Centre for Internet and Society

Socio-financial Online Networks: Globalizing Micro-Credit through Micro-transactional Networked Platforms – A Public Lecture by Radhika Gajalla

praskrishna — 2011-06-24T11:37:52Z

The Centre for Internet and Society invites you to a public lecture by Prof. Radhika Gajalla of Bowling Green State University. She will give a lecture on how microfinance online functions through the social networked online space and the micro-transactional abilities of the interface together work to enhance financialization of the globe.

In her lecture, she will focus on how this is made possible by the increased digitalization of financial practices and the role micro practices play in producing globalization. She will also lay emphasis on the fact that the increased digitalization of finance also means that "financial literacy" is also removed into the virtual space so that it is further away from subaltern daily praxis while simultaneously staging subaltern presence in cosmopolitan space through mobilizing structures of 'feeling' that Dr. Shameem Black refers to as "sentimental sympathy".

Prof. Gajalla’s lecture will also touch upon issues like what online socially networked micro-credit websites do visually and through the use of multiple tools that are embedded in the discourse of interactivity is to make it seem as if the subaltern is indeed participating in these networks. Thus, the appearance of a subaltern presence is produced. In this production of appearance of the subaltern presence in online contexts, just as in other visual and static contexts, the complexity of socio-cultural and economic intersections are not clearly revealed or accounted for. This reproduces exotic notions of the authentic, mummified ‘other’ and offers the subaltern image up for consumption. In turn, as Web 2.0 tools are set up to actually reach the offline subaltern via non-profit or for profit representatives that connect to these online networks, the subaltern in turn is tapped as a consumer for capital.

Radhika Gajjala

Radhika Gajjala is a Professor of Media and Communication at Bowling Green State University and Director of the American Culture Studies program. Her book, "Cyber Selves: Feminist Ethnographies of South Asian Women" was published in 2004. She has co-edited collections on "South Asian Technospaces", "Global Media Culture and Identity" and "Webbing Cyberfeminist Practice: Communities, Pedagogies, and Social Action". She is presently working on a forthcoming book, "Weavings of the Real and Virtual: Cyberculture and the Subaltern" to be published in 2012 and is also working on two interrelated projects — one on "Microfinance Online and Money in Virtual Worlds and Social Media" in relation to the ITization and NGOization of global socio-economic work and play environments and the other on "Coding and Placement of Affect and Labour in Digital Diasporas".

For more details visit https://cis-india.org/events/socio-financial-online-networks

Internet Surveillance Policy: “…the second time as farce?” – A Public Lecture by Caspar Bowden

praskrishna — 2011-09-08T03:19:35Z

The Centre for Internet and Society, Bangalore, invites you to a public lecture by Caspar Bowden*, the Chief Privacy Adviser of Microsoft’s Worldwide Technology Office, on Internet Surveillance Policy: “…the second time as farce?

Abstract

In 2000, as Director of the independent think-tank, "Foundation for Information Policy Research", Caspar led a campaign to revise several aspects of a new comprehensive UK law governing electronic surveillance ("the RIP Act"). UK legislated in this area many years before most other countries, and the approach was widely criticized although some amendments were achieved. After a hiatus of a decade, many Commonwealth countries are now copying the RIP law (evidently unaware of the original controversies over its defects). Caspar will discuss the legal-technical intricacies of such legislation, the underlying policy dilemmas, the background context of the failed 1990s policy of “key escrow”, and the subsequent privacy catastrophe of blanket retention of the “traffic data” of all of the 500m citizens of the EU.

Caspar Bowden

Caspar Bowden is Microsoft's Worldwide Technology Officer for Privacy, providing advice on technology policy matters concerning privacy in over 40 countries, with particular focus on Europe and regions with horizontal privacy law. His goal is to ensure that users of Microsoft products and services are in control of their personal data and that fair information practices are respected. He is a specialist in data protection policy, privacy enhancing technology research, identity management and authentication.

Earlier he was the director of the Foundation for Information Policy Research and was also an expert adviser to the UK Parliament for the passage of three bills concerning privacy issues, and was co-organizer of the influential Scrambling for Safety public conferences on UK encryption and surveillance policy. His previous career over two decades ranged from investment banking (proprietary trading risk-management for option arbitrage), to software engineering (graphics engines and cryptography), including work for Goldman Sachs, Microsoft Consulting Services, Acorn, Research Machines, and IBM.

Who should attend?

This public talk aims to engage in a dialogue with anybody interested in questions of technology, surveillance, policy and the politics of Internet based governance. Students, research scholars, academics, practitioners, those in the business of technology development, design and study, are invited to attend the lecture that approaches the issue from different angles of technology, society and politics.

Entry: Free; Limited Seating

Registration recommended: prasad@cis-india.org

For additional info click here [PDF, 521 kb]

* Caspar is speaking in his private capacity and his remarks do not necessarily reflect any official Microsoft position

Videos

For more details visit https://cis-india.org/events/internet-surveillance-policy-lecture

Privacy and Security Can Co-exist

sunil — 2012-03-21T09:05:57Z

The blanket surveillance the Centre seeks is not going to make India more secure, writes Sunil Abraham in this article published in Mail Today on June 21, 2011.

TODAY, the national discourse around the “ right to privacy” posits privacy as antithetical to security.

Nothing can be farther from the truth. Privacy is a necessary but not sufficient condition for security. A bank safe is safe only because the keys are held by a trusted few. No one else can access these keys or has the ability to duplicate them. The 2008 amendment of the IT Act and their associated rules notified April 2011 propose to eliminate whatever little privacy Indian netizens have had so far. Already as per the Internet Service Provider ( ISP) licence, citizens using encryption above 40- bit were expected to deposit the complete decryption key with the Ministry of Communications and Information Technology. This is as intelligent as citizens of a neighbourhood making duplicates of the keys to their homes and handing them over at the local police station.

Surveillance

Surveillance in any society is like salt in cooking — essential in small quantities but completely counter- productive even slightly in excess. Blanket surveillance makes privacy extinct, it compromises anonymity, essential ingredients for democratic governance, free media, arts and culture, and, most importantly, commerce and enterprise. The Telegraph Act only allowed for blanket surveillance as the rarest of the rare exception. The IT Act, on the other hand, mandates multitiered blanket surveillance of all lawabiding citizens and enterprises.

When your mother visits the local cybercafe to conduct an e- commerce transaction, at the very minimum there are two levels of blanket surveillance. According to the cyber- cafe rules, all her transaction logs will be captured and stored by the operator for a period of one year. This gentleman would also have access to her ID document and photograph. The ISPs would also store her logs for two years to be in compliance with the ISP licence ( even though none of them publish a data- retention policy). Some e- commerce website, to avoid liability, will under the Intermediary Due Diligence rules also retain logs.

Data retention at the cyber- cafe, by the ISP and also by the application service provider does not necessarily make Indian cyberspace more secure. On the contrary, redundant storage of sensitive personal information only opens up multiple points of failure and leaks — in the age of Nira Radia and Amar Singh no sensible bank would accept such intrusion into their core business processes.

Surveillance capabilities are not a necessary feature of information systems.

They have to be engineered into these systems. Once these features exist they could potentially serve both the legally authorised official and undesirable elements.

Terrorists, cyber- warriors and criminals will all find systems with surveillance capabilities easier to compromise.

In other words, surveillance compromises security at the level of system design. There were no Internet or phone lines in the Bin Laden compound — he was depending on a store and forward arrangement based on USB drives. Do we really think that registration of all USB drives, monitoring of their usage and the provision of back doors to these USBs via a master key would have led the investigators to him earlier?

Myth

Increase in security levels is not directly proportional to an increase in levels of surveillance gear. This is only a myth perpetuated by vendors of surveillance software and hardware via the business press. You wouldn't ask the vendors of Xray machines how many you should purchase for an airport, would you? An airport airport with 2,000 X- ray machines is not more secure than one with 20. But in the age of UID and NATGRID, this myth has been the best route for reaching salestargets using tax- payers’ money.

Surveillance must be intelligent, informed by evidence and guided by a scientific method. Has the ban on public WiFi and the current ID requirements at cyber- cafes led to the arrest of terrorists or criminals in India? Where is the evidence that more resource hungry blanket surveillance is going to provide a return on the investment? Unnecessary surveillance is counter- productive and distracts the security agenda with irrelevance.

Finally, there is the question of perception management. Perceptions of security do not only depend on reality but on personal and popular sentiment. There are two possible configurations for information systems — one, where the fundamental organising principle is trust and second, where the principle is suspicion.

Systems based on suspicion usually give rise to criminal and corrupt behaviour.

Perception

If the state were to repeatedly accuse its law- abiding citizens of being terrorists and criminals it might end up provoking them into living up to these unfortunate expectations. If citizens realise that every moment of their digital lives is being monitored by multiple private and government bodies, they will begin to use anonymisation and encryption technology round the clock even when it is not really necessary. Ordinary citizens will be forced to visit the darker and nastier corners of the Internet just to download encryption tools and other privacy enabling software. Like prohibition this will only result in further insecurity and break- down of the rule of law.

The writer is executive director of the Bangalore- based Centre for Internet and Society.

Read the original published in Mail Today here

For more details visit https://cis-india.org/internet-governance/blog/privacy-and-security

Copyright Enforcement and Privacy in India

Prashant Iyengar — 2012-12-14T10:27:12Z

Copyright can function contradictorily, as both the vehicle for the preservation of privacy as well as its abuse, writes Prashant Iyengar. The research examines the various ways in which privacy has been implicated in the shifting terrain of copyright enforcement in India and concludes by examining the notion of the private that emerges from a tapestry view of the relevant sections of Copyright Act.

Introduction

Copyright can function contradictorily, as both the vehicle for the preservation of privacy as well as its abuse. This paper examines the various ways in which privacy has been implicated in the shifting terrain of copyright enforcement in India. Chiefly, there are three kinds of situations that we will be discussing here: The first is straightforward and deals with the physical privacy intrusion caused by the execution of search and seizure orders during the investigation of infringement. The second situation involves the violation of privacy through the misappropriation of confidential information. The last situation involves the wrongful appropriation of a person’s persona or their ‘publicity’ – the photographs of celebrities, for instance – for private gain. Instances of each of these situations, and the manner in which the courts have negotiated the privacy claims that have arisen are described in the sections that follow. In addition, Copyright law, dealing as it does mainly with offences of the nature of unauthorised publicity/publication putatively inscribes certain spaces and activities as either public or private. The concluding section of this paper examines the notion of the private that emerges from a tapestry view of various sections of the Copyright Act.

Copyright Enforcement

Context setting

Over the past several decades there has been an increasing awareness globally – and within India – of the importance of 'knowledge societies' which, in contrast to earlier industrial or agrarian societies, leverage 'information' as the key raw material and output of a range of productive activity. As one UNESCO Report puts it "Knowledge is today recognized as the object of huge economic, political and cultural stakes"[1].

In this new paradigm, investment in Information and Communications Technology (ICT), the enactment of strong Intellectual Property laws, and their strict enforcement are prescribed as imperative in facilitating the transition away from the older economic modes. The promise of the knowledge society is particularly alluring for developing countries, like India, where it is viewed as a vehicle for achieving what Ravi Sundaram has termed 'temporally-accelerative' development[2], through which we would be able to transcend our "historical disabilities", and achieve parity with the incumbent masters of the world. [3]

In their eagerness to provide the best supportive conditions to usher in this coveted knowledge society, nations have been tightening their Intellectual Property regimes – including copyright law. This has entailed a two fold expansion, firstly, in the scope of copyright to include, for instance, ‘technological protection measures’ within their ambit and secondly, in the powers of investigation, search and seizure put at the disposal enforcement agencies. In addition, as we shall see, courts in India have enthusiastically bought into this vision of a knowledge economy, and this has fuelled their eagerness to craft innovative – if legally unsound – orders which put tremendously intrusive powers in the hands of copyright owners. Taken together, these developments have taken their toll on the privacy of individuals which this section will explore in further detail. We begin with a brief description of the statutory mechanism for copyright enforcement – both civil and criminal - under the Copyright Act. We then move on to the way courts have crafted new orders that magnify the powers of copyright owners to the detriment of the privacy of individuals.

Civil and Criminal Enforcement under the Copyright Act

The Copyright Act provides for both civil and criminal remedies for infringement. Section 55 provides for civil remedies and declares that, upon infringement, "the owner of the copyright shall be entitled to all such remedies by way of injunction, damages, accounts and otherwise as are or may be conferred by law for the infringement of a right." Civil suits are instituted at the appropriate district court having jurisdiction – including where the plaintiff resides.

Similarly, Chapter XIII (Sections 63-70) provides a range of criminal penalties for infringing copyrights which are typically punishable with terms of imprisonment that “may extend up to three years” along with a fine. These offences would be taken cognizance of and tried at the court of the Metropolitan Magistrate or Judicial Magistrate of the First class [Sec 70], in the same manner as all cognizable offences[4] in India i.e., by following the procedures under the Code of Criminal Procedure, 1973. Section 64 of the Copyright Act dealing with police powers was amended in 1984 to give plenary powers to police officers, of the rank of a sub-inspector and above, to seize without warrant all infringing copies of works “if he is satisfied” that an offence of infringement under section 63, “has been, is being, or is likely to be, committed”. Prior to amendment, this power could only be exercised by a police officer when the matter had already been taken cognizance of by a Magistrate. Prima facie, this is a very sweeping power since its exercise is unsupervised by the judiciary and only depends on the “satisfaction” of a police officer. To put matters in perspective, under the Income Tax Act, dealing with the far more sensitive issue of tax evasion, a search and seizure can only be conducted based on information already in the possession of the investigating authority.[5]

In Girish Gandhi & Ors. v Union of India[6], a case before the Rajasthan High Court, the petitioner, who ran a video cassette rental business, challenged the constitutional validity of the wide powers granted to police officers under this section. Citing various instances of violations of privacy that the abuse of the section could occasion, the petitioner contended:

"The provisions of section 64 itself gives arbitrary and naked powers without any guidelines to the police officer to seize any material from the shop and thus, drag the video owners to the litigation. He has given instances in the petition that police officer usually demands for video cassettes to be given to them free of charge for viewing it at their homes and in case, on any reason either the video cassette is not available or it is not given free of charge, there is likelihood that police officer shall misuse his powers and try to seize the material for prosecution under the various provisions of the Act."

Although the High Court dismissed the petition on the grounds that it did not disclose any actual injury to the petitioner, it upheld the constitutionality of the section by reading the word "satisfaction" to mean that the "police officer will not act until and unless he has got some type of information on which information he is satisfied and his satisfaction shall be objective."

[Section 64] is also not arbitrary for the reason that guidelines and safeguards are provided under Sections 51, 52 and 52A and Section 64(2) of the Copyright Act, coupled with the fact that it is expected of the police officer that he would not act arbitrarily and his satisfaction shall always based on some material or knowledge and he shall only proceed for action under Section 64 in a bona fide manner and not for making a roving inquiry. (emphasis added)

Despite the pious hopes expressed in this decision, they do not appear to have influenced the actual behaviour of police officers. In May 2011, the Delhi High Court struck down a notification issued by the Commissioner of Police which had instructed all subordinate functionaries of the police to "attend to and provide assistance" whenever any complaint "in respect of violation of the provisions of Copyright Act, 1957" was received from three companies: Super Cassettes Industries Limited, Phonographic Performance Ltd and Indian Performance Right Society Ltd. This virtually amounted to the commandeering of the criminal enforcement system by a few private owners for their own private interests. In their suit, the petitioner — Event and Entertainment Management Association — had contended that the police machinery "cannot be made to act at the behest of certain privileged copyright owners". Striking the notification down, as unconstitutional, Justice Muralidhar of the Delhi High Court held:

"To the extent the impugned circular privileges the complaints from SCIL over other complaints from owners of copyright it is unsustainable in law for the simple reason that there has to be equal protection of the law in terms of Article 14 of the Constitution. The police are not expected to act differently depending on who the complainant is. All complaints under the Act require the same seriousness of response and the promptitude with which the police will take action, Likewise, the caution that the Police is required to exercise by making a preliminary inquiry and satisfying itself that prima facie there is an infringement of copyright will be no different as regards the complaints or information received under the Act[7]."

The Judge also issued some welcome remarks on the manner in which complaints under Section 64 were to be handled:

In order that the power to seize in terms of Section 64 of the Act is not exercised in an arbitrary and whimsical manner, it has to be hedged in with certain implied safeguards that constitute a check on such power. Consequently, prior to exercising the power of seizure under Section 64(1) of the Act the Police officer concerned has to necessarily be prima facie satisfied that there is an infringement of copyright in the manner complained of. In other words, merely on the receipt of the information or a complaint from the owner of a copyright about the infringement of the copyrighted work, the Police is not expected to straightway effect seizure. Section 52 of the Act enables the person against whom such complaint is made to show that one or more of the circumstances outlined in that provision exists and that therefore there is no infringement. During the preliminary inquiry by the Police, if such a defence is taken by the person against whom the complaint is made it will be incumbent on the Police to prima facie be satisfied that such defence is untenable before proceeding further with the seizure.(emphasis added)[8]

This decision significantly tempers the severity of possible searches and seizures conducted by the police under Copyright Law. It advances the cause of privacy by reining in the power of the state to arbitrarily intrude on citizens.

Parallel to the attempt at ‘hedging in’ of police powers in criminal enforcement by this High court, there has been a move to expand powers of investigative bodies in civil suits. The next sub-section looks at two innovations by courts – Anton Piller Orders and John Doe orders – which are mechanisms unwarranted by civil procedural law, but crafted by high courts specifically to deal with copyright investigation.

'Anton Piller' orders and 'John Doe' Orders

In addition to the extensive police powers under the Copyright Act mentioned above, plaintiffs have other, equally intrusive powers at their disposal. In the past decade it has become common for copyright owners and owners-associations to employ civil procedure to emulate the same kind of invasiveness. This is done via the mechanism of so-called ‘Anton Piller’ orders - orders obtained unilaterally ‘ex-parte’ (in the absence of the defendant) from civil courts which permit court-appointed officers, accompanied by representatives of the plaintiffs themselves, to search premises and seize evidence without prior warning to the defendant. Frequently, courts have also issued ‘John Doe’ orders[9] –orders to search and seize against unnamed/unknown defendants - which virtually translates into untrammelled powers in the hands of the plaintiffs, aided by court-appointed local commissioners, to raid any premises they set their eyes on.

Although the authority of the courts under Indian law to grant these orders is suspect[10], they have virtually been regularized in practice over the past decade through routine issual by the High Courts, especially the Delhi High Court. This has led to a widespread phenomenon of powerful copyright owning groups such as the Business Software Alliance and the Indian Performing Right Society Limited managing to successfully assume for themselves almost plenary powers of search and seizure as they go about knocking on the doors of small businesses and demanding to be allowed to audit their software. An anonymous post on the popular Indian Intellectual Property Weblog ‘Spicy IP’ graphically conveys the invasiveness inherent in the execution of these orders:

Ghost Post on IP (Software) Raids: Court Sponsored Extortion?[11]

Picture this:

You are working in your office one day, when all of a sudden, a group of people arrive unannounced brandishing a court order. The order allows them to walk into your office and conduct an audit of all your office computers to collect evidence of the use of unlicensed software in your office.

This group consists of a court-appointed commissioner, lawyers representing the plaintiff, and technical persons who will carry out the actual software audit.

Knowing that to disobey the order will amount to a contempt of court, you allow the group to carry out the audit.

The audit lasts several hours and continues well into the night. Needless to say, it is physically and emotionally draining on you as your work has come to a stand-still. Everyone around you knows there is some court proceeding going on. You have already lost face with your employees, and possibly even clients who have visited your office during the audit.

As you have several dozen computers purchased over a period of time, and the audit is conducted unannounced, you may not have the time to gather documentation and invoices demonstrating the purchase of licensed software.

While the court order allows you to back up your valuable client and business data, the plaintiff’s lawyers don’t allow you to do so, stating that documents/ data found on machines that contain any unlicensed software may not be backed up.

All computers found with copies of what the plaintiff’s lawyers are calling unlicensed software are seized and sealed. You do not have the time, presence of mind or legal representation to argue that such copies may be backup copies allowed under the law, or that therefore several, or all of the seized machines are not liable to be seized, or that such copies are actually allowed under the software license.

Even more importantly, your licensed servers are seized because they are found to contain back-up copies of software, allowed under the law, but deemed infringing by the plaintiff’s lawyers.

At the end of the audit, you are informed that your computers contain copies of unlicensed software to varying degrees. You are made to sign a report prepared by the commissioner, along with sheets that represent the software audit of each computer in your office.

Most of your computers and servers are seized and sealed. You are told that you cannot touch them till the court allows you to. You are not even allowed to separate the hard drives of those machines that contain the alleged unlicensed software, for the purpose of seizure, so as to enable you to continue using the rest of the machine, even though the court order clearly states that only storage media containing the unlicensed software is to be seized.

In a 2008 case, Autodesk Inc vs. AVT Shankardass[12], the Delhi High Court – which happens to be the most enthusiastic issuer of Anton Piller orders[13] –issued guidelines on the considerations which judges should weigh before granting such orders in software piracy cases. Worryingly, the guidelines stipulate that "The test of reasonable and credible information regarding the existence of pirated software or incriminating evidence should not be subjected to strict proof". Instead the court prescribes that "It has to be tested on the touchstone of pragmatism and the natural and normal course of conduct and practice in trade."

The Court also included a few guidelines meant to safeguard the defendant. These include the possibility of requiring the plaintiff to deposit costs in the court "so that in case pirated software or incriminating evidence is not found then the defendant can be suitably compensated for the obtrusion in his work or privacy." Although on the face of it, these guidelines threatened to open up the floodgates for the granting of Anton Pillar orders, in fact, these fears seem not to have been realized. The privacy-invasive ambitions of IP owners have been subverted by a combination of the security requirements stipulated in the Autodesk guidelines above, the judiciary’s own inefficiency/inconsistency and a greater assertiveness and defiance on the part of defendants. The following passage from the 2011 Special 301 India Country Report on Copyright Protection and Enforcement[14], prepared by the IIPA, records the industry’s frustrations in obtaining Anton Pillar orders from the courts over the past year:

Unfortunately, in 2010, such enforcement efforts have become much less effective due to judges imposing conditions on such orders.

With periodic changes to the roster of judges on the Original Side Jurisdiction of the Delhi High Court (which is done as a matter of routine and procedure where the roster changes every 6 months), BSA reports: 1) the imposition of security costs on Plaintiffs; 2) the grant of local commission orders without orders to seize and seal computer systems containing pirated/unlicensed software; 3) granting the right to Defendants to obtain back up copies of their proprietary data while at the same time ensuring that the evidence of infringement is preserved in electronic form; 4) assigning a low number of technical experts for large inspections, making carrying out orders more time-consuming and raising court commissioners’ fees; and 5) ineffective implementation and lack of deterrence from contempt proceedings against defendants who disrupt or defy Anton Pillar orders.[15]

Notwithstanding this temporary setback, Anton Piller orders and John Doe orders remain powerful weapons in the arsenal of large copyright owners who continue to use it in ways that are extremely intrusive. These orders exemplify an instance of how courts rarely reflect on the privacy implications of the orders that they themselves issue –similar action undertaken by the executive would have most likely invited the court’s consideration on whether they violate privacy.

In the next section we move on to private ‘technological’ measures of enforcing copyright which are likely to receive statutory sanction.

Technological Measures

In the light of the industry’s perception of a weakening of its enforcement options due to the judiciary’s waning enthusiasm, it remains to be seen what new manoeuvres they would make to strengthen enforcement. One foreseeable arena of conflict would be the new measures proposed to be included in the Copyright Act that criminalise the circumvention of ‘technological protection measures’ (TPMs) built into software by manufacturers. The proposed new Section 65A criminalises the circumvention of “an effective technological measure applied for the purpose of protecting any of the rights conferred by this Act," "with the intention of infringing such rights”. This is punishable with imprisonment up to two years and a fine. However the section also creates a vast list of exceptions including research, testing, national security etc which make it a comparatively soft tool in the hands of prosecutors. Among the list of exceptions is a clause that enables the circumvention of TPMs in order to facilitate purposes that are 'not expressly prohibited' – including, conceivably, to exercise fair dealing rights under Section 52. Although this is a welcome provision, it requires, as a condition of its exercise, that the person ‘facilitating the circumvention’ maintain a record of the persons for whose benefit this has been done. This has led to apprehensions of violations of privacy especially from disability rights groups, who would potentially be the biggest users of this section as it would enable them to make electronic content more widely accessible. However, the lawful exercise of this right would mean that each instance of use of electronic content – say an e-book – by a disabled person would be recorded, which could deter them from accessing content. It would also clearly amount to a violation of their privacy compared to other analog users who are not required to similarly maintain logs each time they share books, for instance.

On the whole, despite the effect these measures have of diminishing absolute control over our electronic resources, the fact that the IIPA - which has been one the most rapid ‘defenders’ of IP - has consistently complained about their inadequacy in its Special 301 Reports[16] gives us some cause for optimism that the privacy invasions it could occasion would not be too severe.

Meanwhile, in a first of its kind, in 2005 the High Court of Andhra Pradesh permitted the prosecution, under the Copyright Act, of persons accused of having circumvented technological protection measures in mobile devices.

In Syed Asifuddin and Ors. v The State of Andhra Pradesh [17] the accused had altered the software on the mobile handsets provided by one service provider (Reliance), so that the same handset could be used to access the network of a rival provider (Tata Indicom). The Court observed that "if a person alters computer programme of another person or another computer company, the same would be infringement of the copyright." The matter was then relegated to the trial court to receive evidence on whether in fact such alteration had occurred.

This ruling, if correct, effectively negates the need for any amendment to the law since circumvention of technological measures typically involves an unauthorized alteration of copyrighted code. Of course it would always be open to the defendant to assert his fair dealing rights in defence, but that issue was not deliberated upon by the High Court in this instance.

Portents

With the terrain of copyright infringement increasingly shifting from ‘street piracy’ to online piracy, it remains to be seen how innovations in copyright enforcement impact privacy. Three events are particularly interesting in this context.

In August 2007, a techie from Bangalore was arrested on charges of having posted incendiary images of a popular folk hero on a website. He had been traced based on the IP Address details provided by a leading ISP. It later turned out that the IP address information was incorrect. By the time the error was noticed, he had already been held in jail illegally for a period of 50 days.[19] Shocking as this incident is, it offers a portent of the gravity of the possible privacy abuses that we are likely to witness in the years to come as copyright owners begin to hunt down infringers on the Internet.
In 2006, the Delhi High Court the pioneer among the Indian Judiciary in issuing John Doe orders added another feather to its cap by permitting the filing of a suit against an IP address. In a case of defamation by email from an unknown sender, a company was able to successfully file a suit against the IP address and obtain an order against the ISP to track down the user who was later impleaded as a party to the suit. This case and the growing number of John Doe orders issued, indicates that the judiciary in India has been quite willing to partner with litigants in their fishing expeditions. While it cannot be gainsaid that this has aided the legitimate interests of litigants, this has come at the price of a callous disregard for the interests of consumer privacy in India, which, as the incident described above highlights, could easily descend into a full blown human rights violation.
With the arrest in November 2010 of a four-member gang from Hyderabad for uploading media content – including popular film titles - on Bittorrent, the popular online file sharing tool, the industry has signalled its capacity and willingness to take the battle over copyright to the Internet.[20] New rules notified under the Information Technology Act make it mandatory for 'intermediaries' (ISPs) to co-operate in locating and removing ‘infringing content’ that is stored or transmitted by them.[21] This will facilitate untrammelled access to users by copyright industries.

Although it is too early to predict the future for the Internet that these developments will result in, they are definitely a source of apprehension from the perspective of privacy.

Copyright and Confidential Information

Although the protection of 'confidential information' and 'copyright' occupy distinct realms in the law[22], they converge occasionally, and copyright has been used as an instrument by people and organisations to protect their confidential information. In fact it has become quite routine for written pleadings by plaintiffs in cases to assert the omnibus infringement of their ‘copyrights, confidential information, trade secrets, trademarks designs etc’ without specifying which of the claims is urged. For instance in Mr. M. Sivasamy v M/S. Vestergaard Frandsen[23] a case before the Delhi High Court, the plaintiffs claimed that. "Defendants are violating the trade secrets, confidential information and copyrights of the plaintiffs.”; Similarly in Dietrich Engineering Consultant v Schist India & Ors , before the Bombay High Court, the plaintiffs contended"..the suit is filed to prevent unauthorized and illegal use of the plaintiffs confidential information and infringement of the 1st plaintiffs Copyright".[24]

In one of the earliest cases of this kind, Zee Telefilms Ltd. v Sundial Communications Pvt. Ltd, the Bombay High Court delivered a ruling in favour of the plaintiffs on both grounds of copyright infringement and confidential information. Here the employees of the plaintiffs – a company engaged in the business of producing television serials - had developed the concept for a program which they had registered with the Film Writers Association. Subsequently, they made a confidential pitch of the concept to the representatives of the defendants, a well known TV channel. Although initially the defendants appeared reluctant to take the concept forward, they proceeded later on, without the authorization of the plaintiffs, to produce a TV serial that closely mirrored the ideas contained in the show conceived by the plaintiff. In an action seeking to restrain the defendants from proceeding with their production, the High Court agreed with the plaintiff’s claims both on the count of copyright infringement and confidentiality. Curiously, the determination of both issues turned on the similarities between the plaintiff’s and defendant’s concepts – which is traditionally a determination relevant only to copyright cases. On the issue of confidentiality, the court held "Keeping in view numerous striking similarities in two works and in the light of the material produced on record, it is impossible to accept that the similarities in two works were mere coincidence...the plaintiffs' business prospect and their goodwill would seriously suffer if the confidential information of this kind was allowed to be used against them in competition with them by the defendants."

Although a clear line is demarcated between the claims of confidentiality and copyright in this case, this distinction is less sharp in other cases of the same nature.

In a more recent case Diljeet Titus, Advocate v Mr. Alfred A. Adebare & Ors[25] four associates of the plaintiff’s law firm quit together to start their own practice. While leaving they took documents they had drafted including agreements, due diligence reports and a list of clients along with them. The plaintiff filed a suit for injunction, asserting both that this material was confidential and that he owned the copyrights over them. The Delhi High Court agreed and issued an injunction restraining the defendants from “utilizing the material of the plaintiff forming subject matter of the suit and from disseminating or otherwise exploiting the same including the data for their own benefit.” What is interesting in this case is the conflation of confidentiality and copyright – both in the allegations of the plaintiff and the rebuttals of the defendant who sought to resist claims of confidentialty on grounds that they had themselves authored the papers in question.

Curiously, where copyright and confidentiality claims coincide, it would appear that the parameters of determining copyright infringement end up determining the issue of confidentiality as well.

In the next section we move on to the last copyright/privacy issue that we had flagged in the introduction – the invocation of copyright in aid of the ‘right to publicity’ of individuals which can be read as a kind of privacy claim.

Copyright and Publicity

Do we have a copyright over our identities – our names, our appearances, our life histories, our reputation and our bodies - so that we have an actionable interest in preventing their deployment in public without our express authorization?

This question has arisen in a limited set of cases in India that raise interesting questions. As with the confidentiality cases discussed above, the lines separating ‘defamation’ actions from ‘copyright’ claims is not brightly drawn in these cases. Neither is the line linking copyright to the protection of privacy clearly evident. All one can say with confidence is that copyright and privacy are two words tossed into the plaints by the plaintiffs while asserting their claims.

In one of the most high-profile cases of its kind, Phoolan Devi v Shekhar Kapoor[26] the Delhi High Court was faced with the question of whether ‘public figures’ are entitled to any degree of control over the representation of their lives. Here the petitioner, Phoolan Devi, a reformed bandit, had 'licensed'[27] the production of a biopic on her life to the defendant, a film director of note, who was to consult the plaintiff’s own writings and those of her authorised biographer in making the film. However, the defendant – the director of the biopic – had exceeded this mandate and also depicted incidents that emerged from various newspaper accounts – including a graphic gang rape scene where the plaintiff was the victim, and a massacre which she had allegedly orchestrated. Although generally well-known, neither of these incidents were either admitted to by the plaintiff herself or mentioned in the plaintiff’s own writings and those of her biographer. Even worse, the film had not been shown to her even several months after it had been released to national and international audiences.[28] In Arundhati Roy’s moving words the producers of the film “[R]e-invent her life. Her loves. Her rapes. They implicate her in the murder of twenty-two men that she denies having committed. Then they try to slither out of showing her the film!”[29]

One of the contentions that the petitioner’s advocate had advanced was that the defendant had no right “to mutilate or distort the facts as based upon prison diaries” and that any such distortion would fall afoul of her right under Sec 57 of the Indian Copyright Act. This section confers certain ‘special rights’ on the author including the right to claim authorship and to restrain any distortion/mutilation or modification of the work that would be prejudicial to his/her honour or reputation.[30]

These rights survive any assignment of the copyright made by the author i.e. they can e asserted by the author above any contract entered into by her with third parties such as the producer in this case. The Court framed the question it was faced with in these terms:

[T]he question before me is whether such person like the plaintiff has no right to defend when someone enlarges the terrible facts, enters the realm of her private life, depicts in graphic details rape, sexual intercourse, exhibits nudity, portrays the living person which brings shame, humiliation and memories of events which haunts and will go on haunting the plaintiff, more so the person is still living. Whether the plaintiff has no right and her life can become an excuse for film makers and audience to participate in an exercise of legitimate violence with putting all inhibitions aside.

Ultimately, the High Court sided with the petitioner and issued an injunction restraining the defendant from exhibiting his film.[31] This decision was based more on a consideration of constitutional right to privacy principles than an evaluation of the plaintiff’s case under Copyright law. However, it does provide an interesting factual matrix for the exploration of the way in which protection of copyright and privacy might overlap.

In a contrasting case before the Bombay High Court, Manisha Koirala v Shashilal Nair & Ors [32] an injunction was sought against the release of a film in which the petitioner, a noted actress, was depicted in the nude through the device of a ‘body double’. Here the plot was entirely fictional and the plaintiff, a noted actress, had agreed to perform in the film with ‘substituted shots’ during the scenes in the story that involved nudity. Subsequently, she appears to have reconsidered this decision and objected to the very inclusion of these scenes in its final version. In her petition before the court, she alleged defamation and malicious injurious falsehood, arguing that the exhibition of the film would result in a violation her right to privacy "as the objectionable shots, attempt to expose the body of a female which is suggested to be that of the plaintiff". She contended that “the right to portray her on screen can only be exercised in a manner, which is subject to the fundamental principle that such portrayal can only be with her unconditional consent." "The present rendition" of her part in the film, she alleged was “an invasion of privacy as it is embarrassing and will cause irreparable damage to her reputation which remains untarnished thereby causing irreparable loss and injury”. Although Copyright is not invoked in this case by the petitioner, there is an audible echo of some of the reputational anxieties that had animated Phoolan Devi’s case mentioned above. The difference, however, is that in this case the petitioner’s claim was not grounded in a quest for control over her biography, but over the image of her body. Unlike the previous case, here the Court was unsympathetic to the petitioner’s claims. The court treated her previous ‘consents’ as determinative of all issues and dismissed her case holding:

"The Court ...cannot be a moral guardian in this context. ..It is.. clear to my mind that once having agreed to act in the film it will be too late for the plaintiff .. to hold that a case of defamation has been made out.. To maintain a case of malicious falsehood it must be held out that the statement was false. In the instant case what is sought to be contended is that the scenes involving the film artist would result in an action of malicious injurious falsehood or malicious falsehood by associating the plaintiff's with the scenes which she had not enacted.. The plaintiff was prima facie aware as earlier held and that the scenes formed part of the story board have been enacted by a double and consequently it cannot be said that in the present case the plaintiff has been able to establish a case of malicious falsehood."[33]

One of the facts that was relevant in the court’s decision was that the defendant, as the ‘holder of the copyright in the film’, had incurred vast expenditure in publicising its release. Here, in a reversal of the Phoolan Devi case, copyright is held up as a shield against a competing privacy claim. The issue of the extent of overlap between copyright and privacy however remains unsettled in law. In April 2007, the Madras High Court granted a temporary injunction against the publishers of an unauthorised biography of former Tamil Nadu Chief Minister Jayalalitha. In her petition she alleged that the biography “had been written without any verification of facts. Such a publication would spoil her image and damage her status in politics and public life.” Her petition contended that “No one has a right to publish anything concerning personal private matters without consent, whether truthful or otherwise, whether laudatory or critical.[34]

Although it does not reference Copyright law, this case is another illustration of the enduring relevance of the question of whether we are entitled to the exclusive authorship of our private life-stories.

The Private under the Copyright Act

In its various sections, the Copyright Act inscribes certain spaces and actions as either public or private. Specified activities are labelled public even though they are conducted within the domestic confines of one’s home. Similarly, activities that infringe copyright are nevertheless immunised from prosecution due to the fact that they are conducted for a ‘private’ purpose. In this concluding section of this paper, we try to piece together a narrative of privacy and the private domain that emerges from a combined reading of various sections and decisions under the Copyright Act.

We begin, here, by collating the Copyright Act’s various articulations of the ‘public’ and ‘private’. By treating them as intertwining, mutually constitutive terms, we proceed to analyse these various articulations in the Copyright Act with a view to seeing what account of the private realm may emerge.

Public/Publish

One of the key rights that most owners of copyrights enjoy is the exclusive right to "publish" or "communicate their work to the public".

The Act defines "publication" to mean “making a work available to the public by issue of copies or by communicating the work to the public”. Significantly, in case of dispute, if the issue of copies or communication to the public is “of an insignificant nature” it is deemed not to constitute a publication [Section 6]. This signals that the notions of publicity and publication under the Copyright Act are in some senses moored to the magnitude of the receiving public. The ‘private’ then is constituted, reciprocally, as the ‘insignificant public’.

Under the Indian Copyright Act, "communication to the public" occurs when a person makes any work “available for being seen or heard or otherwise enjoyed by the public directly or by any means of display or diffusion other than by issuing copies of such work”. Such communication occurs “regardless of whether any member of the public actually sees, hears or otherwise enjoys the work so made available.”[Section 2(ff)][35]

Private

The word ‘private’ is expressly referenced in four provisions of the Copyright Act.

Section 39 declares that “the making of any sound recording or visual recording for the private use of the person making such recording, or solely for purposes of bona fide teaching or research” would not violate the broadcast reproduction right or performer's right;
Section 51 which stipulates when copyrights are infringed declares that the “imports into India, any infringing copies of the work” would constitute an infringement except if it is only a single copy of any work that is imported “for the private and domestic use of the importer”.
Section 52(1) of the Copyright Act lists certain acts as not infringing of copyright. These include:

(a) a fair dealing with a literary, dramatic, musical or artistic work, not being a computer programme, for the purposes of private use, including research. A proposed amendment to this section seeks to extend this protection to all ‘personal’ uses in addition to ‘private uses including research[36]. ‘Personal use’ has been interpreted in non-copyright contexts to include the family members of the person living with him.[37] The definition of ‘person’ under the General Clauses Act includes a “company or association or body of individuals, whether incorporated or not”. Although the case law on the point is scant[38], it would be interesting to see if ‘personal use’ can be read to include the use by companies internally, thereby casting a shroud of privacy on corporations for the purpose of copyright.
(p) the reproduction, for the purpose of research or private study or with a view to publication, of an unpublished literary, dramatic or musical work kept in a library, museum or other institution to which the public has access.

In addition to the provisions listed above, Section 52 the Act also shields certain spaces and occasions as immune from the charge of copyright infringement (although they are not specially designated as ‘private’). These include educational institutions[39], non-profit clubs, societies[40], religious institutions[41] and religious ceremonies including marriages.[42]

Perhaps the most elaborate calibration of the boundaries between the 'private' and 'public' under the Indian Ccopyright Act by the judiciary occurs in the case Garware Plastics and Polyester vs Telelink & Ors[43]., decided by the Bombay High Court in 1989. The case called for the determination of whether films transmitted via neighbourhood cable networks and viewed in the privacy of customers’ homes would constitute an unauthorised ‘communication to the public’ under the Copyright Act. Here the defendants had purchased video tapes of popular films and begun transmitting them over cable networks owned by them. For this they charged a monthly maintenance fee from their customers. Under the Copyright Act then in force, ‘communication to the public’ was defined simply as "communication to the public in whatever manner, including communication through satellite.” After an extensive review of English law on the subject, the court ruled that this did constitute an unauthorised communication to the public:

"Whether a communication is to the public or whether it is a private communication depends essentially on the persons receiving the communication. If they can be characterized as the public or a protein of the public , the communication is to the public…From the authorities the principal criteria which emerge for determining the issue are(1) the character of audience and whether it can be described as a private or domestic audience consisting of family members or members of the household, (2) whether the audience in relation to the owner of the copyright can be so considered…Applying the test of the character of the audience watching these video films , can this audience be called a Section of the public or is this audience a private or domestic audience of the defendants ? In the present case it cannot be said that the audience which watches video films shown by the defendants consists of family members and guests of the defendants. The video film may be watched by a large Section of the public in the privacy of their homes. But this does not make it a private communication so as to take it our of the definition of "broadcast" under the Copyright Act, 1957.

It is true that the network operates through the connection of a cable to all these various apartments or houses. But this cannot in any way affect the character of the audience. The viewers are not members of one family or their guests. They do not have even the homogeneity of club members of one family or their guests. They do not have even the homogeneity of a club membership.[44] (emphasis added)

A central feature emerging from this case that distinguishes public form private in Copyright law is homogeneity or affiliation: that space is marked ‘private’ where a pre-affiliated group – united either by kinship or association in pursuit of a common goal – comes together in pursuit of a non-commercial common interest. Conversely, ‘Public’ is where the unaffiliated congregate. On the face, this accords with the spirit of the various fair dealing rights under the Copyright Act which carve out immunised spaces for institutions that correspond to these definitions – educational institutions, religious institutions and ceremonies, amateur clubs etc are immune from infringement actions because, one could say, their activities are ‘private’.

In 1994 the Copyright Act was amended to fortify this conclusion by expanding the definition of ‘communication to the public’ to include ‘communication through satellite or cable or any other means of simultaneous communication to more than one household or place of residence including residential rooms of any hotel or hostel shall be deemed to be communication to the public;” (Sec 2(ff), Explanation)

Conclusion

I would like to conclude this paper with some reflections on the assertion I made in the introduction about copyright law being both an instrument for the protection and violation of privacy. From the discussion in the previous sections, it follows:

Firstly, that 'property' – as embodied by copyright law – is, at best, an unreliable guarantor of privacy. It works when bussed along with dignity claims– for instance the Phoolan Devi case where the petitioner’s suffering underlay her property claim– but fails when asserted as ‘property’ per se (as in Manisha Koirala’s case[45]). One does not (under the Indian Copyright Act, at least) have a reliable ‘property’ interest in one’s life story, bodily representation, name etc. This stands in contrast with other regimes such as the US where several states have enacted ‘Right to publicity’ statutes or have recognised publicity rights through common law processes.[46]

These rights can be read to offer people a 'property' means for protecting their privacy (by preventing unauthorised publicity) in those jurisdictions. Analogous claims are unavailable in India.

Secondly, that ‘property’ operates frequently as a license for the violation of privacy with impunity. This emerges most clearly from the cases of copyright investigation that we examined in Section 1.2 above. Pecuniary copyright interests appear to completely overwhelm any regard for competing privacy concerns.

Thirdly, that, notwithstanding the preceding two points, the copyright act does protect privacy in limited ways. Chiefly these are a) By conferring limited copyright on 'unpublished works', it enables authors to restrict their publication except on terms acceptable to them. b) The Act grants a very wide “Performer’s right” to performers and no sound or visal recording may be made of them without their express consent. No such recording can broadcast or communicated to the public without their consent. This gives a very powerful weapon of control in the hands of performers to restrict the extent to which representations of them are publicised. C) As mentioned above in the penultimate section of this paper, various fair dealing exceptions carve out spaces of privacy where infringing acts are granted immunity – for instance private uses, uses in educational institutions and libraries, etc.

Lastly, with the arena of copyright infringement shifting gradually to the internet, it is foreseeable that the IT Act will be employed with greater frequency in the coming years to do the work of copyright enforcement. The legal regime already supports this change through provisions in the IT Act which preserve all existing rights available under the Copyright Act [Section 81 (proviso) of the IT Act] and put new powers of take-down [see Intermediary Guidelines] in the hands of Copyright Owners. Thus on the one hand, copyright owners would be able to lawfully hack into potential infringers’ computers while enjoying immunity under the IT Act. On the other hand, ‘intermediaries’ would be legally bound to co-operate in copyright enforcement including, conceivably, handing over a number of personal details of those accused of copyright infringement. In other jurisdictions, such as the EU, such ‘co-operation’ is heavily policed by judicial oversight where personally identifiable information is involved[47]. Contrastingly, in India, with its diminished concerns for privacy and limited awareness of how IP address data can seriously imperil privacy, there is a very real threat that these provision will license the wholesale violation of online privacy.

Notes

[1]Anon, 2005. Towards Knowledge Societies, Paris: UNESCO. Available at: http://unesdoc.unesco.org/images/0014/001418/141843e.pdf [Accessed April 20, 2011].

[2]Sundaram says "Temporal acceleration was a significant part of the imaginary of developmentalism - this was inherent in the logic of 'catching up' with the core areas of the world economy by privileging a certain strategy of growth that actively delegitimized local and 'traditional' practices."

[3]This aspiration underlies several of the policy documents prepared in India in the last decade – Illustratively, the report submitted by the National Task Force on Information Technology (NTFIT) in 1998 captures this sentiment well: “For India, the rise of Information Technology is an opportunity to overcome historical disabilities and once again become the master of one's own national destiny. IT is a tool that will enable India to achieve the goal of becoming a strong, prosperous and self-confident nation. In doing so, IT promises to compress the time it would otherwise take for India to advance rapidly in the march of development and occupy a position of honor and pride in the comity of nations” Tiwari, Ghanshyam et al. Government of India. Central Advisory Board of Education, Ministry of Human Resource Development .Report of the Central Advisory Board of Education Committee On Universalisation of Secondary Education. New Delhi: 2005

[4]There is some ambiguity on whether offences under the Copyright Act punishable with imprisonment “which may extend to three years” are 'cognizable' or not. The Code of Criminal Procedure 1973 classifies all offences which prescribe a penalty of three years and above as cognizable and non bailable [First Schedule]. Offences which are punishable with imprisonment of less than three years are classified as ‘non-cognizable’ and ‘bailable’. In the absence of a definitive ruling from the Supreme Court on this issue, different High Courts have offered conflicting interpretations. See Singh, S. & Aprajita, 2008. Insight into the nature of offence of Copyright Infringement. Journal of Intellectual Property Rights, 13(6), pp.583-589. Available at: http://nopr.niscair.res.in/bitstream/123456789/2433/1/JIPR%2013%286%29%20583-589.pdf [Accessed May 12, 2011]. See also Agarwal, D.K., 2010. Arrest under the customs act ? Bailable or non-bailable offence. Translation Interpreting Services. Available at: http://translation-tech.com/blog/213/arrest-under-the-customs-act-bailable-or-non-bailable-offence/ [Accessed May 12, 2011]. The determination of this issue would have wide ranging implications since the police have a wider assortment of powers with respect to interrogation, arrest, search and seizure in the course of investigating cognizable offences than they have with respect to non-cognizable offences.

[5]"Where Director of Inspection or Commissioner in consequence of information in his possession, has reason to believe that any person having in possession of any money, etc.." has not disclosed it for purposes of Income Tax.

[6]AIR 1997 Raj 78 < http://indiankanoon.org/doc/661363/>

[7]Event and Entertainment Management Association v. Union of India (Delhi HC) Order dated 2nd May 2011 <http://courtnic.nic.in/dhcorder/dhcqrydisp_o.asp?pn=84697&yr=2011>. Harkauli, S., 2011. HC nullifies police circular on copyright issue. The Pioneer. Available at: http://www.dailypioneer.com/336974/HC-nullifies-police-circular-on-copyright-issue.html [Accessed May 9, 2011].

[8]Ibid

[9]As recently as April 2011, the Delhi high court restrained “cable operators nationwide from telecasting matches of the Indian Premier League (IPL) without authorization from MSM Satellite (Singapore) Pte Ltd, which owns the broadcasting rights. See Bailay, R., 2011. Cable operators can’t telecast IPL without authorization, says HC. Livemint. Available at: http://www.livemint.com/articles/2011/04/27212449/Cable-operators-can8217t-te.html?atype=tp [Accessed May 13, 2011]. For an early history of John Doe orders in India, see Krishnamurthy, N. & Anand, P., 2003. India Trade marks in a state of change. Managing Intellectual Property. Available at: http://www.managingip.com/Article/1321770/India-Trade-marks-in-a-state-of-change.html [Accessed May 13, 2011].

[10]These orders are granted by the Court supposedly under Section 75 read with Order 26 of the Code of Civil Procedure which empowers the court to appoint “Local Commissioners” to record evidence in special cases. I have stated my opinions elsewhere on why I believe these powers may not be invoked for the purpose of effecting routine searches and seizures in the manner as is currently being practiced by the higher judiciary – especially the Delhi High Court. See Iyengar, P., 2009. BSA’s response on Spicy IP – in perspective. Original Fakes. Available at: http://originalfakes.wordpress.com/2009/04/04/bsas-response-on-spicy-ip-in-perspective/ [Accessed May 10, 2011].

[11]Anon, 2009. Ghost Post on IP (Software) Raids: Court Sponsored Extortion? SPICY IP. Available at: http://spicyipindia.blogspot.com/2009/03/ghost-post-on-ip-software-raids-court.html [Accessed May 10, 2011].

[12]Autodesk Inc Vs. AVT Shankardass, Available at: http://delhicourts.nic.in/Jul08/Autodesk%20Inc%20Vs.%20AVT%20Shankardass.pdf [Accessed May 10, 2011].

[13]The 2011 Special 301 Country Report on India prepared by the IIPA specifically cites the Delhi High Court in this context, statng “The industry enjoys a very high success rate with respect to the grant of such orders at the Delhi High Court”. According to this report, the Business Software Alliance was able to obtain 34 such orders in 2009.

[14]Anon, 2011. Special 301 Report on Copyright Protection and Enforcement: 2011 India Country Report, International Intellectual Property Alliance. Available at: http://www.iipa.com/rbc/2011/2011SPEC301INDIA.pdf [Accessed May 9, 2011].

[15]Ibid at. Pp 41-42.

[16]The 2010 Special 301 Country Report lists the following defects of the proposed Section 65A: “(a) does not cover access controls and is limited only to TPMs protecting the exercise of exclusive rights; (b) covers only the “act” of circumvention and does not also cover manufacturing, trafficking in, or distributing circumvention devices or services; (c) does not define an “effective technological measure”; (d) contains an exception which would appear to permit circumvention for any purpose that would not amount to infringement under the act (thereby almost completely eviscerating any protection); (e) creates other overbroad exceptions; and (f) provides for only criminal and not civil remedies."

[17]Syed Asifuddin And Ors. v The State Of Andhra Pradesh, 2005 CriLJ 4314 (Andhra Pradesh HC ).

[18]Ibid.

[19]Holla, A., 2009. Wronged, techie gets justice 2 yrs after being jailed. Mumbai Mirror. Available at: http://www.mumbaimirror.com/index.aspx?page=article&sectid=2&contentid=200906252009062503144578681037483 [Accessed March 23, 2011]. See also Nanjappa, V., 2008. “I have lost everything.” Rediff.com News. Available at: http://www.rediff.com/news/2008/jan/21inter.htm [Accessed March 23, 2011].

[20]Pahwa, N., 2010. Hyderabad Police Arrests Torrent Uploaders - MediaNama. MediaNama. Available at: http://www.medianama.com/2010/11/223-hyderabad-police-arrests-torrent-uploaders/ [Accessed May 12, 2011].

[21]GSR 314(E) Dated 11 April 2011: Information Technology (Intermediaries guidelines) Rules, 2011 http://www.mit.gov.in/sites/upload_files/dit/files/GSR314E_10511(1).pdf [Accessed May 12, 2011].

[22]See Zee Telefilms Ltd. v Sundial Communications Pvt. Ltd., 2003 (5) BomCR 404 (Bombay High Court 2003).

[23]Mr. M. Sivasamy v M/S. Vestergaard Frandsen (Delhi High court 2009).< http://indiankanoon.org/doc/916718/>

[24]Dietrich Engineering Consultant v Schist India & Ors (Bombay High Court, 2009) < http://indiankanoon.org/doc/1634545/>

[25]Mr. Diljeet Titus, Advocate vs Mr. Alfred A. Adebare And Ors, 130 DLT 330 (Delhi High Court 2006).

[26]Phoolan Devi v Shekhar Kapoor And Ors. (1994). DLT (Vol. 57 (1995), p. 154). Retrieved from http://indiankanoon.org/doc/793946/

[27]The conditions under which this license were obtained speak eloquently to the ills of the current copyright system. According to Phoolan Devi’s lawyer, the noted advocate Indira Jaisingh, the contract was signed by Phoolan Devi while she was behind prison bars. She did not speak or understand Hindi or English and only spoke in a local dialect. The copyright contract was written entirely in English and gave her a paltry sum or Rs. 2 lakh – which was a pittance considering the budget and projected returns from the film. Jaisingh, I., 2001. Supreme Court lawyer Indira Jaisingh pays tribute to Phoolan Devi. Available at: http://www.rediff.com/news/2001/jul/26spec.htm [Accessed June 10, 2011]. Arundhati Roy’s two superb critiques of the film and its director movingly capture why this is not a simple case of copyright assignment. See Roy, A., 1994. The Great Indian Rape Trick - I. Sawnet. Available at: http://www.sawnet.org/books/writing/roy_bq1.html [Accessed June 10, 2011].; Roy, A., 1994. The Great Indian Rape Trick - II. Sawnet. Available at: http://www.sawnet.org/books/writing/roy_bq2.html [Accessed June 10, 2011].

[28]Ibid, Roy, A., 1994. The Great Indian Rape Trick - I.

[29]Ibid, Roy, A., 1994. The Great Indian Rape Trick - II

[30]Section 57 of the Act reads “Author’s Special Rights: ‘Independently of the author's copyright and even after the assignment either wholly or partially of the said copyright, the author of a work shall have the right-

(a) to claim authorship of the work; and
(b) to restrain or claim damages in respect of any distortion, mutilation, modification or other act in relation to the said work which is done before the expiration of the term of copyright if such distortion, mutilation, modification or other act would be prejudicial to his honour or reputation:”

[31]The case was later settled out of court with Phoolan Devi being able to secure a substantially higher compensation. Ultimately, the case was not about the depiction of rape generally, but primarily about Phoolan Devi’s sovereign right to decide the terms on which her own life would be represented.

[32]Manisha Koirala v Shashilal Nair & Ors. (2002). BomCR (Vol. 2003 (2), p. 136). Retrieved from http://indiankanoon.org/doc/1913646/

[33]Ibid

[34]Anon, 2011. High Court Grants Injunction Till June 7 Against Publishing Book on Jayalalithaa. The Hindu, p.01. Available at: http://www.hindu.com/2011/04/27/stories/2011042762360100.htm [Accessed May 12, 2011].

[35]For a more dispersed account on the concept of the ‘public’ under Indian law, See Iyengar, P, ‘Where the private and the public collide’, iCommons Lab Report, September- October 2007, pp. 7-8, Icommons.org, < http://archive.icommons.org/articles/what-is-public> last visited May 2011

[36]Copyright (Amendment) Bill 2010 http://prsindia.org/uploads/media/Copyright%20Act/Copyright%20Bill%202010.pdf

[37]See Sivasubramania Iyer v. S.H. Krishnaswamy AIR 1981 Ker 57 , a case under Kerala Buildings (Lease & Rent Control) Act 1965.

[38]Goods purchased for the private use of a corporation would be goods purchased for the ”personal use” of the corporation. 158 IC 703.

[39]52(1)(g), (h) and (i)

[40]52(1)(k) and (l)

[41]52(1)(l)

[42]52(1)(za)

[43]AIR 1989 Bom 331, 1989 (2) BomCR 433, (1989) 91 BOMLR 139 <http://indiankanoon.org/doc/858705/>

[44]Ibid.

[45]At first glance this distinction may seem facile since even Manisha Koirala invoked ‘reputational harm’ as a prop to buttress her property claim. However, I believe this case was complicated by the fact that the court had to consider whether the display of someone else’s body could have implicated Manisha Koirala’s privacy/dignity. Koirala was, in effect, arguing that she had absolute ‘proprietorial’ control over all representations of her body – a property argument which the court was unwilling to concede.

[46]See Footnote 90 and accompanying text in Samuelson, P., 2000. Privacy as Intellectual Property? SSRN eLibrary; Stanford Law Review. Available at: http://ssrn.com/paper=239412 [Accessed on June 14, 2011].

[47]Lebatard, F.-R., Copyright Enforcement and the Protection of Privacy in France. Translegal. Available at: http://www.translegal.com/feature-articles/copyright-enforcement-and-the-protection-of-privacy-in-france [Accessed June 14, 2011].

For more details visit https://cis-india.org/internet-governance/blog/privacy/copyright-enforcement

Look what the state just did to you

praskrishna — 2011-06-16T10:51:58Z

The government's recent introduction of new rules in the IT Act allows 'offensive' material on any website to be removed within 36 hours. Did the state just arm everyone to shoot the messenger, online?Th

Let's say a newspaper published a contentious piece that begs to be questioned in the court of law. What would happen if instead of the journalist who wrote the article or the editor who published it, we decide to sue the newspaper boy who delivered the paper? Irrational? According to bloggers and digital media experts, new rules notified under the Information Technology Act 2008, has armed everyone to shoot the messenger, online. Will this challenge our fundamental freedom of speech and expression, and the fabric of the Internet as we know it?

In April this year, the Department of Information Technology (DIT) introduced a new set of rules called Intermediary Due Diligence. According to it, every citizen has the right to complain against any digital content to the website host or any ISP that serves the content or any cybercafe from which the content is available, etc (legally referred to as intermediary). In other words, any website that carries content Twitter, Facebook, YouTube, blogs and even newspaper websites can be sued for the content they carry, even if it is a third party that has written it.

So, even though over 190 million users worldwide publish over a billion comments a week on social broadcast medium Twitter, if someone were to find a particular 'Tweet' offensive even if it hasn't been written by an Indian they can ask Twitter to remove the tweet, failing which, they can sue the site.

According to the rules, every intermediary (read website) is now required to hire a grievance officer, to whom the offended party can send their complaint. The website is given 36 hours, to remove the comment, post or content, failing which the website is liable to judicial action.

The website owner no longer possesses the discretion to ignore complaints and uphold the freedom of speech of his site's users without risking liability himself.

Is the rule unconstitutional?

According to Pranesh Prakash, programme manager for Centre for Internet and Society, Bengaluru, the new rules are unconstitutional.

The pre-existing section 79 of the IT Act states that intermediaries (that is to say, websites) are not liable for third party information (such as comments, posts, tweets or posts) as long as they are mere conduits, observe 'due diligence' and don't encourage criminal activity. The new rules were meant to clarify what 'due diligence' meant. A draft of the rules was released in February, and the final rules were added to the IT Act in April.

"The rules have gone far beyond mere clarification. The Department has imposed rules that insist that intermediaries play the role of a judge and executioner on mere complaint, without any opportunity for the other side to be heard," says Prakash.

In a press release issued on May 11 this year, the DIT stated, "The Government adopted a transparent process for formulation of the Rules under the Information Technology Act. The draft rules were published on the Department of Information Technology website for comments [in February] and were widely covered by the media. None of the Industry Associations and other stakeholders objected to the formulation, which is now being cited in some section of media."

However, media analysts disagree. "The DIT was expected to create a public listing of comments submitted. From what we've seen on their website, they haven't," says Nikhil Pahwa, editor of Medianama, a website that offers analyses of news on various forms of media, including the Internet.

Interestingly, some Members of Parliament registered their protest against the draft rules.

Rajya Sabha member Rajeev Chandrashekar registered his protest against the draft rules during Zero Hour on March 22, and received the support of three other MPs Kumar Deepak Das, P Rajeev, Mahendra Mohan.

His argument was also published on his website: "The execution of these rules could result in a shutting down of the Internet, which is the main form of expression for growing Indians, if the information posted is found inconvenient to Government, institutions or individuals. This would also take away the right to freedom of expression of bloggers and other Internet users in the country. The Government must call for transparent public consultation/public opinion."

Restricting freedom of speech

What's more, say lawyers, the ground on which a person can find a comment offensive is vague and open to interpretation.

Apar Gupta, a lawyer associated with the Software Freedom Law Centre in New Delhi, says, "The grounds to block content are arbitrary. In a situation like this, any intelligent critique, discourse etc can be deemed offensive and no one can do anything about it."

Nor is it mandatory for the website to inform the person, who has posted a comment that someone else found offensive, before removing it.

"In a case like this, the so-called violator does not even have the opportunity to be heard or defend himself, which is a violation of the principles of natural justice," adds Prakash.

Websites no longer have a final say in regulating content, as they are legally bound to remove matter that has been found offensive. The removed content can be re-instated if the website wins a lawsuit against the complainant if it chooses to go through with one in the first place.

"Suppose you do not like what I have posted on Twitter, and file a complaint with the grievance officer.

Twitter has two options remove the content and be safe or keep it and be liable. What do you think is easier for Twitter? Obviously, it wouldn't want to be party to hundreds of lawsuits," explains Gupta.

Before the rules were notified, a police complaint could be registered, a civil suit filed, or a 'nodal officer' required to be designated in all government departments could be approached, which would be followed by a judicial probe. If the content was eventually found offensive, the website would be asked to remove it.

"Now, websites will lose protection from law if they don't take down 'offensive' content. They have no incentive to uphold the freedom of speech of their users. Instead, they have been provided incentives to take down all content about which they receive complaints without applying their minds," Prakash points out.

Then again, in our country where anything from a paragraph in a history textbook to a 15-second jig by a politician can be deemed offensive, analysts fear that the rules can be rampantly misused.

"The rule will be used by conservatives and not liberals. Lots of organised people (political parties, bureaucrats etc) will take down all content against them. People could end up using the rule to challenge a website and making money by agreeing for an out of court settlement," fears Gupta.

"It can become a tool for harassment," Shivam Vij, a member of radical critique blog Kafila, adds tersely.

The new clause has the potential to immediately address truly offensive material, such as child pornography, online grooming of young girls and boys by paedophiles (such as the recent case of Paul Wilson who was convicted in Birmingham for grooming 20 minors online) and videos taken on the sly (one such case led Rutgers university student Tyler Clementi to commit suicide, when a video of him having sex with a fellow male student was posted online). However, it is a double-edged sword that calls for further debate on what can be posted and what can be removed.

One way to do this is to make information public. If a site is blocked or content removed, there should be a public notice issued and a list should be maintained of all requests for removals or blocks. Also, the reason for removing or blocking a piece of content, and the authority responsible for taking that decision should be made public. When a user visits a blocked site, there should be a notice about the block, and a specific recourse mentioned for getting the block removed.

This article by Yoshita Sengupta was published in Mid Day on June 12, 2011. Read the original here

For more details visit https://cis-india.org/news/state-just-did-to-you

Tough neighbourhood tests India's e-tolerance

praskrishna — 2011-06-15T10:51:48Z

The combination of having restrictive neighbours as well as security threats could make freedom on the web in India a casualty, writes Anahita Mukherji in this article published by the Times of India on June 12, 2011.

While Indians have enjoyed relatively free cyberspace, growing security threats have resulted in new laws that may tighten the screws on India's freedom on the web. This is one of the findings of a global report titled Freedom on the Net 2011.

There is a widespread fear that the lack of internet freedom in neighbouring countries, like China and Pakistan, may adversely impact India. "If restrictions are placed in certain countries, information links get weakened. Also, governments tend to copy moves of other countries when it comes to a restriction of freedom on the net," said Ketan Tanna, the India researcher for the report.

However, Sarah Cook, Asian research analyst and assistant editor for Freedom on the Net, said that while India may be in a tough neighborhood, it is also possible to seek out the "best practices from countries further afield, or even design its own, and not follow the 'worst practices' from the countries next door".

"It is ultimately up to the Indian government and people to decide how adversely they let being in a tough neighborhood impact internet freedom. It is true that there are objective threats that India faces. All of these can be used as justifications for why the government should be given wide authority to block certain content or monitor internet traffic. But in a democratic society, such needs must be balanced against citizens' rights to free expression and privacy. Ensuring transparency, accountability and legal specificity in any measures taken to restrict the free flow of information is an important way of balancing those factors," said Cook in an email interview with TOI.

Recent regulations have given the government more freedom to censor content. In 2008, Parliament passed amendments to the IT Act, which came into effect in 2009 and have expanded the government's monitoring capabilities. Two months ago, the government enforced another set of guidelines on internet usage. They make it mandatory for intermediaries (ISPs, websites, blogs etc) to notify users not to publish or use information that could be harmful, defamatory or cause annoyance in any way. If an intermediary is informed of such information by the government, it has to block it within 36 hours.

According to the new rules, content that "threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states or public order" is entitled to a ban.

An RTI activist from The Centre for Internet and Society managed to get a list of 11 officially banned websites in India in April 2011.

Nikhil Pahwa, the founder editor of Medianama, a digital media portal, feels the new guidelines could result in a further slide in India's rank.

Read the original published in the Times of India here

For more details visit https://cis-india.org/news/india-e-tolerance

Snooping Can Lead to Data Abuse

sunil — 2012-03-21T10:39:22Z

THE NATGRID, aiming to link databases of 21 departments and ministries for better counter- terror measures, adopts blunt policy approach, subjecting every citizen to the same level of blanket surveillance, instead of a targeted approach that intelligently focuses on geographic or demographic areas that are currently important.

All you manage to do with the current approach help software, hardware and biometric equipment vendors achieve their sales targets. It is quite unlikely that security agencies will learn anything insightful by putting everybody under the same degree of surveillance. There is no scientific evidence to show that we will be a safer nation if the government eavesdropped into all aspects of a citizen’s life. Targeted surveillance, on the other hand, is like good old- fashioned detective work. Put a particular section — of potential troublemakers — under surveillance and leave the others alone.

With round- the- clock, 100- per cent, 360- degree surveillance, all the data is scrutinised all the time. The more effective approach is to sample and collect data while maintaining data trails. If anything suspicious is noticed, the rest of the trail can be dug up. Blanket surveillance only leads to leaks and abuse and tremendous distraction. The surveillance infrastructure will be overburdened as 99 per cent of the records and files scanned will be of no interest terms of fighting terrorism, etc.

The 21 databases need to be opened only when there is anything suspicious in any of the extracted and scrutinised samples or subsets. If there is a suspicious pattern, it should lead to opening of subsets in all the databases. Obviously, there should be ways in which the databases can talk to each other — demand for a particular subset, and not for all the records to be available to agencies all the time.

The NATGRID has to be able to let investigators selectively go in and out of the necessary subsets data. No one should be able to have a 360 degree view of all activities of all Indians. AS OF now, the NATGRID design does not appear to have a safeguard for data abuse. And no matter what you see Hollywood movies, this configuration does not exist in Europe or the US. Two important forms of protections that should be available in democracies with robust privacy laws are missing in India. The first is breach notification.

If intelligence agencies and the police have looked up your files, you have a right to be informed. Secondly, you can request for a copy of the information that is maintained on you and request modifications if the data is inaccurate, so as to prevent harassment. Such checks and balances are necessary an intelligent and appropriate surveillance regime.

Merging all 21 databases for 1.2 billion people into a single system only provides a juicy target for any internal or external enemy. From the perspective national security, it is a foolish thing to do. Terrorist groups will be able to target a single failure point destroy over a billion lives. Since the current configuration of the NATGRID only undermines national security, one is forced conclude that national security is a false pretext.

This explains the deep scepticism among many the intelligence agencies involved. The real purpose of the project is to scare citizens in the age of Arab springs. The NATGRID is a disciplinary measure aimed at social engineering of citizens’ behaviour. Unfortunately, our media has been misled by the corporate cheerleaders of this humongous waste of money.

The writer is executive director at the Centre for Internet and Society in Bangalore.
( As told to Max Martin)

Follow on Mail Today

Download the original here

For more details visit https://cis-india.org/internet-governance/blog/snooping-to-data-abuse

The New Right to Privacy Bill 2011 — A Blind Man's View of the Elephunt

Prashant Iyengar — 2012-02-29T05:45:41Z

Over the past few days various newspapers have reported the imminent introduction in Parliament, during the upcoming Monsoon session, of a Right to Privacy Bill. Since the text of this bill has not yet been made accessible to the public, this post attempts to grope its way – through guesswork – towards a picture of what the Bill might look like from a combined reading of all the newspaper accounts, writes Prashant Iyengar in this blog post which was posted on the Privacy India website on June 8, 2011.

I am relying entirely on the following three newspaper accounts in the Times of India, the Hindu and the Deccan Chronicle.

A Constitutional/Fundamental Right?

The Times of India piece which broke the story seems to have misunderstood/misquoted Law Minister Veerappa Moily. The article is titled “Right to privacy may become fundamental right” which connotes a constitutional amendment. However this is inconsistent with the later portions of the same article as well as subsequent newspaper accounts in DC and the Hindu. So its safe to assume that this will not be a fundamental right to privacy, but a statutory right to privacy – like what the Right to Information Act grants us.

Preamble

I’m extrapolating here from the Hindu article:

"To provide for such a right [of privacy] to citizens of India AND to regulate collection, maintenance, use and dissemination of their personal information."

So it’s an omnibus Privacy and Data Protection Law that’s being passed. How nice. This addresses some of the misgivings that we had last year against the "Approach Paper on Privacy" released by the Department of Personnel and Training.

Definition of ‘Right to Privacy’

The Hindu article appears to quote directly from the Bill.

Every individual shall have a right to his privacy — confidentiality of communication made to, or, by him — including his personal correspondence, telephone conversations, telegraph messages, postal, electronic mail and other modes of communication; confidentiality of his private or his family life; protection of his honour and good name; protection from search, detention or exposure of lawful communication between and among individuals; privacy from surveillance; confidentiality of his banking and financial transactions, medical and legal information and protection of data relating to individual.

This is a wonderfully expansive definition of the right to privacy which spans diverse areas including privacy of communications, reputational privacy, bodily/physical privacy, confidentiality, privacy of records and data protection. I’m especially pleased that this section does not limit this right to privacy only to claims against the state (as in the Right to Information Act).

The Deccan Chronicle article contains a slightly different definition of 'right to privacy' under the Bill. Here the right to privacy includes "confidentiality of communication, family life, bank and health records, protection of honour and good name and protection from use of photographs, fingerprints, DNA samples and other samples taken at police stations and other places."

This wording is slightly more granular, but less broad. I’m wondering if it is a part of the same section, or a different one entirely.

Interception

What is most interesting is the attempt made in this Bill at harmonization of interception rules across all modes of "communication". (Currently there are different rules/procedures that followed depending on the mode of communication used – Indian Post Act, Telegraph Act, IT Act.)

Here are some of the sweeping changes sought to be introduced:

The bill prohibits interception of communications except in certain cases with approval of Secretary-level officer – not below the rank of home secretary at the Central level and home secretaries in state governments
Mandatory destruction of intercepted material by the service provider within two months of discontinuance of interception.
Constitution of a Central Communication Interception Review Committee (CCIRC) to examine and review all interception orders passed (under all Acts?).
CCIRC empowered to order destruction of material intercepted under the Telgraph Act.
"unauthorised interception" (by whom?) punishable with a maximum of five years’ imprisonment, or a fine of Rs 1 lakh, or both, for each such interception. This makes it a cognizable, non-bailable offense.
Disclosure of legally intercepted communication by “government officials, employees of service providers and other persons” will be punishable with imprisonment up to three years. (It is unclear whether this will be a cognizable offence or not)

Data Protection

The Bill adds muscle to the newly introduced Data Protection Rules under the IT Act, by creating an overarching statutory regime for Data Protection.

Thus, the bill forbids "any person having a place of business in India but has data using equipment located in India" from collecting or processing, using or disclosing "any data relating to individual to any person without consent of such individual". I assume that there will be exceptions to this section. The wording of this section seems to preclude its application to the government (unless you can interpret the ‘government’ to mean ‘a person having a place of business in India’. I have no views on the likelihood of that argument.

The bill evidently authorizes the establishment of an oversight body called “Data Protection Authority of India” that will investigate complaints about alleged violations of data protection. The following appear to be the functions of this body

to monitor development in data processing and computer technology;
to examine law and to evaluate its effect on data protection
to give recommendations and to receive representations from members of the public on any matter generally affecting data protection.
to investigate any data security breach and issue orders to safeguard the security interests of affected individuals whose personal data has or is likely to have been compromised by such breach.

Video Surveillance

The bill includes a very interesting prohibition on "closed circuit television or other electronic or by any other mode", except in certain cases as per the specified procedure.

No further details are provided about the exceptions or the procedure and one expects the devil to be in the details.

Bodily Privacy

The bill prohibits "surveillance by following a person".

This innocuously worded provision has the potential to effect sweeping changes in the criminal administration of this country (if it is even applicable to the state police machinery) . Currently, Police Acts in the various states contain no provisions that enable a person to challenge the surveillance imposed on them. This new section could provide a powerful new shield to the victims of police harassment.

Impersonation and Financial Fraud

In a section apparently dealing with identity theft, the Bill criminalises inter alia "posing as another person when apprehended for a crime" and "using another’s identity to obtain credit, goods and services".

I think the first (at least) is unnecessary since it is already covered by the crime of Impersonation under the IPC.

Residual

A curious provision appears to be a fine imposed on “any persons who obtain any record of information concerning an individual from any officer of the government or agency under false pretext”. Such a person shall be punishable with a fine of up to Rs. 5 lakh.(unclear whether there is a term of imprisonment in addition).

It will be interesting to see how this section conflicts with the Right to Information under which no 'pretext' need be given to the public authority.

I also think it is ill-conceived to penalise the person obtaining the record of information – the government body in custody of the information should be made more responsible in scrutinizing the 'pretext' before handing over such information.

Tailpiece

That’s all I can make out from the three articles referenced. Looks like it’s going to be a really interesting bill. I’m optimistic about it for the sincere attempt it appears to make to grapple with the protean nature of Privacy concerns we encounter. Veerappa Moily has claimed that this bill will be introduced in the monsoon session in July but has also cautioned that "it’s difficult to commit the timeframe". I think we should make haste slowly with this Bill and hope that the Law Ministry will have the wisdom to solicit public comment before introducing it in Parliament.

I’d greatly appreciate someone sending me a copy of the bill if you have access to it.

Read the article published on the Privacy India website here.

For more details visit https://cis-india.org/internet-governance/blog/privacy/new-right-to-privacy-bill

Do You Want to be Watched?

sunil — 2012-03-21T09:11:45Z

The new rules under the IT Act are an assault on our freedom, says Sunil Abraham in this article published in Pragati on June 8, 2011.

Privacy is a necessary but not sufficient condition for security. A bank safe is safe only because the keys are held by a trusted few. No one else can access these keys or has the ability to duplicate them. The 2008 Amendment of the Information Technology (IT) Act and their associated rules notified April 2011 proposes to eliminate whatever little privacy Indian netizens have had so far. Already as per the internet service provider (ISP) license, citizens using encryption above 40-bit were expected to deposit the complete decryption key with the Ministry of Communications and Information Technology. This is as intelligent as citizens of a neighbourhood making duplicates of the keys to their homes and handing them over at the local police station. With the IT Act’s latest rules things get from bad to worse. (For an analysis of the new rules under the IT Act, see the In Parliament section of this issue).

Now imagine my daughter visits the neighborhood cybercafe, the manager would now be entitled to scan her ID document and take a photograph of her using his own camera. He would also be authorised to capture her browser history including unencrypted credentials and authentication factors. He would then store this information for a period of one year and provide them to any government entity that sends him a letter. He could continue to hold on to the files as there would be no clear guidelines or penalties around deletion. The ISP that provides connectivity to the cybercafe would store a copy of my daughter’s Internet activities for two years. None of our ISPs publish or provide on request a copy of their data retention policies.

Now suppose my daughter used an online peer-production like Wikipedia or social-media platform like MySpace to commit an act of blasphemy by drawing fan-art for her favorite Swedish symphonic black metal band. A neo-Pentecostal Church sends a takedown notice to the website hosting the artwork. Unfortunately, this is a fringe Web 2.0 platform run by Indian entrepreneur who happens to be a friend of yours. When the notice arrived, our entrepreneur was in the middle of a three-week trek in the Himalayas. Even though he had disabled anonymous contributions and started comprehensive data retention of user activity on the site, unfortunately he was not able to delete the offending piece of content within 36 hours. If the honourable judge is convinced, both your friend and my daughter would be sitting in jail for a maximum of three years for the newly christened offence of blasphemous online speech.

You might dismiss my misgivings by saying “after all we are not China, Saudi Arabia or Myanmar”, and that no matter what the law says we are always weak on implementation. But that is completely missing the point. The IT Act appears to be based on the idea that the the Indian public can be bullied into self-censorship via systemic surveillance. Employ tough language in the law and occasionally make public examples of certain minor infringers. There have been news reports of young men being jailed for using expletives against Indian politicians or referring to a head of state as a “rubber stamp.” The message is clear—you are being watched so watch your tongue.

Surveillance capabilities are not a necessary feature of information systems. They have to be engineered into these systems. Once these features exists, they could potentially serve both the legally authorised official and other undesirable elements. Terrorists, cyber-warriors and criminals will all find systems with surveillance capabilities easier to compromise. In other words, surveillance compromises security at the level of system design. There were no internet connections or phone lines in the bin Laden compound—he was depending on store and forward arrangement based on USB drives. Do we really think that registration of all USB drives, monitoring of their usage and the provision of back doors to these USBs via master key would have lead the investigators to him earlier? Has the ban on public wi-fi and the current ID requirements at cyber-cafes led to the arrest of any terrorists or criminals in India? Where is the evidence that resource hungry blanket surveillance is providing return on investment? Intelligence work cannot be replaced with resource-hungry blanket surveillance. Unnecessary surveillance distracts the security with irrelevance.

Increase in security levels is not directly proportional to increase in levels of surveillance. A certain amount of surveillance is unavoidable and essential. But after the optimum amount of surveillance has been reached, additional surveillance only undermines security. The multiple levels of data retention at the cybercafe, by the ISP and also by the application service provider does not necessarily make Indian cyberspace more secure. On the contrary, redundant storage of personal sensitive information only acts as multiple points of failure and leaks—in the age of Niira Radia and Amar Singh one does not have be reminded of authorised and unauthorised surveillance and their associated leaks.

Finally, there is the question of perception management. Perceptions of security does not only depend on reality but on personal and popular sentiment. There are two possible configurations for information systems—one, where the fundamental organising principle is trust or second, where the principle is suspicion. Systems based on suspicion usually gives rise to criminal and corrupt behavior. If the state were to repeatedly accuse its law-abiding citizens of being terrorists and criminals, it might end up provoking them into living up to these unfortunate expectations. If citizens realise that every moment of their digital lives is being monitored by multiple private and government bodies—they will begin to use anonymisation and encryption technology round the clock even when it is not really necessary. Ordinary citizens will be forced to visit the darker and nastier corners of the internet just to download encryption tools and other privacy enabling software. Like the prohibition, this will only result in further insecurity and break-down in the rule of law.

Read the original here

For more details visit https://cis-india.org/internet-governance/blog/want-to-be-watched

The Digital is Political

nishant — 2012-03-21T09:14:23Z

Technologies are not just agents of politics, there is politics in their design, writes Nishant Shah in this article published in Down to Earth in the Issue of June 15, 2011.

The links between digital technologies and politics, especially in the light of the recent West Asian-North African uprisings, have been well-established. But there is a pervasive belief that the technologies of computing, in themselves, are apolitical. There are two warring groups when it comes to debates around political participation and social change that the digital and Internet technologies have fostered.

On the one hand are people who celebrate the negotiation- and intervention-making power of these technologies and attribute to them great power that can change the world. On the other are those who look at these developments with suspicion, trying to make a case for the power of the human will rather than the scope of technology design.

Both sides remain convinced that there is a cause-and-effect link between technology and politics, but nobody talks about the politics of technology. The functional focus on digital technologies—economic prosperity, time-space shrinkage, transparent interaction and governance—has been overwhelming. This fosters a pervasive belief that technologies of computation and communication are agnostic to politics: there is a disconnect between everyday practices of technology and spectrum of politics within which we operate.

Let me give an example to explain this. Take a blank sheet of paper. To all appearances, it is completely agnostic to the uses it can be put to. It can become a letter of love, it can become a note of dismissal, shattering the dreams of somebody who is fired, it can be a promissory note facilitating legal and economic transactions, or it can become the rag to mop a spill on your desk. It is generally presumed that the piece of paper does not have any design or agency. And yet, it is obvious from history that this sheet of paper did indeed revolutionise the world.

The advent of the printing press, the ability to mass-produce paper, the possibility of sending disembodied messages, the power of the paper to store information which can then be retrieved, has been transforming the world the last 500 years. It is a technologised platform that, by its very design possibilities and limitations, is able to shape, not only how we have communicated with each other, but also how we think. Let us remember the first proof of our identity is not in images or in sounds, but in a document, printed on a piece of paper, that declares us human and alive and legally present—the birth certificate.

We have grown so used to the world of writing and of printing that we have appropriated paper as an integral part of the human socio-cultural fabric. However, technology interfaces and products have not only a political agenda in their design, but also the power to shape the ways in which human history and memory function. The blank sheet of paper, in its inability to capture oral traditions, eradicates them. The tyranny of a piece of paper brings a fixity to articulations which are fluid. To think of the paper as bereft of political design, ambition and destiny, would be to neglect the lessons learned in history.

The digital interface needs to be understood through similar prisms. It is presumed that the digital interface in itself is not political in nature. Or politics is reduced to the level of content. In the process certain significant questions remain unanswered: who owns the digital technologies? Who supports them? Who benefits from them? Who controls them? Who remains excluded? Who is being made to bear the burdens?

Questions about exclusion and discrimination, built into the very structure of technology, are often overlooked. How do technologies determine who gets a voice? How do the digital webs exclude those who shall always remain outcasts? What happens to our understanding of the relationship between the state and the citizen? What are our digital rights? How does the technology design mitigate social evils? How does technology emerge as the de-facto arbitrator of law?

Politics plays a part in the very presence and design of these technologies. It is perhaps time to proclaim that like the personal, the “The Technological is the Political.”

Read the original here

For more details visit https://cis-india.org/internet-governance/blog/digital-is-political

Say 'Password' in Hindi

nishant — 2012-03-21T09:18:19Z

English might be the language of the online world, but it’s time other languages had their say, writes Nishant Shah. The article was published in the Indian Express on June 5, 2011.

On skype the other day, a friend narrated an incident that made the otherwise familiar terrains of the internet, uncanny. His grandmother, who had recently acquired a taste for Facebook, had signed off on a message saying “Love, Granny”. For people of the xoxo generation, this sounds commonplace, in fact it might even be archaic. However, for my friend, who had never thought of his emotions for his grandmother as “love”, it produced a moment of sheer strangeness.

In Gujarati, it would have been silly to think of your emotions for family as “love”. There are better nuances. The emotional connect between lovers is different from the affective relationship with parents. The fondness for siblings is different from the bond with friends. And it was unnerving, for him, to have this range of emotions suddenly condensed into “love”. Like many of us polyglots who work in the rapidly digitising world of the World Wide Web, he was experiencing the gap between the mother tongue and the other tongue. It is an experience that is quite common to non-native speakers of English, who have to succumb to de facto English language usage on the global web and often find themselves at sea about how to translate emotions, histories and experiences into a language which does not always accommodate them.

This experience only becomes more intense for people who are fluent neither in the English language nor in international online English. This question of localisation of language remains one of the biggest gating factors of the internet. It also remains, after literacy and skills, the biggest impediment to including people from non-mainstream geopolitics in discussions online. Several global linguistic majorities have dealt with this by producing different language webs. Spanish, Chinese, Japanese and German are among the largest non-English language internets which are in operation now. However, in post-colonial countries like India, where linguistic diversity is the order of the day, the efforts at localisation have been sporadic and not very popular.

There are many facets to the implementation of localisation practices. It requires developing local language fonts so that people don’t have to merely transliterate local words using an English language script. These fonts further need to be made translatable into other languages, identified by machine translations. Keyboards and hardware infrastructure, which grants ease of access to the users need to be built. Tool kits to de-Anglify the computer language, code, browser signs etc. are being developed. There are many attempts being made by public and private bodies in the country to produce this ecology of localisation, both at the level of hardware and software.

And yet, adoption of localisation tools, despite a growing non-urban user base, remains low. Most people engage with the digital and online services through English, even though their fluency with the language might be low. One of the reasons why localisation of Indic language content is facing so much resistance is because of a narrow understanding of localisation as linguistic translation. Most attempts at localisation in the country merely think of translating English terms like “browser”, “code”, or “password” into the regional languages. In many instances, the term is merely rewritten in the local script.

Such an approach to localisation ignores the fact that the language of technology does not only produce new expressions and words, but also new ways of thinking. While localising the English language content, care also has to be given to translating the contexts, which the words and phrases carry. Do a simple exercise. Take the word “Password”. Try and translate this into your local language so that it makes complete sense to a native speaker. You will realise that just saying “Password” doesn’t mean much and that it requires background information to make that word intelligible to a community.

The second is that localisation is not merely about giving rights to generate content online. While the Web 2.0 wave of user-generated content is ruling the internet now, we must realise that most people come online to consume as much, if not more than, what they generate. Policies that promote local language information production, translation projects etc. need to be in place so that the minimum threshold of information is available online in languages other than English. Government documents, state records, public artifacts, etc. need to be digitised and made available in local languages so that people can access data online.

Localisation is not only about language and translations. It is about changing the top-down approach; instead of forcing existing concepts on to material realities which don’t always fit them, it is time to see that the true power of digital technologies is in building bottom-up models where everyday practice can be captured through localised vocabularies that allow for users to say, “I love you,” to anybody, in a language, and meaning that makes sense to them.

Read the original here

For more details visit https://cis-india.org/internet-governance/blog/password-in-hindi

Technology, Transparency and Accountability: A Bar-Camp in Delhi

praskrishna — 2011-06-06T06:30:09Z

Accountability Initiative (AI) held a bar-camp on “Technology, Transparency and Accountability” on 5th June at Google office in Gurgaon. Pranesh Prakash participated in this bar-camp.

The camp brought together technology enthusiasts, coders, hackers and policy-thinkers together in a collaborative environment to develop innovative solutions to accountability and transparency challenges in India.

Agenda

10:00 AM - Introduction
10:30 AM - 11:30 AM Combined sessions at the cafe
11:30 AM - 1:30 PM - Breakout sessions in the various rooms and demo sessions in the cafe
1:30 PM - Lunch
2:30 - 5:30 PM - Breakout sessions in the various rooms and demo session in the cafe
5:30 - 6:30 PM - Deciding the future of the camp and creating blueprints for further collaboration
6:30 PM - Ending session

Some of the topics being talked about thus far

Social accountability tools and how can technology be used for this?

Public finance tracking and PAISA
Participatory budgeting
Participatory research for tracking outcomes
Citizen report cards
Social audits

Open Data and why it is important for transparency

Where can you find government data
Scraping government data using Needle Base
Why is visualization important?
Some examples of how open Data is changing the world
Akshara's work at the Karnataka Learning Partnership and the need for open educational data.
Data-mashups
The draft policy on open data in India
One stop govt ports

Technology innovations for improving the Right to Information

A wishlist
Shouldn't the replies to RTI be in the public domain?
Filing an RTI: Problems and Prospects
RTI Question and Answer Portal
How do you file an RTI though an SMS?

Egovernance initiatives that are leading to greater accountability and transparency

Mahima Kaul - Digital Empowerment Foundation

Making the links between politics and businesses transparent

Rohit Chandra

Electoral accountability

‘Improving and Strengthening Democracy in India’ - Lessons from Election Watch Process

Crowd-sourcing actionable data

An example of crowd-sourcing - Powercuts.in

Transparency in diplomacy

Using online tools to engage and be engaged by the public.

How should we look at technology when dealing with grassroots situations?

How can programmers help in making governance more transparent?

Perspectives from the Government

Perspectives from the NIC
Perspectives from the NEGP
Perspectives from the Office of Mr Sam Pitroda, Adviser to the Prime Minister of India on Public Information Infrastructure and Innovations.

Making conversation: citizens and their government

Making visual sense of Data and Policy

Policy to Practice: From the lab and to the people

How can legislators and parliamentarians and MPs be tracked by citizens?

Research Tools to work with large amounts of data

Other interesting ideas that have come up

Panini Keypad - Mr Abhijit Bhattacharjee
How Ashok Leyland dealt with its problems of too many layers between the customer on the ground and the top management - Its implications for the government

The Speakers

Nikhil Dey - Nikhil Dey has done more to fight for the rights of people than he will ever allow the world to find out. Always far from the spotlight, he has worked quietly to shape legislation, lobby governments and politicians and build grassroots campaigns.Born in 1963 in the city of Bangalore, Nikhil was educated in India and the US. Before the formal completion of his graduate course at the George Mason University, he left to ‘follow his bliss' and came to India. His initial work was with the Kheduth Mazdoor Chetna Sangathan in Madhya Pradesh. He then joined Aruna Roy and Shankar Singh in 1987 to go to a village called Devdungri in Rajsamand district, Rajasthan. Devdungri was soon to become the head office of the Mazdoor Kisan Shakti Sangathan (MKSS), a peasants-workers-women organisation founded by the trio in 1990. He currently is the Convener of the National Campaign for People's Right to Information.

Shri Sailesh Gandhi - Shailesh Gandhi is one among the handful of people whose dogged perseverance has demonstrated that the Right to Information Act is a valuable tool that can be used by ordinary people to resolve issues and to clean up public life. Currently one of the Information Commissioners of India, Mr Gandhi is a graduate from IIT-Mumbai and first-generation entrepreneur.

Prof Trilochan Sastry - Prof Trilochan Sastry has a Bachelors in Technology from IIT, Delhi, an MBA from the Indian Institute of Management (IIM), Ahmedabad, and a Ph.D. from the Massachusetts Institute of Technology (MIT) USA. He taught for several years at Indian Institute of Management (IIM), Ahmedabad after which he moved to IIM, Bangalore. He is currently Dean at IIM Bangalore. He has taught in other Universities in India, Japan, Hong Kong and United States and has published several academic papers in Indian and International journals. Has received national award for research and teaching. He was part of the cofounding team of ADR India in 1999.

GVL Narasimha Rao: Rao is a well known Psephologist who has been predicting Indian elections for two decades for various leading media organisations in the country. He is the founder of Development & Research Services Pvt. Ltd., a leading research organisation offering professional research services for various governmental, international and commercial organisations. Formerly, he was a Columnist for MINT newspaper and regularly writes in various newspapers on politics and elections.

Rao is presently Media Adviser to Chief Minister of Madhya Pradesh in the rank of a state minister. He is also a member of the BJP’s National Committee on Electoral Reforms under the guidance of BJP’s senior Leader Mr. L.K. Advani.

Rao is President of VeTA (Citizens for Verifiability, Transparency and Accountability) and has organised various efforts in highlighting the lack of transparency and verifiability in Indian EVMs. He has authored a book titled “Democracy at Risk! Can We Trust Our EVMs?” which became the intellectual basis for the campaign for EVM reform. He had highlighted the vulnerabilities of India’s EVMs in a round table international Electronic Voting Workshop in Washington D.C. last year which was also attended by the Election Commission of India. Rao has blogged extensively on the vulnerabilities of EVMs at www.indianEVM.com which exerted huge pressure on the Election Commission of India and even served as an eye opener for laying bare hitherto unknown vulnerabilities (brought out by the research of Hari Prasad et al.) and raising uncomfortable questions regarding the pitfalls in EVM procurement, storage and field administration.

Mahima Kaul - Mahima Kaul is a writer/journalist and has worked with different formats - print, video and online. She has written for The Indian Express, Sunday Guardian, PBS World Focus and also worked on video programming for Al Jazeera and PBS. She was the India producer for PBS's special coverage on the Mumbai Terror Attacks, which was nominated for an Emmy Award. She has a blog that has been picked up by (among others) OpenDemocracy, Global Voices, Huffington Post and Ground Report.

She is deeply involved in ICT4D -- Information and Communication Technologies for Development -- sector. She has worked with Video Volunteers, a community media organization, and helped launch India's first community TV channel, India Unheard. She is a consultant with the Digital Empowerment Foundation where she manages the Digital Knowledge Center, the first information portal in India on best practices in ICT4D. Mahima has also established The Open Communication Foundation as a multidisciplinary platform devoted to ICT4D.

Rohit Chandra - Rohit Chandra is an engineering graduate currently doing research in the areas of power, energy and natural resources at the Centre for Policy Research. He will be discussing a nascent idea at the Accountability Initiative which hopes to map the links between businesses and politicians.

Sukhman Randhawa - Sukhman has completed her Masters in Social and Political Sciences from the University of Cambridge, UK and has obtained a BA in English Literature (Hons.) from St. Stephen's College, Delhi University. She is also an honorary fellow of the Cambridge Commonwealth Trust. She has worked as a Research Associate at the National Knowledge Commission (NKC), a high level advisory body to the Prime Minister of India, on the focus areas of Higher Education, Libraries, National Portal for Teachers, National Environment Portal, National Biodiversity Portal, Quality of Life, and worked on compiling the final report of the Commission. At NKC, she also worked with State Governments for implementation of NKC recommendations and preparing blueprints for action. She has also worked with IL&FS Education and Technology Services Ltd in Delhi. Currently she is working at the Office of Mr Sam Pitroda, Adviser to the Prime Minister of India on Public Information Infrastructure and Innovations.

Gautam John - Gautam used to be a lawyer with a focus on copyright laws and has also been an entrepreneur. He is passionate about education, equality and equity and focuses on 'access' as a way to achieve these. Gautam was a TED India Fellow in 2009 and is a Creative Commons supporter. He works with the Akshara Foundation where he manages the Karnataka Learning Partnership project, Pratham Books and is an advisor to Inclusive Planet. He is a founder member of Wikimedia Chapter (India) and currently serves as Secretary on the Executive Committee.

The Karnataka Learning Partnership is a multi-party, multi-stakeholder platform to bring transparency in the public preschool and primary education space. Karnataka Learning Partnership is also a public space where citizens can contribute to the cause of ensuring better schools and schooling for our children.

Raman Jit Singh Chima - is a senior analyst, Public Policy and Government Affairs at Google, India.

Pranesh Prakash - Pranesh Prakash is a programme manager with the Centre for Internet and Society, a Bangalore-based non-profit research and advocacy organization. He is a lawyer by training who's comfortable at a bash prompt. He works mostly around issues of intellectual property rights reform, promoting IP alternatives and transparency through different kinds of 'opennesses'—open standards, free/open source software, open government data, open access to law—as well as issues of freedom of speech and expression and privacy that relate to the Internet.

Last year, Pranesh along with Glover Wright, Sunil Abraham and Nishant Shah, prepared a report around open government data (OGD) in India as part of a series of studies commissioned by the Transparency and Accountability Initiative . In that report they looked at the existing ecosystem in terms of data practices, the policy environment (RTI, copyright, standards, NeGP, NKC's recommendations, etc.) , and specific OGD case studies of governmental organizations, civil society organizations, public-private partnerships, and civic hackers. The report then charts out challenges any campaign for OGD in India must address, as well as observations on how the very conceptualization of OGD must be different in India, and strategic recommendations on how to grow the OGD movement in India.

Rishabh Verma - A Python enthusiast, FOSS contributor,loves data mining and is always upto finding unusual patterns in large datasets. Organizer of Tech & Entrepreneurial events, he digs data-contextualization books when he should rather be preparing for his board exams.

Thejesh N - Thejesh GN is a Technologist. His area of interests are web, Open Data and Open Source technologies. He moonlights visualizing public data. He loves blogging and hacking open source software. You can find more about him here.

Chakshu Roy - Chakshu is a lawyer who specialised in real estate law and commercial agreements before joining PRS. He has earlier worked in corporate law with the Chamber of Law, New Delhi. He holds bachelors degrees in Commerce and Law from Delhi University. Chakshu Roy heads technology initiatives at PRS Legislative research, developing a comprehensive technology strategy to engage large sections of the Indian population in policy making.

Vinay Kumar - Vinay Kumar is the chief strategist at Digital Greens. He currently manage operations of Digital Green and contribute to its organizational development. He is also a consultant to Translational Health Science & Technology Institute (THSTI) at Department of Biotechnology. Prior to this he was at India Operations Director at PATH and Regional Operations Manager for Asia / Near East with IntraHealth International. Earlier he was with the Reserve Bank of India. I have an MA in Political Science and M. Phil. in International Relations from JNU and MBA from FMS.

Manu Srivastava - Manu Srivastava works as Vice President - Delivery at eGovernment Foundation, a not-for-profit trust that was founded in Feb 2003 by Nandan Nilekani & Srikanth Nadhamuni with a goal of creating an eGovernance system to improve the functioning of City Municipalities leading to better delivery of services to their citizens. He has been in the field of Municipal Governance for the last 7 years and focusses on supply side, with the Municipal Governments, to create sustainable, efficient, transparent and accountable Municipalities. eGovernments Solutions have been deployed in more than 250 municipalities across the country.

Dinesh Shenoy - Dinesh Shenoy is a business developer at Palantir. Palantir is a firm believer in the fact that well-informed citizens lead to better government, and making government data available is certainly an important first step. In practice, however, information is scattered across countless domains, and combining such widely dispersed knowledge in a meaningful way is a technical challenge beyond any private citizen's capabilities. Palantir has eliminated this barrier, democratizing the data and providing the tools to place a new world of analysis at your fingertips.

Palantir has developed AnalyzeThe.US which allows anyone to to explore vast amounts of data, including key datasets from www.data.gov. It brings critical knowledge together on a single stage, while providing rich analytical applications that enable anyone to develop an intuitive picture of the complex flow of resources, money, and influence that affect how our government functions. Ultimately, by allowing citizens to analyze our democracy, AnalyzeThe.US democratizes analysis.

Paul Culmsee - Paul Culmsee is a dialog mapper based in Perth, Australia. He has faciliated a number of meetings and done lot of dialog mapping particularly for the public sector in the areas of urban planning and health. He is the only certified dialog-mapper in the Southern hemisphere. He has also dialog-mapped politicians. His work has culminated in soon to be released book called "Beyond Best Practices", which outlines IBIS based techniques - a radically inclusive approach to knowledge management that allows groups to capture and make sense of unstructured knowledge during project meetings. and case studies. The book goes beyond the tool of mapping and the concept of wicked problems to look at what is needed to create and maintain a "holding environment".

Frederick Noronha - Frederick Noronha is a journalist, writer, publisher and photographer from Goa, India. He is known for online community building, and for promoting the cause of Free Software in India. Among the other campaigns he has been actively associated with are the successful community radio campaign, right to information initiatives, sharable content (including the information commons, Creative Commons, Wikipedia). He has been active in mailing lists within India, and has undertaken blogging assignments in Uganda, Malaysia and Thailand. He is on twitter at @fn and shares his links via Facebook and del.icio.us (fredericknoronha)

Nikhil Pahwa - Nikhil Pahwa is a media junkie, journalist and a blogger. He has covered the digital media business for more than 3 years. He has helped bringing a pan-media perspective to digital media reportage, highlighting industry issues, identifying opportunities and problems, and questioning the efficacy of decisions being made by some large media companies. Nikhil Pahwa undoubtedly is one of the popular names in the business of digital media coverage. Companies referMedianama for the latest breaking news in the digital media industry.

Kohl Singh Gill - Dr. Kohl S. Gill is the President and founder of LaborVoices, Inc. Dr. Gill served as an AAAS Science and Technology Policy Fellow for the U.S. Departments of Energy and State, most recently as the South Asia and Middle East Labor Affairs Officer for the Office of International Labor and Corporate Social Responsibility in the U.S. State Department’s Bureau of Democracy, Human Rights, and Labor. Prior to federal service, Dr. Gill was an Indicorps Fellow in the slum areas of Delhi, India, serving as a volunteer paralegal with local residents, using transparency legislation to fight both petty and grand corruption at the local level. Dr. Gill is a graduate of the California Institute of Technology and received his Ph.D. from the University of California, Santa Barbara, for his work in quantum computing and semiconductor physics.

Aaditya Dar, Dhruv Suri and Ritwik Agrawal - Aaditya, Dhruv and Ritwik are interested in exploring and evolving innovative interventions to improve governance in India. They have varied backgrounds - economics, policy research, law, advocacy [and even math!] and have worked together in the past on education and governance related issues as part of United Students.

Vijay Pratap Singh Aditya is a development professional with hands-on experience in institution development, development research, communication systems and grassroots networking. He has considerable experience in developing systems and platforms for enabling enterprise support. Vijay is an Electrical Engineering Graduate with a Post-Graduation in Management from the Indian Institute of Forest Management, Bhopal, M.P., India. Vijay is co-founder and Chief Executive Officer of Ekgaon.

The other speakers were:

Vivek Joshi
Siddhant
Mudit Tuli
Ankit Rastogi
Nirmesh Singh
Manish Shekhar
Shashank S
Mandira
Tonushree
Shomikho Raha

The rationale behind the camp

Founded in 2008, AI is a research initiative that aims to improve the quality of public services in India by promoting informed and accountable governance. To this end, one of AI's key efforts is to develop innovative models for tracking government led social sector programs in India. The Centre for Policy Research, an independent and non-partisan research institute and think-tank, is the institutional anchor for this initiative.

It is now widely accepted that greater transparency – access to information and data on the day to day functioning of government – is key to creating accountable and effective governance systems. The Right to Information Act (2005) has played a significant role in strengthening transparency by committing the government to both proactively providing citizens with information and also responding to specific information requests. While the Act has met much success – RTI applications are growing by the day - there remain concerns related to quality, and reliability of information and data provided. Moreover, there are still many gaps in the Government’s efforts to proactively disclose information and data of public relevance.

Technology is one of many tools that can help address these gaps. There are some incredible initiatives taking place across the world on opening government data and on getting data to work for ordinary citizens. [See below for a sample of initiatives] Through the bar camp, we hope to create a platform for technologists to share these technologies and contribute to the debate on strengthening accountability and transparency.

Equally, we believe that technology solutions can be significantly enhanced if they are developed in consultation with people working on the ground, people who deal with the challenges of our current governance systems in India. By organizing a bar camp, we at AI want to initiate a conversation between technology specialists and people working on the ground. Through the bar camp, we intend to create a space where people can share their knowledge about how best to use new technologies to make our government really work for the people.

Online conversations

To faciliate conversations between interested people and for people who are interested in being a part of the planning process, we created a Google-Group. To send in your suggestions for the camp, both on what you would like to hear, and on what sessions you would like to take, you can use the google-group or send in your entries through our Facebookpage, our Twitter handle or through comments on this blog post. Our entry on the official bar-camp page is here. To tweet about us please use the hash-tag #TAC1.

Do you need more ideas?

To spark your thought processes, we consolidated a list of websites which deal with "Technology, Accountabilty and Transparency". Have fun!

A compendium of ideas from across the world can be found here.
The Sunlight Foundation does some excellent work on technology and transparency issues.
The technology for transparency network maps technology initiatives across the world.
Code for America brings together techies from across the world to use their skills for the greater common good.
Civics Common is another organization working on using technology for common good, and this involves a lot of transparent data.

For any other information, please contact lemmanuel @ accountabilityindia.org.

See the entire details on the Accountability Initiative website.

For more details visit https://cis-india.org/notices/technology-transparency-accountability

A Street View of Private and the Public

Prashant Iyengar — 2012-03-21T09:34:23Z

Prashant Iyengar on how in the eyes of the law, the internet giant is like the homeless in India. This article was published by Tehelka on June 4, 2011.

Since last Thursday, Internet-search giant Google has been busy collecting images of roads in Bengaluru in order to launch its popular StreetView service for the city. It is a feature that allows users of Google Maps to virtually navigate and explore cities through a 360-degree, street-level imagery. To achieve this, Google drives vehicles with cameras mounted on them through each street and neighbourhood in a city, systematically capturing everything in their path, including buildings, roads, traffic, animals and human subjects.

Intrinsically, the idea is exciting for its ability to enable distant users to sample street life in cities and neighbourhoods that they may have never physically visited. Or, even for the exhilaration it permits of viewing familiar spaces virtually.

However, this technology has also raised interesting privacy concerns in countries where it has previously been launched. In April 2008, shortly after the service was first launched in the US, Google was sued by a couple who objected to the pictures of their home being publicly displayed. This suit was settled out-of-court two years later. Google had, meanwhile, made changes to their service, permitting users to "opt out" of the service, rendering similar suits unnecessary. Google has faced similar concerns in other jurisdictions, including Europe and Japan, and has successfully fended them off by adapting its service by voluntarily blurring faces of all individuals captured during the process and vesting more agency in the hands of users to take down information that offends them.

Putting aside the privacy debate over StreetView in other jurisdictions momentarily, I want to raise two questions about India and the Indian law in the context of StreetView: first, does Indian privacy law – that evanescent sub-topic of tort and constitutional law – contain anything useful or even informative which we can bring to bear on this discussion? And, do the specificities of the Indian street life merit a different approach to the privacy question?

On the first question, the legal right to privacy in India has been, for the most part, a child of the higher judiciary. However, despite a fairly substantial volume of case law that has accumulated by now that references "privacy", one cannot suppress a sense that the concept lacks, even today, a definitive articulation. The individual’s privacy in India today is an uneven concept – stronger in some situations and non-existent in others. It is a contingent, rather tame concept of a general right to privacy that we have, from which it is not possible to mount a confident attack against Google.

Given this state of indeterminacy about one’s right to privacy, a case for the extension of this right in public spaces seems even more far-fetched. Indeed, in specific cases, courts have dealt damaging blows to the emergence of such a concept. For instance, in a tort case from colonial times, it was held that a window overlooking a public street would not infringe the privacy of the neighbours across the street. Likewise, in a case involving sex workers, the Supreme Court held that they were not entitled to move freely in a public place due to the very subversive nature of the professions they practiced in private – signalling that the private seeps into the public only as a limiting or negative concept.

Against this context Google’s extension of its opt-out privacy principles to India is commendable, because they are not warranted by the current state of law in the country. Indeed, it may even result in a "wagging the dog" of privacy jurisprudence in India by seeding the notion of a limited "right to public anonymity", which is currently indeterminate in the Indian law. That individuals have no “legitimate expectation of privacy in a public place” is axiomatic in most other common-law jurisdictions and is one of the hidden legal ballasts that supports Google’s StreetView service. However, there has not yet been an occasion for the Supreme Court to pronounce on this question. It is very likely that the court will defer to international precedent on the matter. However, until this eventuality, the legal position on the question must be regarded as unsettled.

Turning briefly to the second question regarding the specificities of the Indian situation, India is home to one of the largest populations of urban homeless persons. To them the street, generally, and pavements and bridges, more specifically, are "home" regardless of their tenuous legal title to these claims. To casually dismiss their claims is to crudely conflate privacy with property, which is insensitive to the tragedies of urban life in India. In his insightful essay on filth and the public sphere, Sudipta Kaviraj makes the fascinating point that "for the poor, homeless and other destitute people" of India, "public means not-private spaces, from which they could not be excluded by somebody’s right to property.

It comprises assets which are owned by some general institution like the government or city municipality which does not exercise fierce vigilance over its properties as individual owners do, and which allows through default, indifference and a strangely lazy generosity, its owned things to be despoiled by those with out other means. Public space is a matter not of collective pride but of desperate uses that can range from free riding to vandalizing.

I would add here that this notion of public space is shared not just by the homeless but Google as well, which has taken advantage of the lazy generosity of the Bengaluru traffic police to appropriate images of the city for its purposes. Like the homeless, Google is willing to cede to competing private interests, if they are asserted strongly enough. (This makes Google StreetView, despite its origins in Mountain View in California, characteristically Indian!) In the past, Google has required users to submit documentary proof of their titles before their claims to opt out are honoured. In the context of the homeless particularly, honouring privacy in India may require a different approach. Fortunately for Google, the homeless are not likely to fiercely assert this right.

To conclude, I will like to clarify that I write to praise Google not to bury him, since Google is an honourable man. Over the past several decades, technology – from wire tapping to DNA tests to paternity tests – has been the site and discursive nucleus that has facilitated an efflorosence of privacy jurisprudence in the country. Two decades ago we did not have Facebook, Google, unsolicited calls and spam, and, correspondingly, neither did we have a sharp notion of our privacy. One awaits with optimism the kinds of changes in privacy jurisprudence that might emerge from StreetView.

Prashant Iyengar is a lawyer and consultant on privacy issues with the Centre for Internet and Society, Bengaluru.

He can be contacted at prashantiyengar@gmail.com.

Read the original published in Tehelka here

For more details visit https://cis-india.org/internet-governance/blog/privacy/street-view-of-private-and-public

Bloggers' Rights Subordinated to Rights of Expression: Cyber Law Expert

elonnai — 2012-03-21T09:35:06Z

Vijayashankar, an eminent cyber law expert answers Elonnai Hickok’s questions on bloggers' rights, freedom of expression and privacy in this e-mail interview conducted on May 19, 2011.

A set of rules relating to regulation of the Internet (mentioned in section 79 of the ITAA, 2008) was released in April 2011. In light of the rules framed under the IT Act, and as part of our research on privacy and Internet users, we have been looking into questions surrounding bloggers’ rights, freedom of expression, and privacy.

The new rules require among other things that intermediaries take down any content that could be considered disparaging. In practice, these rules will act to limit the ability of individuals to express their opinions on the Internet — especially for the bloggers. Though these requirements seem to only impact the freedom of expression of bloggers, a blogger’s privacy rights, especially in relation to the protection of their identity, are also pulled into question. Other issues surrounding bloggers’ rights and privacy include: if bloggers are identified as journalists, then whether they should be afforded the same protections and privileges, e.g., should bloggers have the right to free political speech and should intermediaries have freedom from liability for hosting speech or others’ comments? Are bloggers allowed to publish material that is under copyright on their website?

On May 19, 2011, through e-mail, I had the opportunity to interview Vijayashankar, an expert in cyber law, on issues regarding the rights of bloggers freedom of expression, and privacy. Vijayashankar has authored multiple books on cyber law, taught in many universities, and is an active leader of the Netizen movement in India. Below is a summary of the questions I posed to Vijayashankar and his responses.

I began the interview by trying to understand bloggers’ rights and how they are defined. Often the term 'bloggers' rights is used casually, but it is important to understand the different roles that a blogger plays in order to understand what his/her rights are, how they could be violated, and how they could be protected. Vijayashankar explained that a blog is comprised of two parties: a blogger and an intermediary – which is the application host. Bloggers have many different roles: authors, editors, or publishers of content, and thus, a blogger’s rights should be defined within these contexts. As authors, bloggers write their own article/blog or adds comments to others’ blogs. As such, they should have the freedom to express their thoughts and opinions and determine a level of privacy with which to maintain them, without regulation or censorship from a third party. Though the freedom of expression and privacy should be basic rights for blog authors, bloggers must also be held accountable and responsible for the content that they choose to make public by posting on accessible web pages.

The need for a blogger to be held responsible and accountable is similar to the limitation on speech that informs defamation law, and it means that a blogger cannot be entirely anonymous – at least not once a blog is public and is challenged. Thus, accountability must limit the right to be entirely private and anonymous. Though a blogger should be held accountable, the international implications give rise to thorny issues of jurisdiction and accountability under unforeseen laws: all of which raises the question whether, instead of local jurisdictions seeking to enforce their laws against potentially out-of-the-jurisdiction bloggers, an international third party should be entrusted with the responsibility of holding bloggers accountable and responsible – whether that takes the form of an organization like the WTO or WIPO or looks more like specially trained international arbitrators.

This challenge arises because bloggers live in different jurisdictions where different rules apply, but their opinions cross multiple borders and boundaries. This raises questions such as: Which jurisdictional law should the blogger be accountable to? Should a blogger be held responsible for actions that are considered violations in a jurisdiction in which a blog is read, even if those actions are not violations in the jurisdiction in which it is written? And if a blogger is to be held responsible, who should hold him responsible – the country where the action is considered a violation or his own country – and where does a private party have a cause of action? According to Vijayashankar, blogger’s rights’ are always subordinated to the rights of expression guaranteed to the blogger in his country where he is a citizen.

Furthermore, the rights of a blogger have to be seen in the context of who has the "cause of action" against blog writing, i.e., which party involved has the right to complain. If an individual is a victim of a blog, and that individual is a citizen of another country and is guaranteed certain rights, the blogger's rights cannot override the rights of the victim in his own country. Hence, the victim has the right to invoke law enforcement in his country, and the law enforcement agencies do have a right to seek information from the blogger. If, however, a citizen brings a private civil action against a blogger, the discovery limitations are much more severe across boundaries, and the blogger’s national policy on responding to discovery from other countries will determine the extent to which information from the blogger will be made available. To the extent that the impact of a blogger’s expression reaches across boundaries, his actions should be considered similar to a situation where a citizen of one country does certain things which affect the rights enjoyed by a citizen of another country. It does not seem right that a blogger can say something offensive in one jurisdiction and be held liable, but a different blogger can say the same thing from another jurisdiction and be protected. On the one hand, since the Internet as a medium broadcasts across geographical boundaries, it is the responsibility of the individual countries to erect their "cyber boundaries" if they do not want the broadcast to reach their citizens. On the other, individuals should be able to invoke international laws to seek consistent application of standards about what is actionable and what information is discoverable in support of an action. This suggests that an international tribunal might be the best solution.

Other questions to think about when exploring the idea of a trusted third party holding online bloggers accountable include: who would form the third party, what legal authority/power would they have, would this group also be in charge of reviewing a country’s "cyber boundaries" in addition to holding online bloggers accountable? and how would it avoid being influenced by any one government or by other stakeholders?

Next I asked him for examples of common privacy violations that happen to online users. A few he said included identity theft in the form of phishing, which leads to financial frauds, and is one of the most dangerous consequences of privacy breach. Other examples included manipulation of online profiles in social networking sites to cause annoyance, defamation, and coercion; cyber squatting with content which can be misleading; posting of obscene pictures with or without morphing of victim’s photographs to other obscene photographs/pictures; and SPAM – particularly through mobile phones – are all serious forms of privacy violations.

My third question focused on privacy violations and bloggers. How could a blogger’s rights be compromised, especially with a focus on privacy? For bloggers, is privacy important simply to protect their identity and content, or are there other implications for privacy and bloggers? In our research we have looked into ways in which practices such as data retention by ISPs, government/law enforcements’ access to web content including private conversations, and poorly established user control over privacy settings on websites can violate online users’ privacy. According to Vijayashankar, a blogger is mainly concerned about privacy in the context of protecting his identity. It is important for bloggers to protect their identity because the content they create could be considered controversial or illegal in different regions. Thus, it is critical for bloggers to have the right to blog anonymously. An exception to this right is that if the blog is so offensive then the law enforcement agency can take action. In some countries individuals also can sue bloggers. To help protect bloggers from unreasonable and ungrounded searches, Vijayashankar suggested that a mechanism be created by which international and domestic law enforcement agencies can request 'sensitive' information. This mechanism would work to filter and evaluate requests for information without bias, and according to a country’s law own domestic law.

I then asked him what legal protections he felt bloggers needed. He said that he believes that it is important that bloggers and online users’ right to anonymity, protection of identity and freedom of expression (political and non-political) are protected from excessive regulations. An interesting point that he raised was about the protection of bloggers from international requests for information. According to –him — bloggers can be protected only to the extent to which their rights are protected in their own country. If a request for information comes to a law enforcement agency of a country of which the blogger is a citizen, information may need to be released unless an “asylum” has been granted.

An example of the situation Vijayashankar is referring to is that if a blogger in India writes content that is found to be controversial by the U.S Government; the U.S Government then has a right to request and access that information, unless the Indian Government provides protection over the citizen and the information and refuses to release it. Though right to information requests tend to be governmental, this rule changes if it is a citizen requesting information. Very rarely can a citizen of one country request information about a blogger from another country and gain access. The question of international discovery over Internet material is one that has many angles that need to be taken into consideration – a few being: what the content on the blog contained; was the content against an individual or a government; who is requesting the information — a citizen or the government, and whom are they requesting the information from? For example, in the US Supreme Court case, Calder vs. Jones 465 U.S. 783 (1984), information about a woman, Shirley Jones, was published in another state, but the court ruled that the wrongful action was directed to her where she was.

A large part of the debate over bloggers’ rights is centered on governments’ need to monitor online activity. Developments such as the new rules to the IT Act, the Indian Government’s request for blackberry’s encryption keys, and the news about the government wiretapping citizens’ phones show that the Government of India is demanding access to see and regulate content created by online users in India. When asked about bloggers’ rights and government access to content, Vijayashankar stressed that there has to be a mechanism to check the requests from government agencies, and any such mechanism should have popular representation. He went on to explain that presently an order for the blocking of a blog or for private information is made by a government agency or a court. Unfortunately, government agencies may be responsive to certain interests. Likewise, decisions of conventional courts can be inconsistent. Therefore, it is important that a mechanism that reflects the common person’s input is put in place. This could either be a stand-alone private body, such as Netizen Protection Agency, acting as one more layer of protection, or the government body itself could build in adequate public representation. Courts would need to recognize such bodies and seek their opinion as an input to any dispute. This is an innovative option, but one that is a radical departure from the view of a court as an impartial tribunal that is supposed to weigh every matter independently on its merits.

Lastly, I asked if a privacy legislation could address the issue at hand i.e., could a privacy legislation work to protect bloggers’ rights by providing them identity protection and protection of their content and in general what should be included in a comprehensive privacy legislation? Though India already addresses bloggers’ rights through the Information Technology Act, it could be possible that privacy legislation could establish a third party group to work to protect bloggers’ rights and hold both governments and bloggers’ accountable. When asked what should be included in a comprehensive privacy legislation, Vijayashankar suggested that it should recognize that privacy rights of individuals are part of the larger interests of the society, and a comprehensive legislation should work to take all the stakeholders into consideration.

For more details visit https://cis-india.org/internet-governance/blog/privacy/bloggers-rights-and-privacy

Big Brother is Watching You

sunil — 2012-03-21T09:32:28Z

The government is massively expanding its surveillance power over law-abiding citizens and businesses, says Sunil Abraham in this article published by the Deccan Herald on June 1, 2011.

Imagine: An HIV positive woman calls a help-line from an ISD/STD booth. The booth operator can get to know who she called, when and for how long. But he would not have any idea on who she is or where she lives.

Now, instead of a phone call, imagine that she uses a cyber café to seek help on a website for HIV positive people. The cyber-cafe operator would have a copy of her ID – remember that many ID documents have phone numbers and addresses. He may then take her photograph using his own camera. One can only hope that he will take only a mug-shot without using the zoom lens inappropriately. He would also use a software – to log her Internet activities and make a reasonable guess on her HIV status.

The average Facebook page may have 50 different URLs to display the various images, animations and videos that are linked to that page. Each of those URLs would be stored, regardless of whether she scrolls down to see any of them.

The cyber-cafe operator is obliged under the Cyber Cafe rules to store this information for a period of one year. But there are no clear guidelines on when and how he should dispose of these logs. An unethical operator could leak the logs to a marketeer, a spammer, a neighbourhood Romeo or the local moral police. A careless operator maybe vulnerable to digital or physical theft and before you know it, such logs could end up on the Internet.

Ever since 26/11, cyber-cafes in metros have been photocopying ID documents – but so far not a single terrorist attack has been foiled or a crime solved thanks to this highly intrusive measure. But despite the lack of evidence to prove the efficacy of the current levels of surveillance, the government has decided to expand them exponentially.

Imagine again: A media organisation such as Deccan Herald is investigating a public interest issue with the help of a whistle-blower or an anonymous informant. Deccan Herald reporters may think that by turning the encryption on when using Gmail or Hotmail they are protecting their source.

But the ISP serving Deccan Herald is obliged by the license terms to log all traffic be it broadband, dial-up or mobile users passing through it. Again, there are no clear guidelines on when to delete these logs and none of the Indian ISPs publicly publish a data retention policy. Besides retaining data, the ISPs have to install real-time surveillance equipment within their network infrastructure and make them available for government officials. If a government official wants to track who is talking to Deccan Herald reporters, he just has to ask.

With ISPs and online service providers – all the police have to do is send an information request under Section 92 of the Code of Criminal Procedure. In other words, they don't even have to bother about a court order. Between January 2010 to June 2010 Google received 1,430 information requests from India. Many other companies, for example, Microsoft, are not as transparent as Google about the state surveillance. So we will never know what they are subjected to.

If the whistle-blower was using Blackberry, all traffic would be transferred from the device to the RIM's Network Operation Centre situated outside India in an encrypted tunnel before it travels onto the Internet. This prevents the government from learning which mail server is being used from the logs and surveillance equipment at the ISP premises. And that is why the government has been engaged in a five-year long public fight with RIM over access to Blackberry traffic.

Now, thanks to the IT Act, the government can demand the service providers, including RIM, to hand over the decryption keys by accusing any individual of a variety of vague offenses -- for example engaging in communication that is ‘grossly harmful’ or ‘harms minors in any way’ – under the IT Act. Refusal to hand over the keys is punishable with a jail term of three years.

Finally, imagine that an Indian enterprise is developing trade-secrets or handling trade-secrets on behalf of their international partners. This enterprise is using a VPN or virtual private network for confidential digital communication. As per the ISP license all encryption above 40-bit is only permitted with written permission from DoT along with mandatory deposit of the decryption key.

In the age of wire-tap leaks, only a miniscule minority of international business partners would trust the government of India not to leak or misuse the keys that have been deposited with them. Most individuals, SMEs and large enterprises routinely use encryption higher than 40 bit strength. For example, Gmail uses128 bit and Skype uses 256 bit encryption. Many services use dynamic encryption, that is generate different keys for each session.

So far I have not heard of anyone who has actually secured permission or deposited the keys. In other words, the Indian enterprise has two choices – either break the law to protect business confidentiality or obey it and lose clients.

The IT Act (Amendment 2008) and its associated Rules, notified in April this year are a massive expansion of blanket surveillance on ordinary, law-abiding Indians. They represent a paradigm shift in surveillance and a significant dilution in privacy protections afforded to citizens under the Telegraph Act.

This has terrifying consequences for our plural society, free media and businesses. Department of Information Technology in particular Dr. Gulshan Rai's office has so far only brushed aside these concerns and denied receiving feedback from the industry and civil society. If our media continues to ignore this clamp down on our civil liberties, we will soon have to furnish ID documents before purchasing thumb drives. After all, Bin Laden was found using them in his Abbottabad home.

Read the original here

For more details visit https://cis-india.org/internet-governance/blog/big-brother-watching-you