Centre for Internet and Society

Driving in the Surveillance Society: Cameras, RFID tags and Black Boxes...

maria — 2013-07-12T15:26:33Z

In this post, Maria Xynou looks at red light cameras, RFID tags and black boxes used to monitor vehicles in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

How many times in your life have you heard of people been involved in car accidents and of pedestrians being hit by red-light-running vehicles? What if there could be a solution for all of this? Well, several countries, including the United States, the United Kingdom and Singapore, have already adopted measures to tackle vehicle accidents and fatalities, some of which include traffic enforcement cameras and other security measures. India is currently joining the league by not only installing red light cameras, but by also including radio frequency identification (RFID) tags on vehicles´ number plates, as well as by installing electronic toll collection systems and black boxes in some automobiles. Although such measures could potentially increase our safety, privacy concerns have arisen as it remains unclear how data collected will be used.

Red light cameras

Last week, the Chennai police announced that it plans to install traffic enforcement cameras, otherwise known as red light cameras, at 240 traffic signals over the next months, in order to put an end to car thefts in the city. Red light cameras, which capture images of vehicles entering an intersection against a red traffic light, have been installed in Bangalore since early 2008 and a study indicates that they have reduced the traffic violation rates. A 2003 report by the National Cooperative Highway Research Programme (NCHRP) examined studies from the previous 30 years in the United States, the United Kingdom, Australia and Singapore and concluded that red light cameras ´improve the overall safety of intersections when they are used´.

However, how are traffic violation rates even measured? According to Barbara Langland Orban, an associate professor of health policy and management at the University of South Florida:

“Safety is measured in crashes, in particular injury crashes, and violations are not a proxy for injuries. Also, violations can be whatever number an agency chooses to report, which is called an ‘endogenous variable’ in research and not considered meaningful as the number can be manipulated. In contrast, injuries reflect the number of people who seek medical care, which cannot be manipulated by the reporting methods of jurisdictions.”

Last year, the Bombay state government informed the High Court that the 100 CCTV cameras installed at traffic junctions in 2006-2007 were unsuitable for traffic enforcement because they lacked the capacity of automatic processing. Nonetheless, red light cameras, which are capable of monitoring speed and intersections with stop signals, are currently being proliferated in India. Yet, questions remain: Do red light cameras adequately increase public safety? Do they serve financial interests? Do they violate driver´s due-process rights?

RFID tags and Black Boxes

A communication revolution is upon us, as Maharashtra state transport department is currently including radio frequency identification (RFID) tags on each and every number plate of vehicles. This ultimately means that the state will be able to monitor your vehicle´s real-time movement and track your whereabouts. RFID tags are not only supposedly used to increase public safety by tracking down offenders, but to also streamline public transport timetables. Thus, the movement of buses and cars would be precisely monitored and would provide passengers minute-to-minute information at bus stops. Following the 2001 amendment of Rule 50 of the Central Motor Vehicles Rules, 1989, new number plates with RFID tags have been made mandatory for all types of motor vehicles throughout India.

RFID technology has also been launched at Maharashtra´s state border check-posts. Since last year, the state government has been circulating RFID stickers to trucks, trailers and tankers, which would not only result in heavy goods vehicles not having to wait in long queues for clearance at check-posts, but would also supposedly put an end to corruption by RTO officials.

By 31 March 2014, it is estimated that RFID-based electronic toll collection (ETC) systems will be installed on all national highways in India. According to Dr. Joshi, the Union Minister for Road Transport and Highways:

“The RFID technology shall expedite the clearing of traffic at toll plazas and the need of carrying cash shall also be eliminated when toll plazas shall be duly integrated with each other throughout India.”

Although Dr. Joshi´s mission to create a quality highway network across India and to increase the transparency of the system seems rational, the ETC system raises privacy concerns, as it uniquely identifies each vehicle, collects data and provides general vehicle and traffic monitoring. This could potentially lead to a privacy violation, as India currently lacks adequate statutory provisions which could safeguard the use of our data from potential abuse. All we know is that our vehicles are being monitored, but it remains unclear how the data collected will be used, shared and retained, which raises concerns.

The cattle and pedestrians roaming the streets in India appear to have increased the need for the installation of an Event Data Recorder (EDR), otherwise known as a black box, which is a device capable of recording information related to crashes or accidents. The purpose of a black box is to record the speed of the vehicle at the point of impact in the case of an accident and whether the driver had applied the brakes. This would help insurance companies in deciding whether or not to entertain insurance claims, as well as to determine whether a driver is responsible for an accident.

Black boxes for vehicles are already being designed, tested and installed in some vehicles in India at an affordable cost. In fact, manufacturers in India have recommended that the government make it mandatory for cars to be fitted with the device, rather than it being optional. But can we have privacy when our cars are being monitored? This is essentially a case of proactive monitoring which has not been adequately justified yet, as it remains unclear how information would be used, who would be authorised to use and share such information, and whether its use would be accounted for to the individual.

Are monitored cars safer?

The trade-off is clear: the privacy and anonymity of our movement is being monitored in exchange for the provision of safety. But are we even getting any safety in return? According to a 2005 Federal Highway Administration study, although it shows a decrease in front-into-side crashes at intersections with cameras, an increase in rear-end crashes has also been proven. Other studies of red light cameras in the US have shown that more accidents have occurred since the installation of traffic enforcement cameras at intersections. Although no such research has been undertaken in India yet, the effectiveness, necessity and utility of red light cameras remain ambiguous.

Furthermore, there have been claims that the installation of red light cameras, ETCs, RFID tags, black boxes and other technologies do not primarily serve the purpose of public security, but financial gain. A huge debate has arisen in the United States on whether such monitoring of vehicles actually improves safety, or whether its primary objective is to serve financial interests. Red light cameras have already generated about $1.5 million in fines in the Elmwood village of Ohio, which leads critics to believe that the installation of such cameras has more to do with revenue enhancement than safety. The same type of question applies to India and yet a clear-cut answer has not been reached.

Companies which manufacture vehicle tracking systems are widespread in India, which constitutes the monitoring of our cars a vivid reality. Yet, there is a lack of statutory provisions in India for the privacy of our vehicle´s real-time movement and hence, we are being monitored without any safeguards. Major privacy concerns arise in regards to the monitoring of vehicles in India, as the following questions have not been adequately addressed: What type of data is collected in India through the monitoring of vehicles? Who can legally authorize access to such data? Who can have access to such data and under what conditions? Is data being shared between third parties and if so, under what conditions?How long is such data being retained for?

And more importantly: Why is it important to address the above questions? Does it even matter if the movement of our vehicles is being monitored? How would that affect us personally? Well, the monitoring of our cars implies a huge probability that it´s not our vehicles per se which are under the microscope, but us. And while the tracking of our movement might not end us up arrested, interrogated, tortured or imprisoned tomorrow...it might in the future. As long as we are being monitored, we are all suspects and we may potentially be treated as any other offender who is suspected to have committed a crime. The current statutory omission in India to adequately regulate the use of traffic enforcement cameras, RFID tags, black boxes and other technologies used to track and monitor the movement of our vehicles can potentially violate our due process rights and infringe upon our right to privacy and other human rights. Thus, the collection, access, use, analysis, sharing and retention of data acquired through the monitoring of vehicles in India should be strictly regulated to ensure that we are not exposed to our defenceless control.

Maneuvering our monitoring

Nowadays, surveillance appears to be the quick-fix solution for everything related to public security; but that does not need to be the case.

Instead of installing red light cameras monitoring our cars´ movements and bombarding us with fines, other ´simple´ measures could be enforced in India, such as increasing the duration of the yellow light between the green and the red, re-timing lights so drivers will encounter fewer red ones or increasing the visibility distance of the traffic lights so that it is more likely for a driver to stop. Such measures should be enforced by governments, especially since the monitoring of our vehicles is not adequately justified.

Strict laws regulating the use of all technologies monitoring vehicles in India, whether red light cameras, RFID tags or black boxes, should be enacted now. Such regulations should clearly specify the terms of monitoring vehicles, as well as the conditions under which data can be collected, accessed, shared, used, processed and stored. The enactment of regulations on the monitoring of vehicles in India could minimize the potential for citizens´ due process rights to be breached, as well as to ensure that their right to privacy and other human rights are legally protected. This would just be another step towards preventing ubiquitous surveillance and if governments are interested in protecting their citizens´ human rights as they claim they do, then there is no debate on the necessity of regulating the monitoring of our vehicles. The question though which remains is:

Should we be monitored at all?

For more details visit http://editors.cis-india.org/internet-governance/blog/driving-in-the-surveillance-society-cameras-rfid-black-boxes

Workshop on the Unique Identity Number (UID), the National Population Register (NPR) and Governance: What will happen to our data?

maria — 2013-07-12T15:28:50Z

On March 2nd, 2013, the Centre for Internet and Society and the Say No to UID campaign organized a workshop to discuss the present state of the UID and NPR schemes. Some of the questions which were addressed included ´How do the UID and NPR impact citizenship´, ´Why and how is national security linked to UID/NPR´, and ´What is the relationship between UID and Big Data´.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

“The UIDAI will own our data...When we hand over information, we hand over the ownership of that data...”, stated Usha Ramanathan, legal researcher and human rights activist.She also pointed out that, although the UID has been set up by an executive order, there is no statute which legally backs up the UID. In other words, the collection of our data through the UID scheme is currently illegal in India, hinging only on an executive order. However, Usha Ramanathan stated that if the UID scheme is going to be carried out, it is highly significant that a statute for the UID is enacted to prevent potential abuse of human rights, especially since the UIDAI is currently collecting, sharing, using and storing our data on untested grounds.

´What is alarming is that the Indian government has not even attempted to legalize the UID! When a government does not even care about legalizing its actions, then we have much bigger problems...”

The NPR is legally grounded in the provisions of the Citizenship Act 1955 and in the Citizenship Rules 2003 and it is mandatory for every usual resident in India to register with the NPR. Even though the collection of biometrics is not accounted for in the statute or rules, the NPR is currently collecting photographs, iris prints and fingerprints. Concerns regarding the use of biometrics in the UID and NPR schemes were raised during the workshop; biometrics are not infallible and can be spoofed, an individual´s biometrics can change in response to a number of factors (including age, environment and stress), the accuracy of a biometric match depends on the accuracy of the technology used and the larger the population is, the higher the probability of an error. Thus, individuals are required to re-enrol every two to three years, to ensure that the biometric data collected is accurate; but the accuracy of the data is not the only problem. The Indian government is illegally collecting biometrics and as of yet has not amended the 2003 Citizenship Rules to include the collection of biometrics! As Usha Ramanathan stated:

“It´s not really about the UID and the NPR per se...it´s more about the idea of profiling citizens and the technologies which enable this...”

In his presentation, Anant Maringanti, from the Hyderabad Urban Labs and Right to the City Foundation, stated that even though seventy seven lakh duplicates have been found, no action has been taken, other than discarding one of them. Despite the fact that enrolment with the UID is considered to be voluntary, children in India are forced to get a unique identification number as a prerequisite of going to school. Anant emphasized that the UID scheme supposedly provides some form of identity to the poor and marginalised groups in India, but it actually targets some of the most vulnerable groups of people, such as HIV patients and sex workers. Furthermore, though Indians living below the poverty line (BPL) are eligible for direct cash transfer programmes, apparently registration with the UID scheme is considered essential to determine whether beneficiaries belong in the BLP category. This is problematic as individuals who have not enrolled in the UID or do not want to enroll in the UID could risk being denied benefits because they did not enroll and thus were not classified in the BPL category. Anant also pointed out that, linking biometric data to a bank account through the UID scheme is basically exposing personal data to fraud. Anant Maringanti characteristically stated:

“I wish the 100 people applying the UID scheme had UIDs so that we could track them...!”

Following the end of the workshop on the UID and NPR schemes, CIS interviewed Usha Ramanathan and Anant Maringanti:

The workshop can be viewed in two parts:

For more details visit http://editors.cis-india.org/internet-governance/blog/workshop-on-the-uid-and-npr

Hacking without borders: The future of artificial intelligence and surveillance

maria — 2013-07-12T15:30:27Z

In this post, Maria Xynou looks at some of DARPA´s artificial intelligence surveillance technologies in regards to the right to privacy and their potential future use in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Robots or computer systems controlling our thoughts is way beyond anything I have seen in science fiction; yet something of the kind may be a reality in the future. The US Defence Advanced Research Projects Agency (DARPA) is currently funding several artificial intelligence projects which could potentially equip governments with the most powerful weapon possible: mind control.

Combat Zones That See (CTS)

Source: swanksalot on flickr

Ten years ago DARPA started funding the Combat Zones That See (CTS) project, which aims to ´track everything that moves´ within a city through a massive network of surveillance cameras linked to a centralized computer system. Groundbreaking artificial intelligence software is being used in the project to identify and track all movement within cities, which constitutes Big Brother as a reality. The computer software supporting the CTS is capable of automatically identifying vehicles and provides instant alerts after detecting a vehicle with a license plate on a watch list. The software is also able to analyze the video footage and to distinguish ´normal´ from ´abnormal´ behavior, as well as to discover links between ´places, subjects and times of activity´ and to identify patterns. With the use of this software, the CTS constitute the world´s first multi-camera surveillance system which is capable of automatically analyzing video footage.

Although the CTS project was initially intended to be used for solely military purposes, its use for civil purposes, such as combating crime, remains a possibility. In 2003 DARPA stated that 40 million surveillance cameras were already in use around the world by law enforcement agencies to combat crime and terrorism, with 300 million expected by 2005. Police in the U.S. have stated that buying new technology which may potentially aid their work is an integral part of the 9/11 mentality. Considering the fact that literally millions of CCTV cameras are installed by law enforcement agencies around the world and that DARPA has developed the software that has the capability of automatically analyzing data gathered by CCTV cameras, it is very possible that law enforcement agencies are participating in the CTS network.

However if such a project was used for non-military level purposes, it could raise concerns in regards to data protection, privacy and human rights. As a massive network of surveillance cameras, the CTS ultimately could enable the sharing of footage between private parties and law enforcement agencies without individuals´ knowledge or consent. Databases around the world could be potentially linked to each other and it remains unclear what laws would regulate the access, use and retention of such databases by law enforcement agencies of multiple countries. Furthermore, there is no universal definition for ´normal´ and ´abnormal´ behaviour, thus if the software is used for its original purpose, to distinguish between “abnormal” and “normal” behaviour, and used beyond military purposes, then there is a potential for abuse, as the criteria for being monitored, and possibly arrested, would not be clearly set out.

Mind´s Eye

Source: watchingfrogsboil on flickr

A camera today which is only capable of recording visual footage appears futile in comparison to what DARPA´s creating: a thinking camera. The Mind´s Eye project was launched in the U.S. in early 2011 and is currently developing smart cameras endowed with ´visual intelligence´. This ultimately means that artificial intelligence surveillance cameras can not only record visual footage, but also automatically detect ´abnormal´ behavior, alert officials and analyze data in such a way that they are able to predict future human activities and situations.

Mainstream surveillance cameras already have visual-intelligence algorithms, but none of them are able to automatically analyze the data they collect. Data analysts are usually hired for analyzing the footage on a per instance basis, and only if a policeman detects ´something suspicious´ in the footage. Those days are over. General James Cartwright, the vice chairman of the Joint Chiefs of Staff, stated in an intelligence conference that “Star[ing] at Death TV for hours on end trying to find the single target or see something move is just a waste of manpower.” Today, the Mind´s Eye project is developing smart cameras equipped with artificial intelligence software capable of identifying operationally significant activity and predicting outcomes.

Mounting these smart cameras on drones is the initial plan; and while that would enable military operations, many ethical concerns have arisen in regards to whether such technologies should be used for ´civil purposes.´ Will law enforcement agencies in India be equipped with such cameras over the next years? If so, how will their use be regulated?

SyNAPSE

Source: A Health Blog on flickr

The Terminator could be more than just science fiction if current robots had artificial brains with similar form, function and architecture to the mammalian brain. DARPA is attempting this by funding HRL Laboratories, Hewlett-Packard and IBM Research to carry out this task through the Systems of Neuromorphic Adaptive Plastic Scalable Electronics (SyNAPSE) programme. Is DARPA funding the creation of the Terminator? No. Such artificial brains would be used to build robots whose intelligence matches that of mice and cats...for now.

SyNAPSE is a programme which aims to develop electronic neuromorphic machine technology which scales to biological levels. It started in the U.S. in 2008 and is scheduled to run until around 2016, while having received $102.6 million in funding as of January 2013. The ultimate aim is to build an electronic microprocessor system that matches a mammalian brain in power consumption, function and size. As current programmable machines are limited by their computational capacity, which requires human-derived algorithms to describe and process information, SyNAPSE´s objective is to create biological neural systems which can autonomously process information in complex environments. Like the mammalian brain, SyNAPSE´s cognitive computers would be capable of automatically learning relevant and probabilistically stable features and associations, as well as of finding correlations, creating hypotheses and generally remembering and learning through experiences.

Although this original type of computational device could be beneficial to predict natural disasters and other threats to security based on its cognitive abilities, human rights questions arise if it were to be used in general for surveillance purposes. Imagine surveillance technologies with the capacity of a human brain. Imagine surveillance technologies capable of remembering your activity, analyzing it, correlating it to other facts and/or activities, and of predicting outcomes; and now imagine such technology used to spy on us. That might be a possibility in the future.

Such cognitive technology is still in an experimental phase and although it could be used to tackle threats to security, it could also potentially be used to monitor populations more efficiently. No such technology currently exists in India, but it could only be a matter of time before Indian law enforcement agencies start using such artificial intelligence surveillance technology to supposedly enhance our security and protect us.

Brain-Computer Interface (BCI)

Remember Orwell's ´Thought Police´? Was Orwell exaggerating just to get his point across? Well, the future appears to be much scarier than Orwell's vision depicted in 1984. Unlike the ´Thought Police´ which merely arrested individuals who openly expressed ideas or thoughts which contradicted the Party´s dogma, today, technologies are being developed which can literally read our thoughts.

Once again, DARPA appears to be funding one of the world´s most innovative projects: the Brain-Computer Interface (BCI). The human brain is far better at pattern matching than any computer, whilst computers have greater analytical speed than human brains. The BCI is an attempt to merge the two together, and to enable the human brain to control robotic devices and other machines. In particular, the BCI is comprised of a headset (an electroencephalograph - an EEG) with sensors that rest on the human scalp, as well as of software which processes brain activity. This enables the human brain to be linked to a computer and for an individual to control technologies without moving a finger, but by merely thinking of the action.

Ten years ago it was reported that the brains of rats and monkeys could control robot arms through the use of such technologies. A few years later brainstem implants were developed to tackle deafness. Today, brain-computer interface technologies are able to directly link the human brain to computers, thus enabling paralyzed people to conduct computer activity by merely thinking of the actions, as well as to control robotic limbs with their thoughts. BCIs appear to open up a new gateway for disabled persons, as all previously unthinkable actions, such as typing on a computer or browsing through websites, can now be undertaken by literally thinking about them, while using a BCI.

Brain-controlled robotic limbs could change the lives of disabled persons, but ethical concerns have arisen in regards to the BCI´s mind-reading ability. If the brain can be used to control computers and other technologies, does that ultimately mean that computers can also be used to control the human brain? Researchers from the University of Oxford and Geneva, and the University of California, Berkley, have created a custom programme that was specially designed with the sole purpose of finding out sensitive data, such as an individuals´ home location, credit card PIN and date of birth. Volunteers participated in this programme and it had up to 40% success in obtaining useful information. To extract such information, researchers rely on the P300 response, which is a very specific brainwave pattern that occurs when a human brain recognizes something that is meaningful, whether that is personal information, such as credit card details, or an enemy in a battlefield. According to DARPA:

´When a human wearing the EEG cap was introduced, the number of false alarms dropped to only five per hour, out of a total of 2,304 target events per hour, and a 91 percent successful target recognition rate was introduced.´

This constitutes the human brain as a new warfighting domain of the twenty-first century, as experiments have proven that the brain can control and maneuver quadcopter drones and other military technologies. Enhanced threat detection through BCI´s scan for P300 responses and the literal control of military operations through the brain, definitely appear to be changing the future of warfare. Along with this change, the possibility of manipulating a soldier´s BCI during conflict is real and could lead to absolute chaos and destruction.

Security expert, Barnaby Jack, of IOActive demonstrated the vulnerability of biotechnological systems, which raises concerns that BCI technologies may also potentially be vulnerable and expose an individual's´ brain to hacking, manipulation and control by third parties. If the brain can control computer systems and computer systems are able to detect and distinguish brain patterns, then this ultimately means that the human brain can potentially be controlled by computer software.

Will BCI be used in the future to interrogate terrorists and suspects? What would that mean for the future of our human rights? Can we have human rights if authorities can literally hack our brain in the name of national security? How can we be protected from abuse by those in power, if the most precious thing we have - our thoughts - can potentially be hacked? Human rights are essential because they protect us from those in power; but the privacy of our thoughts is even more important, because without it, we can have no human rights, no individuality.

Sure, the BCI is a very impressive technological accomplishment and can potentially improve the lives of millions. But it can also potentially destroy the most unique quality of human beings: their personal thoughts. Mind control is a vicious game to play and may constitute some of the scariest political novels as a comedy of the past. Nuclear weapons, bombs and all other powerful technologies seem childish compared to the BCI which can literally control our mind! Therefore strict regulations should be enacted which would restrict the use of BCI technologies to visually impaired or handicapped individuals. Though these technologies currently are not being used in India, explicit laws on the use of artificial intelligence surveillance technologies should be enacted in India, to help ensure that they do not infringe upon the right to privacy and other human rights.

Apparently, anyone can buy Emotiv or Neurosky BCI online to mind control their computer with only $200-$300. If the use of BCI was imposed in a top-down manner, then maybe there would be some hope that people would oppose its use for surveillance purposes; but if the idea of mind control is being socially integrated...the future of privacy seems bleak.

For more details visit http://editors.cis-india.org/internet-governance/blog/hacking-without-borders-the-future-of-artificial-intelligence-and-surveillance

A Comparison of the Draft DNA Profiling Bill 2007 and the Draft Human DNA Profiling Bill 2012

maria — 2013-07-12T15:32:08Z

In this post, Maria Xynou gives us a comparison of the Draft DNA Profiling Bill 2007 and the Draft Human DNA Profiling Bill 2012.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Last April, the most recent version of the DNA Profiling Bill was leaked in India. The draft 2007 DNA Profiling Bill failed to adequately regulate the collection, use, sharing, analysis and retention of DNA samples, profiles and data, whilst its various loopholes created a potential for abuse. However, its 2012 amended version is not much of an improvement. On the contrary, it excessively empowers the DNA Profiling Board, while remaining vague in terms of collection, use, analysis, sharing and storage of DNA samples, profiles and data. Due to its ambiguity and lack of adequate safeguards, the draft April 2012 Human DNA Profiling Bill can potentially enable the infringement of the right to privacy and other human rights.

**Draft 2007 DNA Profiling Bill vs. Draft 2012 Human DNA Profiling Bill**

1. Composition of the DNA Profiling Board

Amendment: The Draft 2007 DNA Profiling Bill listed the members which would be appointed by the Central Government to comprise the DNA Profiling Board. A social scientist of national eminence, as stated in section 4(q) of Chapter 3, was included. However, the specific section has been deleted from the Draft 2012 Human DNA Profiling Bill and no other social scientist has been added to the list of members to comprise the DNA Profiling Board. Despite the amendments to the section on the composition of the Board, no privacy or human rights expert has been included.

Analysis: The lack of human rights experts on the board can potentially be problematic as a lack of expertise on privacy laws and other human rights laws can lead to the regulation of DNA databases without taking privacy and other civil liberties into consideration.

DNA 2007 Bill (Section 4): “The DNA Profiling Board shall consist of the following members appointed by the Central Government from amongst persons of ability, integrity and standing who have knowledge or experience in DNA profiling including molecular biology, human genetics, population biology, bioethics , social sciences, law and criminal justice or any other discipline which would, in the opinion of the Central Government, be useful to DNA Profiling , namely: (a) a Renowned Molecular Biologist to be appointed by the Central Government Chairperson, (b) Secretary, Ministry of Law and Justice, or his nominee ex-officio Member; (c) Chairman, Bar Council of India, New Delhi or his nominee ex-officio Member; (d) Vice Chancellor, NALSAR University of Law, Hyderabad ex-officio Member; (e) Director, Central Bureau of Investigation or his nominee ex-officio Member; (f) Chief Forensic Scientist, Directorate of Forensic Science, Ministry of Home Affairs, New Delhi ex-officio Member; (g) Director, National Crime Records Bureau, New Delhi ex-officio Member; (h) Director, National Institute of Criminology and Forensic Sciences, New Delhi ex-officio Member; (i) a Forensic DNA Expert to be nominated by Secretary, Ministry of Home Affairs, New Delhi, Government of India Member; (j) a DNA Expert from All India Institute of Medical Sciences, New Delhi to be nominated by its Director, Member; (k) a Population Geneticist to be nominated by the President, Indian National Science Academy, New Delhi Member; (l) an Expert to be nominated by the Director, Indian Institute of Science, Bangalore Member; (m) Director, National Accreditation Board for Testing and Calibration of Laboratories, New Delhi ex-officio Member; (n) Director, Centre for Cellular and Molecular Biology, Hyderabad ex-officio Member; (o) Representative of the Department of Bio-technology, Government of India, New Delhi to be nominated by Secretary, DBT, Ministry of S&T, Government of India Member; (p) The Chairman, National Bioethics Committee of Department of Biotechnology, Government of India, New Delhi ex-officio Member; (q) a Social Scientist of National Eminence to be nominated by Secretary, MHRD, Government of India Member; (r) four Directors General of Police representing different regions of the country to be nominated by MHA Members; (s) two expert Members to be nominated by the Chairperson Members (t) Manager, National DNA Data Bank ex-officio Member; (u) Director, Centre for DNA and Fingerprinting and Diagnostics (CDFD), Hyderabad ex-officio Member Secretary”

DNA April 2012 Bill (Section 4):“The Board shall consist of the following Members appointed from amongst persons of ability, integrity and standing who have knowledge or experience in DNA profiling including molecular biology, human genetics, population biology, bioethics, social sciences, law and criminal justice or any other discipline which would be useful to DNA profiling, namely:- (a) A renowned molecular biologist to be appointed by the Central Government- Chairperson; (b) Vice Chancellor of a National Law University established under an Act of Legislature to be nominated by the Chairperson- ex-officio Member; (c) Director, Central Bureau of Investigation or his nominee (not below the rank of Joint Director)- ex-officio Member; (d) Director, National Institute of Criminology and Forensic Sciences, New Delhi- ex-officio Member;(e) Director General of Police of a State to be nominated by Ministry of Home Affairs, Government of India- ex-officio Member; (f) Chief Forensic Scientist, Directorate of Forensic Science, Ministry of Home Affairs, Government of India - ex-officio Member (g) Director of a Central Forensic Science Laboratory to be nominated by Ministry of Home Affairs, Government of India- ex-officio Member; (h) Director of a State Forensic Science Laboratory to be nominated by Ministry of Home Affairs, Government of India- ex-officio Member; (i) Chairman, National Bioethics Committee of Department of Biotechnology, Government of India- ex-officio Member; (j) Director, National Accreditation Board for Testing and Calibration of Laboratories, New Delhi- exofficio Member; (k) Financial Adviser, Department of Biotechnology, Government of India or his nominee- ex-officio Member; (l) Two molecular biologists to be nominated by the Secretary, Department of Biotechnology, Ministry of Science and Technology, Government of India- Members; (m) A population geneticist to be nominated by the President, Indian National Science Academy, New Delhi- Member; (n) A representative of the Department of Biotechnology, Government of India to be nominated by the Secretary, Department of Biotechnology, Ministry of Science and Technology, Government of India- Member; (o) Director, Centre for DNA and Fingerprinting and Diagnostics (CDFD), Hyderabad- ex-officio Member- Secretary”

2. Powers and functions of the Chief Executive Officer

Amendment: Although the Chief Executive Officer´s (CEO) powers and functions are set out in the 2007 Draft DNA Bill, these have been deleted from the amended 2012 Draft Bill. The Draft 2012 Bill merely states how the CEO will be appointed, the CEO´s status and that the CEO should report to the Member Secretary of the Board. As for the powers and functions of the CEO, the 2012 Bill states that they will be specified by the Board, without any reference to what type of duties the CEO would be eligible for. Furthermore, section 10(3) has been added which determines that the CEO will be ´a scientist with understanding of genetics and molecular biology´.

Analysis: The lack of legal guidelines which would determine the scope of such regulations indicates that the CEO´s power is subject to the Board. This could create a potential for abuse, as the CEO´s power and the criteria for the creation of the regulations by the Board are not legally specified. Although an understanding of genetics and molecular biology is a necessary prerequisite for the specific CEO, an official understanding of privacy and human rights laws should also be a prerequisite to ensure that tasks are carried out adequately in regards to privacy and data protection.

DNA 2007 Bill (Section 11):“(1) The DNA Profiling Board shall have a Chief Executive Officer who shall be appointed by the Selection Committee consisting of Chairperson and four other members nominated by the DNA Profiling Board. (2) The Chief Executive Officer shall be of the rank of Joint Secretary to the Govt. of India and report to the Member Secretary of the DNA Profiling Board. (3)The Chief Executive Officer appointed under sub-section (1)shall exercise powers of general superintendence over the affairs of the DNA Profiling Board and its day-to-day management under the direction and control of the Member Secretary. (4) The Chief Executive Officer shall be responsible for the furnishing of all returns, reports and statements required to be furnished, under this Act and any other law for the time being in force, to the Central Government. (5) It shall be the duty of the Chief Executive Officer to place before the DNA Profiling Board for its consideration and decision any matter of financial importance if the Financial Adviser suggests to him in writing that such matter be placed before the DNA Profiling Board.”
DNA April 2012 Bill (Section 10): “(1) There shall be a Chief Executive Officer of the Board who shall be appointed by a selection committee consisting of the Chairperson and four other Members nominated by the Board. (2) The Chief Executive Officer shall be a person not below the rank of Joint Secretary to the Government of India or equivalent and he shall report to the Member-Secretary of the Board. (3) The Chief Executive Officer shall be a scientist with understanding of genetics and molecular biology. (4) The Chief Executive Officer appointed under subsection (1) shall exercise such powers and perform such duties, as may be specified by the regulations made by the Board, under the direction and control of the Member-Secretary”

3. Functions of the Board

Amendment: The section on the functions of the DNA Profiling Board of the 2007 Draft DNA Profiling Bill has been amended. In particular, sub-section 12(j) of the Draft 2012 Human DNA Profiling Bill states that the Board would ´authorise procedures for communication of DNA profile for civil proceedings and for crime investigation by law enforcement and other agencies´. The equivalent sub-section in the 2007 Draft DNA Bill restricted the Board´s authorisation to crime investigation by law enforcement agencies, and did not include civil proceedings and other agencies.

Analysis: This amendment raises concerns, as the ´other agencies´ and the term ´civil proceedings´ are not defined and remain vague. The broad use of the terms ´other agencies´ and ´civil proceedings´ could create a potential for abuse, as it is unclear which parties would be authorised to use DNA profiles and under what conditions, nor is it clear what ´civil proceedings´ entail.

DNA 2007 Bill (Section 13(x)): The DNA Profiling Board constituted under section 3 of this Act shall exercise and discharge the following powers and functions, namely: “authorize communication of DNA profile for crime investigation by law enforcement agencies;”

DNA April 2012 Bill (Section 12(j)): The Board shall exercise and discharge the following functions for the purposes of this Act, namely: “authorizing procedures for communication of DNA profile for civil proceedings and for crime investigation by law enforcement and other agencies;”

4. Regional DNA Data Banks

Amendment: Section 33(1) of the 2007 Draft DNA Profiling Bill has been amended and its 2012 version (section 32(1)) states that the Central Government will establish a National DNA Data Bank and ´as many Regional DNA Data Banks thereunder, for every state or group of States, as necessary´.

Analysis: This amendment enables the potential establishment of infinite regional DNA Data Banks without setting out the conditions for their function, how they would use data, how long they would retain it for or who they would share it with. The establishment of such regional data banks could potentially enable the access to, analysis, sharing and retention of huge volumes of DNA data without adequate regulatory frameworks restricting their function.

DNA 2007 Bill (Section 33(1)): “The Central Government shall, by a notification published in the Gazette of India, establish a National DNA Data Bank.”
DNA April 2012 Bill (Section 32(1)): “The Central Government shall, by notification, establish a National DNA Data Bank and as many Regional DNA Data Banks thereunder for every State or a group of States, as necessary.

5. Data sharing

Section 33(2) of the 2007 Draft DNA Profiling Bill has been amended and section 32(2) of the 2012 draft Human DNA Profiling Bill includes that every state government should establish a State DNA Data Bank which should share the information with the National DNA Data Bank.

This sharing of DNA data between state and national DNA Data Banks could potentially increase the probability of data being accessed, shared, analysed and retained by unauthorised third parties. Furthermore, specific details, such as which information should be shared, how often and under what conditions, have not been specified.

DNA 2007 Bill (Section 33(2)): “A State Government may, by notification in the Official Gazette, establish a State DNA Data Bank.”
DNA April 2012 Bill (Section 32(2)):“Every State Government may, by notification, establish a State DNA Data Bank which shall share the information with the National DNA Data Bank.”

6. Data retention

Amendment: Section 32(3) of the 2012 draft DNA Bill has been amended from its original 2007 form to include that regulations on the retention of DNA data would be drafted by the DNA Profiling Board.

Analysis: This amendment does not set out the DNA data retention period, nor who would have the authority to access such data and under what conditions. Furthermore, regulations on the retention of such data would be drafted by the DNA Profiling Board, which could increase their probability of being subject to bias and lack of transparency.

DNA 2007 Bill (Section 33(3)): “The National DNA Data Bank shall receive DNA data from State DNA Data Banks and shall store the DNA Profiles received from different laboratories in the format as may be specified by regulations.”
DNA April 2012 Bill (Section 32(3)): “The National DNA Data Bank shall receive DNA data from State DNA Data Banks and shall store the DNA profiles received from different laboratories in the format as may be specified by the regulations made by the Board.”

7. Data Bank Manager

Amendment: Section 33 has been added to the 2012 draft Human DNA Profiling Bill and establishes a DNA Data Bank Manager, who would carry out ´all operations of and concerning the National DNA Data Bank´.

Analysis: All such operations are not clearly specified and could create a potential for abuse. The DNA Data Manager would have the same type of status as the Chief Executive Officer, but he/she would be required to have an understanding of computer applications and statistics, possibly to support data mining efforts. However, the powers and duties that the DNA Data Bank Manager would be expected to have are not specified in the Bill, which merely states that they would be specified by regulations made by the DNA Profiling Board.

DNA 2012 Bill (Section 33):“(1) All operations of and concerning the National DNA Data Bank shall be carried out under the supervision of a DNA Data Bank Manager who shall be appointed by a selection committee consisting of Chairperson and four other Members nominated by the Board.(2) The DNA Data Bank Manager shall be a person not below the rank of Joint Secretary to the Government of India or equivalent and he shall report to the Member-Secretary of the Board.(3) The DNA Data Bank Manager shall be a scientist with understanding of computer applications and statistics. (4) The DNA Data Bank Manager appointed under sub-section (1) shall exercise such powers and perform such duties, as may be specified by the regulations made by the Board, under the direction and control of the Member-Secretary.”

8. Communication of DNA profiles to foreign agencies

Amendment: The 2007 Draft DNA Profiling Bill has been amended and sub-sections 35(2, 3) have been excluded from the 2012 Draft Human DNA Profiling Bill. These sub-clauses prohibited the use of DNA profiles for purposes other than the administration of the Act, as well as the communication of DNA profiles. Furthermore, sub-section 36(1) has been added to the 2012 Bill, which authorises the communication of DNA profiles to international agencies for the purposes of crime investigation.

Analysis: The exclusion of sub-sections 35(2, 3) from the 2012 Bill indicates that the use and communication of DNA profiles without prior authorisation may be legally permitted, which raises major privacy concerns. Sub-section 36(1) does not define a ´crime investigation´, which indicates that DNA profiles could be shared with international agencies for loosely defined ´criminal investigations´ or even for civil proceedings. The lack of a strict definition to the term ´crime investigation´, as well as the broad reference to foreign states and international agencies raises concerns, as it remains unclear who will have access to information, for how long, under what conditions and whether that data will be retained.

DNA 2007 Bill (Sections 35(2,3)): “(2) No person who receives the DNA profile for entry in the DNA Data Bank shall use it or allow it to be used for purposes other than for the administration of this Act. (3) No person shall, except in accordance with the provisions hereinabove, communicate or authorize communication, or allow to be communicated a DNA profile that is contained in the DNA Data Bank or information that is referred to in sub-section (1) of Section 34”
DNA April 2012 Bill (Section 36(1)): “On receipt of a DNA profile from the government of a foreign state, an international organisation established by the governments of states or an institution of any such government or international organization, the National DNA Data Bank Manager may compare the DNA profile with those in the DNA Data Bank in order to determine whether it is already contained in the Data Bank and may then communicate through Central Bureau of Investigation or any other appropriate agency of the Central Government and with the prior approval of the Central Government information referred to in subsection (1) of section 35 to that government, international organisation or institution.”

9. Data destruction

Amendment: Section 37 of the 2007 draft DNA Profiling Bill states that the DNA Data Bank Manager shall expunge the DNA analysis of a person from the DNA index once the court has certified that the conviction of a person has been set aside. The 2007 Bill had no particular reference to data retention. The equivalent clause (37) of the 2012 draft DNA Bill, however, not only states that individuals´ DNA data will be kept on a ´permanent basis´, but also that the DNA Data Bank Manager shall expunge a DNA profile under the same conditions under the 2007 Bill.

Analysis: This amendment indicates that Indians´ DNA data will be kept indefinitely and that it will be deleted only once the court has cleared an individual from conviction. This raises major concerns, as it does not clarify under what conditions individuals can have access to data during its retention, nor does it give ´non-convicts´ the opportunity to have their data deleted from the data bank.

DNA 2007 Bill (Section 37): “The Data Bank Manager shall, on receiving a certified copy of the order of the court that has become final establishing that the conviction of a person included in the DNA data bank has been set aside, expunge forthwith the DNA analysis of such person from the DNA index. Explanation:- For the purposes of this section, a court order is not ‘final’ till the expiry of the period of limitation for filing an appeal, or revision application, or review if permissible under the law, with respect to the order setting aside the conviction.”
DNA April 2012 Bill (Section 37):“(1) Subject to sub-sections (2) and (3), the information in the offenders’ index pertaining to a convict shall be kept on a permanent basis. (2) The DNA Data Bank Manager shall, on receiving a certified copy of the order of the court that has become final establishing that the person in respect of whom the information is included in the offenders’ index has been acquitted of the charge against him, expunge forthwith the DNA profile of such person from the offenders’ index, under intimation to the individual concerned, in such manner as may be prescribed. (3) The DNA Data Bank Manager shall, on receiving a certified copy of the order of the court that has become final establishing that the conviction of a person in respect of whom the information is included in the offenders’ index has been set aside, expunge forthwith the DNA profile of such person from the offenders’ index, under intimation to the individual concerned, in such manner as may be prescribed.”

10. Use of DNA profiles and DNA samples and records

Amendment: Section 39 of the 2007 draft DNA Profiling Bill has been amended and the equivalent section of the 2012 DNA Bill (section 39) states that DNA profiles, samples and records can be used for purposes related to ´other civil matters´ and ´other purposes´, as specified by the regulations made by the DNA Profiling Board.

Analysis: The vague use of the terms ´other civil matters´ and ´other purposes´ can create a potential for abuse, especially since the Board will not be comprised by an adequate amount of members with legal expertise on civil matters. This section enables the use of DNA data for potentially any purpose, as long as it is enabled by the Board. Furthermore, the section does not specify who can be authorised to use DNA data under such conditions, which raises further concerns.

DNA 2007 Bill (Section 39): “(1)All DNA profiles, samples and records shall solely be used for the purpose of facilitating identification of the perpetrator(s) of a specified offence: Provided that such records or samples may be used to identify victims of accidents, disasters or missing persons or for such other purposes. (2) Information stored on the DNA data base system may be accessed by the authorized persons for the purposes of: (i) forensic comparison permitted under this Act; (ii) administering the DNA data base system; (iii) accessing any information contained in the DNA database system by law enforcement officers or any other persons, as may be prescribed, in accordance with provisions of any law for the time being in force; (iv) inquest or inquiry; (v) any other purpose as may be prescribed: Provided that nothing contained in this section shall apply to information which may be used to determine the identity of any person.”
DNA April 2012 Bill (Section 39): “All DNA profiles and DNA samples and records thereof shall be used solely for the purpose of facilitating identification of the perpetrator of a specified offence under Part I of the Schedule: Provided that such profiles or samples may be used to identify victims of accidents or disasters or missing persons or for purposes related to civil disputes and other civil matters listed in Part I of the Schedule or for other purposes as may be specified by the regulations made by the Board.”

11. Availability of DNA profiles and DNA samples

Amendment: Section 40 of the 2007 draft DNA Bill has been amended and an extra paragraph has been included to the equivalent 2012 Bill. In particular, section 40 enables the availability of DNA profiles and samples in criminal cases, judicial proceedings and for defence purposes among others.

Analysis: ´Criminal cases´ are loosely defined and could enable the availability of DNA data on low profile cases.

DNA 2007 Bill (Section 40):“The information on DNA profiles, samples and DNA identification records shall be made available only : (i) to law enforcement agencies for identification purposes in a criminal case; (ii) in judicial proceedings, in accordance with the rules of admissibility of evidence; (iii) for facilitating decisions in cases of criminal prosecution; (iv) for defense purposes, to a victim or the accused to the extent relevant and in connection with the case in which such accused is charged; (v) for population statistics data base, identification, research and protocol development, or for quality control provided that it does not contain any personally identifiable information and does not violate ethical norms, as specified by rules. (vi) for any other purposes as specified by rules.”
DNA April 2012 Bill (Section 40):“Information relating to DNA profiles, DNA samples and records relating thereto shall be made available in the following instances, namely:- (a) for identification purposes in criminal cases, to law enforcement agencies; (b) in judicial proceedings, in accordance with the rules of admissibility of evidence; (c) for facilitating decisions in cases of criminal prosecution; (d) for defence purposes, to the accused to the extent relevant and in connection with the case in which such accused is charged; (e) for creation and maintenance of a population statistics database that is to be used, as prescribed, for the purposes of identification research, protocol development or quality control provided that it does not contain any personally identifiable information and does not violate ethical norms; or (f) in the case of investigations related to civil dispute and other civil matter listed in Part I of the Schedule, to the concerned parties to the said civil dispute or civil matter and to the concerned judicial officer or authority; or (g) for any other purposes, as may be prescribed.”

12. Restriction on access to information in DNA Data Banks

Amendment: Section 43 has been added to the 2012 draft Human DNA Profiling Bill which states that access to information shall be restricted in cases when a DNA profile derives from a victim or a person who has been excluded as a suspect.

Analysis: This section implies that everyone who does not belong in these two categories has his/her data exposed to (unauthorised) access by third parties.

DNA April 2012 Bill (Section 43): “Access to the information in the National DNA Data Bank shall be restricted in the manner as may be prescribed if the information relates to a DNA profile derived from- (a) a victim of an offence which forms or formed the object of the relevant investigation, or (b) a person who has been excluded as a suspect in the relevant investigation.”

13. Board exemption from tax on wealth and income, profits and gains

Amendment: Section 53 of the 2007 draft DNA Bill on “Returns and Reports” on behalf of the Board has been deleted and section 62 on the Board exemption from tax on wealth and income, profits and gains, has been added to the 2012 DNA Bill.

Analysis: Although the 2007 DNA Bill stated that the Central Government was authorised to issue directions, this has been replaced by section 64 of the 2012 DNA Bill, which authorises the DNA Profiling Board to issue directions.

DNA 2007 Bill (Section 53):“(1) The DNA Profiling Board shall furnish to the Central Government at such time and in such form and manner as may be specified by rules or as the Central Government may direct, such returns and statements as the Central Government may, from time to time, require. (2) Without prejudice to the provisions of sub-section (1), the DNA Profiling Board shall, within ninety days after the end of each financial year, submit to the Central Government a report in such form, as may be prescribed, giving a true and full account of its activities, policy and programmes during the previous financial year. (3) A copy of the report received under sub-section (2) shall be laid, as soon may be after it is received, before each House of Parliament.”
DNA April 2012 Bill (Section 62): “Notwithstanding anything contained in- (a) the Wealth-tax Act, 1957; (b) the Income-tax Act, 1961; or (c) any other enactment for the time being in force relating to tax, including tax on wealth, income, profits or gains or the provision of services,- the Board shall not be liable to pay wealth-tax, income-tax or any other tax in respect of its wealth, income, profits or gains derived.”

For more details visit http://editors.cis-india.org/internet-governance/blog/comparison-of-draft-dna-profiling-bills

Summary of the CIS workshop on the Draft Human DNA Profiling Bill 2012

maria — 2013-07-12T15:33:25Z

On March 1st, 2013, the Centre for Internet and Society organized a workshop which analysed the April 2012 draft Human DNA Profiling Bill and its potential implications on human rights in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Think you control who has access to your DNA data? That might just be a myth of the past. Today, clearly things have changed, as draft Bills with the objective of creating state, regional, and national DNA databases in India have been leaked over the last years. Plans of profiling certain residents in India are being unravelled as, apparently, the new policy when collecting, handling, analysing, sharing and storing DNA data is that all personal information is welcome; the more, the merrier!

Who is behind all of this? The Centre for DNA Fingerprinting and Diagnostics in India created the 2007 draft DNA Profiling Bill[1], with the aim of regulating the use of DNA for forensic and other purposes. In February 2012 another draft of the Bill was leaked which was created by the Department of Biotechnology. The most recent version of the Bill was drafted in April 2012 and seeks to create DNA databases at the state, regional and national level in India[2]. According to the latest 2012 draft Human DNA Profiling Bill, each DNA database will contain profiles of victims, offenders, suspects, missing persons and volunteers for the purpose of identification in criminal and civil proceedings. The Bill also establishes a process for certifying DNA laboratories, and a DNA Profiling Board for overseeing the carrying out of the Act.

However, the 2012 draft Human DNA Profiling Bill lacks adequate safeguards and its various loopholes and overreaching provisions could create a potential for abuse. The creation of DNA databases is currently unregulated in India and although regulations should be enacted to prevent data breaches, the current Bill raises major concerns in regards to the collection, use, analysis and retention of DNA samples, DNA data and DNA profiles. In other words, the proposed DNA databases would not only be restricted to criminals…

DNA databases...and Justice for All?

Source: Libertas Academica on flickr

During the workshop [3]on the 2012 draft Human DNA Profiling Bill, DNA[4] was defined as a material that determines a persons´ hereditary traits, whilst DNA profiling[5] was defined as the processing and analysis of unique sequences of parts of DNA. Thus the uniqueness of DNA data is clear and the implications that could potentially occur through its profiling could be tremendous. The 2007 DNA Profiling Bill has been amended, yet its current 2012 version appears not only to be more intrusive, but to also be extremely vague in terms of protecting data, whilst very deterministic in regards to the DNA Profiling Board´s power. A central question in the meeting was:

Should DNA databases be created at all?

The following concerns were raised and discussed during the workshop:

● The myth of the infallibility of DNA evidence

The Innocence Project[6], which was presented at the workshop, appears to provide an appeal towards the storage of DNA samples and profiles, as it represents clients seeking post-conviction DNA testing to prove their innocence. According to statistics presented at the workshop, there have been 303 post-conviction exonerations in the United States, as a result of individuals proving their innocence through DNA testing. Though post-conviction exonerations can be useful, they cannot be the basis and main justification for creating DNA databases. Although DNA testing could enable post-conviction exonerations, errors in matching data remain a high probability and could result in innocent people being accused, arrested and prosecuted for crimes they did not commit. Thus, arguments towards the necessity and utility of the creation of DNA databases in India appear to be weak, especially since DNA evidence is not infallible[7].

False matches can occur based on the type of profiling system used, and errors can take place in the chain of custody of the DNA sample, all of which indicate the weakness of DNA evidence being used. DNA data only provides probabilities of potential matches between DNA profiles and the larger the amount of DNA data collected, the larger the probability of an error in matching profiles[8].

● The non-criteria of DNA data collection

How and when can DNA data be collected? The amended draft 2012 Bill remains extremely vague and broad. In particular, the Bill states that all offences under the Indian Penal Code and other laws, such as the Immoral Traffic (Prevention) Act, 1956, are applicable instances of human DNA profiling. Section B(viii) of the Schedule states that human DNA profiling will be applicable for offences under ´any other law as may be specified by the regulations made by the Board´. This incredibly vague section empowers the DNA Profiling Board with the ultimate power to decide upon the offences under which DNA data will be collected. The issue is this: most laws have loopholes. A Bill which lists applicable instances of human DNA profiling, under the umbrella of a potentially indefinite number of laws, exposes individuals to the collection of their DNA data, which could lead to potential abuse.

● The DNA Profiling Board´s power

The DNA Profiling Board has ´absolute´ power, especially according to the 2012 draft Human DNA Profiling Bill. Some of the Board´s functions include providing recommendations for provision of privacy protection laws, regulations and practices relating to access to, or use of, stored DNA samples or DNA analyses[9]. The Board is also required to advise on all ethical and human rights issues, as well as to take ´necessary steps´ to protect privacy. However, it remains unclear how a Board which lacks human rights expertise will carry out such tasks.

No human rights experts

Despite the various amendments[10] to the section on the composition of the Board, no privacy or human rights experts have been included. According to the Bill, the Board will be comprised of many molecular biologists and other scientists, while human rights experts have not been included to the list. This can potentially be problematic as a lack of expertise on privacy and human rights laws can lead to the regulation of DNA databases without taking civil liberties into consideration.

Vague authorisation for communication of DNA profiles

The Bill also empowers the Board to ´authorise procedures for communication of DNA profiles for civil proceedings and for crime investigation by law enforcement and other agencies´[11]. Although the 2007 Bill [12]restricted the Boards´ authorisation to crime investigation by law enforcement agencies, its 2012 amendment extends such authorisation to ´civil proceedings´ which can also be carried out by so-called ´other agencies´.[13] This amendment raises concerns, as the ´other agencies´ and the term ´civil proceedings´ remain vague.

Protecting the public

The Board is also authorised to ´assist law enforcement agencies in using DNA techniques to protect the public´[14]. Over the last years, laws are being enacted that enable law enforcement agencies to use technologies for surveillance purposes in the name of ´public security´, and the 2012 draft Bill is no exception. Many security measures have been applied to ´protect the public´, such as CCTV cameras and other technologies, but their actual contribution to public safety still remains a controversial debate[15]. DNA techniques which would effectively protect the public have not been adequately proven, thus it remains unclear how the Board would assist law enforcement agencies.

Sharing data with international agencies…and regulating DNA laboratories

In addition to the above, the Board would also encourage cooperation between Indian investigation agencies and international agencies[16]. This would potentially enable the sharing of DNA data between third parties and would enhance the probability of data being leaked to unauthorised third parties.

The Board would also be authorised to regulate the standards, quality control and quality assurance obligations of the DNA laboratories[17]. The draft 2012 Bill ultimately gives monopolistic control to the DNA Profiling Board over all the procedures related to the handling of DNA data!

● The DNA Data Bank Manager

According to the 2012 draft Human DNA Profiling Bill[18], it is the DNA Data Bank Manager who would carry out ´all operations of and concerning the National DNA Data Bank´. All such operations are not clearly specified. The powers and duties that the DNA Data Bank Manager would be expected to have are not specified in the Bill, which merely states that they would be specified by regulations made by the DNA Profiling Board.

The Bill also empowers the Manager to determine appropriate instances for the communication of information[19]. In other words, law enforcement agencies and DNA laboratories can request the disclosure of information from the DNA Data Bank Manager, without prior authorisation. The DNA Data Bank Manager is empowered to decide the requested data.

DNA access restrictions

Are you a victim or a cleared suspect? You better be, if you want access to your data to be restricted! The 2012 draft Human DNA Profiling Bill [20]states that access to information will be restricted in cases when a DNA profile derives from a victim or a person who has been excluded as a suspect. The Bill is unclear as to how access to the data of non-victims or suspects is regulated.

● Availability of DNA profiles and DNA samples

According to the amended draft 2012 Bill[21], DNA profiles and samples can be made available in criminal cases, judicial proceedings and for defence purposes among others. However, ´criminal cases´ are loosely defined and could enable the availability of DNA data in low profile cases. Furthermore, the availability of DNA data is also enabled for the ´creation and maintenance of a population statistics database´. This is controversial because it remains unclear how such a database would be used.

● Data destruction

According to an amendment to section 37, DNA data will be kept on a ´permanent basis´ and the DNA Data Bank Manager will expunge a DNA profile only once the court has certified that an individual is no longer a suspect. This raises major concerns, as it does not clarify under what conditions individuals can have access to their data during its retention, nor does it give volunteers and missing persons the opportunity to have their data deleted from the data bank.

Workshop conclusions

Source: micahb37 on flickr

The various loopholes in the Bill which can create a potential for abuse were discussed throughout the workshop, as well as various issues revolving around DNA data retention, as previously mentioned.

During the workshop, some participants questioned the creation of DNA databases to begin with, while others argued that they are inevitable and that it is not a question of whether they should exist, but rather a question of how they should be regulated. All participants agreed upon the need for further safeguards to protect individuals´ right to privacy and other human rights. Further research on the necessity and utility of the creation of DNA databases in regards to human rights was recommended. In addition to all the above, the Ministry of Law and Justice was recommended to pilot the draft DNA Profiling Bill to ensure better provisions in regards to privacy and data protection.

A debate on the use of DNA data in civil cases versus criminal cases was largely discussed in the workshop, with concerns raised in regards to DNA sampling being enabled in civil cases. The fact that the terms ´civil cases´ and ´criminal cases´ remain broad, vague and not legally-specified, raised huge concerns in the workshop as this could enable the misuse of DNA data by authorities. Thus, the members attending the workshop recommended the creation of two separate Bills regulating the use of DNA data: a DNA Profiling Bill for Criminal Investigation and a DNA Profiling Bill for Research. The creation of such Bills would restrict the access to, collection, analysis, sharing of and retention of DNA data to strictly criminal investigation and research purposes.

However, even if separate Bills were created, who is to say that when implemented DNA in the database would not be abused? Criminal investigations can be loosely defined and research purposes can potentially cover anything and everything. So the question remains:

Should DNA databases be created at all?

[1] Draft DNA Profiling Bill 2007, http://dbtindia.nic.in/DNA_Bill.pdf

[2] Human DNA Profiling Bill 2012: Working draft versión – 29th April 2012,

[3] Centre for Internet and Society, Analyzing the Draft Human DNA Profiling Bill 2012, 25 February 2013, http://cis-india.org/internet-governance/events/analyzing-draft-human-dna-profiling-bill

[4] Genetics Home Reference: Your Guide to Understanding Genetic Conditions, What is DNA?, http://ghr.nlm.nih.gov/handbook/basics/dna

[5] Shanna Freeman, How DNA profiling Works, http://science.howstuffworks.com/dna-profiling.htm

[6] Innocence Project, DNA exoneree case profiles, http://www.innocenceproject.org/know/

[7] Australian Law Reform Commission (ALRC), Essentially Yours: The Protection of Human Genetic Information in Australia (ALRC Report 96), ´Criminal Proceedings: Reliability of DNA evidence´, Chapter 44, http://www.alrc.gov.au/publications/44-criminal-proceedings/reliability-dna-evidence

[8] Ibid.

[9] Human DNA Profiling Bill 2012: Working draft version – 29th April 2012, Section 12(o, p, t), http://cis-india.org/internet-governance/blog/draft-dna-profiling-bill-2012.pdf

[10] Ibid: Section 4(q)

[11] Ibid: Section 12(j)

[12] Draft DNA Profiling Bill 2007, Section 13, http://dbtindia.nic.in/DNA_Bill.pdf

[13] : Human DNA Profiling Bill 2012: Working draft version – 29^th April 2012, Sections 12(j), http://cis-india.org/internet-governance/blog/draft-dna-profiling-bill-2012.pdf

[14] Ibid: Section 12(l)

[15] Schneier, B.(2008), Schneier on Security, ´CCTV cameras´, http://www.schneier.com/blog/archives/2008/06/cctv_cameras.html

[16] Human DNA Profiling Bill 2012: Working draft version – 29^th April 2012, Sections 12(u) and 12(v), http://cis-india.org/internet-governance/blog/draft-dna-profiling-bill-2012.pdf

[17] Ibid: Section on the ´Standards, Quality Control and Quality Assurance Obligations of DNA Laboratories´

[18] Ibid: Section 33

[19] Ibid: Section 35

[20] Ibid: Section 43

[21] Ibid: Section 40

For more details visit http://editors.cis-india.org/internet-governance/blog/summary-of-cis-workshop-on-dna-profiling-bill-2012

BigDog is Watching You! The Sci-fi Future of Animal and Insect Drones

maria — 2013-07-12T15:38:33Z

Do you think robotic aeroplanes monitoring us are scary enough? Wait until you read about DARPA´s new innovative and subtle way to keep us all under the microscope! This blog post presents a new reality of drones which is depicted in none other than animal and insect-like robots, equipped with cameras and other surveillance technologies.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Just when we thought we had seen it all, the US Defence Advanced Research Projects Agency (DARPA) funded another controversial surveillance project which makes even the most bizarre sci-fi movie seem like a pleasant fairy-tale in comparison to what we are facing: animal and insect drones.

Up until recently, unmanned aerial vehicles (UAVs), otherwise called drones, depicted the scary reality of surveillance, as robotic pilot-less planes have been swarming the skies, while monitoring large amounts of data without people´s knowledge or consent. Today, DARPA has come up with more subtle forms of surveillance: animal and insect drones. Clearly animal and insect-like drones have a much better camouflage than aeroplanes, especially since they are able to go to places and obtain data that mainstream UAVs can not.

India´s ´DARPA´, the Defence Research and Development Organisation (DRDO), has been creating UAVs over the last ten years, while the Indian Army first acquired UAVs from Israel in the late 1990s. Yet the use of all UAVs in India is still poorly regulated! Drones in the U.S. are regulated by the Federal Aviation Administration (FAA), whilst the European Aviation Safety Agency (EASA) regulates drones in the European Union. In India, the Ministry of Civil Aviation regulates drones, whilst the government is moving ahead with plans to replace the Directorate General of Civil Aviation (DGCA) with a Civil Aviation Authority. However, current Indian aviation laws are vague in regards to data acquired, shared and retained, thus not only posing a threat to individual´s right to privacy and other human rights, but also enabling the creation of a secret surveillance state.

The DRDO appears to be following DARPA´s footsteps in terms of surveillance technologies and the questions which arise are: will animal and insect drones be employed in India in the future? If so, how will they be regulated?

BigDog/LS3

Apparently having UAVs flying above us and monitoring territories and populations without our knowledge or consent was not enough. DARPA is currently funding the BigDog project, which is none other than a drone dog, a four-legged robot equipped with a camera and capable of surveillance in disguise. DARPA and Boston Dynamics are working on the latest version of BigDog, called the Legged Squad Support System (LS3), which can carry 400 pounds of gear for more than 20 miles without refuelling. Not only can the LS3 walk and run on all types of surfaces, including ice and snow, but it also has ´vision sensors´ which enable it to autonomously maneuver around obstacles and follow soldiers in the battle field. The LS3 is expected to respond to soldiers' voice commands, such as 'come', 'stop' and 'sit', as well as serve as a battery charger for electronic devices.

BigDog/LS3 is undoubtedly an impressive technological advancement in terms of aiding squads with surveillance, strategic management and a mobile auxiliary power source, as well as by carrying gear. Over the last century most technological developments have manifested through the military and have later been integrated in societies. Many questions arise around the BigDog/LS3 and its potential future use by governments for non-military purposes. Although UAVs were initially used for strictly military purposes, they are currently also being used by governments on an international level for civil purposes, such as to monitor climate change and extinct animals, as well as to surveille populations. Is it a matter of time before BigDog is used by governments for ´civil purposes´ too? Will robotic dogs swarm cities in the future to provide ´security´?

Like any other surveillance technology, the LS3 should be legally regulated and current lack of regulation could create a potential for abuse. Is authorisation required to use a LS3? If so, who has the legal right to authorise its use? Under what conditions can authorisation be granted and for how long? What kind of data can legally be obtained and under what conditions? Who has the legal authority to access such data? Can data be retained and if so, for how long and under what conditions? Do individuals have the right to be informed about the data withheld about them? Just because it´s a ´dog´ should not imply its non-regulation. This four-legged robot has extremely intrusive surveillance capabilities which may breach the right to privacy and other human rights when left unregulated.

Humming Bird Drone


Source: HighTech Edge

TIME magazine recognised DARPA for its Hummingbird nano air vehicle (NAV) and named the drone bird one of the 50 best inventions of 2011. True, it is rather impressive to create a robot which looks like a bird, behaves like a bird, but serves as a secret spy.

During the presentation of the humming bird drone, Regina Dugan, former Director of DARPA, stated:

"Since we took to the sky, we have wanted to fly faster and farther. And to do so, we've had to believe in impossible things and we've had to refuse to fear failure."

Although believing in 'impossible things' is usually a prerequisite to innovation, the potential implications on human rights of every innovation and their probability of occurring should be examined. Given the fact that drones already exist and that they are used for both military and non-military purposes, the probability is that the hummingbird drone will be used for civil purposes in the future. The value of data in contemporary information societies, as well as government's obsession with surveillance for ´national security´ purposes back up the probability that drone birds will not be restricted to battlefields.

So should innovation be encouraged for innovation’s sake, regardless of potential infringement of human rights? This question could open up a never-ending debate with supporters arguing that it´s not technology itself which is harmful, but its use or misuse. However the current reality of drones is this: UAVs and NAVs are poorly regulated (if regulated at all in many countries) and their potential for abuse is enormous, given that ´what happens to our data happens to ourselves....who controls our data controls our lives.´ If UAVs are used to surveille populations, why would drone birds not be used for the same purpose? In fact, they have an awesome camouflage and are potentially capable of acquiring much more data than any UAV! Given the surveillance benefits, governments would appear irrational not to use them.

MeshWorms and Remote-Controlled Insects


Source: NY Daily News

Think insects are creepy? Now we can have a real reason to be afraid of them. Clearly robotic planes, dogs and birds are not enough.

DARPA´s MeshWorm project entails the creation of earthworm-like robots that crawl along surfaces by contracting segments of their bodies. The MeshWorm can squeeze through tight spaces and mold its shape to rough terrain, as well as absorb heavy blows. This robotic worm will be used for military purposes, while future use for ´civil purposes´ remains a probability.

Robots, however, are not only the case. Actual insects are being wirelessly controlled, such as beetles with implanted electrodes and a radio receiver on their back. The giant flower beetle´s size enables it to carry a small camera and a heat sensor, which constitutes it as a reliable mean for surveillance.

Other drone insects look and fly like ladybugs and dragonflies. Researchers at the Wright State University in Dayton, Ohio, have been working on a butterfly drone since 2008. Former software engineer Alan Lovejoy has argued that the US is developing mosquito drones. Such a device could potentially be equipped with a camera and a microphone, it could use its needle to abstract a DNA sample with the pain of a mosquito bite and it could also inject a micro RFID tracking device under peoples´ skin. All such micro-drones could potentially be used for both military and civil purposes and could violate individuals´ right to privacy and other civil liberties.

Security vs. Privacy: The wrong debate

09/11 was not only a pioneering date for the U.S., but also for India and most countries in the world. The War on Terror unleashed a global wave of surveillance to supposedly enable the detection and prevention of crime and terrorism. Governments on an international level have been arguing over the last decade that the use of surveillance technologies is a prerequisite to safety. However, security expert, Bruce Schneier, argues that the trade-off of privacy for security is a false dichotomy.

Everyone can potentially be a suspect within a surveillance state. Analyses of Big Data can not only profile individuals and populations, but also identify ‘branches of communication’ around every individual. In short, if you know someone who may be considered a suspect by intelligence agencies, you may also be a suspect. The mainstream argument “I have nothing to hide, I am not a terrorist’ is none other than a psychological coping mechanism when dealing with surveillance. The reality of security indicates that when an individual’s data is being intercepted, the probability is that those who control that data can also control that individual’s life. Schneier has argued that privacy and security are not on the opposite side of a seesaw, but on the contrary, the one is a prerequisite of the other. Governments should not expect us to give up our privacy in exchange for security, as loss of privacy indicates loss of individuality and essentially, loss of freedom. We can not be safe when we trade-off our personal data, because privacy is what protects us from abuse from those in power. Thus the entire War on Terror appears to waged through a type of phishing, as the promise of ´security´ may be bait to acquire our personal data.

Since the 2008 Mumbai terrorist attacks, India has had more reasons to produce, buy and use surveillance technologies, including drones. Last New Year´s Eve, the Mumbai police used UAVs to monitor hotspots, supposedly to help track down revellers who sexually harass women. The Chennai police recently procured three UAVs from Anna University to assist them in keeping an eye on the city´s vehicle flow. Raj Thackeray´s rally marked the biggest surveillance exercise ever launched for a single event, which included UAVs. The Chandigarh police are the first Indian police force to use the ´Golden Hawk´ - a UAV which will keep a ´bird´s eye on criminal activities´. This new type of drone was manufactured by the Aeronautical Development Establishment (one of DRDO's premier laboratories based in Bangalore) and as of 2011 is being used by Indian law enforcement agencies.

Although there is no evidence that India currently has any animal or insect drones, it could be a probability in the forthcoming years. Since India is currently using many UAVs either way, why would animal and/or insect drones be excluded? What would prevent India from potentially using such drones in the future for ´civil purposes´? More importantly, how are ´civil purposes´ defined? Who defines ´civil purposes´and under what criteria? Would the term change and if so, under what circumstances? The term ´civil purposes´ varies from country to country and is defined by many political, social, economic and cultural factors, thus potentially enabling extensive surveillance and abuse of human rights.

Drones can potentially be as intrusive as other communications surveillance technologies, depending on the type of technology they´re equipped with, their location and the purpose of their use. As they can potentially violate individuals´ right to privacy, freedom of expression, freedom of movement and many other human rights, they should be strictly regulated. In Europe UAVs are regulated based upon their weight, as unmanned aircraft with an operating mass of less than 150kg are exempt by the EASA Regulation and its Implementation Rules. This should not be the case in India, as drones lighter than 150kg can potentially be more intrusive than other heavier drones, especially in the case of bird and insect drones.

Laws which explicitly regulate the use of all types of drones (UAVs, NAVs and micro-drones) and which legally define the term ´civil purposes´ in regards to human rights should be enacted in India. Some thoughts on the authorisation of drones include the following: A Special Committee on the Use of All Drones (SCUAD) could be established, which would be comprised of members of the jury, as well as by other legal and security experts of India. Such a committee would be the sole legal entity responsible for issuing authorisation for the use of drones, and every authorisation would have to comply with the constitutional and statutory provisions of human rights. Another committee, the Supervisory Committee on the Authorisation of the Use of Drones (lets call this ´SCAUD´), could also be established, which would also be comprised by (other) members of the jury, as well as by (other) legal and security experts of India. This second committee would supervise the first and it would ensure that SCUAD provides authorisations in compliance with the laws, once the necessity and utility of the use of drones has been adequately proven.

It´s not about ´privacy vs. security´. Nor is it about ´privacy or security´. In every democratic state, it should be about ´privacy and security´, since the one cannot exist without the other. Although the creation of animal and insect drones is undoubtedly technologically impressive, do we really want to live in a world where even animal-like robots can be used to spy on us? Should we be spied on at all? How much privacy do we give up and how much security do we gain in return through drones? If drones provided the ´promised security´, then India and all other countries equipped with these technologies should be extremely safe and crime-free; however, that is not the case.

In order to ensure that the use of drones does not infringe upon the right to privacy and other human rights, strict regulations are a minimal prerequisite. As long as people do not require that the use of these spying technologies are strictly regulated, very little can be done to prevent a scary sci-fi future. That´s why this blog has been written.

For more details visit http://editors.cis-india.org/internet-governance/blog/big-dog-is-watching-you

CMS chart

maria — 2014-02-22T13:47:30Z

For more details visit http://editors.cis-india.org/chart_11.png