The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 11 to 25.
Why Data Localisation Might Lead To Unchecked Surveillance
http://editors.cis-india.org/internet-governance/blog/bloomberg-quint-pranesh-prakash-october-15-2018-why-data-localisation-might-lead-to-unchecked-surveillance
<b>In recent times, there has been a rash of policies and regulations that propose that the data that Indian entities handle be physically stored on servers in India, in some cases exclusively. In other cases, only a copy needs to be stored.</b>
<p style="text-align: justify; ">The article was published in <a class="external-link" href="https://www.bloombergquint.com/opinion/why-data-localisation-might-lead-to-unchecked-surveillance">Bloomberg Quint</a> on October 15, 2018 and also mirrored in the <a class="external-link" href="https://www.thequint.com/voices/opinion/why-data-localisation-might-lead-to-unchecked-surveillance">Quint</a>.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">In April 2018, the Reserve Bank of India put out a<a href="https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=11244&Mode=0" target="_blank"> circular </a>requiring that all “data relating to payment systems operated by them are stored in a system only in India” <a href="https://www.bloombergquint.com/business/rbi-sticks-to-oct-15-deadline-for-data-localisation" target="_blank">within six months</a>. Lesser requirements have been imposed on all Indian companies’ accounting data since 2014 (the back-up of the books of account and other books that are stored electronically must be stored in India, the broadcasting sector under the Foreign Direct Investment policy, must locally store subscriber information, and the telecom sector under the Unified Access licence, may not transfer their subscriber data outside India).</p>
<p style="text-align: justify; ">The draft e-commerce policy has a wide-ranging requirement of exclusive local storage for “community data collected by Internet of Things devices in public space” and “data generated by users in India from various sources including e-commerce platforms, social media, search engines, etc.”, as does the draft e-pharmacy regulations, which stipulate that “the data generated” by e-pharmacy portals be stored only locally.</p>
<p style="text-align: justify; ">While companies such as Airtel, Reliance, PhonePe (majority-owned by Walmart) and Alibaba, have spoken up in support the government’s data localisation efforts, others like Facebook, Amazon, Microsoft, and Mastercard have led the way in opposing it.</p>
<p style="text-align: justify; ">Just this week, two U.S. Senators <a href="https://www.bloombergquint.com/business/us-senators-write-to-pm-modi-seek-soft-stance-on-indias-data-localisation" target="_blank">wrote to</a> the Prime Minister’s office arguing that the RBI’s data localisation regulations along with the proposals in the draft e-commerce and cloud computing policies are “key trade barriers”. In her dissenting note to the Srikrishna Committee's report, Rama Vedashree of the Data Security Council of India notes that, “mandating localisation may potentially become a trade barrier and the key markets for the industry could mandate similar barriers on data flow to India, which could disrupt the IT-BPM (information technology-business process management) industry.”</p>
<h2 style="text-align: justify; ">Justification For Data Localisation</h2>
<p style="text-align: justify; ">What are the reasons for these moves towards data localisation?</p>
<blockquote style="text-align: justify; ">Given the opacity of policymaking in India, many of the policies and regulations provide no justification at all. Even the ones that do, don’t provide cogent reasoning.</blockquote>
<p style="text-align: justify; ">The RBI says it needs “unfettered supervisory access” and hence needs data to be stored in India. However, it fails to state why such unfettered access is not possible for data stored outside of India.</p>
<blockquote style="text-align: justify; ">As long as an entity can be compelled by Indian laws to engage in local data storage, that same entity can also be compelled by that same law to provide access to their non-local data, which would be just as effective.</blockquote>
<p style="text-align: justify; ">What if they don’t provide such access? Would they be blacklisted from operating in India, just as they would if they didn’t engage in local data storage? Is there any investigatory benefit to storing data in India? As any data forensic expert would note, chain of custody and data integrity are what are most important components of data handling in fraud investigation, and not physical access to hard drives. It would be difficult for the government to say that it will block all Google services if the company doesn’t provide all the data that Indian law enforcement agencies request from it. However, it would be facile for the RBI to bar Google Pay from operating in India if Google doesn’t provide it “unfettered supervisory access” to data.</p>
<p style="text-align: justify; ">The most exhaustive justification of data localisation in any official Indian policy document is that contained in the <a href="http://meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf" target="_blank">Srikrishna Committee’s report</a> on data protection. The report argues that there are several benefits to data localisation:</p>
<ol style="text-align: justify; ">
<li>Effective enforcement,</li>
<li>Avoiding reliance on undersea cables,</li>
<li>Avoiding foreign surveillance on data stored outside India,</li>
<li>Building an “Artificial Intelligence ecosystem”</li>
</ol>
<p style="text-align: justify; ">Of these, the last three reasons are risible.</p>
<h2 style="text-align: justify; ">Not A Barrier To Surveillance</h2>
<p style="text-align: justify; ">Requiring mirroring of personal data on Indian servers will not magically give rise to experts skilled in statistics, machine learning, or artificial intelligence, nor will it somehow lead to the development of the infrastructure needed for AI.</p>
<p style="text-align: justify; ">The United States and China are both global leaders in AI, yet no one would argue that China’s data localisation policies have helped it or that America’s lack of data localisation polices have hampered it.</p>
<blockquote style="text-align: justify; ">On the question of foreign surveillance, data mirroring will not have any impact, since the Srikrishna Committee’s recommendation would not prevent companies from storing most personal data outside of India.</blockquote>
<p style="text-align: justify; ">Even for “sensitive personal data” and for “critical personal data”, which may be required to be stored in India alone, such measures are unlikely to prevent agencies like the U.S. National Security Agency or the United Kingdom’s Government Communications Headquarters from being able to indulge in extraterritorial surveillance.</p>
<p style="text-align: justify; ">In 2013, slides from an NSA presentation that were leaked by Edward Snowden showed that the NSA’s “BOUNDLESSINFORMANT” programme collected 12.6 billion instances of telephony and Internet metadata (for instance, which websites you visited and who all you called) from India in just one month, making India one of the top 5 targets.</p>
<p style="text-align: justify; ">This shows that technically, surveillance in India is not a challenge for the NSA.</p>
<p style="text-align: justify; ">So, forcing data mirroring enhances Indian domestic intelligence agencies’ abilities to engage in surveillance, without doing much to diminish the abilities of skilled foreign intelligence agencies.</p>
<p style="text-align: justify; ">As I have <a href="https://slides.com/pranesh/digital-security-for-journalists#/5/1" target="_blank">noted in the past</a>, the technological solution to reducing mass surveillance is to use decentralised and federated services with built-in encryption, using open standards and open source software.</p>
<p style="text-align: justify; ">Reducing reliance on undersea cables is, just like reducing foreign surveillance on Indians’ data, a laudable goal. However, a mandate of mirroring personal data in India, which is what the draft Data Protection Bill proposes for all non-sensitive personal data, will not help. Data will stay within India if the processing happens within India. However, if the processing happens outside of India, as is often the case, then undersea cables will still need to be relied upon.</p>
<p style="text-align: justify; ">The better way to keep data within India is to incentivise the creation of data centres and working towards reducing the cost of internet interconnection by encouraging more peering among Internet connectivity providers.</p>
<blockquote style="text-align: justify; ">While data mirroring will not help in improving the enforcement of any data protection or privacy law, it will aid Indian law enforcement agencies in gaining easier access to personal data.</blockquote>
<h2 style="text-align: justify; ">The MLAT Route</h2>
<p style="text-align: justify; ">Currently, many forms of law enforcement agency requests for data have to go through onerous channels called ‘mutual legal assistance treaties’. These MLAT requests take time and are ill-suited to the needs of modern criminal investigations. However, the U.S., recognising this, passed a law called the CLOUD Act in March 2018. While the CLOUD Act compels companies like Google and Amazon, which have data stored in Indian data centres, to provide that data upon receiving legal requests from U.S. law enforcement agencies, it also enables easier access to foreign law enforcement agencies to data stored in the U.S. as long as they fulfill certain procedural and rule-of-law checks.</p>
<blockquote style="text-align: justify; ">While the Srikrishna Committee does acknowledge the CLOUD Act in a footnote, it doesn’t analyse its impact, doesn’t provide suggestions on how India can do this, and only outlines the negative consequences of MLATs.</blockquote>
<p style="text-align: justify; ">Further, it is inconceivable that the millions of foreign services that Indians access and provide their personal data to will suddenly find a data centre in India and will start keeping such personal data in India. Instead, a much likelier outcome, one which the Srikrishna Committee doesn’t even examine, is that many smaller web services may find such requirements too onerous and opt to block users from India, similar to the way that Indiatimes and the Los Angeles Times opted to block all readers from the European Union due to the coming into force of the new data protection law.</p>
<p style="text-align: justify; ">The government could be spending its political will on finding solutions to the law enforcement agency data access question, and negotiating solutions at the international level, especially with the U.S. government. However it is not doing so.</p>
<p style="text-align: justify; ">Given this, the recent spate of data localisation policies and regulation can only be seen as part of an attempt to increase the scope and ease of the Indian government’s surveillance activities, while India’s privacy laws still remain very weak and offer inadequate legal protection against privacy-violating surveillance. Because of this, we should be wary of such requirements, as well as of the companies that are vocal in embracing data localisation.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/bloomberg-quint-pranesh-prakash-october-15-2018-why-data-localisation-might-lead-to-unchecked-surveillance'>http://editors.cis-india.org/internet-governance/blog/bloomberg-quint-pranesh-prakash-october-15-2018-why-data-localisation-might-lead-to-unchecked-surveillance</a>
</p>
No publisherpraneshSurveillanceInternet GovernancePrivacy2018-10-16T14:08:34ZBlog EntryCritics of India's ID card project say they have been harassed, put under surveillance
http://editors.cis-india.org/internet-governance/news/reuters-february-13-2018-rahul-bhatia-critics-of-indias-id-card-project-say-they-have-been-harassed-put-under-surveillance
<b>Researchers and journalists who have identified loopholes in India’s massive national identity card project have said they have been slapped with criminal cases or harassed by government agencies because of their work.</b>
<p style="text-align: justify; ">This was published by <a class="external-link" href="https://www.reuters.com/article/us-india-aadhaar-breach/critics-of-indias-id-card-project-say-they-have-been-harassed-put-under-surveillance-idUSKBN1FX0H0">Reuters</a> on February 13, 2018. <span>Reporting by Rahul Bhatia; Editing by Raju Gopalakrishnan</span></p>
<hr />
<p style="text-align: justify; ">Last month, the Unique Identification Authority of India (UIDAI), the semi-government body responsible for the national identity project, called Aadhaar, or “Basis”, filed a criminal case against the Tribune newspaper for publishing a story that said access to the card’s database could be bought for 500 rupees ($7.82).</p>
<p style="text-align: justify; ">Reuters spoke to eight additional researchers, activists and journalists who have complained of being harassed after writing about Aadhaar. They said UIDAI and other government agencies were extremely sensitive to criticism of the Aadhaar programme.</p>
<p style="text-align: justify; ">Aadhaar is a biometric identification card that is becoming integral to the digitisation of India’s economy, with over 1.1 billion users and the world’s biggest database.</p>
<p style="text-align: justify; ">Indians have been asked to furnish their Aadhaar numbers for a host of transactions including accessing bank accounts, paying taxes, receiving subsidies, acquiring a mobile number, settling a property deal and registering a marriage.</p>
<p style="text-align: justify; ">The Tribune said one of its reporters purchased access to a portal that could provide data linked to any Aadhaar cardholder.</p>
<p style="text-align: justify; ">The UIDAI complaint, filed with the police cyber cell in the capital, New Delhi, accused the newspaper, the reporter, and others of cheating by impersonation, forgery and unauthorised access to a computer network.</p>
<p style="text-align: justify; ">Media associations sharply criticised the action - the Editors Guild of India said UIDAI’s move was “clearly meant to browbeat a journalist whose story was of great public interest. It is unfair, unjustified and a direct attack on the freedom of the press.”</p>
<p style="text-align: justify; ">In response, the agency said “an impression was being created in media that UIDAI is targeting the media or whistleblowers or shooting the messenger.”</p>
<p style="text-align: justify; ">“That is not at all true. It is for the act of unauthorised access, criminal proceedings have been launched,” it said in a statement.</p>
<p style="text-align: justify; ">Osama Manzar, the director of the Digital Empowerment Foundation, a New Delhi-based NGO, called the government’s prickliness “a clear sign that rather than it wanting to learn how to make Aadhaar a tool of empowerment, it actually wants to use it as a coercive tool of disempowerment”.</p>
<h3 style="text-align: justify; ">Data Leakage</h3>
<p style="text-align: justify; ">Last May, the Centre for Internet and Society (CIS), an independent Indian advocacy group, published a report that government websites had inadvertently leaked several million identification numbers from the project.</p>
<p style="text-align: justify; ">UIDAI sent the CIS a legal notice within days, said Srinivas Kodali, one of the authors of the report.</p>
<p style="text-align: justify; ">The notice alleged that some of the data cited in the report would only be available if the site had been accessed illegally. The UIDAI wrote that the people involved had to be “brought to justice.”</p>
<p style="text-align: justify; ">According to Kodali, two more notices followed, addressed to the group’s directors and two researchers, containing more accusations. “They said it was a criminal conspiracy, and demanded that we send individual responses,” he said.</p>
<p style="text-align: justify; ">CIS then received questions about its funding from the home ministry section that grants NGOs permission to receive foreign funding, said a source in the group who saw the letter. CIS viewed this as a threat to its funding, the source said. CIS declined to comment on the notices or on the questions about funding.</p>
<p style="text-align: justify; ">UIDAI did not reply to multiple e-mails seeking comment on the accusations about CIS and similar complaints by other activists and journalists, and officials could not be reached by phone. Officials at the Ministry of Information Technology that supervises UIDAI were unreachable by phone.<br />In a column in the Economic Times newspaper in January, Ajay Pandey, the head of the UIDAI, wrote: “The data of all Aadhaar holders is safe and secure. One should not believe rumours or claims made on its so-called ‘breach’.”</p>
<p style="text-align: justify; ">R.S. Sharma, the head of India’s telecom regulatory body, said there was an “orchestrated campaign” against Aadhaar as it was against the interests of those who operated in the shadow economy with fictitious names, or were skimming off subsidies.</p>
<p style="text-align: justify; ">“It is going to clean up many systems,” Sharma told a television channel last month. “That’s probably one of the reasons why people realise that this is now becoming too difficult or too dangerous for them.”</p>
<h3 style="text-align: justify; ">That trip to Turkey</h3>
<p style="text-align: justify; ">A Bangalore researcher who contributed to the CIS report said scrutiny by police and government officials was a common occurrence, but harassment was stepped up after it was published.</p>
<p style="text-align: justify; ">“Sometimes people from the police station visit you. Other times from the Home Ministry. It was intimidating,” the researcher said.</p>
<p style="text-align: justify; ">The person, who asked not to be named for fear of reprisal, said police officers asked questions like “How was that trip to Turkey?',” to make it clear the subjects were under surveillance.</p>
<p style="text-align: justify; ">When Sameer Kochhar, a social scientist and author of books on Aadhaar, demonstrated how the system’s biometrics safeguards could be bypassed last year, UIDAI filed a police report in New Delhi, a person familiar with the matter said.</p>
<p style="text-align: justify; ">Subsequently, Kochhar received at least three notices from the Delhi Police alleging that he had violated 14 sections under three separate laws, the person said.</p>
<p style="text-align: justify; ">Kochhar’s lawyer declined comment. Delhi Police officials declined comment.</p>
<p style="text-align: justify; ">Critics have warned Aadhaar could be used as an instrument of state surveillance while data security and privacy regulations are still to be framed.</p>
<p style="text-align: justify; ">Former central bank governor Raghuram Rajan said last month that the government needed to prove it would protect the privacy of Aadhaar.</p>
<p style="text-align: justify; ">“I do think that we have to assure the public that their data is safe,” Rajan said. “All these reports about easy availability of data are worrying and we have to ensure security. We cannot just say trust us, trust us, it’s all secure.”</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/reuters-february-13-2018-rahul-bhatia-critics-of-indias-id-card-project-say-they-have-been-harassed-put-under-surveillance'>http://editors.cis-india.org/internet-governance/news/reuters-february-13-2018-rahul-bhatia-critics-of-indias-id-card-project-say-they-have-been-harassed-put-under-surveillance</a>
</p>
No publisherAdminInternet GovernanceSurveillance2018-02-24T07:50:55ZNews ItemParanoid about state surveillance? Here’s the FD Guide to living in the age of snoops
http://editors.cis-india.org/internet-governance/news/factor-daily-sriram-sharma-december-12-2017-paranoid-about-state-surveillance-here-s-the-fd-guide-to-living-in-the-age-of-snoops
<b>The US does it, so does China. Ever since Edward Snowden’s revelations back in 2013, which exposed the extent of the US’s global surveillance apparatus, the public has been fairly clued into the extent of mass surveillance.</b>
<p style="text-align: justify; ">The blog post by Sriram Sharma was published in Factor Daily on December 12, 2017</p>
<p style="text-align: justify; ">It doesn’t take a conspiracy theorist to worry that India does it (or wants to), too, especially with the high decibel campaigns by banks, telecom service providers and others to have Indians link Aadhaar, the unique citizen ID, to multiple services.</p>
<p style="text-align: justify; ">If you want a dystopian picture of the future of surveillance, look no further than China, considered the world’s worst abuser of internet freedom for the third year in a row, according to the new Freedom House, a US-based NGO that conducts research and analysis on the internet. With a <a href="https://freedomhouse.org/report/freedom-net/2017/china" rel="noopener nofollow external noreferrer" target="_blank">score of 87/100</a> (higher is worse), the Chinese state is renowned for its Great Firewall, which filters access to the wider internet. “Digital activism has declined amid growing legal and technical restrictions as well as heavy prison sentences against prominent civil society figures,” the latest Freedom House report notes.</p>
<p style="text-align: justify; "><img class="size-full wp-image-12235" height="396" src="https://i0.wp.com/factordaily.com/wp-content/uploads/2017/12/freedom-of-net-india-2017.jpg?resize=660%2C416&ssl=1" width="629" /></p>
<p style="text-align: justify; ">India is rated “Partly Free” with a score of 41/100 (lower is better) in Freedom House’s 2017 report on internet freedom</p>
<p style="text-align: justify; ">While it’s a long way away from China, India scores <a href="https://freedomhouse.org/report/freedom-net/2017/india" rel="noopener nofollow external noreferrer" target="_blank">41/100</a> on Internet Freedom in 2017 but is still considered only ‘partly free’ owing to blocking of internet and telecom service providers in Kashmir and detainment of citizens for expressing their views online. The India report from Freedom House highlights Aadhaar’s mandatory linking for a wide range of schemes and records concerns regarding its privacy and security implications.</p>
<p style="text-align: justify; ">In this guide, we take a look at the why, what and how of India’s surveillance apparatus, the legal provisions in the Indian constitution that enables them, ask domain experts to provide us with tips on living in an age of state surveillance. We also take a look at a variety of widely used tools and apps that help you countering state surveillance or tracking of any kind.</p>
<p style="text-align: justify; "><b>Know your Big Brother: India’s State Surveillance Programs </b></p>
<p style="text-align: justify; ">Right to privacy organisation Privacy International has a detailed dossier on the <a href="https://www.privacyinternational.org/node/975#toc-4" rel="noopener nofollow external noreferrer" target="_blank">state of privacy in India</a>, which examines India’s surveillance schemes, laws around interception and access, and central intelligence agencies that carry out surveillance. Apart from the state police and the army, surveillance is carried out at least 16 different intelligence agencies, it notes.</p>
<p style="text-align: justify; ">The Centre for Internet and Society (CIS) and Software Freedom Law Centre (SFLC) have done extensive research in the past on India’s surveillance apparatus. Earlier <a href="https://cis-india.org/internet-governance/blog/the-design-technology-behind-india2019s-surveillance-programmes" rel="noopener nofollow external noreferrer" target="_blank">this year</a>, CIS reported on the various programs and tech infrastructure behind India’s surveillance state: these include Central Monitoring System (CMS), National Intelligence Grid (NATGRID), Network Traffic Analysis System (NETRA), etc. An earlier <a href="https://cis-india.org/internet-governance/blog/surveillance-industry-india.pdf" rel="noopener nofollow external noreferrer" target="_blank">CIS report</a> highlights a boom in surveillance tech in India following the 26/11 terror attacks in Mumbai.</p>
<p style="text-align: justify; ">Based on an RTI (Right to Information) filing, SFLC’s <a href="https://www.sflc.in/indias-surveillance-state-our-report-on-communications-surveillance-in-india" rel="noopener nofollow external noreferrer" target="_blank">2014 report</a> on India’s Surveillance State reveals that around 7,500 to 9,000 telephone interception orders are issued by the central government alone each month. State surveillance of citizens’ private communications is authorised by laws that let them monitor phone calls, texts, e-mails and Internet activity on a number of broadly worded grounds such as such as ‘security of the state’, ‘defence of India’, and ‘public safety’.</p>
<p style="text-align: justify; ">The Government of India is also known to said to work with private third parties, some of which go so far as to infect target devices using malicious software to extract information on the subject. A 2013 Citizen Lab report titled ‘<a href="https://citizenlab.ca/storage/finfisher/final/fortheireyesonly.pdf" rel="noopener nofollow external noreferrer" target="_blank">The Commercialisation of Digital Spying</a>’ found command and control servers (used to control the host system) for FinFisher (a remote computer monitoring software suite) in India. A Wikileaks <a href="https://gadgets.ndtv.com/internet/news/upa-was-client-of-controversial-italian-spyware-firm-claim-leaked-mails-713879" rel="noopener nofollow external noreferrer" target="_blank">expose in 2015</a> dumped over a million emails belonging to Italian surveillance malware vendor HackingTeam. The emails revealed how India’s top intelligence agencies and the government expressed interest in buying Hacking Team’s malware interception tools.</p>
<h3 style="text-align: justify; ">Fears of an Aadhaar Surveillance State</h3>
<p style="text-align: justify; ">Thejesh G N, an infoactivist wrote in <i>FactorDaily</i> about <a href="https://factordaily.com/hyderabad-police-surveillance-integrated-information-hub/">Hyderabad’s surveillance hub</a>, which wants to collect all manner of details. Aadhaar is one of the primary keys to matching profiles with external data sources, he notes.</p>
<p style="text-align: justify; "><img class="size-full wp-image-12230" height="457" src="https://i2.wp.com/factordaily.com/wp-content/uploads/2017/12/Aadhaar_Surveillance_infographic.jpg?resize=660%2C480&ssl=1" width="629" /></p>
<p style="text-align: justify; "> </p>
<p style="text-align: justify; "> </p>
<p style="text-align: justify; "><figure class="aligncenter wp-caption" id="attachment_12230">A look at data points gathered by Hyderabad’s Integrated Information Hub</figure></p>
<p style="text-align: justify; "> </p>
<p style="text-align: justify; "> </p>
<p style="text-align: justify; ">“The end product shows on a map where you live, what you consume, did you take PDS, move to some other place, your mobile number, gender… there’s a lot of data in the hands of the very lowest level of government, which doesn’t have any protection as by a parliamentary committee or anything like that. It’s run by bureaucrats, so that has huge implications,” he says. “If you see Citizen Four (a 2014 documentary about Edward Snowden), it shows a similar system, where you enter one’s SSN, and it shows everything you have done, and are planning to do. We are building the same system…Governments change, today we might have a good government, tomorrow we might have the worst possible government on the planet.”</p>
<p style="text-align: justify; ">Pranesh Prakash, Policy Director of CIS says he doesn’t regard Aadhaar as a surveillance project. “I see Aadhaar as something that can facilitate surveillance, but by and of itself, it isn’t surveillance,” he says, adding that it does so in a non-consensual manner. “By having Aadhaar numbers across multiple databases, you make surveillance easier. But you need to tie it up to a surveillance system. For instance, Aadhaar without NATGRID isn’t surveillance, but Aadhaar with NATGRID can be helpful for surveillance.” NATGRID (National Intelligence Grid) was first proposed in late 2009 following 26/11 attacks by the Union Home Minister, to enhance India’s counter-terror capabilities. It links 21 citizen databases for access to intelligence/enforcement agencies.</p>
<p style="text-align: justify; "><img class="size-full wp-image-12236" height="354" src="https://i1.wp.com/factordaily.com/wp-content/uploads/2017/12/screenshot.jpg?resize=660%2C371&ssl=1" width="629" /></p>
<p style="text-align: justify; ">Ongrid’s website earlier had this visualisation depicting its verification service, which made privacy advocates cringe. Source: Twitter.</p>
<p style="text-align: justify; ">We discussed some worst-case scenarios around the commercial use of Aadhaar and India Stack companies with Thejesh. “Let’s say there’s a screening company and they have your Aadhaar ID. They will send it to Airtel, or Vodafone, and ask for a list of all the websites you have viewed. Maybe you’ve watched porn or something, at some point in your life, and that could hurt your employment,” he says.</p>
<h2 style="text-align: justify; "><b>Curbing your data exhaust</b></h2>
<p style="text-align: justify; ">The EFF (Electronic Frontier Foundation) has published a number of<a href="https://www.eff.org/deeplinks/2013/10/ten-steps-against-surveillance" rel="noopener nofollow external noreferrer" target="_blank"> useful articles</a> and<a href="https://ssd.eff.org/en" rel="nofollow external noopener noreferrer"> resources</a> for countering internet surveillance. Recommendations include using end-to-end encryption through tools such as OTR (a messaging protocol available on Adium),<a href="https://ssd.eff.org/en/module/how-use-pgp-mac-os-x" rel="noopener nofollow external noreferrer" target="_blank"> PGP</a> (to exchange secure emails), and Signal (messenger).</p>
<p style="text-align: justify; ">Other useful tips:</p>
<h2 style="text-align: justify; "><b>Use VPNs </b><b><br /> </b></h2>
<p style="text-align: justify; ">VPNs (virtual private networks) use encryption protocols and secure tunneling techniques to keep your internet activity impervious to snooping. With a VPN, you can bypass ISP restrictions on blocked websites or access services (Spotify) not available in your country, making it appear that you are browsing from another part of the world. Keep in mind that you can still be outed by your VPN provider, so it’s important to choose one that respects your privacy. There are hundreds of VPN service providers to choose from, <a href="https://thatoneprivacysite.net/vpn-comparison-chart/" rel="noopener nofollow external noreferrer" target="_blank">That One Privacy Guy</a> maintains a detailed comparison chart of over a hundred VPN providers, with details on jurisdiction, price, ethics, logging policies, VPN protocols supported, and more. Out of these, the country that the VPN provider is based in is a key filter: you don’t want to choose a VPN service based out of the ‘<a href="https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/" rel="noopener nofollow external noreferrer" target="_blank">14 eyes</a>‘, as they are known to do mass surveillance.</p>
<h2 style="text-align: justify; "><b>Use TOR</b></h2>
<p style="text-align: justify; ">Tor, an acronym for ‘The Onion Router’, is a free app that lets you anonymise your online communication by directing a web browser’s traffic through a volunteer-run network of thousands of servers. It is funded by the US-based National Science Foundation, Mozilla, and Open Technology Fund, among others. Tor is <a href="https://www.torproject.org/download/download-easy.html.en" rel="noopener nofollow external noreferrer" target="_blank">available for download</a> on Windows, Mac, Linux, and Android.</p>
<p style="text-align: justify; "><img class="wp-image-12257 size-full" height="579" src="https://i0.wp.com/factordaily.com/wp-content/uploads/2017/12/tor-web-browser.jpg?resize=660%2C607&ssl=1" width="629" /></p>
<p style="text-align: justify; "><figure class="aligncenter wp-caption" id="attachment_12257">Browsing on Tor can be far slower than a regular web browser, but it keeps you anonymous.</figure></p>
<h2 style="text-align: justify; "><b>Encrypt your storage</b></h2>
<p style="text-align: justify; ">It’s now a default feature on your phone, or computer, so there’s no reason why you shouldn’t make use of it. To check if it is turned on in Windows 10, Go to Settings > System > About, and look for a “Device encryption” setting at the bottom of the About tab. Keep in mind that you need to sign into Windows with a Microsoft account <a href="http://www.independent.co.uk/news/edward-snowden-claims-microsoft-collaborated-with-nsa-and-fbi-to-allow-access-to-user-data-8705755.html" rel="noopener nofollow external noreferrer" target="_blank">to enable this setting</a>, so it’s likely that the NSA or FBI might be able to bypass it.</p>
<p style="text-align: justify; ">On a Mac, you turn on full-disk encryption through FileVault, accessible in > System Preferences > Security & Privacy.</p>
<p style="text-align: justify; ">On an iPhone, data protection is enabled once you set up a passcode on your device.</p>
<p style="text-align: justify; ">Android 5.0 and above devices support full-disk encryption. If it isn’t turned on by default on your device, you can turn on encryption under the Security menu.</p>
<p style="text-align: justify; ">Sensitive documents can also be encrypted using <a href="http://truecrypt.sourceforge.net" rel="noopener nofollow external noreferrer" target="_blank">TrueCrypt</a>. Though you must keep in mind that key disclosure laws apply in India, under the Section 69 of the <a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20(amendment).pdf" rel="noopener nofollow external noreferrer" target="_blank">Information Technology Act</a>, which states that there’s a seven-year prison sentence for failing to assist the central and state governments in decrypting information on a computer resource.</p>
<h2 style="text-align: justify; "><b>Use an air-gapped PC</b></h2>
<p style="text-align: justify; ">An air-gapped PC is one that is not connected to the internet or to any computers that are connected to the internet. Air-gapped PCs are typically used when handling critical infrastructure, and this is an extreme measure one can take when working with sensitive data that you don’t want to be leaked.</p>
<h2 style="text-align: justify; "><b>Use</b><a href="https://www.eff.org/https-everywhere" rel="noopener nofollow external noreferrer" target="_blank"> <b>HTTPS everywhere</b></a></h2>
<p style="text-align: justify; ">HTTPS Everywhere offers plugins for Firefox, Chrome, and Opera, and turns every link you open or key in, to a secure version of the HTTP protocol, which is encrypted by Transport Layer Security (TLS). The tool protects you from eavesdropping or tampering with the site you are visiting, but only works on sites that support HTTPS. Keep in mind that this tool won’t conceal the sites you have accessed from eavesdroppers but it won’t reveal the specific URL that you visited.</p>
<h2 style="text-align: justify; "><b>Turn on Advanced Protection in Gmail</b></h2>
<p style="text-align: justify; ">If you trust Gmail with your data, take the relationship to the next level with <a href="https://landing.google.com/advancedprotection/" rel="noopener nofollow external noreferrer" target="_blank">Advanced Protection</a>, which safeguards your account against phishing attacks, limits access to trusted apps, and adds extra verification features to block fraudulent account access. You will need a <a href="https://myaccount.google.com/advanced-protection/enroll/details?pli=1" rel="noopener nofollow external noreferrer" target="_blank">Bluetooth key and a USB key</a> to turn this feature on.</p>
<h2 style="text-align: justify; "><b>Some other don’ts</b></h2>
<ul style="text-align: justify; ">
<li>Don’t leave any cameras open. Tape them up if you are a potential surveillance target.</li>
<li>Don’t use freemium apps, which trade in your privacy. A recent example of a<a href="http://www.zdnet.com/article/popular-virtual-keyboard-leaks-31-million-user-data/" rel="noopener nofollow external noreferrer" target="_blank"> worst-case scenario</a>.</li>
<li>Don’t send any data via free email services that you would like to keep private.</li>
<li>Don’t use Google or Facebook, as Snowden says, if you value your privacy. Don’t take our <a href="https://techcrunch.com/2014/10/11/edward-snowden-new-yorker-festival/" rel="noopener nofollow external noreferrer" target="_blank">word for it</a>.</li>
</ul>
<p style="text-align: justify; ">As for Aadhaar, Thejesh says that there isn’t much one can do as it is forcibly linked to many essential services. He recommends using different email ids for official work and unofficial work. “Use one email ID for Aadhaar and mobile related accounts, and use the other one for regular communication. It separates the accounts from surveillance and adds a layer of security,” he says. “Don’t use Aadhaar until is necessary. If you use Aadhaar and you are not in a mood to resist everything, then don’t use it where it is not required. Don’t use it like a regular address proof,” he adds.</p>
<p style="text-align: justify; ">If you are already an Aadhaar holder, it makes sense to use the biometric locking system provided by UIDAI on <a href="https://resident.uidai.gov.in/biometric-lock" rel="noopener nofollow external noreferrer" target="_blank">its website</a> to protect against identity theft and unauthorised access. The biometric locking feature sends an OTP code to your registered mobile number to unlock or disable the locking system.</p>
<p style="text-align: justify; ">If someone is concerned about surveillance, CIS’s Prakash recommends not having a cell phone. “The cellphone is the single largest means of data gathering about you,” he says.</p>
<p style="text-align: justify; ">Surveillance can take many forms: it can be physical or off-the-air surveillance (an interception technique used to snoop on phone calls), he points out.</p>
<p style="text-align: justify; "><figure class="aligncenter wp-caption" id="attachment_12232"><img class="size-full wp-image-12232" height="415" src="https://i2.wp.com/factordaily.com/wp-content/uploads/2017/12/surveillance-cctv.jpg?resize=660%2C436&ssl=1" width="629" />A CCTV camera fitted on top of a Hyderabad Police vehicle</figure></p>
<p style="text-align: justify; ">Surveillance is not always bad: medical surveillance, for instance, an entire field around the spread of diseases, is necessary, Prakash clarifies. “Even state surveillance for national security purposes is absolutely necessary. A nation-state can’t survive without surveillance so I am quite clear that those who oppose all forms of surveillance are opposing all kinds of rights – because you can’t have rights without security. And indeed, individual security is a human right guaranteed under the Universal Declaration of Human Rights and guaranteed in Article 21 of the Indian Constitution. Without security of the person, you can’t have the right to freedom of speech, you can’t enjoy the right to privacy… If you’re in a state of war or in a state of terror, then you can’t enjoy rights – so clearly for me, surveillance is necessary,” he says.</p>
<p style="text-align: justify; ">That said, surveillance in India is highly problematic as the laws and the democratic framework for surveillance is very weak, and enforcement of that framework is even worse, Prakash adds. “One of the best ways of countering surveillance, I would suggest, is to actually demand a democratic framework for surveillance in India. Demand that your MLA and MP take up this issue at the state and central level… and that we have a democratic framework for both our intelligence agencies and for all the surveillance that is conducted by the state in India,” he says.</p>
<p style="text-align: justify; ">He calls everything else – “the technological stuff, using anonymising networks, end-to-end encryption” – a second order issue. “It can help you as an individual, but it doesn’t help us as a society.”</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/factor-daily-sriram-sharma-december-12-2017-paranoid-about-state-surveillance-here-s-the-fd-guide-to-living-in-the-age-of-snoops'>http://editors.cis-india.org/internet-governance/news/factor-daily-sriram-sharma-december-12-2017-paranoid-about-state-surveillance-here-s-the-fd-guide-to-living-in-the-age-of-snoops</a>
</p>
No publisherAdminInternet GovernanceSurveillance2017-12-16T13:38:46ZNews ItemHow Aadhaar compromises privacy? And how to fix it?
http://editors.cis-india.org/internet-governance/blog/hindu-op-ed-sunil-abraham-march-31-2017-how-aadhaar-compromises-privacy-and-how-to-fix-it
<b>Aadhaar is mass surveillance technology. Unlike targeted surveillance which is a good thing, and essential for national security and public order – mass surveillance undermines security. And while biometrics is appropriate for targeted surveillance by the state – it is wholly inappropriate for everyday transactions between the state and law abiding citizens. </b>
<p style="text-align: justify; ">The op-ed was published in the <a class="external-link" href="http://www.thehindu.com/opinion/op-ed/is-aadhaar-a-breach-of-privacy/article17745615.ece">Hindu</a> on March 31, 2017.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">When assessing a technology, don't ask - “what use is it being put to today?”. Instead, ask “what use can it be put to tomorrow and by whom?”. The original noble intentions of the Aadhaar project will not constrain those in the future that want to take full advantage of its technological possibilities. However, rather than frame the surveillance potential of Aadhaar in a negative tone as three problem statements - I will propose three modifications to the project that will reduce but not eliminate its surveillance potential.</p>
<p style="text-align: justify; "><b>Shift from biometrics to smart cards:</b><span> In January 2011, the Centre for Internet and Society had written to the parliamentary finance committee that was reviewing what was then called the “National Identification Authority of India Bill 2010”. We provided nine reasons for the government to stop using biometrics and instead use an open smart card standard. Biometrics allows for identification of citizens even when they don't want to be identified. Even unconscious and dead citizens can be identified using biometrics. Smart cards, on the other hand, require pins and thus citizens' conscious cooperation during the identification process. Once you flush your smart cards down the toilet nobody can use them to identify you. Consent is baked into the design of the technology. If the UIDAI adopts smart cards, we can destroy the centralized database of biometrics just like the UK government did in 2010 under Theresa May's tenure as Home Secretary. This would completely eliminate the risk of foreign governments, criminals and terrorists using the biometric database to remotely, covertly and non-consensually identify Indians.</span></p>
<p style="text-align: justify; "><b>Destroy the authentication transaction database:</b><span> The Aadhaar Authentication Regulations 2016 specifies that transaction data will be archived for five years after the date of the transaction. Even though the UIDAI claims that this is a zero knowledge database from the perspective of “reasons for authentication”, any big data expert will tell you that it is trivial to guess what is going on using the unique identifiers for the registered devices and time stamps that are used for authentication. That is how they put Rajat Gupta and Raj Rajratnam in prison. There was nothing in the payload ie. voice recordings of the tapped telephone conversations – the conviction was based on meta-data. Smart cards based on open standards allow for decentralized authentication by multiple entities and therefore eliminate the need for a centralized transaction database.</span></p>
<p style="text-align: justify; "><b>Prohibit the use of Aadhaar number in other databases:</b><span> We must, as a nation, get over our obsession with Know Your Customer [KYC] requirements. For example, for SIM cards there is no KYC requirement is most developed countries. Our insistence on KYC has only resulted in retardation of Internet adoption, a black market for ID documents and unnecessary wastage of resources by telecom companies. It has not prevented criminals and terrorists from using phones. Where we must absolutely have KYC for the purposes of security, elimination of ghosts and regulatory compliance – we must use a token issued by UIDAI instead of the Aadhaar number itself. This would make it harder for unauthorized parties to combine databases while at the same time, enabling law enforcement agencies to combine databases using the appropriate authorizations and infrastructure like NATGRID. The NATGRID, unlike Aadhaar, is not a centralized database. It is a standard and platform for the express assembly of sub-sets of up to 20 databases which is then accessed by up to 12 law enforcement and intelligence agencies.</span></p>
<p style="text-align: justify; "><span>To conclude, even as a surveillance project – Aadhaar is very poorly designed. The technology needs fixing today, the law can wait for tomorrow.</span></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/hindu-op-ed-sunil-abraham-march-31-2017-how-aadhaar-compromises-privacy-and-how-to-fix-it'>http://editors.cis-india.org/internet-governance/blog/hindu-op-ed-sunil-abraham-march-31-2017-how-aadhaar-compromises-privacy-and-how-to-fix-it</a>
</p>
No publishersunilSurveillanceAadhaarInternet GovernancePrivacy2017-04-01T07:00:06ZBlog EntrySurveillance in India: Policy and Practice
http://editors.cis-india.org/internet-governance/news/surveillance-in-india-policy-and-practice
<b>The National Institute of Public Finance and Policy organized a brainstorming session on net neutrality on February 8, 2017 and a public seminar on surveillance in India the following day on February 9, 2017 in New Delhi. Pranesh Prakash gave a talk. </b>
<p style="text-align: justify; ">Pranesh presented a narrative of the current state of surveillance law, our knowledge of current surveillance practices (including noting where programmes like Natgrid, CMS, etc. fit in), and charted a rough map of reforms needed and outstanding policy research questions.</p>
<h3 style="text-align: justify; ">Pranesh Prakash</h3>
<p style="text-align: justify; ">Pranesh Prakash is a Policy Director at - and was part of the founding team of - the Centre for Internet and Society, a non-profit organisation that engages in research and policy advocacy. He is also the Legal Lead at Creative Commons India and an Affiliated Fellow at the Yale Law School's Information Society Project, and has been on the Executive Committee of the NCUC at ICANN. In 2014, he was selected by Forbes India for its inaugural "30 under 30" list of young achievers, and in 2012 he was recognized as an Internet Freedom Fellow by the U.S. government.</p>
<p style="text-align: justify; ">His research interests converge at the intersections of technology, culture, economics, law, and justice. His current work focuses on interrogating, promoting, and engaging with policymakers on the areas of access to knowledge (primarily copyright reform), 'openness' (including open government data, open standards, free/libre/open source software, and open access), freedom of expression, privacy, digital security, and Internet governance. He is a prominent voice on these issues, with the newspaper Mint calling him “one of the clearest thinkers in this area”, and his research having been quoted in the Indian parliament. He regularly speaks at national and international conferences on these topics. He has a degree in arts and law from the National Law School in Bangalore, and while there he helped found the Indian Journal of Law and Technology, and was part of its editorial board for two years.</p>
<p style="text-align: justify; "><a class="external-link" href="http://cis-india.org/internet-governance/files/workshop-on-net-neutrality">Click here</a> to see the agenda for the brainstorming session on net neutrality.</p>
<hr />
<h3>Video <br /> <iframe frameborder="0" height="315" src="https://www.youtube.com/embed/6KfyQ7y6TNE" width="560"></iframe></h3>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/surveillance-in-india-policy-and-practice'>http://editors.cis-india.org/internet-governance/news/surveillance-in-india-policy-and-practice</a>
</p>
No publisherpraskrishnaVideoNet NeutralityInternet GovernanceSurveillance2017-03-15T01:05:07ZNews ItemThe Design & Technology behind India’s Surveillance Programmes
http://editors.cis-india.org/internet-governance/blog/the-design-technology-behind-india2019s-surveillance-programmes
<b>There has been an exponential growth in the pervasive presence of technology in the daily lives of an average Indian citizen over the past few years. While leading to manifold increase in convenience and connectivity, these technologies also allow for far greater potential for surveillance by state actors.</b>
<p style="text-align: justify; ">While the legal and policy avenues of state surveillance in India have been analysed by various organisations, there is very little available information about the technology and infrastructure used to carry out this surveillance. This appears to be largely, according to the government, due to reasons of national security and sovereignty.<a href="#_ftn1" name="_ftnref1"><sup>[1]</sup></a> This blog post will attempt to paint a picture of the technological infrastructure being used to carry out state surveillance in India.</p>
<p style="text-align: justify; "><b>Background</b><br /> The revelations by Edward Snowden about mass surveillance in mid-2013 led to an explosion of journalistic interest in surveillance and user privacy in India.<a href="#_ftn2" name="_ftnref2"><sup>[2]</sup></a> The reports and coverage from this period, leading up to early 2015, serve as the main authority for the information presented in this blog post. The lack of information from official government sources as well as decreasing public spotlight on surveillance since that point of time generally have both led to little or no new information turning up about India’s surveillance regime since this period. However, given the long term nature of these programmes and the vast amounts of time it takes to set them up, it is fairly certain that the programmes detailed below are still the primary bedrock of state surveillance in the country, albeit having become operational and inter-connected only in the past 2 years.</p>
<p style="text-align: justify; ">The technology being used to carry out surveillance in India over the past 5 years is largely an upgraded, centralised and substantially more powerful version of the surveillance techniques followed in India since the advent of telegraph and telephone lines: the tapping & recording of information in transit.<a href="#_ftn3" name="_ftnref3"><sup>[3]</sup></a> The fact that all the modern surveillance programmes detailed below have not required any new legislation, law, amendment or policy that was not already in force prior to 2008 is the most telling example of this fact. The legal and policy implication of the programmes illustrated below have been covered in previous articles by the Centre for Internet & Society which can be found here,<a href="#_ftn4" name="_ftnref4"><sup>[4]</sup></a> here<a href="#_ftn5" name="_ftnref5"><sup>[5]</sup></a> and here.<a href="#_ftn6" name="_ftnref6"><sup>[6]</sup></a> Therefore, this post will solely concentrate on the technological design and infrastructure being used to carry out surveillance along with any new developments in this field that the three source mentioned would not have covered from a technological perspective.</p>
<p style="text-align: justify; "><b>The Technology Infrastructure behind State Surveillance in India</b></p>
<p style="text-align: justify; ">The programmes of the Indian Government (in public knowledge) that are being used to carry out state surveillance are broadly eight in number. These exclude specific surveillance technology being used by independent arms of the government, which will be covered in the next section of this post. Many of the programmes listed below have overlapping jurisdictions and in some instances are cross-linked with each other to provide greater coverage:</p>
<ol style="text-align: justify; ">
<li>Central Monitoring System (CMS)</li>
<li>National Intelligence Grid (NAT-GRID)</li>
<li>Lawful Intercept And Monitoring Project (LIM)</li>
<li>Crime and Criminal Tracking Network & Systems (CCTNS)</li>
<li>Network Traffic Analysis System (NETRA)</li>
<li>New Media Wing (Bureau of New and Concurrent Media)</li>
</ol>
<p style="text-align: justify; ">The post will look at the technological underpinning of each of these programmes and their operational capabilities, both in theory and practice.</p>
<p style="text-align: justify; "><b>Central Monitoring System (CMS)</b></p>
<p style="text-align: justify; ">The Central Monitoring System (CMS) is the premier mass surveillance programme of the Indian Government, which has been in the planning stages since 2008<a href="#_ftn7" name="_ftnref7"><sup>[7]</sup></a> Its primary goal is to replace the current on-demand availability of analog and digital data from service providers with a “central and direct” access which involves no third party between the captured information and the government authorities.<a href="#_ftn8" name="_ftnref8"><sup>[8]</sup></a> While the system is currently operated by the Centre for Development of Telematics, the unreleased three-stage plan envisages a centralised location (physically and legally) to govern the programme. The CMS is primarily operated by Telecom Enforcement and Resource Monitoring Cell (TERM) within the Department of Telecom, which also has a larger mandate of ensuring radiation safety and spectrum compliance.</p>
<p style="text-align: justify; ">The technological infrastructure behind the CMS largely consists of Telecom Service Providers (TSPs) and Internet Service Providers (ISPs) in India being mandated to integrate Interception Store & Forward (ISF) servers with their Lawful Interception Systems required by their licences. Once these ISF servers are installed they are then connected to the Regional Monitoring Centres (RMC) of the CMS, setup according to geographical locations and population. Finally, Regional Monitoring Centre (RMC) in India is connected to the Central Monitoring System (CMS) itself, essentially allowing the collection, storage, access and analysis of data collected from all across the country in a centralised manner. The data collected by the CMS includes voice calls, SMS, MMS, fax communications on landlines, CDMA, video calls, GSM and even general, unencrypted data travelling across the internet using the standard IP/TCP Protocol.<a href="#_ftn9" name="_ftnref9"><sup>[9]</sup></a></p>
<p style="text-align: justify; ">With regard to the analysis of this data, Call Details Records (CDR) analysis, data mining, machine learning and predictive algorithms have been allegedly implemented in various degrees across this network.<a href="#_ftn10" name="_ftnref10"><sup>[10]</sup></a> This allows state actors to pre-emptively gather and collect a vast amount of information from across the country, perform analysis on this data and then possibly even take action on the basis of this information by directly approaching the entity (currently the TERM under C-DOT) operating the system. <a href="#_ftn11" name="_ftnref11"><sup>[11]</sup></a> The system has reached full functionality in mid 2016, with over 22 Regional Monitoring Centres functional and the system itself being ‘switched on’ post trials in gradual phases.<a href="#_ftn12" name="_ftnref12"><sup>[12]</sup></a></p>
<p style="text-align: justify; "><b>National Intelligence Grid (NATGRID)</b></p>
<p style="text-align: justify; ">The National Intelligence Grid (NATGRID) is a semi-functional<a href="#_ftn13" name="_ftnref13"><sup>[13]</sup></a> integrated intelligence grid that links the stored records and databases of several government entities in order to collect data, decipher trends and provide real time (sometimes even predictive) analysis of data gathered across law enforcement, espionage and military agencies. The programme intends to provide 11 security agencies real-time access to 21 citizen data sources to track terror activities across the country. The citizen data sources include bank account details, telephone records, passport data and vehicle registration details, the National Population Register (NPR), the Immigration, Visa, Foreigners Registration and Tracking System (IVFRT), among other types of data, all of which are already present within various government records across the country.<a href="#_ftn14" name="_ftnref14"><sup>[14]</sup></a></p>
<p style="text-align: justify; ">Data mining and analytics are used to process the huge volumes of data generated from the 21 data sources so as to analyse events, match patterns and track suspects, with big data analytics<a href="#_ftn15" name="_ftnref15"><sup>[15]</sup></a> being the primary tool to effectively utilise the project, which was founded to prevent another instance of the September, 2011 terrorist attacks in Mumbai. The list of agencies that will have access to this data collection and analytics platform are the Central Board of Direct Taxes (CBDT), Central Bureau of Investigation (CBI), Defense Intelligence Agency (DIA), Directorate of Revenue Intelligence (DRI), Enforcement Directorate (ED), Intelligence Bureau (IB), Narcotics Control Bureau (NCB), National Investigation Agency (NIA), Research and Analysis Wing (RAW), the Military Intelligence of Assam , Jammu and Kashmir regions and finally the Home Ministry itself.<a href="#_ftn16" name="_ftnref16"><sup>[16]</sup></a></p>
<p style="text-align: justify; ">As of late 2015, the project has remained stuck because of bureaucratic red tape, with even the first phase of the four stage project not complete. The primary reason for this is the change of governments in 2014, along with apprehensions about breach of security and misuse of information from agencies such as the IB, R&AW, CBI, and CBDT, etc.<a href="#_ftn17" name="_ftnref17"><sup>[17]</sup></a> However, the office of the NATGRID is now under construction in South Delhi and while the agency claims an exemption under the RTI Act as a Schedule II Organisation, its scope and operational reach have only increased with each passing year.</p>
<p style="text-align: justify; "><b>Lawful Intercept And Monitoring Project</b></p>
<p style="text-align: justify; ">Lawful Intercept and Monitoring (LIM), is a secret mass electronic surveillance program operated by the Government of India for monitoring Internet traffic, communications, web-browsing and all other forms of Internet data. It is primarily run by the Centre for Development of Telematics (C-DoT) in the Ministry of Telecom since 2011.<a href="#_ftn18" name="_ftnref18"><sup>[18]</sup></a></p>
<p style="text-align: justify; ">The LIM Programme consists of installing interception, monitoring and storage programmes at international gateways, internet exchange hubs as well as ISP nodes across the country. This is done independent of ISPs, with the entire hardware and software apparatus being operated by the government. The hardware is installed between the Internet Edge Router (PE) and the core network, allowing for direct access to all traffic flowing through the ISP. It is the primary programme for internet traffic surveillance in India, allowing indiscriminate monitoring of all traffic passing through the ISP for as long as the government desires, without any oversight of courts and sometimes without the knowledge of ISPs.<a href="#_ftn19" name="_ftnref19"><sup>[19]</sup></a> One of the most potent capabilities of the LIM Project are live, automated keyword searches which allow the government to track all the information passing through the internet pipe being surveilled for certain key phrases in both in text as well in audio. Once these key phrases are successfully matched to the data travelling through the pipe using advanced search algorithms developed uniquely for the project, the system has various automatic routines which range from targeted surveillance on the source of the data to raising an alarm with the appropriate authorities.</p>
<p style="text-align: justify; ">LIM systems are often also operated by the ISPs themselves, on behalf of the government. They operate the device, including hardware upkeep, only to provide direct access to government agencies upon requests. Reports have stated that the legal procedures laid down in law (including nodal officers and formal requests for information) are rarely followed<a href="#_ftn20" name="_ftnref20"><sup>[20]</sup></a> in both these cases, allowing unfettered access to petabytes of user data on a daily basis through these programmes.</p>
<p style="text-align: justify; "><b>Crime and Criminal Tracking Network & Systems (CCTNS)</b></p>
<p style="text-align: justify; ">The Crime and Criminal Tracking Network & System (CCTNS) is a planned network that allows for the digital collection, storage, retrieval, analysis, transfer and sharing of information relating to crimes and criminals across India.<a href="#_ftn21" name="_ftnref21"><sup>[21]</sup></a> It is supposed to primarily operate at two levels, one between police stations and the second being between the various governance structures around crime detection and solving around the country, with access also being provided to intelligence and national security agencies.<a href="#_ftn22" name="_ftnref22"><sup>[22]</sup></a></p>
<p style="text-align: justify; ">CCTNS aims to integrate all the necessary data and records surrounding a crime (including past records) into a Core Application Software (CAS) that has been developed by Wipro.<a href="#_ftn23" name="_ftnref23"><sup>[23]</sup></a> The software includes the ability to digitise FIR registration, investigation and charge sheets along with the ability to set up a centralised citizen portal to interact with relevant information. This project aims to use this CAS interface across 15, 000 police stations in the country, with up to 5, 000 additional deployments. The project has been planned since 2009, with the first complete statewide implementation going live only in August 2016 in Maharashtra. <a href="#_ftn24" name="_ftnref24"><sup>[24]</sup></a></p>
<p style="text-align: justify; ">While seemingly harmless at face value, the project’s true power lies in two main possible uses. The first being its ability to profile individuals using their past conduct, which now can include all stages of an investigation and not just a conviction by a court of law, which has massive privacy concerns. The second harm is the notion that the CCTNS database will not be an isolated one but will be connected to the NATGRID and other such databases operated by organisations such as the National Crime Records Bureau, which will allow the information present in the CCTNS to be leveraged into carrying out more invasive surveillance of the public at large.<a href="#_ftn25" name="_ftnref25"><sup>[25]</sup></a></p>
<p style="text-align: justify; "><b>Network Traffic Analysis System (NETRA)</b></p>
<p style="text-align: justify; ">NETRA (NEtwork TRaffic Analysis) is a real time surveillance software developed by the Centre for Artificial Intelligence and Robotics (CAIR) at the Defence Research and Development Organisation. (DRDO) The software has apparently been fully functional since early 2014 and is primarily used by Indian Spy agencies, the Intelligence Bureau (IB) and the Research and Analysis Wing (RAW) with some capacity being reserved for domestic agencies under the Home Ministry.</p>
<p style="text-align: justify; ">The software is meant to monitor Internet traffic on a real time basis using both voice and textual forms of data communication, especially social media, communication services and web browsing. Each agency was initially allocated 1000 nodes running NETRA, with each node having a capacity to analyse 300GB of information per second, giving each agency a capacity of around 300 TB of information processing per second.<a href="#_ftn26" name="_ftnref26"><sup>[26]</sup></a> This capacity is largely available only to agencies dealing with External threats, with domestic agencies being allocated far lower capacities, depending on demand. The software itself is mobile and in the presence of sufficient hardware capacity, nothing prevents the software from being used in the CMS, the NATGRID or LIM operations.</p>
<p style="text-align: justify; ">There has been a sharp and sudden absence of public domain information regarding the software since 2014, making any statements about its current form or evolution mere conjecture.</p>
<p style="text-align: justify; "><b>Analysis of the Collective Data</b></p>
<p style="text-align: justify; ">Independent of the capacity of such programmes, their real world operations work in a largely similar manner to mass surveillance programmes in the rest of the world, with a majority of the capacity being focused on decryption and storage of data with basic rudimentary data analytics.<a href="#_ftn27" name="_ftnref27"><sup>[27]</sup></a> Keyword searches for hot words like 'attack', 'bomb', 'blast' or 'kill' in the various communication stream in real time are the only real capabilities of the system that have been discussed in the public domain,<a href="#_ftn28" name="_ftnref28"><sup>[28]</sup></a> which along with the limited capacity of such programmes<a href="#_ftn29" name="_ftnref29"><sup>[29]</sup></a> (300 TB) is indicative of basic level of analysis that is carried on captured data. Any additional details about the technical details about how India’s surveillance programmes use their captured data is absent from the public domain but they can presumed, at best, to operate with similar standards as global practices.<a href="#_ftn30" name="_ftnref30"><sup>[30]</sup></a></p>
<p style="text-align: justify; "><b>Capacitative Global Comparison </b></p>
<p style="text-align: justify; ">As can be seen from the post so far, India’s surveillance programmes have remarkably little information about them in the public domain, from a technical operation or infrastructure perspective. In fact, post late 2014, there is a stark lack of information about any developments in the mass surveillance field. All of the information that is available about the technical capabilities of the CMS, NATGRID or LIM is either antiquated (pre 2014) or is about (comparatively) mundane details like headquarter construction clearances.<a href="#_ftn31" name="_ftnref31"><sup>[31]</sup></a> Whether this is a result of the general reduction in the attention towards mass surveillance by the public and the media<a href="#_ftn32" name="_ftnref32"><sup>[32]</sup></a> or is the result of actions taken by the government under the “national security” grounds under as the Official Secrets Act, 1923<a href="#_ftn33" name="_ftnref33"><sup>[33]</sup></a> can only be conjecture.</p>
<p style="text-align: justify; ">However, given the information available (mentioned previously in this article) a comparative points to the rather lopsided position in comparison to international mass surveillance performance. While the legal provisions in India regarding surveillance programmes are among the most wide ranging, discretionary and opaque in the world<a href="#_ftn34" name="_ftnref34"><sup>[34]</sup></a> their technical capabilities seem to be anarchic in comparison to modern standards. The only real comparative that can be used is public reporting surrounding the DRDO NETRA project around 2012 and 2013. The government held a competition between the DRDO’s internally developed software “Netra” and NTRO’s “Vishwarupal” which was developed in collaboration with Paladion Networks.<a href="#_ftn35" name="_ftnref35"><sup>[35]</sup></a> The winning software, NETRA, was said to have a capacity of 300 GB per node, with a total of 1000 sanctioned nodes.<a href="#_ftn36" name="_ftnref36"><sup>[36]</sup></a> This capacity of 300 TB for the entire system, while seemingly powerful, is a miniscule fragment of 83 Petabytes traffic that is predicted to generated in India per day.<a href="#_ftn37" name="_ftnref37"><sup>[37]</sup></a> In comparison, the PRISM programme run by the National Security Agency in 2013 (the same time that the NETRA was tested) has a capacity of over 5 trillion gigabytes of storage<a href="#_ftn38" name="_ftnref38"><sup>[38]</sup></a>, many magnitudes greater than the capacity of the DRDO software. Similar statistics can be seen from the various other programmes of NSA and the Five Eyes alliance,<a href="#_ftn39" name="_ftnref39"><sup>[39]</sup></a> all of which operated at far greater capacities<a href="#_ftn40" name="_ftnref40"><sup>[40]</sup></a> and were held to be minimally effective.<a href="#_ftn41" name="_ftnref41"><sup>[41]</sup></a> The questions this poses of the effectiveness, reliance and proportionality of the Indian surveillance programme can never truly be answered due to the lack of information surrounding capacity and technology of the Indian surveillance programmes, as highlighted in the article. With regard to criminal databases used in surveillance, such as the NATGRID, equivalent systems both domestically (especially in the USA) and internationally (such as the one run by the Interpol)<a href="#_ftn42" name="_ftnref42"><sup>[42]</sup></a> are impossible due to the NATGRID not even being fully operational yet.<a href="#_ftn43" name="_ftnref43"><sup>[43]</sup></a></p>
<p style="text-align: justify; "><b>Conclusion</b></p>
<p style="text-align: justify; ">Even if we were to ignore the issues in principle with mass surveillance, the pervasive, largely unregulated and mass scale surveillance being carried in India using the tools and technologies detailed above have various technical and policy failings. It is imperative that transparency, accountability and legal scrutiny be made an integral part of the security apparatus in India. The risks of security breaches, politically motivated actions and foreign state hacking only increase with the absence of public accountability mechanisms. Further, opening up the technologies used for these operations to regular security audits will also improve their resilience to such attacks.</p>
<hr />
<p style="text-align: justify; "><a href="#_ftnref1" name="_ftn1"><sup>[1]</sup></a> <a href="http://cis-india.org/internet-governance/blog/the-constitutionality-of-indian-surveillance-law">http://cis-india.org/internet-governance/blog/the-constitutionality-of-indian-surveillance-law</a></p>
<p style="text-align: justify; "><a href="#_ftnref2" name="_ftn2"><sup>[2]</sup></a> <a href="http://india.blogs.nytimes.com/2013/07/10/how-surveillance-works-in-india/">http://india.blogs.nytimes.com/2013/07/10/how-surveillance-works-in-india/</a></p>
<p style="text-align: justify; "><a href="#_ftnref3" name="_ftn3"><sup>[3]</sup></a> <a href="https://www.privacyinternational.org/node/818">https://www.privacyinternational.org/node/818</a></p>
<p style="text-align: justify; "><a href="#_ftnref4" name="_ftn4"><sup>[4]</sup></a> <a href="http://cis-india.org/internet-governance/blog/state-of-cyber-security-and-surveillance-in-india.pdf">http://cis-india.org/internet-governance/blog/state-of-cyber-security-and-surveillance-in-india.pdf</a></p>
<p style="text-align: justify; "><a href="#_ftnref5" name="_ftn5"><sup>[5]</sup></a> <a href="http://cis-india.org/internet-governance/blog/security-surveillance-and-data-sharing.pdf">http://cis-india.org/internet-governance/blog/security-surveillance-and-data-sharing.pdf</a></p>
<p style="text-align: justify; "><a href="#_ftnref6" name="_ftn6"><sup>[6]</sup></a> <a href="http://cis-india.org/internet-governance/blog/paper-thin-safeguards.pdf">http://cis-india.org/internet-governance/blog/paper-thin-safeguards.pdf</a></p>
<p style="text-align: justify; "><a href="#_ftnref7" name="_ftn7"><sup>[7]</sup></a> <a href="http://pib.nic.in/newsite/PrintRelease.aspx?relid=54679">http://pib.nic.in/newsite/PrintRelease.aspx?relid=54679</a> & <a href="http://www.dot.gov.in/sites/default/files/English%20annual%20report%202007-08_0.pdf">http://www.dot.gov.in/sites/default/files/English%20annual%20report%202007-08_0.pdf</a></p>
<p style="text-align: justify; "><a href="#_ftnref8" name="_ftn8"><sup>[8]</sup></a> <a href="http://ijlt.in/wp-content/uploads/2015/08/IJLT-Volume-10.41-62.pdf">http://ijlt.in/wp-content/uploads/2015/08/IJLT-Volume-10.41-62.pdf</a></p>
<p style="text-align: justify; "><a href="#_ftnref9" name="_ftn9"><sup>[9]</sup></a> <a href="http://www.thehindu.com/scitech/technology/in-the-dark-about-indias-prism/article4817903.ece">http://www.thehindu.com/scitech/technology/in-the-dark-about-indias-prism/article4817903.ece</a></p>
<p style="text-align: justify; "><a href="#_ftnref10" name="_ftn10"><sup>[10]</sup></a> <a href="http://cis-india.org/internet-governance/blog/india-centralmonitoring-system-something-to-worry-about">http://cis-india.org/internet-governance/blog/india-centralmonitoring-system-something-to-worry-about</a></p>
<p style="text-align: justify; "><a href="#_ftnref11" name="_ftn11"><sup>[11]</sup></a> <a href="https://www.justice.gov/sites/default/files/pages/attachments/2016/07/08/ind195494.e.pdf">https://www.justice.gov/sites/default/files/pages/attachments/2016/07/08/ind195494.e.pdf</a></p>
<p style="text-align: justify; "><a href="#_ftnref12" name="_ftn12"><sup>[12]</sup></a> <a href="http://www.datacenterdynamics.com/content-tracks/security-risk/indian-lawful-interception-data-centers-are-complete/94053.fullarticle">http://www.datacenterdynamics.com/content-tracks/security-risk/indian-lawful-interception-data-centers-are-complete/94053.fullarticle</a></p>
<p style="text-align: justify; "><a href="#_ftnref13" name="_ftn13"><sup>[13]</sup></a> <a href="http://natgrid.attendance.gov.in/">http://natgrid.attendance.gov.in/</a> [Attendace records at the NATGRID Office!]</p>
<p style="text-align: justify; "><a href="#_ftnref14" name="_ftn14"><sup>[14]</sup></a> <a href="http://articles.economictimes.indiatimes.com/2013-09-10/news/41938113_1_executive-order-nationalintelligence-grid-databases">http://articles.economictimes.indiatimes.com/2013-09-10/news/41938113_1_executive-order-nationalintelligence-grid-databases</a></p>
<p style="text-align: justify; "><a href="#_ftnref15" name="_ftn15"><sup>[15]</sup></a> <a href="http://www.business-standard.com/article/current-affairs/natgrid-to-use-big-data-analytics-to-track-suspects-1">http://www.business-standard.com/article/current-affairs/natgrid-to-use-big-data-analytics-to-track-suspects-1</a></p>
<p style="text-align: justify; "><a href="#_ftnref16" name="_ftn16"><sup>[16]</sup></a> <a href="http://sflc.in/wp-content/uploads/2014/09/SFLC-FINAL-SURVEILLANCE-REPORT.pdf">http://sflc.in/wp-content/uploads/2014/09/SFLC-FINAL-SURVEILLANCE-REPORT.pdf</a></p>
<p style="text-align: justify; "><a href="#_ftnref17" name="_ftn17"><sup>[17]</sup></a> <a href="http://indiatoday.intoday.in/story/natgrid-gets-green-nod-but-hurdles-remain/1/543087.html">http://indiatoday.intoday.in/story/natgrid-gets-green-nod-but-hurdles-remain/1/543087.html</a></p>
<p style="text-align: justify; "><a href="#_ftnref18" name="_ftn18"><sup>[18]</sup></a> <a href="http://www.thehindu.com/news/national/govt-violates-privacy-safeguards-to-secretly-monitor-internet-traffic/article5107682.ece">http://www.thehindu.com/news/national/govt-violates-privacy-safeguards-to-secretly-monitor-internet-traffic/article5107682.ece</a></p>
<p style="text-align: justify; "><a href="#_ftnref19" name="_ftn19"><sup>[19]</sup></a> <i>ibid</i></p>
<p style="text-align: justify; "><a href="#_ftnref20" name="_ftn20"><sup>[20]</sup></a> <a href="http://www.thehoot.org/story_popup/no-escaping-the-surveillance-state-8742">http://www.thehoot.org/story_popup/no-escaping-the-surveillance-state-8742</a></p>
<p style="text-align: justify; "><a href="#_ftnref21" name="_ftn21"><sup>[21]</sup></a> <a href="http://ncrb.gov.in/BureauDivisions/CCTNS/cctns.htm">http://ncrb.gov.in/BureauDivisions/CCTNS/cctns.htm</a></p>
<p style="text-align: justify; "><a href="#_ftnref22" name="_ftn22"><sup>[22]</sup></a> <i>ibid</i></p>
<p style="text-align: justify; "><a href="#_ftnref23" name="_ftn23"><sup>[23]</sup></a> <a href="http://economictimes.indiatimes.com/news/politics-and-nation/ncrb-to-connect-police-stations-and-crime-data-across-country-in-6-months/articleshow/45029398.cms">http://economictimes.indiatimes.com/news/politics-and-nation/ncrb-to-connect-police-stations-and-crime-data-across-country-in-6-months/articleshow/45029398.cms</a></p>
<p style="text-align: justify; "><a href="#_ftnref24" name="_ftn24"><sup>[24]</sup></a> <a href="http://indiatoday.intoday.in/education/story/crime-criminal-tracking-network-system/1/744164.html">http://indiatoday.intoday.in/education/story/crime-criminal-tracking-network-system/1/744164.html</a></p>
<p style="text-align: justify; "><a href="#_ftnref25" name="_ftn25"><sup>[25]</sup></a> <a href="http://www.dailypioneer.com/nation/govt-cctns-to-be-operational-by-2017.html">http://www.dailypioneer.com/nation/govt-cctns-to-be-operational-by-2017.html</a></p>
<p style="text-align: justify; "><a href="#_ftnref26" name="_ftn26"><sup>[26]</sup></a> <a href="http://articles.economictimes.indiatimes.com/2012-03-10/news/31143069_1_scanning-internet-monitoring-system-internet-data">http://articles.economictimes.indiatimes.com/2012-03-10/news/31143069_1_scanning-internet-monitoring-system-internet-data</a></p>
<p style="text-align: justify; "><a href="#_ftnref27" name="_ftn27"><sup>[27]</sup></a> Surveillance, Snowden, and Big Data: Capacities, consequences, critique: <a href="http://journals.sagepub.com/doi/pdf/10.1177/2053951714541861">http://journals.sagepub.com/doi/pdf/10.1177/2053951714541861</a></p>
<p style="text-align: justify; "><a href="#_ftnref28" name="_ftn28"><sup>[28]</sup></a> <a href="http://www.thehindubusinessline.com/industry-and-economy/info-tech/article2978636.ece">http://www.thehindubusinessline.com/industry-and-economy/info-tech/article2978636.ece</a></p>
<p style="text-align: justify; "><a href="#_ftnref29" name="_ftn29"><sup>[29]</sup></a> See previous section in the article “NTRO”</p>
<p style="text-align: justify; "><a href="#_ftnref30" name="_ftn30"><sup>[30]</sup></a> Van Dijck, José. "Datafication, dataism and dataveillance: Big Data between scientific paradigm and ideology." <i>Surveillance & Society</i> 12.2 (2014): 197.</p>
<p style="text-align: justify; "><a href="#_ftnref31" name="_ftn31"><sup>[31]</sup></a> <a href="http://www.dailymail.co.uk/indiahome/indianews/article-3353230/Nat-Grid-knots-India-s-delayed-counter-terror-programme-gets-approval-green-body-red-tape-stall-further.html">http://www.dailymail.co.uk/indiahome/indianews/article-3353230/Nat-Grid-knots-India-s-delayed-counter-terror-programme-gets-approval-green-body-red-tape-stall-further.html</a></p>
<p style="text-align: justify; "><a href="#_ftnref32" name="_ftn32"><sup>[32]</sup></a> <a href="http://cacm.acm.org/magazines/2015/5/186025-privacy-behaviors-after-snowden/fulltext">http://cacm.acm.org/magazines/2015/5/186025-privacy-behaviors-after-snowden/fulltext</a></p>
<p style="text-align: justify; "><a href="#_ftnref33" name="_ftn33"><sup>[33]</sup></a> <a href="https://freedomhouse.org/report/freedom-press/2015/india">https://freedomhouse.org/report/freedom-press/2015/india</a></p>
<p style="text-align: justify; "><a href="#_ftnref34" name="_ftn34"><sup>[34]</sup></a> <a href="http://blogs.wsj.com/indiarealtime/2014/06/05/indias-snooping-and-snowden/">http://blogs.wsj.com/indiarealtime/2014/06/05/indias-snooping-and-snowden/</a></p>
<p style="text-align: justify; "><a href="#_ftnref35" name="_ftn35"><sup>[35]</sup></a> <a href="http://articles.economictimes.indiatimes.com/2012-03-10/news/31143069_1_scanning-internet-monitoring-system-internet-data">http://articles.economictimes.indiatimes.com/2012-03-10/news/31143069_1_scanning-internet-monitoring-system-internet-data</a></p>
<p style="text-align: justify; "><a href="#_ftnref36" name="_ftn36"><sup>[36]</sup></a> <a href="http://economictimes.indiatimes.com/tech/internet/government-to-launch-netra-for-internet-surveillance/articleshow/27438893.cms">http://economictimes.indiatimes.com/tech/internet/government-to-launch-netra-for-internet-surveillance/articleshow/27438893.cms</a></p>
<p style="text-align: justify; "><a href="#_ftnref37" name="_ftn37"><sup>[37]</sup></a> <a href="http://trak.in/internet/indian-internet-traffic-8tbps-2017/">http://trak.in/internet/indian-internet-traffic-8tbps-2017/</a></p>
<p style="text-align: justify; "><a href="#_ftnref38" name="_ftn38"><sup>[38]</sup></a> <a href="http://www.economist.com/news/briefing/21579473-americas-national-security-agency-collects-more-information-most-people-thought-will">http://www.economist.com/news/briefing/21579473-americas-national-security-agency-collects-more-information-most-people-thought-will</a></p>
<p style="text-align: justify; "><a href="#_ftnref39" name="_ftn39"><sup>[39]</sup></a> <a href="http://www.washingtonsblog.com/2013/07/the-fact-that-mass-surveillance-doesnt-keep-us-safe-goes-mainstream.html">http://www.washingtonsblog.com/2013/07/the-fact-that-mass-surveillance-doesnt-keep-us-safe-goes-mainstream.html</a></p>
<p style="text-align: justify; "><a href="#_ftnref40" name="_ftn40"><sup>[40]</sup></a> <a href="http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/">http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/</a></p>
<p style="text-align: justify; "><a href="#_ftnref41" name="_ftn41"><sup>[41]</sup></a> <i>Supra Note 35</i></p>
<p style="text-align: justify; "><a href="#_ftnref42" name="_ftn42"><sup>[42]</sup></a> <a href="http://www.papillonfoundation.org/information/global-crime-database/">http://www.papillonfoundation.org/information/global-crime-database/</a></p>
<p style="text-align: justify; "><a href="#_ftnref43" name="_ftn43"><sup>[43]</sup></a> <a href="http://www.thehindu.com/opinion/editorial/Revive-NATGRID-with-safeguards/article13975243.ece">http://www.thehindu.com/opinion/editorial/Revive-NATGRID-with-safeguards/article13975243.ece</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/the-design-technology-behind-india2019s-surveillance-programmes'>http://editors.cis-india.org/internet-governance/blog/the-design-technology-behind-india2019s-surveillance-programmes</a>
</p>
No publisherudbhavSurveillanceInternet GovernancePrivacy2017-01-20T15:56:44ZBlog EntrySocial Media Monitoring
http://editors.cis-india.org/internet-governance/blog/social-media-monitoring
<b>We see a trend of social media and communication monitoring and surveillance initiatives in India which have the potential to create a chilling effect on free speech online and raises question about the privacy of individuals. In this paper, Amber Sinha looks at social media monitoring as a tool for surveillance, the current state of social media surveillance in India, and evaluate how the existing regulatory framework in India may deal with such practices in future.</b>
<p> </p>
<h4>Social Media Monitoring: <a href="http://cis-india.org/internet-governance/files/social-media-monitoring/at_download/file">Download</a> (PDF)</h4>
<hr />
<h3><strong>Introduction</strong></h3>
<p>In 2014, the Government of India launched the much lauded and popular citizen outreach website called MyGov.in. A press release by the government announced that they had roped in global consulting firm PwC to assist in the data mining exercise to process and filter key points emerging from debates on Mygov.in. While this was a welcome move, the release also mentioned that the government intended to monitor social media sites in order to gauge popular opinion. Further, earlier this year, the government set up National Media Analytics Centre (NMAC) to monitor blogs, media channels, news outlets and social media platforms. The tracking software used by NMAC will generate tags to classify post and comments on social media into negative, positive and neutral categories, paying special attention to “belligerent” comments, and also look at the past patterns of posts. A project called NETRA has already been reported in the media a few years back which would intercept and analyse internet traffic using pre-defined filters. Alongside, we see other initiatives which intend to use social media data for predictive policing purposes such as CCTNS and Social Media Labs.</p>
<p>Thus, we see a trend of social media and communication monitoring and surveillance initiatives announced by the government which have the potential to create a chilling effect on free speech online and raises question about the
privacy of individuals. Various commentators have raised concerns about the legal validity of such programmes and whether they were in violation of the fundamental rights to privacy and free expression, and the existing surveillance laws in India. The lack of legislation governing these programmes often translates into an absence of transparency and due procedure. Further, a lot of personal communication now exists in the public domain which
renders traditional principles which govern interception and monitoring of personal communications futile. In the last few years, the blogosphere and social media websites in India have also changed and become platforms for more dissemination of political content, often also accompanied by significant vitriol, ‘trolling’ and abuse. Thus, we see greater policing of public or semi-public spaces online. In this paper, we look at social media monitoring as a
tool for surveillance, the current state of social media surveillance in India and evaluate how the existing regulatory framework in India may deal with such practices in future.</p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/social-media-monitoring'>http://editors.cis-india.org/internet-governance/blog/social-media-monitoring</a>
</p>
No publisheramberSocial MediaInternet GovernanceSurveillance2017-01-16T14:23:13ZBlog EntryWorkshop Report - UIDAI and Welfare Services: Exclusion and Countermeasures
http://editors.cis-india.org/internet-governance/blog/workshop-report-uidai-and-welfare-services-august-27-2016
<b>This report presents summarised notes from a workshop organised by the Centre for Internet and Society (CIS) on Saturday, August 27, 2016, to discuss, raise awareness of, and devise countermeasures to exclusion due to implementation of UID-based verification for and distribution of welfare services.</b>
<p> </p>
<h2>Introduction</h2>
<p>The Centre for Internet and Society organised a workshop on "UIDAI and Welfare Services: Exclusion and Countermeasures" at the Institution of Agricultural on Technologists on August 27 in Bangalore to discuss, raise awareness of, and devise countermeasures to exclusion due to implementation of UID-based verification for and distribution of welfare services <strong>[1]</strong>. This was a follow-up to the workshop held in Delhi on “Understanding Aadhaar and its New Challenges” at the Centre for Studies in Science Policy, JNU on May 26th and 27th 2016 <strong>[2]</strong>. In this report we summarise the key concerns raised and the case studies presented by the participants at the workshop held on August 27, 2016.</p>
<h2>Implementation of the UID Project</h2>
<p><strong>Question of Consent:</strong> The Aadhaar Act <strong>[3]</strong> states that the consent of the individual must be taken at the time of enrollment and authentication and it must be informed to him/her the purpose for which the data would be used. However, the Act does not provide for an opt-out mechanism and an individual is compelled to give consent to continue with the enrollment process or to complete an authentication.</p>
<p><strong>Lack of Adherence to Court Orders:</strong> Despite of several orders by Supreme Court stating that use of Aadhaar cannot be made mandatory for the purpose of availing benefits and services, multiple state governments and departments have made it mandatory for a wide range of purposes like booking railway tickets <strong>[4]</strong>, linking below the poverty line ration cards with Aadhaar <strong>[5]</strong>, school examinations <strong>[6]</strong>, food security, pension and scholarship <strong>[7]</strong>, to name a few.</p>
<p><strong>Misleading Advertisements:</strong> A concern was raised that individuals are being mislead in the necessity and purpose for enrollment into the project. For example, people have been asked to enrol by telling them that they might get excluded from the system and cannot get services like passports, banks, NREGA, salaries for government employees, denial of vaccinations, etc. Furthermore, the Supreme Court has ordered Aadhaar not be mandatory, yet people are being told that documentation or record keeping cannot be done without UID number.</p>
<p><strong>Hybrid Governance:</strong> The participants pointed out that with the Aadhaar (Targeted delivery of financial and other subsidies, benefits and services) Act, 2016 (hereinafter referred to as Aadhaar Act, 2016 ) being partially enforced, multiple examples of exclusion as reported in the news are demonstrating how the Aadhaar project is creating a case of hybrid governance i.e private corporations playing a significant role in Governance. This can be seen in case of Aadhaar where we see many entities from private sector being involved in its implementation, as well as many software and hardware companies.</p>
<p><strong>Lack of Transparency around Sharing of Biometric Data:</strong> The fact how and why the Government is relying on biometrics for welfare schemes is unclear and not known. Also, there is no information on how biometric data that is collected through the project is being used and its ability as an authenticating device. Along with that, there is very little information on companies that have been enlisted to hold and manage data and perform authentication.</p>
<p><strong>Possibility of Surveillance:</strong> Multiple petitions and ongoing cases have raised concerns regarding the possibility of surveillance, tracking, profiling, convergence of data, and the opaque involvement of private companies involved in the project.</p>
<p><strong>Denial of Information:</strong> In an RTI filed by one of the participant requesting to share the key contract for the project, it was refused on the grounds under section 8(1) (d) of the RTI Act, 2005. However, it was claimed that the provision would not be applicable since the contract was already awarded and any information disclosed to the Parliament should be disclosed to the citizens. The Central Information Commission issued a letter stating that the contractual obligation is over and a copy of the said agreement can be duly shared. However, it was discovered by the said participant that certain pages of the same were missing , which contained confidential information. When this issue went before appeal before the Information Commissioner, the IC gave an order to the IC in Delhi to comply with the previous order. However, it was communicated that limited financial information may be given, but not missing pages. Also, it was revealed that the UIDAI was supposed to share biometric data with NPR (by way of a MoU), but it has refused to give information since the intention was to discontinue NPR and wanted only UIDAI to collect data.</p>
<h2>Concerns Arising from the Report of the Comptroller and Auditor General of India (CAG) on Implementation of PAHAL (DBTL) Scheme</h2>
<p>A presentation on the CAG compliance audit report of PAHAL on LPG <strong>[8]</strong> revealed how the society was made to believe that UID will help deal with the issue of duplication and collection as well as use of biometric data will help. The report also revealed that multiple LPG connections have the same Aadhaar number or same bank account number in the consumer database maintained by the OMCs, the bank account number of consumers were also not accurately recorded, scrutiny of the database revealed improper capture of Aadhaar numbers, and there was incorrect seeding of IFSC codes in consumer database. The participants felt that this was an example of how schemes that are being introduced for social welfare do not necessarily benefit the society, and on the contrary, has led to exclusion by design. For example, in the year 2011, by was of the The Liquefied Petroleum Gas (Regulation of Supply and Distribution) Amendment Order, 2011 <strong>[9]</strong>, the Ministry of Petroleum and Natural Gas made the Unique Identification Number (UID) under the Aadhaar project a must for availing LPG refills. This received a lot of public pushback, which led to non-implementation of the order. In October 2012, despite the UIDAI stating that the number was voluntary, a number of services began requiring the provision of an Aadhaar number for accessing benefits. In September 2013, when the first order on Aadhaar was passed by court <strong>[10]</strong>, oil marketing companies and UIDAI approached the Supreme Court to change the same and allow them to make it mandatory, which was refused by the Court. Later in the year 2014, use of Aadhaar for subsidies was made mandatory. The participants further criticised the CAG report for revealing the manner in which linking Aadhaar with welfare schemes has allowed duplication and led to ghost beneficiaries where there is no information about who these people are who are receiving the benefits of the subsidies. For example, in Rajasthan, people are being denied their pension as they are being declared dead due to absence of information from the Aadhaar database.</p>
<p>It was said that the statistics of duplication mentioned in the report show how UIDAI (as it claims to ensure de-duplication of beneficiaries) is not required for this purpose and can be done without Aadhaar as well. Also, due to incorrect seeding of Aadhaar number many are being denied subsidy where there is no information regarding the number of people who have been denied the subsidy because of this. Considering these important facts from the audit report, the discussants concluded how the statistics reflect inflated claims by UIDAI and how the problems which are said to be addressed by using Aadhaar can be dealt without it. In this context, it is important to understand how the data in the aadhaar database maybe wrong and in case of e-governance the citizens suffer. Also, the fact that loss of subsidy-not in cash, but in use of LPG cylinder - only for cooking, is ignored. In addition to that, there is no data or way to check if the cylinder is being used for commercial purposes or not as RTI from oil companies says that no ghost identities have been detected.</p>
<h2>UID-linked Welfare Delivery in Rajasthan</h2>
<p>One speaker presented findings on people's experiences with UID-linked welfare services in Rajasthan, collected through a 100 days trip organised to speak to people across the state on problems related to welfare governance. This visit revealed that people who need the benefits and access to subsidies most are often excluded from actual services. It was highlighted that the paperless system is proving to be highly dangerous. Some of the cases discussed included that of a disabled labourer, who was asked to get an aadhaar card, but during enrollment asked the person standing next to him to put all his 5 fingers for biometric data collection. Due to this incorrect data, he is devoid of all subsidies since the authentication fails every time he goes to avail it. He stopped receiving his entitlements. Though problems were anticipated, the misery of the people revealed the extent of the problems arising from the project. In another case, an elderly woman living alone, since she could not go for Aadhaar authentication, had not been receiving the ration she is entitled to receive for the past 8 months. When the ration shop was approached to represent her case, the dealers said that they cannot provide her ration since they would require her thumb print for authentication. Later, they found out that on persuading the dealer to provide her with ration since Aadhaar is not mandatory, they found out that in their records they had actually mentioned that she was being given the ration, which was not the case. So the lack of awareness and the fact that people are entitled to receive the benefits irrespective of Aadhaar is something that is being misused by dealers. This shows how this system has become a barrier for the people, where they are also unaware about the grievance redressal mechanism.</p>
<h2>Aadhaar and e-KYC</h2>
<p>In this session, the use of Aadhaar for e-KYC verification was discussed The UID strategy document describes how the idea is to link UIDAI with money enabled Direct Benefit Transfer (DBT) to the beneficiaries without any reason or justification for the same. It was highlighted by one of the participants how the Reserve Bank of India (RBI) believed that making Aadhaar compulsory for e-KYC and several other banking services was a violation of the Money Laundering Act as well as its own rules and standards, however, later relaxed the rules to link Aadhaar with bank accounts and accepted its for e-KyC with great reluctance as the Department of Revenue thought otherwise. It was mentioned how allowing opening of bank accounts remotely using Aadhaar, without physically being present, was touted as a dangerous idea. However, the restrictions placed by RBI were suddenly done away with and opening bank accounts remotely was enabled via e-KYC.</p>
<p>A speaker emphasised that with emerging FinTech services in India being tied with Aadhaar via India Stack, the following concerns are becoming critical:</p>
<ol><li>With RBI enabling creation of bank accounts remotely, it becomes difficult to to track who did e-KYC and which bank did it and hold the same accountable.<br /><br /></li>
<li>The Aadhaar Act 2016 states that UIDAI will not track the queries made and will only keep a record of Yes/No for authentication. For example, the e-KYC to open a bank account can now be done with the help of an Aadhaar number and biometric authentication. However, this request does not get recorded and at the time of authentication, an individual is simply told whether the request has been matched or not by way of a Yes/No <strong>[11]</strong>. Though UIDAI will maintain the authentication record, this may act as an obstacle since in case the information from the aadhaar database does not match, the person would not be able to open a bank account and would only receive a yes/no as a response to the request.<br /><br /></li>
<li>Further, there is a concern that the Aadhaar Enabled Payment System being implemented by the National Payment Corporation of India (NCPI) would allow effectively hiding of source and destination of money flow, leading to money laundering and cases of bribery. This possible as NCPI maintains a mapper where each bank account is linked (only the latest one). However, Aadhaar number can be linked with multiple bank accounts of an individual. So when a transaction is made, the mapper records the transaction only from that 1 account. But if another transaction takes place with another bank account, that record is not maintained by the mapper at NCPI since it records only transactions of the latest account seeded in that. This makes money laundering easy as the money moves from aadhaar number to aadhaar number now rather than bank account to bank account.</li></ol>
<h2>Endnotes</h2>
<p><strong>[1]</strong> See: <a href="http://cis-india.org/internet-governance/events/uidai-and-welfare-services-exclusion-and-countermeasures-aug-27">http://cis-india.org/internet-governance/events/uidai-and-welfare-services-exclusion-and-countermeasures-aug-27</a>.</p>
<p><strong>[2]</strong> See: <a href="http://cis-india.org/internet-governance/blog/report-on-understanding-aadhaar-and-its-new-challenges">http://cis-india.org/internet-governance/blog/report-on-understanding-aadhaar-and-its-new-challenges</a>.</p>
<p><strong>[3]</strong> See: <a href="https://uidai.gov.in/beta/images/the_aadhaar_act_2016.pdf">https://uidai.gov.in/beta/images/the_aadhaar_act_2016.pdf</a>.</p>
<p><strong>[4]</strong> See: <a href="http://scroll.in/latest/816343/aadhaar-numbers-may-soon-be-compulsory-to-book-railway-tickets">http://scroll.in/latest/816343/aadhaar-numbers-may-soon-be-compulsory-to-book-railway-tickets</a>.</p>
<p><strong>[5]</strong> See: <a href="http://www.thehindu.com/news/national/karnataka/linking-bpl-ration-card-with-aadhaar-made-mandatory/article9094935.ece">http://www.thehindu.com/news/national/karnataka/linking-bpl-ration-card-with-aadhaar-made-mandatory/article9094935.ece</a>.</p>
<p><strong>[6]</strong> See: <a href="http://timesofindia.indiatimes.com/india/After-scam-Bihar-to-link-exams-to-Aadhaar/articleshow/54000108.cms">http://timesofindia.indiatimes.com/india/After-scam-Bihar-to-link-exams-to-Aadhaar/articleshow/54000108.cms</a>.</p>
<p><strong>[7]</strong> See: <a href="http://www.dailypioneer.com/state-editions/cs-calls-for-early-steps-to-link-aadhaar-to-ac.html">http://www.dailypioneer.com/state-editions/cs-calls-for-early-steps-to-link-aadhaar-to-ac.html</a>.</p>
<p><strong>[8]</strong> See: <a href="http://www.cag.gov.in/sites/default/files/audit_report_files/Union_Commercial_Compliance_Full_Report_25_2016_English.pdf">http://www.cag.gov.in/sites/default/files/audit_report_files/Union_Commercial_Compliance_Full_Report_25_2016_English.pdf</a>.</p>
<p><strong>[9]</strong> See: <a href="http://petroleum.nic.in/docs/lpg/LPG%20Control%20Order%20GSR%20718%20dated%2026.09.2011.pdf">http://petroleum.nic.in/docs/lpg/LPG%20Control%20Order%20GSR%20718%20dated%2026.09.2011.pdf</a>.</p>
<p><strong>[10]</strong> See: <a href="http://judis.nic.in/temp/494201232392013p.txt">http://judis.nic.in/temp/494201232392013p.txt</a>.</p>
<p><strong>[11]</strong> Section 8(4) of the Aadhaar Act, 2016 states that "The Authority shall respond to an authentication query with a positive, negative or any other appropriate response sharing such identity information excluding any core biometric information."</p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/workshop-report-uidai-and-welfare-services-august-27-2016'>http://editors.cis-india.org/internet-governance/blog/workshop-report-uidai-and-welfare-services-august-27-2016</a>
</p>
No publishervanyaDigital PaymentData SystemsResearchers at WorkUIDInternet GovernanceSurveillanceBig DataAadhaarWelfare GovernanceBig Data for DevelopmentDigital ID2019-03-16T04:34:11ZBlog EntryWorkshop on 'Privacy after Big Data' (Delhi, November 12)
http://editors.cis-india.org/internet-governance/events/privacy-after-big-data-delhi-nov-12-2016
<b>The Centre for Internet and Society (CIS) and the Sarai programme, CSDS, invite you to a workshop on 'Privacy after Big Data: What Changes? What should Change?' on Saturday, November 12. This workshop aims to build a dialogue around some of the key government-led big data initiatives in India and elsewhere that are contributing significant new challenges and concerns to the ongoing debates on the right to privacy. It is an open event. Please register to participate.</b>
<p> </p>
<h4>Invitation note and agenda: <a href="https://github.com/cis-india/website/raw/master/docs/CIS-Sarai_PrivacyAfterBigData_ConceptAgenda.pdf">Download</a> (PDF)</h4>
<hr />
<h3>Venue and RSVP</h3>
<p><strong>Venue:</strong> Centre for the Study of Developing Societies 29, Rajpur Road, Civil Lines, Delhi 110054.</p>
<p><strong>Location on Google Maps:</strong> <a href="https://www.google.com/maps/place/CSDS/@28.677775,77.2162523,17z/">https://www.google.com/maps/place/CSDS/@28.677775,77.2162523,17z/</a>.</p>
<p><strong>Registration:</strong> <a href="https://goo.gl/forms/py0Q0u8rMppu4smE3">Complete this form</a>.</p>
<h3>Concept Note</h3>
<p>In this age of big data, discussions about privacy are intertwined with the use of technology and the data deluge. Though big data possesses enormous value for driving innovation and contributing to productivity and efficiency, privacy concerns have gained significance in the dialogue around regulated use of data and the means by which individual privacy might be compromised through means such as surveillance, or protected. The tremendous opportunities big data creates in varied sectors ranges from financial technology, governance, education, health, welfare schemes, smart cities to name a few.</p>
<p>With the UID (“Aadhaar”) project re-animating the Right to Privacy debate in India, and the financial technology ecosystem growing rapidly, striking a balance between benefits of big data and privacy concerns is a critical policy question that demands public dialogue and research to inform an evidence based decision.</p>
<p>Also, with the advent of potential big data initiatives like the ambitious Smart Cities Mission under the Digital India Scheme, which would rely on harvesting large data sets and the use of analytics in city subsystems to make public utilities and services efficient, the tasks of ensuring data security on one hand and protecting individual privacy on the other become harder.</p>
<p>As key privacy principles are at loggerheads with big data activities, it is important to consider privacy as an embedded component in the processes, systems and projects, rather than being considered as an afterthought. These examples highlight the current state of discourse around data protection and privacy in India and the shapes they are likely to take in near future.</p>
<p>This workshop aims to build a dialogue around some of the key government-led big data initiatives in India and elsewhere that are contributing significant new challenges and concerns to the ongoing debates on the right to privacy.</p>
<h3>Agenda</h3>
<h4>09:00-09:30 Tea and Coffee</h4>
<h4>09:30-10:00 Introduction</h4>
<p><a href="#amber">Mr. Amber Sinha</a> and <a href="#sandeep">Mr. Sandeep Mertia</a><br />
<em>This session will introduce the topic of the workshop in the context of the ongoing works at CIS and Sarai.</em></p>
<h4>10:00-11:00 From Privacy Bill(s) to ‘Habeas Data’</h4>
<p><a href="#usha">Dr. Usha Ramanathan</a> and <a href="#vipul">Mr. Vipul Kharbanda</a><br />
<em>This session will present a brief history of the privacy bill(s) in India and end with reflections on ‘habeas data’ as a lens for thinking and actualising privacy after big data.</em></p>
<h4>11:00-11:30 Tea and Coffee</h4>
<h4>11:30-12:30 Digital ID, Data Protection, and Exclusion</h4>
<p><a href="#amelia">Ms. Amelia Andersdotter</a> and <a href="#srikanth">Mr. Srikanth Lakshmanan</a><br />
<em>This session will discuss national centralised digital ID systems, often operating at a cross-functional scale, and highlight its implications for discussions on data protection, welfare governance, and exclusion from public and private services.</em></p>
<h4>12:30-13:30 Digital Money and Financial Inclusion</h4>
<p><a href="#anupam">Dr. Anupam Saraph</a> and <a href="#astha">Ms. Astha Kapoor</a><br />
<em>This session will focus on the rise of digital banking and online payments as core instruments of financial inclusion in India, especially in the context of the Jan Dhan Yojana and UPI, and reflect on the concerns around privacy and financial data.</em></p>
<h4>13:30-14:30 Lunch</h4>
<h4>14:30-15:30 Big Data and Mass Surveillance</h4>
<p><a href="#anja">Dr. Anja Kovacs</a> and <a href="#matthew">Mr. Matthew Rice</a><br />
<em>This session will reflect on the rise of mass communication surveillance across the world, and the evolving challenges of regulating il/legal surveillance by government agencies.</em></p>
<h4>15:30-16:15 Privacy is (a) Right</h4>
<p><a href="#apar">Mr. Apar Gupta</a> and <a href="#kritika">Ms. Kritika Bhardwaj</a><br />
<em>This brief session is to share initial ideas and strategies for articulating and actualising a constitutional right to privacy in India.</em></p>
<h4>16:15-16:30 Tea and Coffee</h4>
<h4>16:30-17:30 Round Table</h4>
<p><em>An open discussion session to conclude the workshop.</em></p>
<h3>Speakers</h3>
<h4 id="amber">Mr. Amber Sinha</h4>
<p>Amber works on issues surrounding privacy, big data, and cyber security. He is interested in the impact of emerging technologies like artificial intelligence and learning algorithms on existing legal frameworks, and how they need to evolve in response. Amber studied humanities and law at National Law School of India University, Bangalore.</p>
<p>E-mail: amber at cis-india dot org.</p>
<p>Twitter: <a href="https://twitter.com/ambersinha07">@ambersinha07</a>.</p>
<h4 id="amelia">Ms. Amelia Andersdotter</h4>
<p>Amelia Andersdotter has been a Member of the European Parliament. She works on practical implications of data protection laws and consumer information security in Sweden, and digital rights in the Europe in general. Presently she is residing in Bangalore, where she is a visiting scholar with Centre for Internet and Society. She holds a BSc in Mathematics.</p>
<p>URL: <a href="https://dataskydd.net">https://dataskydd.net</a>.</p>
<p>Twitter: <a href="https://twitter.com/teirdes">@teirdes</a>.</p>
<h4 id="anja">Dr. Anja Kovacs</h4>
<p>Dr. Anja Kovacs directs the Internet Democracy Project in Delhi, India, which works for an Internet that supports free speech, democracy and social justice in India and beyond. Anja’s research and advocacy focuses especially on questions regarding freedom of expression, cybersecurity and the architecture of Internet governance. She has been a member of the of the Investment Committee of the Digital Defenders Partnership and of the Steering Committee of Best Bits, a global network of civil society members. She has also worked as an international consultant on Internet issues, including for the Independent Commission on Multilateralism, the United Nations Development Programme Asia Pacific and the UN Special Rapporteur on Freedom of Expression, Mr. Frank La Rue, as well as having been a Fellow at the Centre for Internet and Society in Bangalore, India.</p>
<p>Internet Democracy Project: <a href="https://internetdemocracy.in/">https://internetdemocracy.in</a>.</p>
<p>Twitter: <a href="https://twitter.com/anjakovacs">@anjakovacs</a>.</p>
<h4 id="anupam">Dr. Anupam Saraph</h4>
<p>Anupam Saraph has extensively researched India's UID number that has been widely regarded as the game changer in development programs. It has come to be linked with both public and private databases and become the requirement for access to entitlements, benefits, services and rights. Dr. Saraph, who has the design of at least two identification programs to his credit has researched the UID’s functional creep since its inception.</p>
<p>He has been dissecting the myths of what the UID is or is not. He has also tracked the consequences of its linkages on databases that protect national security, sovereignty, democratic status and the entire banking and money system in India. He has also highlighted the implications of its use for targeted delivery of cash subsidies from the Consolidated Fund of India. He has written and lectured widely about the devastating impact of the UID number on development programs, national security and the governability of India.</p>
<p>As a Professor of Systems, Governance and Decision Sciences, Environmental Systems and Business he mentors students and teaches systems, information systems, environmental systems and sustainable development at universities in Europe, Asia and the Americas. He has worked with the Rensselaer Polytechnic Institute, Rijksuniversitiet Groningen, RIVM, University of Edinburgh, Resource Use Institute, Systems Research Institute among others. Dr. Saraph has had the unique distinction of being India’s only person who has held the only office of a City CIO in India, in a PPP arrangement with government, industry and himself. He has also been the first e-governance Advisor to a State government. Dr. Saraph has held CxO and ministerial level positions and serves as an independent director on the boards of Public and Private Sector companies and NGOs. He is also the President of the Nagrik Chetna Manch, an NGO charged with the mission to bring accountability in governance.</p>
<p>Dr. Saraph is also actively engaged in civil society where he participates in several environmental, resource and nature conservation initiatives, has authored draft legislations for river and natural resource conservation, right to good governance and has contributed to governance, election and democratic reforms. Dr. Saraph is a regular columnist in newspapers and writes on issues of governance, future design, technology and education from a systems perspective.</p>
<p>Dr. Saraph is also actively engaged in civil society where he participates in several environmental, resource and nature conservation initiatives, has authored draft legislations for river and natural resource conservation, right to good governance and has contributed to governance, election and democratic reforms. Dr. Saraph is a regular columnist in newspapers and writes on issues of governance, future design, technology and education from a systems perspective.</p>
<p>Dr. Saraph is also actively engaged in civil society where he participates in several environmental, resource and nature conservation initiatives, has authored draft legislations for river and natural resource conservation, right to good governance and has contributed to governance, election and democratic reforms. Dr. Saraph is a regular columnist in newspapers and writes on issues of governance, future design, technology and education from a systems perspective.</p>
<p>As a future designer and recognized as a global expert on complex systems he helps individuals and organisations understand and design the future of their worlds. Together they address the toughest challenges, accomplish missions and achieve business goals. He also supports building capacity to address the challenges of today as well as to build future designs through teams and effective leadership. Since the eighties Dr. Saraph has modeled complex systems of cities, countries, regions and even the planet. His models have been awarded internationally and even placed in 10-year permanent exhibitions.</p>
<p>Dr Saraph works with business and government executives, civil society leaders, politicians, generals, civil servants, police, trade unionists, community activists, United Nations and ASEAN officials, judges, writers, media, architects, designers, technologists, scientists, entrepreneurs, board members and business leaders of small, mid and large single and trans-national companies, religious leaders and artists across a dozen countries and various industry sectors to help them and their organisations succeed in their missions. He advises the World Economic Forum through its Global Agenda Council for Complex Systems and the Club of Rome, Indian National Association as a founder life member.</p>
<p>Dr Saraph holds a PhD in designing sustainable systems from the faculty of Mathematics and Natural Sciences of the Rijksuniversiteit Groningen, the Netherlands.</p>
<p>Website: <a href="http://anupam.saraph.in/">http://anupam.saraph.in</a>.</p>
<p>Twitter: <a href="https://twitter.com/anupamsaraph">@anupamsaraph</a>.</p>
<h4 id="apar">Mr. Apar Gupta</h4>
<p>Apar Gupta practices law in Delhi. He is also one of the co-founders of the Internet Freedom Foundation. His work and writing on public interest issues can be accessed at his personal website <a href="http://www.apargupta.com/">www.apargupta.com</a>.</p>
<p>Twitter: <a href="https://twitter.com/aparatbar">@aparatbar</a>.</p>
<h4 id="astha">Ms. Astha Kapoor</h4>
<p>Astha Kapoor is a public policy strategy consultant working on financial inclusion and digital payments. Currently, she is working with MicroSave. Her tasks involve a focus on government to people (G2P) payments - and her work spans strategy, advisory and evaluation with the DBT Mission, Office of the Chief Economic Advisor, NITI Aayog and ministries pertaining to food, fuel and fertilizer. She recently designed a pilot to digitize uptake of fertilizers in Krishna district, and evaluated the newly introduced coupon system in the Public Distribution System in Bengaluru.</p>
<p>Twitter: <a href="https://twitter.com/kapoorastha">@kapoorastha</a>.</p>
<h4 id="kritika">Ms. Kritika Bhardwaj</h4>
<p>Kritika Bhardwaj works as a Programme Officer at the Centre for Communication Governance (CCG), National Law University, Delhi. Her main areas of research are privacy and data protection. At CCG, she has written about the privacy implications of several contemporary issues such as Aadhaar (India's unique identification project), cloud computing and the right to be forgotten. A lawyer by training, Kritika has a keen interest in information law and human rights law.</p>
<p>Centre for Communication Governance, NLU Delhi: <a href="http://ccgdelhi.org/">http://ccgdelhi.org</a>.</p>
<p>Twitter: <a href="https://twitter.com/Kritika12">@Kritika12</a>.</p>
<h4 id="matthew">Mr. Matthew Rice</h4>
<p>Matthew Rice is an Advocacy Officer at Privacy International working across the organisation engaging with international partners and strengthening their capacity on communications surveillance issues. He has previously worked at Privacy International as a consultant building the Surveillance Industry Index, the largest publicly available database on the private surveillance sector ever assembled. Matthew graduated from University of Aberdeen with an LLB (Hons.) and also has an MA in Human Rights from University College London.</p>
<p>Privacy International: <a href="https://privacyinternational.org/">https://privacyinternational.org</a>.</p>
<p>Twitter: <a href="https://twitter.com/mattr3">@mattr3</a>.</p>
<h4 id="sandeep">Mr. Sandeep Mertia</h4>
<p>Sandeep Mertia is a Research Associate at The Sarai Programme, Centre for the Study of Developing Societies, Delhi. He is an ICT engineer by training with research interests in Science & Technology Studies, Software Studies
and Anthropology. He is conducting an ethnographic study of emerging modes of data-driven knowledge production in the social sector.</p>
<p>Sarai: <a href="http://sarai.net/">http://sarai.net</a>.</p>
<p>Twitter: <a href="https://twitter.com/SandeepMertia">@SandeepMertia</a>.</p>
<p>Academia: <a href="https://daiict.academia.edu/SandeepMertia">https://daiict.academia.edu/SandeepMertia</a>.</p>
<h4 id="srikanth">Mr. Srikanth Lakshmanan</h4>
<p>Srikanth is a software professional with interests in Internet, follower of Internet policy discussions, volunteers for multiple online campaigns related to Internet. He is also fascinated by FOSS, opendata, localization,
Wikipedia, maps, public transit, civic tech and occasionally contributes to them.</p>
<p>Site: <a href="http://www.srik.me/">http://www.srik.me</a>.</p>
<p>Twitter: <a href="https://twitter.com/logic">@logic</a>.</p>
<h4 id="vipul">Mr. Vipul Kharbanda</h4>
<p>Vipul Kharbanda is a consultant with the Center for Internet and Society, Bangalore. After finishing his BA.LLB.(Hons.) from National Law School of India University in Bangalore, he worked for India’s largest corporate law firm for two and a half years in their Mumbai office for two years working primarily on the financing of various infrastructure projects such as Power Plants, Roads, Airports, etc. Since quitting his corporate law job, Vipul has been working as the Associate Editor in a legal publishing house which has been publishing legal books and journals for the last 90 years in India. He has also been involved with the Center for Internet and Society as a Consultant working primarily on issues related to privacy and surveillance.</p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/events/privacy-after-big-data-delhi-nov-12-2016'>http://editors.cis-india.org/internet-governance/events/privacy-after-big-data-delhi-nov-12-2016</a>
</p>
No publishersumandroData SystemsDigital GovernancePrivacyData RevolutionSurveillanceBig DataDigital IndiaInternet GovernanceBig Data for DevelopmentDigital Rights2016-11-12T10:14:52ZEventGovt to keep Aadhaar record for 7 years, activists worried
http://editors.cis-india.org/internet-governance/news/hindustan-times-aloke-tikku-october-17-2016-govt-to-keep-aadhaar-record-for-seven-years-activitsts-worried
<b>The government will keep for seven years a record of all the services and benefits availed using the Aadhaar number, say new rules, prompting fears that the database could be used for surveillance.</b>
<p style="text-align: justify; ">The article by Aloke Tikku was published in the <a class="external-link" href="http://www.hindustantimes.com/india-news/govt-to-keep-aadhar-record-for-7-years-activists-worried/story-jSY820Ee1ZnQNLL5vuWMOI.html">Hindustan Times</a> on October 17, 2016. Sunil Abraham was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">The Unique Identification Authority of India (UIDAI), which issues the 12-digit biometric identity to all Indian residents, will be required to preserve its record of verification of an Aadhaar number for the duration.</p>
<p style="text-align: justify; ">“This is an unprecedented centralised data retention provision,” said Sunil Abraham, director of the Bengaluru-based think tank, Centre for Internet and Society.<br /><br />UIDAI chief executive officer ABP Pandey said the concerns were exaggerated. The agency was keeping records in case a dispute arose over a transaction.</p>
<p style="text-align: justify; ">The information will be retained online for two years and another five years in the offline archives, say the rules notified in September.<br /><br />Users will be able to check the records but only for two years.<br /><br />This restriction won’t apply to security agencies. Pandey, however, said the records would not be available to them without a district judge’s permission.<br /><br />But, HT found that the rules allow designated joint secretary-level officers at the Centre to order access to information on the grounds of national security.<br /><br />“Once Aadhaar becomes mandatory for all services, it can be used by benign and malignant actors to conduct a 360-degree surveillance on any individual,” Abraham said.<br /><br />This is how the system, which will need millions of fingerprint-reading machines, works.<br /><br />Every time a person fingerprints and quotes the Aadhaar number, the agency concerned sends the data to UIDAI to crosscheck the particulars.<br /><br />The UIDAI authenticates about five million Aadhaar numbers, which are quoted to avail LPG subsidy, cheap ration and even passport, a day against a capacity to verify 100 million requests daily.<br /><br />“You can think of it as Natgrid Plus,” Abraham said, a reference to the National Intelligence Grid being built by the government.<br /><br />A one-stop database for counter-terrorism agencies, Natgrid will collate information real time from databases of various agencies such as bank, rail and airline networks.<br /><br />“…we do not record the purpose for which an authentication request was received but only the details of the agency that sent it,” UIDAI’s Pandey said.<br /><br />But seven years is a long time. Only a select category of government files are kept for longer than five years.<br /><br />Asked about two-year deadline for users, Pandey said it would have been a logistic nightmare to let people access the records once the information was offline.<br /><br />The Supreme Court has a ruled that Aadhaar is not a must for availing welfare schemes and is to decide if collecting biometric data for the 12-digit number infringed an individual’s privacy.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/hindustan-times-aloke-tikku-october-17-2016-govt-to-keep-aadhaar-record-for-seven-years-activitsts-worried'>http://editors.cis-india.org/internet-governance/news/hindustan-times-aloke-tikku-october-17-2016-govt-to-keep-aadhaar-record-for-seven-years-activitsts-worried</a>
</p>
No publisherpraskrishnaSurveillanceAadhaarInternet GovernancePrivacy2016-10-17T01:53:24ZNews ItemRight to Food Campaign, Ranchi Convention, 2016
http://editors.cis-india.org/internet-governance/news/right-to-food-campaign-ranchi-convention-2016
<b>The Right to Food Campaign held its 2016 Convention in Ranchi during September 23-25, 2016. While three years have elapsed since the passage of the National Food Security Act, despite improvements in the Public Distribution System (PDS), large implementation gaps remain. This is what the Convention focused on, and gathered researchers and campaigners from across the country to share experiences and case studies on effectiveness and exclusions from the PDS. Sumandro Chattapadhyay took part in a session of the Convention to discuss how UID-linked welfare delivery is being rolled out across key programmes like provision of pension and rationed distribution of essential commodities, and their impact on people's right to welfare services.</b>
<p> </p>
<h4>Right to Food Campaign: <a href="http://www.righttofoodcampaign.in/">Website</a>.</h4>
<h4>Right to Food Campaign: <a href="https://docs.google.com/viewer?a=v&pid=sites&srcid=ZGVmYXVsdGRvbWFpbnxoYXFyb3ppcm90aXxneDo3MmQ3MTMyZjU2N2FjOGU">Cash Transfers and UID: Our Main Demands</a>.</h4>
<h4>Ranchi Convention, 2016: <a href="https://docs.google.com/document/d/110_asJ1t14IWALbhWN1RjDiOV8WE-fIK2xJC5Yltyc4/edit">Programme</a>.</h4>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/right-to-food-campaign-ranchi-convention-2016'>http://editors.cis-india.org/internet-governance/news/right-to-food-campaign-ranchi-convention-2016</a>
</p>
No publishersumandroBig DataData SystemsInternet GovernanceSurveillanceAadhaarWelfare GovernanceBiometricsBig Data for DevelopmentUID2019-03-16T04:40:52ZBlog EntryAre we Losing the Right to Privacy and Freedom of Speech on Indian Internet?
http://editors.cis-india.org/internet-governance/blog/dna-amber-sinha-march-10-2016-are-we-losing-right-to-privacy-and-freedom-of-speech-on-indian-internet
<b>The article was published in DNA on March 10, 2016.</b>
<p style="text-align: justify; ">Last month, it was reported that National Security Council Secretariat (NSCS) had proposed the <a href="http://www.dnaindia.com/scitech/report-watch-what-you-post-soon-govt-to-install-media-cell-to-track-counter-negative-content-online-2181460"><strong><span style="text-decoration: underline;">setting up of a National Media Analytics Centre</span></strong><span style="text-decoration: underline;"> </span></a>(NMAC). This centre’s mandate would be to monitor blogs, media channels, news outlets and social media platforms. Sources were quoted as stating that the centre would rely upon a tracking software built by Ponnurangam Kumaraguru, an Assistant Professor at the Indraprastha Institute of Information Technology in Delhi. The NMAC seems to mirror other similar efforts in countries such as <strong><a rel="nofollow" href="https://www.govtrack.us/congress/bills/114/hr3654/text" target="_blank"><span style="text-decoration: underline;">US</span></a></strong>, <strong><a rel="nofollow" href="https://www.thestar.com/news/canada/2013/11/29/social_media_to_be_monitored_by_federal_government.html" target="_blank"><span style="text-decoration: underline;">Canada</span></a></strong>, <strong><a rel="nofollow" href="http://www.smh.com.au/technology/technology-news/data-retention-and-the-end-of-australians-digital-privacy-20150827-gj96kq.html" target="_blank"><span style="text-decoration: underline;">Australia</span></a><a rel="nofollow" href="http://www.smh.com.au/technology/technology-news/data-retention-and-the-end-of-australians-digital-privacy-20150827-gj96kq.html" target="_blank"><span style="text-decoration: underline;"> </span></a></strong>and <strong><a rel="nofollow" href="http://www.independent.co.uk/news/uk/politics/government-awards-contracts-to-monitor-social-media-and-give-whitehall-real-time-updates-on-public-10298255.html" target="_blank"><strong><span style="text-decoration: underline;">UK</span></strong></a></strong>, to monitor online content for the reasons as varied as prevention of terrorist activities, disaster relief and criminal investigation.</p>
<p style="text-align: justify; ">The NSCS, the parent body that this centre will fall under, is a part of the National Security Council, India’s highest agency looking to integrate policy-making and intelligence analysis, and advising the Prime Minister’s Office on strategic issues as well as domestic and international threats. The NSCS represents the Joint Intelligence Committee and its duties include the assessment of intelligence from the Intelligence Bureau, Research and Analysis Wing (R&AW) and Directorates of Military, Air and Naval Intelligence, and the coordination of the functioning of intelligence agencies.</p>
<p style="text-align: justify; ">From limited reports available, it appears that the tracking software used by NMAC will generate tags to classify post and comments on social media into negative, positive and neutral categories, paying special attention to “belligerent” comments. The reports say that the software will also try to determine if the comments are factually correct or not. The idea of a government agency systematically tracking social media, blogs and news outlets and categorising content as desirable and undesirable is bound to create a chilling effect on free speech online. The most disturbing part of the report suggested that the past pattern of writers’ posts would be analysed to see how often her posts fell under the negative category, and whether she was attempting to create trouble or disturbance, and appropriate feedback would be sent to security agencies based on it. Viewed alongside the recent events where actors critical of the government and holding divergent views have expressed concerns about attempts to suppress dissenting opinions, this initiative sounds even more dangerous, putting at risk individuals categorised as “negative” or “belligerent”, for exercising their constitutionally protected right to free speech.</p>
<p style="text-align: justify; "><img src="http://editors.cis-india.org/home-images/copy2_of_FB.jpg" alt="FB" class="image-inline" title="FB" /></p>
<p style="text-align: justify; "><i>Getty Images</i></p>
<p style="text-align: justify; ">It has been argued that the Internet is a public space, and should be treated as subject to monitoring by the government as any other space. Further, this kind of analysis does not concern itself with private communication between two or more parties but only with publicly available information. Why must we raise eyebrows if the government is accessing and analysing it for the purposes of legitimate state interests? There are two problems with this argument. First, any surveillance of communication must always be limited in scope, specific to individuals, necessary and proportionate, and subject to oversight. There are no laws passed by the Parliament in India which allow for mass surveillance measures. Such activities are being conducted through bodies like NSC which came into existence through an Executive Order and have no clear oversight mechanisms built into its functioning. A quick look at the history of intelligence and surveillance agencies in India will show that none of them have been created through a legislation. A host of surveillance agencies have come up in the last few years including the Central Monitoring System, which was set up to monitor telecommunications, and the absence of legislative pedigree translates into lack of appropriate controls and safeguards, and zero public accountability.</p>
<p style="text-align: justify; ">The second and the larger issue is that the scale and level of granularity of personal information available now is unprecedented. Earlier, our communications with friends and acquaintances, our movements, our association, political or otherwise, were not observable in the manner it is today. It would be remiss to underestimate the importance of personal information merely because it exists in the public domain. The ability to act without being subject to monitoring and surveillance is key to the right to free speech and expression. While we accept the importance of free speech and the value of an open internet and newer technologies to enable it, we do not give sufficient importance to how these technologies are affecting the right to privacy.</p>
<p style="text-align: justify; "><img src="http://editors.cis-india.org/home-images/Tweets.jpg" alt="Tweets" class="image-inline" title="Tweets" /></p>
<p style="text-align: justify; ">Getty Images</p>
<p style="text-align: justify; ">In the last few years, the social media scene in India has been characterised by extreme polemic with epithets such as ‘bhakt’, ‘sanghi’, ‘sickular’ and ‘presstitutes’ thrown around liberally, turning political discussions into a mess of ugliness. It remains to be seen whether the NMAC intends to deal with the professional trolls who rely on a barrage of abuse to disrupt public conversations online. However, the appropriate response would not be greater surveillance, let alone a body like NMAC, with a sweeping mandate and little accountability.</p>
<p style="text-align: justify; ">Link to the original <a class="external-link" href="http://www.dnaindia.com/scitech/column-are-we-losing-the-right-to-privacy-and-freedom-of-speech-on-indian-internet-2187527">here</a>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/dna-amber-sinha-march-10-2016-are-we-losing-right-to-privacy-and-freedom-of-speech-on-indian-internet'>http://editors.cis-india.org/internet-governance/blog/dna-amber-sinha-march-10-2016-are-we-losing-right-to-privacy-and-freedom-of-speech-on-indian-internet</a>
</p>
No publisherAmber SinhaFreedom of Speech and ExpressionSurveillanceInternet GovernancePrivacy2016-03-16T14:44:19ZBlog EntryTransparency in Surveillance
http://editors.cis-india.org/internet-governance/blog/transparency-in-surveillance
<b>Transparency is an essential need for any democracy to function effectively. It may not be the only requirement for the effective functioning of a democracy, but it is one of the most important principles which need to be adhered to in a democratic state.</b>
<h2 style="text-align: justify; ">Introduction</h2>
<p style="text-align: justify; ">A democracy involves the state machinery being accountable to the citizens that it is supposed to serve, and for the citizens to be able to hold their state machinery accountable, they need accurate and adequate information regarding the activities of those that seek to govern them. However, in modern democracies it is often seen that those in governance often try to circumvent legal requirements of transparency and only pay lip service to this principle, while keeping their own functioning as opaque as possible.</p>
<p style="text-align: justify; ">This tendency to not give adequate information is very evident in the departments of the government which are concerned with surveillance, and merit can be found in the argument that all of the government's clandestine surveillance activities cannot be transparent otherwise they will cease to be "clandestine" and hence will be rendered ineffective. However, this argument is often misused as a shield by the government agencies to block the disclosure of all types of information about their activities, some of which may be essential to determine whether the current surveillance regime is working in an effective, ethical, and legal manner or not. It is this exploitation of the argument, which is often couched in the language of or coupled with concerns of national security, that this paper seeks to address while voicing the need for greater transparency in surveillance activities and structures.</p>
<p style="text-align: justify; ">In the first section the paper examines the need for transparency, and specifically deals with the requirement for transparency in surveillance. In the next part, the paper discusses the regulations governing telecom surveillance in India. The final part of the paper discusses possible steps that may be taken by the government in order to increase transparency in telecom surveillance while keeping in mind that the disclosure of such information should not make future surveillance ineffective.</p>
<h2 style="text-align: justify; ">Need for Transparency</h2>
<p style="text-align: justify; ">In today's age where technology is all pervasive, the term "surveillance" has developed slightly sinister overtones, especially in the backdrop of the Edward Snowden fiasco. Indeed, there have been several independent scandals involving mass surveillance of people in general as well as illegal surveillance of specific individuals. The fear that the term surveillance now invokes, especially amongst those social and political activists who seek to challenge the status quo, is in part due to the secrecy surrounding the entire surveillance regime. Leaving aside what surveillance is carried out, upon whom, and when - the state actors are seldom willing and open to talk about how surveillance is carried out, how decisions regarding who and how to target, are reached, how agency budgets are allocated and spent, how effective surveillance actions were, etc. While there may be justified security based arguments to not disclose the full extent of the state's surveillance activities, however this cloak of secrecy may be used illegally and in an unauthorized manner to achieve ends more harmful to citizen rights than the maintenance of security and order in the society.</p>
<p style="text-align: justify; ">Surveillance and interception/collection of communications data can take place under different legal processes in different countries, ranging from court-ordered requests of specified data from telecommunications companies to broad executive requests sent under regimes or regulatory frameworks requiring the disclosure of information by telecom companies on a pro-active basis. However, it is an open secret that data collection often takes place without due process or under non-legal circumstances.</p>
<p style="text-align: justify; ">It is widely believed that transparency is a critical step towards the creation of mechanisms for increased accountability through which law enforcement and government agencies access communications data. It is the first step in the process of starting discussions and an informed public debate regarding how the state undertakes activities of surveillance, monitoring and interception of communications and data. Since 2010, a large number of ICT companies have begun to publish transparency reports on the extent that governments request their user data as well as requirements to remove content. However, governments themselves have not been very forthcoming in providing such detailed information on surveillance programs which is necessary for an informed debate on this issue.<a href="#_ftn1" name="_ftnref1">[1]</a> Although some countries currently report limited information on their surveillance activities, e.g. the U.S. Department of Justice publishes an annual Wiretap Report (U.S. Courts, 2013a), and the United Kingdom publishes the Interception of Communications Commissioner Annual Report (May, 2013), which themselves do not present a complete picture, however even such limited measures are unheard of in a country such as India.</p>
<p style="text-align: justify; ">It is obvious that Governments can provide a greater level of transparency regarding the limits in place on the freedom of expression and privacy than transparency reports by individual companies. Company transparency reports can only illuminate the extent to which any one company receives requests and how that company responds to them. By contrast, government transparency reports can provide a much greater perspective on laws that can potentially restrict the freedom of expression or impact privacy by illustrating the full extent to which requests are made across the ICT industry. <a href="#_ftn2" name="_ftnref2">[2]</a></p>
<p style="text-align: justify; ">In India, the courts and the laws have traditionally recognized the need for transparency and derive it from the fundamental right to freedom of speech and expression guaranteed in our Constitution. This need coupled with a sustained campaign by various organizations finally fructified into the passage of the Right to Information Act, 2005, (RTI Act) which amongst other things also places an obligation on the sate to place its documents and records online so that the same may be freely available to the public. In light of this law guaranteeing the right to information, the citizens of India have the fundamental right to know what the Government is doing in their name. The free flow of information and ideas informs political growth and the freedom of speech and expression is the lifeblood of a healthy democracy, it acts as a safety valve. People are more ready to accept the decisions that go against them if they can in principle seem to influence them. The Supreme Court of India is of the view that the imparting of information about the working of the government on the one hand and its decision affecting the domestic and international trade and other activities on the other is necessary, and has imposed an obligation upon the authorities to disclose information.<a href="#_ftn3" name="_ftnref3">[3]</a></p>
<p style="text-align: justify; ">The Supreme Court, in <i>Namit Sharma</i> v. <i>Union of India</i>,<a href="#_ftn4" name="_ftnref4">[4]</a> while discussing the importance of transparency and the right to information has held:</p>
<p style="text-align: justify; ">"The Right to Information was harnessed as a tool for promoting development; strengthening the democratic governance and effective delivery of socio-economic services. <i> Acquisition of information and knowledge and its application have intense and pervasive impact on the process of taking informed decision, resulting in overall productivity gains </i> .</p>
<p style="text-align: justify; ">……..</p>
<p style="text-align: justify; ">Government procedures and regulations shrouded in the veil of secrecy do not allow the litigants to know how their cases are being handled. They shy away from questioning the officers handling their cases because of the latters snobbish attitude. Right to information should be guaranteed and needs to be given real substance. In this regard, the Government must assume a major responsibility and mobilize skills to ensure flow of information to citizens. <i>The traditional insistence on secrecy should be discarded.</i>"</p>
<p style="text-align: justify; ">Although these statements were made in the context of the RTI Act the principle which they try to illustrate can be understood as equally applicable to the field of state sponsored surveillance. Though Indian intelligence agencies are exempt from the RTI Act, it can be used to provide limited insight into the scope of governmental surveillance. This was demonstrated by the Software Freedom Law Centre, who discovered via RTI requests that approximately 7,500 - 9,000 interception orders are sent on a monthly basis.<a href="#_ftn5" name="_ftnref5">[5]</a></p>
<p style="text-align: justify; ">While it is true that transparency alone will not be able to eliminate the barriers to freedom of expression or harm to privacy resulting from overly broad surveillance,, transparency provides a window into the scope of current practices and additional measures are needed such as oversight and mechanisms for redress in cases of unlawful surveillance. Transparency offers a necessary first step, a foundation on which to examine current practices and contribute to a debate on human security and freedom.<a href="#_ftn6" name="_ftnref6">[6]</a></p>
<p style="text-align: justify; ">It is no secret that the current framework of surveillance in India is rife with malpractices of mass surveillance and instances of illegal surveillance. There have been a number of instances of illegal and/or unathorised surveillance in the past, the most scandalous and thus most well known is the incident where a woman IAS officer was placed under surveillance at the behest of Mr. Amit Shah who is currently the president of the ruling party in India purportedly on the instructions of the current prime minister Mr. Narendra Modi.<a href="#_ftn7" name="_ftnref7">[7]</a> There are also a number of instances of private individuals indulging in illegal interception and surveillance; in the year 2005, it was reported that Anurag Singh, a private detective, along with some associates, intercepted the telephonic conversations of former Samajwadi Party leader Amar Singh. They allegedly contacted political leaders and media houses for selling the tapped telephonic conversation records. The interception was allegedly carried out by stealing the genuine government letters and forging and fabricating them to obtain permission to tap Amar Singh's telephonic conversations. <a href="#_ftn8" name="_ftnref8">[8]</a> The same individual was also implicated for tapping the telephone of the current finance minister Mr. Arun Jaitely.<a href="#_ftn9" name="_ftnref9">[9]</a></p>
<p style="text-align: justify; ">It is therefore obvious that the status quo with regard to the surveillance mechanism in India needs to change, but this change has to be brought about in a manner so as to make state surveillance more accountable without compromising its effectiveness and addressing legitimate security concerns. Such changes cannot be brought about without an informed debate involving all stakeholders and actors associated with surveillance, however the basic minimum requirement for an "informed" debate is accurate and sufficient information about the subject matter of the debate. This information is severely lacking in the public domain when it comes to state surveillance activities - with most data points about state surveillance coming from news items or leaked information. Unless the state becomes more transparent and gives information about its surveillance activities and processes, an informed debate to challenge and strengthen the status quo for the betterment of all parties cannot be started.</p>
<h2 style="text-align: justify; ">Current State of Affairs</h2>
<p style="text-align: justify; ">Surveillance laws in India are extremely varied and have been in existence since the colonial times, remnants of which are still being utilized by the various State Police forces. However in this age of technology the most important tools for surveillance exist in the digital space and it is for this reason that this paper shall focus on an analysis of surveillance through interception of telecommunications traffic, whether by tracking voice calls or data. The interception of telecommunications actually takes place under two different statutes, the Telegraph Act, 1885 (which deals with interception of calls) as well as the Information Technology Act, 2000 (which deals with interception of data).</p>
<p style="text-align: justify; ">Currently, the telecom surveillance is done as per the procedure prescribed in the Rules under the relevant sections of the two statutes mentioned above, <i>viz. </i>Rule 419A of the Telegraph Rules, 1951 for surveillance under the Telegraph Act, 1885 and the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 for surveillance under the Information Technology Act, 2000. These Rules put in place various checks and balances and try to ensure that there is a paper trail for every interception request. <a href="#_ftn10" name="_ftnref10">[10]</a> The assumption is that the generation of a paper trail would reduce the number of unauthorized interception orders thus ensuring that the powers of interception are not misused. However, even though these checks and balances exist on paper as provided in the laws, there is not enough information in the public domain regarding the entire mechanism of interception for anyone to make a judgment on whether the system is working or not.</p>
<p style="text-align: justify; ">As mentioned earlier, currently the only sources of information on interception that are available in the public domain are through news reports and a handful of RTI requests which have been filed by various activists.<a href="#_ftn11" name="_ftnref11">[11]</a> The only other institutionalized source of information on surveillance in India is the various transparency reports brought out by companies such as Google, Yahoo, Facebook, etc.</p>
<p style="text-align: justify; ">Indeed, Google was the first major corporation to publish a transparency report in 2010 and has been updating its report ever since. The latest data that is available for Google is for the period between January, 2015 to June, 2015 and in that period Google and Youtube together received 3,087 requests for data which asked for information on 4,829 user accounts from the Indian Government. Out of these requests Google only supplied information for 44% of the requests.<a href="#_ftn12" name="_ftnref12">[12]</a> Although Google claims that they "review each request to make sure that it complies with both the spirit and the letter of the law, and we may refuse to produce information or try to narrow the request in some cases", it is not clear why Google rejected 56% of the requests. It may also be noted that the number of requests for information that Google received from India were the fifth highest amongst all the other countries on which information was given in the Transparency Report, after USA, Germany, France and the U.K.</p>
<p style="text-align: justify; ">Facebook's transparency report for the period between January, 2015 to June, 2015 reveals that Facebook received 5,115 requests from the Indian Government for 6,268 user accounts, out of which Facebook produced data in 45.32% of the cases.<a href="#_ftn13" name="_ftnref13">[13]</a> Facebook's transparency report claims that they respond to requests relating to criminal cases and "Each and every request we receive is checked for legal sufficiency and we reject or require greater specificity on requests that are overly broad or vague." However, even in Facebook's transparency report it is unclear why 55.68% of the requests were rejected.</p>
<p style="text-align: justify; ">The Yahoo transparency report also gives data from the period between January 1, 2015 to June 30, 2015 and reveals that Yahoo received 831 requests for data, which related to 1,184 user accounts from the Indian Government. The Yahoo report is a little more detailed and also reveals that 360 of the 831 requests were rejected by Yahoo, however no details are given as to why the requests were rejected. The report also specifies that in 63 cases, no data was found by Yahoo, in 249 cases only non content data<a href="#_ftn14" name="_ftnref14">[14]</a> was disclosed while in 159 cases content <a href="#_ftn15" name="_ftnref15">[15]</a> was disclosed. The Yahoo report also claims that "We carefully scrutinize each request to make sure that it complies with the law, and we push back on those requests that don't satisfy our rigorous standards."</p>
<p style="text-align: justify; ">While the Vodafone Transparency Report gives information regarding government requests for data in other jurisdictions, <a href="#_ftn16" name="_ftnref16">[16]</a> it does not give any information on government requests in India. This is because Vodafone interprets the provisions contained in Rule 25(4) of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 (Interception Rules) and Rule 11 of the IT (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009 as well as Rule 419A(19) of the Indian Telegraph Rules, 1954 which require service providers to maintain confidentiality/secrecy in matters relating to interception, as being a legal prohibition on Vodafone to reveal such information.</p>
<p style="text-align: justify; ">Apart from the four major companies discussed above, there are a large number of private corporations which have published transparency reports in order to acquire a sense of trustworthiness amongst their customers. Infact, the Ranking Digital Rights Project has been involved in ranking some of the biggest companies in the world on their commitment to accountability and has brought out the Ranking Digital Rights 2015 Corporate Accountability Index that has analysed a representative group of 16 companies "that collectively hold the power to shape the digital lives of billions of people across the globe".</p>
<h2 style="text-align: justify; ">Suggestions on Transparency</h2>
<p style="text-align: justify; ">It is clear from the discussions above, as well as a general overview of various news reports on the subject, that telecom surveillance in India is shrouded in secrecy and it appears that a large amount of illegal and unauthorized surveillance is taking place behind the protection of this veil of secrecy. If the status quo continues, then it is unlikely that any meaningful reforms would take place to bring about greater accountability in the area of telecom surveillance. It is imperative, for any sort of changes towards greater accountability to take place, that we have enough information about what exactly is happening and for that we need greater transparency since transparency is the first step towards greater accountability.</p>
<h3 style="text-align: justify; ">Transparency Reports</h3>
<p style="text-align: justify; ">In very simplistic terms transparency, in anything, can best be achieved by providing as much information about that thing as possible so that there are no secrets left. However, it would be naïve to say that all information about interception activities can be made public on the altar of the principle of transparency, but that does not mean that there should be no information at all on interception. One of the internationally accepted methods of bringing about transparency in interception mechanisms, which is increasingly being adopted by both the private sector as well as governments, is to publish Transparency Reports giving various details of interception while keeping security concerns in mind. The two types of transparency reports that we require in India and what that would entail is briefly discussed below:</p>
<p style="text-align: justify; "><i>By the Government</i></p>
<p style="text-align: justify; ">The problem with India's current regime for interception is that the entire mechanism appears more or less adequate on paper with enough checks and balances involved in it to prevent misuse of the allotted powers. However, because the entire process is veiled in secrecy, nobody knows exactly how good or how rotten the system has become and whether it is working to achieve its intended purposes. It is clear that the current system of interception and surveillance being followed by the government has some flaws, as can be gathered from the frequent news articles which talk about incidents of illegal surveillance. However, without any other official or more reliable sources of information regarding surveillance activities these anecdotal pieces of evidence are all we have to shape the debate regarding surveillance in India. It is only logical then that the debate around surveillance, which is informed by such sketchy and unreliable news reports will automatically be biased against the current mechanism since the newspapers would also only be interested in reporting the scandalous and the extraordinary incidents. For example, some argue that the government undertakes mass surveillance, while others argue that India only carries out targeted surveillance, but there is not enough information publicly available for a third party to support or argue against either claim. It is therefore necessary and highly recommended that the government start releasing a transparency report such as the one's brought out by the United States and the UK as mentioned above.</p>
<p style="text-align: justify; ">There is no need for a separate department or authority just to make the transparency report and this task could probably be performed in-house by any department, but considering the sector involved, it would perhaps be best if the Department of Telecommunications is given the responsibility to bring out a transparency report. These transparency reports should contain certain minimum amount of data for them to be an effective tool in informing the public discourse and debate regarding surveillance and interception. The report needs to strike a balance between providing enough information so that an informed analysis can be made of the effectiveness of the surveillance regime without providing so much information so as to make the surveillance activities ineffective. Below is a list of suggestions as to what kind of data/information such reports should contain:</p>
<ul style="text-align: justify; ">
<li>Reports should contain data regarding the number of interception orders that have been passed. This statistic would be extremely useful in determining how elaborate and how frequently the state indulges in interception activities. This information would be easily available since all interception orders have to be sent to the Review Committee set up under Rule 419A of the Telegraph Rules, 1954.</li>
<li>The Report should contain information on the procedural aspects of surveillance including the delegation of powers to different authorities and individuals, information on new surveillance schemes, etc. This information would also be available with the Ministry of Home Affairs since it is a Secretary or Joint Secretary level officer in the said Ministry which is supposed to authorize every order for interception.</li>
<li>The report should contain an aggregated list of reasons given by the authorities for ordering interception. This information would reveal whether the authorities are actually ensuring legal justification before issuing interception or are they just paying lip service to the rules to ensure a proper paper trail. Since every order of interception has to be in writing, the main reasons for interception can easily be gleaned from a perusal of the orders.</li>
<li>It should also reveal the percentage of cases where interception has actually found evidence of culpability or been successful in prevention of criminal activities. This one statistic would itself give a very good review of the effectiveness of the interception regime. Granted that this information may not be very easily obtainable, but it can be obtained with proper coordination with the police and other law enforcement agencies.</li>
<li>The report should also reveal the percentage of order that have been struck down by the Review Committee as not following the process envisaged under the various Rules. This would give a sense of how often the Rules are being flouted while issuing interception orders. This information can easily be obtained from the papers and minutes of the meetings of the Review Committee.</li>
<li>The report should also state the number of times the Review Committee has met in the period being reported upon. The Review Committee is an important check on the misuse of powers by the authorities and therefore it is important that the Review Committee carries out its activities in a diligent manner.</li>
</ul>
<p style="text-align: justify; ">It may be noted here that some provisions of the Telegraph Rules, 1954 especially sub-Rules 17 and 18 of Rule 419A as well as Rules 22, 23(1) and 25 of the Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009 may need to be amended so as to make them compliant with the reporting mechanism proposed above.</p>
<p style="text-align: justify; "><i>By the Private Sector</i></p>
<p style="text-align: justify; ">We have already discussed above the transparency reports published by certain private companies. Suffice it to say that reports from private companies should give as much of the information discussed under government reports as possible and/or applicable, since they may not have a large amount of the information that is sought to be published in the government reports such as whether the interception was successful, the reasons for interception, etc. It is important to have ISPs provide such transparency reports as this will provide two different data points for information on interception and the very existence of these private reports may act as a check to ensure the veracity of the government transparency reports.</p>
<p style="text-align: justify; ">As in the case of government reports, for the transparency reports of the private sector to be effective, certain provisions of the Telegraph Rules, 1954 and the Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009, viz. sub-Rules 14, 15 and 19 of Rule 419A of the Telegraph Rules, 1954 and Rules 20, 21, 23(1) and 25 of the Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009.</p>
<h3 style="text-align: justify; ">Overhaul of the Review Committee</h3>
<p style="text-align: justify; ">The Review Committee which acts as a check on the misuse of powers by the competent authorities is a very important cog in the entire process. However, it is staffed entirely by the executive and does not have any members of any other background. Whilst it is probably impractical to have civilian members in the Review Committee which has access to potentially sensitive information, it is extremely essential that the Committee has wider representation from other sectors specially the judiciary. One or two members from the judiciary on the Review Committee would provide a greater check on the workings of the Committee as this would bring in representation from the judicial arm of the State so that the Review Committee does not remain a body manned purely by the executive branch. This could go some ways to ensure that the Committee does not just "rubber stamp" the orders of interception issued by the various competent authorities.</p>
<h2 style="text-align: justify; ">Conclusion</h2>
<p style="text-align: justify; ">It is not in dispute that there is a need for greater transparency in the government's surveillance activities in order to address the problems associated with illegal and unauthorised interceptions. This paper is not making the case that greater transparency in and by itself will be able to solve the problems that may be associated with the government's currency interception and surveillance regime, however it is not possible to address any problem unless we know the real extent of it. It is essential for an informed debate and discussion that the people participating in the discussion are "informed", i.e. they should have accurate and adequate information regarding the issues which are being discussed. The current state of the debate on interception is rife with individuals using illustrative and anecdotal evidence which, in the absence of any other evidence, they assume to be the norm.</p>
<p style="text-align: justify; ">A more transparent and forthcoming state machinery which regularly keeps its citizens abreast of the state of its surveillance regime would be likely to get better suggestions and perhaps less criticisms if it does come out that the checks and balances imposed in the regulations are actually making a difference to check unauthorized interceptions, and if not, then it is the right of the citizens to know about this and ask for reforms.</p>
<div style="text-align: justify; ">
<hr />
<div id="ftn1">
<p><a href="#_ftnref1" name="_ftn1">[1]</a> James Losey, "Surveillance of Communications: A Legitimization Crisis and the Need for Transparency", <i>International Journal of Communication 9(2015)</i>, Feature 3450-3459, 2015.</p>
</div>
<div id="ftn2">
<p><a href="#_ftnref2" name="_ftn2">[2]</a> <i>Id.</i></p>
</div>
<div id="ftn3">
<p><a href="#_ftnref3" name="_ftn3">[3]</a> Namit Sharma v. Union of India, <a href="http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=39566">http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=39566</a>.</p>
</div>
<div id="ftn4">
<p><a href="#_ftnref4" name="_ftn4">[4]</a> <a href="http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=39566">http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=39566</a> . Although the judgment was overturned on review, however this observation quoted above would still hold as it has not been specifically overturned.</p>
</div>
<div id="ftn5">
<p><a href="#_ftnref5" name="_ftn5">[5]</a> <a href="http://sflc.in/wp-content/uploads/2014/09/SFLC-FINAL-SURVEILLANCE-REPORT.pdf"> http://sflc.in/wp-content/uploads/2014/09/SFLC-FINAL-SURVEILLANCE-REPORT.pdf </a> .</p>
</div>
<div id="ftn6">
<p><a href="#_ftnref6" name="_ftn6">[6]</a> James Losey, "Surveillance of Communications: A Legitimization Crisis and the Need for Transparency", <i>International Journal of Communication 9 (2015)</i>, Feature 3450-3459, 2015.</p>
</div>
<div id="ftn7">
<p><a href="#_ftnref7" name="_ftn7">[7]</a> <a href="http://gulail.com/the-stalkers/">http://gulail.com/the-stalkers/</a> .</p>
</div>
<div id="ftn8">
<p><a href="#_ftnref8" name="_ftn8">[8]</a> <a href="http://timesofindia.indiatimes.com/india/Amar-Singh-phone-tap-accused-tracked-Arun-Jaitleys-mobile/articleshow/18582508.cms"> http://timesofindia.indiatimes.com/india/Amar-Singh-phone-tap-accused-tracked-Arun-Jaitleys-mobile/articleshow/18582508.cms </a> .</p>
</div>
<div id="ftn9">
<p><a href="#_ftnref9" name="_ftn9">[9]</a> <a href="http://ibnlive.in.com/news/arun-jaitley-phonetapping-case-all-accused-get-bail/394997-37-64.html"> http://ibnlive.in.com/news/arun-jaitley-phonetapping-case-all-accused-get-bail/394997-37-64.html </a> .</p>
</div>
<div id="ftn10">
<p><a href="#_ftnref10" name="_ftn10">[10]</a> For a detailed discussion of the Rules of interception please see Policy Paper on Surveillance in India, by Vipul Kharbanda, <a href="http://cis-india.org/internet-governance/blog/policy-paper-on-surveillance-in-india"> http://cis-india.org/internet-governance/blog/policy-paper-on-surveillance-in-india </a> .</p>
</div>
<div id="ftn11">
<p><a href="#_ftnref11" name="_ftn11">[11]</a> As an example please see <a href="http://cis-india.org/internet-governance/resources/rti-on-officials-and-agencies-authorized-to-intercept-telephone-messages-in-india"> http://cis-india.org/internet-governance/resources/rti-on-officials-and-agencies-authorized-to-intercept-telephone-messages-in-india </a> .</p>
</div>
<div id="ftn12">
<p><a href="#_ftnref12" name="_ftn12">[12]</a> <a href="https://www.google.com/transparencyreport/userdatarequests/countries/"> https://www.google.com/transparencyreport/userdatarequests/countries/ </a> .</p>
</div>
<div id="ftn13">
<p><a href="#_ftnref13" name="_ftn13">[13]</a> <a href="https://govtrequests.facebook.com/country/India/2015-H1/">https://govtrequests.facebook.com/country/India/2015-H1/</a> .</p>
</div>
<div id="ftn14">
<p><a href="#_ftnref14" name="_ftn14">[14]</a> Non-content data (NCD) such as basic subscriber information including the information captured at the time of registration such as an alternate e-mail address, name, location, and IP address, login details, billing information, and other transactional information (e.g., "to," "from," and "date" fields from email headers).</p>
</div>
<div id="ftn15">
<p><a href="#_ftnref15" name="_ftn15">[15]</a> Data that users create, communicate, and store on or through Yahoo. This could include words in a communication (e.g., Mail or Messenger), photos on Flickr, files uploaded, Yahoo Address Book entries, Yahoo Calendar event details, thoughts recorded in Yahoo Notepad or comments or posts on Yahoo Answers or any other Yahoo property.</p>
</div>
<div id="ftn16">
<p><a href="#_ftnref16" name="_ftn16">[16]</a> <a href="https://www.vodafone.com/content/sustainabilityreport/2014/index/operating_responsibly/privacy_and_security/law_enforcement/country_by_country.html"> https://www.vodafone.com/content/sustainabilityreport/2014/index/operating_responsibly/privacy_and_security/law_enforcement/country_by_country.html </a> .</p>
</div>
</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/transparency-in-surveillance'>http://editors.cis-india.org/internet-governance/blog/transparency-in-surveillance</a>
</p>
No publishervipulTransparencyInternet GovernanceSurveillance2016-01-23T15:11:18ZBlog EntryCommunication Rights in the Age of Digital Technology
http://editors.cis-india.org/internet-governance/events/communication-rights-in-the-age-of-digital-technology
<b>The Centre for Internet & Society (CIS) invites you to a conference to discuss the evolution of privacy and surveillance in India on Friday, October 30, 2015 at Deck Suite Hall, 5th Floor, Habitat Centre, Lodhi Road, Near Air Force Bal Bharti School, New Delhi - 110003, from 11 a.m. to 5 p.m.</b>
<p>The conference will be conducted in a round-table format. Topics to be discussed shall include, among others, the Human DNA Profiling Bill, 2012, the PIL questioning the data collection under the UID scheme, the draft National Encryption Policy and the Supreme Court judgement in Shreya Singhal v. Union of India, in the context of privacy and surveillance in India. The conference will be a forum for discussion, knowledge exchange and agenda building.</p>
<hr />
<h3 style="text-align: justify; ">Background Note</h3>
<p style="text-align: justify; ">In India, the Right to Privacy has been interpreted to mean an individuals’ right to be left alone. In the age of massive use of Information and Communications Technology, it has become imperative to have this right protected. The Supreme Court has held in a number of its decisions that the right to privacy is implicit in the fundamental right to life and personal liberty under Article 21 of the Indian Constitution, though Part III does not explicitly mention this right. Since the 1960s, the Apex Court has been dealing with this issue, primarily with respect to privacy being recognised as a fundamental or common law right and the standards that need to be satisfied in order to impose any restrictions on it.</p>
<p style="text-align: justify; ">In the year 2012, the Planning Commission constituted a Group of Experts under the chairmanship of Justice AP Shah, Former Chief Justice of the Delhi High Court to recommend a <a href="http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf">potential privacy framework</a> for privacy in India. Previously in 2011 the Department of Personnel and Training had prepared a <a href="https://bourgeoisinspirations.files.wordpress.com/2010/03/draft_right-to-privacy.pdf">draft Bill on Right to Privacy </a>which has yet to materialize into a comprehensive legislation on privacy. In 2014, a version of the revised Right to Privacy Bill was <a href="http://cis-india.org/internet-governance/blog/leaked-privacy-bill-2014-v-2011">leaked</a>. Amendments to the Bill aim to protect individuals against misuse of their data by the government or private agencies, and is in the process of being <a href="http://www.newindianexpress.com/nation/Centre-Giving-Final-Touches-to-Right-to-Privacy-Bill/2015/03/17/article2717271.ece">finalized by the Indian Government</a><a href="http://www.newindianexpress.com/nation/Centre-Giving-Final-Touches-to-Right-to-Privacy-Bill/2015/03/17/article2717271.ece">. </a></p>
<p style="text-align: justify; ">Of late, privacy concerns have gained importance in India due to the initiation of national programmes like the UID Scheme, DNA Profiling, the National Encryption Policy, etc. attracting criticism for their impact on the right to privacy. For example, DeitY introduced a draft National Encryption Policy in September this year to prescribe methods for encryption. However, the policy would have posed significant restriction on the ability of citizens to encrypt online communication. Backlash from the citizens, industry, social media and privacy experts led the Government to withdraw the policy as the measures included made the information system vulnerable in every sense.</p>
<p style="text-align: justify; ">Earlier this year, the Apex Court gave a <a href="http://supremecourtofindia.nic.in/FileServer/2015-03-24_1427183283.pdf">historical</a><a href="http://supremecourtofindia.nic.in/FileServer/2015-03-24_1427183283.pdf"> judgement</a> by striking down section 66A of the IT (Amendment) Act 2008. The Court upheld section 69A and the Information Technology (Procedure & Safeguards for Blocking for Access of Information by Public) Rules 2009 to be constitutionally valid, which accords the government with the authority to block transmission of information and websites when it deems it as necessary for reasons like sovereignty and integrity of India, public order, etc.</p>
<p style="text-align: justify; ">Another government initiative which has generated considerable controversy for its threat to privacy is the UID project which aims to issue a unique identification number to all citizens by the Unique Identification Authority of India, which can be authenticated and verified online. In August this year, the Supreme Court, <a href="http://judis.nic.in/supremecourt/imgs1.aspx?filename=42841">vide an interim order</a>, restricted the use of Aadhaar by declaring it to be optional for availing government benefits and services. Though the Government contended the right to privacy as a fundamental right in India, the Court deferred this issue to a larger Constitutional Bench, and the Supreme Court upheld its decision yet again in the month of October.</p>
<p style="text-align: justify; ">Similarly, the <a href="http://www.dbtindia.nic.in/wp-content/uploads/Human-DNA-Profiling-Bill.pdf">d</a><a href="http://www.dbtindia.nic.in/wp-content/uploads/Human-DNA-Profiling-Bill.pdf">raft</a><a href="http://www.dbtindia.nic.in/wp-content/uploads/Human-DNA-Profiling-Bill.pdf"> Human DNA </a><a href="http://www.dbtindia.nic.in/wp-content/uploads/Human-DNA-Profiling-Bill.pdf">P</a><a href="http://www.dbtindia.nic.in/wp-content/uploads/Human-DNA-Profiling-Bill.pdf">rofiling </a><a href="http://www.dbtindia.nic.in/wp-content/uploads/Human-DNA-Profiling-Bill.pdf">B</a><a href="http://www.dbtindia.nic.in/wp-content/uploads/Human-DNA-Profiling-Bill.pdf">ill 2015</a> is being questioned on grounds of privacy invasion on a massive scale as it aims to collect and store the DNA samples of criminals, suspects, volunteers, and victims and regulate DNA laboratories and DNA sampling for use by law enforcement agencies. The Bill also fails to include comprehensive privacy safeguards and provisions regarding collection of DNA samples with or without the consent of an individual, making individual privacy an important concern.</p>
<p style="text-align: justify; ">Going by these ongoing debates, one can say that Privacy as a right has primarily evolved by way of judicial interpretation and continues to evolve in light of several controversial Government policies, projects and schemes. However its development is often undermined by tension between several competing national interests which calls for clear guidelines to protect this inviolable right of the citizens.</p>
<h3><a href="http://editors.cis-india.org/internet-governance/blog/gsma-conference-invite.pdf" class="internal-link">
<hr />
<b>Download the Invite</b></a></h3>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/events/communication-rights-in-the-age-of-digital-technology'>http://editors.cis-india.org/internet-governance/events/communication-rights-in-the-age-of-digital-technology</a>
</p>
No publisherrakeshSurveillanceEventInternet GovernancePrivacy2015-10-24T07:45:26ZEventIndian PM Narendra Modi’s digital dream gets bad reception
http://editors.cis-india.org/internet-governance/news/the-australian-amanda-hodge-september-29-2015-indian-pm-narendra-modi-digital-dream-gets-bad-reception
<b>As Indian Prime Minister Narendra Modi told Silicon Valley’s most powerful chief executives this week how his government “attacked poverty by using the power of networks and mobile phones’’, the entire population of the state of Kashmir remained offline — by order of the state.
</b>
<p style="text-align: justify; ">The article by Amanda Hodge was published in <a class="external-link" href="http://www.theaustralian.com.au/news/world/indian-pm-narendra-modis-digital-dream-gets-bad-reception/story-e6frg6so-1227547929688">the Australian</a> on September 29, 2015. Sunil Abraham gave inputs.</p>
<hr />
<p style="text-align: justify; ">“I see technology as a means to empower and as a tool that bridges the distance between hope and opportunity,” Mr Modi said yesterday on a trip in which he will also discuss development at the UN.</p>
<p style="text-align: justify; ">Earlier, in a “town hall” meeting with Facebook chief Mark Zuckerberg Mr Modi hailed the power of social media networks that gave governments the opportunity to correct themselves “every five minutes”, rather than every five years.</p>
<p style="text-align: justify; ">His remarks during his Digital India tour of the US west coast sparked a storm of Twitter protest.</p>
<p style="text-align: justify; ">The northern state’s former chief minister Omar Abdullah, who noted the “irony of listening to Prime Minister Modi lecturing about connected digital India, while we are totally disconnected”.</p>
<p style="text-align: justify; ">The ban on mobile and broadband internet in Jammu and Kashmir was imposed last Friday, the beginning of the Muslim holiday of Eid-ul-Zuha during which animals are slaughtered and the meat fed to the poor, for fear social media could inflame tensions over the state government’s decision to enforce a beef ban.</p>
<p style="text-align: justify; ">It was to have lasted 24 hours but — notwithstanding Twitter feedback — was extended twice as a “precautionary” measure.</p>
<p style="text-align: justify; ">As Mr Modi outlined his dreams of a broadband network connecting the country’s most remote communities, millions of New Delhi mobile phone users continued their daily wrestle with line dropouts.</p>
<p style="text-align: justify; ">“We are bringing technology, transparency, efficiency, ease and effectiveness in governance,” he said, as in New Delhi the government talked of pulling down more mobile towers.</p>
<p style="text-align: justify; ">Centre for Internet and Society director Sunil Abraham said yesterday: “Schizophrenia between rhetoric and reality (on digital policy) is the global standard for all world leaders.</p>
<p style="text-align: justify; ">“Politicians in opposition are invariably opposed to surveillance and in favour of free speech but the very day that politician assumes office even if it is someone as splendid as Barack Obama, they change their opinions on these topics and become pro-surveillance and pro-censorship.”</p>
<p style="text-align: justify; ">Certainly successive Indian governments have had a patchy record on such issues. Last March India’s activist Supreme Court struck down a controversial section of the Information Technology Act which made posting information of a “grossly offensive or menacing character” punishable by up to three years’ jail.</p>
<p style="text-align: justify; ">That month police in northern Uttar Pradesh arrested a teenager for a Facebook post, which they said “carried derogatory language against a community”.</p>
<p style="text-align: justify; ">Previous cases under the former Congress-led government include that of a university professor detained for posting a cartoon about the chief minister of West Bengal and the arrest of two young women over a Facebook post criticising the shutdown of Mumbai following the death of a Hindu right politician.</p>
<p style="text-align: justify; ">While Mr Modi’s government welcomed the Supreme Court ruling as a “landmark day for freedom of speech and expression”, last month it attempted to block 857 random porn sites.</p>
<p style="text-align: justify; ">Notwithstanding the gulf between Mr Modi’s digital dream rhetoric and the reality at home, his second US visit in 17 months has reaped dividends. Google has committed to a joint initiative to roll out free Wi-Fi to 500 railway stations across the country, and Qualcomm has pledged a $US150 million ($213m) tech startup fund.</p>
<p style="text-align: justify; ">But Mr Abraham warned of the potential for such investments to compromise net neutrality — the principle of allowing internet users access to all content and applications.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/the-australian-amanda-hodge-september-29-2015-indian-pm-narendra-modi-digital-dream-gets-bad-reception'>http://editors.cis-india.org/internet-governance/news/the-australian-amanda-hodge-september-29-2015-indian-pm-narendra-modi-digital-dream-gets-bad-reception</a>
</p>
No publisherpraskrishnaInternet GovernanceCensorshipSurveillance2015-09-29T15:23:04ZNews Item