div>
<ul><li>Amber was also a guest on <em>Suno India’s <a class="external-link" href="https://www.sunoindia.in/cyber-democracy/personal-data-protection-bill-what-does-it-mean-for-your-right-to-privacy/">Cyber Democracy podcast</a></em>, with Srinivas Kodali, to discuss how the latest version of the Personal Data Protection Bill will impact the right to privacy.
</li></ul>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/compilation-of-research-on-data-protection'>https://cis-india.org/internet-governance/blog/compilation-of-research-on-data-protection</a>
</p>
No publisherpranavinternet governanceInternet GovernanceData ProtectionPrivacy2020-03-05T08:04:24ZBlog EntryA Comparison of the Draft DNA Profiling Bill 2007 and the Draft Human DNA Profiling Bill 2012
https://cis-india.org/internet-governance/blog/comparison-of-draft-dna-profiling-bills
<b>In this post, Maria Xynou gives us a comparison of the Draft DNA Profiling Bill 2007 and the Draft Human DNA Profiling Bill 2012.</b>
<hr />
<p><i>This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC</i>.</p>
<hr />
<p>Last April, the most recent version of the DNA Profiling Bill was leaked in India. The draft 2007 DNA Profiling Bill failed to adequately regulate the collection, use, sharing, analysis and retention of DNA samples, profiles and data, whilst its various loopholes created a potential for abuse. However, its 2012 amended version is not much of an improvement. On the contrary, it excessively empowers the DNA Profiling Board, while remaining vague in terms of collection, use, analysis, sharing and storage of DNA samples, profiles and data. Due to its ambiguity and lack of adequate safeguards, the draft April 2012 Human DNA Profiling Bill can potentially enable the infringement of the right to privacy and other human rights.</p>
<h2><b>Draft 2007 DNA Profiling Bill <i>vs.</i> Draft 2012 Human DNA Profiling Bill</b></h2>
<h3><b> </b><b>1. </b><b>Composition of the DNA Profiling Board</b></h3>
<p><b>Amendment:</b> The Draft 2007 DNA Profiling Bill listed the members which would be appointed by the Central Government to comprise the DNA Profiling Board. A social scientist of national eminence, as stated in section 4(q) of Chapter 3, was included. However, the specific section has been deleted from the Draft 2012 Human DNA Profiling Bill and no other social scientist has been added to the list of members to comprise the DNA Profiling Board. Despite the amendments to the section on the composition of the Board, no privacy or human rights expert has been included.</p>
<p><b>Analysis:</b> The lack of human rights experts on the board can potentially be problematic as a lack of expertise on privacy laws and other human rights laws can lead to the regulation of DNA databases without taking privacy and other civil liberties into consideration.</p>
<ul>
<li><b>DNA 2007 Bill (Section 4): </b><i>“The DNA Profiling Board shall consist of the following members appointed by the Central Government from amongst persons of ability, integrity and standing who have knowledge or experience in DNA profiling including molecular biology, human genetics, population biology, bioethics , social sciences, law and criminal justice or any other discipline which would, in the opinion of the Central Government, be useful to DNA Profiling , namely: (a) a Renowned Molecular Biologist to be appointed by the Central Government Chairperson, (b) Secretary, Ministry of Law and Justice, or his nominee ex-officio Member; (c) Chairman, Bar Council of India, New Delhi or his nominee ex-officio Member; (d) Vice Chancellor, NALSAR University of Law, Hyderabad ex-officio Member; (e) Director, Central Bureau of Investigation or his nominee ex-officio Member; (f) Chief Forensic Scientist, Directorate of Forensic Science, Ministry of Home Affairs, New Delhi ex-officio Member; (g) Director, National Crime Records Bureau, New Delhi ex-officio Member; (h) Director, National Institute of Criminology and Forensic Sciences, New Delhi ex-officio Member; (i) a Forensic DNA Expert to be nominated by Secretary, Ministry of Home Affairs, New Delhi, Government of India Member; (j) a DNA Expert from All India Institute of Medical Sciences, New Delhi to be nominated by its Director, Member; (k) a Population Geneticist to be nominated by the President, Indian National Science Academy, New Delhi Member; (l) an Expert to be nominated by the Director, Indian Institute of Science, Bangalore Member; (m) Director, National Accreditation Board for Testing and Calibration of Laboratories, New Delhi ex-officio Member; (n) Director, Centre for Cellular and Molecular Biology, Hyderabad ex-officio Member; (o) Representative of the Department of Bio-technology, Government of India, New Delhi to be nominated by Secretary, DBT, Ministry of S&T, Government of India Member; (p) The Chairman, National Bioethics Committee of Department of Biotechnology, Government of India, New Delhi ex-officio Member; (q) a Social Scientist of National Eminence to be nominated by Secretary, MHRD, Government of India Member; (r) four Directors General of Police representing different regions of the country to be nominated by MHA Members; (s) two expert Members to be nominated by the Chairperson Members (t) Manager, National DNA Data Bank ex-officio Member; (u) Director, Centre for DNA and Fingerprinting and Diagnostics (CDFD), Hyderabad ex-officio Member Secretary”</i><b> </b></li>
</ul>
<p><b> </b></p>
<ul>
<li><b>DNA April 2012 Bill (Section 4):</b><i>“The Board shall consist of the following Members appointed from amongst persons of ability, integrity and standing who have knowledge or experience in DNA profiling including molecular biology, human genetics, population biology, bioethics, social sciences, law and criminal justice or any other discipline which would be useful to DNA profiling, namely:- (a) A renowned molecular biologist to be appointed by the Central Government- Chairperson; (b) Vice Chancellor of a National Law University established under an Act of Legislature to be nominated by the Chairperson- ex-officio Member; (c) Director, Central Bureau of Investigation or his nominee (not below the rank of Joint Director)- ex-officio Member; (d) Director, National Institute of Criminology and Forensic Sciences, New Delhi- ex-officio Member;(e) Director General of Police of a State to be nominated by Ministry of Home Affairs, Government of India- ex-officio Member; (f) Chief Forensic Scientist, Directorate of Forensic Science, Ministry of Home Affairs, Government of India - ex-officio Member</i><b> </b><i>(g) Director of a Central Forensic Science Laboratory to be nominated by Ministry of Home Affairs, Government of India- ex-officio Member; (h) Director of a State Forensic Science Laboratory to be nominated by Ministry of Home Affairs, Government of India- ex-officio Member; (i) Chairman, National Bioethics Committee of Department of Biotechnology, Government of India- ex-officio Member; (j) Director, National Accreditation Board for Testing and Calibration of Laboratories, New Delhi- exofficio Member; (k) Financial Adviser, Department of Biotechnology, Government of India or his nominee- ex-officio Member; (l) Two molecular biologists to be nominated by the Secretary, Department of Biotechnology, Ministry of Science and Technology, Government of India- Members; (m) A population geneticist to be nominated by the President, Indian National Science Academy, New Delhi- Member; (n) A representative of the Department of Biotechnology, Government of India to be nominated by the Secretary, Department of Biotechnology, Ministry of Science and Technology, Government of India- Member; (o) Director, Centre for DNA and Fingerprinting and Diagnostics (CDFD), Hyderabad- ex-officio Member- Secretary” </i></li>
</ul>
<p><i><br /></i></p>
<h3><b>2. </b><b>Powers and functions of the Chief Executive Officer</b></h3>
<p><b>Amendment:</b> Although the Chief Executive Officer´s (CEO) powers and functions are set out in the 2007 Draft DNA Bill, these have been deleted from the amended 2012 Draft Bill. The Draft 2012 Bill merely states how the CEO will be appointed, the CEO´s status and that the CEO should report to the Member Secretary of the Board. As for the powers and functions of the CEO, the 2012 Bill states that they will be specified by the Board, without any reference to what type of duties the CEO would be eligible for. Furthermore, section 10(3) has been added which determines that the CEO will be ´a scientist with understanding of genetics and molecular biology´.</p>
<p><b>Analysis:</b> The lack of legal guidelines which would determine the scope of such regulations indicates that the CEO´s power is subject to the Board. This could create a potential for abuse, as the CEO´s power and the criteria for the creation of the regulations by the Board are not legally specified. Although an understanding of genetics and molecular biology is a necessary prerequisite for the specific CEO, an official understanding of privacy and human rights laws should also be a prerequisite to ensure that tasks are carried out adequately in regards to privacy and data protection.</p>
<ul>
<li><b>DNA 2007 Bill (Section 11):</b><i>“(1) The DNA Profiling Board shall have a Chief Executive Officer who shall be appointed by the Selection Committee consisting of Chairperson and four other members nominated by the DNA Profiling Board. (2) The Chief Executive Officer shall be of the rank of Joint Secretary to the Govt. of India and report to the Member Secretary of the DNA Profiling Board. (3)The Chief Executive Officer appointed under sub-section (1)shall exercise powers of general superintendence over the affairs of the DNA Profiling Board and its day-to-day management under the direction and control of the Member Secretary. (4) The Chief Executive Officer shall be responsible for the furnishing of all returns, reports and statements required to be furnished, under this Act and any other law for the time being in force, to the Central Government. (5) It shall be the duty of the Chief Executive Officer to place before the DNA Profiling Board for its consideration and decision any matter of financial importance if the Financial Adviser suggests to him in writing that such matter be placed before the DNA Profiling Board.”</i><b> </b></li>
<li><b>DNA April 2012 Bill (Section 10): </b><i>“(1) There shall be a Chief Executive Officer of the Board who shall be appointed by a selection committee consisting of the Chairperson and four other Members nominated by the Board. (2) The Chief Executive Officer shall be a person not below the rank of Joint Secretary to the Government of India or equivalent and he shall report to the Member-Secretary of the Board. (3) The Chief Executive Officer shall be a scientist with understanding of genetics and molecular biology. (4) The Chief Executive Officer appointed under subsection (1) shall exercise such powers and perform such duties, as may be specified by the regulations made by the Board, under the direction and control of the Member-Secretary”</i></li>
</ul>
<p><i><br /></i></p>
<h3><b>3. </b><b>Functions of the Board</b></h3>
<p><b>Amendment:</b> The section on the functions of the DNA Profiling Board of the 2007 Draft DNA Profiling Bill has been amended. In particular, sub-section 12(j) of the Draft 2012 Human DNA Profiling Bill states that the Board would ´authorise procedures for communication of DNA profile for civil proceedings and for crime investigation by law enforcement and other agencies´. The equivalent sub-section in the 2007 Draft DNA Bill restricted the Board´s authorisation to crime investigation by law enforcement agencies, and did not include civil proceedings and other agencies.</p>
<p><b>Analysis:</b> This amendment raises concerns, as the ´other agencies´ and the term ´civil proceedings´ are not defined and remain vague. The broad use of the terms ´other agencies´ and ´civil proceedings´ could create a potential for abuse, as it is unclear which parties would be authorised to use DNA profiles and under what conditions, nor is it clear what ´civil proceedings´ entail.</p>
<p><b>DNA 2007 Bill (Section 13(x)): </b><i>The DNA Profiling Board constituted under section 3 of this Act shall exercise and discharge the following powers and functions, namely: “authorize communication of DNA profile for crime investigation by</i><b> </b><i>law enforcement agencies;” </i><b> </b></p>
<p><b>DNA April 2012 Bill (Section 12(j)): </b><i>The Board shall exercise and discharge the following functions for the purposes of this Act, namely: “authorizing procedures for communication of DNA profile for civil proceedings and for crime investigation by law enforcement and other agencies;”</i></p>
<h3><i> </i><b>4. </b><b>Regional DNA Data Banks</b></h3>
<p><b>Amendment:</b> Section 33(1) of the 2007 Draft DNA Profiling Bill has been amended and its 2012 version (section 32(1)) states that the Central Government will establish a National DNA Data Bank and ´as many Regional DNA Data Banks thereunder, for every state or group of States, as necessary´.</p>
<p><b>Analysis:</b> This amendment enables the potential establishment of infinite regional DNA Data Banks without setting out the conditions for their function, how they would use data, how long they would retain it for or who they would share it with. The establishment of such regional data banks could potentially enable the access to, analysis, sharing and retention of huge volumes of DNA data without adequate regulatory frameworks restricting their function.</p>
<ul>
<li><b>DNA 2007 Bill (Section 33(1)): </b><i>“The Central Government shall, by a notification published in the</i><b> </b><i>Gazette of India, establish a National DNA Data Bank.”</i><b> </b></li>
<li><b>DNA April 2012 Bill (Section 32(1)): </b><i>“The Central Government shall, by notification, establish a National DNA Data Bank and as many Regional DNA Data Banks thereunder for every State or a group of States, as necessary.</i></li>
</ul>
<p><i><br /></i></p>
<h3><b>5. </b><b>Data sharing</b></h3>
<p>Section 33(2) of the 2007 Draft DNA Profiling Bill has been amended and section 32(2) of the 2012 draft Human DNA Profiling Bill includes that every state government should establish a State DNA Data Bank which should share the information with the National DNA Data Bank.</p>
<p>This sharing of DNA data between state and national DNA Data Banks could potentially increase the probability of data being accessed, shared, analysed and retained by unauthorised third parties. Furthermore, specific details, such as which information should be shared, how often and under what conditions, have not been specified.</p>
<ul>
<li><b>DNA 2007 Bill (Section 33(2)): </b><i>“A State Government may, by notification in the Official Gazette, establish a State DNA Data Bank.”</i><b> </b></li>
<li><b>DNA April 2012 Bill (Section 32(2)):</b><i>“Every State Government may, by notification, establish a State DNA Data Bank which shall share the information with the National DNA Data Bank.”</i></li>
</ul>
<p><i><br /></i></p>
<h3><b>6. </b><b>Data retention</b></h3>
<p><b>Amendment:</b> Section 32(3) of the 2012 draft DNA Bill has been amended from its original 2007 form to include that regulations on the retention of DNA data would be drafted by the DNA Profiling Board.</p>
<p><b>Analysis:</b> This amendment does not set out the DNA data retention period, nor who would have the authority to access such data and under what conditions. Furthermore, regulations on the retention of such data would be drafted by the DNA Profiling Board, which could increase their probability of being subject to bias and lack of transparency.</p>
<ul>
<li><b>DNA 2007 Bill (Section 33(3)): </b><i>“The National DNA Data Bank shall receive DNA data from State DNA Data Banks and shall store the DNA Profiles received from different</i><b> </b><i>laboratories in the format as may be specified by regulations.”</i> <b> </b></li>
<li><b>DNA April 2012 Bill (Section 32(3)): </b><i>“The National DNA Data Bank shall receive DNA data from State DNA Data Banks and shall store the DNA profiles received from different laboratories in the format as may be specified by the regulations made by the Board.”</i></li>
</ul>
<p><i><br /></i></p>
<h3><b>7. </b><b>Data Bank Manager</b></h3>
<p><b>Amendment:</b> Section 33 has been added to the 2012 draft Human DNA Profiling Bill and establishes a DNA Data Bank Manager, who would carry out ´all operations of and concerning the National DNA Data Bank´.</p>
<p><b>Analysis:</b> All such operations are not clearly specified and could create a potential for abuse. The DNA Data Manager would have the same type of status as the Chief Executive Officer, but he/she would be required to have an understanding of computer applications and statistics, possibly to support data mining efforts. However, the powers and duties that the DNA Data Bank Manager would be expected to have are not specified in the Bill, which merely states that they would be specified by regulations made by the DNA Profiling Board.</p>
<ul>
<li><b>DNA 2012 Bill (Section 33):</b><i>“(1) All operations of and concerning the National DNA Data Bank shall be carried out under the supervision of a DNA Data Bank Manager who shall be appointed by a selection committee consisting of Chairperson and four other Members nominated by the Board.(2) The DNA Data Bank Manager shall be a person not below the rank of Joint Secretary to the Government of India or equivalent and he shall report to the Member-Secretary of the Board.(3) The DNA Data Bank Manager shall be a scientist with understanding of computer applications and statistics. (4) The DNA Data Bank Manager appointed under sub-section (1) shall exercise such powers and perform such duties, as may be specified by the regulations made by the Board, under the direction and control of the Member-Secretary.”</i></li>
</ul>
<p><i><br /></i></p>
<h3><b>8. </b><b>Communication of DNA profiles to foreign agencies</b></h3>
<p><b>Amendment:</b> The 2007 Draft DNA Profiling Bill has been amended and sub-sections 35(2, 3) have been excluded from the 2012 Draft Human DNA Profiling Bill. These sub-clauses prohibited the use of DNA profiles for purposes other than the administration of the Act, as well as the communication of DNA profiles. Furthermore, sub-section 36(1) has been added to the 2012 Bill, which authorises the communication of DNA profiles to international agencies for the purposes of crime investigation.</p>
<p><b>Analysis:</b> The exclusion of sub-sections 35(2, 3) from the 2012 Bill indicates that the use and communication of DNA profiles without prior authorisation may be legally permitted, which raises major privacy concerns. Sub-section 36(1) does not define a ´crime investigation´, which indicates that DNA profiles could be shared with international agencies for loosely defined ´criminal investigations´ or even for civil proceedings. The lack of a strict definition to the term ´crime investigation´, as well as the broad reference to foreign states and international agencies raises concerns, as it remains unclear who will have access to information, for how long, under what conditions and whether that data will be retained.</p>
<ul>
<li><b>DNA 2007 Bill (Sections 35(2,3)): </b><i>“(2) No person who receives the DNA profile for entry in the DNA Data Bank shall use it or allow it to be used for purposes other than for the administration of this Act. (3) No person shall, except in accordance with the provisions hereinabove, communicate or authorize communication, or allow to be communicated a DNA profile that is contained in the DNA Data Bank or information that is referred to in sub-section (1) of Section 34”</i><b> </b></li>
<li><b>DNA April 2012 Bill (Section 36(1)): </b><i>“On receipt of a DNA profile from the government of a foreign state, an international organisation established by the governments of states or an institution of any such government or international organization, the National DNA Data Bank Manager may compare the DNA profile with those in the DNA Data Bank in order to determine whether it is already contained in the Data Bank and may then communicate through Central Bureau of Investigation or any other appropriate agency of the Central Government and with the prior approval of the Central Government information referred to in subsection (1) of section 35 to that government, international organisation or institution.”</i></li>
</ul>
<p><i><br /></i></p>
<h3><b>9. </b><b>Data destruction</b></h3>
<p><b>Amendment:</b> Section 37 of the 2007 draft DNA Profiling Bill states that the DNA Data Bank Manager shall expunge the DNA analysis of a person from the DNA index once the court has certified that the conviction of a person has been set aside. The 2007 Bill had no particular reference to data retention. The equivalent clause (37) of the 2012 draft DNA Bill, however, not only states that individuals´ DNA data will be kept on a ´permanent basis´, but also that the DNA Data Bank Manager shall expunge a DNA profile under the same conditions under the 2007 Bill.</p>
<p><b>Analysis:</b> This amendment indicates that Indians´ DNA data will be kept indefinitely and that it will be deleted only once the court has cleared an individual from conviction. This raises major concerns, as it does not clarify under what conditions individuals can have access to data during its retention, nor does it give ´non-convicts´ the opportunity to have their data deleted from the data bank.</p>
<ul>
<li><b>DNA 2007 Bill (Section 37): </b><i>“The Data Bank Manager shall, on receiving a certified copy of the order of the court that has become final establishing that the conviction of a person included in the DNA data bank has been set aside, expunge forthwith the DNA analysis of such person from the DNA index. Explanation:- For the purposes of this section, a court order is not ‘final’ till the expiry of the period of limitation for filing an appeal, or revision application, or review if permissible under the law, with respect to the order setting aside the conviction.”</i><b> </b></li>
<li><b>DNA April 2012 Bill (Section 37):</b><i>“(1) Subject to sub-sections (2) and (3), the information in the offenders’ index pertaining to a convict shall be kept on a permanent basis. (2) The DNA Data Bank Manager shall, on receiving a certified copy of the order of the court that has become final establishing that the person in respect of whom the information is included in the offenders’ index has been acquitted of the charge against him, expunge forthwith the DNA profile of such person from the offenders’ index, under intimation to the individual concerned, in such manner as may be prescribed. (3) The DNA Data Bank Manager shall, on receiving a certified copy of the order of the court that has become final establishing that the conviction of a person in respect of whom the information is included in the offenders’ index has been set aside, expunge forthwith the DNA profile of such person from the offenders’ index, under intimation to the individual concerned, in such manner as may be prescribed.”</i><b> </b></li>
</ul>
<p><b> </b></p>
<h3><b>10. </b><b>Use of DNA profiles and DNA samples and records</b></h3>
<p><b>Amendment</b>: Section 39 of the 2007 draft DNA Profiling Bill has been amended and the equivalent section of the 2012 DNA Bill (section 39) states that DNA profiles, samples and records can be used for purposes related to ´other civil matters´ and ´other purposes´, as specified by the regulations made by the DNA Profiling Board.</p>
<p><b>Analysis:</b> The vague use of the terms ´other civil matters´ and ´other purposes´ can create a potential for abuse, especially since the Board will not be comprised by an adequate amount of members with legal expertise on civil matters. This section enables the use of DNA data for potentially any purpose, as long as it is enabled by the Board. Furthermore, the section does not specify <i>who </i>can be authorised to use DNA data under such conditions, which raises further concerns.</p>
<ul>
<li><b>DNA 2007 Bill (Section 39):</b> <i>“(1)All DNA profiles, samples and records shall solely be used for the purpose of facilitating identification of the perpetrator(s) of a specified</i><b> </b><i>offence: Provided that such records or samples may be used to identify victims of</i><b> </b><i>accidents, disasters or missing persons or for such other purposes.</i><b> </b><i>(2) Information stored on the DNA data base system may be accessed by the authorized persons for the purposes of: (i) forensic comparison permitted under this Act; (ii) administering the DNA data base system; (iii) accessing any information contained in the DNA database system</i><b> </b><i>by law enforcement officers or any other persons, as may be</i><b> </b><i>prescribed, in accordance with provisions of any law for the time</i><b> </b><i>being in force; (iv) inquest or inquiry; (v) any other purpose as may be prescribed: Provided that nothing contained in this section shall apply to information</i><b> </b><i>which may be used to determine the identity of any person.”</i><b> </b></li>
<li><b>DNA April 2012 Bill (Section 39): </b><i>“All DNA profiles and DNA samples and records thereof shall be used solely for the purpose of facilitating identification of the perpetrator of a specified offence under Part I of the Schedule: Provided that such profiles or samples may be used to identify victims of accidents or disasters or missing persons or for purposes related to civil disputes and other civil matters listed in Part I of the Schedule or for other purposes as may be specified by the regulations made by the Board.”</i><b> </b></li>
</ul>
<p><b> </b></p>
<h3><b>11. </b><b>Availability of DNA profiles and DNA samples</b></h3>
<p><b>Amendment:</b> Section 40 of the 2007 draft DNA Bill has been amended and an extra paragraph has been included to the equivalent 2012 Bill. In particular, section 40 enables the availability of DNA profiles and samples in criminal cases, judicial proceedings and for defence purposes among others.</p>
<p><b>Analysis:</b> ´Criminal cases´ are loosely defined and could enable the availability of DNA data on low profile cases.</p>
<ul>
<li><b>DNA 2007 Bill (Section 40):</b><i>“The information on DNA profiles, samples and DNA identification records</i><b> </b><i>shall be made available only : (i) to law enforcement agencies for identification purposes in a criminal</i><b> </b><i>case; (ii) in judicial proceedings, in accordance with the rules of</i><b> </b><i>admissibility of evidence; (iii) for facilitating decisions in cases of criminal prosecution; (iv) for defense purposes, to a victim or the accused to the extent relevant and in connection with the case in which such accused is charged; (v) for population statistics data base, identification, research and</i><b> </b><i>protocol development, or for quality control provided that it does not</i><b> </b><i>contain any personally identifiable information and does not violate ethical norms, as specified by rules. (vi) for any other purposes as specified by rules.”</i><b> </b></li>
<li><b>DNA April 2012 Bill (Section 40):</b><i>“Information relating to DNA profiles, DNA samples and records relating thereto shall be made available in the following instances, namely:- (a) for identification purposes in criminal cases, to law enforcement agencies; (b) in judicial proceedings, in accordance with the rules of admissibility of evidence; (c) for facilitating decisions in cases of criminal prosecution; (d) for defence purposes, to the accused to the extent relevant and in connection with the case in which such accused is charged; (e) for creation and maintenance of a population statistics database that is to be used, as prescribed, for the purposes of identification research, protocol development or quality control provided that it does not contain any personally identifiable information and does not violate ethical norms; or (f) in the case of investigations related to civil dispute and other civil matter listed in Part I of the Schedule, to the concerned parties to the said civil dispute or civil matter and to the concerned judicial officer or authority; or (g) for any other purposes, as may be prescribed.”</i><b> </b></li>
</ul>
<p><b> </b></p>
<h3><b>12. </b><b>Restriction on access to information in DNA Data Banks</b></h3>
<p><b>Amendment:</b> Section 43 has been added to the 2012 draft Human DNA Profiling Bill which states that access to information shall be restricted in cases when a DNA profile derives from a victim or a person who has been excluded as a suspect.</p>
<p><b>Analysis:</b> This section implies that everyone who does not belong in these two categories has his/her data exposed to (unauthorised) access by third parties.</p>
<ul>
<li><b>DNA April 2012 Bill (Section 43): </b><i>“Access to the information in the National DNA Data Bank shall be restricted in the manner as may be prescribed if the information relates to a DNA profile derived from- (a) a victim of an offence which forms or formed the object of the relevant investigation, or (b) a person who has been excluded as a suspect in the relevant investigation.”</i><b> </b></li>
</ul>
<p><b> </b></p>
<h3><b>13. </b><b>Board exemption from tax on wealth and income, profits and gains</b></h3>
<p><b>Amendment:</b> Section 53 of the 2007 draft DNA Bill on “Returns and Reports” on behalf of the Board has been deleted and section 62 on the Board exemption from tax on wealth and income, profits and gains, has been added to the 2012 DNA Bill.</p>
<p><b>Analysis:</b> Although the 2007 DNA Bill stated that the Central Government was authorised to issue directions, this has been replaced by section 64 of the 2012 DNA Bill, which authorises the DNA Profiling Board to issue directions.</p>
<ul>
<li><b>DNA 2007 Bill (Section 53):</b><i>“(1) The DNA Profiling Board shall furnish to the Central Government at</i><b> </b><i>such time and in such form and manner as may be specified by rules or </i><b> </b><i>as the Central Government may direct, such returns and statements as</i><b> </b><i>the Central Government may, from time to time, require. (2) Without prejudice to the provisions of sub-section (1), the DNA Profiling</i><b> </b><i>Board shall, within ninety days after the end of each financial</i><b> </b><i>year, submit to the Central Government a report in such form, as may be</i><b> </b><i>prescribed, giving a true and full account of its activities, policy and</i><b> </b><i>programmes during the previous financial year. (3) A copy of the report received under sub-section (2) shall be laid, as soon may be after it is received, before each House of Parliament.”</i><b> </b></li>
<li><b>DNA April 2012 Bill (Section 62): “</b><i>Notwithstanding anything contained in- (a) the Wealth-tax Act, 1957; (b) the Income-tax Act, 1961; or (c) any other enactment for the time being in force relating to tax, including tax on wealth, income, profits or gains or the provision of services,- the Board shall not be liable to pay wealth-tax, income-tax or any other tax in respect of its wealth, income, profits or gains derived.”</i><b> </b></li>
</ul>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/comparison-of-draft-dna-profiling-bills'>https://cis-india.org/internet-governance/blog/comparison-of-draft-dna-profiling-bills</a>
</p>
No publishermariaSAFEGUARDSInternet GovernancePrivacy2013-07-12T15:32:08ZBlog EntryA comparison of the 2016 Aadhaar Bill, and the 2010 NIDAI Bill
https://cis-india.org/internet-governance/blog/a-comparison-of-the-2016-aadhaar-bill-and-the-2010-nidai-bill
<b>This blog post does a clause-by-clause comparison of the provisions of National Identification Authority of India Bill, 2010 and the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016
</b>
<ul id="docs-internal-guid-400d9138-596b-bafd-2e9b-46f6530d6e51"><li style="list-style-type: disc;" dir="ltr">
<h3 style="text-align: justify;" dir="ltr">Title</h3>
</li></ul>
<p style="text-align: justify;" dir="ltr">2010 Bill: The Bill was titled as the National Identification Authority of India Bill, 2010.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : The Bill has been titled as the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.</p>
<p> </p>
<ul><li style="list-style-type: disc;" dir="ltr">
<h3 style="text-align: justify;" dir="ltr">Purpose/Object Clause</h3>
</li></ul>
<p style="text-align: justify;" dir="ltr">2010 Bill: The purpose of Bill was stated to provide for the establishment of the National Identification Authority of India to issue identification numbers to residents of India as well as certain other classes of individuals , to facilitate access to benefits and services, to which they are entitled.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : The purpose of this Bill has been stated to ensure targeted delivery of subsidies, benefits and services to residents of India in an efficient and transparent manner by assigning unique identity numbers to such individuals.</p>
<ul><li style="list-style-type: disc;" dir="ltr">
<h3 style="text-align: justify;" dir="ltr">Definitions</h3>
</li></ul>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">2010 Bill: “Authentication” was defined as the process in which the Aadhaar number, along with other attributes (including biometrics) are submitted to the Central Identities Data Repository for verification, done on the basis of information, data or documents available with the Repository.</p>
2016 Bill : “Authentication” has been defined as the process by which the Aadhaar number, along with demographic or biometric information of an individual is submitted to the Central Identities Data Repository for the purpose of verification, done on the basis of the correctness of (or lack of) information available with it.</li></ol>
<ol start="2"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">2010 Bill: “Authentication Record” was not defined in the previous Bill.</p>
2016 Bill : “Authentication Record” has been defined under clause 2(d) as the record of the time of authentication, the identity of the entity requesting such record and the response provided by the Authority for this purpose.
</li></ol>
<p> </p>
<ol start="3"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">2010 Bill: “Authority” was defined under clause 2(d) as National Identification Authority of India established under provisions of the Bill. </p>
</li></ol>
<p style="text-align: justify;" dir="ltr"> 2016 Bill :“Authority” has been defined under clause 2(e) as Unique Identification Authority of India established under provisions of the Bill.</p>
<p style="text-align: justify;" dir="ltr"> </p>
<ol start="4"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">2010 Bill: “Benefit” was not defined in the previous Bill. </p>
2016 Bill : “Benefit” has been defined under clause 2(f) as any advantage, gift, reward, relief, or payment (either in cash or kind), or such other benefits, which is provided to an
</li></ol>
<p style="text-align: justify;" dir="ltr">individual/ a group of individuals as notified by the Central Government.</p>
<p> </p>
<ol start="5"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">2010 Bill: “Biometric Information” was defined under clause 2(e) as a set of biological attributes of an individual as may be specified by regulations.</p>
2016 Bill : “Biometric Information” has been defined under clause 2(g) as biological attributes of an individual like photograph, fingerprint, Iris scan, or other such biological
</li></ol>
<p style="text-align: justify;" dir="ltr">attributes as may be specified by regulations.</p>
<p> </p>
<ol start="6"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">2010 Bill: “Core Biometric Information” was not defined in the previous Bill.</p>
2016 Bill : “Core Biometric Information” has been defined under clause 2(j) as biological attribute of an individual like fingerprint, Iris scan, or such other biological attribute as
</li></ol>
<p style="text-align: justify;" dir="ltr">may be specified by regulations.</p>
<p> </p>
<ol start="7"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">2010 Bill: “Demographic Information” was defined under clause 2(h) as information specified in the regulations for the purpose of issuing an Aadhaar number, like information relating to the name, age, gender and address of an individual (other than race, religion, caste, tribe, ethnicity, language, income or health), and such other information.</p>
2016 Bill : “Demographic Information” has been defined under clause 2(k) as information of an individual as may be specified by regulations for the purpose of issuing an Aadhaar number like information relating to the name, date of birth, address and other relevant information, excluding race, religion, caste, tribe, ethnicity, language, records of entitlement, income or medical history of an individual.
</li></ol>
<p> </p>
<ol start="8"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">2010 Bill: “Enrolling Agency” was defined under clause 2(i) as an agency appointed by the Authority or the Registrars for collecting information under the Act.</p>
2016 Bill : “Enrolling Agency” has been defined under clause 2(l) as an agency appointed by the Authority or a Registrar for collecting demographic and biometric information of individuals under this Act.
</li></ol>
<p> </p>
<ol start="9"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">2010 Bill: “Member” was defined under clause 2(l) to include the Chairperson and a part-time Member of the Authority appointed under the provisions of the Bill.</p>
2016 Bill : “Member” has been defined under clause 2(o) to include the Chairperson and Member of the Authority appointed under the provisions of the Bill.
</li></ol>
<p> </p>
<ol start="10"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">2010 Bill: “Records of Entitlement” was not defined under the previous Bill.</p>
2016 Bill : “Records of Entitlement” has been defined under clause 2(r) as the records of benefits, subsidies or services provided to, or availed by, any individual under any programme.
</li></ol>
<p> </p>
<ol start="11"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">2010 Bill: “Requesting Entity” was not defined under the previous Bill.</p>
2016 Bill : “Requesting Entity” has been defined under clause 2(u) as an agency or person that submits information of an individual comprising of the Aadhaar number and</li></ol>
<p style="text-align: justify;" dir="ltr">demographic or biometric information to the Central Identities Data Repository for the purpose of authentication.</p>
<p> </p>
<ol start="12"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">2010 Bill: “Resident” was defined under clause 2(q) as an individual usually residing in a village, rural area, town, ward, demarcated area (demarcated by the Registrar General of Citizen Registration) within a ward in a town or urban area in India.</p>
2016 Bill : “Resident” has been defined under clause 2(v) as an individual who has resided in India for a period or periods amounting in all to one hundred and eighty-two days or more in the twelve months immediately preceding the date of application for enrolment.
</li></ol>
<p> </p>
<ol start="13"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">2010 Bill: “Review Committee” was defined under clause 2(r) as the Identification Review Committee constituted under the provisions of the Bill.</p>
2016 Bill : “Review Committee” has not been defined under the Bill.
</li></ol>
<p> </p>
<ol start="14"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">2010 Bill: “Service” was not defined in the previous Bill.</p>
2016 Bill : “Service” has been defined under clause 2 (w) as any provision, facility, utility or any other assistance provided in any form to an individual or a group of individuals as may be notified by the Central Government.
</li></ol>
<p> </p>
<ol start="15"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">2010 Bill: “Subsidy” was not defined in the previous Bill.</p>
2016 Bill : “Subsidy” has been defined under clause 2(x) as any form of aid, support, grant, subvention, or appropriation (either in cash or kind), as may be notified by the Central Government, given to an individual or a group of individuals.
</li></ol>
<p> </p>
<ul><li style="list-style-type: disc;" dir="ltr">
<h3 style="text-align: justify;" dir="ltr">Enrolment</h3>
</li></ul>
<p> </p>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Aadhaar Numbers</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2016 Bill : Under clause 3(2) of the Bill, it is stated that at the time of enrolment, The enrolling agency shall inform the individual undergoing enrolment the following details:</p>
<p style="text-align: justify;" dir="ltr">(a) the manner in which the information so collected shall be used,</p>
<p style="text-align: justify;" dir="ltr">(b) the nature of recipients with whom the information is intended to be shared during authentication,and</p>
<p style="text-align: justify;" dir="ltr">(c) the existence of a right to access information, the procedure for making such requests for access, and details of the person/department in-charge to whom such requests can be</p>
<p style="text-align: justify;" dir="ltr">made.</p>
<p> </p>
<ol start="2"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Properties of Aadhaar Number </strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill : Clause 4 (3) stated that subject to authentication, the Aadhaar number shall be accepted as a proof of identity of the Aadhaar number holder.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 4 (3) states that subject to authentication, the Aadhaar number (either in physical or electronic form) shall be accepted as a proof of identity of the Aadhaar</p>
<p style="text-align: justify;" dir="ltr">number holder.</p>
<p style="text-align: justify;" dir="ltr">The Explanation under this clause states that for the purpose of this provision, “electronic form” shall have the same meaning as assigned to it in section 2 (1) (r) of the Information Technology Act, 2000.</p>
<p> </p>
<ul><li style="list-style-type: disc;" dir="ltr">
<h3 style="text-align: justify;" dir="ltr">Authentication</h3>
</li></ul>
<p> </p>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Proof of Aadhaar number necessary for receipt of certain subsidies, benefits and services, etc. </strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2016 Bill : Under clause 7 of the Bill it is provided that for the purpose of establishing an individual's identity as a condition to receipt a a subsidy, benefit or service. the Central or State Government (as the case may be), require that such individual undergo authentication, or furnish proof of possession of Aadhaar number. In case the Aadhaar number has not been assigned to an individual, such individual must make an application for enrolment.</p>
<p style="text-align: justify;" dir="ltr">The Proviso states that the individual shall be offered alternate and viable means of identification for delivery of the subsidy, benefit or service, in an Aadhaar number is not assigned to an individual.</p>
<p> </p>
<ol start="2"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Authentication of Aadhaar number </strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 5 of the Bill stated that authentication of the Aadhaar number shall be performed by the Authority, in relation to the holders’ biometric and demographic information, subject to such conditions and on payment of the prescribed fees. Also, it was provided that the Authority shall respond to an authentication query with a positive, negative or other appropriate response (excluding any demographic and biometric information).</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : The Bill states that authentication of the Aadhaar number shall be performed by the Authority, in relation to the holders’ biometric and demographic information, subject to such conditions and on payment of the prescribed fees.</p>
<p style="text-align: justify;" dir="ltr">Clause 8 (2) provides that unless otherwise provided in the Act, the requesting entity shall— </p>
<ol><li style="list-style-type: lower-alpha;" dir="ltr">
<p style="text-align: justify;" dir="ltr">For the purpose of authentication, obtain the consent of an individual before collecting his identity information, and</p>
</li><li style="list-style-type: lower-alpha;" dir="ltr">
<p style="text-align: justify;" dir="ltr">ensure that the identity information of an individual is only used for submission to the Central Identities Data Repository for authentication.</p>
</li></ol>
<p style="text-align: justify;" dir="ltr">Clause 8 (3) provides that the following details shall be informed by the requesting entity to the individual submitting his identity information for the purpose of authentication: </p>
<p style="text-align: justify;" dir="ltr"> a. the nature of information that may be shared upon authentication;</p>
<p style="text-align: justify;" dir="ltr"> b. the uses to which the information received during authentication may be put by the requesting entity; and</p>
<p style="text-align: justify;" dir="ltr"> c. alternatives to submission of identity information to the requesting entity.</p>
<p style="text-align: justify;" dir="ltr">Clause 8(4) states that the Authority shall respond to an authentication query with a positive, negative or other appropriate response (excluding any core biometric information).</p>
<p> </p>
<ol start="3"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Prohibition on requiring certain information. </strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 9 of the Bill prohibited the Authority to make an individual give information pertaining to his race, religion, caste, tribe, ethnicity, language, income or health.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : This provision has been removed from the 2016 Bill.</p>
<p> </p>
<ul><li style="list-style-type: disc;" dir="ltr">
<h3 style="text-align: justify;" dir="ltr">Unique Identification Authority Of India</h3>
</li></ul>
<p> </p>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Establishment of Authority </strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 11(1) of the Bill stated that the Central Government shall establish an Authority called as the National Identification Authority of India, to exercise the powers conferred on it and to perform the functions assigned to it under this Act. Also, clause 11(3) provided that the head office of the Authority shall be in the National Capital Region, referred to in section 2(f) of the National Capital Region Planning Board Act, 1985. </p>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 11(1) of the Bill states that the Central Government shall establish an Authority called as the Unique Identification Authority of India, responsible for the processes of enrolment, authentication and perform such other functions assigned to it under this Act. Also, clause 11(3) provides that the head office of the Authority shall be in New Delhi.</p>
<p> </p>
<ol start="2"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Composition of Authority</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 12 provided that the Authority shall consist of a Chairperson and two part-time Members, to be appointed by the Central Government. </p>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 12 of the Bill provides that the Authority shall consist of a Chairperson (appointed on part-time or full- time basis) , two part-time Members, and the chief executive officer (who shall be Member-Secretary of the Authority), to be appointed by the Central Government.</p>
<p> </p>
<ol start="3"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Qualifications for appointment of Chairperson and Members of Authority</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 13 provided that the Chairperson and Members of the Authority shall be persons of ability, integrity and outstanding calibre having experience and knowledge in the matters relating to technology, governance, law, development, economics, finance, management, public affairs or administration. </p>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 13 provides that the Chairperson and Members of the Authority shall be persons of ability and integrity having experience and knowledge of at least ten years in matters relating to technology, governance, law, development, economics, finance, management, public affairs or administration.</p>
<p> </p>
<ol start="4"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Term of office and other conditions of service of Chairperson.</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Proviso to Clause 14 (1) stated that the Chairperson of the Unique Identification Authority of India, who would have been appointed before the commencement of this Act by notification A-43011/02/2009-Admn.I (Vol.II) dated the 2nd July, 2009, shall continue as a Chairperson of the Authority for the term for which he had been appointed. Clause 14(4) prohibited the Chairperson from holding any other office during the period of holding his office in the Authority. Proviso to clause 14 (5) stated the salary, allowances and the other terms and conditions of service of the Chairperson shall not be varied to his disadvantage after his appointment. </p>
<p style="text-align: justify;" dir="ltr">2016 Bill : These provisions have not been included in the Bill.</p>
<p> </p>
<ol start="5"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Removal of Chairperson and Members</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 15 (2) stated that unless a reasonable opportunity of being heard has been duly provided, the Chairperson or a Member shall not be removed under clauses (d) or (e) of sub-section (1).</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 15 (2) stated that unless a reasonable opportunity of being heard has been duly provided, the Chairperson or a Member shall not be removed under clauses (b), (d) or (e) of sub-section (1).</p>
<p> </p>
<ol start="6"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Restrictions on Chairperson or Members on employment after cessation of office</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 16 (a) provided that the Chairperson or a member, who ceases to hold office, shall not accept any employment in, or connected with the management or administration of, any person which has been associated with any work under the Act, for a period of three years from the date on which they cease to hold office, without previous approval of the Central Government. </p>
<p style="text-align: justify;" dir="ltr">The proviso to this clause stated that this provision shall not apply to any employment under the Central Government, State Government, local authority, any statutory authority or any corporation established by or under any Central, State or provincial Act or a Government Company, as defined in section 617 of the Companies Act, 195.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill: Clause 16 (a) provides that the Chairperson or a member, who ceases to hold office, shall not accept any employment in, or connected with the management of any organisation, company or any other entity which has been associated with any work done or contracted out by the Authority (whether directly or indirectly), during his tenure as Chairperson or Member, as the case may be, for a period of three years from the date on which he ceases to hold office, without previous approval of the Central Government. </p>
<p style="text-align: justify;" dir="ltr">The proviso to this clause stated that this provision shall not apply to any employment under the Central Government, State Government, local authority, any statutory authority or any corporation established by or under any Central, State or provincial Act or a Government Company, as defined in clause (45) of section 2 of the Companies Act, 2013.</p>
<p> </p>
<ol start="7"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Functions of Chairperson</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 17 of the Bill provided that the Chairperson shall have powers of general superintendence, direction in the conduct of the affairs of the Authority, preside over the meetings of the Authority, and exercise and discharge such other powers and functions of the Authority as prescribed, without prejudice to any of the provisions of the Act. </p>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 17 of the Bill states that the Chairperson shall preside over the meetings of the Authority, and exercise and discharge such other powers and functions of the Authority as prescribed, without prejudice to any of the provisions of the Act.</p>
<p> </p>
<ol start="8"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Chief Executive Officer</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 20 (1) of the Bill stated that a chief executive officer, not below the rank of the Additional Secretary to the Government of India, who shall be the Member-Secretary of the Authority,shall be appointed by the Central Government.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 18 (1) stated that a chief executive officer, not below the rank of the Additional Secretary to the Government of India, shall be appointed by the Central Government. In the list of its responsibilities, clause 18 (2) (e) additionally provides for performing such other functions, or exercising such other powers, as may be specified by regulations.</p>
<p> </p>
<ol start="9"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Meetings </strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 18 (4) provided that all decisions of the Authority shall be authenticated by the signature of the Chairperson or any other Member who is authorised by the Authority for this purpose.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 19 (4) provided that all decisions of the Authority shall be signed by the Chairperson, any other Member or the Member-Secretary authorised by the Authority.</p>
<p> </p>
<ol start="10"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Vacancies, etc., not to invalidate proceedings of Authority</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 19 (b) of the Bill stated that No act or proceeding of the Authority shall be invalid merely by reason of any defect in the appointment of a person as a Member of the Authority</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 20 (b) of the Bill stated that No act or proceeding of the Authority shall be invalid merely by reason of any defect in the appointment of a person as Chairperson or Member of the Authority</p>
<p> </p>
<ol start="11"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Powers and functions of Authority</strong></p>
</li></ol>
<p> Clause 23 (2) (k)</p>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 23 (2) (k) provided that the powers and functions of the Authority may include sharing the information of Aadhaar number holders, with their written consent, with such agencies engaged in delivery of public benefits and public services as the Authority may by order direct, in a manner as specified by regulations. </p>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 23 (2) (k) provides that the powers and functions of the Authority may include sharing the information of Aadhaar number holders, subject to the provisions of this Act.</p>
<p style="text-align: justify;" dir="ltr"> </p>
<p style="text-align: justify;" dir="ltr">Clause 23 (2) (r) </p>
<p style="text-align: justify;" dir="ltr">2010 Bill : Clause 23 (2) (r) stated that the powers and functions of the Authority may include specifying, by regulation, the policies and practices for Registrars, enrolling agencies and other service providers.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 23 (2) (r) states that the powers and functions of the Authority may include evolving of, and specifying, by regulation, the policies and practices for Registrars, enrolling agencies and other service providers.</p>
<p> </p>
<ul><li style="list-style-type: disc;" dir="ltr">
<h3 style="text-align: justify;" dir="ltr">Grants, Accounts and Audit and Annual Report</h3>
</li></ul>
<p> </p>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 25 provided that the fees or revenue collected by the Authority shall be credited to the Consolidated Fund of India and the entire amount so credited be transferred to the Authority.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 25 states that the fees or revenue collected by the Authority shall be credited to the Consolidated Fund of India.</p>
<p> </p>
<ul><li style="list-style-type: disc;" dir="ltr">
<h3 style="text-align: justify;" dir="ltr">Identity Review Committee</h3>
</li></ul>
<p> </p>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 28 of the Bill provided for establishment of the Identity Review Committee, consisting of three members (including the chairperson) who are persons of eminence, ability, integrity and having knowledge and experience in the fields of technology, law, administration and governance, social service, journalism, management or social sciences. Clause 29 of the Bill enlisted several functions to be undertaken by the Review Committee so constituted.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill: These provisions have been removed from the Bill.</p>
<p> </p>
<ul><li style="list-style-type: disc;" dir="ltr">
<h3 style="text-align: justify;" dir="ltr">Protection of Information</h3>
</li></ul>
<p> </p>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Security and confidentiality of information</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 30 (2) of the Bill stated that the Authority shall take measures (including security safeguards) to ensure security and protection of information in possession/control of the Authority (including information stored in the Central Identities Data Repository), against any loss, unauthorised access, use or unauthorised disclosure of the same.</p>
<p>2016 Bill : Clause 28 (3) states that the Authority shall take measures to ensure security and protection of information in possession/control of the Authority (including information stored in the Central Identities Data Repository), against access, use or disclosure not permitted under this Act or regulations made thereunder, and against accidental or intentional destruction, loss or damage.</p>
<p style="text-align: justify;" dir="ltr">A new provision-clause 28(4)- states that the Authority shall undertake the following additional measures for protection of information:</p>
<p style="text-align: justify;" dir="ltr">(a) adopt and implement appropriate technical and organisational security measures,</p>
<p style="text-align: justify;" dir="ltr">(b) ensure that the agencies, consultants, advisors or other persons appointed or engaged for performing any function of the Authority under this Act, have in place appropriate technical and organisational security measures for the information, and</p>
<p style="text-align: justify;" dir="ltr">(c) ensure that the agreements or arrangements entered into with such agencies, consultants, advisors or other persons, impose obligations equivalent to those imposed on the Authority under this Act, and require such agencies, consultants, advisors and other persons to act only on instructions from the Authority.</p>
<p> </p>
<ol start="2"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Restriction on sharing information </strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: The Bill did not provide for restrictions on sharing of information.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill: This new provision under Clause 29 states that no core biometric information, collected or created under this Act, shall be—</p>
<p style="text-align: justify;" dir="ltr">(a) shared with anyone for any reason whatsoever; or</p>
<p style="text-align: justify;" dir="ltr">(b) used for any purpose other than generation of Aadhaar numbers and authentication under this Act.</p>
<p style="text-align: justify;" dir="ltr">Also, the identity information, other than core biometric information, collected or created</p>
<p style="text-align: justify;" dir="ltr">under this Act may be shared only in accordance with the provisions of this Act as specified under Regulations.</p>
<p>Clause 29 (3) prohibits usage of identity information available with a requesting entity for any purpose, other than that specified to the individual at the time of submitting any identity information for authentication, or disclosed further, except with the prior consent of the individual to whom such information relates.</p>
<p>Clause 29 (4) prohibits publication, displaying or publicly posting of the Aadhaar number or core biometric information collected or created under this Act in respect of an Aadhaar number holder, except for the purposes as may prescribed in Law.</p>
<p> </p>
<ol start="3"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Biometric information deemed to be sensitive personal information.</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr"> 2010 Bill: The Bill did not contain provisions stating that the biometric information shall be deemed to be sensitive personal information for the purpose of this Act. </p>
<p style="text-align: justify;" dir="ltr">2016 Bill: Clause 30 states that the biometric information collected and stored in electronic form shall be deemed to be “electronic record” and “sensitive personal data or information”, and the provisions contained in the Information Technology Act, 2000 and the rules made thereunder shall apply to such information,to the extent not in derogation of the provisions of this Act.</p>
<p> The Explanation defines</p>
<p style="text-align: justify;" dir="ltr">(a) “electronic form” - as defined under section 2 (1) (r) of the Information Technology Act, 2000,</p>
<p style="text-align: justify;" dir="ltr">(b) “electronic record” as defined under section 2 (1) (t) of the Information Technology Act, 2000</p>
<p style="text-align: justify;" dir="ltr">(c)“sensitive personal data or information” - as defined under clause (iii) of the</p>
<p style="text-align: justify;" dir="ltr">Explanation to section 43A of the Information Technology Act, 2000.</p>
<p> </p>
<ol start="4"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Security and confidentiality of information</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 30 (2) of the Bill stated that the Authority shall take measures (including security safeguards) to ensure security and protection of information in possession/control of the Authority (including information stored in the Central Identities Data Repository), against any loss, unauthorised access, use or unauthorised disclosure of the same.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 28 (3) states that the Authority shall take measures to ensure security and protection of information in possession/control of the Authority (including information stored in the Central Identities Data Repository), against access, use or disclosure not permitted under this Act or regulations made thereunder, and against accidental or intentional destruction, loss or damage.</p>
<p style="text-align: justify;" dir="ltr">A new provision-clause 28(4)- states that the Authority shall undertake the following additional measures for protection of information:</p>
<p style="text-align: justify;" dir="ltr">(a) adopt and implement appropriate technical and organisational security measures,</p>
<p style="text-align: justify;" dir="ltr">(b) ensure that the agencies, consultants, advisors or other persons appointed or engaged for performing any function of the Authority under this Act, have in place appropriate technical and organisational security measures for the information, and</p>
<p style="text-align: justify;" dir="ltr">(c) ensure that the agreements or arrangements entered into with such agencies, consultants, advisors or other persons, impose obligations equivalent to those imposed on the Authority under this Act, and require such agencies, consultants, advisors and other persons to act only on instructions from the Authority.</p>
<p> </p>
<ol start="5"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Alteration of demographic information or biometric information. </strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 31 (4) prohibits alteration of identity information in the Central Identities Data Repository, except in the manner provided in this Act or regulations made thereof.</p>
<p> </p>
<ol start="6"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Access to own information and records of requests for authentication.</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 32 (3) provides that the Authority shall not collect, keep or maintain any information about the purpose of authentication, either by itself or through any entity under its control.</p>
<p> </p>
<ol start="7"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Disclosure of information in certain cases </strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: The provision creates an exception under Clause 33 for the purposes of disclosure of information in certain cases like disclosure (including identity information or details of authentication) made pursuant to an order of a competent court; or disclosure (including identity information) made in the interests of national security in pursuance of directions issued by an officer(s) not below the rank of Joint Secretary or equivalent in the Central Government specifically authorised in this behalf by an order of the Central Government.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : The provision creates an exception under Clause 33 for the purposes of disclosure of information in certain cases like disclosure (including identity information or details of authentication) made pursuant to an order not inferior to that of a District Judge (provided that the court order shall be made only after giving an opportunity of hearing to the Authority); or disclosure (including identity information or authentication records) made in the interests of national security in pursuance of directions issued by an officer not below the rank of Joint Secretary to the Government of India, authorised in this behalf by an order of the Central Government.</p>
<p>The proviso to Clause 33 (2) states that every direction so issued shall be reviewed by an Oversight Committee consisting of the Cabinet Secretary and the Secretaries to the Government of India in the Department of Legal Affairs and the Department of Electronics and Information Technology, before it takes effect.</p>
<p style="text-align: justify;" dir="ltr">The second proviso states that any such direction so issued shall be valid for a period of three months from the date of its issue, which may be extended for a further period of three months after the review by the Oversight Committee.</p>
<p> </p>
<ul><li style="list-style-type: disc;" dir="ltr">
<h3 style="text-align: justify;" dir="ltr">Offences and Penalties</h3>
</li></ul>
<p> </p>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Penalty for impersonation at time of enrolment. </strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: The penalty for impersonation was prescribed under Clause 34 as imprisonment for a term which may extend to three years and fine which may extend to ten thousand rupees.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : The penalty for impersonation was prescribed under Clause 34 as imprisonment for a term which may extend to three years, or with fine which may extend to ten thousand rupees, or both.</p>
<p> </p>
<ol start="2"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Penalty for unauthorised access to the Central Identities Data Repository</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 38 (g) stated that any person not authorised by the Authority, provides any assistance to any person to do any of the acts mentioned under sub-clauses (a)-(f) shall be punishable. If anyone, who is not authorised by the Authority, performs any activity as listed under (a)-(i), shall be punishable with imprisonment for a term which may extend to three years and shall be liable to a fine which shall not be less than one crore rupees.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 38 (g) stated that any person not authorised by the Authority, reveals any information in contravention of sub-section section 28 (5), or shares, uses or displays information in contravention of section 29 or assists any person in any of the acts mentioned under sub-clauses (a)-(f) shall be punishable. If anyone, who is not authorised by the Authority, performs any activity as listed under (a)-(i), shall be punishable with imprisonment for a term which may extend to three years and shall be liable to a fine which shall not be less than ten lakh rupees. Additionally, the Explanation states that the expression “computer source code” shall have the meaning assigned to it in the Explanation to section 65 of the Information Technology Act, 2000.</p>
<p> </p>
<ol start="3"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Penalty for unauthorised use by requesting entity and noncompliance with intimation requirements</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 40 of the Bill prescribed penalty for manipulating biometric information and stated that a person who gives/attempts to give any biometric information which does not pertain to him for the purpose of getting an Aadhaar number, authentication or updating his information, shall be punishable with imprisonment for a term which may extend to three years or with a fine which may extend to ten thousand rupees or with both.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill: Clause 40 prescribes penalty for a person, being a requesting entity, uses the identity information of an individual in contravention of clause 8(3) , to be punishable with imprisonment which may extend to three years or with a fine which may extend to ten thousand rupees or, in the case of a company, with a fine which may extend to one lakh rupees or with both. Clause 41 of the Bill states that Whoever, being an enrolling agency or a requesting entity, fails to comply with the requirements of clause 3(2)-list of details to be informed to the individual undergoing enrolment, and clause 8(3)-informing individual undergoing enrolment details for the purpose of authentication, shall be punishable with imprisonment which may extend to one year, or with a fine which may extend to ten thousand rupees or, in the case of a company, with a fine which may extend to one lakh rupees or with both.</p>
<p> </p>
<ol start="4"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>General Penalty</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: For an offence committed under the Act or rules made thereunder, for which no specific penalty was provided, the penalty was prescribed as imprisonment for a term which may extend to three years, or fine as prescribed.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : For an offence committed under the Act or rules made thereunder, for which no specific penalty was provided, the penalty was prescribed as imprisonment for a term which may extend to one year, or fine as prescribed.</p>
<p> </p>
<ul><li style="list-style-type: disc;" dir="ltr">
<h3 style="text-align: justify;" dir="ltr">Miscellaneous</h3>
</li></ul>
<p> </p>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Power of Central Government to supersede Authority.</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 47(1)(c) stated that if at any time the Central Government is of the opinion that such circumstances exist which render it necessary in the public interest to supersede the Authority, may do so in the manner prescribed under this provision.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 48(1)(c) states that if at any time the Central Government is of the opinion that a public emergency exists, then the Central Government may supersede the Authority, in the manner prescribed under this provision.</p>
<p> </p>
<ol start="2"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Power to remove difficulties.</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: The proviso to Clause 56(1) stated that an no order by Central Government, which may appear necessary to remove a difficulty in giving effect to the provisions of this Act, shall be made under this section after the expiry of two years from the commencement of this Act.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : The proviso to Clause 58(1) stated that an no order by Central Government, which may appear necessary to remove a difficulty in giving effect to the provisions of this Act, shall be made under this section after the expiry of three years from the commencement of this Act.</p>
<p> </p>
<ol start="3"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr"><strong>Savings</strong></p>
</li></ol>
<p style="text-align: justify;" dir="ltr">2010 Bill: Clause 57 provided that any action taken by the Central Government under the Resolution of the Government of India, Planning Commission bearing notification number A-43011/02/ 2009-Admin.I, dated the 28th January, 2009, shall be deemed to have been done or taken under the corresponding provisions of this Act.</p>
<p style="text-align: justify;" dir="ltr">2016 Bill : Clause 59 states that any action take by Central Government under the Resolution of the Government of India, Planning Commission bearing notification number A-43011/02/2009-Admin. I, dated the 28th January, 2009, or by the Department of Electronics and Information Technology under the Cabinet Secretariat Notification bearing notification number S.O. 2492(E), dated the 12th September, 2015, as the case may be, shall be deemed to have been validly done or taken under this Act.</p>
<p> </p>
<ul><li style="list-style-type: disc;" dir="ltr">
<h3 style="text-align: justify;" dir="ltr">Statement of Objects and Reasons</h3>
</li></ul>
<p> </p>
<p style="text-align: justify;" dir="ltr">2010 Bill: The Bill stated that the Central Government decided to issues unique identification numbers to all residents in India, which involves collection of demographic, as well as biometric information. The Unique Identification Authority of India was constituted as an executive body by the Government, vide its notification dated the 28th January, 2009. The Bill addressed and enlisted several issues with the issuance of unique identification numbers which should be addressed by law and attract penalties, such as security and confidentiality of information, imposition of obligation of disclosure of information so collected in certain cases, impersonation at the time of enrolment, unauthorised access to the Central Identities Data Repository, manipulation of biometric information, investigation of certain acts constituting offence, and unauthorised disclosure of the information collected for the purposes of issuance of the numbers. To make the said Authority a statutory one, the National Identification Authority of India Bill, 2010 was proposed to establish the National Identification Authority of India to issue identification numbers and authenticate the Aadhaar number to facilitate access to benefits and services to such individuals to which they are entitled and for matters connected therewith or incidental thereto.Apart from the above mentioned purposes, The National Identification Authority of India Bill, 2010 also seeks to provide for the Authority to exercise powers and discharge functions so prescribed , ensure that the Authority does not require any individual to give information pertaining to his race, religion, caste, tribe, ethnicity, language, income or health, may engage entities to establish and maintain the Central Identities Data Repository and to perform any other functions as may be specified by regulations, constitute the Identity Review Committee and take measures to ensure that the information in the possession or control of the Authority is secured and protected against any loss, unauthorised access or use or unauthorised disclosure thereof.</p>
<span id="docs-internal-guid-400d9138-596d-34f7-a004-875694b1e54e">2016 Bill: The Bill states that correct identification of targeted beneficiaries for delivery of subsidies, services, frants, benefits, etc has become a challenge for the Government and has proved to be a major hindrance for successful implementation of these programmes. In the absence of a credible system to authenticate identity of beneficiaries, it is difficult to ensure that the subsidies, benefits and services reach to intended beneficiaries. The Unique Identification Authority of India was established by a resolution of the Government of India, Planning Commission vide notification number A-43011/02/ 2009-Admin.I, dated the 28th January, 2009, to lay down policies and implement the Unique Identification Scheme of the Government, by which residents of India were to be provided unique identity number. Upon successful authentication, this number would serve as proof of identity for identification of beneficiaries for transfer of benefits, subsidies, services and other purposes. With increased use of the Aadhaar number, steps to ensure security of such information need to be taken and offences pertaining to certain unlawful actions, created. It has been felt that the processes of enrolment, authentication, security, confidentiality and use of Aadhaar related information must be made statutory. For this purpose, the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016 seeks to provide for issuance of Aadhaar numbers to individuals on providing his demographic and biometric information to the Unique Identification Authority of India, requiring Aadhaar numbers for identifying an individual for delivery of benefits, subsidies, and services, authentication of the Aadhaar number, establishment of the Unique Identification Authority of India, maintenance and updating the information of individuals in the Central Identities Data Repository, state measures pertaining to security, privacy and confidentiality of information in possession or control of the Authority including information stored in the Central Identities Data Repository and identify offences and penalties for contravention of relevant statutory provisions.</span>
<p> </p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/a-comparison-of-the-2016-aadhaar-bill-and-the-2010-nidai-bill'>https://cis-india.org/internet-governance/blog/a-comparison-of-the-2016-aadhaar-bill-and-the-2010-nidai-bill</a>
</p>
No publisherVanya RakeshAadhaarInternet GovernanceUID2016-03-09T04:08:01ZBlog EntryA Comparison of Legal and Regulatory Approaches to Cyber Security in India and the United Kingdom
https://cis-india.org/internet-governance/blog/a-comparison-of-legal-and-regulatory-approaches-to-cyber-security-in-india-and-the-united-kingdom
<b>This report is the first part of a three part series of reports that compares the Indian cyber security framework with that of the U.K, U.S and Singapore.</b>
<p style="text-align: justify; ">This report compares laws and regulations in the United Kingdom and India to see the similarities and disjunctions in cyber security policy between them. The first part of this comparison will outline the methodology used to compare the two jurisdictions. Next, the key points of convergence and divergence are identified and the similarities and differences are assessed, to see what they imply about cyber space and cyber security in these jurisdictions. Finally, the report will lay out recommendations and learnings from policy in both jurisdictions.</p>
<p style="text-align: justify; ">Read the full report<b> <a class="external-link" href="http://cis-india.org/internet-governance/files/india-uk-legal-regulatory-approaches.pdf">here</a><br /></b></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/a-comparison-of-legal-and-regulatory-approaches-to-cyber-security-in-india-and-the-united-kingdom'>https://cis-india.org/internet-governance/blog/a-comparison-of-legal-and-regulatory-approaches-to-cyber-security-in-india-and-the-united-kingdom</a>
</p>
No publisherAuthored by Divij Joshi and edited by Elonnai HickokInternet GovernancePrivacy2017-11-14T15:26:46ZBlog EntryA Comparison of Indian Legislation to Draft International Principles on Surveillance of Communications
https://cis-india.org/internet-governance/blog/comparison-of-indian-legislation-and-draft-principles-on-surveillance-of-communications
<b>This blog post is a comparison of the relevant Indian legislations allowing governmental access to communications and the Draft International Principles on Surveillance of Communications. The principles, first drafted in October 2012 and developed subsequently seeks to establish an international standard for surveillance of communications in the context of human rights. </b>
<hr />
<p><i>This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC</i>.</p>
<hr />
<p style="text-align: justify; ">The Centre for Internet and Society is contributing feedback to the drafting of the principles. The principles are still in draft form and the most recent version along with the preamble to the principles can be accessed at: <a class="external-link" href="http://necessaryandproportionate.net/">http://necessaryandproportionate.net/</a></p>
<p>The Principles:</p>
<p style="text-align: justify; "><b>1. </b><b>Principle - Legality</b><b>:</b><i> Any limitation to the right to privacy must be prescribed by law. Neither the Executive nor the Judiciary may adopt or implement a measure that interferes with the right to privacy without a previous act by the Legislature that results from a comprehensive and participatory process. Given the rate of technological change, laws enabling limitations on the right to privacy should be subject to periodic review by means of a participatory legislative or regulatory process. </i></p>
<p style="text-align: justify; "><b>Indian Legislation:</b> In India there are two predominant legislations with subsequent Rules and Licenses that allow for access to communications by law enforcement and the government. Though the basic power of interception of communications are prescribed by law, the Rules and Licenses build off of these powers and create procedural requirements, and requirements for assistance.</p>
<li><b>The Indian Telegraph Act, 1885</b>
<ul>
<li style="text-align: justify; "> <i>The Indian Telegraph Amendment Rules 2007: </i>These<i> </i>Rules are grounded in section 419A of the Indian Telegraph Act and establish procedures and safeguards for the interception of communications. </li>
<li style="text-align: justify; "><i>License Agreement for Provision of Unified Access Services After Migration from CMTS (UASL)</i>: This license is grounded in the Telegraph Act, and details what types of assistance service providers must provide to law enforcement and the government. </li>
<li style="text-align: justify; "><i>License Agreement for Provision of Internet Services</i>: This license is grounded in the Telegraph Act, and details what types of assistance service providers must provide to law enforcement and the government. </li>
<li><b>The Information Technology Act, 2000</b>
<ul>
<li style="text-align: justify; "><i>Procedure and Safeguards for Interception, Monitoring, and Decryption of Information Rules 2009:</i> These Rules were notified in 2009 and allow authorized governmental agencies to intercept, monitor, and decrypt information generated, transmitted, received, or stored in any computer resource. </li>
<li style="text-align: justify; "><i>Procedure and safeguard for Monitoring and Collecting Traffic Data or Information Rules 2009:</i> These Rules were notified in 2009 and allow authorized agencies to monitor and collect traffic data or information that is generated, transmitted, received or stored in any computer resource.</li>
</ul>
</li>
</ul>
</li>
<p><i> </i></p>
<p><b>2. </b><b>Principle - Legitimate Purpose</b>:<i> Laws should only allow access to communications or communications metadata by authorized public authorities for investigative purposes and in pursuit of a legitimate purpose, consistent with a free and democratic society.</i></p>
<p style="text-align: justify; "><b>Indian Legislation:</b> In relevant Indian legislation there are no specific provisions requiring that access by law enforcement must be for a legitimate purpose and consistent with a free and democratic society. Instead, Indian legislation defines and lays out specific circumstances for which access would be allowed.</p>
<p style="text-align: justify; ">Below are the circumstances for which access is allowed by each Act, Rule, and License:</p>
<li><b>The TA Rules 2007</b>: Interception is allowed in the following circumstances: <br />
<ul>
<li>On the occurrence of any public emergency</li>
</ul>
<ul>
<li>In the interest of the public safety</li>
</ul>
<ul>
<li>In the interests of the sovereignty and integrity of India</li>
</ul>
<ul>
<li>The security of the state</li>
</ul>
<ul>
<li>Friendly relations with foreign states</li>
</ul>
<ul>
<li>Public order</li>
</ul>
<ul>
<li>Preventing incitement to the commission of an offence</li>
</ul>
</li>
<li><b>ITA Interception and Monitoring Rules</b>: Interception, monitoring, and decryption of communications is allowed in the following circumstances:</li>
<ul>
<li>In the interest of the sovereignty or integrity of India, </li>
<li>Defense of India</li>
<li>Security of the state</li>
<li>Friendly relations with foreign states</li>
<li>Public order </li>
<li>Preventing incitement to the commission of any cognizable offence relating to the above </li>
<li>For investigation of any offence </li>
</ul>
<li style="text-align: justify; "><b>ITA Monitoring of Traffic Data Rules:</b> Monitoring of traffic data and collection of information is allowed for the following purposes related to cyber security: </li>
<ul>
<li>Forecasting of imminent cyber incidents </li>
<li>Monitoring network application with traffic data or information on computer resources </li>
<li>Identification and determination of viruses or computer contaminant </li>
<li>Tracking cyber security breaches or cyber security incidents </li>
<li>Tracking computer resource breaching cyber security or spreading virus’s or computer contaminants </li>
<li style="text-align: justify; ">Identifying or tracking of any person who has breached, or is suspected of having breached or being likely to breach cyber security. </li>
<li style="text-align: justify; ">Undertaking forensic of the concerned computer resource as a part of investigation or internal audit of information security practices in the computer resource.</li>
<li style="text-align: justify; ">Accessing stored information for enforcement of any provisions of the laws relating to cyber security for the time being in force.</li>
<li>Any other matter relating to cyber security. </li>
</ul>
<li><b>UASL License</b>: Assistance must be provided to the government for the following reasons and times: </li>
<ul>
<li>Reasons defined in the Telegraph Act. <b>(Section 41.20 (xix))</b></li>
<li>National Security. <b>(Section 41.20 (xvii))</b></li>
<li style="text-align: justify; ">To counteract espionage, subversive act, sabotage, or any other unlawful activity. (Section 41.1)</li>
<li style="text-align: justify; ">Trace nuisance, obnoxious or malicious calls, messages or communications transported through his/her equipment. <b>(Section 40.4)</b></li>
<li>In the interests of security. <b>(Section 41.7)</b></li>
<li>For security reasons. <b>(Section 41.20 (iii))</b></li>
</ul>
<li><b>ISP License: </b>Assistance must be provided to the government for the following reasons and times:</li>
<ul>
<li>To counteract espionage, subversive act, sabotage, or any other unlawful activity. <b>(Section 34.1)</b></li>
<li>In the interests of security. <b>(Section 34.4)</b></li>
<li>For security reasons. <b>(Section 34.28 (iii))</b></li>
<li>Reasons defined in the Telegraph Act. <b>(Section 35.2)</b></li>
</ul>
<p style="text-align: justify; "><b>3. </b><b>Principle - Necessity</b>: <i>Laws allowing access to communications or communications metadata by authorized public authorities should limit such access to that which is strictly and demonstrably necessary, in the sense that an overwhelmingly positive justification exists, and justifiable in a democratic society in order for the authority to pursue its legitimate purposes, and which the authority would otherwise be unable to pursue. The onus of establishing this justification, in judicial as well as in legislative processes, is on the government.</i></p>
<p><b> </b></p>
<p style="text-align: justify; "><b>Indian Legislation:</b> Relevant Indian legislation do not contain provisions mandating that access to communications must be demonstrably necessary, and do not give details of the criteria that authorizing authorities should use to determine if a request is a valid or not. Relevant Indian legislation does require that all directions contain reasons for the direction. Additionally, excluding the ITA <i>Procedure and safeguard for Monitoring and Collecting Traffic Data or Information Rules</i>, relevant Indian legislation requires that all other means for acquiring the information must be taken into consideration before a direction for access can be granted.</p>
<p>Below are summaries of the relevant provisions:</p>
<ul>
<li style="text-align: justify; "><b>TA Rules 2007</b>: Any order for interception issued by the competent authority must contain reasons for the direction <b>(Section 2).</b> While issuing orders for direction, all other means for acquiring the information must be taken into consideration, and directions can only be issued if it is not possible to acquire the information by any other reasonable means <b>(Section 3).</b></li>
<li style="text-align: justify; "><b>ITA Interception and Monitoring Rules: </b>Any direction issued by the competent authority must contain reasons for such direction <b>(Section 7). </b>The competent authority must consider the possibility of acquiring the necessary information by other means and the direction can be issued only when it is not possible to acquire the information any other reasonable means <b>(Section 8).</b></li>
<li style="text-align: justify; "><b>ITA Traffic Monitoring Rules:</b> Any direction issued by the competent authority must contain reasons for the direction <b>(Section 3(3)).</b></li>
<li style="text-align: justify; "><b>UASL & ISP License: </b>As laid out in the Telegraph Act and subsequent Rules.<b> </b></li>
</ul>
<p><b>4. </b><b><i>Principle - Adequacy</i></b><i>:</i> <i>Public authorities should restrain themselves from adopting or implementing any measure of intrusion allowing access to communications or communications metadata that is not appropriate for fulfillment of the legitimate purpose that justified establishing that measure. </i></p>
<p><b> </b></p>
<p style="text-align: justify; "><b>Indian Legislation:</b> In relevant Indian legislation there are provisions that require direction for access to be specific, but there are no provisions that specifically prohibit government agencies from collecting and accessing information that is not appropriate for fulfillment of the stated purpose of the direction.</p>
<p style="text-align: justify; "><b>5. </b><b>Principle - Competent Authority</b>: <i>Authorities capable of making determinations relating to communications or communications metadata must be competent and must act with independence and have adequate resources in exercising the functions assigned to them.</i></p>
<p><b> </b></p>
<p style="text-align: justify; "><b>Indian Legislation:</b> In relevant Indian legislation it is required that directions for access to be authorized by "competent authorities". The most common authority for authorizing orders for access is the Secretary to the Government of India in the Ministry of Home Affairs, but authorization can also come from other officials depending on the circumstance. The fact that authorization for access to communications content is not from a judge has been a contested topic, as in many countries a judicial order is the minimum requirement for access to communication content. It is unclear from the legislation if adequate resources are assigned to the competent authorities.</p>
<p>Below are summaries of relevant provisions:</p>
<li style="text-align: justify; "><b>The TA Rules 2007</b>: Under the Telegraph Act the authorizing authorities are:
<ul>
<li>The Secretary to the Government of India in the Ministry of Home Affairs at the Central Level</li>
<li>The Secretary to the State Government in charge of the Home Department in the case of the State Government. </li>
<li>In unavoidable circumstances an order for interception may only be made by an officer not below the rank of a Joint Secretary to the Government of India who has been authorized by the Union Home Secretary or the State Secretary.</li>
<li>In remote areas or for operational reasons where obtaining prior directions for interception is not feasible the head or the second senior most officer of the authorized security agency at the Central level and the officers authorized in this behalf and not below the rank of Inspector of General Police. <b>(Section 1(2))</b>. </li>
<li><b>ITA Interception and Monitoring Rules: </b>Under the ITA Rules related to the interception, monitoring, and decryption of communications, the competent authorities for authorizing directions are:
<ul>
<li>The Secretary in the Ministry of Home Affairs in case of the Central Government.</li>
<li>The Secretary in charge of the Home Department, in case of a State Government or Union Territory. </li>
<li>In unavoidable circumstances any officer not below the rank of the Joint Secretary to the Government of India who has been authorized by the competent authority. </li>
<li>In remote areas or for operational reasons where obtaining prior directions is not feasible, the head or the second senior most officer of the security and law enforcement agency at the Central level or the officer authorized and not below the rank of the inspector General of Police or an officer of equivalent rank at the State or Union territory level. <b>(Section 3)</b>.</li>
</ul>
</li>
<li><b>ITA Monitoring and Collecting Traffic Data Rules:</b> Under the ITA Rules related to the monitoring and collecting of traffic data, the competent authorities who can issue and authorize directions are:
<ul>
<li>The Secretary to the Government of Indian in the Department of Information Technology under the Ministry of Communications and Information Technology. <b>(Section 2(d))</b>.</li>
<li>An employee of an intermediary may complete the following if it is in relation to the services that he is providing including: accessing stored information from computer resource for the purpose of implementing information security practices in the computer resource, determining any security breaches, computer contaminant or computer virus, undertaking forensic of the concerned computer resource as a part of investigation or internal audit. Accessing or analyzing information from a computer resource for the purpose of tracing a computer resource or any person who has contravened or is suspected of having contravened or being likely to contravene any provisions of the Act that is likely to have an adverse impact on the services provided by the intermediary. <b>(Section 9 (2))</b>. </li>
</ul>
</li>
<li style="text-align: justify; "><b>UASL & ISP License: </b>As laid out in the Telegraph Act and subsequent Rules.<b> </b> </li>
</ul>
</li>
<p><b> </b></p>
<p style="text-align: justify; "><b>6. </b><b>Principle - Proportionality</b>:<i> Public authorities should only order the preservation and access to specifically identified, targeted communications or communications metadata on a case-by-case basis, under a specified legal basis. Competent authorities must ensure that all formal requirements are fulfilled and must determine the validity of each specific attempt to access or receive communications or communications metadata, and that each attempt is proportionate in relation to the specific purposes of the case at hand. Communications and communications metadata are inherently sensitive and their acquisition should be regarded as highly intrusive. As such, requests should <b>at a minimum</b> establish a) that there is a very high degree of probability that a serious crime has been or will be committed; b) and that evidence of such a crime would be found by accessing the communications or communications metadata sought; c) other less invasive investigative techniques have been exhausted; and d) that a plan to ensure that the information collected will be only that information reasonably related to the crime and that any excess information collected will be promptly destroyed or returned. Neither the scope of information types, the number or type of persons whose information is sought, the amount of data sought, the retention of that data held by the authorities, nor the level of secrecy afforded to the request should go beyond what is demonstrably necessary to achieve a specific investigation. </i></p>
<p style="text-align: justify; "><b>Indian Legislation</b>: In relevant Indian legislation there are no comprehensive provisions that ensure proportionality of the surveillance of communications but there are provisions that contribute to ensuring proportionality. These include provisions requiring: time frames for how long law enforcement can retain accessed and collected material, directions to be issued only after there are no other means for acquiring the information, requests to contain reasons for the order, the duration for which an order can remain in force to be limited, and requests to be for specified purpose based on a particular set of premises. All of these provisions are found in the Telegraph Rules issued in 2007 and the ITA <i>Procedures and Safeguards for Interception, Monitoring, and Decryption of Information Rules</i>. None of these requirements are found in the UASL or ISP licenses, and many are missing from the ITA <i>Safeguards for Monitoring and Collecting Traffic Data or Information Rules</i>.</p>
<p style="text-align: justify; ">Though the above are steps to ensuring proportionality, Indian legislation does not provide details of how the proportionality of requests would be measured as recommended by the principle. For example, it is not required that requests for access demonstrate that evidence of the crime would be found by accessing the communications or communications metadata sought, and that information only related directly to the crime will be collected. Furthermore, Indian legislation does not place restrictions on the amount of data sought, nor the level of secrecy afforded to the request.</p>
<p>Below is a summary of the relevant provisions:</p>
<li><b>TA Rules 2007: </b>
<ul>
<li style="text-align: justify; ">Service providers shall destroy record pertaining to directions for interception of message within two months of discontinuing the interception. <b>(Section 19)</b>.</li>
<li style="text-align: justify; ">Directions for interception should only be issued only when it is not possible to acquire the information by any other reasonable means. <b>(Section 3)</b>.</li>
<li style="text-align: justify; ">The interception must be of a message or class of message from and too one particular person that is specified or described in the order or one particular set of premises specified or described in the order. <b>(Section 4)</b>. </li>
<li style="text-align: justify; ">The direction for interception will remain in force for a period of 60 days, or 180 days if the directions are renewed. <b>(Section 6)</b>.</li>
<li><b> ITA Interception and Monitoring Rules:</b>
<ul>
<li style="text-align: justify; ">Any direction issued by the competent authority must contain reasons for such direction. <b>(Section 7)</b>.</li>
<li style="text-align: justify; ">The competent authority must consider all other possibilities of acquiring the information by other means, and the direction can only be issued when it is not possible to acquire the information by any other reasonable means. <b>(Section 8)</b>.</li>
<li style="text-align: justify; ">The direction of interception, monitoring, or decryption of any information generated, transmitted, received, or stored in any computer resource etc., as may be specified or described in the direction. <b>(Section 9)</b>. </li>
<li style="text-align: justify; ">The directions for interception, monitoring, or decryption will remain in force for a period of 60 days, or 180 days if the directions are renewed. <b>(Section 10)</b>.</li>
</ul>
</li>
<li><b>ITA Traffic and Monitoring Rules</b>:
<ul>
<li style="text-align: justify; ">Any direction issued by the competent authority must contain reasons for such direction. <b>(Section 3(3))</b>.</li>
<li style="text-align: justify; ">Every record including electronic records pertaining to such directions for monitoring or collection of traffic data shall be destroyed after the expiry of nine months by the designated officer. Except when the information is needed for an ongoing investigation, the person in charge of a computer resource shall destroy records within a period of six months of discontinuing the monitoring. <b>(Section 8)</b>.</li>
</ul>
</li>
</ul>
</li>
<p><b> </b></p>
<p style="text-align: justify; "><b>7. </b><b>Principle - Due process</b>:<i> Due process requires that governments must respect and guarantee an individual’s human rights, that any interference with such rights must be authorized in law, and that the lawful procedure that governs how the government can interfere with those rights is properly enumerated and available to the general public.(9) While criminal investigations and other considerations of public security and safety may warrant limited access to information by public authorities, the granting of such access must be subject to guarantees of procedural fairness. Every request for access should be subject to prior authorization by a competent authority, except when there is imminent risk of danger to human life.(10)</i></p>
<p style="text-align: justify; "><b>Indian Legislation:</b> In the relevant Indian legislation the only guarantee for due process is that every request for access must be subject to prior authorization by a competent authority.</p>
<li><b> TA Rules 2007:</b>
<ul>
<li style="text-align: justify; ">All orders for interception must be issued by the Secretary to the Government of India in the Ministry of Home Affairs. </li>
<li><b>ITA Interception and Monitoring Rules</b>:
<ul>
<li style="text-align: justify; ">All orders for interception must be issued by the Secretary to the Government of India in the Ministry of Home Affairs. </li>
</ul>
</li>
<li><b>ITA Monitoring of Traffic Rules:</b>
<ul>
<li style="text-align: justify; ">The Secretary to the Government of India in the Department of Information Technology under the Ministry of Communications and Information Technology is the competent authority for authorizing orders.</li>
</ul>
</li>
</ul>
</li>
<p style="text-align: justify; "><b>8. </b><b>Principle - User notification</b>:<i> Notwithstanding the notification and transparency requirements that governments should bear, service providers should notify a user that a public authority has requested his or her communications or communications metadata with enough time and information about the request so that a user may challenge the request. In specific cases where the public authority wishes to delay the notification of the affected user or in an emergency situation where sufficient time may not be reasonable, the authority should be obliged to demonstrate that such notification would jeopardize the course of investigation to the competent judicial authority reviewing the request. In such cases, it is the responsibility of the public authority to notify the individual affected and the service provider as soon as the risk is lifted or after the conclusion of the investigation, whichever is sooner.</i></p>
<p><b> </b></p>
<p style="text-align: justify; "><b>Indian Legislation:</b> In relevant Indian legislation there are no provisions that require the government or service providers to notify the user that a public authority has requested his or her communication data.</p>
<p><i> </i></p>
<p style="text-align: justify; "><b>9. </b><b>Principle - Transparency about use of government surveillance</b>: <i>The access capabilities of public authorities and the process for access should be prescribed by law and should be transparent to the public. The government and service providers should provide the maximum possible transparency about the access by public authorities without imperiling ongoing investigations and with enough information so that individuals have sufficient knowledge to fully comprehend the scope and nature of the law, and when relevant, challenge it. Service providers must also publish the procedure they apply to deal with data requests from public authorities.</i></p>
<p style="text-align: justify; "><b>Indian Legislation:</b> In relevant Indian legislation there are no requirements that access capabilities of the government and the process for access must be transparent to the public. Nor are service providers required to publish the procedure applied to handle data requests from public authorities.</p>
<p><i> </i></p>
<p style="text-align: justify; "><b>10. </b><b><i>Principle - Oversight</i></b><i>:</i> <i>An independent oversight mechanism should be established to ensure transparency of lawful access requests. This mechanism should have the authority to access information about public authorities' actions, including, where appropriate, access to secret or classified information, to assess whether public authorities are making legitimate use of their lawful capabilities, and to publish regular reports and data relevant to lawful access. This is in addition to any oversight already provided through another branch of government such as parliament or a judicial authority. This mechanism must provide – at minimum – aggregate information on the number of requests, the number of requests that were rejected, and a specification of the number of requests per service provider and per type of crime. (11)</i><b> </b></p>
<p style="text-align: justify; "><b>Indian Legislation:</b> In relevant Indian legislation there are requirements for a review committee to be established.<i> </i>The review committee must meet on a bi-monthly basis and review directions to ensure that they are in accordance with the prescribed law. Currently, it is unclear from the legislation if the review committees have the authority to access information about public authorities’ actions, and currently the review committee does not publish aggregate information about the number of requests, the number of requests that were rejected, and a specification of the number of requests per service provider and per type of crime. These standards are recommended by the principle.</p>
<p>The relevant provisions are summarized below:</p>
<li><b>TA Rules 2007</b>:
<ul>
<li style="text-align: justify; ">A review committee will be constituted by a state government that consists of a chief secretary, secretary of law, secretary to the state government. The review committee shall meet at least once in two months. If the committee finds that directions are not in accordance with the mandated provisions, then the committee can order the destruction of the directions. <b>(Section 17)</b>.<b> </b>Any order issued by the competent authority must contain reasons for such directions and a copy be forwarded to the concerned review committee within a period of seven working days. <b>(Section 2)</b>.</li>
<li><b>ITA Interception and Monitoring Rules: </b>
<ul>
<li style="text-align: justify; ">Any direction issued by the competent authority must be forwarded to the review committee within a period of seven working days from issuing. The review committee is the same as constituted under rule 419A of the Indian Telegraph Rules, 1951. The review committee must meet bi-monthly and determine whether directions are in accordance with the ITA Act. If the review committee finds that the directions are not in accordance with the Act, it may issue an order for the destruction of the copies of accessed information and set aside the directions. <b>(Section 22)</b>. </li>
</ul>
</li>
<li><b>ITA Traffic Monitoring Rules: </b>
<ul>
<li style="text-align: justify; ">Any direction issued by the competent authority must be forwarded to the review committee within a period of seven working days from issuing. The review committee is the same as constituted under rule 419A of the Indian Telegraph Rules, 1951. The review committee must meet bi-monthly and determine whether directions are in accordance with the ITA Act. If the review committee finds that the directions are not in accordance with the Act, it may issue an order for the destruction of the copies of accessed information and set aside the directions. <b>(Section 7)</b>.</li>
</ul>
</li>
</ul>
</li>
<p style="text-align: justify; "><b>11. </b><b>Principles - Integrity of communications and systems</b>: <i>It is the responsibility of service providers to transmit and store communications and communications metadata securely and to a degree that is minimally necessary for operation. It is essential that new communications technologies incorporate security and privacy in the design phases. In order, in part, to ensure the integrity of the service providers’ systems, and in recognition of the fact that compromising security for government purposes almost always compromises security more generally, governments shall not compel service providers to build surveillance or monitoring capability into their systems. Nor shall governments require that these systems be designed to collect or retain particular information purely for law enforcement or surveillance purposes. Moreover, a priori data retention or collection should never be required of service providers and orders for communications and communications metadata preservation must be decided on a case-by-case basis. Finally, present capabilities should be subject to audit by an independent public oversight body.</i></p>
<p><b> </b></p>
<p style="text-align: justify; "><b>Indian Legislation:</b> In relevant Indian legislation there are a number of security measures that must be put in place but these are predominantly actions that must be taken by service providers, and do not pertain to intelligence agencies. Furthermore, many provisions found in the ITA<i> Procedure and Safeguards for Interception, Monitoring, and Decryption of Information Rules</i>, and the ISP and UASL licenses include requirements for service providers to provide monitoring facilities and technical assistance, require information to be retained specifically for law enforcement purposes, and require service providers to comply with a-priori data retention mandates. In the ISP and UASL license, service providers are audited and inspected to ensure compliance with requirements listed in the license, but it unclear from the legislation if the access capabilities of government or governmental agencies are audited by an independent public oversight body. This standard is recommended by the principle.</p>
<p><b> </b></p>
<p>Relevant provisions are summarized below:</p>
<li style="text-align: justify; "><b>TA Rules 2007</b>: The service provider must put in place internal checks to ensure that unauthorized interception of messages does not take place. <b>(Section 14)</b> Service providers are also responsible for actions of their employees. In the case of unauthorized interception or a breach in security, service providers can be held liable for up to three years in prison, fines, and revocation of the service providers licenses depending on the nature and scale of the violation. <b>(Section 20, 20A 21, 23).</b></li>
<li style="text-align: justify; "><b> ITA Interception and Monitoring Rules: </b>The intermediary or person in charge of the computer resources must put in place adequate and effective internal checks to ensure that unauthorized interception of communications does not take place and extreme secrecy is maintained and utmost care and precaution taken in the matter of interception or monitoring or decryption of information as it affects privacy of citizens and also that it is handled only by the designated officers of the intermediary. <b>(Section 20)</b>. </li>
<li style="text-align: justify; "><b> ITA Traffic Monitoring Rules</b>: The intermediary or person in charge of the computer resources must put in place adequate and effective internal checks to ensure that unauthorized interception of communications does not take place and extreme secrecy is maintained and utmost care and precaution taken in the matter of interception or monitoring or decryption of information as it affects privacy of citizens and also that it is handled only by the designated officers of the intermediary. <b>(Section 5&6)</b>.</li>
<li style="text-align: justify; "><b>UASL License:</b> The intermediary or service provider is responsible for ensuring the protection of privacy of communication and to ensure that unauthorized interception of messages does not take place. <b>(Section 39.1, Section 39.2, Section 41.4)</b>.</li>
<li style="text-align: justify; "><b>ISP License:</b> The ISP has the responsibility of ensuring that unauthorized interception of messages does not take place. <b>(Section 32.1)</b> The ISP must take all necessary steps to safeguard the privacy and confidentiality of an information about a third party and its business and will do its best endeavor to ensure that no information, except what is necessary is divulged, and no employee of the ISP seeks information other than is necessary for the purpose of providing service to the third party. <b>(Section 32.2</b>) The ISP must also take necessary steps to ensure that any person acting on its behalf observe confidentiality of customer information. <b>(Section 32.3)</b>.</li>
<p>Provisions requiring the provision of facilities, assistance, and retention:</p>
<li><b>ITA Interception and Monitoring Rules: </b>
<ul>
<li style="text-align: justify; ">The intermediary must provide all facilities, co-operation for interception, monitoring, and decryption of information mentioned in the direction <b>(Section 13(2))</b>.</li>
<li style="text-align: justify; ">If a decryption direction or copy is handed to the decryption key holder to whom the decryption direction is addressed by the nodal officer, the decryption key holder must disclose the decryption key or provide the decryption assistance. <b>(Section 17)</b>. </li>
</ul>
</li>
<li><b>ITA Monitoring of Traffic Rules: </b>
<ul>
<li style="text-align: justify; ">The intermediary must extend all facilities, co-operation and assistance in installation, removal and testing of equipment and also enable online access to the computer resource for monitoring and collecting traffic data or information. <b>(Section 4(7))</b>.</li>
</ul>
</li>
<li><b>UASL License: </b>
<ul>
<li style="text-align: justify; ">The service provider cannot employ bulk encryption equipment in its network, and any encryption equipment connected to the licensee’s network for specific requirements must have prior evaluation an approval of the licensor. <b>(Section 39.1)</b>. </li>
<li style="text-align: justify; ">The service provider must provide all tracing facilities to trace nuisance, obnoxious or malicious calls, messages or communications transported through the equipment and network to authorized officers of the government for purposes of national security.<b>(Section 40.4)</b>.<b> </b></li>
<li style="text-align: justify; ">Suitable monitoring equipment as may be prescribed for each type of system used will be provided by the service provider for monitoring as and when required by the licensor. <b>(Section 41.7)</b>.</li>
<li style="text-align: justify; ">The designated person of the Central/State Government as conveyed to the Licensor from time to time in addition to the licensor or its nominee shall have the right to monitor the telecommunication traffic in every MSC/Exchange/MGC/MG. The service provider must make arrangements for the monitoring of simultaneous calls by Government security agencies. In case the security agencies intend to locate the equipment at the service provider’s premises for facilitating monitoring, the service provider should extend all support in this regard including space and entry of the authorized security personnel. The interface requirements as well as features and facilities as defined by the licensor should be implemented by the service provider for both data and speech. Presently, the service provider should ensure suitable redundancy in the complete chain of monitoring equipment for trouble free operations of monitoring of at least 210 simultaneous calls for seven security agencies. <b>(Section 41.10)</b>.</li>
<li style="text-align: justify; ">The service provider must also make the following records available: called/calling party mobile/PSTN numbers, Time/date and duration of interception, location of target subscribers, telephone numbers if any call-forwarding feature has been invoked by the target subscriber, data records for even failed attempts, and call data record of roaming subscribers. <b>(Section 41.10)</b>.</li>
<li style="text-align: justify; ">The service provider shall provide the facility to carry out surveillance of Mobile Terminal activity within a specified area. <b>(Section 41.11)</b>.</li>
<li style="text-align: justify; ">The complete list of subscribers must be made available by the service provider on their website to authorized intelligence agencies. This list must be updated on a regular basis. Hard copies of the list must also be made available to security agencies when requested. <b>(Section 41.14)</b>. The database of subscribers must also be made available to the licensor or its representatives. <b>(Section 41.16)</b>.</li>
<li style="text-align: justify; ">The service provider must maintain all commercial records with regard to the communications exchanged on the network. All records must be archived for at least one year. <b>(Section 41.17)</b>.</li>
<li style="text-align: justify; ">Calling Line Identification must be provided and the network should also support Malicious Call Identification.<b> (Section 41.18)</b>.</li>
<li style="text-align: justify; ">Information about bulk connections must be forwarded to the VTM Cell of DoT, DDG (Security) DoT, and any other officer authorized by the Licensor from time to time as well as Security Agencies on a monthly basis <b>(Section 41.19)</b>.</li>
<li style="text-align: justify; ">Subscribers having CLIR should be listed in a password protected website with their complete address and details so that authorized Government agencies can view or download for detection and investigation of misuse. <b>(Section 41.19(iv))</b>.</li>
<li style="text-align: justify; ">The service provider must provide traceable identities of their subscribers. If the subscriber is roaming from another foreign company, the Indian Company must try to obtain traceable identities from the foreign company as part of its roaming agreement. <b>(41.20 (ix))</b>.</li>
<li style="text-align: justify; ">On request by the licensor or any other agency authorized by the licensor, the licensee must be able to provide the geographical location (BTS location) of any subscriber at any point of time. <b>(41.20 (x))</b></li>
<li style="text-align: justify; ">Suitable technical devices should be made available at the Indian end to designated security agency/licensor in which a mirror image of the remote access information is available on line for monitoring purposes. <b>(41.20 (xiv))</b>. </li>
<li>A complete audit trail of the remote access activities pertaining to the network operated in India should be maintained for a period of six months and provided on request to the licensor. <b>(Section 41.20 (xv))</b>.</li>
<li>For monitoring traffic, the service provider should provide access of their network and other facilities as well as to books of accounts to the security agencies. <b>(Section 41.20 (xx))</b>.</li>
</ul>
</li>
<li><b>ISP License:</b>
<ul>
<li style="text-align: justify; ">The ISP must ensure that Bulk Encryption is not deployed by ISPs. Individuals/groups /organizations can use encryption up to 40 bit key length without obtaining permission from the licensor. If encryption equipments higher than this limit are deployed, individuals/groups/organizations must obtain prior written permission from the licensor and deposit the decryption key. <b>(Section 2.2(vii))</b>. </li>
<li style="text-align: justify; ">The ISP must furnish to the licensor/TRAI on demand documents, accounts, estimates, returns, reports, or other information. <b>(Section 9.1)</b>.</li>
<li style="text-align: justify; ">The ISP will provide tracing facilities to trace nuisance, obnoxious or malicious calls, messages or communications transported through his equipment and network when such information is necessary for investigations or detection of crimes and in the interest of national security. <b>(Section 33.4)</b>.</li>
<li style="text-align: justify; ">The ISP will provide the necessary facilities for continuous monitoring of the system, as required by the licensor or its authorized representatives. <b>(Section 30.1)</b>.</li>
<li style="text-align: justify; ">The ISP shall provide necessary facilities depending upon the specific situation at the relevant time to the Government to counteract espionage, subversive acts, sabotage or any other unlawful activity. <b>(Section 34.1)</b>.</li>
<li style="text-align: justify; ">In the interests of security, suitable monitoring equipment as may be prescribed for each type of system used, which will be provided by the licensee. <b>(Section 34.4)</b>.</li>
<li style="text-align: justify; ">The designated person of the Central/State Government or its nominee will have the right to monitor the telecommunication traffic. The ISP will make arrangements for monitoring simultaneous calls by Government security agencies. <b>(Section 34.6)</b>.</li>
<li style="text-align: justify; ">The ISP must install infrastructure in the service area with respect to: Internet telephony services offered by the ISP for processing, routing, directing, managing, authenticating the internet telephony calls including the generation of Call Details Record (CDR), called IP address, called numbers, date , duration, time and charges of internet telephony calls. <b>(Section 34.7)</b>.</li>
<li style="text-align: justify; ">ISPs must maintain a log of all users connected and the service that they are using (mail, telnet, http etc.). The ISPs must log every outward login or telnet through their computers. These logs as well as copies of all the packets originating from the Customer Premises Equipment of the ISP must be made available in real time to the Telecom Authority. <b>(Section 34.8)</b>.<b> </b></li>
<li style="text-align: justify; ">The ISP should provide the facility to carry out surveillance of Mobile Terminal activity within a specified area. <b>(Section 34.9)</b>.</li>
<li style="text-align: justify; ">The complete list of subscribers must be made available by the ISP on their website so that intelligence agencies can obtain the subscriber list at any time. <b>(Section 34.12)</b>.</li>
<li style="text-align: justify; ">The list of Internet leased line customers and sub-costumers must be placed on a password protected website with the following information: Name of customer, IP address allotted, bandwidth provided, address of installation, date of installation, contact person with phone number and email. This information should be accessible to authorized Government agencies.<b> (Section 34.13)</b>. </li>
<li style="text-align: justify; ">Monitoring of high UDP traffic value and to check for cases where upstream UDP traffic is similar to downstream UDP traffic and monitor such customer monthly with physical verification and personal identity. <b>(Section 34.15)</b>.</li>
<li style="text-align: justify; ">The licensor will have access to the database relating to the subscribers of the ISP. The ISP must make available at any instant the details of the subscribers using the service. <b>(Section 34.22)</b>. </li>
<li style="text-align: justify; ">The ISP must maintain all commercial records with regard to the communications exchanged on the network for at least one year and will be destroyed unless directed otherwise. <b>(Section 34.23)</b>.</li>
<li style="text-align: justify; ">Every international gateway with a route/switch having a capacity of 2Mbps must be equipped with a monitoring Centre at the cost of the ISP. The cost of meeting the requirements of the security agencies, the cost of maintenance of the monitoring equipment and infrastructure must be borne by the ISP. <b>(Section 34.27 (a(i))</b>.</li>
<li style="text-align: justify; ">Office space of 10 by 10 feet with adequate power supply and air-conditioning must be provided by the ISP free of cost. <b>(Section 34.27 (a(ii))</b> One local exclusive telephone must be made available by the ISP at the monitoring centre at the cost of the ISP. <b>(Section 34.27 (a(iii))</b>.</li>
<li style="text-align: justify; ">Each route/switch of the ISP should be connected by the LAN operating at the same speed as the router/switch; the monitoring equipment will be connected to this network. <b>(Section 34.27 (a(v))</b>.</li>
<li style="text-align: justify; ">The ISP must provide traceable identity of their subscribers. In the case of roaming subscribers the ISP must try to obtain the traceable identity of roaming subscribers from the foreign company. <b>(Section 34.27 (ix))</b>.</li>
<li style="text-align: justify; ">On request of the licensor or any other authorized agency, the ISP must be able to provide the geographical location of any subscriber (BTS location of wireless subscriber) at a given point of time. <b>(Section 34.27 (x))</b>.</li>
<li style="text-align: justify; ">Suitable technical devices should be made available to designated security agencies in which a mirror image of the remote access information is available on line for monitoring purposes. <b>(Section 34.27 (xiv))</b>.</li>
<li style="text-align: justify; ">A complete audit trail of the remote access activities pertaining to the network operated in India should be maintained for a period of six months and provided on request. <b>(Section 34.27 (xv))</b>.</li>
<li style="text-align: justify; ">ISPs must provide access of their network and other facilities, as well as books to security agencies. <b>(Section 34.27 (xx))</b>.</li>
</ul>
</li>
<p> </p>
<p><b> </b></p>
<p style="text-align: justify; "><b>12. </b><b>Principle - Safeguards for international cooperation</b>:<i> In response to changes in the flows of information and the technologies and services that are now used to communicate, governments may have to work across borders to fight crime. Mutual legal assistance treaties (MLATs) should ensure that, where the laws of more than one state could apply to communications and communications metadata, the higher/highest of the available standards should be applied to the data. Mutual legal assistance processes and how they are used should also be clearly documented and open to the public. The processes should distinguish between when law enforcement agencies can collaborate for purposes of intelligence as opposed to sharing actual evidence. Moreover, governments cannot use international cooperation as a means to surveil people in ways that would be unlawful under their own laws. States must verify that the data collected or supplied, and the mode of analysis under MLAT, is in fact limited to what is permitted. In the absence of an MLAT, service providers should not respond to requests of the government of a particular country requesting information of users if the requests do not include the same safeguards as providers would require from domestic authorities, and the safeguards do not match these principles. </i></p>
<p style="text-align: justify; "><b>Indian Legislation:</b> India currently has signed 32 MLAT treaties with other countries, each with its own provisions and conditions relating to access to information. The provisions of the Information Technology Act 2000 apply to any contravention of the Act that is committed outside of India, thus the Rules related to interception, monitoring, decryption etc. would apply to any contravention of the Act outside of India. The provisions of the Indian Telegraph Act only apply to communications within India, but the licenses do specify when information held by service providers cannot be transferred across borders.</p>
<p>Below is a summary of the relevant provisions:</p>
<li style="text-align: justify; "><b>ITA 2000</b>: The Act will extend to the whole of India, and applies to any offence or contravention committed outside India by any person. <b>(Section 1(2))</b> </li>
<li style="text-align: justify; "><b>UASL License:</b> The service provider cannot transfer any accounting information relating to the subscriber or user information to any person or place outside of India (this does not restrict a statutorily required disclosure of financial nature. <b>(section (41.20 (viii))</b></li>
<li style="text-align: justify; "><b>ISP License:</b> For security reasons, domestic traffic of such entities as identified by the licensor will not be hauled or route to any place outside of India. <b>(Section 34.28 (iii)) </b>ISPs shall also not transfer accounting information relating to the subscriber or user information to any person or place outside of India (this does not restrict a statutorily required disclosure of financial nature) <b>(Section 34.28 (viii))</b></li>
<p style="text-align: justify; "><b>13. </b><b><i>Principle - Safeguards against illegitimate access</i></b><i>: To protect individuals against unwarranted attempts to access communications and communications metadata, governments should ensure that those authorities and organizations who initiate, or are complicit in, unnecessary, disproportionate or extra-legal interception or access are subject to sufficient and significant dissuasive penalties, including protection and rewards for whistleblowers, and that individuals affected by such activities are able to access avenues for redress. Any information obtained in a manner that is inconsistent with these principles is inadmissible as evidence in any proceeding, as is any evidence derivative of such information. </i></p>
<p style="text-align: justify; "><b>Indian Legislation:</b> Though relevant Indian legislation does provide penalty for unauthorized interception or access, the penalty applies only to service providers, and does not hold governmental agencies responsible. Currently there are no avenues of redress for the individual, and there are no protections or rewards for whistleblowers. Both of these safeguards are recommended by the principle.</p>
<p>The relevant provisions are summarized below:</p>
<li style="text-align: justify; "><b>TA Rules 2007:</b> The Telegraph Act: The service provider must put in place internal checks to ensure that unauthorized interception of messages does not take place. <b>(Section 14)</b> Service providers are also responsible for actions of their employees. In the case of unauthorized interception or a breach in security on the part of the service provider, service providers can be held liable with penalty of imprisonment from 1 to 3 years and or a fine of rs.500 – 1000 depending on the exact violation<b>. (Section 20, 20A, 23, and 24 Indian Telegraph Act)</b>.</li>
<li style="text-align: justify; "><b> ITA Interception and Monitoring Rules:</b> The intermediary must be responsible for the actions of their employees and in the case of violation pertaining to the maintenance of secrecy and confidentiality of intercepted material or unauthorized interception, monitoring, or decrypting of information – the intermediary will be held liable under the relevant provisions of the laws in force. <b>(Section 21)</b>. </li>
<li style="text-align: justify; "><b> ITA Traffic Monitoring Rules:</b> The intermediary must be responsible for the actions of their employees and in the case of violation pertaining to the maintenance of secrecy and confidentiality of intercepted material or unauthorized interception, monitoring, or decrypting of information – the intermediary will be held liable under the relevant provisions of the laws in force. <b>(Section 6)</b>.</li>
<li><b>UASL License: </b>
<ul>
<li style="text-align: justify; ">In order to maintain privacy of voice and data, monitoring must be done in accordance with the 2007 Rules established under the Indian Telegraph Act, 1885. <b>(Section 41.20 (xix))</b>.</li>
<li style="text-align: justify; ">Any damage arising from the failure of the service provider to provider tracing assistance to the government for purposes of national security is payable by the service provider. <b>(Section 40.4)</b>.</li>
</ul>
</li>
<li><b>ISP License:</b>
<ul>
<li style="text-align: justify; ">In order to maintain the privacy of voice and data, monitoring can only be carried out after authorization by the Union Home Secretary or Home Secretaries of the State/Union Territories. <b>(Section 34.28 (xix))</b>.</li>
<li style="text-align: justify; ">The ISP indemnifies the licensor against all actions brought against the licensor for breach of privacy or unauthorized interruption of data transmitted by the subscribers. <b>(Section 8.4)</b>.</li>
<li style="text-align: justify; ">Any damages that occur from non-compliance on the part of the ISP must be paid by the ISP. <b>(Section 33.4)</b>.</li>
</ul>
</li>
<p style="text-align: justify; "><b>14. </b><b><i>Principle - Cost of surveillance</i></b><b><i>:</i></b><i> The financial cost of providing access to user data should be borne by the public authority undertaking the investigation. Financial constraints place an institutional check on the overuse of orders, but the payments should not exceed the service provider’s actual costs for reviewing and responding to orders, as such would provide a perverse financial incentive in opposition to user’s rights.</i></p>
<p style="text-align: justify; "><b>Indian Legislation:</b> In India, the ISP and the UASL licenses specifically state that the cost of providing facilities must be borne by the service provider. Though the ITA Interception and Monitoring Rules do require intermediaries to provide facilities, it is not clear from the Rules where the burden of the cost will fall. Currently, there are no requirements that the cost of access to user data should be borne by the public authority undertaking the investigation. This standard is recommended by the principle.</p>
<p>Below are summaries of relevant provisions:</p>
<li><b>UASL License</b>:
<ul>
<li style="text-align: justify; "> Any damage arising from the failure of the service provider to provider tracing assistance to the government for purposes of national security is payable by the service provider. <b>(Section 40.4)</b>.</li>
<li style="text-align: justify; ">Suitable monitoring equipment as may be prescribed for each type of system used will be provided by the service provider for monitoring as and when required by the licensor. <b>(Section 41.7)</b>.</li>
<li style="text-align: justify; ">The hardware and software required for the monitoring of calls must be engineered, provided/installed, and maintained by the service provider at the service providers cost. However the respective Government instrumentality must bear the cost of the user end hardware and leased line circuits from the MSC/Exchange/MGC/MG to the monitoring centers to be located as per their choice in their premises. <b>(Section 41.10)</b>.</li>
<li style="text-align: justify; ">The service provider must ensure that the necessary provision (hardware/software) is available in their equipment for doing the Lawful Interception and monitoring from a centralized location. <b>(Section 41.20 (xvi))</b>.</li>
<li><b>ISP License:</b>
<ul>
<li style="text-align: justify; ">Any damages that occur from non-compliance on the part of the ISP must be paid by the ISP. <b>(Section 33.4)</b>.</li>
<li style="text-align: justify; ">The hardware at the ISP end and the software required for monitoring of calls must be engineered, provided/installed, and maintained by the ISP. <b>(Section 34.7)</b>. </li>
<li style="text-align: justify; ">Every international gateway with a route/switch having a capacity of 2Mbps must be equipped with a monitoring Centre at the cost of the ISP. The cost of meeting the requirements of the security agencies, the cost of maintenance of the monitoring equipment and infrastructure must be borne by the ISP. <b>(Section 34.27 (a(i))</b>.</li>
<li style="text-align: justify; ">Office space of 10 by 10 feet with adequate power supply and air-conditioning must be provided by the ISP free of cost. <b>(Section 34.27 (a(ii))</b> One local exclusive telephone must be made available by the ISP at the monitoring centre at the cost of the ISP. <b>(Section 34.27 (a(iii))</b>.</li>
</ul>
</li>
</ul>
</li>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/comparison-of-indian-legislation-and-draft-principles-on-surveillance-of-communications'>https://cis-india.org/internet-governance/blog/comparison-of-indian-legislation-and-draft-principles-on-surveillance-of-communications</a>
</p>
No publisherelonnaiSAFEGUARDSInternet GovernancePrivacy2013-07-12T15:40:51ZBlog EntryA Case for Greater Privacy Paternalism?
https://cis-india.org/internet-governance/blog/a-case-for-greater-privacy-paternalism
<b>This is the second part of a series of three articles exploring the issues with the privacy self management framework and potential alternatives. </b>
<div align="left"> </div>
<h3 align="left" style="text-align: justify;">The first part of the series can be accessed <a class="external-link" href="http://cis-india.org/internet-governance/blog/a-critique-of-consent-in-information-privacy">here</a>.</h3>
<p align="left"> </p>
<h3 align="left" style="text-align: justify;">Background</h3>
<p align="left" style="text-align: justify;">The current data privacy protection framework across most jurisdictions is built around a rights based approach which entrusts the individual with having the wherewithal to make informed decisions about her interests and well-being.<a name="_ftnref1" href="#_ftn1"><sup><sup>[1]</sup></sup></a> In his book, <em>The Phantom Public</em>, published in 1925, Walter Lippmann argues that the rights based approach is based on the idea of a sovereign and omnicompetent citizens, who can direct public affairs, however, this idea is a mere phantom or an abstraction. <a name="_ftnref2" href="#_ftn2"><sup><sup>[2]</sup></sup></a> Jonathan Obar, Assistant Professor of Communication and Digital Media Studies in the Faculty of Social Science and Humanities at University of Ontario Institute of Technology, states that Lippmann's thesis remains equally relevant in the context of current models of self-management, particularly for privacy.<a name="_ftnref3" href="#_ftn3"><sup><sup>[3]</sup></sup></a> In <a href="http://cis-india.org/internet-governance/blog/a-critique-of-consent-in-information-privacy">the previous post</a>, Scott Mason and I had looked at the limitations of a 'notice and consent' regime for privacy governance. Having established the deficiencies of the existing framework for data protection, I will now look at some of the alternatives proposed that may serve to address these issues.</p>
<p align="left" style="text-align: justify;">In this article, I will look at paternalistic solutions posed as alternatives to the privacy self-management regime. I will look at theories of paternalism and libertarianism in the context of privacy and with reference to the works of some of the leading philosophers on jurisprudence and political science. The paper will attempt to clarify the main concepts and the arguments put forward by both the proponents and opponents of privacy paternalism. The first alternative solution draws on Anita Allen's thesis in her book, <em>Unpopular Privacy</em>,<a name="_ftnref4" href="#_ftn4"><sup><sup>[4]</sup></sup></a> which deals with the questions whether individuals have a moral obligation to protect their own privacy. Allen expands the idea of rights to protect one's own self interests and duties towards others to the notion that we may have certain duties not only towards others but also towards ourselves because of their overall impact on the society. In the next section, we will look at the idea of 'libertarian paternalism' as put forth by Cass Sunstein and Richard Thaler<a name="_ftnref5" href="#_ftn5"><sup><sup>[5]</sup></sup></a> and what its impact could be on privacy governance.</p>
<p align="left" style="text-align: justify;"><strong>Paternalism</strong></p>
<p align="left" style="text-align: justify;">Gerald Dworkin, Professor Emeritus at University of California, Davis, defines paternalism as "interference of a state or an individual with another person, against their will, and defended or motivated by a claim that the person interfered with will be better off or protected from harm." <a name="_ftnref6" href="#_ftn6"><sup><sup>[6]</sup></sup></a> Any act of paternalism will involve some limitation on the autonomy of the subject of the regulation usually without the consent of the subject, and premised on the belief that such act shall either improve the welfare of the subject or prevent it from diminishing.<a name="_ftnref7" href="#_ftn7"><sup><sup>[7]</sup></sup></a> Seana Shiffrin, Professor of Philosophy and Pete Kameron Professor of Law and Social Justice at UCLA, takes a broader view of paternalism and includes within its scope not only matters which are aimed at improving the subject's welfare, but also the replacement of the subject's judgement about matters which may otherwise have lied legitimately within the subject's control.<a name="_ftnref8" href="#_ftn8"><sup><sup>[8]</sup></sup></a> In that sense, Shiffrin's view is interesting for it dispenses with both the requirement for active interference, and such act being premised on the subject's well-being.</p>
<p align="left" style="text-align: justify;">The central premise of John Stuart Mill's <em>On Liberty</em> is that the only justifiable purpose to exert power over the will of an individual is to prevent harm to others. "His own good, either physical or moral," according to Mill, "is not a sufficient warrant." However, various scholars over the years have found Mill's absolute prohibition problematic and support some degree of paternalism. John Rawls' Principle of Fairness, for instance has been argued to be inherently paternalistic. If one has to put it in a nutshell, the aspect about paternalism that makes it controversial is that it involves coercion or interference, which in any theory of normative ethics or political science needs to be justified based on certain identified criteria. Staunch opponents of paternalism believe that this justification can never be met. Most scholars however, do not argue that all forms of paternalism are untenable and the bulk of scholarship on paternalism is devoted to formulating the conditions under which this justification is satisfied.</p>
<p align="left" style="text-align: justify;">Paternalism interferes with self-autonomy in two ways according to Peter de Marneffe, the Professor of Philosophy at the School of Historical, Philosophical and Religious Studies, Arizona State University.<a name="_ftnref9" href="#_ftn9"><sup><sup>[9]</sup></sup></a> The first is the prohibition principle, under which a person's autonomy is violated by being prohibited from making a choice. The second is the opportunity principle which undermines the autonomy of a person by reducing his opportunities to make a choice. Both the cases should be predicated upon a finding that the paternalistic act will lead to welfare or greater autonomy. According to de Marneffe, there are three conditions under which such acts of paternalism are justified - the benefits of welfare should be substantial, evident and must outweigh the benefits of self-autonomy.<a name="_ftnref10" href="#_ftn10"><sup><sup>[10]</sup></sup></a></p>
<p align="left" style="text-align: justify;">There are two main strands of arguments made against paternalism.<a name="_ftnref11" href="#_ftn11"><sup><sup>[11]</sup></sup></a> The first argues that interference with the choices of informed adults will always be an inferior option to letting them decide for themselves, as each person is the 'best judge' of his or her interests. The second strand does not engage with the question about whether paternalism can make better decisions about individuals, but states that any benefit derived from the paternalist act is outweighed by the harm of violation of self-autonomy. Most proponents of soft-paternalism build on this premise by trying to demonstrate that not all paternalistic acts violate self-autonomy. There are various forms of paternalism that we do not question despite them interfering with our autonomy - seat belt laws and restriction of tobacco advertising being a few of them. If we try to locate arguments for self-autonomy in the Kantian framework, it refers not just to the ability to do what one chooses, but to rational self-governance.<a name="_ftnref12" href="#_ftn12"><sup><sup>[12]</sup></sup></a> This theory automatically "opens the door for justifiable paternalism."<a name="_ftnref13" href="#_ftn13"><sup><sup>[13]</sup></sup></a> In this paper, I assume that certain forms of paternalism are justified. In the remaining two section, I will look at two different theories advocating greater paternalism in the context of privacy governance and try to examine the merits and issues with such measures.</p>
<p align="left" style="text-align: justify;"><strong>A moral obligation to protect one's privacy</strong></p>
<p align="left" style="text-align: justify;">Modest Paternalism</p>
<p align="left" style="text-align: justify;">In her book, <em>Unpopular Privacy</em>,<a name="_ftnref14" href="#_ftn14"><sup><sup>[14]</sup></sup></a> Anita Allen states that enough emphasis is not placed by people on the value of privacy. The right of individuals to exercise their free will and under the 'notice and consent' regime, give up their rights to privacy as they deem fit is, according to her, problematic. The data protection law in most jurisdictions, is designed to be largely value-neutral in that it does not sit on judgement on what is the nature of information that is being revealed and how the collector uses it. Its primary emphasis is on providing the data subject with information about the above and allowing him to make informed decisions. In <a href="http://cis-india.org/internet-governance/blog/a-critique-of-consent-in-information-privacy">my previous post</a>, Scott Mason and I had discussed that with online connectivity becomes increasingly important to participation in modern life, the choice to withdraw completely is becoming less and less of a genuine option.<a name="_ftnref15" href="#_ftn15"><sup><sup>[15]</sup></sup></a> Lamenting that people put little emphasis on privacy and often give away information which, upon retrospection and due consideration, they would feel, they ought not have disclosed, Allen proposes what she calls 'modest paternalism' in which regulations mandate that individuals do not waive their privacy is certain limited circumstances.</p>
<p align="left" style="text-align: justify;">Allen acknowledges the tension between her arguments in favor of paternalism and her avowed support for the liberal ideals of autonomy and that government interference should be limited, to the extent possible. However, she tries to make a case for greater paternalism in the context of privacy. She begins by categorizing privacy as a "primary good" essential for "self respect, trusting relationships, positions of responsibility and other forms of flourishing." In another article, Allen states that this "technophilic generation appears to have made disclosure the default rule of everyday life."<a name="_ftnref16" href="#_ftn16"><sup><sup>[16]</sup></sup></a> Relying on various anecdotes and examples of individuals' disregard for privacy, she argues that privacy is so "neglected in contemporary life that democratic states, though liberal and feminist, could be justified in undertaking a rescue mission that includes enacting paternalistic privacy laws for the benefit of un-eager beneficiaries." She does state that in most cases it may be more advantageous to educate and incentivise individuals towards making choices that favor greater privacy protection. However, in exceptional cases, paternalism would be justified as a tool to ensure greater privacy.</p>
<p align="left" style="text-align: justify;">A duty towards oneself</p>
<p align="left" style="text-align: justify;">In an article for the Harvard Symposium on Privacy in 2013, Allen states that laws generally provide a framework built around rights of individuals that enable self-protection and duties towards others. G A Cohen describes Robert Nozick's views which represents this libertarian philosophy as follows: "The thought is that each person is the morally rightful owner of himself. He possesses over himself, as a matter of moral right, all those rights that a slaveholder has over a chattel slave as a matter of legal right, and he is entitled, morally speaking, to dispose over himself in the way such a slaveholder is entitled, legally speaking, to dispose over his slave."<a name="_ftnref17" href="#_ftn17"><sup><sup>[17]</sup></sup></a> As per the libertarian philosophy espoused by Nozick, everyone is licensed to abuse themselves in the same manner slaveholders abused their slaves.</p>
<p align="left" style="text-align: justify;">Allen asks the question whether there is a duty towards oneself and if such a duty exists, should it be reflected in policy or law. She accepts that a range of philosophers consider the idea of duties to oneself as illogical or untenable. <a name="_ftnref18" href="#_ftn18"><sup><sup>[18]</sup></sup></a> Allen, however relies on the works of scholars such as Lara Denis, Paul Eisenberg and Daniel Kading who have located such a duty. She develops a schematic of two kinds of duties - first order duties that requires we protect ourselves for the sake of others, and second order, derivative duties that we protect ourself. Through the essay, she relies on the Kantian framework of categorical imperative to build the moral thrust of her arguments. Kantian view of paternalism would justify those acts which interfere with an individual's autonomy in order to prevent her from exercising her autonomy irrationally, and draw her towards rational end that agree with her conception of good.<a name="_ftnref19" href="#_ftn19"><sup><sup>[19]</sup></sup></a> However, Allen goes one step further and she locates the genesis for duties to both others (perfect duties) and oneself (imperfect duties) in the categorical imperative . Her main thesis is that there are certain situations where we have a moral duty to protect our own privacy where failure to do so would have an impact on either specific others or the society, at large.</p>
<p align="left" style="text-align: justify;">Issues</p>
<p align="left" style="text-align: justify;">Having built this interesting and somewhat controversial premise, Allen does not sufficiently expand upon it to present a nuanced solution. She provides a number of anecdotes but does not formulate any criteria for when privacy duties could be self-regarding. Her test for what kinds of paternalistic acts are justified is also extremely broad. She argues for paternalism where is protects privacy rights that "enhance liberty, liberal ways of life, well-being and expanded opportunity." She does not clearly define the threshold for when policy should move from incentives to regulatory mandate nor does she elaborate upon what forms paternalism would both serve the purpose of protecting privacy as well as ensuring that there is no unnecessary interference with the rights of individual.<a name="_ftnref20" href="#_ftn20"><sup><sup>[20]</sup></sup></a></p>
<p align="left" style="text-align: justify;"><strong>Nudge and libertarian paternalism</strong></p>
<p align="left" style="text-align: justify;">What is nudge?</p>
<p align="left" style="text-align: justify;">In 2006, Richard Thaler and Cass Sunstein published their book <em>Nudge: Improving decisions about health, wealth and happiness</em>. <a name="_ftnref21" href="#_ftn21"><sup><sup>[21]</sup></sup></a> The central thesis of the book is that in order to make most of decisions, we rely on a menu of options made available to us and the order and structure of choices is characterised by Thaler and Sunstein as "choice architecture." According to them, the choice architecture has a significant impact on the choices that we make. The book looks at examples from a food cafeteria, the position of restrooms and how whether the choice is to opt-in or opt-out influences the retirement plans that were chosen. This choice architecture influences our behavior without coercion or a set of incentives, as conventional public policy theory would have us expect. The book draws on work done by cognitive scientists such as Daniel Kahneman<a name="_ftnref22" href="#_ftn22"><sup><sup>[22]</sup></sup></a> and Amos Tversky<a name="_ftnref23" href="#_ftn23"><sup><sup>[23]</sup></sup></a> as well as Thaler's own research in behavioral economics. <a name="_ftnref24" href="#_ftn24"><sup><sup>[24]</sup></sup></a> The key takeaway from cognitive science and behavioral economics used in this book is that choice architecture influences our actions in anticipated ways and leads to predictably irrational behavior. Thaler and Sunstein believe that this presents a great potential for policy makers. They can tweak the choice architecture in their specific domains to influence the decisions made by its subjects and nudge them towards behavior that is beneficial to them and/or the society.</p>
<p align="left" style="text-align: justify;">The great attraction of the argument made by Thaler and Sunstein is that it offers a compromise between forbearance and mandatory regulation. If we identify the two ends of the policy spectrum as - a) paternalists who believe in maximum interference through legal regulations that coerce behavior to meet the stated goals of the policy, and b) libertarians who believe in the free market theory that relies on the individuals making decisions in their best interests, 'nudging' falls somewhere in the middle, leading to the oxymoronic yet strangely apt phrase, "libertarian paternalism." The idea is to design choices in such as way that they influence decision-making so as to increase individual and societal welfare. In his book, <em>The Laws of Fear</em>, Cass Sunstein argues that the anti-paternalistic position is incoherent as "there is no way to avoid effects on behavior and choices."</p>
<p align="left" style="text-align: justify;">The proponents of libertarian paternalism refute the commonly posed question about who decides the optimal and desirable results of choice architecture, by stating that this form of paternalism does not promote a perfectionist standard of welfare but an individualistic and subjective standard. According to them, choices are not prohibited, cordoned off or made to carry significant barriers. However, it is often difficult to conclude what it is that is better for the welfare of people, even from their own point of view. The claim that nudges lead to choices that make them better off by their own standards seems more and more untenable. What nudges do is lead people towards certain broad welfare which the choice-architects believe make the lives of people better in the longer term.<a name="_ftnref25" href="#_ftn25"><sup><sup>[25]</sup></sup></a></p>
<p align="left" style="text-align: justify;">How nudges could apply to privacy?</p>
<p align="left" style="text-align: justify;">Our <a href="http://cis-india.org/internet-governance/blog/a-critique-of-consent-in-information-privacy">previous post</a> echoes the assertion made by Thaler and Sunstein that the traditional rational choice theory that assumes that individuals will make rationally optimal choices in their self interest when provided with a set of incentives and disincentives, is largely a fiction. We have argued that this assertion holds true in the context of privacy protection principles of notice and informed consent. Daniel Solove has argued that insights from cognitive science, particularly using the theory of nudge would be an acceptable compromise between the inefficacy of privacy self-management and the dangers of paternalism.<a name="_ftnref26" href="#_ftn26"><sup><sup>[26]</sup></sup></a> His rationale is that while nudges influence choice, they are not overly paternalistic in that they still give the individual the option of making choices contrary to those sought by the choice architecture. This is an important distinction and it demonstrates that 'nudging' is less coercive than how we generally understand paternalistic policies.</p>
<p align="left" style="text-align: justify;">One of the nudging techniques which makes a lot of sense in the context of the data protection policies is the use of defaults. It relies on the oft-mentioned status quo bias.<a name="_ftnref27" href="#_ftn27"><sup><sup>[27]</sup></sup></a> This is mentioned by Thaler and Sunstein with respect to encouraging retirement savings plans and organ donation, but would apply equally to privacy. A number of data collectors have maximum disclosure as their default settings and effort in understanding and changing these settings is rarely employed by users. A rule which mandates that data collectors set optimal defaults that ensure that the most sensitive information is subjected to least degree of disclosure unless otherwise chosen by the user, will ensure greater privacy protection.</p>
<p align="left" style="text-align: justify;">Ryan Calo and Dr. Victoria Groom explored an alternative to the traditional notice and consent regime at the Centre of Internet and Society, Stanford University.<a name="_ftnref28" href="#_ftn28"><sup><sup>[28]</sup></sup></a> They conducted a two-phase experimental study. In the first phase, a standard privacy notice was compared with a control condition and a simplified notice to see if improving the readability impacted the response of users. In the second phase, the notice was compared with five notices strategies, out of which four were intended to enhance privacy protective behavior and one was intended to lower it. Shara Monteleone and her team used a similar approach but with a much larger sample size.<a name="_ftnref29" href="#_ftn29"><sup><sup>[29]</sup></sup></a> One of the primary behavioral insights used was that when we do repetitive activities including accepting online terms and conditions or privacy notices, we tend to use our automatic or fast thinking instead to reflective or slow thinking.<a name="_ftnref30" href="#_ftn30"><sup><sup>[30]</sup></sup></a> Changing them requires leveraging the automatic behavior of the individuals.</p>
<p align="left" style="text-align: justify;">Alessandro Acquisti, Professor of Information Technology and Public Policy at the Heinz College, Carnegie Mellon University, has studied the application of methodologies from behavioral economics to investigate privacy decision-making.<a name="_ftnref31" href="#_ftn31"><sup><sup>[31]</sup></sup></a> He highlights a variety of factors that distort decision-making such as - "inconsistent preferences and frames of judgment; opposing or contradictory needs (such as the need for publicity combined with the need for privacy); incomplete information about risks, consequences, or solutions inherent to provisioning (or protecting) personal information; bounded cognitive abilities that limit our ability to consider or reflect on the consequences of privacy-relevant actions; and various systematic (and therefore predictable) deviations from the abstractly rational decision process." Acquisti looks at three kinds of policy solutions taking the example of social networking sites collecting sensitive information- a) hard paternalistic approach which ban making visible certain kind of information on the site, b) a usability approach that entails designing the system in way that is most intuitive and easy for users to decide whether to provide the information, c) a soft paternalistic approach which seeks to aid the decision-making by providing other information such as how many people would have access to the information, if provided, and set defaults such that the information is not visible to others unless explicitly set by the user. The last two approaches are typically cited as examples of nudging approaches to privacy.</p>
<p align="left" style="text-align: justify;">Another method is to use tools that lead to decreased disclosure of information. For example, tools like Social Media Sobriety Test<a name="_ftnref32" href="#_ftn32"><sup><sup>[32]</sup></sup></a> or Mail Goggles<a name="_ftnref33" href="#_ftn33"><sup><sup>[33]</sup></sup></a> serve to block the sites during certain hours set by user during which one expects to be at their most vulnerable, and the online services are blocked unless the user can pass a dexterity examination.<a name="_ftnref34" href="#_ftn34"><sup><sup>[34]</sup></sup></a> Rebecca Belabako and her team are building privacy enhanced tools for Facebook and Twitter that will provide greater nudges in restricting who they share their location on Facebook and restricting their tweets to smaller group of people.<a name="_ftnref35" href="#_ftn35"><sup><sup>[35]</sup></sup></a> Ritu Gulia and Dr. Sapna Gambhir have suggested nudges for social networking websites that randomly select pictures of people who will have access to the information to emphasise the public or private setting of a post.<a name="_ftnref36" href="#_ftn36"><sup><sup>[36]</sup></sup></a> These approaches try to address the myopia bias where we choose immediate access to service over long term privacy harms.</p>
<p align="left" style="text-align: justify;">The use of nudges as envisioned in the examples above is in some ways an extension of already existing research which advocates a design standard that makes the privacy notices more easily intelligible.<a name="_ftnref37" href="#_ftn37"><sup><sup>[37]</sup></sup></a> However, studies show only an insignificant improvement by using these methods. Nudging, in that sense goes one step ahead. Instead of trying to make notices more readable and enable informed consent, the design standard will be intended to simply lead to choices that the architects deem optimal.</p>
<p align="left" style="text-align: justify;">Issues with nudging</p>
<p align="left" style="text-align: justify;">One of the primary justifications that Thaler and Sunstein put forward for nudging is that the choice architecture is ubiquitous. The manner in which option are presented to us impact how we make decision whether it was intended to do so or not, and that there is no such thing a neutral architecture. This inevitability, according to them, makes a strong case for nudging people towards choices that will lead to their well-being. However, this assessment does not support the arguments made by them that libertarian paternalism nudges people towards choices from their own point of view. It is my contention that various examples of libertarian paternalism, as put forth by Thaler and Sunstein, do in fact interfere with our self-autonomy as the choice architecture leads us not to options that we choose for ourselves in a fictional neutral environments, but to those options that the architects believe are good for us. This substitution of judgment would satisfy the definition by Seana Shiffron. Second, the fact that there is no such things as a neutral architecture, is by itself, not justification enough for nudging. If we view the issue only from the point of view of normative ethics, assuming that coercion and interference are undesirable, intentional interference is much worse than unintentional interference.</p>
<p align="left" style="text-align: justify;">However, there are certain nudges that rely primarily on providing information, dispensing advice and rational persuasion.<a name="_ftnref38" href="#_ftn38"><sup><sup>[38]</sup></sup></a> The freedom of choice is preserved in these circumstances. Libertarians may argue that even these circumstances the shaping of choice is problematic. This issue, J S Blumenthal-Barby argues, is adequately addressed by the publicity condition, a concept borrowed by Thaler and Sunstein from John Rawls.<a name="_ftnref39" href="#_ftn39"><sup><sup>[39]</sup></sup></a> The principle states that officials should never use a technique they would be uncomfortable defending to the public; nudging is no exception. However, this seems like a simplistic solution to a complex problem. Nudges are meant to rely on inherent psychological tendencies, leveraging the theories about automatic and subconscious thinking as described by Daniel Kahneman in his book, "Thinking Fast, Thinking Slow."<a name="_ftnref40" href="#_ftn40"><sup><sup>[40]</sup></sup></a> In that sense, while transparency is desirable it may not be very effective.</p>
<p align="left" style="text-align: justify;">Other commentators also note that while behavioral economics can show why people make certain decisions, it may not be able to reliably predict how people will behave in different circumstances. The burden of extrapolating the observations into meaningful nudges may prove to be too heavy.<a name="_ftnref41" href="#_ftn41"><sup><sup>[41]</sup></sup></a> However, the most oft-quoted criticism of nudging is that it will rely on officials to formulate the desired goals towards which the choice architecture will lead us.<a name="_ftnref42" href="#_ftn42"><sup><sup>[42]</sup></sup></a> The judgments of these officials could be flawed and subject to influence by large corporations.<a name="_ftnref43" href="#_ftn43"><sup><sup>[43]</sup></sup></a> These concerns echo the best judge argument made against all forms of paternalism, mentioned earlier in this essay. J S Blumenthal-Barby, Assistant Professor at the Center for Medical Ethics and Health Policy, Baylor College of Medicine, also examines the claim that the choice architects will be susceptible to the same biases while designing the choice environment.<a name="_ftnref44" href="#_ftn44"><sup><sup>[44]</sup></sup></a> His first argument in response to this is that experts who extensively study decision-making may be less prone to these errors. Second, he argues that even with errors and biases, a choice architecture which attempts to the rights the wrongs of a random and unstructured choice environment is a preferable option.<a name="_ftnref45" href="#_ftn45"><sup><sup>[45]</sup></sup></a></p>
<p align="left" style="text-align: justify;"><strong>Conclusion</strong></p>
<p align="left" style="text-align: justify;">Most libertarians will find the notion that individuals are prevented from sharing some information about themselves problematic. Anita Allen's idea about self-regarding duties is at odds how we understand rights and duties in most jurisdictions. Her attempt to locate an ethical duty to protect one's privacy, while interesting, is not backed by a formulation of how such a duty would work. While she relies largely on an Kantian framework, her definition of paternalism, as can be drawn from her writing is broader than that articulated by Kant himself. On the other hand, Thaler and Sunstein's book Nudge and related writings by them do attempt to build a framework of how nudging would work and answer some questions they anticipate would be raised against the idea of libertarian paternalism.</p>
<p align="left" style="text-align: justify;">By and large, I feel that, Thaler and Sunstein's idea of libertarian paternalism could be justified in the context of privacy and data protection governance. It would be fair to say the first two conditions of de Marneffe under which such acts of paternalism are justified <a name="_ftnref46" href="#_ftn46"><sup><sup>[46]</sup></sup></a> are largely satisfied by nudges that ensures greater privacy protection. If nudges can ensure greater privacy protection, its benefits are both substantial and evident. However, the larger question is whether these purported benefits outweigh the costs of loss of self-autonomy. Given the numerous ways in which the 'notice and consent' framework is ineffective and leads to very little informed consent, it can be argued that there is little exercise of autonomy, to begin with, and hence, the loss of self-autonomy is not substantial. Some of the conceptual issues which doubt the ability of nudges to solve complex problems remain unanswered and we will have to wait for more analysis by both cognitive scientists and policy-makers. However, given the growing inefficacy of the existing privacy protection framework, it would be a good idea of begin using some insights from cognitive science and behavioral economics to ensure greater privacy protection.</p>
<p align="left" style="text-align: justify;">The current value-neutrality of data protection law with respect of the kind of data collected and its use, and its complete reliance on the data subject to make an informed choice is, in my opinion, an idea that has run its course. Rather than focussing solely on the controls at the stage of data collection, I believe we need a more robust theory of how to govern the subsequent uses of data. This will is the focus of the next part of this series in which I will look at the greater use of risk-based approach to privacy protection.</p>
<div align="left" style="text-align: justify;"><br clear="all" />
<hr size="1" width="33%" />
<div id="ftn1">
<p><a name="_ftn1" href="#_ftnref1"><sup><sup>[1]</sup></sup></a> With invaluable inputs from Scott Mason.</p>
</div>
<div id="ftn2">
<p><a name="_ftn2" href="#_ftnref2"><sup><sup>[2]</sup></sup></a> Walter Lippmann, The Phantom Public, Transaction Publishers, 1925.</p>
</div>
<div id="ftn3">
<p><a name="_ftn3" href="#_ftnref3"><sup><sup>[3]</sup></sup></a> Jonathan Obar, Big Data and the Phantom Public: Walter Lippmann and the fallacy of data privacy self management, Big Data and Society, 2015, available at <a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2239188">http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2239188</a></p>
</div>
<div id="ftn4">
<p><a name="_ftn4" href="#_ftnref4"><sup><sup>[4]</sup></sup></a> Anita Allen, Unpopular Privacy: What we must hide?, Oxford University Press USA, 2011.</p>
</div>
<div id="ftn5">
<p><a name="_ftn5" href="#_ftnref5"><sup><sup>[5]</sup></sup></a> Richard Thaler and Cass Sunstein, Nudge, Improving decisions about health, wealth and happinessYale University Press, 2008.</p>
</div>
<div id="ftn6">
<p><a name="_ftn6" href="#_ftnref6"><sup><sup>[6]</sup></sup></a> <a href="http://plato.stanford.edu/entries/paternalism/">http://plato.stanford.edu/entries/paternalism/</a></p>
</div>
<div id="ftn7">
<p><a name="_ftn7" href="#_ftnref7"><sup><sup>[7]</sup></sup></a> Christian Coons and Michael Weber, ed., Paternalism: Theory and Practice; Cambridge University Press, 2013. at 29.</p>
</div>
<div id="ftn8">
<p><a name="_ftn8" href="#_ftnref8"><sup><sup>[8]</sup></sup></a> Seana Shiffrin, Paternalism, Unconscionability Doctrine, and Accommodation, available at <a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2682745">http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2682745</a></p>
</div>
<div id="ftn9">
<p><a name="_ftn9" href="#_ftnref9"><sup><sup>[9]</sup></sup></a> Peter de Marneffe, Self Sovereignty and Paternalism, from Christian Coons and Michael Weber, ed., Paternalism: Theory and Practice; Cambridge University Press, 2013. at 58.</p>
</div>
<div id="ftn10">
<p><a name="_ftn10" href="#_ftnref10"><sup><sup>[10]</sup></sup></a> <em>Id</em> .</p>
</div>
<div id="ftn11">
<p><a name="_ftn11" href="#_ftnref11"><sup><sup>[11]</sup></sup></a> Christian Coons and Michael Weber, ed., Paternalism: Theory and Practice; Cambridge University Press, 2013. at 74.</p>
</div>
<div id="ftn12">
<p><a name="_ftn12" href="#_ftnref12"><sup><sup>[12]</sup></sup></a> Christian Coons and Michael Weber, ed., Paternalism: Theory and Practice; Cambridge University Press, 2013. at 115.</p>
</div>
<div id="ftn13">
<p><a name="_ftn13" href="#_ftnref13"><sup><sup>[13]</sup></sup></a> <em>Ibid</em> at 116.</p>
</div>
<div id="ftn14">
<p><a name="_ftn14" href="#_ftnref14"><sup><sup>[14]</sup></sup></a> Anita Allen, Unpopular Privacy: What we must hide?, Oxford University Press USA, 2011.</p>
</div>
<div id="ftn15">
<p><a name="_ftn15" href="#_ftnref15"><sup><sup>[15]</sup></sup></a> Janet Vertasi, My Experiment Opting Out of Big Data Made Me Look Like a Criminal, 2014, available at <a href="http://time.com/83200/privacy-internet-big-data-opt-out/">http://time.com/83200/privacy-internet-big-data-opt-out/</a></p>
</div>
<div id="ftn16">
<p><a name="_ftn16" href="#_ftnref16"><sup><sup>[16]</sup></sup></a> Anita Allen, Privacy Law: Positive Theory and Normative Practice, available at <a href="http://harvardlawreview.org/2013/06/privacy-law-positive-theory-and-normative-practice/"> http://harvardlawreview.org/2013/06/privacy-law-positive-theory-and-normative-practice/ </a> .</p>
</div>
<div id="ftn17">
<p><a name="_ftn17" href="#_ftnref17"><sup><sup>[17]</sup></sup></a> G A Cohen, Self ownership, world ownership and equality, available at <a href="http://journals.cambridge.org/action/displayAbstract?fromPage=online&aid=3093280"> http://journals.cambridge.org/action/displayAbstract?fromPage=online&aid=3093280 </a></p>
</div>
<div id="ftn18">
<p><a name="_ftn18" href="#_ftnref18"><sup><sup>[18]</sup></sup></a> Marcus G. Singer, On Duties to Oneself, available at <a href="http://www.jstor.org/stable/2379349?seq=1#page_scan_tab_contents">http://www.jstor.org/stable/2379349?seq=1#page_scan_tab_contents</a>; Kurt Baier, The moral point of view: A rational basis of ethics, available at <a href="https://www.uta.edu/philosophy/faculty/burgess-jackson/Baier,%20The%20Moral%20Point%20of%20View%20%281958%29%20%28Excerpt%20on%20Ethical%20Egoism%29.pdf"> https://www.uta.edu/philosophy/faculty/burgess-jackson/Baier,%20The%20Moral%20Point%20of%20View%20%281958%29%20%28Excerpt%20on%20Ethical%20Egoism%29.pdf </a> .</p>
</div>
<div id="ftn19">
<p><a name="_ftn19" href="#_ftnref19"><sup><sup>[19]</sup></sup></a> Michael Cholbi, Kantian Paternalism and suicide intervention, from Christian Coons and Michael Weber, ed., Paternalism: Theory and Practice; Cambridge University Press, 2013.</p>
</div>
<div id="ftn20">
<p><a name="_ftn20" href="#_ftnref20"><sup><sup>[20]</sup></sup></a> Eric Posner, Liberalism and Concealment, available at <a href="https://newrepublic.com/article/94037/unpopular-privacy-anita-allen"> https://newrepublic.com/article/94037/unpopular-privacy-anita-allen </a></p>
</div>
<div id="ftn21">
<p><a name="_ftn21" href="#_ftnref21"><sup><sup>[21]</sup></sup></a> Richard Thaler and Cass Sunstein, Nudge, Improving decisions about health, wealth and happinessYale University Press, 2008.</p>
</div>
<div id="ftn22">
<p><a name="_ftn22" href="#_ftnref22"><sup><sup>[22]</sup></sup></a> Daniel Kahneman, Thinking, fast and slow, Farrar, Straus and Giroux, 2011.</p>
</div>
<div id="ftn23">
<p><a name="_ftn23" href="#_ftnref23"><sup><sup>[23]</sup></sup></a> Daniel Kahneman, Paul Slovic and Amos Tversky, Judgment under uncertainty: heuristics and biases, Cambridge University Press, 1982; Daniel Kahneman and Amos Tversky, Choices, Values and Frames, Cambridge University Press, 2000.</p>
</div>
<div id="ftn24">
<p><a name="_ftn24" href="#_ftnref24"><sup><sup>[24]</sup></sup></a> Richard Thaler, Advances in behavioral finance, Russell Sage Foundation, 1993.</p>
</div>
<div id="ftn25">
<p><a name="_ftn25" href="#_ftnref25"><sup><sup>[25]</sup></sup></a> Thaler, Sunstein and Balz, Choice Architecture, available at <a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1583509">http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1583509</a>.</p>
</div>
<div id="ftn26">
<p><a name="_ftn26" href="#_ftnref26"><sup><sup>[26]</sup></sup></a> Daniel Solove, Privacy self-management and consent dilemma, 2013 available at <a href="http://scholarship.law.gwu.edu/cgi/viewcontent.cgi?article=2093&context=faculty_publications"> http://scholarship.law.gwu.edu/cgi/viewcontent.cgi?article=2093&context=faculty_publications </a></p>
</div>
<div id="ftn27">
<p><a name="_ftn27" href="#_ftnref27"><sup><sup>[27]</sup></sup></a> Frederik Borgesius, Behavioral sciences and the regulation of privacy on the Internet, available at <a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2513771">http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2513771</a>.</p>
</div>
<div id="ftn28">
<p><a name="_ftn28" href="#_ftnref28"><sup><sup>[28]</sup></sup></a> Ryan Calo and Dr. Victoria Groom, Reversing the Privacy Paradox: An experimental study, available at <a href="http://ssrn.com/abstract=1993125">http://ssrn.com/abstract=1993125</a></p>
</div>
<div id="ftn29">
<p><a name="_ftn29" href="#_ftnref29"><sup><sup>[29]</sup></sup></a> Shara Monteleon et al, Nudges to Privacy Behavior: Exploring an alternative approahc to privacy notices, available at <a href="http://publications.jrc.ec.europa.eu/repository/bitstream/JRC96695/jrc96695.pdf"> http://publications.jrc.ec.europa.eu/repository/bitstream/JRC96695/jrc96695.pdf </a></p>
</div>
<div id="ftn30">
<p><a name="_ftn30" href="#_ftnref30"><sup><sup>[30]</sup></sup></a> Daniel Kahneman, Thinking, fast and slow, Farrar, Straus and Giroux, 2011.</p>
</div>
<div id="ftn31">
<p><a name="_ftn31" href="#_ftnref31"><sup><sup>[31]</sup></sup></a> Alessandro Acquisti, Nudging Privacy, available at <a href="http://www.heinz.cmu.edu/~acquisti/papers/acquisti-privacy-nudging.pdf"> http://www.heinz.cmu.edu/~acquisti/papers/acquisti-privacy-nudging.pdf </a></p>
</div>
<div id="ftn32">
<p><a name="_ftn32" href="#_ftnref32"><sup><sup>[32]</sup></sup></a> <a href="http://www.webroot.com/En_US/sites/sobrietytest/test.php?url=0">http://www.webroot.com/En_US/sites/sobrietytest/test.php?url=0</a></p>
</div>
<div id="ftn33">
<p><a name="_ftn33" href="#_ftnref33"><sup><sup>[33]</sup></sup></a> <a href="http://google.about.com/od/m/g/mail_goggles.htm">http://google.about.com/od/m/g/mail_goggles.htm</a></p>
</div>
<div id="ftn34">
<p><a name="_ftn34" href="#_ftnref34"><sup><sup>[34]</sup></sup></a> Rebecca Balebako et al, Nudging Users towards privacy on mobile devices, available at <a href="https://www.andrew.cmu.edu/user/pgl/paper6.pdf">https://www.andrew.cmu.edu/user/pgl/paper6.pdf</a>.</p>
</div>
<div id="ftn35">
<p><a name="_ftn35" href="#_ftnref35"><sup><sup>[35]</sup></sup></a> <em>Id</em> .</p>
</div>
<div id="ftn36">
<p><a name="_ftn36" href="#_ftnref36"><sup><sup>[36]</sup></sup></a> Ritu Gulia and Dr. Sapna Gambhir, Privacy and Privacy Nudges for OSNs: A Review, available at <a href="http://www.ijircce.com/upload/2014/march/14L_Privacy.pdf">http://www.ijircce.com/upload/2014/march/14L_Privacy.pdf</a></p>
</div>
<div id="ftn37">
<p><a name="_ftn37" href="#_ftnref37"><sup><sup>[37]</sup></sup></a> Annie I. Anton et al., Financial Privacy Policies and the Need for Standardization, 2004 available at <a href="https://ssl.lu.usi.ch/entityws/Allegati/pdf_pub1430.pdf">https://ssl.lu.usi.ch/entityws/Allegati/pdf_pub1430.pdf</a>; Florian Schaub, R. Balebako et al, "A Design Space for effective privacy notices" available at <a href="https://www.usenix.org/system/files/conference/soups2015/soups15-paper-schaub.pdf"> https://www.usenix.org/system/files/conference/soups2015/soups15-paper-schaub.pdf </a></p>
</div>
<div id="ftn38">
<p><a name="_ftn38" href="#_ftnref38"><sup><sup>[38]</sup></sup></a> Daniel Hausman and Bryan Welch argue that these cases are mistakenly characterized as nudges. They believe that nudges do not try to inform the automatic system, but manipulate the inherent cognitive biases. Daniel Hausman and Bryan Welch, Debate: To Nudge or Not to Nudge, Journal of Political Philosophy 18(1).</p>
</div>
<div id="ftn39">
<p><a name="_ftn39" href="#_ftnref39"><sup><sup>[39]</sup></sup></a> Ryan Calo, Code, Nudge or Notice, available at</p>
</div>
<div id="ftn40">
<p><a name="_ftn40" href="#_ftnref40"><sup><sup>[40]</sup></sup></a> Daniel Kahneman, Thinking, fast and slow, Farrar, Straus and Giroux, 2011.</p>
</div>
<div id="ftn41">
<p><a name="_ftn41" href="#_ftnref41"><sup><sup>[41]</sup></sup></a> Evan Selinger and Kyle Powys Whyte, Nudging cannot solve complex policy problems.</p>
</div>
<div id="ftn42">
<p><a name="_ftn42" href="#_ftnref42"><sup><sup>[42]</sup></sup></a> Mario J. Rizzo & Douglas Glen Whitman, The Knowledge Problem of New Paternalism, available at <a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1310732">http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1310732</a>; Pierre Schlag, Nudge, Choice Architecture, and Libertarian Paternalism, available at <a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1585362">http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1585362</a>.</p>
</div>
<div id="ftn43">
<p><a name="_ftn43" href="#_ftnref43"><sup><sup>[43]</sup></sup></a> Edward L. Glaeser, Paternalism and Psychology, available at <a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=917383">http://papers.ssrn.com/sol3/papers.cfm?abstract_id=917383</a>.</p>
</div>
<div id="ftn44">
<p><a name="_ftn44" href="#_ftnref44"><sup><sup>[44]</sup></sup></a> J S BLumenthal-Barby, Choice Architecture: A mechanism for improving decisions</p>
<p>while preserving liberty?, from Christian Coons and Michael Weber, ed., Paternalism: Theory and Practice; Cambridge University Press, 2013.</p>
</div>
<div id="ftn45">
<p><a name="_ftn45" href="#_ftnref45"><sup><sup>[45]</sup></sup></a> <em>Id</em> .</p>
</div>
<div id="ftn46">
<p><a name="_ftn46" href="#_ftnref46"><sup><sup>[46]</sup></sup></a> According to de Marneffe, there are three conditions under which such acts of paternalism are justified - the benefits of welfare should be substantial, evident and must outweigh the benefits of self-autonomy. Peter de Marneffe, Self Sovereignty and Paternalism, from Christian Coons and Michael Weber, ed., Paternalism: Theory and Practice; Cambridge University Press, 2013. at 58.</p>
</div>
</div>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/a-case-for-greater-privacy-paternalism'>https://cis-india.org/internet-governance/blog/a-case-for-greater-privacy-paternalism</a>
</p>
No publisherAmber SinhaInternet GovernancePrivacy2016-02-20T07:28:43ZBlog EntryA billion mobile users: new startup profiles and innovation insights from Mobile India 2016
https://cis-india.org/telecom/news/yourstory-sneha-maselkar-and-madanmohan-rao-january-14-2016-a-billion-mobile-users
<b>The annual Mobile India conference, for which YourStory was the media partner, wrapped up recently in Bengaluru with a startup showcase and a wide range of insights on mobile innovation in India.</b>
<p>The blog post by Sneha Maselkar and Madanmohan Rao was first published in <a class="external-link" href="http://yourstory.com/2016/01/billion-mobile-users-startup-profiles-innovation-insights-mobile-india-2016/">Your Story</a> on January 14, 2016. Sunil Abraham was quoted.</p>
<hr />
<p style="text-align: justify; ">Chaired by professors V. Sridhar of IIIT Bangalore and D. Manjunath of IIT Bombay, the event’s theme was ‘The App Economy.’ (See <i>YourStory</i> coverage of the earlier editions of this conference: <a href="http://yourstory.com/2015/01/mobile-india-2015-10-tips/" target="_blank">2015,</a> <a href="http://yourstory.com/2014/01/tips-mobile-startups/" target="_blank">2014</a> and <a href="http://yourstory.com/2013/01/mobile-india-2013-conference-highlights-a-world-of-opportunities-for-startups-and-challenges/" target="_blank">2013</a>).</p>
<p style="text-align: justify; "><b>Mobile innovators</b></p>
<p style="text-align: justify; ">New products were presented by innovators like Pravin Bhagwat, Founder and Chief Technology Officer, <b>AirTight Networks.</b> The company is creating an app store based on ‘social WiFi,’ riding on Google+ and Facebook. A number of interesting startups like <b>IoTM2MSolutions</b> were also at the event<b>. </b>Founded by Ismail Zabihullahh in 2009, the 15-member team has a range of offerings in home automation, RFID biometrics, street lighting and smart parking solutions.</p>
<p style="text-align: justify; "><b><a href="http://yourstory.com/2015/11/innaccel/" target="_blank">Inaccel</a> </b>is a med-tech accelerator founded in 2014 by Siraj Dhanani, Vijayarajan and Dr. Jagish Chaturvedi. It address the needs, resource and skill gaps, and price-sensitivity of clinical markets, and helps startups conceptualise, design, engineer, and achieve regulatory certification. Its portfolio picks companies with a five-year horizon, in exchange for equity stakes.</p>
<p style="text-align: justify; "><b>Dataglen </b>was formed in 2014 by Deva P. Seetharam, Tanuja Ganu, Sunil Ghai and Rajesh Kunnath. It provides Internet of Things (IoT) data collection and management services, and provides an API for users to develop applications on a variety of computing platforms. The startup charges for data management services based on the volume of transactions and for any required customisation services.</p>
<p style="text-align: justify; "><b><a href="http://yourstory.com/2014/08/czar-securities/" target="_blank">Czar Securities</a> </b>was founded in August 2013 by Shikhil Sharma and Ananda Krishna. Two employees Deepankar Tyagi and Nakul Gulati joined in quick succession. The cyber security solutions company secures corporate IT infrastructure from cyber attacks. Offerings include ASTRA, an intrusion prevention system, as well as penetration testing and security audit services.</p>
<p style="text-align: justify; "><b>Infilect </b>was founded in April 2015 by Vijay Gabale and Anand Prabhu Subramanian. They are building an AI-enabled personalised fashion shopping assistant. The product, Photolect, helps in discovery, search and personalisation for online shoppers by parsing of photos. The product is in beta-test mode with several fashion experts evaluating its features.</p>
<p style="text-align: justify; "><b><a href="http://yourstory.com/2015/08/sattva-medtech/" target="_blank">Sattva Medtech</a> </b>was founded in 2014 by Vibhav Joshi and Sumedh Kaulgud. They are developing a next-generation fetal health monitoring device which leverages advanced sensors and algorithms. This device, called the Sattva Fetal Lite, has been designed and engineered for use in India and other low-and-mid-income countries; the team has raised an undisclosed amount in seed funding from InnAccel.</p>
<p style="text-align: justify; "><b>Coeo Labs </b>was founded in October 2014 by Nitesh Kumar Jangir and Nachiket Deval. It is a medical device company, developing products in the field of emergency and critical care. Offerings include a device to reduce chances of acquiring ventilator-associated pneumonia (VAP), and a mechanical CPAP machine (mCPAP) for transport of neonates with troubled breathing, from a resource-constrained setting to a neonatal ICU.</p>
<p style="text-align: justify; "><img src="https://cis-india.org/home-images/Comsnets.png" alt="Comsnets" class="image-inline" title="Comsnets" /></p>
<p style="text-align: justify; "><b>IoT scenarios</b></p>
<p style="text-align: justify; ">Over a dozen experts from India and the US discussed the latest mobile trends in a day of packed panel sessions and keynotes. Interface design, usable security and systems integration are key success factors for IoT, according to Henning Schulzrinne, Professor at Columbia University, and CTO, United States Federal Communications Commission. Consumer and industrial IoT scenarios differ with respect to predictability, redundancy, energy consumption and interoperability.</p>
<p style="text-align: justify; ">He pointed out categories and uses cases of high IoT impacts: automation of manual data extraction (metering), remote maintenance (vending machines), extraction of additional information (thermostats) and software-defined mechanics (locks, switches).</p>
<p style="text-align: justify; ">“IoT networks won’t operate just on mobile carriers, but also on other networks such as Zigbee and Bluetooth,” Henning explained. The Internet itself will be transformed by IoT. “Protocols matter, programmability matters more,” he added. The Internet is becoming more than the Internet protocol; plug-and-play is becoming augmented by plug-and-programme in the IoT world.</p>
<p style="text-align: justify; "><b>The ‘DNA’ of apps</b></p>
<p style="text-align: justify; ">The proliferation of apps can lead to the rise of localised app stores in local languages, said Chinnu Senthilkumar, CTO, Exfinity Ventures, pointing to Korea as an example in this regard. “Many apps are local. How well do you know the digital literacy of your neighbourhood users,” he asked.</p>
<p style="text-align: justify; ">Most apps in India are of the ‘me-too’ type; developers need to incorporate better user experience (UX) and bring in more cross-disciplinary experience (see earlier insights from the <a href="http://yourstory.com/2015/10/magical-times-design-entrepreneur-10-tips-ux-india-2015/" target="_blank">UX India 2015 conference</a> and <a href="http://yourstory.com/2015/10/design-startups-national-product-conclave/" target="_blank">NASSCOM NPC 2015</a>). “Security is still an afterthought in app development,” cautioned Chinnu.</p>
<p style="text-align: justify; ">“You need to figure out the DNA of the mobile experience: Device, Network, App,” explained Amar Nagaram, Director, Mobile Engineering, Flipkart. The e-commerce giant classifies devices into four broad categories, and its app design factors in the app size, data stored on the device, and computational power of the device.</p>
<p style="text-align: justify; ">Battery requirements of the device and packet drop rates on mobile networks are major constraints on app performance in India. Online shopping lets users interact with catalogues as well as product experts.</p>
<p style="text-align: justify; ">“I had to unlearn a lot of things from the Internet world which may not apply in a similar manner to the app world. For example, not all older versions of apps need to be supported,” explained Amar.</p>
<p style="text-align: justify; ">“Ask yourself, what does your app do for consumers?” advised Pradeep Nair, Co-Founder and CEO, Confianzys. Developers should be looking not at product-market fit, but market-product fit. “Industries die because of their myopia; they focus on past products and not future consumer needs,” he said, urging developers to track-long term megatrends as well.</p>
<p style="text-align: justify; "><b>Telcos’ role in the App Economy</b></p>
<p style="text-align: justify; ">The telecommunications world is changing rapidly due to trends like IoT, new breeds of apps, video boom and Big Data, observed Ishwardutt Parulkar, Cisco Distinguished Engineer. Telcos are struggling to get new drivers for existing services, new revenue sources, and new sources of consumer loyalty.</p>
<p style="text-align: justify; ">“Telcos need to provide APIs to developers for embedding telco services and network analytics data. Telcos can also play a bigger role in mobile advertising, for example network-wide ad blocking, as in the case of Jamaica,” advised Ishwardutt. Telcos can exploit synergy with cloud services, and resell SaaS products bundled with telco products.</p>
<p style="text-align: justify; ">“We are witnessing major waves of disruptive innovation today: the rise from oblivion to the top is rapid – and so is the fall from the top,” said SR Raja, Associate Vice President, Persistent Systems. Many incumbents tend to suffer from ignorance, inertia, and the inability to do little more than tweak or tinker with existing offerings.</p>
<p style="text-align: justify; ">There is a Moore’s Law variant for all architecture components, including programming languages. Hence, telcos need to master new business models blending product and service, advised Raja. “Even regulated industries can be disrupted from outside – look at Uber and Tesla. Will telcos experiment with surge pricing like Uber, or become IoT solutions systems integrators,” he asked. For example, operator O2 has used mobile identity to launch its own messaging OTT app, and Vodafone is getting into IoT services.</p>
<p style="text-align: justify; "><b>Operators and Net Neutrality</b></p>
<p style="text-align: justify; ">The Mobile India conference took place with the backdrop of a heated battle over Net Neutrality between Facebook’s Free Basics and Internet activists from India, which has received a lot of <a href="http://yourstory.com/2015/12/2015-roundup-international-media-india-startups/" target="_blank">media coverage</a> in India and overseas.</p>
<p style="text-align: justify; ">This calls for the digital media community and entrepreneur ecosystem to pay attention to complex but important issues such as Internet governance. “The next billion users in India may be very different from the current billion, in terms of geography, language and access device,” observed Samiran Gupta, Head-India, Internet Corporation for Assigned Names and Numbers (ICANN).</p>
<p style="text-align: justify; ">ICANN’s objective is to maintain inter-operability of the Internet, and there is a unique opportunity for emerging economies to play a stronger role in Internet governance, in issues such as local languages and scripts.</p>
<p style="text-align: justify; "><b>Regulation and digital innovation</b></p>
<p style="text-align: justify; ">Regulators have major challenges ahead in juggling the needs of multiple stakeholders and demands for different slices of spectrum. “There are 43 different kinds of radio-communication services competing for spectrum,” said Pavan Garg, Former Wireless Adviser, GoI, and former Member, Radio Regulations Board, ITU, Geneva.</p>
<p style="text-align: justify; ">Regulators need to become much more savvy on the kind of collusions possible between industry heavyweights, according to Sunil Abraham, Executive Director, Centre for Internet and Society.</p>
<p style="text-align: justify; ">If India gets its IP regime correct, the local language content economy can be boosted, in addition to other civic benefits. For example, giving anonymised data access to independent researchers has helped LIRNEasia come up with better transportation design in Sri Lanka.</p>
<p style="text-align: justify; ">The discussion covered a wide range of interesting possibilities. In the EU, it is mandated that all mobile phones be able to display all European languages. Can India do the same for local languages? Will regulation promote support for Indic language technology on mobiles, or should this be left purely to the market? Organisations such as the Telecommunications Standards Development Society, India (<a href="http://www.tsdsi.org" target="_blank">TSDSI</a>) is working on Indian language standards in ICTs.</p>
<p style="text-align: justify; ">The app economy can indeed be accelerated with proactive government intervention, said Parnil Urdhwareshe, Research Assistant at ICRIER and co-author of a report on ‘Impact of India’s App Economy.’ India’s app ecosystem could be worth Rs 2,000 crore in 2016; it created about 75,000 direct jobs in 2015, according to the report.</p>
<p style="text-align: justify; ">The government can pass regulations on apps covering privacy, Net Neutrality and safety, eg. SoS buttons, medical apps. The <a href="https://ico.org.uk" target="_blank">UK government</a> has drawn up a range of app guidelines covering issues such as in-app purchases.</p>
<p style="text-align: justify; ">“Design in India is more important than Make In India,” said Vipin Tyagi, Executive Director, C-DOT, drawing attention to issues of participatory design and citizen-centric services rather than only one-way top-down initiatives from government and large industry players.</p>
<p style="text-align: justify; "><img src="https://cis-india.org/home-images/MobileIndia.png" alt="Mobile India" class="image-inline" title="Mobile India" /></p>
<p style="text-align: justify; "><b>The road ahead</b></p>
<p style="text-align: justify; ">Broadband penetration in India is only 10 per cent. By 2018, video will be 62 per cent of India’s mobile data traffic, and there will be 526 million Internet users, according to Anil Kaushal, Member, Telecom Regulatory Authority of India (TRAI).</p>
<p style="text-align: justify; ">The government’s BharatNet initiative aims to connect 2,50,000 Gram Panchayats across the country. TRAI has given recommendations for Virtual Network Operators, wherein niche players can offer Smart City services.</p>
<p style="text-align: justify; ">In addition to regulators, operators and developers, success of the app economy also rests on responsible user behaviour, said Deepak Maheshwari, Head-Government Affairs, Symantec. “Be more active with respect to data encryption on your device. Use multi-factor authentication,” he advised.</p>
<p style="text-align: justify; ">Seventy per cent of India’s population lives in villages; digital innovation will help bring education and healthcare to them, said Vimal Wakhlu, Chairman & Managing Director, TCIL. There are also global extensions and markets for Indian innovations, such as the Pan-African E-Network targeted at 53 countries. There are major uses of ICTs across India, such as monitoring the cleaning of the Ganges as well as water gate management in Gujarat, Vimal added.</p>
<p style="text-align: justify; ">“India needs to mandate telecom infrastructure in real estate development and town planning. Digital media will change the way we learn and earn,” said T.R. Dua, Director General, Tower and Infrastructure Providers Association (TAIPA) India, and Co-Chair ITU APT Foundation of India.</p>
<p>
For more details visit <a href='https://cis-india.org/telecom/news/yourstory-sneha-maselkar-and-madanmohan-rao-january-14-2016-a-billion-mobile-users'>https://cis-india.org/telecom/news/yourstory-sneha-maselkar-and-madanmohan-rao-january-14-2016-a-billion-mobile-users</a>
</p>
No publisherpraskrishnaTelecomInternet Governance2016-01-17T15:13:42ZNews ItemA beauty’s blog creates furore
https://cis-india.org/news/beauty-blog-creates-furore
<b>Her first Tamil poetry anthology Otraiyilaiyena (As a single leaf) saw three editions and the second one Ulagin Azhagiya Muthal Penn (The first beautiful woman in the world) invited mixed reactions like Iyal Poetry Award and a call for a ban by Hindu Makkal Katchi. Parathaiyarul Raani (Queen of sluts) her third collection was a reaction to all the moral policing. </b>
<p><a class="external-link" href="http://www.deccanchronicle.com/tabloid/chennai/beauty%E2%80%99s-blog-creates-furore-333">Lakshmi Krupa's article was published in Deccan Chronicle on April 10, 2012</a></p>
<p>While her film Sengadal The Dead Sea was stopped from being screened to the public, until the Supreme Court’s Appellate tribunal intervened with regional censor board for the film clearance, groups like the Makkal Kalai Ilakiya Kazhagam attacked her beliefs. Adding to this list is the latest revelation that the Principal Secretary of IT Department of the Tamil Nadu government requested that her blog be blocked along with a host of others.</p>
<p>In a text sent from A.K. Kaushik, Additional Director & CPIO Cyber Laws & E-Security in response to an RTI petition on Website Blocking, it was reported that Leena’s blog http://ulaginazhagiyamuthalpenn.blogspot.com was requested to be blocked on 21.07.2010 by the Principal Secretary, IT Department.</p>
<p>This recent revelation has led to an outrage over the fact that artists and activists like Leena have had to constantly knock on the doors of the legal system to exercise the most basic of their rights. In an interview from London where she is currently the Charles Wallace Visiting Scholar at the University of London, Leena says, “Center for Internet and Society in Bengaluru that works towards upholding Civil Liberties Online, had obtained a list of all websites that were sought to be blocked by Governmental authorities with the use of Right to Information Act.</p>
<p>They sent me all the details on how my blog was one amongst them as the Principal Secretary, IT Department, Govt of TN had asked for it to be blocked. As the Internet’s role in free speech becomes increasingly prevalent, tactics to control the Internet are growing more refined each year. Methods of accessing private data and censoring content vary between countries, but all maintain an element of oppression. We, who are concerned about civil liberties should wake up to the secret missions of our government on Internet Censorship and protect freedom of speech online.”</p>
<p>Leena’s blog has been in the center of controversies before too. “Hindu Makkal Katchi, the right wing moral police lodged a police complaint to ban my poetry collections and ban my blog ulaginazhagiyamuthalpenn. blogspot.com. They went to every possible media house and were making threat calls and there were discussions on the alleged obscenity in my poems. They even wanted the Iyal International Poetry Prize and Sirpi Literary Awards to be revoked.”<br /><br />Leena’s poetry challenges fanatic minds. “My poetry has a feminist agenda and it is just not about equal rights for women. It is a socialist, anti-institutional political movement which calls for women to break the code, destroy capitalism, live their sexuality and witch hunt every possible patriarchal design. I am not amused about the fact that my poetry gave jitters to ultra blasphemous right and left wingers,” she concludes.</p>
<p>
For more details visit <a href='https://cis-india.org/news/beauty-blog-creates-furore'>https://cis-india.org/news/beauty-blog-creates-furore</a>
</p>
No publisherpraskrishnaInternet GovernanceIntermediary LiabilityCensorship2012-04-11T03:50:47ZNews ItemA 13-year-old's rape in TN highlights the major threat online sexual grooming poses to children
https://cis-india.org/internet-governance/news/newsminute-may-6-2017-a-13-year-olds-rape-in-tn-highlights-the-major-threat-online-sexual-grooming-poses-to-children
<b>Predatory paedophiles online pose a major threat to children who form 7% of internet users in India. </b>
<p style="text-align: justify; ">The blog post by Priyanka Thirumurthy was published by <a class="external-link" href="http://www.thenewsminute.com/article/13-year-old-s-rape-tn-highlights-major-threat-online-sexual-grooming-poses-children-61591">News Minute</a> on May 6, 2017. Pranesh Prakash was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">It was a usual practice, for 13-year-old Meena* from Tirupur to log into her father's Facebook account when she came home from school. While she was scrolling through his timeline one day, she received and accepted a friend request from a profile named Siva Idiot on Facebook. When this 'new friend' sent her a “hi” on chat, the young girl found no reason to ignore this message. Over the next 10 days, they chatted incessantly and she revealed all her personal details - where she lived, studied, who her parents were and even her phone number. Siva Idiot then proceeded to begin calling her on a mobile phone and their conversations lasted hours.</p>
<p style="text-align: justify; ">Meanwhile, miffed by her lack of focus on her studies, Meena's parents often chastised her and threatened to take away her laptop and mobile phone. An upset Meena proceeded to complain to Siva Idiot about the 'problems' she faced, who provided emotional support to the teenager. He even offered to come meet her outside her home.</p>
<p style="text-align: justify; ">Meena's parents were out in their offices till 8pm every day and Siva Idiot knew this. He met Meena outside her home, when she was still upset about her parents' advice. Her 'friend' then convinced the teenager to leave her house and marry him. Fifteen days after she first spoke to him on Facebook, 13-year-old Meena ran away from home to 'get married' to 22-year-old Ibrahim.</p>
<p style="text-align: justify; "><b>Online sexual grooming</b></p>
<p style="text-align: justify; ">"This is a classic case of sexual grooming," says Vidya Reddy, of Tulir, Centre for Prevention and Healing of Child Sexual Abuse. "Abusers study a situation carefully to understand what a child's Achilles heel is and then exploit the situation. Now, with almost every child having accesses to technology and internet in the form of a laptop or phone, these criminals have found new platforms to target children," she adds.</p>
<p style="text-align: justify; ">What Vidya explains is called online sexual grooming, a worldwide phenomenon, that has spread along with the speed and easy access to the internet. According to UNICEF, it can be defined as preparing a child or adult for sexual abuse, exploitation or ideological manipulation. A report released by the organisation in 2014 states that the surge in mobile and internet usage in India had brought 400 million people online. Of this, seven percent of internet users in the country are reportedly children.</p>
<p style="text-align: justify; ">"Phones are now an extension of our hands and it has completely changed the way crime is committed and presented, " Vidya notes.</p>
<p style="text-align: justify; ">Even a report of the Parliamentary Committee on Information Technology in 2014 recognized the threat posed to children by predatory paedophiles online. It emphasises how these predators "conceal their true identity whilst using the internet to ‘groom’ potential victims for sexual purposes."</p>
<p style="text-align: justify; "><b>From home to horror</b></p>
<p style="text-align: justify; ">Meena too was unaware about the identity of the person she was chatting with. In fact, an officer told The News Minute, that it was only when Ibrahim called her on the phone that she even realised she had compromised all her data to an unknown man. But Ibrahim, as the police put it, was too smart for the girl.</p>
<p style="text-align: justify; ">"He spoke to her very nicely and formed an emotional connect before she even realised the dangers of the situation," a police officer told The News Minute. "He was just somebody who did odd jobs for a living but his real life was on Facebook. He has close to 5000 friends and they are all young girls," she admits.</p>
<p style="text-align: justify; ">On April 27, Ibrahim and Meena made their way to Puducherry, where they took shelter at his friend Prabhakar’s motel. That very night, Meena was allegedly raped. The next morning, Ibrahim's phone somehow came into her possession and when the child surfed through the picture gallery, fresh horror awaited her. It was filled with obscene pictures and videos of young women and children. Shocked, Meena confronted Ibrahim about this and the two got into a loud fight. An angry Ibrahim then abused the teenager who refused to leave with him and abandoned her in the lodge.</p>
<p style="text-align: justify; ">When the hotel manager and Ibrahim's friend Prabhakaran came to investigate the source of commotion, he found a devastated Meena alone in the room. In an effort to ‘cheer her up’ he took her out to eat and bought her clothes. As Meena changed in the room, Prabhakaran allegedly waited outside to make his move. He went into the room with a yellow thread in hand, and when she was ready, tied it around her neck and declared that they were married. He then proceeded, according to officials, to sexually assault the girl.</p>
<p style="text-align: justify; ">Prabhakaran had even mortgaged all her jewellery, given her some money and pocketed the rest. On April 29, the frightened and devastated teenager managed to escape from the lodge and make a call to her house from a nearby bus stop. By then, her parents had already filed a missing girl complaint with the Tirupur North police and were frantically searching for her.</p>
<p style="text-align: justify; "><b>The need to intervene</b></p>
<p style="text-align: justify; ">According to the UNICEF report, India falls largely short in terms of awareness about online child sexual abuse and exploitation. Parents, it claims, are not aware of the risks the internet poses and therefore do not respond effectively to this form of harassment.</p>
<p style="text-align: justify; ">"This case shows that parents and schools have to spend more time educating their wards on online safety. In many schools, non- digital safety lessons are imparted such as good touch and bad touch. But when it comes to the internet, they don't even impart basic lessons," says Pranesh Prakash, Director of the Centre for Internet and Society.</p>
<p style="text-align: justify; ">Pranesh argues that while parents cannot monitor children's activity on the internet the whole day, they can ensure they have a trusting relationship with their children. This he claims will create dialogue on the child's activity on the internet or social media and create awareness.</p>
<p style="text-align: justify; ">"In this crime, details shared online, led to an offline meeting. So, children must be taught to not share addresses, personal details or meet such 'friends' without their parents' knowledge." he adds.</p>
<p style="text-align: justify; ">In India, two major challenges are the lack of a uniform terminology and lacunae in law as far as sexual grooming of children is concerned. Some key legal instruments meant to protect children, predate technological advances. For example, the Optional Protocol to the Convention on the Rights of the Child on the sale of children, child prostitution and child pornography does not criminalize online sexual grooming.</p>
<p style="text-align: justify; ">Establishing the criminality of sexual grooming or even sexting is difficult in view of the potential for misuse of the law, states the UNICEF report.</p>
<p style="text-align: justify; "><b>Back home and healing</b></p>
<p style="text-align: justify; ">Following her desperate phone call, Tirupur police rescued Meena, and went on to arrest Ibrahim in Pondicherry on April 30. Prabhakaran was arrested on May 2. They have been booked under the Protection of Children from Sexual Offences Act (POCSO) and other sections of the Indian Penal Code. Police are now investigating if Ibrahim and Prabahakaran have been involved in crimes of this nature in the past as well.</p>
<p style="text-align: justify; ">"There is only so much parents can do. They work till eight in the night and children who come back from school at 4pm, have four unsupervised hours to themselves. The only thing they can do is keep a password and stop children from using social media accounts," says the investigating officer, who observes that a number of children chat with strangers, making it difficult to keep track.</p>
<p style="text-align: justify; ">Vidya Reddy too expresses shock at sheer number of teenagers who chat with strangers online. The Tulir Director recounts horrific cases, including one where a 16-year-old girl was sexually assaulted and then blackmailed with videos of the abuse. The perpetrator allegedly threatened to leak the images if girl did not bring another child for him to rape.</p>
<p style="text-align: justify; ">While sexual grooming and other forms of online sexual abuse are common across the world, in India it takes a unique shape in South Asia. "Our society creates a repressive atmosphere, as far as engagement with the other gender is concerned. So, when the conversation is online, teenagers will risk their safety to push boundaries and the anonymity the internet provides has made this whole set up even more dangerous," concludes Vidya Reddy.</p>
<p style="text-align: justify; ">*Name changed</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/newsminute-may-6-2017-a-13-year-olds-rape-in-tn-highlights-the-major-threat-online-sexual-grooming-poses-to-children'>https://cis-india.org/internet-governance/news/newsminute-may-6-2017-a-13-year-olds-rape-in-tn-highlights-the-major-threat-online-sexual-grooming-poses-to-children</a>
</p>
No publisherpraskrishnaSocial MediaInternet Governance2017-05-19T10:16:40ZNews Itemआधार नंबर, नाम, पता, बैंक अकाउंट और दूसरी संवेदनशील जानकारियां लीक: CIS रिपोर्ट
https://cis-india.org/internet-governance/news/aaj-tak-may-4-2017-135-million-aadhaar-number-leaked-by-govt-website-cis-report
<b>एक तरफ भारत सरकार लोगों से अपना आधार कार्ड बनवाने और उसे जरूरी सर्विसों के साथ जोड़ने की अपील कर रही है. दूसरी तरफ लगातार सरकारी वेबसाइट्स से लोगों की आधार से जुड़ी जानकारियां लीक हो रही हैं. सरकार ने आधार को लगभग सभी सर्विसों के लिए जरूरी करने की तैयारी की है. </b>
<p style="text-align: justify; ">This was <a class="external-link" href="http://aajtak.intoday.in/story/135-million-aadhaar-number-leaked-by-govt-website-cis-report-1-926864.html">published by Aaj Tak</a> on May 4, 2017.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">ताजा रिसर्च के मुताबिक सरकार के डेटाबेस से लगभग 135 मिलियन आधान नंबर ऑनलाइन लीक हुए हो सकते हैं. इस रिसर्च दी सेंटर फॉर इंटरनेट एंड सोसाइटी (CIS) ने कराया है. इस एजेंसी ने इस रिसर्च को इनफॉर्मेशन सिक्योरिटी प्रैक्टिस ऑफर आधार के नाम से प्रकाशित किया है.</p>
<div id="inarticle_wrapper_div" style="text-align: justify; ">
<div id="inread1_26817">
<div class="mainAdView" id="inread_26817">
<table>
<tbody>
<tr id="zd_tr_26817">
<td id="zd_td_26817"><br /></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<p style="text-align: justify; ">रिपोर्ट के मुताबिक सरकारी पोर्टल्स ने लगभग 135 मिलियन भारतीय नागरिकों के आधार नंबर ऑनलाइन को पब्लिक कर दिया. यानी कोई भी इसे ऐक्सेस कर सके. जाहिर है ऐसे में आधार नंबर के गलत यूज का भी खतरा होता है.</p>
<p style="text-align: justify; ">चार सरकारी वेबसाइट जिनमें मनरेगा, सोशल ऐसिस्टेंस प्रोग्राम, <a href="http://aajtak.intoday.in/story/bill-gates-microsoft-job-future-rich-1-926844.html" target="_blank">डेली ऑनलाइन पेमेंट रिपोर्ट</a> और चंद्रण बीमा स्कीम वेबसाइट शामिल हैं. रिपोर्ट के मुताबिक इन वेबसाइट्स पर यूजर्स के आधार नंबर और फिनांशियल जानकारी जैसे बैंक अकाउंट डीटेल को पब्लिक कर दिया जिसे कोई भी ऐक्सेस कर सकता है.</p>
<p style="text-align: justify; ">रिपोर्ट के मुताबिक नेशनल सोशल ऐसिस्टेंस प्रोग्राम की वेबसाइट पर पेंशन धारकों के जॉब कार्ड नंबर, बैंक अकाउंट नंबर, आधार कार्ड नंबर और अकाउंट की स्थिति जैसी संवेदनशील जानकारियां उपलब्ध होती हैं. लेकिन कमजोर सिक्योरिटी की वजह से यह दुनिया के किसी भी इंसान के लिए उपलब्ध हो गई. सिर्फ कुछ क्लिक से ही तमाम संवेदनशील जानकारियां हासिल की जा सकती हैं.</p>
<p style="text-align: justify; ">हाल ही में झारखंड सरकार की एक वेबसाइट पर लाखों आधार कार्ड होल्डर्स की जानकारियां लीक हो गईं. इसके अलावा कई राज्यों की सरकारी वेबसाइट पर स्कॉलरशिप पाने वाले स्टूडेंट्स के आधार कार्ड डीटेल्स लीक हो गए. गूगल सर्च के जरिए सिर्फ कुछ कीवर्ड्स यूज करके डीटेल्स कोई भी ढूंढ कर गलत यूज कर सकता है.</p>
<p style="text-align: justify; ">इस रिसर्च रिपोर्ट में कहा गया है आधार नंबर, जाती, धर्म, पता, <a href="http://aajtak.intoday.in/story/internet-users-local-indian-language-increase-1-926460.html" target="_blank">फोटोग्राफ्स और यूजर की आर्थिक</a> जानकारी इस तरह पब्लिक होना इस बात को दर्शाता है कि इसे कितने लचर तरीके से लागू किया गया है.</p>
<p style="text-align: justify; ">हाल ही में मानव संसाधन विकास मंत्रालय की वेबसाइट से ऐसे डेटा ऐक्सेल शीट आसानी से गूगल के जरिए डाउनलोड की जा सकती थी. आप इसे चूक करें या लापरवाही, लेकिन इतने नागरिकों का घर तक का पता किसी के पास भी हो सकता है.</p>
<p style="text-align: justify; "><b>क्या आधार नंबर को पब्लिक करना सही है? </b><br /> आधार ऐक्ट 2016 के मुताबिक किसी नागरिक का आधार डेटा पब्लिश नहीं किया जा सकता. यानी मंत्रालय की वेबसाइट इन डेटा को सिक्योर रखने में नाकामयाब हो रही हैं.</p>
<p style="text-align: justify; ">आधार ऐक्ट 2016 के तहत कलेक्ट किया गया कोई भी आधार नंबर या कोर बायोमैट्रिक इनफॉर्मेशन पब्लिक नहीं किया जा सकता और न ही इसे किसी पब्लिक प्लैटफॉर्म पर पोस्ट किया जा सकता है. हालांकि इसके इस्तेमाल कानून के तहत शामिल की गईं एजेंसियां और संस्थाएं कर सकती हैं.</p>
<p style="text-align: justify; ">दी वायर की एक रिपोर्ट के मुताबिक एक महीने पहले डेटा रिसर्चर श्रीनीवास कोडाली ने थर्ड पार्टी वेबसाइट के द्वारा गलती लीक किए गए 5-6 लाख लोगों के पर्सनल डेटा के बारे में बताया था. इस डेटा में आधार नंबर, नाम, कास्ट, जेंडर और फोटोज शामिल थे.</p>
<p style="text-align: justify; "><b>सरकार के हमेशा दावा करती है कि आधार सिक्योर है</b><br /> सरकार लगातार दावा करती है कि आधार सिक्योर है सेफ है और डेटा लीक नहीं हो रहे हैं. लेकिन ये घटनाएं लागातार उन दावों को खोखला साबित कर रही हैं. सवाल यह है कि अब इस रिपोर्ट के बाद सरकार कोई कठोर कदम उठाती है या फिर पहले की तरह लचर सुरक्षा बनी रहेगी.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/aaj-tak-may-4-2017-135-million-aadhaar-number-leaked-by-govt-website-cis-report'>https://cis-india.org/internet-governance/news/aaj-tak-may-4-2017-135-million-aadhaar-number-leaked-by-govt-website-cis-report</a>
</p>
No publisherpraskrishnaVideoAadhaarInternet GovernancePrivacy2017-05-20T11:40:49ZNews Itemसावधान आपके प्रोफ़ाइल पर है पुलिस की नज़र!
https://cis-india.org/news/bbc-uk-july-18-2013-parul-aggarwal-social-media-monitoring
<b>जन लोकपाल, दिल्ली रेप केस और बाबा रामदेव के आंदोलनों में उमड़ी भीड़ से घबराई सरकारी एजेंसियां अब सोशल मीडिया पर कड़ी नज़र रखने के लिए मैदान में उतरी हैं.</b>
<p>This blog post by Parul Aggarwal was <a class="external-link" href="http://www.bbc.co.uk/hindi/india/2013/07/130715_social_media_monitoring_pa.shtml">published by BBC</a> on July 18, 2013. Pranesh Prakash is quoted.</p>
<hr />
<p style="text-align: justify; ">अपनी तरह के एक पहले मामले में मुंबई पुलिस ने <a class="page" href="http://www.bbc.co.uk/hindi/international/2013/05/130530_social_media_office_tb.shtml"><span class="label">क्लिक करें </span><span class="link-title"> फ़ेसबुक-ट्विटर </span></a>और दूसरे सोशल मीडिया पर आम लोगों की राय और उनकी भावनाओं पर निगरानी रखने की शुरुआत की है.</p>
<p style="text-align: justify; ">साइबर अपराधियों और इंटरनेट पर <a class="page" href="http://www.bbc.co.uk/hindi/india/2013/05/130513_facebook_comment_leads_to_jail_rd.shtml"><span class="label">क्लिक करें </span><span class="link-title"> गड़बड़ियां फैलाने वालों </span></a>के अलावा अब पुलिस की नज़र उन लोगों पर भी रहेगी जो राजनीतिक-सामाजिक मुद्दों पर सोशल मीडिया में जमकर बोलते हैं.</p>
<h2>आम लोग बने मुसीबत?</h2>
<p style="text-align: justify; ">पुलिस की मंशा है समय रहते ये जानना कि जनता किन मुद्दो पर लामबंद हो रही है और विरोध प्रदर्शनों के दौरान बड़े स्तर पर लोगों का रुझान किस तरफ़ है.</p>
<p style="text-align: justify; ">सोशल मीडिया मॉनिटरिंग का ये काम मार्च 2013 में शुरु किए गए मुंबई पुलिस के सोशल मीडिया लैब के ज़रिए किया जाएगा. मुंबई पुलिस के एक वरिष्ठ अधिकारी ने बीबीसी से हुई बातचीत में कहा, ''नौजवान आजकल फ़ेसबुक पर ख़ासे एक्टिव हैं, ये लोग नासमझ हैं और बात-बात पर उग्र हो जाते हैं. सोशल मीडिया लैब के ज़रिए हम ये देखते हैं कि कौन किस मुद्दे पर ज़्यादा से ज़्यादा लिख रहा है और किस तरह की प्रतिक्रिया दे रहा है.''</p>
<blockquote class="pullquote">दिल्ली रेप केस हो या इस तरह के दूसरे पब्लिक मूवमेंट, पिछले दिनों ऐसे कई मामले हुए हैं जब पुलिस ये नहीं जान पाई कि लोग क्या सोच रहे हैं या कितनी हद तक और कितनी बड़ी संख्या में लामबंद हो रहे हैं. हमारा काम है सोशल मीडिया पर नज़र रखते हुए पुलिस को ये बताना कि लोग किन चीज़ों के बारे में बात कर रहे हैं किस तरह के मुद्दे ज़ोर पकड़ रहे हैं.<span class="end-quote">"</span><br />रजत गर्ग, सीईओ सोशलऐप्सएचक्यू</blockquote>
<div class="person">
<div class="person-info"></div>
</div>
<p style="text-align: justify; ">इस काम में पुलिस को तकनीकी मदद मिल रही है नैसकॉम और तकनीकी क्षेत्र की एक निजी कंपनी ‘सोशलऐप्सएचक्यू’ से.</p>
<h2>सोशल मीडिया पर लामबंदी</h2>
<p style="text-align: justify; ">सोशलऐप्सएचक्यू के सीईओ रजत गर्ग ने बीबीसी से हुई बातचीत में कहा, ''दिल्ली रेप केस हो या इस तरह के दूसरे पब्लिक मूवमेंट, पिछले दिनों ऐसे कई मामले हुए हैं जब पुलिस ये नहीं जान पाई कि लोग क्या सोच रहे हैं या कितनी हद तक और कितनी बड़ी संख्या में लामबंद हो रहे हैं. हमारा काम है सोशल मीडिया पर नज़र रखते हुए पुलिस को ये बताना कि लोग किन चीज़ों के बारे में बात कर रहे हैं किस तरह के मुद्दे ज़ोर पकड़ रहे हैं. ''</p>
<p style="text-align: justify; ">फ़ेसबुक-ट्विटर पर <a class="page" href="http://www.bbc.co.uk/hindi/science/2013/02/130211_facebook_sued_like_aa.shtml"><span class="label">क्लिक करें </span><span class="link-title"> निगरानी</span></a> कोई नई बात नहीं लेकिन अब तक ये काम ज्यादातर मार्केटिंग कंपनियां ही करती आई हैं. लेकिन सोशलऐप्सएचक्यू जैसी कंपनियां जो कर रही हैं वो 'ओपन सोर्स इंटेलिजेंस' यानी सार्वजनिक स्रोतों से मिली संवेदनशील जानिकारियों को इकट्ठा करना है.</p>
<p style="text-align: justify; "> </p>
<h2>विशेष सॉफ्टवेयर्स की मदद</h2>
<table class="invisible">
<tbody>
<tr>
<td style="text-align: justify; ">
<p>रजत गर्ग के मुताबिक़, “इंटरनेट को खंगालने और जानकारियां जुटाने का काम सॉफ्टवेयर करते हैं और जानकारियों को समझने और इन पर निगरानी का काम तकनीकी विशेषज्ञों की टीम. इससे ये देखा जा सकता है कि कि कौन से मुद्दे ज़ोर पकड़ रहे हैं और कौन लोग इन्हें लेकर सबसे ज़्यादा एक्टिव हैं. इन लोगों के सोशल नेटवर्क के ज़रिए ये जाना जा सकता है कि किसकी पहुंच कितने लोगों तक है और कोई भी गतिविधिति क्या रुप ले सकती है.’’</p>
<p>सरकार की दलील है कि जो जानकारियां सोशल मीडिया पर <a class="page" href="http://www.bbc.co.uk/hindi/india/2013/01/130129_social_networking_sites_comment_job_fma.shtml"><span class="label">क्लिक करें </span><span class="link-title"> सार्वजनिक</span></a> रुप से मौजूद हैं केवल उन्हीं की निगरानी की जाती है. हालांकि तकनीक के जानकार कहते हैं कि भारत में प्राइवेसी से जुड़े क़ानून बेहद लचर हैं और फ़ेसबुक-ट्विटर का इस्तेमाल करने वाले ज्यादातर लोग अपनी निजी जानकारियां छिपाने जैसी तकनीकों से अनजान हैं.</p>
</td>
<th>
<p><img src="https://cis-india.org/home-images/AseemTrivedi.png" style="float: right; " title="Aseem Trivedi" class="image-inline" alt="Aseem Trivedi" /></p>
<p style="text-align: right; ">अपनी वेबसाइट पर आपत्तिजनक सामग्री डालने को लेकर कार्टूनिस्ट असीम त्रिवेदी को भी गिरफ्तार किया गया था.</p>
</th>
</tr>
</tbody>
</table>
<h2>पारदर्शिता की कमी</h2>
<p style="text-align: justify; ">ऐसे में सार्वजनिक मंच पर कई ऐसी जानकारियां उपलब्ध हो सकती हैं जो उन्हें पुलिस की आंख की किरकिरी बना दें.</p>
<p style="text-align: justify; ">साल 2012 में पूर्व शिवसेना प्रमुख बाला साहब ठाकरे की निधन के मौक़े पर बुलाए गए मुंबई बंद के ख़िलाफ़ फ़ेसबुक पर टिप्पणी करने वाली एक लड़की और उसकी पोस्ट को लाइक करने वाली उसकी दोस्त को रातोंरात गिरफ्तार कर लिया गया. पुलिस ने ये कार्रवाई एक स्थानीय शिवसेना नेता की शिकायत पर की थी.</p>
<p style="text-align: justify; ">कथित तौर पर संविधान का मज़ाक उड़ाने और अपनी वेबसाइट पर आपत्तिजनक सामग्री डालने को लेकर कार्टूनिस्ट असीम त्रिवेदी को भी गिरफ्तार किया गया. मीडिया में हुए हंगामे के बाद सभी लोगों को छोड़ दिया गया लेकिन भारत में अब तक इस तरह के कई ऐसे मामले सामने आ चुके हैं.</p>
<p style="text-align: justify; ">सूचना प्रौद्योगिकी क़ानून की धारा 66 कहती है कि इस तरह की कार्रवाई बेहद संवेदनशील और राष्ट्रहित से जुड़े मामलों में ही की जानी चाहिए. हालांकि धारा 66 की आड़ में सरकार और नेताओं के ख़िलाफ़ बोलने वालों की गिरफ्तारी सरकार की मंशा पर कई सवाल खड़े करती है.</p>
<p style="text-align: justify; ">इंटरनेट से जुड़े मुद्दों पर काम करने वाली संस्थाएं मानती हैं कि भारत में इंटरनेट और आम लोगों पर निगरानी रखने के मामले में सरकार की ओर से पारदर्शिता की बेहद कमी है.</p>
<h2>'दुरुपयोग की संभावना'</h2>
<p style="text-align: justify; ">द सेंटर फ़ॉर इंटरनेट एंड सोसाएटी से जुड़े प्रनेश प्रकाश कहते हैं, ''भारत में सूचना प्रौद्योगिकी और इंटरनेट से जुड़े क़ानूनों को अगर पढ़ें तो समझ आता है कि वो कितने ख़राब तरीक़े से लिखे गए हैं. इन क़ानूनों में स्पष्टता और जवाबदेही की गुंजाइश न होने के कारण ही उनका इस्तेमाल तोड़-मरोड़ कर किया जाता है.''</p>
<blockquote class="pullquote">सोशल मीडिया के ज़रिए इंटरनेट पर सार्वजनिक रुप से बहुत कुछ हो रहा है. कुच्छेक मामलों को छोड़कर चीन जैसे देशों के मुकाबले अभिव्यक्ति की स्वतंत्रता को लेकर भारत सरकार ने अबतक कोई दमनकारी नीति नहीं अपनाई है. लेकिन समस्या ये है कि तकनीक की मदद से अगर दिन-रात निगरानी होगी और जानकारियां सामने आएंगी तो उनके दुरुपयोग की संभावना बढ़ जाती है. <span class="end-quote">"</span></blockquote>
<p style="text-align: justify; ">प्रनेश कहते हैं, ''साल 2011 में सरकार ने केंद्रीय मंत्रालयों और विभागों के लिए सोशल मीडिया से जुड़े दिशा-निर्देश जारी किए. इसका मक़सद था सरकारी विभागों को ये बताना कि सोशल मीडिया पर आम लोगों से कैसे जुड़ें. यही वजह है कि जब सरकार और पुलिस से जुड़े विभागों ने सोशल मीडिया लैब बनाए तो ज्यादातर लोगों ने समझा कि इनका मक़सद जनता की निगरानी नहीं बल्कि आम लोगों से जुड़ना है.''</p>
<p style="text-align: justify; ">तो मुंबई पुलिस का ये क़दम क्या आम लोगों और मानवाधिकार संगठनों के लिए ख़तरे की घंटी है ?</p>
<p style="text-align: justify; ">प्रनेश कहते हैं, “सोशल मीडिया के ज़रिए इंटरनेट पर सार्वजनिक रुप से बहुत कुछ हो रहा है. कुछ एक मामलों को छोड़कर चीन जैसे देशों के मुक़ाबले अभिव्यक्ति की स्वतंत्रता को लेकर भारत सरकार ने अब तक कोई दमनकारी नीति नहीं अपनाई है. लेकिन समस्या ये है कि तकनीक की मदद से अगर दिन-रात निगरानी होगी और जानकारियां सामने आएंगी तो उनके दुरुपयोग की संभावना बढ़ जाती है.”</p>
<p style="text-align: justify; "> </p>
<div id="_mcePaste"></div>
<p>
For more details visit <a href='https://cis-india.org/news/bbc-uk-july-18-2013-parul-aggarwal-social-media-monitoring'>https://cis-india.org/news/bbc-uk-july-18-2013-parul-aggarwal-social-media-monitoring</a>
</p>
No publisherpraskrishnaSocial MediaInternet GovernanceCensorship2013-07-31T04:10:37ZNews Itemक्या आधार पर जल्दबाज़ी में है सरकार?
https://cis-india.org/internet-governance/news/ndtv-march-27-2017-discussion-on-aadhaar
<b>Amber Sinha took part in a discussion on Aadhaar aired by NDTV on March 27, 2017. </b>
<p style="text-align: justify; ">एक जुलाई 2017 से आयकर रिटर्न भरने और पैन नंबर के लिए आधार नंबर देना अनिवार्य हो जाएगा. बिना आधार के अब आयकर रिटर्न नहीं भरा जा सकेगा. जिस किसी के पास पैन कार्ड है उसे एक जुलाई तक आधार नंबर देना होगा. अगर ऐसा नहीं करेंगे तो पैन कार्ड अवैध हो जाएगा. माना जाएगा कि आपके पास पैन कार्ड या पैन नंबर नहीं है. आयकर फार्म और पैन नंबर में आधार को अनिवार्य किये जाने से कई सवाल फिर से उठे हैं. 2009 से लेकर 2017 के बीच आधार के इस्तमाल को लेकर, इसके लीक होने से लेकर अनिवार्य किये जाने के ख़तरे को लेकर कई बहसें सुनी, पचासों लेख पढ़े. दूसरी तरफ हमने समाज में देखा कि आधार को लेकर ग़ज़ब का उत्साह है.</p>
<p style="text-align: justify; "><a class="external-link" href="http://www.ndtv.com/video/shows/prime-time/is-the-government-in-a-hurry-on-aadhaar-452934?relatedviaplayer">Watch the Video on NDTV</a></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/ndtv-march-27-2017-discussion-on-aadhaar'>https://cis-india.org/internet-governance/news/ndtv-march-27-2017-discussion-on-aadhaar</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2017-03-29T03:52:08ZNews Item2019 International Asia Conference
https://cis-india.org/internet-governance/news/2019-international-asia-conference
<b>ITECHLAW organized the 2019 edition of International Asia Conference at JW Marriott hotel in Bangalore on January 31, 2019 and February 1, 2019. Sunil Abraham was a panelist in the session "Policy Making for the Emerging Tech in India".</b>
<p style="text-align: justify; ">The rush of emerging technologies of Machine Learning, Internet of Things (IoT) and Virtual Reality (VR) is revolutionising the landscape in which humans exist. Innovators of the generation are ambitious, and their contributions have significantly impacted on various fields like healthcare, media and entertainment, agriculture, and other service models. As these technology advancements are driving new business and service models, there is a need for stakeholders and governments to ensure security and stability of the market without stifling innovations, stigmatising incentives or creating obstacles. Rapid spreading technology applications are resulting in drastic changes in today’s regulatory model, posing the difficult challenges for regulators. In India, the expeditiously developing start-up ecosystem and online consumer base, has stirred the regulators.</p>
<p style="text-align: justify; ">Intermediary liability, surveillance, data and privacy, digital taxation, data governance and sovereignty are the dominating debatable topics in India. The debates are not only between regulators and stakeholders, but consumers also joining in it. As the competition between Indian and Foreign Technology intensifies in the turf, the debate on tech-policy is considerably being mentioned in run-up of political parties to the general elections as well. Over the past one year, the country has witnessed some landmark judgments and contentious government proposals related to data and privacy, implications of which have affected over-the-top (“OTT”) services, online media, social media, e-commerce platforms, IoT services etc. The Indian regulatory framework on tech-policy is becoming stricter due to a very disruptive phase last year. The tech-giants like Facebook, Google, Twitter, and Amazon are themselves realising their enormous market influence. After the episodes of lynching, hate speeches etc., they are participating in policy-making efforts related to fake news and digital malfeasance. In this process legal industry is making considerable lobbying efforts for corporations to work with government to curb the menace of digital malpractice and make the internet safer.</p>
<p style="text-align: justify; ">As the legal industry is participating in the process of creating an innovators-friendly regulatory regime, they are also striving to understand the disruptive technologies and adopt them for their own convenience. However, legal firms must understand that the technology cannot do their job for clients but can only upgrade the business model for them. The traditional law firm business model is not in sync with legal buyers. Effective deployment of technology will ameliorate the factor of its approachability to its clients.</p>
<p style="text-align: justify; ">With the growing technology-based start-ups in India, it is going to be a hub for investments by big corporations. In order to keep attracting the investors there is a need for government to remove the potential hindrances that may make investors double-think. The government should prepare a level-playing field in the market by making citizens aware of the standard tech-policies and fostering the innovators-friendly regulatory regime.</p>
<hr />
<p style="text-align: justify; ">For more info <a class="external-link" href="https://www.itechlaw.org/Bangalore2019">see the website</a></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/2019-international-asia-conference'>https://cis-india.org/internet-governance/news/2019-international-asia-conference</a>
</p>
No publisherAdminInternet GovernanceIntermediary Liability2019-02-19T00:23:43ZNews Item‘Willing to participate, but need more time’: Twitter on parliamentary panel hearing
https://cis-india.org/internet-governance/news/hindustan-times-february-10-2019-smriti-kak-ramachandran-and-vidhi-choudhary-willing-to-participate-in-parliamentary-panel-hearing
<b>Executives from social media firm Twitter’s US headquarters will not appear before a parliamentary panel that has summoned them on Monday over perceived bias towards right-wing handles on the micro-blogging platform.</b>
<p style="text-align: justify; ">The article by Smriti Kak Ramachandran and Vidhi Choudhary was <a class="external-link" href="https://www.hindustantimes.com/india-news/twitter-says-willing-to-participate-in-parliamentary-panel-hearing-seeks-more-time/story-C7cDq6n7kOJM3DOFOX45dI.html">published in Hindustan Times</a> on February 10, 2019. Sunil Abraham was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">Executives from social media firm Twitter’s US headquarters will not appear before a parliamentary panel that has summoned them on Monday over perceived bias towards right-wing handles on the micro-blogging platform although a spokesperson for the firm said in a statement that this is only on account of timing and that Twitter is “willing to participate in” a hearing by the panel.<br /><br />“We have indicated that we are willing to participate in such a broad hearing process. Given the short notice of the hearing, we informed the committee that it would not be possible for senior officials from Twitter to travel from the United States to appear on Monday,” the statement said. The panel’s summons were issued on February 5, with a meeting with the parliamentary panel scheduled for Monday, February 11.<br /><br />A right-wing group, Youth for Social Media Democracy, recently held protests claiming the microblogging site suspends or shadow-bans accounts that appear sympathetic to the ruling Bharatiya Janata Party (BJP) and the government.<br /><br />Anurag Thakur, a BJP MP who heads the parliamentary panel on information and technology, asked IT ministry officials and Twitter representatives to be present at the meeting. He said the committee takes a serious note of Twitter’s response and would take “appropriate action on February 11.”<br /><br />According to an official aware of the letter sent to Twitter, the company was told “it may be noted that the Head of the Organisation has to appear before the Committee”.<br /><br />Twitter added in its statement that while it will work with the Lok Sabha secretariat to find a mutually agreeable date for a meeting so that a senior Twitter official (from the US) can attend it has “also offered representatives from Twitter India to come and answer questions on Monday”. “We await feedback from the government on both matters,” the statement added.<br /><br />In a previous statement, Twitter said that its India representatives do not enforce policy and that this is done “with impartiality” by a “specialized global team”.<br /><br />Thakur’s intervention wasn’t prompted by protests by Youth for Social Media Democracy alone. According to the people familiar with the matter, the issue has been repeatedly flagged at meetings of the Rashtriya Swayamsevak Sangh (RSS), the ideological parent of the BJP.<br /><br />Twitter denied these allegations. In a statement issued on Friday, the company said, “Twitter is a global platform that serves a global, public conversation. Elevating debate and open discourse is fundamental to the platform’s service, and its core values as a company. Twitter is committed to remain unbiased with the public interest in mind.”<br /><br />“The public conversation around Twitter’s policies and actions may be distorted by some who have a political agenda and this may be particularly acute during election cycles when highly-charged political rhetoric becomes more common. For our part, we will endeavour to be even more transparent in how we develop and enforce our policies to dispel conspiracy theories and mistrust,” Colin Crowell, global vice president, public policy, Twitter, added in the statement.<br /><br />A senior functionary of the RSS said it was soon after the January 1, 2018 clash between Maratha and Dalit groups in Maharashtra’s Bhima Koregaon that escalated into violence that functionaries of the Sangh began to notice posts on social media that were allegedly “anti-national” and had the potential to create “communal friction”.<br /><br />The content of some of the posts was construed to be similar to the expressions used by so-called “urban naxals”, this person said on condition of anonymity. Urban naxals is a term coined by the right wing for left-wing intellectuals who, they say, are suspected to have links to Maoist organisations.<br /><br />“Posts that spoke of destabilising the nation, that attacked the sovereignty of the country were being put up. No action was being taken, despite complaints to Twitter,” the functionary added.<br /><br />It was then that the Sangh chose to knock on Thakur’s doors.<br /><br />With 34.4 million users, Twitter has emerged as a key platform for political and social conversations. Given the reach of the medium, even the Election Commission has been monitoring the posts to ensure there is no adverse impact on election processes.<br /><br />Experts said Twitter and other platforms need to become more transparent. “Unless Twitter and other internet giants implement principles of natural justice, they will always be accused of bias,” said Sunil Abraham, co-founder of the think tank Centre for Internet and Society, adding that the platform does not “provide sufficient transparency regarding its decisions”.<br /><br />Lawyer Apar Gupta said that the parliamentary panel on IT needs to function more robustly. “It has not invited experts, academics, and civil society voices for deliberations. Also, the outcomes from hearings such as the ones on Aadhaar, privacy. data breaches, and net neutrality, done a while back, remain outstanding. Reports or recommendations have not been made to parliament.”<br /><br />In general, parliamentary panels do allow hearings to be deferred at the request of someone who has been summoned, although this is usually at the discretion of the chairman and also if the request is made immediately after the summons is issued.<br /><br />Gupta added that usually, a breach of privilege complaint is made by the chairman of the committee to the Lok Sabha speaker “who will then approve it and send it to the Privileges Committee of the Lok Sabha”.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/hindustan-times-february-10-2019-smriti-kak-ramachandran-and-vidhi-choudhary-willing-to-participate-in-parliamentary-panel-hearing'>https://cis-india.org/internet-governance/news/hindustan-times-february-10-2019-smriti-kak-ramachandran-and-vidhi-choudhary-willing-to-participate-in-parliamentary-panel-hearing</a>
</p>
No publisherSmriti Kak Ramachandran and Vidhi ChoudharyInternet Governance2019-02-15T02:29:55ZNews Item‘The IT Act is fine, but its interpretation is not’
https://cis-india.org/news/dna-bangalore-december-19-2012-the-it-act-is-fine-but-its-interpretation-is-not
<b>Several organisations such as the Alternate Law Forum and Centre for Internet and Society are campaigning to amend the IT Act 2000. However, SV Raghavan, scientific secretary, office of PSA to the government of India, stated that the law in place is fine but the stakeholders need to be educated on implementing it better.</b>
<hr />
<p>The article was<a class="external-link" href="http://www.dnaindia.com/bangalore/report_the-it-act-is-fine-but-its-interpretation-is-not_1779394"> published</a> in DNA on December 19, 2012.</p>
<hr />
<p style="text-align: justify; ">Raghavan, who was at the National Institute of Advanced Studies (NIAS) in the Indian Institute of Science (IISc) on Tuesday to give a lecture on cyber security, specifically singled out the controversial Section 66 that can hold a person viable for posting ‘offensive’ content online. The IT Act 2000 is constituted to keep such law breakers under check.</p>
<p style="text-align: justify; ">“The IT Act 2000 gives specific powers to some of the law agencies to take action. In cyberspace, nearly 90% of the users don’t come with any malicious intentions. Now there is a large concerted effort across the country, to teach policemen how to apply this law and interpret it. There is also an effort to teach the judiciary to interpret the law correctly, so that the right people are held accountable,” he said.</p>
<p style="text-align: justify; ">“No matter what you do, when the law is written in English, sometimes it comes across two dimensional and the original intent of the law may be lost, which is why there are agencies who are dedicated to teaching the judiciary on how to interpret it,” he added.</p>
<p style="text-align: justify; ">As for cyber security amongst civilians, vigilance is simply all it takes.</p>
<p>
For more details visit <a href='https://cis-india.org/news/dna-bangalore-december-19-2012-the-it-act-is-fine-but-its-interpretation-is-not'>https://cis-india.org/news/dna-bangalore-december-19-2012-the-it-act-is-fine-but-its-interpretation-is-not</a>
</p>
No publisherpraskrishnaInternet GovernanceInformation Technology2012-12-21T10:08:43ZNews Item