The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 1 to 15.
The Geopolitics of Cyberspace: A Compendium of CIS Research
http://editors.cis-india.org/internet-governance/blog/arindrajit-basu-september-24-2021-the-geopolitics-of-cyberspace-compendium-of-cis-research
<b>Cyberspace is undoubtedly shaping and disrupting commerce, defence and human relationships all over the world. Opportunities such as improved access to knowledge, connectivity, and innovative business models have been equally met with nefarious risks including cyber-attacks, disinformation campaigns, government driven digital repression, and rabid profit-making by ‘Big Tech.’ Governments have scrambled to create and update global rules that can regulate the fair and equitable uses of technology while preserving their own strategic interests.</b>
<p style="text-align: justify;">With a rapidly digitizing economy and clear interests in shaping global rules that favour its strategic interests, India stands at a crucial juncture on various facets of this debate. How India governs and harnesses technology, coupled with how India translates these values and negotiates its interests globally, will surely have an impact on how similarly placed emerging economies devise their own strategies. The challenge here is to ensure that domestic technology governance as well as global engagements genuinely uphold and further India’s democratic fibre and constitutional vision.</p>
<p style="text-align: justify;">Since 2018, researchers at the Centre for Internet and Society have produced a body of research including academic writing, at the intersection of geopolitics and technology covering global governance regimes on trade and cybersecurity, including their attendant international law concerns, the digital factor in bilateral relationships (with a focus on the Indo-US and Sino-Indian relationships). We have paid close focus to the role of emerging technologies in this debate, including AI and 5G as well as how private actors in the technology domain, operating across national jurisdictions, are challenging and upending traditionally accepted norms of international law, global governance, and geopolitics.</p>
<p style="text-align: justify;">The global fissures in this space matter fundamentally for individuals who increasingly use digital spaces to carry out day to day activities: from being unwitting victims of state surveillance to harnessing social media for causes of empowerment to falling prey to state-sponsored cyber attacks, the rules of cyber governance, and its underlying politics. Yet, the rules are set by a limited set of public officials and technology lawyers within restricted corridors of power. Better global governance needs more to be participatory and accessible. CIS’s research and writing has been cognizant of this, and attempted to merge questions of global governance with constitutional and technical questions that put individuals and communities centre-stage.</p>
<p>Research and writing produced by CIS researchers and external collaborators from 2018 onward is detailed in the appended compendium.</p>
<h2>Compendium</h2>
<h3>Global cybersecurity governance and cyber norms</h3>
<p style="text-align: justify;"><em>Two decades since a treaty governing state behaviour in cyberspace was mooted by Russia, global governance processes have meandered along. The security debate has often been polarised along “Cold War” lines but the recent amplification of cyberspace governance as developmental, social and economic has seen several new vectors added to this debate. This past year two parallel processes at the United Nations General Assembly’s First Committee on Disarmament and International Security-United Nations Group of Governmental Experts (UN-GGE) and the United Nations Open Ended Working Group managed to produce consensus reports but several questions on international law, norms and geopolitical co-operation remain. India has been a participant at these crucial governance debates. Both the substance of the contribution, along with its implications remain a key focus area for our research.</em></p>
<p style="text-align: justify;"><em>Edited Volumes</em></p>
<ul>
<li>Karthik Nachiappan and Arindrajit Basu <a href="https://www.india-seminar.com/2020/731.htm">India and Digital World-Making</a>, <em>Seminar </em>731, 1 July 2020 <em>(featuring contributions from Manoj Kewalramani, Gunjan Chawla, Torsha Sarkar, Trisha Ray, Sameer Patil, Arun Vishwanathan, Vidushi Marda, Divij Joshi, Asoke Mukerji, Pallavi Raghavan, Karishma Mehrotra, Malavika Raghavan, Constantino Xavier, Rajen Harshe' and Suman Bery</em>)</li></ul>
<p><em><br />Long-Form Articles</em></p>
<ol>
<li>Arindrajit Basu and Elonnai Hickok, <a href="https://cis-india.org/internet-governance/blog/arindrajit-basu-and-elonnai-hickok-november-30-2018-cyberspace-and-external-affairs"><em>Cyberspace and External Affairs: A Memorandum for India</em></a> (Memorandum, Centre for Internet and Society, 30 Nov 2018) </li>
<li><a href="https://cis-india.org/internet-governance/blog/the-potential-for-the-normative-regulation-of-cyberspace-implications-for-india"><em>The Potential for the Normative Regulation of Cyberspace</em></a><em> </em>(White Paper, Centre for Internet and Society, 30 July 2018) </li>
<li>Arindrajit Basu and Elonnai Hickok <a href="https://cis-india.org/internet-governance/blog/conceptualizing-an-international-security-regime-for-cyberspace"><em>Conceptualizing an International Security Architecture for cyberspace</em></a><em> </em>(Briefings of the Global Commission on the Stability of Cyberspace, Bratislava, Slovakia, May 2018)</li>
<li>Sunil Abraham, Mukta Batra, Geetha Hariharan, Swaraj Barooah, and Akriti Bopanna,<a href="https://cis-india.org/internet-governance/files/indias-contribution-to-internet-governance-debates"> India's contribution to internet governance debates</a> (NLUD Student Law Journal, 2018)</li></ol>
<p><em><br />Blog Posts and Op-eds</em></p>
<ul>
<li>Arindrajit Basu, Irene Poetranto, and Justin Lau, <a href="https://carnegieendowment.org/2021/05/19/un-struggles-to-make-progress-on-securing-cyberspace-pub-84491">The UN struggles to make progress in cyberspace</a><em>, Carnegie Endowment for International Peace</em>, May 19th, 2021</li>
<li>Andre’ Barrinha and Arindrajit Basu, <a href="https://directionsblog.eu/could-cyber-diplomacy-learn-from-outer-space/">Could cyber diplomacy learn from outer space</a>, <em>EU Cyber Direct</em>, 20th April 2021</li>
<li>Arindrajit Basu and Pranesh Prakash<strong>, </strong><a href="https://www.thehindu.com/opinion/lead/patching-the-gaps-in-indias-cybersecurity/article34000336.ece">Patching the gaps in India’s cybersecurity</a>, <em>The Hindu, </em>6th March 2021</li>
<li>Arindrajit Basu and Karthik Nachiappan, <a href="https://www.leidensecurityandglobalaffairs.nl/articles/will-india-negotiate-in-cyberspace">Will India negotiate in cyberspace?</a>, Leiden Security and Global Affairs blog,December 16, 2020</li>
<li>Elizabeth Dominic, <a href="https://cis-india.org/internet-governance/blog/the-debate-over-internet-governance-and-cyber-crimes-west-vs-the-rest">The debate over internet governance and cybercrimes: West vs the rest?</a>,<em> Centre for Internet and Society, </em>June 08, 2020</li>
<li>Arindrajit Basu, <a href="https://www.lawfareblog.com/indias-role-global-cyber-policy-formulation"><em>India’s role in Global Cyber Policy Formulation</em></a><em>, Lawfare, Nov 7, 2019</em></li>
<li>Pukhraj Singh, <a href="https://cis-india.org/internet-governance/blog/guest-post-before-cyber-norms-let2019s-talk-about-disanalogy-and-disintermediation">Before cyber norms,let's talk about disanalogy and disintermediation</a>, <em>Centre for Internet and Society, </em>Nov 15th, 2019</li>
<li>Arindrajit Basu and Karan Saini, <a href="https://mwi.usma.edu/setting-international-norms-cyber-conflict-hard-doesnt-mean-stop-trying/">Setting International Norms of Cyber Conflict is Hard, But that Doesn’t Mean that We Should Stop Trying</a><em>, Modern War Institute, </em>30th Sept, 2019</li>
<li>Arindrajit Basu, <a href="https://www.orfonline.org/expert-speak/politics-by-other-means-fostering-positive-contestation-and-charting-red-lines-through-global-governance-in-cyberspace-56811/"><em>Politics by other means: Fostering positive contestation and charting red lines through global governance in cyberspace</em></a><em> (Digital Debates, </em>Volume 6, 2019<em>)</em></li>
<li>Arindrajit Basu<em>, </em><a href="https://thewire.in/trade/will-the-wto-finally-tackle-the-trump-card-of-national-security">Will the WTO Finally Tackle the ‘Trump’ Card of National Security?</a><em> (The Wire, </em>8th May 2019<em>)</em></li></ul>
<p><em>Policy Submissions</em></p>
<ol>
<li>Arindrajit Basu, <a href="https://cis-india.org/internet-governance/blog/cis-comments-on-pre-draft-of-the-report-of-the-un-open-ended-working-group">CIS Submission to OEWG </a>(Centre for Internet and Society, Policy Submission, 2020)</li>
<li>Aayush Rathi, Ambika Tandon, Elonnai Hickok, and Arindrajit Basu. “<a href="https://cis-india.org/internet-governance/blog/cis-submission-to-un-high-level-panel-on-digital-cooperation">CIS Submission to UN High-Level Panel on Digital Cooperation</a>.” Policy submission. Centre for Internet and Society, January 2019.</li>
<li>Arindrajit Basu,Gurshabad Grover, and Elonnai Hickok. “<a href="https://cis-india.org/internet-governance/blog/arindrajit-basu-gurshabad-grover-elonnai-hickok-january-22-2019-response-to-gcsc-on-request-for-consultation">Response to GCSC on Request for Consultation: Norm Package Singapore</a>.” Centre for Internet and Society, January 17, 2019.</li>
<li>Arindrajit Basu and Elonnai Hickok. <a href="https://cis-india.org/internet-governance/files/gcsc-response.">Submission of Comments to the GCSC Definition of ‘Stability of Cyberspace</a> (Centre for Internet and Society, September 6, 2019)</li></ol>
<ol></ol>
<h3>Digital Trade and India's Political Economy</h3>
<p style="text-align: justify;"><em>The modern trading regime and its institutions were born largely into a world bereft of the internet and its implications for cross-border flow and commerce. Therefore, regulatory ambitions at the WTO have played catch up with the technological innovation that has underpinned the modern global digital economy. Driven by tech giants, the “developed” world has sought to restrict the policy space available to the emerging world to impose mandates regarding data localisation, source code disclosure, and taxation - among other initiatives central to development. At the same time emerging economies have pushed back, making for a tussle that continues to this day. Our research has focussed both on issues of domestic political economy and data governance,and the implications these domestic issues have on how India and other emerging economies negotiate at the world stage.</em></p>
<p><em>Long-Form articles and essays</em></p>
<ol>
<li>Arindrajit Basu, Elonnai Hickok and Aditya Chawla,<em> </em><a href="https://cis-india.org/internet-governance/blog/the-localisation-gambit-unpacking-policy-moves-for-the-sovereign-control-of-data-in-india"><strong>T</strong></a><a href="https://cis-india.org/internet-governance/blog/the-localisation-gambit-unpacking-policy-moves-for-the-sovereign-control-of-data-in-india">he Localisation Gambit: Unpacking policy moves for the sovereign control of data in India</a><em> (</em>Centre for Internet and Society<em>, </em>March 19, 2019)<strong><em> </em></strong></li>
<li>Arindrajit Basu,<a href="about:blank">Sovereignty in a datafied world: A framework for Indian diplomacy</a> in Navdeep Suri and Malancha Chakrabarty (eds) <em>A 2030 Vision for India’s Economic Diplomacy </em>(Observer Research Foundation 2021) </li>
<li>Amber Sinha, Elonnai Hickok, Udbhav Tiwari and Arindrajit Basu, <a href="https://cis-india.org/internet-governance/files/mlat-report">Cross Border Data-Sharing and India </a>(Centre for Internet and Society, 2018)</li></ol>
<p><em>Blog posts and op-eds </em></p>
<ul>
<li>Arindrajit Basu,<a class="external-link" href="http://www.hinrichfoundation.com/research/article/wto/can-the-wto-build-consensus-on-digital-trade/"> Can the WTO build consensus on digital trade,</a> Hinrich Foundation,October 05,2021<br /></li><li>Amber Sinha, <a href="https://thewire.in/tech/twitter-modi-government-big-tech-new-it-rules">The power politics behind Twitter versus Government of India</a>, <em>The Wire</em>, June 03, 2021</li>
<li>Karthik Nachiappan and Arindrajit Basu, <a href="https://www.thehindu.com/opinion/op-ed/shaping-the-digital-world/article32224942.ece?homepage=true">Shaping the Digital World</a>, <em>The Hindu</em>, 30th July 2020</li>
<li>Arindrajit Basu and Karthik Nachiappan, <a href="https://www.india-seminar.com/2020/731/731_arindrajit_and_karthik.htm"><em>India and the global battle for data governance</em></a>, Seminar 731, 1st July 2020</li>
<li>Amber Sinha and Arindrajit Basu, <a href="https://scroll.in/article/960676/analysis-reliance-jio-facebook-deal-highlights-indias-need-to-revisit-competition-regulations">Reliance Jio-Facebook deal highlights India’s need to revisit competition regulations</a>, <em>Scroll</em>, 30th April 2020</li>
<li>Arindrajit Basu and Amber Sinha, <a href="https://thediplomat.com/2020/04/the-realpolitik-of-the-reliance-jio-facebook-deal/">The realpolitik of the Reliance-Jio Facebook deal</a>, <em>The Diplomat</em>, 29th April 2020</li>
<li>Arindrajit Basu, <a href="https://thediplomat.com/2020/01/the-retreat-of-the-data-localization-brigade-india-indonesia-and-vietnam/"><em>The Retreat of the Data Localization Brigade: India, Indonesia, Vietnam</em></a><em>, The Diplomat</em>, Jan 10, 2020</li>
<li>Amber Sinha and Arindrajit Basu, <a href="https://www.epw.in/engage/article/politics-indias-data-protection-ecosystem"><em>The Politics of India’s Data Protection Ecosystem</em></a>, <em>EPW Engage</em>, 27 Dec 2019</li>
<li>Arindrajit Basu and Justin Sherman, <a href="https://www.lawfareblog.com/key-global-takeaways-indias-revised-personal-data-protection-bill">Key Global Takeaways from India’s Revised Personal Data Protection Bill</a>, <em>Lawfare</em>, Jan 23, 2020</li>
<li>Nikhil Dave,“<a href="https://cis-india.org/internet-governance/geo-economic-impacts-of-the-coronavirus-global-supply-chains-part-i">Geo-Economic Impacts of the Coronavirus: Global Supply Chains</a>.” <em>Centre for Internet and Society</em> , June 16, 2020.</li></ul>
<h3>International Law and Human Rights</h3>
<p style="text-align: justify;"><em>International law and human rights are ostensibly technology neutral, and should lay the edifice for digital governance and cybersecurity today. Our research on international human rights has focussed on global surveillance practices and other internet restrictions employed by a variety of nations, and the implications this has for citizens and communities in India and similarly placed emerging economies. CIS researchers have also contributed to, and commented on World Intellectual Property Organization negotiations at the intersection of international Intellectual Property (IP) rules and the human rights.</em></p>
<p><em>Long-form article</em></p>
<p><em> </em></p>
<ol>
<li>Arindrajit Basu, <a href="https://cis-india.org/internet-governance/extra-territorial-surveillance-and-the-incapacitation-of-human-rights">Extra Territorial Surveillance and the incapacitation of international human rights law</a>, 12 NUJS LAW REVIEW 2 (2019)</li>
<li>Gurshabad Grover and Arindrajit Basu, ”<a href="https://cyberlaw.ccdcoe.org/wiki/Scenario_24:_Internet_blockage">Internet Blockage</a>”(Scenario contribution to NATO CCDCOE Cyber Law Toolkit,2021)</li>
<li>Arindrajit Basu and Elonnai Hickok, <a href="https://www.ijlt.in/journal/conceptualizing-an-international-framework-for-active-private-cyber-defence">Conceptualizing an international framework for active private cyber defence </a>(Indian Journal of Law and Technology, 2020)</li><li>Arindrajit Basu,<a class="external-link" href="http://www.orfonline.org/wp-content/uploads/2021/10/Digital-Debates__CyFy2021.pdf">Challenging the dogmatic inevitability of extraterritorial state surveillance </a>in Trisha Ray and Rajeswari Pillai Rajagopalan (eds) Digital Debates: CyFy Journal 2021 (New Delhi:ORF and Global Policy Journal,2021)<br /></li></ol>
<p><em>Blog Posts and op-eds</em></p>
<ul>
<li>Arindrajit Basu, “<a href="https://www.medianama.com/2020/08/223-american-law-on-mass-surveillance-post-schrems-ii/">Unpacking US Law And Practice On Extraterritorial Mass Surveillance In Light Of Schrems II</a>”, <em>Medianama</em>, 24th August 2020</li>
<li>Anubha Sinha, “World Intellectual Property Organisation: Notes from the Standing Committee on Copyright Negotiations (<a href="https://cis-india.org/a2k/blogs/wipo-sccr-41-notes-from-day-1">Day 1</a>, <a href="https://cis-india.org/a2k/blogs/wipo-sccr-41-notes-from-day-2">Day 2</a>, <a href="https://cis-india.org/a2k/blogs/wipo-sccr-41-notes-from-day-3-and-day-4-1">Day 3 and 4</a>)”, July 2021</li><li>Raghav Ahooja and Torsha Sarkar,<a class="external-link" href="http://www.lawfareblog.com/how-not-regulate-internet-lessons-indian-subcontinent">How (not) to regulate the internet:Lessons from the Indian Subcontinent</a>,Lawfare,September 23,2021,<br /></li></ul>
<h3>Bilateral Relationships</h3>
<p style="text-align: justify;"><em>Technology has become a crucial factor in shaping bilateral and plurilateral co-operation and competition. Given the geopolitical fissures and opportunities since 2020, our research has focussed on how technology governance and cybersecurity could impact the larger ecosystem of Indo-China and India-US relations. Going forward, we hope to undertake more research on technology in plurilateral arrangements, including the Quadrilateral Security Dialogue. </em></p>
<ul>
<li>Arindrajit Basu and Justin Sherman, <a href="https://thediplomat.com/2021/03/the-huawei-factor-in-us-india-relations/">The Huawei Factor in US-India Relations</a>,<em>The Diplomat</em>, 22 March 2021</li>
<li>Aman Nair, “<a href="https://cis-india.org/internet-governance/blog/tiktok-it2019s-time-for-biden-to-make-a-decision-on-his-digital-policy-with-china">TIkTok: It’s Time for Biden to Make a Decision on His Digital Policy with China</a>,” <em>Centre for Internet and Society</em>, January 22, 2021,</li>
<li>Arindrajit Basu and Gurshabad Grover, <a href="https://thediplomat.com/2020/10/india-needs-a-digital-lawfare-strategy-to-counter-china/">India Needs a Digital Lawfare Strategy to Counter China</a>, <em>The Diplomat</em>, 8th October 2020</li>
<li>Anam Ajmal, <a href="https://timesofindia.indiatimes.com/blogs/toi-edit-page/the-app-ban-will-have-an-impact-on-the-holding-companies-global-power-projection-begins-at-home/">The app ban will have an impact on the holding companies...global power projection begins at home</a>, <em>Times of India</em>, July 7th, 2020 (Interview with Arindrajit Basu)</li>
<li>Justin Sherman and Arindrajit Basu, <a href="https://thediplomat.com/2020/03/trump-and-modi-embrace-but-remain-digitally-divided/">Trump and Modi embrace, but remain digitally divided</a>, <em>The Diplomat</em>, March 05th, 2020</li></ul>
<h3>Emerging Technologies</h3>
<p style="text-align: justify;"><em>Governance needs to keep pace with the technological challenges posed by emerging technologies, including 5G and AI. To do so an interdisciplinary approach that evaluates these scientific advances in line with the regimes that govern them is of utmost importance. While each country will need to regulate technology through the lens of their strategic interests and public policy priorities, it is clear that geopolitical tensions on standard-setting and governance models compels a more global outlook.</em></p>
<p><em>Long-Form reports</em></p>
<ol>
<li>Anoushka Soni and Elizabeth Dominic,<a href="https://cis-india.org/internet-governance/legal-and-policy-implications-of-autonomous-weapons-systems"> Legal and Policy implications of Autonomous weapons systems</a> (Centre for Internet and Society, 2020)</li>
<li>Aayush Rathi, Gurshabad Grover, and Sunil Abraham,<a href="https://cis-india.org/internet-governance/blog/regulating-the-internet-the-government-of-india-standards-development-at-the-ietf"> Regulating the internet: The Government of India & Standards Development at the IETF</a> (Centre for Internet and Society, 2018)</li></ol>
<p><em>Blog posts and op-eds</em></p>
<ul>
<li>Aman Nair, <a href="https://cis-india.org/internet-governance/blog/would-banning-chinese-telecom-companies-make-5g-secure-in-india">Would banning Chinese telecom companies make India 5G secure in India?</a> <em>Centre for Internet and Society</em>, 22nd December 2020</li>
<li>Arindrajit Basu and Justin Sherman<strong>, </strong><a href="https://www.lawfareblog.com/two-new-democratic-coalitions-5g-and-ai-technologies">Two New Democratic Coalitions on 5G and AI Technologies</a>, <em>Lawfare</em>, 6th August 2020</li>
<li>Nikhil Dave, <a href="https://cis-india.org/internet-governance/blog/the-5g-factor.">The 5G Factor: A Primer</a>, <em>Centre for Internet and Society,</em> July 20, 2020.</li>
<li>Gurshabad Grover, <a href="https://indianexpress.com/article/opinion/columns/huawei-ban-india-united-states-china-5755232/">The Huawei bogey</a> <em>Indian Express</em>, May 30th, 2019</li>
<li>Arindrajit Basu and Pranav MB, <a href="https://cis-india.org/internet-governance/blog/what-is-the-problem-with-2018ethical-ai2019-an-indian-perspective">What is the problem with 'Ethical AI'?:An Indian perspective</a>, Centre for Internet and Society, July 21, 2019</li></ul>
<p><strong> </strong></p>
<p><em> </em></p>
<hr />
<p style="text-align: justify;"><em>(This compendium was drafted by Arindrajit Basu with contributions from Anubha Sinha. Aman Nair, Gurshabad Grover, and Pranav MB reviewed the draft and provided vital insight towards its conceptualization and compilation</em>. Dishani Mondal and Anand Badola provided important inputs at earlier stages of the process towards creating this compendium)</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/arindrajit-basu-september-24-2021-the-geopolitics-of-cyberspace-compendium-of-cis-research'>http://editors.cis-india.org/internet-governance/blog/arindrajit-basu-september-24-2021-the-geopolitics-of-cyberspace-compendium-of-cis-research</a>
</p>
No publisherarindrajitCyber SecurityInternet GovernanceCyberspace2021-11-15T14:48:49ZBlog EntryRBI Ban on Cryptocurrencies not backed by any data or statistics
http://editors.cis-india.org/internet-governance/blog/rbi-ban-on-cryptocurrencies-not-backed-by-any-data-or-statistics
<b>In March 2020, the Supreme Court of India quashed the RBI order passed in 2018 that banned financial services firms from trading in virtual currency or cryptocurrency.
Keeping this policy window in mind, the Centre for Internet & Society will be releasing a series of blog posts and policy briefs on cryptocurrency regulation in India
</b>
<p id="docs-internal-guid-9ddef591-7fff-b8f5-3c20-c4a78d53d066" style="text-align: justify;" dir="ltr"> </p>
<p style="text-align: justify;" dir="ltr">On April 6, 2018 <a href="https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11243&Mode=0">the RBI issued a circular</a> preventing all Commercial and Co-operative Banks, Payments Banks, Small Finance Banks, NBFCs, and Payment System Providers not only from dealing in virtual currencies themselves but also directing them to stop providing services to all entities which deal with virtual currencies. The RBI had issued a Press Release cautioning the public against dealing in virtual currencies including Bitcoin in 2013. However, the growing popularity of cryptocurrencies and its adoption by large numbers of Indian users, may have been the reason which forced the RBI to issue another Press Release in February 2017 reiterating its earlier concerns regarding cryptocurrencies raised in its earlier circular of 2013. In December 2017 both the RBI as well as the Ministry of Finance issued Press Releases cautioning the general public about the dangers and risks associated with cryptocurrencies, finally culminating in the circular dated April 6, 2018 banning financial institutions from dealing with cryptocurrency traders. As a result of this circular the operations of cryptocurrency exchanges took a severe hit and the number of transactions on these exchanges reduced substantially. The cryptocurrency market in India all but disappeared with only a few extremely determined enthusiasts still dealing in cryptocurrencies, at the risk of potentially depriving themselves of banking services altogether.</p>
<p style="text-align: justify;" dir="ltr">The RBI circular was challenged in the Supreme Court by the Internet and Mobile Association of India; final arguments in the case were concluded only in the last week of January, 2020 with the judgment of the Supreme Court being awaited. Generally speaking, whenever such policy decisions of the executive branch are challenged in the courts, a well accepted defense for the executive authorities, specifically in highly complicated fields such as finance, etc. is that the decision was taken by an expert body using its expertise in the field. The basic rationale underlying this argument is that the authority has relied on verifiable data and used its expertise to analyse the same in order to arrive at its decision.</p>
<p style="text-align: justify;" dir="ltr">However, it appears from the response by the RBI to an RTI query by Centre for Internet and Society, that requested the RBI for a copy of all reports, papers, opinions and advice that was relied upon for issuing the April 6, 2018 circular, that the RBI has not relied upon any such data to come to a conclusion that banking services should be denied to all those entities dealing in cryptocurrencies. It appears from the response to the RTI query that it was the RBI’s own previous circulars and press releases which formed the basis for the April 6, 2018 circular. This response completely undermines the argument that the decision by the RBI was taken after an analysis of all the facts and statistics concerned with cryptocurrency trading.</p>
<p style="text-align: justify;" dir="ltr">Not only does the RTI response weaken the commonly accepted defense of an expert body making a well-reasoned decision, but it also strengthens another legal ground for challenging the decision of the RBI, viz. arbitrariness. One of the grounds on which executive decisions can be challenged is that the decision was made without taking into account relevant material and without the application of mind. The admission by the RBI in its RTI response that there is no material relied upon by the RBI, except its own previous Press Releases, only strengthens the argument that the decision was made in an arbitrary manner.</p>
<p style="text-align: justify;" dir="ltr">Such an admission by the RBI regarding the process followed before issuing the April 6, 2018 circular reduces the credibility of the decision itself. However it remains to be seen whether the Supreme Court of India agrees with the arguments of the petitioners challenging the April 6, 2018 circular, even though the petitioners may not have been able to produce this RTI response from the RBI to further bolster their case.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/rbi-ban-on-cryptocurrencies-not-backed-by-any-data-or-statistics'>http://editors.cis-india.org/internet-governance/blog/rbi-ban-on-cryptocurrencies-not-backed-by-any-data-or-statistics</a>
</p>
No publishervipulCybersecurityinternet governanceBitcoinInternet GovernanceCryptocurrenciesCyber Security2020-03-05T18:35:48ZBlog EntryCryptocurrency Regulation in India – A brief history
http://editors.cis-india.org/internet-governance/blog/cryptocurrency-regulation-in-india-2013-a-brief-history
<b>In March 2020, the Supreme Court of India quashed the RBI order passed in 2018 that banned financial services firms from trading in virtual currency or cryptocurrency.
Keeping this policy window in mind, the Centre for Internet & Society will be releasing a series of blog posts and policy briefs on cryptocurrency regulation in India
</b>
<p id="docs-internal-guid-18286fb9-7fff-c656-6a5b-a01a2e2b3682" style="text-align: justify;" dir="ltr"> </p>
<p style="text-align: justify;" dir="ltr">The story of cryptocurrencies
started in 2008 when a paper titled “Bitcoin: A Peer to Peer Electronic
Cash System” was published by a single or group of pseudonymous
developer(s) by the name of Satoshi Nakamoto. The actual network took
some time to start with the first transactions taking place only in
January 2009. The first actual sale of an item using Bitcoin took place a
year later with a user swapping 10,000 Bitcoin for two pizzas in 2010,
which attached a cash value to the cryptocurrency for the first time. By
2011 other cryptocurrencies began to emerge, with Litecoin, Namecoin
and Swiftcoin all making their debut. Meanwhile, Bitcoin the
cryptocurrency that started it all started getting criticised after
claims emerged that it was being used on the so-called “dark web”,
particularly on sites such as Silk Road as a means of payment for
illegal transactions. Over the next five years cryptocurrencies steadily
gained traction with increased number of transactions and the price of
Bitcoin, the most popular cryptocurrency shot up from around 5 Dollars
in the beginning of 2012 to almost 1000 Dollars at the end of 2017.</p>
<p style="text-align: justify;" dir="ltr">Riding on the back of this
wave of popularity, a number of cryptocurrency exchanges started
operating in India between 2012 and 2017 providing much needed depth and
volume to the Indian cryptocurrency market. These included popular
exchanges such as Zebpay, Coinsecure, Unocoin, Koinex, Pocket Bits and
Bitxoxo. With the price of cryptocurrencies shooting up and because of
its increased popularity and adoption by users outside of its
traditional cult following, regulators worldwide began to take notice of
this new technology; in India the RBI issued a Press Release cautioning
the public against dealing in virtual currencies including Bitcoin way
back in 2013. However, the transaction volumes and adoption of
cryptocurrencies in India really picked up in earnest only after the
demonetisation of high value currency notes in November of 2016, with
the government’s emphasis on digital payments leading to alternatives to
traditional online banking such as cryptocurrencies forcing their way
into the public consciousness. Indian cryptocurrency exchanges started
acquiring users at a much higher pace which drove up volume for
cryptocurrency transactions on all Indian exchanges. The growing
popularity of cryptocurrencies and its adoption by large numbers of
Indian users forced the RBI to issue another Press Release in February
2017 reiterating its concerns regarding cryptocurrencies raised in its
earlier Press Release of 2013. </p>
<p style="text-align: justify;" dir="ltr">In October and November, 2017
two Public Interest Petitions were filed in the Supreme Court of India,
one by Siddharth Dalmia and another by Dwaipayan Bhowmick, the former
asking the Supreme Court to restrict the sale and purchase of
cryptocurrencies in India, and the latter asking for cryptocurrencies in
India to be regulated. Both the petitions are currently pending in the
Supreme Court.</p>
<p style="text-align: justify;" dir="ltr">In November, 2017 the
Government of India constituted a high level Inter-ministerial Committee
under the chairmanship of Shri Subhash Chandra Garg, Secretary,
Department of Economic Affairs, Ministry of Finance and comprising of
Shri Ajay Prakash Sawhney (Secretary, Ministry of Electronics and
Information Technology), Shri Ajay Tyagi (Chairman, Securities and
Exchange Board of India) and Shri B.P. Kanungo (Deputy Governor, Reserve
Bank of India). The mandate of the Committee was to study various
issues pertaining to Virtual Currencies and to propose specific actions
that may be taken in relation thereto. This Committee submitted its
report in July of 2019 recommending a ban on private cryptocurrencies in
India.</p>
<p style="text-align: justify;" dir="ltr">In December 2017 both the RBI
as well as the Ministry of Finance issued Press releases cautioning the
general public about the dangers and risks associated with
cryptocurrencies, with the Ministry of Finance Press Release saying that
cryptocurrencies are like ponzi schemes and also declaring that they
are not currencies or coins. It should be mentioned here that till the
end of March 2018, the RBI and the Finance Ministry had issued various
Press Releases on cryptocurrencies cautioning people against their
risks, however none of them ever took any legal action or gave any
enforceable directions against cryptocurrencies. All of this changed
with the RBI circular dated April 6, 2018 whereby the RBI prevented
Commercial and Co-operative Banks, Payments Banks, Small Finance Banks,
NBFCs, and Payment System Providers not only from dealing in virtual
currencies themselves but also directing them to stop providing services
to all entities which deal with virtual currencies.</p>
<p style="text-align: justify;" dir="ltr">The effect of the circular was
that cryptocurrency exchanges, which relied on normal banking channels
for sending and receiving money to and from their users, could not
access any banking services within India. This essentially crippled
their business operations since converting cash to cryptocurrencies and
vice versa was an essential part of their operations. Even pure
cryptocurrency exchanges which did not deal in fiat currency, were
unable to carry out their regular operations such as paying for office
space, staff salaries, server space, vendor payments, etc. without
access to banking services. </p>
<p>As a the operations of cryptocurrency exchanges took a severe hit and
the number of transactions on these exchanges reduced substantially.
People who had bought cryptocurrencies on these exchanges as an
investment were forced to sell their crypto assets and cash out before
they lost access to banking facilities. The cryptocurrency exchanges
themselves found it hard to sustain operations in the face of the dual
hit of reduced transaction volumes and loss of access banking services.
Faced with such an existential threat, a number of exchanges who were
members of the Internet and Mobile Association of India (IMAI), filed a
writ petition in the Supreme Court on May 15, 2018 titled Internet and
Mobile Association of India v. Reserve Bank of India, the final
arguments in which were heard by the Supreme Court of India in January,
2020 and the judgment is awaited. If the Supreme Court agrees with the
arguments of the petitioners, then cryptocurrency exchanges would be
able to restart operations in India; as a result the cryptocurrency
ecosystem in India may be revived and cryptocurrencies may become a
viable investment alternative again.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/cryptocurrency-regulation-in-india-2013-a-brief-history'>http://editors.cis-india.org/internet-governance/blog/cryptocurrency-regulation-in-india-2013-a-brief-history</a>
</p>
No publishervipulCybersecurityinternet governanceBitcoinInternet GovernanceCryptocurrenciesCyber Security2020-03-05T18:36:09ZBlog EntryAutomated Facial Recognition Systems and the Mosaic Theory of Privacy: The Way Forward
http://editors.cis-india.org/internet-governance/automated-facial-recognition-systems-and-the-mosaic-theory-of-privacy-the-way-forward
<b> Arindrajit Basu and Siddharth Sonkar have co-written this blog as the third of their three-part blog series on AI Policy Exchange under the parent title: Is there a Reasonable Expectation of Privacy from Data Aggregation by Automated Facial Recognition Systems? </b>
<p> </p>
<p><strong>The Mosaic Theory of Privacy</strong></p>
<p>Whether the data collected by the AFRS should be treated similar to
face photographs taken for the purposes of ABBA is not clear in the
absence of judicial opinion. The AFRS would ordinarily collect
significantly more data than facial photographs during authentication.
This can be explained with the help of the <em><a href="https://www.lawfareblog.com/defense-mosaic-theory" rel="noreferrer noopener" target="_blank">mosaic theory of privacy</a></em>.</p>
<p>The mosaic theory of privacy suggests that data collected for long
durations of an individual can be qualitatively different from single
instances of observation. It argues that aggregating data from different
instances can create a picture of an individual which affects her
reasonable expectation of privacy. This is because a mere slice of
information reveals a lot less if the same is contextualised in a broad
pattern — a mosaic. </p>
<p>The mosaic theory of privacy does not find explicit reference in
Puttaswamy II. The petitioners had argued that seeding of Aadhaar data
into existing databases would bridge information across silos so as to
make real time surveillance possible. This is because information when
integrated from different silos becomes more than the sum of its parts.</p>
<p>The Court, however, dismissed this argument, accepting UIDAI’s
submission that the data collected remains in different silos and
merging is not permitted within the Aadhaar framework. Therefore, the
Court did not examine whether it is constitutionally permissible to
integrate data from different silos; it simply rejected the possibility
of surveillance as a result of Aadhaar authentication.</p>
<p>Jurisprudence in other jurisdictions is more advanced. In <em>United States v. Jones</em>,
the United States Supreme Court had observed that the insertion of a
global positioning system into Antoine Jones’ Jeep in the absence of a
warrant and without his consent invaded his privacy, entitling him to
Fourth Amendment Protection. In this case, the movement of Jones’
vehicle was monitored for a period of twenty-eight days. Five concurring
opinions in Jones acknowledges that aggregated and extensive
surveillance is capable of violating the reasonable expectation of
privacy irrespective of whether or not surveillance has taken place in
public.</p>
<p>The Court distinguished between prolonged surveillance and short term
surveillance. Surveillance in the short run does not reveal what a
person repeatedly does, as opposed to sustained surveillance which can
reveal significantly more about a person. The Court takes the example of
how a sequence of trips to a bar, a bookie, a gym or a church can tell a
lot more about a person than the story of any single visit viewed in
isolation.</p>
<p>Most recently, in<a href="https://www.supremecourt.gov/opinions/17pdf/16-402_h315.pdf" rel="noreferrer noopener" target="_blank"> <em>Carpenter v. United States</em></a>,
the Supreme Court of the United States held that the collection of
historical cell data by the government exposes the physical movements
of an individual to potential surveillance, and an individual holds a
reasonable expectation of privacy against such collection. The Court
admitted that historical-cell site information allows the government to
go back in time in order to retract the exact whereabouts of a person.</p>
<p>Judicial decisions have not addressed specifically whether facial
recognition through law enforcement constitutes a search under the
Fourth Amendment or a “mere visual observation”.</p>
<p>The common thread linking CCTV footages and cellular data is the
unique ability to track the movement of an individual from one place to
another, enabling extreme forms of surveillance. It is perhaps this
crucial link that would make ARFS-enabled CCTVs prejudicial to
individual privacy.</p>
<p> The mosaic theory as understood in <em>Carpenter</em> helps one
understand the extent to which an AFRS can augment the capacities of law
enforcement in India. This in turn can help in understanding whether it
is constitutionally permissible to install such systems across the
country.</p>
<p>AFRS enabled-CCTV footages from different CCTVs. if viewed in
conjunction could reveal a sequence of movements of an individual,
enabling long-term surveillance of a nature that is qualitatively
distinct from isolated observances observed across unrelated CCTV
footages.</p>
<p>Subsequent to <em>Carpenter</em>, <a href="https://www.lawfareblog.com/four-months-later-how-are-courts-interpreting-carpenter" rel="noreferrer noopener" target="_blank">federal district courts</a>
in the United States have declined to apply Carpenter to video
surveillance cases since the judgement did not “call into question
conventional surveillance techniques and tools, such as security
cameras.”</p>
<p>The extent of processing that an AFRS-enabled CCTV exposes an
individual to would be significantly greater. This is because every time
an individual is in the zone of a AFRS-enabled CCTV, the facial image
will be compared to a common database. Snippets from different CCTVs
capturing the individual’s physical presence in two different locations
may not be meaningful per se. When observed together, the AFRS will make
it possible to identify the individual’s movement from one place to
another.</p>
<p>For instance, the AFRS will be able to identify the person when they
are on Street A at a particular time and when they are Street B in the
immediately subsequent hour recorded by respective CCTV cameras,
indicating the person’s physical movement from A to B. While a CCTV
camera only records movement of an individual in video format, AFRS
translates that digital information into individualised data with the
help of a comparison of facial features with a pre-existing database.</p>
<p>Through data aggregation, which appears to be the aim of the Indian
government in their tender that links three databases, it is apparent
that the right to privacy is in danger. Yet, at present, there does not
exist any case law or legislation that can render such efforts illegal
at this juncture.</p>
<p><strong>Conclusions and The Way Forward</strong></p>
<p>Despite a lack of judicial recognition of the potential
unconstitutionality of deploying AFRS, it is clear that the introduction
of these systems pose a clear and present danger to civil rights and
human dignity. Algorithmic surveillance alters a human being’s life in
ways that even the subject of this surveillance cannot fully comprehend.
As an individual’s data is manipulated and aggregated to derive a
pattern about that individual’s world, the individual or his data no
longer exists for itself<sup> </sup>but are massaged into various categories.</p>
<p>Louis Amoore terms this a ‘<a href="https://journals.sagepub.com/doi/abs/10.1177/0263276411417430?journalCode=tcsa" rel="noreferrer noopener" target="_blank">data-derivative</a>’,
which is an abstract conglomeration of data that continuously shapes
our futures without us having a say in their framing. The branding of an
individual as a criminal and then aggregating their data causes
emotional distress as individuals move about in fear of the state gaze
and their association with activities that are branded as potentially
dangerous — thereby suppressing a right to dissent — as exemplified by
their use reported use during the recent protests in Hong Kong.</p>
<p>Case law both in India and abroad has clearly suggested that a right
to privacy is contextual and is not surrendered merely because an
individual is in a public place. However, the jurisprudence protecting
public photography or videography under the umbrella of privacy remains
less clear globally and non-existent in India.</p>
<p>The mosaic theory of privacy is useful in this regard as it prevents
mass ‘data-veillance’ of individual behaviour and accurately identifies
the unique power that the volume, velocity and variety of Big Data
provides to the state. Therefore, it is imperative that the judiciary
recognise safeguards from data aggregation as an essential component of a
reasonable expectation of privacy. At the same time, legislation could
also provide the required safeguards.</p>
<p>In the US, Senators Coons and Lee recently introduced a draft Bill titled ‘<a href="https://www.coons.senate.gov/imo/media/doc/ALB19A70.pdf" rel="noreferrer noopener" target="_blank">The Facial Recognition Technology Warrant Act of 2019’</a>.
The Bill aims to impose reasonable restrictions on the use of facial
recognition technology by law enforcement. The Bill creates safeguards
against sustained tracking of physical movements of an individual in
public spaces. The Bill terms such tracking ‘ongoing surveillance’ when
it occurs for over a period of 72 hours in real time or through
application of technology to historical records. The Bill requires that
ongoing surveillance only be conducted for law enforcement purposes <em>and</em> in pursuance of a Court Order (unless it is impractical to do so).</p>
<p>While the Bill has its textual problems, it is definitely worth
considering as a model going forward and ensure that AFR systems are
deployed in line with a rights-respecting reading of a reasonable
expectation of privacy. <a href="http://datagovernance.org/report/adoption-and-regulation-of-facial-recognition-technologies-in-india" rel="noreferrer noopener" target="_blank">Parsheera</a>
suggests that the legislation should narrow tailoring of the objects
and purposes for deployment of AFRS, restrictions on the person whose
images may be scanned from the databases, judicial approval for its use
on a case by case basis and effective mechanisms of oversight, analysis
and verification.</p>
<p>Appropriate legal intervention is crucial. A failure to implement
this effectively jeopardizes the expression of our true selves and the
core tenets of our democracy.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/automated-facial-recognition-systems-and-the-mosaic-theory-of-privacy-the-way-forward'>http://editors.cis-india.org/internet-governance/automated-facial-recognition-systems-and-the-mosaic-theory-of-privacy-the-way-forward</a>
</p>
No publisherArindrajit Basu, Siddharth SonkarCybersecurityCyber Securityinternet governanceInternet Governance2020-01-02T14:12:38ZBlog EntryAutomated Facial Recognition Systems (AFRS): Responding to Related Privacy Concerns
http://editors.cis-india.org/internet-governance/automated-facial-recognition-systems-afrs-responding-to-related-privacy-concerns
<b>Arindrajit Basu and Siddharth Sonkar have co-written this blog as the second of their three-part blog series on AI Policy Exchange under the parent title: Is there a Reasonable Expectation of Privacy from Data Aggregation by Automated Facial Recognition Systems? </b>
<p> </p>
<p> </p>
<p>The Supreme Court of India, in <a href="https://indiankanoon.org/doc/91938676/">Puttaswamy I</a><em> </em>recognized<em> </em>that
the right to privacy is not surrendered merely because the individual
is in a public place. Privacy is linked to the individual as it is an
essential facet of human dignity. Justice Chelameswar further clarified
that privacy is contextual. Even in a public setting, people trying to
converse in whispers would signal a claim to the right to privacy.
Speaking on a loudspeaker would naturally not signal the same claim.</p>
<p>The Supreme Court of Canada has also affirmed the notion of
contextual privacy. As recently as on 7 March, 2019, the Supreme Court
of Canada <a href="http://www.thecourt.ca/r-v-jarvis-carving-out-a-contextual-approach-to-privacy/" rel="noreferrer noopener" target="_blank">in a landmark decision</a> defined privacy rights in public areas implicitly applying <a href="https://crypto.stanford.edu/portia/papers/RevnissenbaumDTP31.pdf">Helena Nissenbaum’s theory of contextual integrity</a>.
Helena Nissenbaum explains that the extent to which the right to
privacy is eroded in public spaces with the help of her theory of
contextual integrity.</p>
<p>Nissenbaum suggests that labelling information as exclusively public
or private fails to take into account the context which rationalises the
desire of the individual to exercise her privacy in public. To explain
this with an illustration, there exists a reasonable expectation of
privacy in the restroom of a restaurant, even though it is in a public
space.</p>
<p>In <a href="http://www.thecourt.ca/r-v-jarvis-carving-out-a-contextual-approach-to-privacy/"><em>R v Jarvis</em></a> (Jarvis), the Court overruled a Court of Appeal for Ontario <a href="https://www.canlii.org/en/on/onca/doc/2017/2017onca778/2017onca778.pdf">decision</a>
to hold that people can have a reasonable expectation of privacy even
in public spaces. In this case, Jarvis was charged with the offence of
voyeurism for secretly recording his students. The primary issue that
the Supreme Court of Canada was concerned with was whether the students
filmed by Mr. Jarvis enjoyed a reasonable expectation of privacy at
their school.</p>
<p>The Court in this case unanimously held that students did indeed have
a reasonable expectation of privacy. The Court concluded nine
contextual factors relevant in determining whether a person has a
reasonable expectation to privacy would arise. The listed factors were:</p>
<p>“1. The location the person was in when he or she was observed or recorded,</p>
<p>2. The nature of the impugned conduct (whether it consisted of observation or recording),</p>
<p>3. Awareness of or consent to potential observation or recording,</p>
<p>4. The manner in which the observation or recording was done,</p>
<p>5. The subject matter or content of the observation or recording,</p>
<p>6. Any rules, regulations or policies that governed the observation or recording in question,</p>
<p>7. The relationship between the person who was observed or recorded and the person who did the observing or recording,</p>
<p>8. The purpose for which the observation or recording was done, and</p>
<p>9. The personal attributes of the person who was observed or recorded.” (paragraph 29 of the judgement).</p>
<p>The Court emphasized that the factors are not an exhaustive list, but
rather were meant to be a guiding tool in determining whether a
reasonable expectation of privacy existed in a given context. It is not
necessary that each of these factors is present in a given situation to
give rise to an expectation of privacy.</p>
<p>Compared to the above-mentioned factors in Jarvis, the Indian Supreme Court in <a href="https://indiankanoon.org/doc/127517806/">Justice K.S Puttaswamy (Retd.) v. Union of India</a>: Justice Sikri (Puttaswamy II) <strong>—</strong>
the case which upheld the constitutionality of the Aadhaar project
relied on the following factors to determine a reasonable expectation of
privacy in a given context:</p>
<p>“(i) What is the context in which a privacy claim is set up?</p>
<p>(ii) Does the claim relate to private or family life, or a confidential relationship?</p>
<p>(iii) Is the claim a serious one or is it trivial?</p>
<p>(iv) Is the disclosure likely to result in any serious or significant injury and the nature and extent of disclosure?</p>
<p>(v) Is disclosure relates to personal and sensitive information of an identified person?</p>
<p>(vi) Does disclosure relate to information already disclosed publicly? If so, its implication?”</p>
<p>These factors (acknowledged in Puttaswamy II in paragraph 292) seem
to be very similar to the ones laid down in Jarvis, i.e., there is a
strong reliance on the context in both cases. While there is no explicit
mention of individual attributes of the individual claiming a
reasonable expectation, the holding that children should be given an opt
out indicates that the Court implicitly takes into account personal
attributes (e.g. age) as well.</p>
<p>The Court in Jarvis further (in paragraph 39) took the example of a
woman in a communal change room at a public pool. She may expect other
users to incidentally observe her undress but she would continue to
expect only other women in the change room to observe her and reserve
her rights against the general public. She would also expect not to be
video recorded or photographed while undressing, both from other users
of the pool and by the general public. </p>
<p>If it is later found out that the change room had a one-way glass
which allowed the pool staff to view the users change — or if there was a
concealed camera recording persons while they were changing, she could
claim a breach of her reasonable expectation of privacy under such
circumstances and it would constitute an invasion of privacy.</p>
<p><strong>So, in the context of an AFRS, an individual walking down a
public road may still signal that they wish to avail of their right to
privacy. In such contexts, a concerted surveillance mechanism may come
up against constitutional roadblocks.</strong></p>
<p><strong>What is the nature of information being collected?</strong></p>
<p>The second big question <strong>—</strong> the nature of information
which is being collected plays a role in determining the extent to which
a person can exercise their reasonable expectation of privacy.
Puttaswamy II laid down that collection of core biometric information
such as fingerprints, iris scans in the context of the Aadhaar-Based
Biometric Authentication (‘ABBA’) is constitutionally permissible. The
basis of this conclusion is that the Aadhaar Act does not deal with the
individual’s intimate or private sphere.</p>
<p>The judgement of the Supreme Court in Puttaswamy II is in a very
specific context (i.e. the ABBA). It does not explain or identify the
contextual factors which determine the extent to which privacy may be
reasonably expected over biometrics generally. In this judgment, the
Court observed that demographic information and photographs do not raise
a reasonable expectation of privacy under Article 21 unless there exist
special circumstances such as the disclosure of juveniles in conflict
of law or a rape victim’s identity.</p>
<p><strong>Most importantly, the Court held that face photographs for
the purpose of identification are not covered by a reasonable
expectation of privacy. The Court distinguished face photographs from
intimate photographs or those photographs which concern confidential
situations. </strong></p>
<p><strong>Face photographs, according to the Court, are shared by
individuals in the ordinary course of conduct for the purpose of
obtaining a driving </strong>l<strong>icense, voter id, passport,
examination admit cards, employment cards, and so on. Face photographs
by themselves reveal no information.</strong></p>
<p>Naturally, this pronouncement of the Apex Court is a huge boost for the introduction of AFRS in India.</p>
<p>Abroad, however, on 4 September 2019, in <a href="https://www.judiciary.uk/wp-content/uploads/2019/09/bridges-swp-judgment-Final03-09-19-1.pdf">Edward Bridges v. Chief Constable of South Wales Police</a>, a Division Bench of the High Court in England and Wales heard a challenge against an AFRS introduced by law enforcement (<em>see</em>
Endnote 1). The High Court rejected a claim for judicial review holding
that the AFRS in question does not violate inter alia the right to
privacy under Article 8 of the European Convention of Human Rights
(‘ECHR’).</p>
<p>According to the Court, the AFRS was used for specific and limited
purposes, i.e., only when the image of the public matched a person on an
existing watchlist. The use of the AFRS was therefore considered a
lawful and fair restriction.</p>
<p>The Court, however, acknowledged that extracting biometric data
through AFRS is “well beyond the expected and unsurprising”. This seems
to be a departure from the Indian Supreme Court’s observation in
Puttaswamy II that there is no reasonable expectation of privacy over
biometric data in the context of ABBA, and may be a wiser approach for
the Indian courts to adopt.</p>
<h6><strong>Endnote </strong></h6>
<p>1. The challenge was put forth by Edward Bridges, a civil liberties
campaigner from Cardiff for being caught on camera in two particular
deployments of the AFRS a) when he was at Queen Street, a busy shopping
area in Cardiff and b) when he was at the Defence Procurement, Research,
Technology and Exportability Exhibition held at the Motorpoint Arena.</p>
<p> </p>
<p>This was published by <a class="external-link" href="https://aipolicyexchange.org/2019/12/28/automated-facial-recognition-systems-afrs-responding-to-related-privacy-concerns/">AI Policy Exchange</a>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/automated-facial-recognition-systems-afrs-responding-to-related-privacy-concerns'>http://editors.cis-india.org/internet-governance/automated-facial-recognition-systems-afrs-responding-to-related-privacy-concerns</a>
</p>
No publisherArindrajit Basu, Siddharth SonkarCybersecurityCyber Securityinternet governanceInternet Governance2020-01-02T14:09:14ZBlog EntryDecrypting Automated Facial Recognition Systems (AFRS) and Delineating Related Privacy Concerns
http://editors.cis-india.org/internet-governance/decrypting-automated-facial-recognition-systems-afrs-and-delineating-related-privacy-concerns
<b>Arindrajit Basu and Siddharth Sonkar have co-written this blog as the first of their three-part blog series on AI Policy Exchange under the parent title: Is there a Reasonable Expectation of Privacy from Data Aggregation by Automated Facial Recognition Systems?</b>
<p> </p>
<p> </p>
<p>The use of aggregated Big Data by governments has the potential to
exacerbate power asymmetries and erode civil liberties like few
technologies of the past. In order to guard against the aggressive
aggregation and manipulation of the data generated by individuals who
are branded as suspect, it is critical that our firmly established
constitutional rights protect human dignity in the face of this
potential erosion.</p>
<p>The increasing ubiquity of Automated Facial Recognition Systems
(AFRS) serve as a prime example of the rising desire of governments to
push fundamental rights to the brink. With AFRS, the core fundamental
right in question is privacy, although questions have been posed
regarding the potential violation of other related rights, such as the
Right to Equality and the Right to Free Speech and Expression, as well.</p>
<p>There is a rich corpus of literature, (see <a href="https://indianexpress.com/article/opinion/columns/digital-identification-facial-recognition-system-ncrb-5859072/" rel="noreferrer noopener" target="_blank">here</a>, <a href="http://www.unswlawjournal.unsw.edu.au/wp-content/uploads/2017/09/40-1-11.pdf" rel="noreferrer noopener" target="_blank">here</a> and an excellent recent paper by Smriti Parsheera <a href="http://datagovernance.org/report/adoption-and-regulation-of-facial-recognition-technologies-in-india" rel="noreferrer noopener" target="_blank">here)</a>
from a diverse coterie of scholars that call out the challenges posed
by AFRS, particularly with respect to its proportionality as a
restriction over the right to privacy. Our contribution to this
discourse focuses on a very specific question around a ‘reasonable
expectation of privacy’ — the standard identified for the protection of
privacy in public spaces across jurisdictions, including in India. This
is because at this juncture, the precise nature of the AFRS which will
eventually be used and the regulations it will be subject to are not
clear. </p>
<p>In <a href="https://indiankanoon.org/doc/91938676/'">Retd. K.S </a><a href="https://indiankanoon.org/doc/91938676/" rel="noreferrer noopener" target="_blank">Puttaswamy (Retd.) v. Union of India</a>:
Justice Chandrachud (Puttaswamy I), the Indian Supreme Court was
concerned with the question whether there exists a fundamental right to
privacy under the Indian Constitution. A nine-judge bench of the Court
recognized that the right to privacy is a fundamental right implicit
inter alia in the right to life within Article 21 of the Constitution.</p>
<p>The right to privacy protects people and not places. Every person is
entitled, however, to a reasonable expectation of privacy. The
expectation of privacy must be twofold. First, the person must prove
that the alleged act could inflict some harm. Such harm must be real and
not be speculative or imaginary. Second, society must recognize this
expectation as reasonable. The test of reasonable expectations is
contextual, i.e., the extent to which it safeguards privacy depends on
the place at which the individual is.</p>
<p>In order to pass any constitutional test, therefore, AFRS must
satisfy the ‘reasonable expectation’ test articulated in Puttaswamy.
However, in this context, the test itself has multiple contours. Do we
have a right to privacy in a public place? Is AFRS collecting any data
that specifically violates a right to privacy? Is the aggregation of
that data a potential violation?</p>
<p>After providing a brief introduction to the use cases of AFRS in
India and across the world, we embark upon answering all these
questions.</p>
<p><strong>Primer on Automated Facial Recognition Systems (AFRS)</strong></p>
<p>Facial recognition is a biometric technology that utilises cameras to
match stored or live footage of individuals (including both stills and
moving footage) with images or video from an existing database. Some
systems might also be used to analyze broader demographic trends or
conduct sentiment analysis through crowd scanning.</p>
<p>While the use of photographs and video footage have been core
components of police investigation, the use of algorithms to process
vast tracts of Big Data (characterized by ‘Volume, Velocity, and
Variety), and compare disparate and discrete data points allows for the
derivation of hitherto unfeasible insights on the subjects of Big Data.</p>
<p>The utilisation of AFRS for law enforcement is rapidly spreading around the world. <a href="https://carnegieendowment.org/2019/09/17/global-expansion-of-ai-surveillance-pub-79847" rel="noreferrer noopener" target="_blank">A Global AI Surveillance Index</a>
compiled by the Carnegie Endowment for International Peace found that
at least sixty-four countries are incorporating facial recognition
systems into their AI surveillance programs.</p>
<p>Chinese technology company Yitu has entered into a partnership with
security forces in Malaysia to equip police officers with facial
recognition body cameras that, powered by enabling technologies, would
allow a comparison of images caught by the live body cameras with images
from several central databases.</p>
<p>In <a href="https://news.sky.com/story/met-polices-facial-recognition-tech-has-81-error-rate-independent-report-says-11755941" rel="noreferrer noopener" target="_blank">England and Wales</a>,
London Metropolitan Police, South Wales Police, and Leicestershire
Police are all in the process of developing technologies that allow for
the identification and comparison of live images with those stored in a
database.</p>
<p>The technology is being developed by Japanese firm NEC and the police
force has limited ability to oversee or modify the software, given its
proprietary nature. The Deputy Chief of South Wales Police stated that
“the tech is given to [them] as a sealed box… [and the police force
themselves] have no input – whatever it does, it does what it does.”</p>
<p>In the US, <a href="https://www.americanbar.org/groups/criminal_justice/publications/criminal-justice-magazine/2019/spring/facial-recognition-technology/" rel="noreferrer noopener" target="_blank">Baltimore’s police</a>
set up facial recognition cameras to track and arrest protestors — a
system that reached its zenith during the 2018 riots in the city. </p>
<p>It is suspected that authorities in <a href="https://www.japantimes.co.jp/news/2019/10/23/asia-pacific/hong-kong-protests-ai-facial-recognition-tech/#.Xf1Fs_zhVPY" rel="noreferrer noopener" target="_blank">Hong Kong</a> are also using AFRS to clamp down on the ongoing pro-democracy protests.</p>
<p>In India, the Ministry of Home Affairs, through the National Crime Records Bureau put out a <a href="http://ncrb.gov.in/TENDERS/AFRS/RFP_NAFRS.pdf" rel="noreferrer noopener" target="_blank">tender for a new AFRS</a>,
whose stated objective is to “act as a foundation for national level
searchable platform of facial images.” The AFRS will pull facial image
data from CCTV feeds and compare these with existing records across
databases including the Crime and Criminal Tracking Networks and Systems
(CCTNS), Inter-operable Criminal Justice System (or ICJS), Immigration
Visa Foreigner Registration Tracking (IVFRT), Passport, Prisons and
state police records.</p>
<p>Plans are also afoot to integrate this with the yet to be deployed
National Automated Fingerprint Identification System (NAFIS), thereby
creating a multi-faceted surveillance system.</p>
<p>Despite raising eyeballs due to its potential all-pervasive scope,
this tender is not the first instance of AFRS being used by Indian
authorities. Punjab Police, <a href="https://www.livemint.com/AI/DIh6fmR6croUJps6x7JW5K/Meet-Staqu-a-startup-helping-Indian-law-enforcement-agencie.html" rel="noreferrer noopener" target="_blank">in partnership with Gurugram-based start-up Staqu</a>
has launched and commenced implementation of the Punjab Artificial
Intelligence System (PAIS) which uses digitised criminal records and
automated facial recognition to retrieve information on a suspected
criminal and essentially tracks their public whereabouts, which poses
potential constitutional questions.</p>
<p> </p>
<p>This was published by <a class="external-link" href="https://aipolicyexchange.org/2019/12/26/decrypting-automated-facial-recognition-systems-afrs-and-delineating-related-privacy-concerns/">AI Policy Exchange</a>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/decrypting-automated-facial-recognition-systems-afrs-and-delineating-related-privacy-concerns'>http://editors.cis-india.org/internet-governance/decrypting-automated-facial-recognition-systems-afrs-and-delineating-related-privacy-concerns</a>
</p>
No publisherArindrajit Basu, Siddharth SonkarCybersecurityCyber Securityinternet governanceInternet Governance2020-01-02T14:01:48ZBlog EntryExtra-Territorial Surveillance and the Incapacitation of Human Rights
http://editors.cis-india.org/internet-governance/extra-territorial-surveillance-and-the-incapacitation-of-human-rights
<b>This paper was published in Volume 12 (2) of the NUJS Law Review. </b>
<div> </div>
<div>Our
networked data trails dictate, define, and modulate societies in hitherto
inconceivable ways. The ability to access and manipulate that data is a
product of stark power asymmetry in geo-politics, leading to a dynamic
that privileges the interests of a few over the right to privacy and
dignity of the many. I argue that the persistent de facto violation of
human rights norms through extraterritorial surveillance conducted by
western intelligence agencies, compounded by the failure of judicial
intervention in the West has lead to the incapacitation of international
human rights law. Despite robust jurisprudence including case law,
comments by the United Nations, and widespread state practice on the
right to privacy and the application of human rights obligations to
extraterritorial stakeholders, extraterritorial surveillance continues
with aplomb. Procedural safeguards and proportionality tests regularly
sway towards a ‘ritual incantation’ of national security even in
scenarios where a less intrusive option is available. The vulnerable
citizen abroad is unable to challenge these processes and becomes an
unwitting victim of nefarious surveillance practices that further widens
global power asymmetry and entrenches geo-political fissures.</div>
<div><br />The full article can be found <a href="http://editors.cis-india.org/internet-governance/extraterritorial-algorithmic-surveillance-and-the-incapacitation-of-international-human-rights-law" class="internal-link" title="EXTRATERRITORIAL ALGORITHMIC SURVEILLANCE AND THE INCAPACITATION OF INTERNATIONAL HUMAN RIGHTS LAW">here</a>.</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/extra-territorial-surveillance-and-the-incapacitation-of-human-rights'>http://editors.cis-india.org/internet-governance/extra-territorial-surveillance-and-the-incapacitation-of-human-rights</a>
</p>
No publisherArindrajit BasuCybersecurityCyber SecurityInternet Governance2020-01-02T11:02:26ZBlog EntryCall for Comments: Model Security Standards for the Indian Fintech Industry
http://editors.cis-india.org/internet-governance/call-for-comments-model-security-standards-for-the-indian-fintech-industry
<b></b>
<p>The Centre for Internet and Society is pleased to make available the Draft document of Model Security Standards for the Indian Fintech Industry, for feedback and comments from all stakeholders. The objective of this document which was first published in November 2019, is to ensure that the data of users is dealt with in a secure and safe manner by the Fintech Industry, and that smaller businesses in the Fintech industry have a specific standard to look at in order to limit their liabilities for any future breaches. <br /><br />We invite any parties interested in the field of technology policy, including but not limited to lawyers, policy researchers, and engineers, to send in your feedback/comments on the draft document by the 16th of January 2020. We intend to publish our final draft by the end of January 2020. We look forward to receiving your contributions to make this document more comprehensive and effective. Please find a copy of the draft document <a href="http://editors.cis-india.org/internet-governance/resources/security-standards-for-the-financial-technology-sector-in-india" class="internal-link" title="Security Standards for the Financial Technology Sector in India">here</a>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/call-for-comments-model-security-standards-for-the-indian-fintech-industry'>http://editors.cis-india.org/internet-governance/call-for-comments-model-security-standards-for-the-indian-fintech-industry</a>
</p>
No publisherpranavFinancial TechnologyCybersecurityinternet governanceInternet GovernanceCyber Security2019-12-16T13:16:25ZBlog EntryCybersecurity Visuals Media Handbook: Launch Event
http://editors.cis-india.org/internet-governance/blog/cybersecurity-visuals-media-handbook-launch-event
<b>6th December | 6 pm | Centre for Internet and Society, Bangalore</b>
<p> </p>
<p>The existing cybersecurity imagery in media publications has been observed to be limited in its communication of the discourse prevailing in cybersecurity policy circles, relying heavily on stereotypes such as hooded men, padlocks, and binary codes.</p>
<p><br />In order to enable a clearer, more nuanced representation of cybersecurity concepts, we, at CIS, along with <a class="external-link" href="http://designbeku.in/">Design Beku</a> are launching the Cybersecurity Visuals Media Handbook. This handbook has been conceived to be a concise guide for media publications to understand the specific concepts within cybersecurity and use it as a reference to create visuals that are more informative, relevant, and look beyond stereotypes.</p>
<p>We will be launching the interactive digital handbook on 6th December, 2019, at the Centre for Internet and Society, Bangalore, at 6 pm. The event would include a discussion on the purpose, process, and concepts behind this illustrated guide by CIS researchers and Design Beku.</p>
<p>The launch will be followed by a panel discussion on Digital Media Illustrations & the Politics of Technology. We will be joined by Padmini Ray Murray, Paulanthony George, and Kruthika N S in the panel. It will be moderated by Saumyaa Naidu.</p>
<p dir="ltr"><strong>Padmini Ray Murray</strong></p>
<p dir="ltr">Padmini founded the Design Beku collective in 2018 to help not-for-profit organisations explore their potential through research-led design and digital development. Trained as an academic researcher, Padmini currently as the head of communications at Obvious, a design studio. She regularly gives talks and publishes on the necessity of technology and design to be decolonial, local, and ethical. <strong><br /></strong></p>
<p dir="ltr"><strong>Paulanthony George</strong></p>
<p dir="ltr">Paulanthony hates writing bios in the third person.<br />My research focuses on the relationships between made objects, the maker and the behaviour of making, in the context of spreadable digital media (and behaviours stemming from it). I study internet memes inside and outside of India and phenomenon such as dissent, satire, free expression and ambivalent behaviour fostered by them. The research is at the intersection of digital ethnography, culture studies, human-computer interaction, humour studies and critical theory. I spend my time watching people. I draw them, the way they are, the way some people want to be and sometimes I have interesting conversations with them.</p>
<p><span id="gmail-docs-internal-guid-5cb9e515-7fff-777e-6b99-8a216379ee39">
</span></p>
<p dir="ltr"><strong>Kruthika N S</strong></p>
<p dir="ltr">Kruthika NS is a lawyer at LawNK and researcher at the Sports Law & Policy Centre, Bengaluru. She uses art as a medium to explore the intersections of the law and society, with gender justice featuring as the central theme of her work. Her art has included subjects such as the #MeToo movement in India, and the feminist principles of the internet, among several other doodles.</p>
<p dir="ltr"><strong>Saumyaa Naidu</strong></p>
<p dir="ltr">Saumyaa is a designer and researcher at the Centre for Internet and Society. <strong> </strong></p>
<p> </p>
<p><br /><strong>Agenda</strong><br />6:00 - 6:15 pm - Introduction <br />6:15 - 6:45 pm - Presentation on the Media Handbook by Paulanthony George<br />6:45 - 7:00 pm - Tea/ Coffee <br />7:00 - 8:00 pm - Panel discussion on Digital Media Illustrations & the Politics of Technology<br />8:00 - 8:30 pm - Tea/ Coffee and Snacks</p>
<p>The interactive version of handbook can be accessed <a class="external-link" href="http://cis-india.github.io/cybersecurityvisuals/index">here</a>. The print versions of the handbook can be accessed at: <a class="external-link" href="https://drive.google.com/file/d/13Llq1vD5Eb-yo2YE3X6dRPaZ_WsMYhfa/view?usp=sharing">Single Scroll Printing</a>, <a class="external-link" href="https://drive.google.com/file/d/1mK_lxA0Eeb7GWxqZk4IM3cBxKdWakKS9/view?usp=sharing">Tiled-Paste Printing</a>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/cybersecurity-visuals-media-handbook-launch-event'>http://editors.cis-india.org/internet-governance/blog/cybersecurity-visuals-media-handbook-launch-event</a>
</p>
No publishersaumyaaCybersecurityCyber SecurityEventInternet Governance2019-12-06T09:27:37ZEventDraft Security Standards for The Financial Technology Sector in India
http://editors.cis-india.org/internet-governance/blog/draft-security-standards-for-the-financial-technology-sector-in-india
<b>Information security standards provide a framework for the secure development, implementation and maintenance of information systems and technology architecture. This document includes draft information security standards, which seek to ensure that not only the data of users is dealt with in a secure and safe manner but also that the smaller businesses in the fintech industry have a specific standard to look at in order to limit their liabilities for any future breaches.
</b>
<p id="docs-internal-guid-d14bad43-7fff-1d2b-c873-9850851b223a" dir="ltr"> </p>
<p dir="ltr">By: <strong>Vipul Kharbanda</strong></p>
with inputs from: <strong>Prem Sylvester
</strong>
<p> </p>
<hr />
<p id="docs-internal-guid-47476e0d-7fff-b341-0372-b39d8cd99bcb" style="text-align: justify;" dir="ltr"> </p>
<p style="text-align: justify;" dir="ltr">Information security standards provide a framework for the secure development, implementation and maintenance of information systems and technology architecture. Regulatory policies often cite several information security standards as a baseline that is to be complied with in order to ensure the adequate protection of information systems as well as associated architecture. Information security standards for the financial industry provide consideration to the specific risks and threats that financial institutions may face, making them an integral part of the process of ensuring business and operational sanctity.</p>
<p> </p>
<p style="text-align: justify;" dir="ltr">There is an urgent economic interest in ensuring robust security of the financial technology sector within the country. This interest is amplified considerably due to the policy push seeking to shift India towards the realisation of a ‘cashless society’. This recent policy push has in part led to the ubiquitous adoption of technology-centric financial services such as PayTM, PhonePe, Mobikwik and others. The current landscape with respect to security standards for financial institutions in India appears to be multi-pronged; with multiple standards in place for companies to implement.</p>
<hr />
<p><br /><strong>The report can be accessed in full <a href="https://cis-india.org/internet-governance/resources/security-standards-for-the-financial-technology-sector-in-india">here.</a></strong></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/draft-security-standards-for-the-financial-technology-sector-in-india'>http://editors.cis-india.org/internet-governance/blog/draft-security-standards-for-the-financial-technology-sector-in-india</a>
</p>
No publisherVipul KharbandaCyber SecuritySecurity StandardsFinancial Technology2019-11-18T09:51:36ZBlog EntryCultivating India’s Cyber Defense Strategy
http://editors.cis-india.org/internet-governance/files/cultivating-india2019s-cyber-defense-strategy
<b></b>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/files/cultivating-india2019s-cyber-defense-strategy'>http://editors.cis-india.org/internet-governance/files/cultivating-india2019s-cyber-defense-strategy</a>
</p>
No publisherAdminCyber SecurityInternet Governance2019-11-13T14:39:19ZFileIndia’s Role in Global Cyber Policy Formulation
http://editors.cis-india.org/internet-governance/blog/lawfare-arindrajit-basu-november-7-2019-indias-role-in-global-cyber-policy-formulation
<b>The past year has seen vigorous activity on the domestic cyber policy front in India. On key issues—including intermediary liability, data localization and e-commerce—the government has rolled out a patchwork of regulatory policies, resulting in battle lines being drawn by governments, industry and civil society actors both in India and across the globe.</b>
<p>The article by Arindrajit Basu was <a class="external-link" href="https://www.lawfareblog.com/indias-role-global-cyber-policy-formulation">published in Lawfare</a> on November 7, 2019. The article was reviewed and edited by Elonnai Hickok and Justin Sherman.</p>
<hr />
<p style="text-align: justify; ">The onslaught of recent developments demonstrates how India can shape cyber policy debates. Among emerging economies, India is uniquely positioned to exercise leverage over multinational tech companies due to its sheer population size, combined with a rapid surge in users coming online and the country’s large gross domestic product. India occupies a key seat at the <a href="https://www.theatlantic.com/international/archive/2019/06/g20-data/592606/">data governance table</a> alongside other players like the EU, China, Russia and the United States — a position the country should use to promote its interests and those of other similarly placed emerging economies.</p>
<p style="text-align: justify; ">For many years, the Indian population has served as an economic resource for foreign, largely U.S.-based tech giants. Now, however, India is moving toward a regulatory strategy that reduces the autonomy of these companies in order to pivot away from a system that recently has been termed “<a href="https://swarajyamag.com/magazine/colonialism-20-truly">data colonialism</a>”—in which Western technologies use data-driven revenue bolstered by information extracted from consumers in the Global South to consolidate their global market power. The policy thinking underpinning India’s new grand vision still has some gaps, however.</p>
<h3 style="text-align: justify; ">Data Localization</h3>
<p style="text-align: justify; ">Starting with a circular from the Reserve Bank of India in April 2018, the Indian government has <a href="https://twitter.com/cis_india/status/1143096429298085889">introduced a range of policy instruments</a> mandating “<a href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf">data localization</a>”—that is, requiring that certain kinds of data must be stored in servers located physically within India. A snapshot of these policies is summarized in the table below.</p>
<p style="text-align: justify; "><img src="http://editors.cis-india.org/home-images/IndianLaws.jpg" alt="Indian Laws" class="image-inline" title="Indian Laws" /></p>
<p style="text-align: justify; "><span style="text-align: -webkit-center; ">(</span><em>Source </em><a href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf" style="text-align: -webkit-center; "><em>here</em></a><em>. Design credit: Saumyaa Naidu</em><span style="text-align: -webkit-center; ">)</span></p>
<p style="text-align: justify; "><span style="text-align: -webkit-center; ">While there are <a href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf">a number of</a> reasons for this maneuver, two in particular are in line with India’s broader vision of data sovereignty—broadly defined as the sovereign right of nations to govern data within their territory and/or jurisdiction in order to support their national interest for the welfare of their citizens. First, there is an incentive to keep data within India’s jurisdiction because of the cumbersome process through which Indian law enforcement agencies must go during criminal investigations in order to access data stored in the U.S. Second, data localization undercuts the <a href="https://theprint.in/tech/digital-colonialism-why-countries-like-india-want-to-take-control-of-data-from-big-tech/298217/">extractive economic models</a> used by U.S. companies operating in India by which the data generated by Indian citizens is collected in India, stored in data centers located largely in the U.S., and processed and analyzed to derive commercially valuable insights.</span></p>
<p style="text-align: justify; ">Both foreign players and smaller Indian private-sector actors were against this move. A <a href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf">study</a> on the issue that I co-authored earlier this year with Elonnai Hickok and Aditya Chawla found that one of the reasons for this resistance involved the high costs of setting up the data centers that are needed to comply with the requirement. President Trump <a href="https://www.whitehouse.gov/briefings-statements/remarks-president-trump-g20-leaders-special-event-digital-economy-osaka-japan/">echoed</a> this sentiment when he explicitly opposed data localization during a meeting with Prime Minister Narendra Modi on the sidelines of the G-20 in June 2019.</p>
<p style="text-align: justify; ">At the same time, large Indian players such as Reliance and Paytm and Chinese companies like AliBaba and Xilink were in favor of localization—possibly because these companies could absorb the costs of setting up storage facilities while benefiting from the fixed costs imposed on foreign competition. In fact, some companies, such as AliBaba, <a href="https://economictimes.indiatimes.com/small-biz/startups/newsbuzz/alibaba-cloud-opens-second-data-centre-in-india/articleshow/65995570.cms">have already set up storage facilities in India.</a></p>
<p style="text-align: justify; ">As my co-authors and I noted, data localization comes with various risks, both diplomatically and politically. So far, the issue has caused friction in U.S.-India trade relations. For example, before Secretary of State Mike Pompeo's trip to New Delhi in June, the Trump administration <a href="https://thewire.in/diplomacy/us-india-h1b-visa-data-localisation">reportedly</a> contemplated limiting H-1B visas for any country that implements a localization requirement. Further, on his trips to New Delhi, Commerce Secretary Wilbur Ross has <a href="https://www.medianama.com/2019/05/223-us-trade-secretary-wilbur-ross-highlights-data-localisation-high-tariffs-on-electronics-telecom-products-in-india-as-trade-issues/">regularly argued</a> that data localization restrictions are a barrier to U.S. companies and stressed the need to eliminate such barriers. Further, data localization poses several <a href="https://www.lawfareblog.com/where-your-data-really-technical-case-against-data-localization">technical challenges</a> as well as security risks. Mirroring data across multiple locations, as India’s <a href="https://meity.gov.in/writereaddata/files/Personal_Data_Protection_Bill,2018.pdf">Draft Personal Data Protection Bill</a> mandates, increases the number of physical data centers that need to be protected and thereby the number of vulnerable points that malicious actors can attack.</p>
<p style="text-align: justify; ">Recently, the Indian media have reported <a href="https://economictimes.indiatimes.com/news/economy/policy/policymakers-a-divided-lot-on-personal-data-bill-provisions/articleshow/70404637.cms?from=mdr&utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst">disagreements</a> between policymakers over data localization, along with speculation that the data storage requirement in the Draft Personal Data Protection Bill could be limited only to critical data—a term not defined in the bill itself—or be left to sectoral regulators, officials from individual government departments.</p>
<p style="text-align: justify; ">Our paper <a href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf">recommended a dual approach</a>. In our view, data localization policy should include mandatory localization for critical sectors such as defense or payments data, while also adopting “conditional” localization for all other data. Under conditional localization, data should only be transferred to countries that (a) agree to share the personal data of Indian citizens with law enforcement authorities based on Indian criminal procedure laws (examples of such a mechanism may be an executive data-sharing agreement under the <a href="https://epic.org/privacy/cloud-act/">CLOUD Act</a>) and (b) have equivalent privacy and security safeguards. This approach would be in line with India’s overarching vision of data sovereignty and the goal of standing up to the hegemony of big tech and of U.S. internet regulations, while avoiding undue collateral damage to India’s global alliances.</p>
<h3 style="text-align: justify; ">Intermediary Liability</h3>
<p style="text-align: justify; ">In line with the goal of ensuring that big tech is answerable to the rule of law, the Indian government has also sought to regulate the adverse social impacts of some speech hosted by platforms. Rule 3(9) of the <a href="https://meity.gov.in/writereaddata/files/Draft_Intermediary_Amendment_24122018.pdf">Draft of the Information Technology Intermediaries Guidelines (Amendment) Rules, 2018,</a> released by the Ministry of Electronics and Information Technology in December 2019, takes up the interventionist mission of laws like the <a href="https://www.lawfareblog.com/germanys-bold-gambit-prevent-online-hate-crimes-and-fake-news-takes-effect">NetzDg</a> in Germany. The regulation would mandate that platforms use “automated tools or appropriate mechanisms, with appropriate controls, for proactively identifying and removing or disabling public access to unlawful information or content.” These regulations have prompted concerns from both the private sector and civil society groups that claim the proposal fails to address <a href="https://cis-india.org/internet-governance/resources/Intermediary%20Liability%20Rules%202018.pdf">constitutional concerns</a> about algorithmic discrimination, excessive censorship and inappropriate delegation of legislative powers under Indian law. Further, some observers object that the guidelines adopt a “one-size-fits-all” approach to classifying intermediaries that does not differentiate between platforms that thrive on end-to-end encryption like WhatsApp and public platforms like Facebook.</p>
<p style="text-align: justify; ">In many ways, these guidelines—likely to be <a href="https://www.medianama.com/2019/10/223-intermediary-guidelines-to-be-notified-by-jan-15-2020-meity-tells-supreme-court/">notified</a><a href="https://www.medianama.com/2019/10/223-intermediary-guidelines-to-be-notified-by-jan-15-2020-meity-tells-supreme-court/"> (as an amendment to the Information Technology Act) as early as January 2020</a>—put the cart before the horse. Before devising regulatory models appropriate for India’s geographic scale and population, it is first necessary to conduct empirical research about the vectors through which misinformation spreads in India and how misinformation impacts different social, economic and linguistic communities, along with pilot programs for potential solutions to the misinformation problem. And it is imperative that these measures be brought in line with constitutional requirements.</p>
<h3 style="text-align: justify; ">Community Data and “Data as a Public Good”</h3>
<p>Another important question involves the precise meaning of “data” itself—an issue on which various policy documents have failed to deliver a consistent stance.</p>
<p style="text-align: justify; ">The first conceptualization of “community data” appears in both the <a href="https://meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf">Srikrishna Committee Report</a> that accompanied the <a href="https://meity.gov.in/writereaddata/files/Personal_Data_Protection_Bill,2018.pdf">Draft Personal Data Protection Bill</a> in 2018 and the draft e-commerce policy. However, neither policy provides clarity on the concept of data.</p>
<p style="text-align: justify; ">When defining community data, the Srikrishna Report endorses a collective protection of privacy as protecting an identifiable community that has contributed to community data. According to the Srikrishna Report, receiving collective protection requires the fulfillment of three key aspects. First, the data belong to an identifiable community. Second, the individuals in the community consent to being a part of the community. And third, the community as a whole consents to its data being treated as community data.</p>
<p style="text-align: justify; ">The <a href="https://dipp.gov.in/sites/default/files/DraftNational_e-commerce_Policy_23February2019.pdf">draft e-commerce policy</a> reconceptualizes the notion of community data as “societal commons” or a “national resource,” where the undefined ‘community” has rights to access data but the government has overriding control to utilize the data for welfare purposes. Unlike the Srikrishna Report, the draft e-commerce policy does not outline the key aspects of community data. This approach fails to demarcate a clear line between personal and nonpersonal data or to specify any practical guidelines or restrictions on how the government can use community data. For this reason, implementation of this policy could pose a threat to the right to privacy that the Indian Supreme Court recognized as a <a href="https://thewire.in/law/supreme-court-aadhaar-right-to-privacy">fundamental right</a> in 2017.</p>
<p style="text-align: justify; ">The second idea is that of “data as a public good.” This is described in Chapter 4 of the <a href="https://www.indiabudget.gov.in/economicsurvey/doc/vol1chapter/echap04_vol1.pdf">2019 Economic Survey Report</a>—a document published by the Ministry of Finance along with the Annual Financial Budget. The report explicitly states that any data governance framework needs to be deferential to privacy norms and the soon-to-be-enacted privacy law. The report further states that “personal data” of an individual in the custody of a government is a “public good” once the datasets are anonymized.</p>
<p style="text-align: justify; ">However, the report’s recommendation of setting up a government database that links several individual databases together leads to the <a href="https://thewire.in/government/india-vision-data-republic-dangers-privacy">“triangulation” problem</a>, in which individuals can be identified by matching different datasets together. The report further suggests that the same data can be sold to private firms (though it is unclear whether this includes foreign or domestic firms). This directly contradicts the characterization of a “public good”—which, by definition, must be <a href="https://www.britannica.com/topic/public-good-economics">n</a><a href="https://www.britannica.com/topic/public-good-economics">onexcludable and nonrivalrous</a>—and is also at odds with the government’s vision of reining in big tech. The government has set up an expert committee to look into the scope of nonpersonal data, and the results of the committee’s deliberations <a href="https://www.medianama.com/2019/09/223-meity-non-personal-data-committee/">are likely to</a> influence the shape that India’s data governance framework takes across multiple policy instruments.</p>
<p style="text-align: justify; ">There is obviously a need to reassess and reevaluate the range of governance efforts and gambits that have emerged in the past year. With domestic cyber policy formulation pivots reaching a crescendo, we must consider how domestic cyber policy efforts can influence India’s approach to global debates in this space.</p>
<h3 style="text-align: justify; ">India’s Contribution to Global Cyber Policy Debates</h3>
<p style="text-align: justify; ">As the largest democracy in the world, India is undoubtedly a key <a href="https://www.newamerica.org/cybersecurity-initiative/reports/digital-deciders/">“digital decider”</a> in shaping the future of the internet. Multilateral cyber policy formulation efforts remain <a href="https://cis-india.org/internet-governance/blog/the-potential-for-the-normative-regulation-of-cyberspace-implications-for-india">polarized</a>. The U.S. and its European allies continue to advocate for a free, rules-based conception of cyberspace with limited governmental interference. China and Russia, along with their Shanghai Cooperation Organisation allies, are pushing for a tightly regulated internet in which each state has the right to manage and define its “network frontiers” through domestic regulation free from external interference. To some degree, India is already influencing debate over the internet through its various domestic cyber policy movements. However, its participation in international debates has been lacking the vigor or coherence needed to clearly articulate India’s national interests and take up a global leadership role.</p>
<p style="text-align: justify; ">In shaping its contributions to global cyber policy formulation, India should focus its efforts on three key places: (a) internet governance forums that deliberate the governance of the technical architecture of the internet such as domain names, (b) cyber norms formulation processes that seek to establish norms to foster responsible behavior in cyberspace by states and nonstate actors in cyberspace, and (3) global debates on trade and cross-border data flows that seek to conceptualize the future of global digital trade relationships. As I discuss below, there are key divisions in Indian policy in each of these forums. To realize its grand vision in the digital sphere, India needs to do much more to make its presence felt.</p>
<p><em>Internet Governance Forums</em></p>
<p style="text-align: justify; ">India’s stance on a variety of issues at internet governance forums has been inconsistent, switching repeatedly between <a href="https://www.cigionline.org/sites/default/files/documents/GCIG%20Volume%202%20WEB.pdf">multilateral and multistakeholder visions for internet governance.</a> A core reason for this uncertainty <a href="https://cis-india.org/internet-governance/files/indias-contribution-to-internet-governance-debates">is the participation of multiple Indian government</a> ministries, which often disagree with each other. At global internet governance forums, India has been represented either by the Department of Electronics and Information Technology (now renamed to Ministry of Electronics and Information Technoloft or the Department of Telecommunications (under the Ministry of Communications and Information Technology) or by the Ministry of External Affairs (MEA).</p>
<p style="text-align: justify; ">As my colleagues have documented <a href="https://cis-india.org/internet-governance/files/indias-contribution-to-internet-governance-debates">in a detailed paper,</a> India has been vocal in global internet governance debates at forums including the International Telecommunications Union, the Internet Governance Forum and the U.N. General Assembly. However, the Indian stance on <a href="https://www.diplomacy.edu/IGFLanguage/multistakeholderism">multistakeholderism</a> has been complex, with the MEA advocating for a multilateral stance while the other departments switched between multistakeholderism and “nuanced multilateralism”—which calls for multistakeholder participation in policy formulation but multilateral implementation. The paper also argues that there has been a decline recently in the vigor of Indian participation at forums such as the 2018 meeting of the Working Group on Enhanced Co-operation (WGEC 2.0), due to key personnel changes. For <a href="https://cis-india.org/internet-governance/files/indias-contribution-to-internet-governance-debates">example</a>, B.N. Reddy, who was a skilled and experienced negotiator for the MEA in previous forums, was transferred to another position before WGEC 2.0, and the delegation that attended the meeting did not make its presence felt as strongly or skillfully.</p>
<p><em>Cyber Norms for Responsible State Behavior in Cyberspace</em></p>
<p style="text-align: justify; ">With the exception of two broad and unoriginal statements at the <a href="https://unoda-web.s3-accelerate.amazonaws.com/wp-content/uploads/2016/10/India.pdf">70th</a> and <a href="https://undocs.org/A/71/172">71st</a> sessions of the U.N. General Assembly, India has yet to make public its position on the multilateral debate on the proliferation of norms for responsible state behavior in cyberspace. During the <a href="https://dig.watch/events/open-ended-working-group-oewg-first-substantive-session">substantive session</a> of the Open-Ended Working Group held in September, India largely reaffirmed points made by other states, rather than carving out a new or original approach. The silence and ambiguity is surprising, as India has been represented on four of the five Groups of Governmental Experts (GGEs) set up thus far and has also been inducted into the 2019-2021 GGE that is set to revamp the global cyber norms process. (Due to the GGE’s rotational membership policy, India was not a member of the fourth GGE that submitted its report in 2015.)</p>
<p style="text-align: justify; ">However, before becoming an evangelist of any particular norms, India has some homework to do domestically. It has yet to advance a clear, coherent and detailed public stance outlining its views on the application of international law to cyberspace. This public stance is necessary for two reasons. First, a well-reasoned statement that explains India’s stance on core security issues—such as the applicability of self-defense, countermeasures and international humanitarian law—would show India’s appetite for offensive and defensive strategies for external adversaries and allies alike. This would serve as the edifice of a potentially credible cyber deterrence strategy. Second, developing a public stance would help India to take advantage of the economic, demographic and political leverage that it holds and to assume a leadership role in discussions. The <a href="https://www.gov.uk/government/speeches/cyber-and-international-law-in-the-21st-century">U.K.</a>, <a href="https://www.lawfareblog.com/frances-cyberdefense-strategic-review-and-international-law">France,</a> <a href="https://www.lawfareblog.com/germanys-position-international-law-cyberspace">Germany</a>, <a href="https://www.justsecurity.org/64490/estonia-speaks-out-on-key-rules-for-cyberspace/">Estonia</a>, <a href="https://www.justsecurity.org/wp-content/uploads/2017/06/Cuban-Expert-Declaration.pdf">Cuba</a> (backed by China and Russia) and the <a href="https://www.justsecurity.org/wp-content/uploads/2016/11/Brian-J.-Egan-International-Law-and-Stability-in-Cyberspace-Berkeley-Nov-2016.pdf">U.S.</a> have all made their positions publicly known with varying degrees of detail.</p>
<p><em>Data Transfers</em></p>
<p style="text-align: justify; ">Unlike in other forums, Indian policy has been clearer in the cross-border data transfer debate. This is a foreign policy extension of India’s emphasis on localization and data sovereignty in domestic policy instruments. At the G-20 Summit in Osaka, India and the rest of the BRICS group (Brazil, Russia, China and South Africa) stressed the role that data play in economic development for emerging economies and reemphasized the need for <a href="https://www.youtube.com/watch?v=0a8YsZQ0F6k&feature=youtu.be">data sovereignty</a>. India did not sign the <a href="https://www.international.gc.ca/world-monde/international_relations-relations_internationales/g20/2019-06-29-g20_declaration-declaration_g20.aspx?lang=eng">Osaka Declaration on the Digital Economy</a> that kickstarted the “Osaka Track”—a process whereby the 78 signatories agreed to participate in global policy discussions on international rule-making for e-commerce at the World Trade Organization (WTO). This was a continuation of India’s sustained efforts opposing the e-commerce moratorium at the WTO.</p>
<p style="text-align: justify; ">The importance of cross-border data flows in spurring the global economy found its way into the <a href="https://g20.org/pdf/documents/en/FINAL_G20_Osaka_Leaders_Declaration.pdf">Final G-20 Leaders Declaration</a>—which India signed. Foreign Secretary Vijay Gokhale <a href="https://www.youtube.com/watch?v=0a8YsZQ0F6k&feature=youtu.be">argued</a> that international rule-making on data transfers should not take place in plurilateral forums outside the WTO. Gokhale claimed that limiting the debate to the WTO would ensure that emerging economies have a say in the framing of the rules. The clarity expressed by the Indian delegation at the G-20 should be a model for more confident Indian leadership in this global cyber policy development space.</p>
<h3 style="text-align: justify; ">Looking Forward</h3>
<p style="text-align: justify; ">India is no newcomer to the idea of normative leadership. To overcome material shortcomings in the nation’s early years, Jawaharlal Nehru, the first Indian prime minister, engineered a <a href="https://www.livemint.com/Opinion/h13WRfZP09BWA3Eg68TuVL/What-Narendra-Modi-has-Jawaharlal-Nehru-to-thank-for.html">normative pivot in world affairs</a> by championing the sovereignty of countries that had gained independence from colonial rule. In the years immediately after independence, the Indian foreign policy establishment sought to break the hegemony of the United States and the Soviet Union by advancing a foreign policy rooted in what came to be known as <a href="https://www.foreignaffairs.com/articles/india/2016-09-19/india-after-nonalignment">“nonalignment.”</a></p>
<p style="text-align: justify; ">Making sound contributions to foreign policy in cyberspace requires a variety of experts—international lawyers, computer scientists, geopolitical strategists and human rights advocates. Indian civil society and academia are brimming with tech policy enthusiasts from a variety of backgrounds who could add in-depth substance to the government’s cyber vision. Such engagement has begun to some extent at the domestic level: Most government policies are now opened up to consultation with stakeholders Yet there is still room for greater transparency in this process.</p>
<p style="text-align: justify; ">India's cyber vision is worth fighting for. The continued monetization of data dividends by foreign big tech at the expense of India’s socioeconomic development needs to be countered. This can be accomplished by predictable and coherent policymaking that balances economic growth and innovation with the fundamental rights and values enshrined in the Indian Constitution, including the right to equality, freedom of speech and expression, and the right to life. But inherent contradictions in the conceptualization of personal data, delays in tabling the Personal Data Protection Bill, and uncertain or rushed approaches in several other regulatory policies are all fettering the realization of this vision. On core geopolitical issues, there exists an opportunity to set the rule-shaping agenda to favor India’s sovereign interests. With global cyber policy formulation in a state of flux, India has the economic, demographic and intellectual leverage to have a substantial impact on the debate and recraft the narrative in favor of the rapidly emerging Global South.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/lawfare-arindrajit-basu-november-7-2019-indias-role-in-global-cyber-policy-formulation'>http://editors.cis-india.org/internet-governance/blog/lawfare-arindrajit-basu-november-7-2019-indias-role-in-global-cyber-policy-formulation</a>
</p>
No publisherbasuCyber SecurityInternet Governance2019-11-13T14:13:33ZBlog EntryDiscussion at CyFy on Technology, Policy and National Security: Building 21st Century Curricula in India’s Law Schools
http://editors.cis-india.org/internet-governance/news/discussion-at-cyfy-on-technology-policy-and-national-security-building-21st-century-curricula-in-india2019s-law-schools
<b>Arindrajit Basu attended the session and gave comments on the course outline which included thoughts on:</b>
<ol>
<li>Threshold of technical knowledge-comparison with WTO law</li>
<li>Need for India-centric approaches both in domestic and foreign policy</li>
<li>Possibility of executive training of senior diplomats</li>
<li>Need to include fintech security in the syllabus</li>
<li>Necessity of international law as a tool of conflict 6. Sustained collaboration between think-tanks and universities</li>
</ol>
<p> </p>
<p style="text-align: justify; ">The event was organized by Centre for Communication Governance at National Law University Delhi and Observer Research Foundation at Villa Medici, Taja Mahal Hotel, Man Singh Road, New Delhi.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/discussion-at-cyfy-on-technology-policy-and-national-security-building-21st-century-curricula-in-india2019s-law-schools'>http://editors.cis-india.org/internet-governance/news/discussion-at-cyfy-on-technology-policy-and-national-security-building-21st-century-curricula-in-india2019s-law-schools</a>
</p>
No publisherAdminCyber SecurityInternet GovernanceFinancial Technology2019-10-20T07:23:11ZNews ItemCyber Policy 2.0
http://editors.cis-india.org/internet-governance/news/cyber-policy-2.0
<b>National Law University organized an executive education program in Bangalore on August 17, 2019. Arindrajit Basu was a speaker. He spoke on Deconstructing the India regulatory approach to data governance and cyber security.</b>
<p>For more details about the program, <a class="external-link" href="http://policyandgovernance.in/cyber-policy-2/">click here</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/cyber-policy-2.0'>http://editors.cis-india.org/internet-governance/news/cyber-policy-2.0</a>
</p>
No publisherAdminCyber SecurityInternet GovernanceCyberspace2019-08-19T14:18:13ZNews ItemPrivate Sector and the cultivation of cyber norms in India
http://editors.cis-india.org/internet-governance/blog/nextrends-india-arindrajit-basu-august-5-2019-private-sector-and-the-cultivation-of-cyber-norms-in-india
<b>Information Communication Technologies (ICTs) have become a regular facet of modern existence. The growth of cyberspace has challenged traditional notions of global order and uprooted the notion of governance itself. All over the world, the private sector has become a critical player, both in framing cyber regulations and in implementing them.</b>
<p style="text-align: justify; ">The article by Arindrajit Basu was published by <a class="external-link" href="http://nextrendsindia.org/private-sector-and-the-cultivation-of-cyber-norms-in-india/">Nextrends India</a> on August 5, 2019.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">While the United Nations ‘Group of Governmental experts’ (GGE), tried and failed to establish a common law for governing the behavior of states in cyberspace, it is Big Tech who led the discussions on cyberspace regulations. Microsoft’s <a class="addbackground" href="https://www.microsoft.com/en-us/cybersecurity/content-hub/a-digital-geneva-convention-to-protect-cyberspace">Digital Geneva Convention</a> which devised a set of rules to protect civilian use of the internet was a notable initiative on that front. Microsoft was also a major driver of the <a class="addbackground" href="https://cybertechaccord.org/">Tech Accords</a> — a public commitment made by over 100 companies “agreeing to defend all customers everywhere from malicious attacks by cyber-criminal enterprises and nation-states.” The <a class="addbackground" href="https://www.diplomatie.gouv.fr/en/french-foreign-policy/digital-diplomacy/france-and-cyber-security/article/cybersecurity-paris-call-of-12-november-2018-for-trust-and-security-in">Paris Call for Trust and Security in Cyberspace</a> was a joint effort between the French government and Microsoft that brought in (as of today) 66 states, 347 private sector entities, including Indian business guilds such as FICCI and the Mobile Association of India and 139 organisations from civil society and academia from all over the globe.</p>
<p style="text-align: justify; ">However, the entry of Big tech into the business of framing regulation has raised eyeballs across jurisdictions. In India, the government has attempted to push back on the global private sector due to arguably extractive economic policies adopted by them, alongside the threats they pose to India’s democratic fabric. The Indian government has taken various steps to constrain Big Tech, although some of these policies have been hastily rolled out and fail to address the root of the problem.</p>
<p style="text-align: justify; ">I have identified two regulatory interventions that illustrate this trend. First, on <a class="addbackground" href="https://www.thehindubusinessline.com/opinion/resurrecting-the-marketplace-of-ideas/article26313605.ece">intermediary liability</a>, Rule 3(9) of the Draft of the Information Technology 2018 released by the Ministry of Electronics and Information Technology (MeiTy) last December. The rule follows the footsteps of countries like Germany and France by mandating that platforms use “automated tools or appropriate mechanisms, with appropriate controls, for proactively identifying and removing or disabling public access to unlawful information or content.” These regulations have resulted in criticism from both the private sector and civil society as they fail to address concerns around algorithmic discrimination, excessive censorship and gives the government undue power. Further, the regulations paint all the intermediaries with the same brush, thus not differentiating between platforms such as Whatsapp who thrive on end-to-end encryption and public platforms like Facebook.</p>
<p style="text-align: justify; ">Another source of discord between the government and the private sector has been the government’s localisation mandate, featuring in a slew of policies. Over the past year, the Indian government has <a class="addbackground" href="https://twitter.com/cis_india/status/1143096429298085889">introduced a range of policy instruments</a> which<br />demand that certain kinds of data must be stored in servers located physically within India — termed “<a class="addbackground" href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf">data localization</a>.”</p>
<p style="text-align: justify; ">While this serves <a class="addbackground" href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf">a number of policy objectives</a>, the two which stand out are (1) the presently complex process for Indian law enforcement agencies to access data stored in the U.S. during criminal investigations, and (2) extractive economic models used by U.S. companies operating in India.</p>
<p style="text-align: justify; ">A <a class="addbackground" href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf">study</a> I co-authored earlier this year on the issue found that foreign players and smaller Indian private sector players were against this move due to the high compliance costs in setting up data centres.</p>
<p style="text-align: justify; ">On this question, we <a class="addbackground" href="https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf">recommended a dual approach</a> that involves mandatory sectoral localisation for critical sectors such as defense or payments data while adopting ‘conditional’ localisation for all other data. Under ‘conditional localisation,’<br />data should only be transferred to countries that (1)Agree to share the personal data of Indian citizens with law enforcement authorities based on Indian criminal procedure laws and (2) Have equivalent privacy and security safeguards.</p>
<p style="text-align: justify; ">These two instances demonstrate that it is important for the Indian government to engage with both the domestic and foreign private sector to carve out optimal regulatory interventions that benefit the Indian consumer and the private sector as a whole rather than a few select big players. At the same time, it is important for the private sector to be a responsible stakeholder and comply both with existing laws and accepted norms of ‘good behaviour.’</p>
<p style="text-align: justify; ">Going forward, there is no denying the role of the private sector in the development of emerging technologies. However, a balance must be struck through continued engagement and mutual respect to create a regulatory ecosystem that fosters innovation while respecting the rule of law with every stakeholder – government, private sector and civil society. India’s position could set the trend for other emerging economies coming online and foster a strategic digital ecosystem that works for all<br />stakeholders.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/nextrends-india-arindrajit-basu-august-5-2019-private-sector-and-the-cultivation-of-cyber-norms-in-india'>http://editors.cis-india.org/internet-governance/blog/nextrends-india-arindrajit-basu-august-5-2019-private-sector-and-the-cultivation-of-cyber-norms-in-india</a>
</p>
No publisherbasuCyber SecurityInternet Governance2019-08-07T15:18:27ZBlog Entry