The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 21 to 35.
The Design & Technology behind India’s Surveillance Programmes
http://editors.cis-india.org/internet-governance/blog/the-design-technology-behind-india2019s-surveillance-programmes
<b>There has been an exponential growth in the pervasive presence of technology in the daily lives of an average Indian citizen over the past few years. While leading to manifold increase in convenience and connectivity, these technologies also allow for far greater potential for surveillance by state actors.</b>
<p style="text-align: justify; ">While the legal and policy avenues of state surveillance in India have been analysed by various organisations, there is very little available information about the technology and infrastructure used to carry out this surveillance. This appears to be largely, according to the government, due to reasons of national security and sovereignty.<a href="#_ftn1" name="_ftnref1"><sup>[1]</sup></a> This blog post will attempt to paint a picture of the technological infrastructure being used to carry out state surveillance in India.</p>
<p style="text-align: justify; "><b>Background</b><br /> The revelations by Edward Snowden about mass surveillance in mid-2013 led to an explosion of journalistic interest in surveillance and user privacy in India.<a href="#_ftn2" name="_ftnref2"><sup>[2]</sup></a> The reports and coverage from this period, leading up to early 2015, serve as the main authority for the information presented in this blog post. The lack of information from official government sources as well as decreasing public spotlight on surveillance since that point of time generally have both led to little or no new information turning up about India’s surveillance regime since this period. However, given the long term nature of these programmes and the vast amounts of time it takes to set them up, it is fairly certain that the programmes detailed below are still the primary bedrock of state surveillance in the country, albeit having become operational and inter-connected only in the past 2 years.</p>
<p style="text-align: justify; ">The technology being used to carry out surveillance in India over the past 5 years is largely an upgraded, centralised and substantially more powerful version of the surveillance techniques followed in India since the advent of telegraph and telephone lines: the tapping & recording of information in transit.<a href="#_ftn3" name="_ftnref3"><sup>[3]</sup></a> The fact that all the modern surveillance programmes detailed below have not required any new legislation, law, amendment or policy that was not already in force prior to 2008 is the most telling example of this fact. The legal and policy implication of the programmes illustrated below have been covered in previous articles by the Centre for Internet & Society which can be found here,<a href="#_ftn4" name="_ftnref4"><sup>[4]</sup></a> here<a href="#_ftn5" name="_ftnref5"><sup>[5]</sup></a> and here.<a href="#_ftn6" name="_ftnref6"><sup>[6]</sup></a> Therefore, this post will solely concentrate on the technological design and infrastructure being used to carry out surveillance along with any new developments in this field that the three source mentioned would not have covered from a technological perspective.</p>
<p style="text-align: justify; "><b>The Technology Infrastructure behind State Surveillance in India</b></p>
<p style="text-align: justify; ">The programmes of the Indian Government (in public knowledge) that are being used to carry out state surveillance are broadly eight in number. These exclude specific surveillance technology being used by independent arms of the government, which will be covered in the next section of this post. Many of the programmes listed below have overlapping jurisdictions and in some instances are cross-linked with each other to provide greater coverage:</p>
<ol style="text-align: justify; ">
<li>Central Monitoring System (CMS)</li>
<li>National Intelligence Grid (NAT-GRID)</li>
<li>Lawful Intercept And Monitoring Project (LIM)</li>
<li>Crime and Criminal Tracking Network & Systems (CCTNS)</li>
<li>Network Traffic Analysis System (NETRA)</li>
<li>New Media Wing (Bureau of New and Concurrent Media)</li>
</ol>
<p style="text-align: justify; ">The post will look at the technological underpinning of each of these programmes and their operational capabilities, both in theory and practice.</p>
<p style="text-align: justify; "><b>Central Monitoring System (CMS)</b></p>
<p style="text-align: justify; ">The Central Monitoring System (CMS) is the premier mass surveillance programme of the Indian Government, which has been in the planning stages since 2008<a href="#_ftn7" name="_ftnref7"><sup>[7]</sup></a> Its primary goal is to replace the current on-demand availability of analog and digital data from service providers with a “central and direct” access which involves no third party between the captured information and the government authorities.<a href="#_ftn8" name="_ftnref8"><sup>[8]</sup></a> While the system is currently operated by the Centre for Development of Telematics, the unreleased three-stage plan envisages a centralised location (physically and legally) to govern the programme. The CMS is primarily operated by Telecom Enforcement and Resource Monitoring Cell (TERM) within the Department of Telecom, which also has a larger mandate of ensuring radiation safety and spectrum compliance.</p>
<p style="text-align: justify; ">The technological infrastructure behind the CMS largely consists of Telecom Service Providers (TSPs) and Internet Service Providers (ISPs) in India being mandated to integrate Interception Store & Forward (ISF) servers with their Lawful Interception Systems required by their licences. Once these ISF servers are installed they are then connected to the Regional Monitoring Centres (RMC) of the CMS, setup according to geographical locations and population. Finally, Regional Monitoring Centre (RMC) in India is connected to the Central Monitoring System (CMS) itself, essentially allowing the collection, storage, access and analysis of data collected from all across the country in a centralised manner. The data collected by the CMS includes voice calls, SMS, MMS, fax communications on landlines, CDMA, video calls, GSM and even general, unencrypted data travelling across the internet using the standard IP/TCP Protocol.<a href="#_ftn9" name="_ftnref9"><sup>[9]</sup></a></p>
<p style="text-align: justify; ">With regard to the analysis of this data, Call Details Records (CDR) analysis, data mining, machine learning and predictive algorithms have been allegedly implemented in various degrees across this network.<a href="#_ftn10" name="_ftnref10"><sup>[10]</sup></a> This allows state actors to pre-emptively gather and collect a vast amount of information from across the country, perform analysis on this data and then possibly even take action on the basis of this information by directly approaching the entity (currently the TERM under C-DOT) operating the system. <a href="#_ftn11" name="_ftnref11"><sup>[11]</sup></a> The system has reached full functionality in mid 2016, with over 22 Regional Monitoring Centres functional and the system itself being ‘switched on’ post trials in gradual phases.<a href="#_ftn12" name="_ftnref12"><sup>[12]</sup></a></p>
<p style="text-align: justify; "><b>National Intelligence Grid (NATGRID)</b></p>
<p style="text-align: justify; ">The National Intelligence Grid (NATGRID) is a semi-functional<a href="#_ftn13" name="_ftnref13"><sup>[13]</sup></a> integrated intelligence grid that links the stored records and databases of several government entities in order to collect data, decipher trends and provide real time (sometimes even predictive) analysis of data gathered across law enforcement, espionage and military agencies. The programme intends to provide 11 security agencies real-time access to 21 citizen data sources to track terror activities across the country. The citizen data sources include bank account details, telephone records, passport data and vehicle registration details, the National Population Register (NPR), the Immigration, Visa, Foreigners Registration and Tracking System (IVFRT), among other types of data, all of which are already present within various government records across the country.<a href="#_ftn14" name="_ftnref14"><sup>[14]</sup></a></p>
<p style="text-align: justify; ">Data mining and analytics are used to process the huge volumes of data generated from the 21 data sources so as to analyse events, match patterns and track suspects, with big data analytics<a href="#_ftn15" name="_ftnref15"><sup>[15]</sup></a> being the primary tool to effectively utilise the project, which was founded to prevent another instance of the September, 2011 terrorist attacks in Mumbai. The list of agencies that will have access to this data collection and analytics platform are the Central Board of Direct Taxes (CBDT), Central Bureau of Investigation (CBI), Defense Intelligence Agency (DIA), Directorate of Revenue Intelligence (DRI), Enforcement Directorate (ED), Intelligence Bureau (IB), Narcotics Control Bureau (NCB), National Investigation Agency (NIA), Research and Analysis Wing (RAW), the Military Intelligence of Assam , Jammu and Kashmir regions and finally the Home Ministry itself.<a href="#_ftn16" name="_ftnref16"><sup>[16]</sup></a></p>
<p style="text-align: justify; ">As of late 2015, the project has remained stuck because of bureaucratic red tape, with even the first phase of the four stage project not complete. The primary reason for this is the change of governments in 2014, along with apprehensions about breach of security and misuse of information from agencies such as the IB, R&AW, CBI, and CBDT, etc.<a href="#_ftn17" name="_ftnref17"><sup>[17]</sup></a> However, the office of the NATGRID is now under construction in South Delhi and while the agency claims an exemption under the RTI Act as a Schedule II Organisation, its scope and operational reach have only increased with each passing year.</p>
<p style="text-align: justify; "><b>Lawful Intercept And Monitoring Project</b></p>
<p style="text-align: justify; ">Lawful Intercept and Monitoring (LIM), is a secret mass electronic surveillance program operated by the Government of India for monitoring Internet traffic, communications, web-browsing and all other forms of Internet data. It is primarily run by the Centre for Development of Telematics (C-DoT) in the Ministry of Telecom since 2011.<a href="#_ftn18" name="_ftnref18"><sup>[18]</sup></a></p>
<p style="text-align: justify; ">The LIM Programme consists of installing interception, monitoring and storage programmes at international gateways, internet exchange hubs as well as ISP nodes across the country. This is done independent of ISPs, with the entire hardware and software apparatus being operated by the government. The hardware is installed between the Internet Edge Router (PE) and the core network, allowing for direct access to all traffic flowing through the ISP. It is the primary programme for internet traffic surveillance in India, allowing indiscriminate monitoring of all traffic passing through the ISP for as long as the government desires, without any oversight of courts and sometimes without the knowledge of ISPs.<a href="#_ftn19" name="_ftnref19"><sup>[19]</sup></a> One of the most potent capabilities of the LIM Project are live, automated keyword searches which allow the government to track all the information passing through the internet pipe being surveilled for certain key phrases in both in text as well in audio. Once these key phrases are successfully matched to the data travelling through the pipe using advanced search algorithms developed uniquely for the project, the system has various automatic routines which range from targeted surveillance on the source of the data to raising an alarm with the appropriate authorities.</p>
<p style="text-align: justify; ">LIM systems are often also operated by the ISPs themselves, on behalf of the government. They operate the device, including hardware upkeep, only to provide direct access to government agencies upon requests. Reports have stated that the legal procedures laid down in law (including nodal officers and formal requests for information) are rarely followed<a href="#_ftn20" name="_ftnref20"><sup>[20]</sup></a> in both these cases, allowing unfettered access to petabytes of user data on a daily basis through these programmes.</p>
<p style="text-align: justify; "><b>Crime and Criminal Tracking Network & Systems (CCTNS)</b></p>
<p style="text-align: justify; ">The Crime and Criminal Tracking Network & System (CCTNS) is a planned network that allows for the digital collection, storage, retrieval, analysis, transfer and sharing of information relating to crimes and criminals across India.<a href="#_ftn21" name="_ftnref21"><sup>[21]</sup></a> It is supposed to primarily operate at two levels, one between police stations and the second being between the various governance structures around crime detection and solving around the country, with access also being provided to intelligence and national security agencies.<a href="#_ftn22" name="_ftnref22"><sup>[22]</sup></a></p>
<p style="text-align: justify; ">CCTNS aims to integrate all the necessary data and records surrounding a crime (including past records) into a Core Application Software (CAS) that has been developed by Wipro.<a href="#_ftn23" name="_ftnref23"><sup>[23]</sup></a> The software includes the ability to digitise FIR registration, investigation and charge sheets along with the ability to set up a centralised citizen portal to interact with relevant information. This project aims to use this CAS interface across 15, 000 police stations in the country, with up to 5, 000 additional deployments. The project has been planned since 2009, with the first complete statewide implementation going live only in August 2016 in Maharashtra. <a href="#_ftn24" name="_ftnref24"><sup>[24]</sup></a></p>
<p style="text-align: justify; ">While seemingly harmless at face value, the project’s true power lies in two main possible uses. The first being its ability to profile individuals using their past conduct, which now can include all stages of an investigation and not just a conviction by a court of law, which has massive privacy concerns. The second harm is the notion that the CCTNS database will not be an isolated one but will be connected to the NATGRID and other such databases operated by organisations such as the National Crime Records Bureau, which will allow the information present in the CCTNS to be leveraged into carrying out more invasive surveillance of the public at large.<a href="#_ftn25" name="_ftnref25"><sup>[25]</sup></a></p>
<p style="text-align: justify; "><b>Network Traffic Analysis System (NETRA)</b></p>
<p style="text-align: justify; ">NETRA (NEtwork TRaffic Analysis) is a real time surveillance software developed by the Centre for Artificial Intelligence and Robotics (CAIR) at the Defence Research and Development Organisation. (DRDO) The software has apparently been fully functional since early 2014 and is primarily used by Indian Spy agencies, the Intelligence Bureau (IB) and the Research and Analysis Wing (RAW) with some capacity being reserved for domestic agencies under the Home Ministry.</p>
<p style="text-align: justify; ">The software is meant to monitor Internet traffic on a real time basis using both voice and textual forms of data communication, especially social media, communication services and web browsing. Each agency was initially allocated 1000 nodes running NETRA, with each node having a capacity to analyse 300GB of information per second, giving each agency a capacity of around 300 TB of information processing per second.<a href="#_ftn26" name="_ftnref26"><sup>[26]</sup></a> This capacity is largely available only to agencies dealing with External threats, with domestic agencies being allocated far lower capacities, depending on demand. The software itself is mobile and in the presence of sufficient hardware capacity, nothing prevents the software from being used in the CMS, the NATGRID or LIM operations.</p>
<p style="text-align: justify; ">There has been a sharp and sudden absence of public domain information regarding the software since 2014, making any statements about its current form or evolution mere conjecture.</p>
<p style="text-align: justify; "><b>Analysis of the Collective Data</b></p>
<p style="text-align: justify; ">Independent of the capacity of such programmes, their real world operations work in a largely similar manner to mass surveillance programmes in the rest of the world, with a majority of the capacity being focused on decryption and storage of data with basic rudimentary data analytics.<a href="#_ftn27" name="_ftnref27"><sup>[27]</sup></a> Keyword searches for hot words like 'attack', 'bomb', 'blast' or 'kill' in the various communication stream in real time are the only real capabilities of the system that have been discussed in the public domain,<a href="#_ftn28" name="_ftnref28"><sup>[28]</sup></a> which along with the limited capacity of such programmes<a href="#_ftn29" name="_ftnref29"><sup>[29]</sup></a> (300 TB) is indicative of basic level of analysis that is carried on captured data. Any additional details about the technical details about how India’s surveillance programmes use their captured data is absent from the public domain but they can presumed, at best, to operate with similar standards as global practices.<a href="#_ftn30" name="_ftnref30"><sup>[30]</sup></a></p>
<p style="text-align: justify; "><b>Capacitative Global Comparison </b></p>
<p style="text-align: justify; ">As can be seen from the post so far, India’s surveillance programmes have remarkably little information about them in the public domain, from a technical operation or infrastructure perspective. In fact, post late 2014, there is a stark lack of information about any developments in the mass surveillance field. All of the information that is available about the technical capabilities of the CMS, NATGRID or LIM is either antiquated (pre 2014) or is about (comparatively) mundane details like headquarter construction clearances.<a href="#_ftn31" name="_ftnref31"><sup>[31]</sup></a> Whether this is a result of the general reduction in the attention towards mass surveillance by the public and the media<a href="#_ftn32" name="_ftnref32"><sup>[32]</sup></a> or is the result of actions taken by the government under the “national security” grounds under as the Official Secrets Act, 1923<a href="#_ftn33" name="_ftnref33"><sup>[33]</sup></a> can only be conjecture.</p>
<p style="text-align: justify; ">However, given the information available (mentioned previously in this article) a comparative points to the rather lopsided position in comparison to international mass surveillance performance. While the legal provisions in India regarding surveillance programmes are among the most wide ranging, discretionary and opaque in the world<a href="#_ftn34" name="_ftnref34"><sup>[34]</sup></a> their technical capabilities seem to be anarchic in comparison to modern standards. The only real comparative that can be used is public reporting surrounding the DRDO NETRA project around 2012 and 2013. The government held a competition between the DRDO’s internally developed software “Netra” and NTRO’s “Vishwarupal” which was developed in collaboration with Paladion Networks.<a href="#_ftn35" name="_ftnref35"><sup>[35]</sup></a> The winning software, NETRA, was said to have a capacity of 300 GB per node, with a total of 1000 sanctioned nodes.<a href="#_ftn36" name="_ftnref36"><sup>[36]</sup></a> This capacity of 300 TB for the entire system, while seemingly powerful, is a miniscule fragment of 83 Petabytes traffic that is predicted to generated in India per day.<a href="#_ftn37" name="_ftnref37"><sup>[37]</sup></a> In comparison, the PRISM programme run by the National Security Agency in 2013 (the same time that the NETRA was tested) has a capacity of over 5 trillion gigabytes of storage<a href="#_ftn38" name="_ftnref38"><sup>[38]</sup></a>, many magnitudes greater than the capacity of the DRDO software. Similar statistics can be seen from the various other programmes of NSA and the Five Eyes alliance,<a href="#_ftn39" name="_ftnref39"><sup>[39]</sup></a> all of which operated at far greater capacities<a href="#_ftn40" name="_ftnref40"><sup>[40]</sup></a> and were held to be minimally effective.<a href="#_ftn41" name="_ftnref41"><sup>[41]</sup></a> The questions this poses of the effectiveness, reliance and proportionality of the Indian surveillance programme can never truly be answered due to the lack of information surrounding capacity and technology of the Indian surveillance programmes, as highlighted in the article. With regard to criminal databases used in surveillance, such as the NATGRID, equivalent systems both domestically (especially in the USA) and internationally (such as the one run by the Interpol)<a href="#_ftn42" name="_ftnref42"><sup>[42]</sup></a> are impossible due to the NATGRID not even being fully operational yet.<a href="#_ftn43" name="_ftnref43"><sup>[43]</sup></a></p>
<p style="text-align: justify; "><b>Conclusion</b></p>
<p style="text-align: justify; ">Even if we were to ignore the issues in principle with mass surveillance, the pervasive, largely unregulated and mass scale surveillance being carried in India using the tools and technologies detailed above have various technical and policy failings. It is imperative that transparency, accountability and legal scrutiny be made an integral part of the security apparatus in India. The risks of security breaches, politically motivated actions and foreign state hacking only increase with the absence of public accountability mechanisms. Further, opening up the technologies used for these operations to regular security audits will also improve their resilience to such attacks.</p>
<hr />
<p style="text-align: justify; "><a href="#_ftnref1" name="_ftn1"><sup>[1]</sup></a> <a href="http://cis-india.org/internet-governance/blog/the-constitutionality-of-indian-surveillance-law">http://cis-india.org/internet-governance/blog/the-constitutionality-of-indian-surveillance-law</a></p>
<p style="text-align: justify; "><a href="#_ftnref2" name="_ftn2"><sup>[2]</sup></a> <a href="http://india.blogs.nytimes.com/2013/07/10/how-surveillance-works-in-india/">http://india.blogs.nytimes.com/2013/07/10/how-surveillance-works-in-india/</a></p>
<p style="text-align: justify; "><a href="#_ftnref3" name="_ftn3"><sup>[3]</sup></a> <a href="https://www.privacyinternational.org/node/818">https://www.privacyinternational.org/node/818</a></p>
<p style="text-align: justify; "><a href="#_ftnref4" name="_ftn4"><sup>[4]</sup></a> <a href="http://cis-india.org/internet-governance/blog/state-of-cyber-security-and-surveillance-in-india.pdf">http://cis-india.org/internet-governance/blog/state-of-cyber-security-and-surveillance-in-india.pdf</a></p>
<p style="text-align: justify; "><a href="#_ftnref5" name="_ftn5"><sup>[5]</sup></a> <a href="http://cis-india.org/internet-governance/blog/security-surveillance-and-data-sharing.pdf">http://cis-india.org/internet-governance/blog/security-surveillance-and-data-sharing.pdf</a></p>
<p style="text-align: justify; "><a href="#_ftnref6" name="_ftn6"><sup>[6]</sup></a> <a href="http://cis-india.org/internet-governance/blog/paper-thin-safeguards.pdf">http://cis-india.org/internet-governance/blog/paper-thin-safeguards.pdf</a></p>
<p style="text-align: justify; "><a href="#_ftnref7" name="_ftn7"><sup>[7]</sup></a> <a href="http://pib.nic.in/newsite/PrintRelease.aspx?relid=54679">http://pib.nic.in/newsite/PrintRelease.aspx?relid=54679</a> & <a href="http://www.dot.gov.in/sites/default/files/English%20annual%20report%202007-08_0.pdf">http://www.dot.gov.in/sites/default/files/English%20annual%20report%202007-08_0.pdf</a></p>
<p style="text-align: justify; "><a href="#_ftnref8" name="_ftn8"><sup>[8]</sup></a> <a href="http://ijlt.in/wp-content/uploads/2015/08/IJLT-Volume-10.41-62.pdf">http://ijlt.in/wp-content/uploads/2015/08/IJLT-Volume-10.41-62.pdf</a></p>
<p style="text-align: justify; "><a href="#_ftnref9" name="_ftn9"><sup>[9]</sup></a> <a href="http://www.thehindu.com/scitech/technology/in-the-dark-about-indias-prism/article4817903.ece">http://www.thehindu.com/scitech/technology/in-the-dark-about-indias-prism/article4817903.ece</a></p>
<p style="text-align: justify; "><a href="#_ftnref10" name="_ftn10"><sup>[10]</sup></a> <a href="http://cis-india.org/internet-governance/blog/india-centralmonitoring-system-something-to-worry-about">http://cis-india.org/internet-governance/blog/india-centralmonitoring-system-something-to-worry-about</a></p>
<p style="text-align: justify; "><a href="#_ftnref11" name="_ftn11"><sup>[11]</sup></a> <a href="https://www.justice.gov/sites/default/files/pages/attachments/2016/07/08/ind195494.e.pdf">https://www.justice.gov/sites/default/files/pages/attachments/2016/07/08/ind195494.e.pdf</a></p>
<p style="text-align: justify; "><a href="#_ftnref12" name="_ftn12"><sup>[12]</sup></a> <a href="http://www.datacenterdynamics.com/content-tracks/security-risk/indian-lawful-interception-data-centers-are-complete/94053.fullarticle">http://www.datacenterdynamics.com/content-tracks/security-risk/indian-lawful-interception-data-centers-are-complete/94053.fullarticle</a></p>
<p style="text-align: justify; "><a href="#_ftnref13" name="_ftn13"><sup>[13]</sup></a> <a href="http://natgrid.attendance.gov.in/">http://natgrid.attendance.gov.in/</a> [Attendace records at the NATGRID Office!]</p>
<p style="text-align: justify; "><a href="#_ftnref14" name="_ftn14"><sup>[14]</sup></a> <a href="http://articles.economictimes.indiatimes.com/2013-09-10/news/41938113_1_executive-order-nationalintelligence-grid-databases">http://articles.economictimes.indiatimes.com/2013-09-10/news/41938113_1_executive-order-nationalintelligence-grid-databases</a></p>
<p style="text-align: justify; "><a href="#_ftnref15" name="_ftn15"><sup>[15]</sup></a> <a href="http://www.business-standard.com/article/current-affairs/natgrid-to-use-big-data-analytics-to-track-suspects-1">http://www.business-standard.com/article/current-affairs/natgrid-to-use-big-data-analytics-to-track-suspects-1</a></p>
<p style="text-align: justify; "><a href="#_ftnref16" name="_ftn16"><sup>[16]</sup></a> <a href="http://sflc.in/wp-content/uploads/2014/09/SFLC-FINAL-SURVEILLANCE-REPORT.pdf">http://sflc.in/wp-content/uploads/2014/09/SFLC-FINAL-SURVEILLANCE-REPORT.pdf</a></p>
<p style="text-align: justify; "><a href="#_ftnref17" name="_ftn17"><sup>[17]</sup></a> <a href="http://indiatoday.intoday.in/story/natgrid-gets-green-nod-but-hurdles-remain/1/543087.html">http://indiatoday.intoday.in/story/natgrid-gets-green-nod-but-hurdles-remain/1/543087.html</a></p>
<p style="text-align: justify; "><a href="#_ftnref18" name="_ftn18"><sup>[18]</sup></a> <a href="http://www.thehindu.com/news/national/govt-violates-privacy-safeguards-to-secretly-monitor-internet-traffic/article5107682.ece">http://www.thehindu.com/news/national/govt-violates-privacy-safeguards-to-secretly-monitor-internet-traffic/article5107682.ece</a></p>
<p style="text-align: justify; "><a href="#_ftnref19" name="_ftn19"><sup>[19]</sup></a> <i>ibid</i></p>
<p style="text-align: justify; "><a href="#_ftnref20" name="_ftn20"><sup>[20]</sup></a> <a href="http://www.thehoot.org/story_popup/no-escaping-the-surveillance-state-8742">http://www.thehoot.org/story_popup/no-escaping-the-surveillance-state-8742</a></p>
<p style="text-align: justify; "><a href="#_ftnref21" name="_ftn21"><sup>[21]</sup></a> <a href="http://ncrb.gov.in/BureauDivisions/CCTNS/cctns.htm">http://ncrb.gov.in/BureauDivisions/CCTNS/cctns.htm</a></p>
<p style="text-align: justify; "><a href="#_ftnref22" name="_ftn22"><sup>[22]</sup></a> <i>ibid</i></p>
<p style="text-align: justify; "><a href="#_ftnref23" name="_ftn23"><sup>[23]</sup></a> <a href="http://economictimes.indiatimes.com/news/politics-and-nation/ncrb-to-connect-police-stations-and-crime-data-across-country-in-6-months/articleshow/45029398.cms">http://economictimes.indiatimes.com/news/politics-and-nation/ncrb-to-connect-police-stations-and-crime-data-across-country-in-6-months/articleshow/45029398.cms</a></p>
<p style="text-align: justify; "><a href="#_ftnref24" name="_ftn24"><sup>[24]</sup></a> <a href="http://indiatoday.intoday.in/education/story/crime-criminal-tracking-network-system/1/744164.html">http://indiatoday.intoday.in/education/story/crime-criminal-tracking-network-system/1/744164.html</a></p>
<p style="text-align: justify; "><a href="#_ftnref25" name="_ftn25"><sup>[25]</sup></a> <a href="http://www.dailypioneer.com/nation/govt-cctns-to-be-operational-by-2017.html">http://www.dailypioneer.com/nation/govt-cctns-to-be-operational-by-2017.html</a></p>
<p style="text-align: justify; "><a href="#_ftnref26" name="_ftn26"><sup>[26]</sup></a> <a href="http://articles.economictimes.indiatimes.com/2012-03-10/news/31143069_1_scanning-internet-monitoring-system-internet-data">http://articles.economictimes.indiatimes.com/2012-03-10/news/31143069_1_scanning-internet-monitoring-system-internet-data</a></p>
<p style="text-align: justify; "><a href="#_ftnref27" name="_ftn27"><sup>[27]</sup></a> Surveillance, Snowden, and Big Data: Capacities, consequences, critique: <a href="http://journals.sagepub.com/doi/pdf/10.1177/2053951714541861">http://journals.sagepub.com/doi/pdf/10.1177/2053951714541861</a></p>
<p style="text-align: justify; "><a href="#_ftnref28" name="_ftn28"><sup>[28]</sup></a> <a href="http://www.thehindubusinessline.com/industry-and-economy/info-tech/article2978636.ece">http://www.thehindubusinessline.com/industry-and-economy/info-tech/article2978636.ece</a></p>
<p style="text-align: justify; "><a href="#_ftnref29" name="_ftn29"><sup>[29]</sup></a> See previous section in the article “NTRO”</p>
<p style="text-align: justify; "><a href="#_ftnref30" name="_ftn30"><sup>[30]</sup></a> Van Dijck, José. "Datafication, dataism and dataveillance: Big Data between scientific paradigm and ideology." <i>Surveillance & Society</i> 12.2 (2014): 197.</p>
<p style="text-align: justify; "><a href="#_ftnref31" name="_ftn31"><sup>[31]</sup></a> <a href="http://www.dailymail.co.uk/indiahome/indianews/article-3353230/Nat-Grid-knots-India-s-delayed-counter-terror-programme-gets-approval-green-body-red-tape-stall-further.html">http://www.dailymail.co.uk/indiahome/indianews/article-3353230/Nat-Grid-knots-India-s-delayed-counter-terror-programme-gets-approval-green-body-red-tape-stall-further.html</a></p>
<p style="text-align: justify; "><a href="#_ftnref32" name="_ftn32"><sup>[32]</sup></a> <a href="http://cacm.acm.org/magazines/2015/5/186025-privacy-behaviors-after-snowden/fulltext">http://cacm.acm.org/magazines/2015/5/186025-privacy-behaviors-after-snowden/fulltext</a></p>
<p style="text-align: justify; "><a href="#_ftnref33" name="_ftn33"><sup>[33]</sup></a> <a href="https://freedomhouse.org/report/freedom-press/2015/india">https://freedomhouse.org/report/freedom-press/2015/india</a></p>
<p style="text-align: justify; "><a href="#_ftnref34" name="_ftn34"><sup>[34]</sup></a> <a href="http://blogs.wsj.com/indiarealtime/2014/06/05/indias-snooping-and-snowden/">http://blogs.wsj.com/indiarealtime/2014/06/05/indias-snooping-and-snowden/</a></p>
<p style="text-align: justify; "><a href="#_ftnref35" name="_ftn35"><sup>[35]</sup></a> <a href="http://articles.economictimes.indiatimes.com/2012-03-10/news/31143069_1_scanning-internet-monitoring-system-internet-data">http://articles.economictimes.indiatimes.com/2012-03-10/news/31143069_1_scanning-internet-monitoring-system-internet-data</a></p>
<p style="text-align: justify; "><a href="#_ftnref36" name="_ftn36"><sup>[36]</sup></a> <a href="http://economictimes.indiatimes.com/tech/internet/government-to-launch-netra-for-internet-surveillance/articleshow/27438893.cms">http://economictimes.indiatimes.com/tech/internet/government-to-launch-netra-for-internet-surveillance/articleshow/27438893.cms</a></p>
<p style="text-align: justify; "><a href="#_ftnref37" name="_ftn37"><sup>[37]</sup></a> <a href="http://trak.in/internet/indian-internet-traffic-8tbps-2017/">http://trak.in/internet/indian-internet-traffic-8tbps-2017/</a></p>
<p style="text-align: justify; "><a href="#_ftnref38" name="_ftn38"><sup>[38]</sup></a> <a href="http://www.economist.com/news/briefing/21579473-americas-national-security-agency-collects-more-information-most-people-thought-will">http://www.economist.com/news/briefing/21579473-americas-national-security-agency-collects-more-information-most-people-thought-will</a></p>
<p style="text-align: justify; "><a href="#_ftnref39" name="_ftn39"><sup>[39]</sup></a> <a href="http://www.washingtonsblog.com/2013/07/the-fact-that-mass-surveillance-doesnt-keep-us-safe-goes-mainstream.html">http://www.washingtonsblog.com/2013/07/the-fact-that-mass-surveillance-doesnt-keep-us-safe-goes-mainstream.html</a></p>
<p style="text-align: justify; "><a href="#_ftnref40" name="_ftn40"><sup>[40]</sup></a> <a href="http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/">http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/</a></p>
<p style="text-align: justify; "><a href="#_ftnref41" name="_ftn41"><sup>[41]</sup></a> <i>Supra Note 35</i></p>
<p style="text-align: justify; "><a href="#_ftnref42" name="_ftn42"><sup>[42]</sup></a> <a href="http://www.papillonfoundation.org/information/global-crime-database/">http://www.papillonfoundation.org/information/global-crime-database/</a></p>
<p style="text-align: justify; "><a href="#_ftnref43" name="_ftn43"><sup>[43]</sup></a> <a href="http://www.thehindu.com/opinion/editorial/Revive-NATGRID-with-safeguards/article13975243.ece">http://www.thehindu.com/opinion/editorial/Revive-NATGRID-with-safeguards/article13975243.ece</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/the-design-technology-behind-india2019s-surveillance-programmes'>http://editors.cis-india.org/internet-governance/blog/the-design-technology-behind-india2019s-surveillance-programmes</a>
</p>
No publisherudbhavSurveillanceInternet GovernancePrivacy2017-01-20T15:56:44ZBlog EntrySurveillance in India: Policy and Practice
http://editors.cis-india.org/internet-governance/news/surveillance-in-india-policy-and-practice
<b>The National Institute of Public Finance and Policy organized a brainstorming session on net neutrality on February 8, 2017 and a public seminar on surveillance in India the following day on February 9, 2017 in New Delhi. Pranesh Prakash gave a talk. </b>
<p style="text-align: justify; ">Pranesh presented a narrative of the current state of surveillance law, our knowledge of current surveillance practices (including noting where programmes like Natgrid, CMS, etc. fit in), and charted a rough map of reforms needed and outstanding policy research questions.</p>
<h3 style="text-align: justify; ">Pranesh Prakash</h3>
<p style="text-align: justify; ">Pranesh Prakash is a Policy Director at - and was part of the founding team of - the Centre for Internet and Society, a non-profit organisation that engages in research and policy advocacy. He is also the Legal Lead at Creative Commons India and an Affiliated Fellow at the Yale Law School's Information Society Project, and has been on the Executive Committee of the NCUC at ICANN. In 2014, he was selected by Forbes India for its inaugural "30 under 30" list of young achievers, and in 2012 he was recognized as an Internet Freedom Fellow by the U.S. government.</p>
<p style="text-align: justify; ">His research interests converge at the intersections of technology, culture, economics, law, and justice. His current work focuses on interrogating, promoting, and engaging with policymakers on the areas of access to knowledge (primarily copyright reform), 'openness' (including open government data, open standards, free/libre/open source software, and open access), freedom of expression, privacy, digital security, and Internet governance. He is a prominent voice on these issues, with the newspaper Mint calling him “one of the clearest thinkers in this area”, and his research having been quoted in the Indian parliament. He regularly speaks at national and international conferences on these topics. He has a degree in arts and law from the National Law School in Bangalore, and while there he helped found the Indian Journal of Law and Technology, and was part of its editorial board for two years.</p>
<p style="text-align: justify; "><a class="external-link" href="http://cis-india.org/internet-governance/files/workshop-on-net-neutrality">Click here</a> to see the agenda for the brainstorming session on net neutrality.</p>
<hr />
<h3>Video <br /> <iframe frameborder="0" height="315" src="https://www.youtube.com/embed/6KfyQ7y6TNE" width="560"></iframe></h3>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/surveillance-in-india-policy-and-practice'>http://editors.cis-india.org/internet-governance/news/surveillance-in-india-policy-and-practice</a>
</p>
No publisherpraskrishnaVideoNet NeutralityInternet GovernanceSurveillance2017-03-15T01:05:07ZNews ItemWorkshop Report - UIDAI and Welfare Services: Exclusion and Countermeasures
http://editors.cis-india.org/internet-governance/blog/workshop-report-uidai-and-welfare-services-august-27-2016
<b>This report presents summarised notes from a workshop organised by the Centre for Internet and Society (CIS) on Saturday, August 27, 2016, to discuss, raise awareness of, and devise countermeasures to exclusion due to implementation of UID-based verification for and distribution of welfare services.</b>
<p> </p>
<h2>Introduction</h2>
<p>The Centre for Internet and Society organised a workshop on "UIDAI and Welfare Services: Exclusion and Countermeasures" at the Institution of Agricultural on Technologists on August 27 in Bangalore to discuss, raise awareness of, and devise countermeasures to exclusion due to implementation of UID-based verification for and distribution of welfare services <strong>[1]</strong>. This was a follow-up to the workshop held in Delhi on “Understanding Aadhaar and its New Challenges” at the Centre for Studies in Science Policy, JNU on May 26th and 27th 2016 <strong>[2]</strong>. In this report we summarise the key concerns raised and the case studies presented by the participants at the workshop held on August 27, 2016.</p>
<h2>Implementation of the UID Project</h2>
<p><strong>Question of Consent:</strong> The Aadhaar Act <strong>[3]</strong> states that the consent of the individual must be taken at the time of enrollment and authentication and it must be informed to him/her the purpose for which the data would be used. However, the Act does not provide for an opt-out mechanism and an individual is compelled to give consent to continue with the enrollment process or to complete an authentication.</p>
<p><strong>Lack of Adherence to Court Orders:</strong> Despite of several orders by Supreme Court stating that use of Aadhaar cannot be made mandatory for the purpose of availing benefits and services, multiple state governments and departments have made it mandatory for a wide range of purposes like booking railway tickets <strong>[4]</strong>, linking below the poverty line ration cards with Aadhaar <strong>[5]</strong>, school examinations <strong>[6]</strong>, food security, pension and scholarship <strong>[7]</strong>, to name a few.</p>
<p><strong>Misleading Advertisements:</strong> A concern was raised that individuals are being mislead in the necessity and purpose for enrollment into the project. For example, people have been asked to enrol by telling them that they might get excluded from the system and cannot get services like passports, banks, NREGA, salaries for government employees, denial of vaccinations, etc. Furthermore, the Supreme Court has ordered Aadhaar not be mandatory, yet people are being told that documentation or record keeping cannot be done without UID number.</p>
<p><strong>Hybrid Governance:</strong> The participants pointed out that with the Aadhaar (Targeted delivery of financial and other subsidies, benefits and services) Act, 2016 (hereinafter referred to as Aadhaar Act, 2016 ) being partially enforced, multiple examples of exclusion as reported in the news are demonstrating how the Aadhaar project is creating a case of hybrid governance i.e private corporations playing a significant role in Governance. This can be seen in case of Aadhaar where we see many entities from private sector being involved in its implementation, as well as many software and hardware companies.</p>
<p><strong>Lack of Transparency around Sharing of Biometric Data:</strong> The fact how and why the Government is relying on biometrics for welfare schemes is unclear and not known. Also, there is no information on how biometric data that is collected through the project is being used and its ability as an authenticating device. Along with that, there is very little information on companies that have been enlisted to hold and manage data and perform authentication.</p>
<p><strong>Possibility of Surveillance:</strong> Multiple petitions and ongoing cases have raised concerns regarding the possibility of surveillance, tracking, profiling, convergence of data, and the opaque involvement of private companies involved in the project.</p>
<p><strong>Denial of Information:</strong> In an RTI filed by one of the participant requesting to share the key contract for the project, it was refused on the grounds under section 8(1) (d) of the RTI Act, 2005. However, it was claimed that the provision would not be applicable since the contract was already awarded and any information disclosed to the Parliament should be disclosed to the citizens. The Central Information Commission issued a letter stating that the contractual obligation is over and a copy of the said agreement can be duly shared. However, it was discovered by the said participant that certain pages of the same were missing , which contained confidential information. When this issue went before appeal before the Information Commissioner, the IC gave an order to the IC in Delhi to comply with the previous order. However, it was communicated that limited financial information may be given, but not missing pages. Also, it was revealed that the UIDAI was supposed to share biometric data with NPR (by way of a MoU), but it has refused to give information since the intention was to discontinue NPR and wanted only UIDAI to collect data.</p>
<h2>Concerns Arising from the Report of the Comptroller and Auditor General of India (CAG) on Implementation of PAHAL (DBTL) Scheme</h2>
<p>A presentation on the CAG compliance audit report of PAHAL on LPG <strong>[8]</strong> revealed how the society was made to believe that UID will help deal with the issue of duplication and collection as well as use of biometric data will help. The report also revealed that multiple LPG connections have the same Aadhaar number or same bank account number in the consumer database maintained by the OMCs, the bank account number of consumers were also not accurately recorded, scrutiny of the database revealed improper capture of Aadhaar numbers, and there was incorrect seeding of IFSC codes in consumer database. The participants felt that this was an example of how schemes that are being introduced for social welfare do not necessarily benefit the society, and on the contrary, has led to exclusion by design. For example, in the year 2011, by was of the The Liquefied Petroleum Gas (Regulation of Supply and Distribution) Amendment Order, 2011 <strong>[9]</strong>, the Ministry of Petroleum and Natural Gas made the Unique Identification Number (UID) under the Aadhaar project a must for availing LPG refills. This received a lot of public pushback, which led to non-implementation of the order. In October 2012, despite the UIDAI stating that the number was voluntary, a number of services began requiring the provision of an Aadhaar number for accessing benefits. In September 2013, when the first order on Aadhaar was passed by court <strong>[10]</strong>, oil marketing companies and UIDAI approached the Supreme Court to change the same and allow them to make it mandatory, which was refused by the Court. Later in the year 2014, use of Aadhaar for subsidies was made mandatory. The participants further criticised the CAG report for revealing the manner in which linking Aadhaar with welfare schemes has allowed duplication and led to ghost beneficiaries where there is no information about who these people are who are receiving the benefits of the subsidies. For example, in Rajasthan, people are being denied their pension as they are being declared dead due to absence of information from the Aadhaar database.</p>
<p>It was said that the statistics of duplication mentioned in the report show how UIDAI (as it claims to ensure de-duplication of beneficiaries) is not required for this purpose and can be done without Aadhaar as well. Also, due to incorrect seeding of Aadhaar number many are being denied subsidy where there is no information regarding the number of people who have been denied the subsidy because of this. Considering these important facts from the audit report, the discussants concluded how the statistics reflect inflated claims by UIDAI and how the problems which are said to be addressed by using Aadhaar can be dealt without it. In this context, it is important to understand how the data in the aadhaar database maybe wrong and in case of e-governance the citizens suffer. Also, the fact that loss of subsidy-not in cash, but in use of LPG cylinder - only for cooking, is ignored. In addition to that, there is no data or way to check if the cylinder is being used for commercial purposes or not as RTI from oil companies says that no ghost identities have been detected.</p>
<h2>UID-linked Welfare Delivery in Rajasthan</h2>
<p>One speaker presented findings on people's experiences with UID-linked welfare services in Rajasthan, collected through a 100 days trip organised to speak to people across the state on problems related to welfare governance. This visit revealed that people who need the benefits and access to subsidies most are often excluded from actual services. It was highlighted that the paperless system is proving to be highly dangerous. Some of the cases discussed included that of a disabled labourer, who was asked to get an aadhaar card, but during enrollment asked the person standing next to him to put all his 5 fingers for biometric data collection. Due to this incorrect data, he is devoid of all subsidies since the authentication fails every time he goes to avail it. He stopped receiving his entitlements. Though problems were anticipated, the misery of the people revealed the extent of the problems arising from the project. In another case, an elderly woman living alone, since she could not go for Aadhaar authentication, had not been receiving the ration she is entitled to receive for the past 8 months. When the ration shop was approached to represent her case, the dealers said that they cannot provide her ration since they would require her thumb print for authentication. Later, they found out that on persuading the dealer to provide her with ration since Aadhaar is not mandatory, they found out that in their records they had actually mentioned that she was being given the ration, which was not the case. So the lack of awareness and the fact that people are entitled to receive the benefits irrespective of Aadhaar is something that is being misused by dealers. This shows how this system has become a barrier for the people, where they are also unaware about the grievance redressal mechanism.</p>
<h2>Aadhaar and e-KYC</h2>
<p>In this session, the use of Aadhaar for e-KYC verification was discussed The UID strategy document describes how the idea is to link UIDAI with money enabled Direct Benefit Transfer (DBT) to the beneficiaries without any reason or justification for the same. It was highlighted by one of the participants how the Reserve Bank of India (RBI) believed that making Aadhaar compulsory for e-KYC and several other banking services was a violation of the Money Laundering Act as well as its own rules and standards, however, later relaxed the rules to link Aadhaar with bank accounts and accepted its for e-KyC with great reluctance as the Department of Revenue thought otherwise. It was mentioned how allowing opening of bank accounts remotely using Aadhaar, without physically being present, was touted as a dangerous idea. However, the restrictions placed by RBI were suddenly done away with and opening bank accounts remotely was enabled via e-KYC.</p>
<p>A speaker emphasised that with emerging FinTech services in India being tied with Aadhaar via India Stack, the following concerns are becoming critical:</p>
<ol><li>With RBI enabling creation of bank accounts remotely, it becomes difficult to to track who did e-KYC and which bank did it and hold the same accountable.<br /><br /></li>
<li>The Aadhaar Act 2016 states that UIDAI will not track the queries made and will only keep a record of Yes/No for authentication. For example, the e-KYC to open a bank account can now be done with the help of an Aadhaar number and biometric authentication. However, this request does not get recorded and at the time of authentication, an individual is simply told whether the request has been matched or not by way of a Yes/No <strong>[11]</strong>. Though UIDAI will maintain the authentication record, this may act as an obstacle since in case the information from the aadhaar database does not match, the person would not be able to open a bank account and would only receive a yes/no as a response to the request.<br /><br /></li>
<li>Further, there is a concern that the Aadhaar Enabled Payment System being implemented by the National Payment Corporation of India (NCPI) would allow effectively hiding of source and destination of money flow, leading to money laundering and cases of bribery. This possible as NCPI maintains a mapper where each bank account is linked (only the latest one). However, Aadhaar number can be linked with multiple bank accounts of an individual. So when a transaction is made, the mapper records the transaction only from that 1 account. But if another transaction takes place with another bank account, that record is not maintained by the mapper at NCPI since it records only transactions of the latest account seeded in that. This makes money laundering easy as the money moves from aadhaar number to aadhaar number now rather than bank account to bank account.</li></ol>
<h2>Endnotes</h2>
<p><strong>[1]</strong> See: <a href="http://cis-india.org/internet-governance/events/uidai-and-welfare-services-exclusion-and-countermeasures-aug-27">http://cis-india.org/internet-governance/events/uidai-and-welfare-services-exclusion-and-countermeasures-aug-27</a>.</p>
<p><strong>[2]</strong> See: <a href="http://cis-india.org/internet-governance/blog/report-on-understanding-aadhaar-and-its-new-challenges">http://cis-india.org/internet-governance/blog/report-on-understanding-aadhaar-and-its-new-challenges</a>.</p>
<p><strong>[3]</strong> See: <a href="https://uidai.gov.in/beta/images/the_aadhaar_act_2016.pdf">https://uidai.gov.in/beta/images/the_aadhaar_act_2016.pdf</a>.</p>
<p><strong>[4]</strong> See: <a href="http://scroll.in/latest/816343/aadhaar-numbers-may-soon-be-compulsory-to-book-railway-tickets">http://scroll.in/latest/816343/aadhaar-numbers-may-soon-be-compulsory-to-book-railway-tickets</a>.</p>
<p><strong>[5]</strong> See: <a href="http://www.thehindu.com/news/national/karnataka/linking-bpl-ration-card-with-aadhaar-made-mandatory/article9094935.ece">http://www.thehindu.com/news/national/karnataka/linking-bpl-ration-card-with-aadhaar-made-mandatory/article9094935.ece</a>.</p>
<p><strong>[6]</strong> See: <a href="http://timesofindia.indiatimes.com/india/After-scam-Bihar-to-link-exams-to-Aadhaar/articleshow/54000108.cms">http://timesofindia.indiatimes.com/india/After-scam-Bihar-to-link-exams-to-Aadhaar/articleshow/54000108.cms</a>.</p>
<p><strong>[7]</strong> See: <a href="http://www.dailypioneer.com/state-editions/cs-calls-for-early-steps-to-link-aadhaar-to-ac.html">http://www.dailypioneer.com/state-editions/cs-calls-for-early-steps-to-link-aadhaar-to-ac.html</a>.</p>
<p><strong>[8]</strong> See: <a href="http://www.cag.gov.in/sites/default/files/audit_report_files/Union_Commercial_Compliance_Full_Report_25_2016_English.pdf">http://www.cag.gov.in/sites/default/files/audit_report_files/Union_Commercial_Compliance_Full_Report_25_2016_English.pdf</a>.</p>
<p><strong>[9]</strong> See: <a href="http://petroleum.nic.in/docs/lpg/LPG%20Control%20Order%20GSR%20718%20dated%2026.09.2011.pdf">http://petroleum.nic.in/docs/lpg/LPG%20Control%20Order%20GSR%20718%20dated%2026.09.2011.pdf</a>.</p>
<p><strong>[10]</strong> See: <a href="http://judis.nic.in/temp/494201232392013p.txt">http://judis.nic.in/temp/494201232392013p.txt</a>.</p>
<p><strong>[11]</strong> Section 8(4) of the Aadhaar Act, 2016 states that "The Authority shall respond to an authentication query with a positive, negative or any other appropriate response sharing such identity information excluding any core biometric information."</p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/workshop-report-uidai-and-welfare-services-august-27-2016'>http://editors.cis-india.org/internet-governance/blog/workshop-report-uidai-and-welfare-services-august-27-2016</a>
</p>
No publishervanyaDigital PaymentData SystemsResearchers at WorkUIDInternet GovernanceSurveillanceBig DataAadhaarWelfare GovernanceBig Data for DevelopmentDigital ID2019-03-16T04:34:11ZBlog EntryRight to Food Campaign, Ranchi Convention, 2016
http://editors.cis-india.org/internet-governance/news/right-to-food-campaign-ranchi-convention-2016
<b>The Right to Food Campaign held its 2016 Convention in Ranchi during September 23-25, 2016. While three years have elapsed since the passage of the National Food Security Act, despite improvements in the Public Distribution System (PDS), large implementation gaps remain. This is what the Convention focused on, and gathered researchers and campaigners from across the country to share experiences and case studies on effectiveness and exclusions from the PDS. Sumandro Chattapadhyay took part in a session of the Convention to discuss how UID-linked welfare delivery is being rolled out across key programmes like provision of pension and rationed distribution of essential commodities, and their impact on people's right to welfare services.</b>
<p> </p>
<h4>Right to Food Campaign: <a href="http://www.righttofoodcampaign.in/">Website</a>.</h4>
<h4>Right to Food Campaign: <a href="https://docs.google.com/viewer?a=v&pid=sites&srcid=ZGVmYXVsdGRvbWFpbnxoYXFyb3ppcm90aXxneDo3MmQ3MTMyZjU2N2FjOGU">Cash Transfers and UID: Our Main Demands</a>.</h4>
<h4>Ranchi Convention, 2016: <a href="https://docs.google.com/document/d/110_asJ1t14IWALbhWN1RjDiOV8WE-fIK2xJC5Yltyc4/edit">Programme</a>.</h4>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/right-to-food-campaign-ranchi-convention-2016'>http://editors.cis-india.org/internet-governance/news/right-to-food-campaign-ranchi-convention-2016</a>
</p>
No publishersumandroBig DataData SystemsInternet GovernanceSurveillanceAadhaarWelfare GovernanceBiometricsBig Data for DevelopmentUID2019-03-16T04:40:52ZBlog EntryRethinking Acquisition of Digital Devices by Law Enforcement Agencies
http://editors.cis-india.org/internet-governance/blog/rethinking-acquisition-of-digital-devices-by-law-enforcement-agencies
<b>This article has been selected as a part of The Right to Privacy and the Legality of Surveillance series organized in collaboration with the RGNUL Student Research Review (RSRR) Journal.</b>
<p>Read the article originally published in <a class="external-link" href="https://rsrr.in/blog/">RGNUL Student Research Review (RSRR) Journal </a></p>
<hr />
<p><strong>Abstract</strong></p>
<p style="text-align: justify;">The Criminal Procedure Code was created in the 1970s when the concept of the right to privacy was highly unacknowledged. Following the <em>Puttuswamy</em> <em>I </em>(2017) judgement of the Supreme Court affirming the right to privacy, these antiquated codes must be re-evaluated. Today, the police can acquire digital devices through summons and gain direct access to a person’s life, despite the summons mechanism having been intended for targeted, narrow enquiries. Once in possession of a device, the police attempt to circumvent the right against self-incrimination by demanding biometric passwords, arguing that the right does not cover biometric information . However, due to the extent of information available on digital devices, courts ought to be cautious and strive to limit the power of the police to compel such disclosures, taking into consideration the <em>right to privacy</em> judgement.</p>
<p><strong>Keywords: </strong>Privacy, Criminal Procedural Law, CrPc, Constitutional Law</p>
<p><strong>Introduction<em></em></strong></p>
<p style="text-align: justify;">New challenges confront the Indian criminal investigation framework, particularly in the context of law enforcement agencies (LEAs) acquiring digital devices and their passwords. Criminal procedure codes delimiting police authority and procedures were created before the widespread use of digital devices and are no longer pertinent to the modern age due to the magnitude of information available on a single device. A single device could provide more information to LEAs than a complete search of a person’s home; yet, the acquisition of a digital device is not treated with the severity and caution it deserves. Following the affirmation of the right to privacy in <em>Puttuswamy I </em>(2017), criminal procedure codes must be revamped, taking into consideration that the acquisition of a person’s digital device constitutes a major infringement on their right to privacy.</p>
<p><strong>Acquisition of digital devices by LEAs through summons</strong></p>
<p style="text-align: justify;"><a href="https://www.indiacode.nic.in/bitstream/123456789/15272/1/the_code_of_criminal_procedure%2C_1973.pdf">Section 91 of the Criminal Procedure Code</a> (CrPc) grants powers to a court or police officer in charge of a police station to compel a person to produce any form of document or ‘thing’ necessary and desirable to a criminal investigation. In <a href="https://indiankanoon.org/doc/1395576/"><em>Rama Krishna v State</em></a>,<em> </em>‘necessary’ and ‘desirable’ have been interpreted as any piece of evidence relevant to the investigation or a link in the chain of evidence. <a href="https://deliverypdf.ssrn.com/delivery.php?ID=040088020003014069081068085012117023096031065012091090091115088031084097097081123000002033027047006112028087095120074083084003037094022080065067076089116106115025106025062083007085091067067124080091064096069093075026018100087109120024076084123086119022&EXT=pdf&INDEX=TRUE">Abhinav Sekhri</a>, a criminal law litigator and writer, has argued that the wide wording of this section allows summons to be directed towards the retrieval of specific digital devices.</p>
<p style="text-align: justify;">As summons are target-specific, the section has minimal safeguards. However, several issues arise in the context of summons regarding digital devices. In the current day, access to a user’s personal device can provide comprehensive insight into their life and personality due to the vast amounts of private and personal information stored on it. In <a href="https://www.supremecourt.gov/opinions/13pdf/13-132_8l9c.pdf"><em>Riley v California</em></a>, the Supreme Court of the United States (SCOTUS) observed that due to the nature of the content present on digital devices, summons for them are equivalent to a roving search, i.e., demanding the simultaneous production of all contents of the home, bank records, call records, and lockers. The <em>Riley</em> decision correctly highlights the need for courts to recognise that digital devices ought to be treated distinctly compared to other forms of physical evidence due to the repository of information stored on digital devices.</p>
<p style="text-align: justify;">The burden the state must surpass in order to issue summons is low as the relevancy requirement is easily provable. As noted in <a href="https://www.supremecourt.gov/opinions/13pdf/13-132_8l9c.pdf"><em>Riley</em></a>, police must identify which evidence on a device is relevant. Due to the sheer amount of data on phones, it is very easy for police to claim that there will surely be some form of connection between the content on the device and the case. Due to the wide range of offences available for Indian LEAs to cite, it is easy for them to argue that the content on the device is relevant to any number of possible offences. LEAs rarely face consequences for slamming the accused with a huge roster of charges – even if many of them are baseless – leading to the system being prone to abuse. The Indian Supreme Court in its judgement in <a href="https://indiankanoon.org/doc/1068532/"><em>Canara Bank</em></a> noted that the burden of proof must be higher for LEAs when investigations violate the right to privacy. <a href="https://www.ijlt.in/_files/ugd/066049_03e4a2b28a5e49f6a59b861aa4554ede.pdf">Tarun Krishnakumar</a> notes that the trickle-down effect of <em>Puttuswamy I</em> will lead to new privacy challenges with regards to a summons to appear in court. <em>Puttuswamy I</em>, will provide the bedrock and constitutional framework, within which future challenges to the criminal process will be undertaken. It is important for the court to recognise the transformative potential within the <a href="https://main.sci.gov.in/supremecourt/2012/35071/35071_2012_Judgement_24-Aug-2017.pdf"><em>Puttuswamy</em></a> judgement to help ensure that the right to privacy of citizens is safeguarded. The colonial logic of policing – wherein criminal procedure law was merely a tool to maximise the interest of the state at the cost of the people – must be abandoned. Courts ought to devise a framework under Section 91 to ensure that summons are narrowly framed to target specific information or content within digital devices. Additionally, the digital device must be collected following a judicial authority issuing the summons and not a police authority. Prior judicial warrants will require LEAs to demonstrate their requirement for the digital device; on estimating the impact on privacy, the authority can issue a suitable summons. Currently, the only consideration is if the item will furnish evidence relevant to the investigation; however, judges ought to balance the need for the digital device in the LEA’s investigation with the users’ right to privacy, dignity, and autonomy.</p>
<p style="text-align: justify;"><a href="https://main.sci.gov.in/supremecourt/2012/35071/35071_2012_Judgement_24-Aug-2017.pdf"><em>Puttuswamy I</em></a><em> </em>provides a triple test encompassing legality, necessity, and proportionality to test privacy claims. Legality requires that the measure be prescribed by law, necessity analyses if it is the least restrictive means being adopted by the state, and proportionality checks if the objective pursued by the measure is proportional to the degree of infringement of the right. The relevance standard, as mentioned before, is inadequate as it does not provide enough safeguards against abuse. The police can issue summons based on the slightest of suspicions and thus get access to a digital device, following which they can conduct a roving enquiry of the device to find evidence of any other offence, unrelated to the original cause of suspicion.</p>
<p style="text-align: justify;">Unilateral police summons of digital devices cannot pass the triple test as it is grossly disproportionate and lacks any form of safeguard against the police. The current system has no mechanism for overseeing the LEAs; as long as LEAs themselves are of the view that they require the device, they can acquire it. In <a href="https://www.supremecourt.gov/opinions/13pdf/13-132_8l9c.pdf"><em>Riley</em></a>, SCOTUS has already held that warrantless seizure of digital devices constitutes a violation of the right to privacy. India ought to also adopt a requirement of a prior judicial warrant for the procurement of devices by LEAs. A re-imagined criminal process would have to abide by the triple test in particular proportionality wherein the benefit claimed by the state ought not to be disproportionate to the impact on the fundamental right to privacy; and further, a framework must be proposed to provide safeguards against abuse.</p>
<p><strong>Compelling the production of passwords of devices</strong></p>
<p style="text-align: justify;">In police investigations, gaining possession of a physical device is merely the first step in acquiring the data on the device, as the LEAs still require the passcodes needed to unlock the device. LEAs compelling the production of passcodes to gain access to potentially incriminating data raises obvious questions regarding the right against self-incrimination; however, in the context of digital devices, several privacy issues may crop up as well.</p>
<p style="text-align: justify;">In <a href="https://main.sci.gov.in/judgment/judis/4157.pdf"><em>Kathi Kalu Oghad</em></a>, the SC held that compelling the production of fingerprints of an accused person to compare them with fingerprints discovered by the LEA in the course of their investigation does not violate the right to protection against self-incrimination of the accused. <a href="https://lawschoolpolicyreview.com/2019/10/16/biometrics-as-passwords-the-slippery-scope-of-self-incrimination/">It has been argued</a> that the ratio in the judgement prohibits the compelling of disclosure of passwords and biometrics for unlocking devices because <a href="https://main.sci.gov.in/judgment/judis/4157.pdf"><em>Kathi Kalu Oghad</em></a> only dealt with the production of fingerprints in order to compare the fingerprints with pre-existing evidence, as opposed to unlocking new evidence by utilising the fingerprint. However, the judgement deals with self-incrimination and does not address any privacy issues.</p>
<p style="text-align: justify;">The right against self-incrimination approach alone may not be enough to resolve all concerns. Firstly, there may be varying levels of protection provided to different forms of password protections on digital devices; text- and pattern-based passcodes are inarguably protected under Art. 20(3) of the Constitution. However, the protection of biometrics-based passcodes relies upon the correct interpretation of the <a href="https://main.sci.gov.in/judgment/judis/4157.pdf"><em>Kathi Kalu Oghad</em></a> precedent. Secondly, Art. 20(3) only protects the accused in investigations and not when non-accused digital devices are acquired by LEAs and the passcodes of the devices demanded.</p>
<p style="text-align: justify;">Therefore, considering the aforementioned points, it is pertinent to remember that the right against self-incrimination does not exist in a vacuum separate from privacy. It originates from the concept of decisional autonomy – the right of individuals to make decisions about matters intimate to their life without interference from the state and society. <a href="https://main.sci.gov.in/supremecourt/2012/35071/35071_2012_Judgement_24-Aug-2017.pdf"><em>Puttuswamy I</em></a> observed that decisional autonomy is the bedrock of the right to privacy, as privacy allows an individual to make these intimate decisions away from the glare of society and/or the state. This has heightened importance in this context as interference with such autonomy could lead to the person in question facing criminal prosecution. The SC in <a href="https://main.sci.gov.in/jonew/judis/36303.pdf"><em>Selvi v Karnataka</em></a><em> </em>and <a href="https://main.sci.gov.in/supremecourt/2012/35071/35071_2012_Judgement_24-Aug-2017.pdf"><em>Puttuswamy I</em></a> has repeatedly affirmed that the right against self-incrimination and the right to privacy are linked concepts, with the court observing that the right to remain silent is an integral aspect of decisional autonomy.</p>
<p style="text-align: justify;">In <a href="http://karnatakajudiciary.kar.nic.in:8080/repository/rep_judgmentcase.php"><em>Virendra Khanna</em></a>, the Karnataka High Court (HC) dealt with the privacy and self-incrimination concerns caused by LEAs compelling the disclosure of passwords. The HC brushes aside concerns related to privacy by noting that the right to privacy is not absolute and that an exception to the right to privacy is state interest and protection of law and order (para 5.11), and that unlawful disclosure of material to third parties could be an actionable wrong (para 15). The court’s interpretation of privacy effectively provides a free pass for the police to interfere with the right to privacy under the pretext of a criminal investigation. This conception of privacy is inadequate as the issue of proportionality is avoided, and the court does not attempt to ensure that the interference is proportionate with the outcome.</p>
<p style="text-align: justify;">US courts also see the compelling of production of passcodes as an issue of self-incrimination as well as privacy. In its judgement in <a href="https://casetext.com/case/in-re-application-for-a-search-warrant?__cf_chl_f_tk=lTxiJpZIvKfkIBtGQJtMObSmqhdRUZdjGk5hXeMfprQ-1642253001-0-gaNycGzNCJE"><em>Application for a Search Warrant</em></a>, a US court observed that compelling the disclosure of passcodes existed at an intersection of the right to privacy and self-incrimination; the right against self-incrimination serves to protect the privacy interests of suspects.</p>
<p style="text-align: justify;">Disclosure of passwords to digital devices amounts to an intrusion of the privacy of the suspect as the collective contents on the digital device effectively amount to providing LEAs with a method to observe a person’s mind and identity. Police investigative techniques cannot override fundamental rights and must respect the personal autonomy of suspects – particularly, the choice between silence and speech. Through the production of passwords, LEAs can effectively get a snapshot of a suspect’s mind. This is analogous to the polygraph and narco-analysis test struck down as unconstitutional by the SC in <a href="https://main.sci.gov.in/jonew/judis/36303.pdf"><em>Selvi</em></a> as it violates decisional autonomy.</p>
<p style="text-align: justify;">As <a href="https://theproofofguilt.blogspot.com/2021/03/mobile-phones-and-criminal.html">Sekhri</a> noted, a criminal process that reflects the aspirations of the <em>Puttuswamy </em>judgement would require LEAs to first explain with reasonable detail the material which they wish to find in the digital devices. Secondly, they must provide a timeline for the investigation to ensure that individuals are not subjected to inexhaustible investigations with police roving through their devices indefinitely. Thirdly, such a criminal process must demand, a higher burden to be discharged from the state if the privacy of the individual is infringed upon. These aspirations should form the bedrock of a system of judicial warrants that LEAs ought to be required to comply with if they wish to compel the disclosure of passwords from individuals. The framework proposed above is similar to the <a href="http://karnatakajudiciary.kar.nic.in:8080/repository/rep_judgmentcase.php"><em>Virendra Khanna</em></a><em> </em>guidelines, as they provide a system of checks and balances that ensure that the intrusion on privacy is carried out proportionately; additionally, it would require LEAs to show a real requirement to demand access to the device. The independent eyes of a judicial magistrate provide a mechanism of oversight and a check against abuse of power by LEAs.</p>
<p><strong>Conclusion</strong></p>
<p style="text-align: justify;">The criminal law apparatus is the most coercive power available to the state, and, therefore, privacy rights will become meaningless unless they can withstand it. Several criminal procedures in the country are rooted in colonial statutes, where the rights of the populace being policed were never a consideration; hence, a radical shift is required. However, post-1947 and <em>Puttuswamy</em>, the ignorance and refusal to submit to the rights of the population can no longer be justified and significant reformulation is necessary to guarantee meaningful protections to device owners. There is a need to ensure that the rights of individuals are protected, especially when the motivation for their infringement is the supposed noble intentions of the criminal justice system. Failing to defend the right to privacy in these moments would be an invitation for allowing the power of the state to increase and inevitably become absolute.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/rethinking-acquisition-of-digital-devices-by-law-enforcement-agencies'>http://editors.cis-india.org/internet-governance/blog/rethinking-acquisition-of-digital-devices-by-law-enforcement-agencies</a>
</p>
No publisherHarikartik RameshSurveillanceInternet GovernancePrivacy2022-05-02T09:27:54ZBlog EntryIs CMS a Compromise of Your Security?
http://editors.cis-india.org/news/forbesindia-article-real-issue-july9-2013-rohin-dharmakumar-is-cms-a-compromise-of-your-security
<b>By secretly monitoring and recording all Indians through a Central Monitoring System, our government will end up making citizens and businesses less safe.
</b>
<hr />
<p style="text-align: justify; ">This <a class="external-link" href="http://forbesindia.com/article/real-issue/is-cms-a-compromise-of-national-security/35543/1#ixzz2YX7nI92k">article appeared in the Forbes India magazine</a> of 12 July, 2013. Sunil Abraham is quoted.</p>
<hr />
<p style="text-align: justify; ">Are you reading this article on your PC or smartphone? No? Do you own a smartphone? Surely a phone then?<br /><br />If you also happen to live in Delhi, Haryana or Karnataka, then from April this year nearly all your electronic communication—telephony, emails, VOIP, social networking—has been sucked up under an innocuous sounding programme called the Central Monitoring System, or CMS.</p>
<p style="text-align: justify; ">There’s no way to tell if you are being watched really, because telecom service providers aren’t part of the set-up. In most cases, they may not even be aware which of their users is being monitored. Neither can you approach a government agency or court to find out more, because there’s practically very little oversight or disclosure. What the government does with the data—how it is stored, secured, accessed or deleted—we don’t know.</p>
<p style="text-align: justify; ">Unlike the US and other Western democracies where even for a large scale programme like Prism (leaked recently by 29-year-old whistleblower and now fugitive Edward Snowden), surveillance orders need to be signed by a judge. But in India most orders are signed by either the Central or state home secretary, says Sunil Abraham, executive director for Centre for Internet and Society, Bangalore. This leads to a conflict of interest as the executive branch is both undertaking law enforcement and providing oversight on its own work.<br /><br />In most cases, the officials are overwhelmed with other work, and don’t have the time to apply their minds to each request. “There is supposed to be an oversight committee that reviews the decisions of home secretaries, but we don’t have any idea about that committee either,” says Abraham.<br /><br />Meanwhile, government bodies like the R&AW, Central Bureau of Investigation, National Investigation Agency, Central Board of Direct Taxes, Narcotics Control Bureau and the Enforcement Directorate will have the right to look up your data. Starting next year, all mobile telephony operators will also need to track and store the geographical location from which subscribers make or receive calls.<br /><br />“I see it as the rise of techno-determinism in our security apparatus. Previously, our philosophy was to avoid infringing on individual privacy, and monitor a small set of individuals directly suspected of engaging in illegal activities. Now, thanks to the Utopianism being offered up by ‘Big Data’ infrastructure, putting everybody under blanket surveillance seems like a better way to serve our security and law enforcement agendas more effectively,” says Abraham.<br /><br />There is a real risk that CMS and the numerous other monitoring programmes that will subsequently connect to it will end up harming more Indians than protecting them.<br /><br />The biggest risk is that these programmes will turn into lucrative ‘honey pots’ for hackers, criminals and rival countries. Why bother hacking individuals and companies if you can attack the CMS? We’ve seen private corporations and government agencies in the US, Israel and the UK getting hacked. So let’s not have any illusions that India is going to fare much better.<br /><br />Another consequence is that sooner or later innocent citizens will be wrongly accused of being criminals based on mistaken data patterns. While searching for matches in any database with hundreds of millions of records, the risk of a ‘false positive’ increases disproportionately because there are exponentially more innocents than there are guilty. And in the near-Dystopian construct of the CMS, it will take months or years for such errors to be rectified.<br /><br />As more Indians become aware of these programmes, they will adopt encryption and masking tools to hide their digital selves. In the process, numerous ‘unintended consequences’ of failing to differentiate law-abiding citizens from criminals will be created. What answer will a normal citizen offer to a law enforcement official who wants to know why he or she has encrypted all communications and hosted a personal server in, say, Sweden?<br /><br />But arguably the biggest threat of 24x7 surveillance is to businesses. Security and trust are the foundations atop which most modern businesses are built. From your purchase of a gadget on an ecommerce site to a large conglomerate’s secret bid in a government auction to discussions within a company on future business strategies to patent applications—everything requires secrecy and security. All an unscrupulous competitor, whether it be a company or a country, has to do to go one-up on you is to attack the CMS and other central databases.<br /><br />“The reason why the USA historically decided not to impose blanket surveillance wasn’t because of human rights, but to protect its businesses and intellectual property. Because while we may be able to live in a society without human rights, we cannot be in one without functional markets,” says Abraham.<br /><br />He goes on to say that the recent disclosures around the various spying programmes run by the US have made the private surveillance and security industry very happy. “Each incident becomes a case-study to pit one country against another, forcing each one to cherry-pick the worst global practices in a dangerous race to the bottom. Civil society and privacy activists don’t have the resources to fight large vendors and so the only thing that will stop this is the leak of large databases, like that of 9 million Israeli biometric records a few years back.”<br /><br />Recollecting the news about a family-business break-up some years ago, where two brothers agreed to split their businesses, the net result was one brother opted out of telephony services offered by the other. All of that is now moot. “There are no more shadows now. Nobody will have refuge and everybody will be exposed,” says Abraham.<br /><br /></p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/forbesindia-article-real-issue-july9-2013-rohin-dharmakumar-is-cms-a-compromise-of-your-security'>http://editors.cis-india.org/news/forbesindia-article-real-issue-july9-2013-rohin-dharmakumar-is-cms-a-compromise-of-your-security</a>
</p>
No publisherpraskrishnaSurveillanceInternet GovernancePrivacy2013-07-15T06:27:05ZNews ItemThe Constitutionality of Indian Surveillance Law: Public Emergency as a Condition Precedent for Intercepting Communications
http://editors.cis-india.org/internet-governance/blog/the-constitutionality-of-indian-surveillance-law
<b>Bedavyasa Mohanty analyses the nuances of interception of communications under the Indian Telegraph Act and the Indian Post Office Act. In this post he explores the historical bases of surveillance law in India and examines whether the administrative powers of intercepting communications are Constitutionally compatible.</b>
<h3>Introduction</h3>
<p style="text-align: justify; ">State authorised surveillance in India derives its basis from two colonial legislations; §26 of the Indian Post Office Act, 1898 and §5 of the Telegraph Act, 1885 (hereinafter the Act) provide for the interception of postal articles<a href="#_ftn1" name="_ftnref1">[1]</a> and messages transmitted via telegraph<a href="#_ftn2" name="_ftnref2">[2]</a> respectively. Both of these sections, which are analogous, provide that the powers laid down therein can only be invoked on the occurrence of a public emergency or in the interest of public safety. The task of issuing orders for interception of communications is vested in an officer authorised by the Central or the State government. This blog examines whether the preconditions set by the legislature for allowing interception act as adequate safeguards. The second part of the blog analyses the limits of discretionary power given to such authorised officers to intercept and detain communications.</p>
<p style="text-align: justify; ">Surveillance by law enforcement agencies constitutes a breach of a citizen’s Fundamental Rights of privacy and the Freedom of Speech and Expression. It must therefore be justified against compelling arguments against violations of civil rights. Right to privacy in India has long been considered too ‘broad and moralistic’<a href="#_ftn3" name="_ftnref3">[3]</a> to be defined judicially. The judiciary, though, has been careful enough to not assign an unbound interpretation to it. It has recognised that the breach of privacy has to be balanced against a compelling public interest <a href="#_ftn4" name="_ftnref4">[4]</a> and has to be decided on a careful examination of the facts of a certain case. In the same breath, Indian courts have also legitimised surveillance by the state as long as such surveillance is not illegal or unobtrusive and is within bounds <a href="#_ftn5" name="_ftnref5">[5]</a>. While determining what constitutes legal surveillance, courts have rejected “prior judicial scrutiny” as a mandatory requirement and have held that administrative safeguards are sufficient to legitimise an act of surveillance. <a href="#_ftn6" name="_ftnref6">[6]</a></p>
<h3>Conditions Precedent for Ordering Interception</h3>
<p style="text-align: justify; ">§§5(2) of the Telegraph Act and 26(2) of the Indian Post Office Act outline a two tiered test to be satisfied before the interception of telegraphs or postal articles. The first tier consists of sine qua nons in the form of an “occurrence of public emergency” or “in the interests of public safety.” The second set of requirements under the provisions is “the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of an offence.” While vesting the power of interception in administrative officials, the sections contemplate a legal fiction where a public emergency exists and it is in the interest of sovereignty, integrity, security of the state or for the maintenance of public order/ friendly relations with foreign states. The term “public emergency,” however, has not been clearly defined by the legislature or by the courts. It thus vests arbitrary powers in a delegated official to order the interception of communication violating one’s Fundamental Rights.</p>
<h3>Tracing the History of the Expression “Public Emergency”</h3>
<p style="text-align: justify; ">The origins of the laws governing interception can be traced back to English laws of the late 19th Century; specifically one that imposed a penalty on a postal officer who delayed or intercepted a postal article.<a href="#_ftn7" name="_ftnref7">[7]</a> This law guided the drafting of the Indian Telegraph Act in 1885 that legitimised interception of communications by the state. The expression “public emergency” appeared in the original Telegraph Act of 1885 and has been adopted in that form in all subsequent renderings of provisions relating to interception. Despite the contentious and vague nature of the expression, no consensus regarding its interpretation seems to have been arrived at. One of the first post-independence analyses of this provision was undertaken by the Law Commission in 1968. The 38th Law Commission in its report on the Indian Post Office Act, raised concerns about the constitutionality of the expression. The Law Commission was of the opinion that the term not having been defined in the constitution cannot serve as a reasonable ground for suspension of Fundamental Rights.<a href="#_ftn8" name="_ftnref8">[8]</a> It further urged that a state of public emergency must be of such a nature that it is not secretive and is apparent to a reasonable man.<a href="#_ftn9" name="_ftnref9">[9]</a> It thus challenged the operation of the act in its then current form where the determination of public emergency is the discretion of a delegated administrative official. The Commission, in conclusion, implored the legislature to amend the laws relating to interception to bring them in line with the Constitution. This led to the Telegraph (Amendment) Act of 1981. Questions regarding the true meaning of the expression and its potential misuse were brought up in both houses of the Parliament during passing of the amendment. The Law Ministry, however, did not issue any additional clarifications regarding the terms used in the Act. Instead, the Government claimed that the expressions used in the Act are “exactly those that are used in the Constitution.” <a href="#_ftn10" name="_ftnref10">[10]</a> It may be of interest to note here that the Constitution of India, neither uses nor defines the term “public emergency.” Naturally, it is not contemplated as a ground for reasonably restricting Fundamental Rights provided under Article 19(1). <a href="#_ftn11" name="_ftnref11">[11]</a> Similarly, concerns regarding the potential misuse of the powers were defended with the logically incompatible and factually inaccurate position that the law had not been misused in the past.<a href="#_ftn12" name="_ftnref12">[12]</a></p>
<h3>Locating “Public Emergency” within a Proclamation of Emergency under the Constitution (?)</h3>
<p style="text-align: justify; ">Public emergency in not equivalent to a proclamation of emergency under Article 352 of the Constitution simply because it was first used in legislations over six decades before the drafting of the Indian Constitution began. Besides, orders for interception of communications have also been passed when the state was not under a proclamation of emergency. Moreover, public emergency is not the only prerequisite prescribed under the Act. §5(2) states that an order for interception can be passed either on the occurrence of public emergency or in the interest of public safety. Therefore, the thresholds for the satisfaction of both have to be similar or comparable. If the threshold for the satisfaction of public emergency is understood to be as high as a proclamation of emergency then any order for interception can be passed easily under the guise of public safety. The public emergency condition will then be rendered redundant. Public emergency is therefore a condition that is separate from a proclamation of emergency.</p>
<p style="text-align: justify; ">In a similar vein the Supreme Court has also clarified<a href="#_ftn13" name="_ftnref13">[13]</a> that terms like “public emergency” and “any emergency,” when used as statutory prerequisites, refer to the occurrence of different kinds of events. These terms cannot be equated with one another merely on the basis of the commonality of one word.</p>
<p style="text-align: justify; ">The Supreme Court in Hukam Chand v. Union of India,<a href="#_ftn14" name="_ftnref14">[14]</a> correctly stated that the terms public emergency and public safety must “take colour from each other.” However, the court erred in defining public emergency as a situation that “raises problems concerning the interest of the public safety, the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or the prevention of incitement to the commission of an offence.” This cyclic definition does not lend any clarity to the interpretive murk surrounding the term. The Act envisages public emergency as a sine qua non that must exist prior to a determination that there is a threat to public order and sovereignty and integrity of the state. The court’s interpretation on the other hand would suggest that a state of public emergency can be said to exist only when public order, sovereignty and integrity of the state are already threatened. Therefore, while conditions precedent exist for the exercise of powers under §5(2) of the Act, there are no objective standards against which they are to be tested.</p>
<h3>Interpretation of Threshold Requirements</h3>
<p style="text-align: justify; ">A similar question arose before the House of Lords in Liversidge v. Anderson.<a href="#_ftn15" name="_ftnref15">[15]</a> The case examined the vires of an Act that vested an administrative authority with the conditional power to detain a person if there was reasonable cause to believe that the person was of hostile origin. Therein, Lord Atkin dissenting with the majority opinion stated in no unclear terms that power vested in the secretary of state was conditional and not absolute. When a conditional authority is vested in an administrative official but there aren’t any prescriptive guidelines for the determination of the preconditions, then the statute has the effect of vesting an absolute power in a delegated official. This view was also upheld by the Supreme Court in State of Madhya Pradesh v. Baldeo Prasad.<a href="#_ftn16" name="_ftnref16">[16]</a> The court was of the opinion that a statute must not only provide adequate safeguards for the protection of innocent citizens but also require the administrative authority to be satisfied as to the existence of the conditions precedent laid down in the statute before making an order. If the statute failed to do so in respect of any condition precedent then the law suffered from an infirmity and was liable to be struck down as invalid.<a href="#_ftn17" name="_ftnref17">[17]</a> The question of the existence of public emergency, therefore being left to the sole determination of an administrative official is an absolute and arbitrary power and is ultra vires the Constitution</p>
<p style="text-align: justify; ">Interestingly, in its original unamended form, §5 contained a provisio stating that a determination of public emergency was the sole authority of the secretary of state and such a finding could not be challenged before a court of law. It is this provision that the government repealed through the Telegraph (Amendment) Act of 1981 to bring it in line with Constitutional principles. The preceding discussion shows that the amendment did not have the effect of rectifying the law’s constitutional infirmities. Nonetheless, the original Telegraph Act and its subsequent amendment are vital for understanding the compatibility of surveillance standards with the Constitutional principles. The draconian provisio in the original act vesting absolute powers in an administrative official illustrates that the legislative intent behind the drafting of a 130 year law cannot be relied on in today’s context. Vague terms like public emergency that have been thoughtlessly adopted from a draconian law find no place in a state that seeks to guarantee to its citizens rights of free speech and expression.</p>
<h3>Conclusion</h3>
<p style="text-align: justify; ">Interception of communications under the Telegraph Act and the Indian Post office act violate not only one’s privacy but also one’s freedom of speech and expression. Besides, orders for the tapping of telephones violate not only the privacy of the individual in question but also that of the person he/she is communicating with. Considering the serious nature of this breach it is absolutely necessary that the powers enabling such interception are not only constitutionally authorised but also adequately safeguarded. The Fundamental Rights declared by Article 19(1) cannot be curtailed on any ground outside the relevant provisions of Cls. 2-6.<a href="#_ftn18" name="_ftnref18">[18]</a> The restrictive clauses in Cls. (2)-(6) of Article 19 are exhaustive and are to be strictly construed.<a href="#_ftn19" name="_ftnref19">[19]</a> Public emergency is not one of the conditions enumerated under Article 19 for curtailing fundamental freedoms. Moreover, it lacks adequate safeguards by vesting absolute discretionary power in a non-judicial administrative authority. Even if one were to ignore the massive potential for misuse of these powers, it is difficult to conceive that the interception provisions would stand a scrutiny of constitutionality.</p>
<p style="text-align: justify; ">Over the course of the last few years, India has been dangerously toeing the line that keeps it from turning into a totalitarian surveillance state. <a href="#_ftn20" name="_ftnref20">[20]</a> In 2011, India was the third most intrusive state<a href="#_ftn21" name="_ftnref21">[21]</a> with 1,699 requests for removal made to Google; in 2012 that number increased to 2529<a href="#_ftn22" name="_ftnref22">[22]</a>. The media is abuzz with reports about the Intelligence Bureau wanting Internet Service Providers to log all customer details <a href="#_ftn23" name="_ftnref23">[23]</a> and random citizens being videotaped by the Delhi Police for “looking suspicious.” It becomes essential under these circumstances to question where the state’s power ends and a citizens’ privacy begins. Most of the information regarding projects like the CMS and the CCTNS is murky and unconfirmed. But under the pretext of national security, government officials have refused to divulge any information regarding the kind of information included within these systems and whether any accountability measures exist. For instance, there have been conflicting opinions from various ministers regarding whether the internet would also be under the supervision of the CMS <a href="#_ftn24" name="_ftnref24">[24]</a>. Even more importantly, citizens are unaware of what rights and remedies are available to them in instances of violation of their privacy.</p>
<p style="text-align: justify; ">The intelligence agencies that have been tasked with handling information collected under these systems have not been created under any legislation and therefore not subject to any parliamentary oversight. Attempts like the Intelligence Services (Powers and Regulation) Bill, 2011 have been shelved and not revisited since their introduction. The intelligence agencies that have been created through executive orders enjoy vast and unbridled powers that make them accountable to no one<a href="#_ftn25" name="_ftnref25">[25]</a>. Before, vesting the Indian law enforcement agencies with sensitive information that can be so readily misused it is essential to ensure that a mechanism to check the use and misuse of that power exists. A three judge bench of the Supreme Court has recently decided to entertain a Public Interest Litigation aimed at subjecting the intelligence agencies to auditing by the Comptroller and Auditor General of India. But the PIL even if successful will still only manage to scratch the surface of all the wide and unbridled powers enjoyed by the Indian intelligence agencies. The question of the constitutionality of interception powers, however, has not been subjected to as much scrutiny as is necessary. Especially at a time when the government has been rumoured to have already obtained the capability for mass dragnet surveillance such a determination by the Indian courts cannot come soon enough.</p>
<div>
<hr />
<div id="ftn1">
<p style="text-align: justify; "><a href="#_ftnref1" name="_ftn1">[1]</a> Indian Post Office Act, 1898, § 26</p>
</div>
<div id="ftn2">
<p><a href="#_ftnref2" name="_ftn2">[2]</a> Indian Telegraph Act, 1885 § 5(2)</p>
</div>
<div id="ftn3">
<p><a href="#_ftnref3" name="_ftn3">[3]</a> PUCL v. Union of India, AIR 1997 SC 568</p>
</div>
<div id="ftn4">
<p><a href="#_ftnref4" name="_ftn4">[4]</a> Govind vs. State of Madhya Pradesh, (1975) 2 SCC 148</p>
</div>
<div id="ftn5">
<p><a href="#_ftnref5" name="_ftn5">[5]</a> Malak Singh vs. State Of Punjab & Haryana, AIR 1981 SC 760</p>
</div>
<div id="ftn6">
<p><a href="#_ftnref6" name="_ftn6">[6]</a> <i>Supra</i> note 3</p>
</div>
<div id="ftn7">
<p><a href="#_ftnref7" name="_ftn7">[7]</a> Law Commission, Indian Post Office Act, 1898 (38<sup>th</sup> Law Commission Report) para 84</p>
</div>
<div id="ftn8">
<p><a href="#_ftnref8" name="_ftn8">[8]</a> ibid</p>
</div>
<div id="ftn9">
<p><a href="#_ftnref9" name="_ftn9">[9]</a> id</p>
</div>
<div id="ftn10">
<p><a href="#_ftnref10" name="_ftn10">[10]</a> <i>Lok Sabha Debates</i> , Minister of Communications, Shri H.N. Bahuguna, August 9, 1972</p>
</div>
<div id="ftn11">
<p><a href="#_ftnref11" name="_ftn11">[11]</a> The Constitution of India, Article 358- Suspension of provisions of Article 19 during emergencies</p>
</div>
<div id="ftn12">
<p><a href="#_ftnref12" name="_ftn12">[12]</a> <i>Lok Sabha Debates</i> , Minister of Communications, Shri H.N. Bahuguna, August 9, 1972</p>
</div>
<div id="ftn13">
<p><a href="#_ftnref13" name="_ftn13">[13]</a> Hukam Chand v. Union of India, AIR 1976 SC 789</p>
</div>
<div id="ftn14">
<p><a href="#_ftnref14" name="_ftn14">[14]</a> ibid</p>
</div>
<div id="ftn15">
<p><a href="#_ftnref15" name="_ftn15">[15]</a> Liversidge v. Anderson [1942] A.C. 206</p>
</div>
<div id="ftn16">
<p><a href="#_ftnref16" name="_ftn16">[16]</a> State of M.P. v. Baldeo Prasad, AIR 1961 (SC) 293 (296)</p>
</div>
<div id="ftn17">
<p><a href="#_ftnref17" name="_ftn17">[17]</a> ibid</p>
</div>
<div id="ftn18">
<p><a href="#_ftnref18" name="_ftn18">[18]</a> Ghosh O.K. v. Joseph E.X. Air 1963 SC 812; 1963 Supp. (1) SCR 789</p>
</div>
<div id="ftn19">
<p><a href="#_ftnref19" name="_ftn19">[19]</a> Sakal Papers (P) Ltd. v. Union of India, AIR 1962 SC 305 (315); 1962 (3) SCR 842</p>
</div>
<div id="ftn20">
<p style="text-align: justify; "><a href="#_ftnref20" name="_ftn20">[20]</a> <i>See</i> Notable Observations- July to December 2012, Google Transparency Report, available at <a href="http://www.google.com/transparencyreport/removals/government/">http://www.google.com/transparencyreport/removals/government/</a> (last visited on July 2, 2014) (a 90% increase in Content removal requests by the Indian Government in the last year)</p>
</div>
<div id="ftn21">
<p style="text-align: justify; "><a href="#_ftnref21" name="_ftn21">[21]</a> Willis Wee, <i>Google Transparency Report: India Ranks as Third ‘Snoopiest’ Country</i>, July 6, 2011 available at <a href="http://www.techinasia.com/google-transparency-report-india/">http://www.techinasia.com/google-transparency-report-india/</a> (last visited on July 2, 2014)</p>
</div>
<div id="ftn22">
<p style="text-align: justify; "><a href="#_ftnref22" name="_ftn22">[22]</a> <i>See</i> Notable Observations- July to December 2012, Google Transparency Report, available at <a href="http://www.google.com/transparencyreport/removals/government/">http://www.google.com/transparencyreport/removals/government/</a> (last visited on July 2, 2014) (a 90% increase in Content removal requests by the Indian Government in the last year)</p>
</div>
<div id="ftn23">
<p style="text-align: justify; "><a href="#_ftnref23" name="_ftn23">[23]</a> Joji Thomas Philip, <i>Intelligence Bureau wants ISPs to log all customer details, </i>December 30, 2010 <a href="http://articles.economictimes.indiatimes.com/2010-12-30/news/27621627_1_online-privacy-internet-protocol-isps"> http://articles.economictimes.indiatimes.com/2010-12-30/news/27621627_1_online-privacy-internet-protocol-isps </a> (last visited on July 2, 2014)</p>
</div>
<div id="ftn24">
<p style="text-align: justify; "><a href="#_ftnref24" name="_ftn24">[24]</a> Deepa Kurup, <i>In the dark about ‘India’s Prism’</i> June 16, 2013 available at <a href="http://www.thehindu.com/sci-tech/technology/in-the-dark-about-indias-prism/article4817903.ece"> http://www.thehindu.com/sci-tech/technology/in-the-dark-about-indias-prism/article4817903.ece </a></p>
</div>
<div id="ftn25">
<p style="text-align: justify; "><a href="#_ftnref25" name="_ftn25">[25]</a> Saikat Dutta, We, The Eavesdropped May 3, 2010 available at <a href="http://www.outlookindia.com/article.aspx?265191">http://www.outlookindia.com/article.aspx?265191</a> (last visited on July 2, 2014)</p>
</div>
</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/the-constitutionality-of-indian-surveillance-law'>http://editors.cis-india.org/internet-governance/blog/the-constitutionality-of-indian-surveillance-law</a>
</p>
No publisherbedaavyasaPrivacyInternet GovernanceSurveillancesurveillance technologiesSecurityArticle 19(1)(a)2014-08-04T04:52:42ZBlog EntryWho Governs the Internet? Implications for Freedom and National Security
http://editors.cis-india.org/internet-governance/blog/yojana-april-2014-sunil-abraham-who-governs-the-internet-implications-for-freedom-and-national-security
<b>The second half of last year has been quite momentous for Internet governance thanks to Edward Snowden. German Chancellor Angela Merkel and Brazilian President Dilma Rousseff became aware that they were targets of US surveillance for economic not security reasons. They protested loudly.</b>
<hr />
<p>The article was published in Yojana (April 2014 Issue). <a href="http://editors.cis-india.org/internet-governance/blog/yojana-april-2014-who-governs-the-internet.pdf" class="external-link">Click to download the original here</a>. (PDF, 177 Kb)</p>
<hr />
<p style="text-align: justify; ">The role of the US perceived by some as the benevolent dictator or primary steward of the Internet because of history, technology, topology and commerce came under scrutiny again. The I star bodies also known as the technical community - Internet Corporation for Assigned Names and Numbers (ICANN); five Regional Internet Registries (RIRs) ie. African, American, Asia-Pacific, European and Latin American; two standard setting organisations - World Wide Web Consortium (W3C) & Internet Engineering Task Force (IETF); the Internet Architecture Board (IAB); and Internet Society (ISOC) responded by issuing the Montevideo Statement <a href="#fn1" name="fr1">[1] </a> on the 7th of October. The statement expressed "strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance." It called for "accelerating the globalization of ICANN and IANA functions..." - did this mean that the I star bodies were finally willing to end the special role that US played in Internet governance? However, that dramatic shift in position was followed with the following qualifier "...towards an environment in which all stakeholders, including all governments, participate on an equal footing." Clearly indicating that for the I star bodies multistakeholderism was non-negotiable. Two days later President Rousseff after a meeting with Fadi Chehadé, announced on Twitter that Brazil would host "an international summit of governments, industry, civil society and academia." <a href="#fn2" name="fr2">[2] </a> The meeting has now been dubbed Net Mundial and 188 proposals for “principles” or “roadmaps for the further evolution of the Internet governance ecosystem” have been submitted for discussion in São Paulo on the 23rd and 24th of April. The meeting will definitely be an important milestone for multilateral and multi-stakeholder mechanisms in the ecosystem.</p>
<p style="text-align: justify; ">It has been more than a decade since this debate between multilateralism and multi-stakeholderism has ignited. Multistakeholderism is a form of governance that seeks to ensure that every stakeholder is guaranteed a seat at the policy formulation table (either in consultative capacity or in decision making capacity depending who you ask). The Tunis Agenda, which was the end result of the 2003-05 WSIS upheld the multistakeholder mode. The 2003–2005 World Summit on the Information Society process was seen by those favouring the status quo at that time as the first attempt by the UN bodies or multilateralism - to takeover the Internet. However, the end result i.e. Tunis Agenda <a href="#fn3" name="fr3">[3]</a> clarified and reaffirmed multi-stakeholderism as the way forward even though multilateral governance mechanisms were also accepted as a valid component of Internet governance. The list of stakeholders included states, the private sector, civil society, intergovernmental organisations, international standards organisations and the “academic and technical communities within those stakeholder groups mentioned” above. The Tunis Agenda also constituted the Internet Governance Forum (IGF) and the process of Enhanced Cooperation.</p>
<p style="text-align: justify; ">The IGF was defined in detail with a twelve point mandate including to “identify emerging issues, bring them to the attention of the relevant bodies and the general public, and, where appropriate, make recommendations.” In brief it was to be a learning Forum, a talk shop and a venue for developing soft law not international treaties. Enhanced Cooperation was defined as “to enable governments, on an equal footing, to carry out their roles and responsibilities, in international public policy issues pertaining to the Internet, but not in the day-to-day technical and operational matters, that do not impact on international public policy issues” – and to this day, efforts are on to define it more clearly.</p>
<p style="text-align: justify; ">Seven years later, during the World Conference on Telecommunication in Dubai, the status quoists dubbed it another attempt by the UN to take over the Internet. Even those non-American civil society actors who were uncomfortable with US dominance were willing to settle for the status quo because they were convinced that US court would uphold human rights online more robustly than most other countries. In fact, the US administration had laid a good foundation for the demonization of the UN and other nation states that preferred an international regime. "Internet freedom" was State Department doctrine under the leadership of Hillary Clinton. As per her rhetoric – there were good states, bad states and swing states. The US, UK and some Scandinavian countries were the defenders of freedom. China, Russia and Saudi Arabia were examples of authoritarian states that were balkanizing the Internet. And India, Brazil and Indonesia were examples of swing states – in other words, they could go either way – join the good side or the dark side.</p>
<p style="text-align: justify; ">But Internet freedom rhetoric was deeply flawed. The US censorship regime is really no better than China’s. China censors political speech – US censors access to knowledge thanks to the intellectual property (IP) rightsholder lobby that has tremendous influence on the Hill. Statistics of television viewership across channels around the world will tell us how the majority privileges cultural speech over political speech on any average day. The great firewall of China only affects its citizens – netizens from other jurisdictions are not impacted by Chinese censorship. On the other hand, the US acts of censorship are usually near global in impact.</p>
<p style="text-align: justify; ">This is because the censorship regime is not predominantly based on blocking or filtering but by placing pressure on identification, technology and financial intermediaries thereby forcing their targets offline. When it comes to surveillance, one could argue that the US is worse than China. Again, as was the case with censorship, China only conducts pervasive blanket surveillance upon its citizens – unlike US surveillance, which not only affects its citizens but targets every single user of the Internet through a multi-layered approach with an accompanying acronym soup of programmes and initiatives that include malware, trojans, software vulnerabilities, back doors in encryption standards, over the top service providers, telcos, ISPs, national backbone infrastructure and submarine fibre optic cables.</p>
<p class="callout" style="text-align: justify; ">Security guru Bruce Schneier tells us that "there is no security without privacy. And liberty requires both security and privacy.” Blanket surveillance therefore undermines the security imperative and compromises functioning markets by make e-commerce, e-banking, intellectual property, personal information and confidential information vulnerable. Building a secure Internet and information society will require ending mass surveillance by states and private actors.</p>
<h3 style="text-align: justify; ">The Opportunity for India</h3>
<p style="text-align: justify; ">Unlike the America with its straitjacketed IP regime, India believes that access to knowledge is a precondition for freedom of speech and expression. As global intellectual property policy or access to knowledge policy is concerned, India is considered a leader both when it comes to domestic policy and international policy development at the World Intellectual Property Organisation. From the 70s our policy-makers have defended the right to health in the form of access to medicines. More recently, India played a critical role in securing the Marrakesh Treaty for Visually Impaired Persons in June 2013 which introduces a user right [also referred to as an exception, flexibility or limitation] which allows the visually impaired to convert books to accessible formats without paying the copyright-holder if an accessible version has not been made available. The Marrakesh Treaty is disability specific [only for the visually impaired] and works specific [only for copyright]. This is the first instance of India successfully exporting policy best practices. India's exception for the disabled in the Copyright Act unlike the Marrakesh Treaty, however, is both disability-neutral and works-neutral.</p>
<p style="text-align: justify; ">Given that the Internet is critical to the successful implementation of the Treaty ie. cross border sharing of works that have been made accessible to disabled persons in one country with the global community, it is perhaps time for India to broaden its influence into the sphere of Internet governance and the governance of information societies more broadly.</p>
<p style="text-align: justify; ">Post-Snowden, the so called swing states occupy the higher moral ground. It is time for these states to capitalize on this moment using strong political will. Instead of just being a friendly jurisdiction from the perspective of access to medicine, it is time for India to also be the enabling jurisdiction for access to knowledge more broadly. We could use patent pools and compulsory licensing to provide affordable and innovative digital hardware [especially mobile phones] to the developing world. This would ensure that rights-holders, innovators, manufactures, consumers and government would all benefit from India going beyond being the pharmacy of the world to becoming the electronics store of the world. We could explore flat-fee licensing models like a broadband copyright cess or levy to ensure that users get content [text, images, video, audio, games and software] at affordable rates and rights-holders get some royalty from all Internet users in India. This will go a long way in undermining the copyright enforcement based censorship regime that has been established by the US. When it comes to privacy – we could enact a world-class privacy law and establish an independent, autonomous and proactive privacy commissioner who will keep both private and state actors on a short lease. Then we need a scientific, targeted surveillance regime that is in compliance with human rights principles. This will make India simultaneously an IP and privacy haven and thereby attract huge investment from the private sector, and also earn the goodwill of global civil society and independent media. Given that privacy is a precondition for security, this will also make India very secure from a cyber security perspective. Of course this is a fanciful pipe dream given our current circumstances but is definitely a possible future for us as a nation to pursue.</p>
<h3 style="text-align: justify; ">What is the scope of Internet Governance?</h3>
<p style="text-align: justify; ">Part of the tension between multi-stakeholderism and multilateralism is that there is no single, universally accepted definition of Internet governance. The conservative definitions of Internet Governance limits it to management of critical Internet resources, including the domain name system, IP addresses and root servers – in other words, the ICANN, IANA functions, regional registries and other I* bodies. This is where US dominance has historically been most explicit. This is also where the multi-stakeholder model has clearly delivered so far and therefore we must be most careful about dismantling existing governance arrangements. There are very broadly four approaches for reducing US dominance here – a) globalization [giving other nation-states a role equal to the US within the existing multi-stakeholder paradigm], b) internationalization [bring ICANN, IANA functions, registries and I* bodies under UN control or oversight], c) eliminating the role for nation states in the IANA functions<a href="#fn4" name="fr4">[4]</a> and d) introducing competitors for names and numbers management. Regardless of the final solution, it is clear that those that control domain names and allocate IP addresses will be able to impact the freedom of speech and expression. The impact on the national security of India is very limited given that there are three root servers <a href="#fn5" name="fr5">[5] </a> within national borders and it would be near impossible for the US to shut down the Internet in India.</p>
<p style="text-align: justify; ">For a more expansive definition – The Working Group on Internet Governance report<a href="#fn6" name="fr6">[6] </a>has four categories for public policy issues that are relevant to Internet governance:</p>
<p style="text-align: justify; ">“(a) Issues relating to infrastructure and the management of critical Internet resources, including administration of the domain name system and Internet protocol addresses (IP addresses), administration of the root server system, technical standards, peering and interconnection, telecommunications infrastructure, including innovative and convergent technologies, as well as multilingualization. These issues are matters of direct relevance to Internet governance and fall within the ambit of existing organizations with responsibility for these matters;</p>
<p style="text-align: justify; ">(b) Issues relating to the use of the Internet, including spam, network security and cybercrime. While these issues are directly related to Internet governance, the nature of global cooperation required is not well defined;</p>
<p style="text-align: justify; ">(c)Issues that are relevant to the Internet but have an impact much wider than the Internet and for which existing organizations are responsible, such as intellectual property rights (IPRs) or international trade. ...;</p>
<p style="text-align: justify; ">(d) Issues relating to the developmental aspects of Internet governance, in particular capacity-building in developing countries.”</p>
<p style="text-align: justify; ">Some of these categories are addressed via state regulation that has cascaded from multilateral bodies that are associated with the United Nations such as the World Intellectual Property Organisation for "intellectual property rights" and the International Telecommunication Union for “telecommunications infrastructure”. Other policy issues such as "cyber crime" are currently addressed via plurilateral instruments – for example the Budapest Convention on Cybercrime – and bilateral arrangements like Mutual Legal Assistance Treaties. "Spam" is currently being handled through self-regulatory efforts by the private sector such as Messaging, Malware and Mobile Anti-Abuse Working Group.<a href="#fn7" name="fr7">[7] </a> Other areas where there is insufficient international or global cooperation include "peering and interconnection" - the private arrangements that exist are confidential and it is unclear whether the public interest is being adequately protected.</p>
<h3 style="text-align: justify; ">So who really governs the Internet?</h3>
<p style="text-align: justify; ">So in conclusion, who governs the Internet is not really a useful question. This is because nobody governs the Internet per se. The Internet is a diffuse collection of standards, technologies and actors and dramatically different across layers, geographies and services. Different Internet actors – the government, the private sector, civil society and the technical and academic community are already regulated using a multiplicity of fora and governance regimes – self regulation, coregulation and state regulation. Is more regulation always the right answer? Do we need to choose between multilateralism and multi-stakeholderism? Do we need stable definitions to process? Do we need different version of multi-stakeholderism for different areas of governance for ex. standards vs. names and numbers? Ideally no, no, no and yes. In my view an appropriate global governance system will be decentralized, diverse or plural in nature yet interoperable, will have both multilateral and multistakeholder institutions and mechanisms and will be as interested in deregulation for the public interest as it is in regulation for the public interest.</p>
<hr />
<p style="text-align: justify; ">[<a href="#fr1" name="fn1">1</a>]. Montevideo Statement on the Future of Internet Cooperation <a class="external-link" href="https://www.icann.org/en/news/announcements/announcement-07oct13-en.htm">https://www.icann.org/en/news/announcements/announcement-07oct13-en.htm</a></p>
<p style="text-align: justify; ">[<a href="#fr2" name="fn2">2</a>]. Brazil to host global internet summit in ongoing fight against NSA surveillance <a class="external-link" href="http://rt.com/news/brazil-internet-summit-fight-nsa-006/">http://rt.com/news/brazil-internet-summit-fight-nsa-006/</a></p>
<p style="text-align: justify; ">[<a href="#fr3" name="fn3">3</a>]. Tunis Agenda For The Information Society <a class="external-link" href="http://www.itu.int/wsis/docs2/tunis/off/6rev1.html">http://www.itu.int/wsis/docs2/tunis/off/6rev1.html</a></p>
<p style="text-align: justify; ">[<a href="#fr4" name="fn4">4</a>]. Roadmap for globalizing IANA: Four principles and a proposal for reform: a submission to the Global Multistakeholder Meeting on the Future of Internet Governance by Milton Mueller and Brenden Kuerbis March 3rd 2014 See: <a class="external-link" href="http://www.internetgovernance.org/wordpress/wp-content/uploads/ICANNreformglobalizingIANAfinal.pdf">http://www.internetgovernance.org/wordpress/wp-content/uploads/ICANNreformglobalizingIANAfinal.pdf</a></p>
<p style="text-align: justify; ">[<a href="#fr5" name="fn5">5</a>]. Mumbai (I Root), Delhi (K Root) and Chennai (F Root). See: <a class="external-link" href="http://nixi.in/en/component/content/article/36-other-activities-/77-root-servers">http://nixi.in/en/component/content/article/36-other-activities-/77-root-servers</a></p>
<p style="text-align: justify; ">[<a href="#fr6" name="fn6">6</a>]. Report of the Working Group on Internet Governance to the President of the Preparatory Committee of the World Summit on the Information Society, Ambassador Janis Karklins, and the WSIS Secretary-General, Mr Yoshio Utsumi. Dated: 14 July 2005 See: <a class="external-link" href="http://www.wgig.org/WGIG-Report.html">http://www.wgig.org/WGIG-Report.html</a></p>
<p>[<a href="#fr7" name="fn7">7</a>].Messaging, Malware and Mobile Anti-Abuse Working Group website See: <a class="external-link" href="http://www.maawg.org/">http://www.maawg.org/</a></p>
<hr />
<p style="text-align: justify; "><i>The author is is the Executive Director of the Centre for Internet and Society (CIS), Bangalore. He is also the founder of Mahiti, a 15 year old social enterprise aiming to reduce the cost and complexity of information and communication technology for the voluntary sector by using free software. He is an Ashoka fellow. For three years, he also managed the International Open Source Network, a project of United Nations Development Programme's Asia-Pacific Development Information Programme, serving 42 countries in the Asia-Pacific region</i>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/yojana-april-2014-sunil-abraham-who-governs-the-internet-implications-for-freedom-and-national-security'>http://editors.cis-india.org/internet-governance/blog/yojana-april-2014-sunil-abraham-who-governs-the-internet-implications-for-freedom-and-national-security</a>
</p>
No publishersunilSurveillanceInternet GovernancePrivacy2014-04-05T16:23:36ZBlog EntryIndian PM Narendra Modi’s digital dream gets bad reception
http://editors.cis-india.org/internet-governance/news/the-australian-amanda-hodge-september-29-2015-indian-pm-narendra-modi-digital-dream-gets-bad-reception
<b>As Indian Prime Minister Narendra Modi told Silicon Valley’s most powerful chief executives this week how his government “attacked poverty by using the power of networks and mobile phones’’, the entire population of the state of Kashmir remained offline — by order of the state.
</b>
<p style="text-align: justify; ">The article by Amanda Hodge was published in <a class="external-link" href="http://www.theaustralian.com.au/news/world/indian-pm-narendra-modis-digital-dream-gets-bad-reception/story-e6frg6so-1227547929688">the Australian</a> on September 29, 2015. Sunil Abraham gave inputs.</p>
<hr />
<p style="text-align: justify; ">“I see technology as a means to empower and as a tool that bridges the distance between hope and opportunity,” Mr Modi said yesterday on a trip in which he will also discuss development at the UN.</p>
<p style="text-align: justify; ">Earlier, in a “town hall” meeting with Facebook chief Mark Zuckerberg Mr Modi hailed the power of social media networks that gave governments the opportunity to correct themselves “every five minutes”, rather than every five years.</p>
<p style="text-align: justify; ">His remarks during his Digital India tour of the US west coast sparked a storm of Twitter protest.</p>
<p style="text-align: justify; ">The northern state’s former chief minister Omar Abdullah, who noted the “irony of listening to Prime Minister Modi lecturing about connected digital India, while we are totally disconnected”.</p>
<p style="text-align: justify; ">The ban on mobile and broadband internet in Jammu and Kashmir was imposed last Friday, the beginning of the Muslim holiday of Eid-ul-Zuha during which animals are slaughtered and the meat fed to the poor, for fear social media could inflame tensions over the state government’s decision to enforce a beef ban.</p>
<p style="text-align: justify; ">It was to have lasted 24 hours but — notwithstanding Twitter feedback — was extended twice as a “precautionary” measure.</p>
<p style="text-align: justify; ">As Mr Modi outlined his dreams of a broadband network connecting the country’s most remote communities, millions of New Delhi mobile phone users continued their daily wrestle with line dropouts.</p>
<p style="text-align: justify; ">“We are bringing technology, transparency, efficiency, ease and effectiveness in governance,” he said, as in New Delhi the government talked of pulling down more mobile towers.</p>
<p style="text-align: justify; ">Centre for Internet and Society director Sunil Abraham said yesterday: “Schizophrenia between rhetoric and reality (on digital policy) is the global standard for all world leaders.</p>
<p style="text-align: justify; ">“Politicians in opposition are invariably opposed to surveillance and in favour of free speech but the very day that politician assumes office even if it is someone as splendid as Barack Obama, they change their opinions on these topics and become pro-surveillance and pro-censorship.”</p>
<p style="text-align: justify; ">Certainly successive Indian governments have had a patchy record on such issues. Last March India’s activist Supreme Court struck down a controversial section of the Information Technology Act which made posting information of a “grossly offensive or menacing character” punishable by up to three years’ jail.</p>
<p style="text-align: justify; ">That month police in northern Uttar Pradesh arrested a teenager for a Facebook post, which they said “carried derogatory language against a community”.</p>
<p style="text-align: justify; ">Previous cases under the former Congress-led government include that of a university professor detained for posting a cartoon about the chief minister of West Bengal and the arrest of two young women over a Facebook post criticising the shutdown of Mumbai following the death of a Hindu right politician.</p>
<p style="text-align: justify; ">While Mr Modi’s government welcomed the Supreme Court ruling as a “landmark day for freedom of speech and expression”, last month it attempted to block 857 random porn sites.</p>
<p style="text-align: justify; ">Notwithstanding the gulf between Mr Modi’s digital dream rhetoric and the reality at home, his second US visit in 17 months has reaped dividends. Google has committed to a joint initiative to roll out free Wi-Fi to 500 railway stations across the country, and Qualcomm has pledged a $US150 million ($213m) tech startup fund.</p>
<p style="text-align: justify; ">But Mr Abraham warned of the potential for such investments to compromise net neutrality — the principle of allowing internet users access to all content and applications.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/the-australian-amanda-hodge-september-29-2015-indian-pm-narendra-modi-digital-dream-gets-bad-reception'>http://editors.cis-india.org/internet-governance/news/the-australian-amanda-hodge-september-29-2015-indian-pm-narendra-modi-digital-dream-gets-bad-reception</a>
</p>
No publisherpraskrishnaInternet GovernanceCensorshipSurveillance2015-09-29T15:23:04ZNews ItemMastering the Art of Keeping Indians Under Surveillance
http://editors.cis-india.org/internet-governance/blog/the-wire-may-30-2015-bhairav-acharya-mastering-the-art-of-keeping-indians-under-surveillance
<b>In its first year in office, the National Democratic Alliance government has been notably silent on the large-scale surveillance projects it has inherited. This ended last week amidst reports the government is hastening to complete the Central Monitoring System (CMS) within the year.</b>
<p style="text-align: justify; ">The article was published in <a class="external-link" href="http://thewire.in/2015/05/30/mastering-the-art-of-keeping-indians-under-surveillance-2756/">the Wire</a> on May 30, 2015.</p>
<hr />
<p style="text-align: justify; ">In a statement to the Rajya Sabha in 2009, Gurudas Kamat, the erstwhile United Progressive Alliance’s junior communications minister, said the CMS was a project to enable direct state access to all communications on mobile phones, landlines, and the Internet in India. He meant the government was building ‘backdoors’, or capitalising on existing ones, to enable state authorities to intercept any communication at will, besides collecting large amounts of metadata, without having to rely on private communications carriers.</p>
<p style="text-align: justify; ">This is not new. Legally sanctioned backdoors have existed in Europe and the USA since the early 1990s to enable direct state interception of private communications. But the laws of those countries also subject state surveillance to a strong regime of state accountability, individual freedoms, and privacy. This regime may not be completely robust, as Edward Snowden’s revelations have shown, but at least it exists on paper. The CMS is not illegal by itself, but it is coloured by the compromised foundation of Indian surveillance law upon which it is built.</p>
<p style="text-align: justify; "><b>Surveillance and social control</b></p>
<p style="text-align: justify; ">The CMS is a technological project. But technology does not exist in isolation; it is contextualised by law, society, politics, and history. Surveillance and the CMS must be seen in the same contexts.</p>
<p style="text-align: justify; ">The great sociologist Max Weber claimed the modern state could not exist without monopolising violence. It seems clear the state also entertains the equal desire to monopolise communications technologies. The state has historically shaped the way in which information is transmitted, received, and intercepted. From the telegraph and radio to telephones and the Internet, the state has constantly endeavoured to control communications technologies.</p>
<p style="text-align: justify; ">Law is the vehicle of this control. When the first telegraph line was laid down in India, its implications for social control were instantly realised; so the law swiftly responded by creating a state monopoly over the telegraph. The telegraph played a significant role in thwarting the Revolt of 1857, even as Indians attempted to destroy the line; so the state consolidated its control over the technology to obviate future contests.</p>
<p style="text-align: justify; ">This controlling impulse was exercised over radio and telephones, which are also government monopolies, and is expressed through the state’s surveillance prerogative. On the other hand, because of its open and decentralised architecture, the Internet presents the single greatest threat to the state’s communications monopoly and dilutes its ability to control society.</p>
<p style="text-align: justify; "><b>Interception in India</b></p>
<p style="text-align: justify; ">The power to intercept communications arises with the regulation of telegraphy. The first two laws governing telegraphs, in 1854 and 1860, granted the government powers to take possession of telegraphs “on the occurrence of any public emergency”. In 1876, the third telegraph law expanded this threshold to include “the interest of public safety”. These are vague phrases and their interpretation was deliberately left to the government’s discretion.</p>
<p style="text-align: justify; ">This unclear formulation was replicated in the Indian Telegraph Act of 1885, the fourth law on the subject, which is currently in force today. The 1885 law included a specific power to wiretap. Incredibly, this colonial surveillance provision survived untouched for 87 years even as countries across the world balanced their surveillance powers with democratic safeguards.</p>
<p style="text-align: justify; ">The Indian Constitution requires all deprivations of free speech to conform to any of nine grounds listed in Article 19(2). Public emergencies and public safety are not listed. So Indira Gandhi amended the wiretapping provision in 1972 to insert five grounds copied from Article 19(2). However, the original unclear language on public emergencies and public safety remained.</p>
<p style="text-align: justify; ">Indira Gandhi’s amendment was ironic because one year earlier she had overseen the enactment of the Defence and Internal Security of India Act, 1971 (DISA), which gave the government fresh powers to wiretap. These powers were not subject to even the minimal protections of the Telegraph Act. When the Emergency was imposed in 1975, Gandhi’s government bypassed her earlier amendment and, through the DISA Rules, instituted the most intensive period of surveillance in Indian history.</p>
<p style="text-align: justify; ">Although DISA was repealed, the tradition of having parallel surveillance powers for fictitious emergencies continues to flourish. Wiretapping powers are also found in the Maharashtra Control of Organised Crime Act, 1999 which has been copied by Karnataka, Andhra Pradesh, Arunachal Pradesh, and Gujarat.</p>
<p style="text-align: justify; "><b>Procedural weaknesses</b></p>
<p style="text-align: justify; ">Meanwhile, the Telegraph Act with its 1972 amendment continued to weather criticism through the 1980s. The wiretapping power was largely exercised free of procedural safeguards such as the requirements to exhaust other less intrusive means of investigation, minimise information collection, limit the sharing of information, ensure accountability, and others.</p>
<p style="text-align: justify; ">This changed in 1996 when the Supreme Court, on a challenge brought by PUCL, ordered the government to create a minimally fair procedure. The government fell in line in 1999, and a new rule, 419A, was put into the Indian Telegraph Rules, 1951.</p>
<p style="text-align: justify; ">Unlike the United States, where a wiretap can only be ordered by a judge when she decides the state has legally made its case for the requested interception, an Indian wiretap is sanctioned by a bureaucrat or police officer. Unlike the United Kingdom, which also grants wiretapping powers to bureaucrats but subjects them to two additional safeguards including an independent auditor and a judicial tribunal, an Indian wiretap is only reviewed by a committee of the original bureaucrat’s colleagues. Unlike most of the world which restricts this power to grave crime or serious security needs, an Indian wiretap can even be obtained by the income tax department.</p>
<p style="text-align: justify; ">Rule 419A certainly creates procedure, but it lacks crucial safeguards that impugn its credibility. Worse, the contours of rule 419A were copied in 2009 to create flawed procedures to intercept the content of Internet communications and collect metadata. Unlike rule 419A, these new rules issued under sections 69(2) and 69B(3) of the Information Technology Act 2000 have not been constitutionally scrutinised.</p>
<p style="text-align: justify; "><b>Three steps to tap</b></p>
<p style="text-align: justify; ">Despite its monopoly, the state does not own the infrastructure of telephones. It is dependent on telecommunications carriers to physically perform the wiretap. Indian wiretaps take place in three steps: a bureaucrat authorises the wiretap; a law enforcement officer serves the authorisation on a carrier; and, the carrier performs the tap and returns the information to the law enforcement officer.</p>
<p style="text-align: justify; ">There are many moving parts in this process, and so there are leaks. Some leaks are cynically motivated such as Amar Singh’s lewd conversations in 2011. But others serve a public purpose: Niira Radia’s conversations were allegedly leaked by a whistleblower to reveal serious governmental culpability. Ironically, leaks have created accountability where the law has failed.</p>
<p style="text-align: justify; ">The CMS will prevent leaks by installing servers on the transmission infrastructure of carriers to divert communications to regional monitoring centres. Regional centres, in turn, will relay communications to a centralised monitoring centre where they will be analysed, mined, and stored. Carriers will no longer perform wiretaps; and, since this obviates their costs of compliance, they are willing participants.</p>
<p style="text-align: justify; ">In its annual report of 2012, the Centre for the Development of Telematics (C-DOT), a state-owned R&D centre tasked with designing and creating the CMS, claimed the system would intercept 3G video, ILD, SMS, and ISDN PRI communications made through landlines or mobile phones – both GSM and CDMA.</p>
<p style="text-align: justify; ">There are unclear reports of an expansion to intercept Internet data, such as emails and browsing details, as well as instant messaging services; but these remain unconfirmed. There is also a potential overlap with another secretive Internet surveillance programme being developed by the Defence R&D Organisation called NETRA, no details of which are public.</p>
<p style="text-align: justify; "><b>Culmination of surveillance</b></p>
<p style="text-align: justify; ">In its present state, Indian surveillance law is unable to bear the weight of the CMS project, and must be vastly strengthened to protect privacy and accountability before the state is given direct access to communications.</p>
<p style="text-align: justify; ">But there is a larger way to understand the CMS in the context of Indian surveillance. Christopher Bayly, the noted colonial historian, writes that when the British set about establishing a surveillance apparatus in colonised India, they came up against an established system of indigenous intelligence gathering. Colonial rule was at its most vulnerable at this point of intersection between foreign surveillance and indigenous knowledge, and the meeting of the two was riven by suspicion. So the colonial state simply co-opted the interface by creating institutions to acquire local knowledge.</p>
<p style="text-align: justify; ">The CMS is also an attempt to co-opt the interface between government and the purveyors of communications; because if the state cannot control communications, it cannot control society. Seen in this light, the CMS represents the natural culmination of the progression of Indian surveillance. No challenge against it that does not question the construction of the modern Indian state will be successful.</p>
<p style="text-align: justify; "><i> </i></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/the-wire-may-30-2015-bhairav-acharya-mastering-the-art-of-keeping-indians-under-surveillance'>http://editors.cis-india.org/internet-governance/blog/the-wire-may-30-2015-bhairav-acharya-mastering-the-art-of-keeping-indians-under-surveillance</a>
</p>
No publisherbhairavSurveillanceInternet GovernancePrivacy2015-08-23T12:26:48ZBlog EntryGovt to keep Aadhaar record for 7 years, activists worried
http://editors.cis-india.org/internet-governance/news/hindustan-times-aloke-tikku-october-17-2016-govt-to-keep-aadhaar-record-for-seven-years-activitsts-worried
<b>The government will keep for seven years a record of all the services and benefits availed using the Aadhaar number, say new rules, prompting fears that the database could be used for surveillance.</b>
<p style="text-align: justify; ">The article by Aloke Tikku was published in the <a class="external-link" href="http://www.hindustantimes.com/india-news/govt-to-keep-aadhar-record-for-7-years-activists-worried/story-jSY820Ee1ZnQNLL5vuWMOI.html">Hindustan Times</a> on October 17, 2016. Sunil Abraham was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">The Unique Identification Authority of India (UIDAI), which issues the 12-digit biometric identity to all Indian residents, will be required to preserve its record of verification of an Aadhaar number for the duration.</p>
<p style="text-align: justify; ">“This is an unprecedented centralised data retention provision,” said Sunil Abraham, director of the Bengaluru-based think tank, Centre for Internet and Society.<br /><br />UIDAI chief executive officer ABP Pandey said the concerns were exaggerated. The agency was keeping records in case a dispute arose over a transaction.</p>
<p style="text-align: justify; ">The information will be retained online for two years and another five years in the offline archives, say the rules notified in September.<br /><br />Users will be able to check the records but only for two years.<br /><br />This restriction won’t apply to security agencies. Pandey, however, said the records would not be available to them without a district judge’s permission.<br /><br />But, HT found that the rules allow designated joint secretary-level officers at the Centre to order access to information on the grounds of national security.<br /><br />“Once Aadhaar becomes mandatory for all services, it can be used by benign and malignant actors to conduct a 360-degree surveillance on any individual,” Abraham said.<br /><br />This is how the system, which will need millions of fingerprint-reading machines, works.<br /><br />Every time a person fingerprints and quotes the Aadhaar number, the agency concerned sends the data to UIDAI to crosscheck the particulars.<br /><br />The UIDAI authenticates about five million Aadhaar numbers, which are quoted to avail LPG subsidy, cheap ration and even passport, a day against a capacity to verify 100 million requests daily.<br /><br />“You can think of it as Natgrid Plus,” Abraham said, a reference to the National Intelligence Grid being built by the government.<br /><br />A one-stop database for counter-terrorism agencies, Natgrid will collate information real time from databases of various agencies such as bank, rail and airline networks.<br /><br />“…we do not record the purpose for which an authentication request was received but only the details of the agency that sent it,” UIDAI’s Pandey said.<br /><br />But seven years is a long time. Only a select category of government files are kept for longer than five years.<br /><br />Asked about two-year deadline for users, Pandey said it would have been a logistic nightmare to let people access the records once the information was offline.<br /><br />The Supreme Court has a ruled that Aadhaar is not a must for availing welfare schemes and is to decide if collecting biometric data for the 12-digit number infringed an individual’s privacy.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/hindustan-times-aloke-tikku-october-17-2016-govt-to-keep-aadhaar-record-for-seven-years-activitsts-worried'>http://editors.cis-india.org/internet-governance/news/hindustan-times-aloke-tikku-october-17-2016-govt-to-keep-aadhaar-record-for-seven-years-activitsts-worried</a>
</p>
No publisherpraskrishnaSurveillanceAadhaarInternet GovernancePrivacy2016-10-17T01:53:24ZNews ItemUN Human Rights Council urged to protect human rights online
http://editors.cis-india.org/internet-governance/blog/un-human-rights-council-urged-to-protect-human-rights-online
<b>63 civil society groups urged the UN Human Rights Council to address global challenges to freedom of expression, privacy and other human rights on the Internet. Centre for Internet & Society joined in the statement, delivered on behalf of the 63 groups by Article 19.
</b>
<p style="text-align: justify; ">The 26th session of the United Nations Human Rights Council (UNHRC) is currently ongoing (June 10-27, 2014). <span>On June 19, 2014, 63 civil society groups joined together to urge the United Nations Human Rights Council to protect human rights online and address global challenged to their realization. Centre for Internet & Society joined in support of the statement ("<strong>the Civil Society Statement</strong>"), which was delivered by Article 19 on behalf of the 63 groups.</span></p>
<p style="text-align: justify; ">In its consensus resolution <a class="external-link" href="http://ap.ohchr.org/documents/dpage_e.aspx?si=A/HRC/RES/20/8">A/HRC/20/8 (2012)</a>, the UNHRC affirmed that the "<span><i>same rights that people have offline must also be protected online, in particular freedom of expression, which is applicable regardless of frontiers and through any media of one’s choice</i>". India, a current member of the UNHRC, stood in support of resolution 20/8. The protection of human rights online was also a matter of popular agreement at <a class="external-link" href="http://netmundial.br/wp-content/uploads/2014/04/NETmundial-Multistakeholder-Document.pdf">NETmundial 2014</a>, which similarly emphasised the importance of protecting human rights online in accordance with international human rights obligations. Moreover, the WSIS+10 High Level Event, organised by the ITU in collaboration with other UN entities, emphasized the criticality of expanding access to ICTs across the globe, including infrastructure, affordability and reach.</span></p>
<p style="text-align: justify; ">The Civil Society Statement at HRC26 highlights the importance of retaining the Internet as a global resource - a democratic, free and pluralistic platform. However, the recent record of freedom of expression and privacy online have resulted in a deficit of trust and free, democratic participation. <a class="external-link" href="http://www.nytimes.com/2014/03/21/world/europe/turkish-officials-block-twitter-in-leak-inquiry.html">Turkey</a>, <a class="external-link" href="http://www.bbc.com/news/blogs-trending-25756864">Malaysia</a>, <a class="external-link" href="http://www.washingtonpost.com/blogs/monkey-cage/wp/2014/05/27/thailands-cybercoup/">Thailand</a>, <a class="external-link" href="http://www.theguardian.com/world/2014/jun/02/egypt-police-monitor-social-media-dissent-facebook-twitter-protest">Egypt</a> and <a class="external-link" href="http://timesofindia.indiatimes.com/tech/tech-news/Facebook-under-fire-for-blocking-pages-in-Pakistan/articleshow/36194872.cms">Pakistan</a> have blocked web-pages and social media content, while Edward Snowden's <a class="external-link" href="https://www.eff.org/deeplinks/2014/05/looking-back-one-year-after-edward-snowden-disclosures-international-perspective">revelations</a> have heightened awareness of human rights violations on the Internet.</p>
<p style="text-align: justify; ">At a time when governance of the Internet and its institutions is evolving, a human rights centred perspective is crucial. Openness and transparency - both in the governance of Internet institutions and rights online - are crucial to continuing growth of the Internet as a global, democratic and free resource, where freedom of expression, privacy and other rights are respected regardless of location or nationality. In particular, the Civil Society Statement calls attention to <a class="external-link" href="https://en.necessaryandproportionate.org/take-action/EFF">principles of necessity and proportionality</a> to regulate targeted interception and collection of personal data.</p>
<p style="text-align: justify; ">The UNHRC, comprising 47 member states, is called upon to address these global challenges. Guided by resolutions A/HRC/20/8 and <a class="external-link" href="http://www.un.org/ga/search/view_doc.asp?symbol=A/C.3/68/L.45/Rev.1">A/RES/68/167</a>, the WSIS+10 High Level Event <a class="external-link" href="http://www.itu.int/wsis/implementation/2014/forum/inc/doc/outcome/362828V2E.pdf">Outcome Documents</a> (especially operative paragraphs 2, 8 and 11 of the Vision Document) and the <a class="external-link" href="http://www.ohchr.org/EN/Issues/DigitalAge/Pages/DigitalAgeIndex.aspx">forthcoming report</a> of the UN High Commissioner for Human Rights regarding privacy in the digital age, the UNHRC as well as other states may gather the opportunity and intention to put forth a strong case for human rights online in our post-2015 development-centred world.</p>
<h3><span>Civil Society Statement:</span></h3>
<p style="text-align: justify; ">The full oral statement can be accessed <b><a href="http://editors.cis-india.org/internet-governance/blog/unhrc-civil-society-statement-26th-session" class="internal-link">here</a></b>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/un-human-rights-council-urged-to-protect-human-rights-online'>http://editors.cis-india.org/internet-governance/blog/un-human-rights-council-urged-to-protect-human-rights-online</a>
</p>
No publishergeethaSocial MediaFreedom of Speech and ExpressionHuman Rights OnlineSurveillanceInternet GovernanceUNHRC2014-06-19T13:28:32ZBlog EntryWSIS+10 High Level Event: A Bird's Eye Report
http://editors.cis-india.org/internet-governance/blog/wsis-10-high-level-event-a-birds-eye-report
<b>The WSIS+10 High Level was organised by the ITU and collaborative UN entities on June 9-13, 2014. It aimed to evaluate the progress on implementation of WSIS Outcomes from Geneva 2003 and Tunis 2005, and to envision a post-2015 Development Agenda. Geetha Hariharan attended the event on CIS' behalf.</b>
<p style="text-align: justify; "><span>The World Summit on Information Society (WSIS) +10 </span><a href="http://www.itu.int/wsis/implementation/2014/forum/">High Level Event</a><span> (HLE) was hosted at the ITU Headquarters in Geneva, from June 9-13, 2014. The HLE aimed to review the implementation and progress made on information and communication technology (ICT) across the globe, in light of WSIS outcomes (</span><a href="http://www.itu.int/wsis/index-p1.html">Geneva 2003</a><span> and </span><a href="http://www.itu.int/wsis/index-p2.html">Tunis 2005</a><span>). Organised in three parallel tracks, the HLE sought to take stock of progress in ICTs in the last decade (High Level track), initiate High Level Dialogues to formulate the post-2015 development agenda, as well as host thematic workshops for participants (Forum track).</span><span> </span></p>
<h3 style="text-align: justify; ">The High Level Track:</h3>
<p style="text-align: justify; "><img src="http://editors.cis-india.org/internet-governance/blog/copy2_of_HighLevelTrack.jpg/@@images/be5f993c-3553-4d63-bb66-7cd16f8407dc.jpeg" alt="High Level Track" class="image-inline" title="High Level Track" /></p>
<p style="text-align: justify; "><i>Opening Ceremony, WSIS+10 High Level Event </i>(<a class="external-link" href="https://twitter.com/ITU/status/334587247556960256/photo/1">Source</a>)</p>
<p style="text-align: justify; ">The High Level track opened officially on June 10, 2014, and culminated with the endorsement by acclamation (as is ITU tradition) of two <a href="http://www.itu.int/wsis/implementation/2014/forum/inc/doc/outcome/362828V2E.pdf">Outcome Documents</a>. These were: (1) WSIS+10 Statement on the Implementation of WSIS Outcomes, taking stock of ICT developments since the WSIS summits, (2) WSIS+10 Vision for WSIS Beyond 2015, aiming to develop a vision for the post-2015 global information society. These documents were the result of the WSIS+10 <a href="http://www.itu.int/wsis/review/mpp/">Multi-stakeholder Preparatory Platform</a> (MPP), which involved WSIS stakeholders (governments, private sector, civil society, international organizations and relevant regional organizations).</p>
<p style="text-align: justify; ">The <strong>MPP</strong> met in six phases, convened as an open, inclusive consultation among WSIS stakeholders. It was not without its misadventures. While ITU Secretary General Dr. Hamadoun I. Touré consistently lauded the multi-stakeholder process, and Ambassador Janis Karklins urged all parties, especially governments, to “<i>let the UN General Assembly know that the multi-stakeholder model works for Internet governance at all levels</i>”, participants in the process shared stories of discomfort, disagreement and discord amongst stakeholders on various IG issues, not least human rights on the Internet, surveillance and privacy, and multi-stakeholderism. Richard Hill of the Association for Proper Internet Governance (<a href="http://www.apig.ch/">APIG</a>) and the Just Net Coalition writes that like NETmundial, the MPP was rich in a diversity of views and knowledge exchange, but stakeholders <a href="http://www.ip-watch.org/2014/06/16/what-questions-did-the-wsis10-high-level-event-answer/">failed to reach consensus</a> on crucial issues. Indeed, Prof. Vlamidir Minkin, Chairman of the MPP, expressed his dismay at the lack of consensus over action line C9. A compromise was agreed upon in relation to C9 later.<span> </span></p>
<p style="text-align: justify; ">Some members of civil society expressed their satisfaction with the extensive references to human rights and rights-centred development in the Outcome Documents. While governmental opposition was seen as frustrating, they felt that the <strong><span style="text-decoration: underline;">MPP had sought and achieved a common understanding</span></strong>, a sentiment <a href="https://twitter.com/covertlight/status/476748168051580928">echoed</a> by the ITU Secretary General. Indeed, even Iran, a state that had expressed major reservations during the MPP and felt itself unable to agree with the text, <a href="https://twitter.com/covertlight/status/476748723750711297">agreed</a> that the MPP had worked hard to draft a document beneficial to all.</p>
<p style="text-align: justify; ">Concerns around the MPP did not affect the <strong><span style="text-decoration: underline;">review of ICT developments</span></strong> over the last decade. High Level Panels with Ministers of ICT from states such as Uganda, Bangladesh, Sweden, Nigeria, Saudi Arabia and others, heads of the UN Development Programme, UNCTAD, Food and Agriculture Organisation, UN-WOMEN and others spoke at length of rapid advances in ICTs. The focus was largely on ICT access and affordability in developing states. John E. Davies of Intel repeatedly drew attention to innovative uses of ICTs in Africa and Asia, which have helped bridge divides of affordability, gender, education and capacity-building. Public-private partnerships were the best solution, he said, to affordability and access. At a ceremony evaluating implementation of WSIS action-lines, the Centre for Development of Advanced Computing (C-DAC), India, <a href="https://twitter.com/covertlight/status/476748723750711297">won an award</a> for its e-health application MOTHER.</p>
<p style="text-align: justify; "><span>The Outcome Documents themselves shall be analysed in a separate post. But in sum, the dialogue around Internet governance at the HLE centred around the success of the MPP. Most participants on panels and in the audience felt this was a crucial achievement within the realm of the UN, where the Tunis Summit had delineated strict roles for stakeholders in paragraph 35 of the </span><a href="http://www.itu.int/wsis/docs2/tunis/off/6rev1.html">Tunis Agenda</a><span>. Indeed, there was palpable relief in Conference Room 1 at the </span><a href="http://www.cicg.ch/en/">CICG</a><span>, Geneva, when on June 11, Dr. Touré announced that the Outcome Documents would be adopted without a vote, in keeping with ITU tradition, even if consensus was achieved by compromise.</span></p>
<h3 style="text-align: justify; ">The High Level Dialogues:</h3>
<p style="text-align: justify; "><img src="http://editors.cis-india.org/internet-governance/blog/HighLevelDialogues.jpg/@@images/3c30d94f-7a65-4912-bb42-2ccd3b85a18d.jpeg" alt="High Level Dialogues" class="image-inline" title="High Level Dialogues" /></p>
<p style="text-align: justify; "><i>Prof. Vladimir Minkin delivers a statement.</i> (<a class="external-link" href="https://twitter.com/JaroslawPONDER/status/476288845013843968/photo/1">Source</a>)</p>
<p style="text-align: justify; ">The High Level Dialogues on developing a post-2015 Development Agenda, based on WSIS action lines, were active on June 12. Introducing the Dialogue, Dr. Touré lamented the Millennium Development Goals as a “<i>lost opportunity</i>”, emphasizing the need to alert the UN General Assembly and its committees as to the importance of ICTs for development.</p>
<p style="text-align: justify; ">As on previous panels, there was <strong><span style="text-decoration: underline;">intense focus on access, affordability and reach in developing countries</span></strong>, with Rwanda and Bangladesh expounding upon their successes in implementing ICT innovations domestically. The world is more connected than it was in 2005, and the ITU in 2014 is no longer what it was in 2003, said speakers. But we lack data on ICT deployment across the globe, said Minister Knutssen of Sweden, recalling the gathering to the need to engage all stakeholders in this task. Speakers on multiple panels, including the Rwandan Minister for CIT, Marilyn Cade of ICANN and Petra Lantz of the UNDP, emphasized the need for ‘smart engagement’ and capacity-building for ICT development and deployment.</p>
<p style="text-align: justify; ">A crucial session on cybersecurity saw Dr. Touré envision a global peace treaty accommodating multiple stakeholders. On the panel were Minister Omobola Johnson of Nigeria, Prof. Udo Helmbrecht of the European Union Agency for Network and Information Security (ENISA), Prof. A.A. Wahab of Cybersecurity Malaysia and Simon Muller of Facebook. The focus was primarily on building laws and regulations for secure communication and business, while child protection was equally considered.<span> </span></p>
<p style="text-align: justify; ">The lack of laws/regulations for cybersecurity (child pornography and jurisdictional issues, for instance), or other legal protections (privacy, data protection, freedom of speech) in rapidly connecting developing states was noted. But the <strong><span style="text-decoration: underline;">question of cross-border surveillance and wanton violations of privacy went unaddressed</span></strong> except for the customary, unavoidable mention. This was expected. Debates in Internet governance have, in the past year, been silently and invisibly driven by the Snowden revelations. So too, at WSIS+10 Cybersecurity, speakers emphasized open data, information exchange, data ownership and control (the <a href="http://editors.cis-india.org/internet-governance/blog/ecj-rules-internet-search-engine-operator-responsible-for-processing-personal-data-published-by-third-parties">right to be forgotten</a>), but did not openly address surveillance. Indeed, Simon Muller of Facebook called upon governments to publish their own transparency reports: A laudable suggestion, even accounting for Facebook’s own undetailed and truncated reports.</p>
<p style="text-align: justify; ">In a nutshell, the post-2015 Development Agenda dialogues repeatedly emphasized the importance of ICTs in global connectivity, and their impact on GDP growth and socio-cultural change and progress. The focus was on taking this message to the UN General Assembly, engaging all stakeholders and creating an achievable set of action lines post-2015.</p>
<h3 style="text-align: justify; ">The Forum Track:</h3>
<p><img src="http://editors.cis-india.org/internet-governance/blog/copy_of_ForumTrack.jpg/@@images/dfcce68a-18d7-4f1e-897b-7208bb60abc9.jpeg" alt="Forum Track" class="image-inline" title="Forum Track" /></p>
<p><i>Participants at the UNESCO session on its Comprehensive Study on Internet-related Issues</i> (<a class="external-link" href="https://twitter.com/leakaspar/status/476690921644646400/photo/1">Source</a>)</p>
<p style="text-align: justify; ">The HLE was organized as an extended version of the WSIS Forum, which hosts thematic workshops and networking opportunities, much like any other conference. Running in parallel sessions over 5 days, the WSIS Forum hosted sessions by the ITU, UNESCO, UNDP, ICANN, ISOC, APIG, etc., on issues as diverse as the WSIS Action Lines, the future of Internet governance, the successes and failures of <a href="http://www.internetgovernance.org/2012/12/18/itu-phobia-why-wcit-was-derailed/">WCIT-2012</a>, UNESCO’s <a href="http://www.unesco.org/new/internetstudy">Comprehensive Study on Internet-related Issues</a>, spam and a taxonomy of Internet governance.<span> </span></p>
<p style="text-align: justify; ">Detailed explanation of each session I attended is beyond the scope of this report, so I will limit myself to the interesting issues raised.<span> </span></p>
<p style="text-align: justify; ">At ICANN’s session on its own future (June 9), Ms. Marilyn Cade emphasized the <strong><span style="text-decoration: underline;">importance of national and regional IGFs</span></strong> for both issue-awareness and capacity-building. Mr. Nigel Hickson spoke of engagement at multiple Internet governance fora: “<i>Internet governance is not shaped by individual events</i>”. In light of <a href="http://www.internetgovernance.org/2014/04/16/icann-anything-that-doesnt-give-iana-to-me-is-out-of-scope/">criticism</a> of ICANN’s apparent monopoly over IANA stewardship transition, this has been ICANN’s continual <a href="https://www.icann.org/resources/pages/process-next-steps-2014-06-06-en">response</a> (often repeated at the HLE itself). Also widely discussed was the <strong><span style="text-decoration: underline;">role of stakeholders in Internet governance</span></strong>, given the delineation of roles and responsibilities in the Tunis Agenda, and governments’ preference for policy-monopoly (At WSIS+10, Indian Ambassador Dilip Sinha seemed wistful that multilateralism is a “<i>distant dream</i>”).<span> </span></p>
<p style="text-align: justify; ">This discussion bore greater fruit in a session on Internet governance ‘taxonomy’. The session saw <a href="https://www.icann.org/profiles/george-sadowsky">Mr. George Sadowsky</a>, <a href="http://www.diplomacy.edu/courses/faculty/kurbalija">Dr. Jovan Kurbalija</a>, <a href="http://www.williamdrake.org/">Mr. William Drake</a> and <a href="http://www.itu.int/wsis/implementation/2014/forum/agenda/session_docs/170/ThoughtsOnIG.pdf">Mr. Eliot Lear</a> (there is surprisingly no official profile-page on Mr. Lear) expound on dense structures of Internet governance, involving multiple methods of classification of Internet infrastructure, CIRs, public policy issues, etc. across a spectrum of ‘baskets’ – socio-cultural, economic, legal, technical. Such studies, though each attempting clarity in Internet governance studies, indicate that the closer you get to IG, the more diverse and interconnected the eco-system gets. David Souter’s diagrams almost capture the flux of dynamic debate in this area (please see pages 9 and 22 of <a href="http://www.internetsociety.org/sites/default/files/ISOC%20framework%20for%20IG%20assessments%20-%20D%20Souter%20-%20final_0.pdf">this ISOC study</a>).</p>
<p style="text-align: justify; ">There were, for most part, insightful interventions from session participants. Mr. Sadowsky questioned the effectiveness of the Tunis Agenda delineation of stakeholder-roles, while Mr. Lear pleaded that techies be let to do their jobs without interference. <a href="http://internetdemocracy.in/">Ms. Anja Kovacs</a> raised pertinent concerns about <strong><span style="text-decoration: underline;">including voiceless minorities in a ‘rough consensus’ model</span></strong>. Across sessions, <strong><span style="text-decoration: underline;">questions of mass surveillance, privacy and data ownership rose</span></strong> from participants. The protection of human rights on the Internet – especially freedom of expression and privacy – made continual appearance, across issues like spam (<a href="http://www.itu.int/ITU-D/CDS/sg/rgqlist.asp?lg=1&sp=2010&rgq=D10-RGQ22.1.1&stg=1">Question 22-1/1</a> of ITU-D Study Group 1) and cybersecurity.</p>
<h3 style="text-align: justify; ">Conclusion:</h3>
<p style="text-align: justify; ">The HLE was widely attended by participants across WSIS stakeholder-groups. At the event, a great many relevant questions such as the future of ICTs, inclusions in the post-2015 Development Agenda, the value of muti-stakeholder models, and human rights such as free speech and privacy were raised across the board. Not only were these raised, but cognizance was taken of them by Ministers, members of the ITU and other collaborative UN bodies, private sector entities such as ICANN, technical community such as the ISOC and IETF, as well as (obviously) civil society.<span> </span></p>
<p style="text-align: justify; ">Substantively, the HLE did not address mass surveillance and privacy, nor of expanding roles of WSIS stakeholders and beyond. Processually, the MPP failed to reach consensus on several issues comfortably, and a compromise had to be brokered.</p>
<p style="text-align: justify; "><span>But perhaps a big change at the HLE was the positive attitude to multi-stakeholder models from many quarters, not least the ITU Secretary General Dr. Hamadoun Touré. His repeated calls for acceptance of multi-stakeholderism left many members of civil society surprised and tentatively pleased. Going forward, it will be interesting to track the ITU and the rest of UN’s (and of course, member states’) stances on multi-stakeholderism at the ITU Plenipot, the WSIS+10 Review and the UN General Assembly session, at the least.</span></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/wsis-10-high-level-event-a-birds-eye-report'>http://editors.cis-india.org/internet-governance/blog/wsis-10-high-level-event-a-birds-eye-report</a>
</p>
No publishergeethaWSIS+10PrivacyCybersecurityHuman Rights OnlineSurveillanceFreedom of Speech and ExpressionInternet GovernanceFacebookData ProtectionMulti-stakeholderICANNInternet AccessITUInternet StudiesE-GovernanceICT2014-06-20T15:57:32ZBlog EntryParanoid about state surveillance? Here’s the FD Guide to living in the age of snoops
http://editors.cis-india.org/internet-governance/news/factor-daily-sriram-sharma-december-12-2017-paranoid-about-state-surveillance-here-s-the-fd-guide-to-living-in-the-age-of-snoops
<b>The US does it, so does China. Ever since Edward Snowden’s revelations back in 2013, which exposed the extent of the US’s global surveillance apparatus, the public has been fairly clued into the extent of mass surveillance.</b>
<p style="text-align: justify; ">The blog post by Sriram Sharma was published in Factor Daily on December 12, 2017</p>
<p style="text-align: justify; ">It doesn’t take a conspiracy theorist to worry that India does it (or wants to), too, especially with the high decibel campaigns by banks, telecom service providers and others to have Indians link Aadhaar, the unique citizen ID, to multiple services.</p>
<p style="text-align: justify; ">If you want a dystopian picture of the future of surveillance, look no further than China, considered the world’s worst abuser of internet freedom for the third year in a row, according to the new Freedom House, a US-based NGO that conducts research and analysis on the internet. With a <a href="https://freedomhouse.org/report/freedom-net/2017/china" rel="noopener nofollow external noreferrer" target="_blank">score of 87/100</a> (higher is worse), the Chinese state is renowned for its Great Firewall, which filters access to the wider internet. “Digital activism has declined amid growing legal and technical restrictions as well as heavy prison sentences against prominent civil society figures,” the latest Freedom House report notes.</p>
<p style="text-align: justify; "><img class="size-full wp-image-12235" height="396" src="https://i0.wp.com/factordaily.com/wp-content/uploads/2017/12/freedom-of-net-india-2017.jpg?resize=660%2C416&ssl=1" width="629" /></p>
<p style="text-align: justify; ">India is rated “Partly Free” with a score of 41/100 (lower is better) in Freedom House’s 2017 report on internet freedom</p>
<p style="text-align: justify; ">While it’s a long way away from China, India scores <a href="https://freedomhouse.org/report/freedom-net/2017/india" rel="noopener nofollow external noreferrer" target="_blank">41/100</a> on Internet Freedom in 2017 but is still considered only ‘partly free’ owing to blocking of internet and telecom service providers in Kashmir and detainment of citizens for expressing their views online. The India report from Freedom House highlights Aadhaar’s mandatory linking for a wide range of schemes and records concerns regarding its privacy and security implications.</p>
<p style="text-align: justify; ">In this guide, we take a look at the why, what and how of India’s surveillance apparatus, the legal provisions in the Indian constitution that enables them, ask domain experts to provide us with tips on living in an age of state surveillance. We also take a look at a variety of widely used tools and apps that help you countering state surveillance or tracking of any kind.</p>
<p style="text-align: justify; "><b>Know your Big Brother: India’s State Surveillance Programs </b></p>
<p style="text-align: justify; ">Right to privacy organisation Privacy International has a detailed dossier on the <a href="https://www.privacyinternational.org/node/975#toc-4" rel="noopener nofollow external noreferrer" target="_blank">state of privacy in India</a>, which examines India’s surveillance schemes, laws around interception and access, and central intelligence agencies that carry out surveillance. Apart from the state police and the army, surveillance is carried out at least 16 different intelligence agencies, it notes.</p>
<p style="text-align: justify; ">The Centre for Internet and Society (CIS) and Software Freedom Law Centre (SFLC) have done extensive research in the past on India’s surveillance apparatus. Earlier <a href="https://cis-india.org/internet-governance/blog/the-design-technology-behind-india2019s-surveillance-programmes" rel="noopener nofollow external noreferrer" target="_blank">this year</a>, CIS reported on the various programs and tech infrastructure behind India’s surveillance state: these include Central Monitoring System (CMS), National Intelligence Grid (NATGRID), Network Traffic Analysis System (NETRA), etc. An earlier <a href="https://cis-india.org/internet-governance/blog/surveillance-industry-india.pdf" rel="noopener nofollow external noreferrer" target="_blank">CIS report</a> highlights a boom in surveillance tech in India following the 26/11 terror attacks in Mumbai.</p>
<p style="text-align: justify; ">Based on an RTI (Right to Information) filing, SFLC’s <a href="https://www.sflc.in/indias-surveillance-state-our-report-on-communications-surveillance-in-india" rel="noopener nofollow external noreferrer" target="_blank">2014 report</a> on India’s Surveillance State reveals that around 7,500 to 9,000 telephone interception orders are issued by the central government alone each month. State surveillance of citizens’ private communications is authorised by laws that let them monitor phone calls, texts, e-mails and Internet activity on a number of broadly worded grounds such as such as ‘security of the state’, ‘defence of India’, and ‘public safety’.</p>
<p style="text-align: justify; ">The Government of India is also known to said to work with private third parties, some of which go so far as to infect target devices using malicious software to extract information on the subject. A 2013 Citizen Lab report titled ‘<a href="https://citizenlab.ca/storage/finfisher/final/fortheireyesonly.pdf" rel="noopener nofollow external noreferrer" target="_blank">The Commercialisation of Digital Spying</a>’ found command and control servers (used to control the host system) for FinFisher (a remote computer monitoring software suite) in India. A Wikileaks <a href="https://gadgets.ndtv.com/internet/news/upa-was-client-of-controversial-italian-spyware-firm-claim-leaked-mails-713879" rel="noopener nofollow external noreferrer" target="_blank">expose in 2015</a> dumped over a million emails belonging to Italian surveillance malware vendor HackingTeam. The emails revealed how India’s top intelligence agencies and the government expressed interest in buying Hacking Team’s malware interception tools.</p>
<h3 style="text-align: justify; ">Fears of an Aadhaar Surveillance State</h3>
<p style="text-align: justify; ">Thejesh G N, an infoactivist wrote in <i>FactorDaily</i> about <a href="https://factordaily.com/hyderabad-police-surveillance-integrated-information-hub/">Hyderabad’s surveillance hub</a>, which wants to collect all manner of details. Aadhaar is one of the primary keys to matching profiles with external data sources, he notes.</p>
<p style="text-align: justify; "><img class="size-full wp-image-12230" height="457" src="https://i2.wp.com/factordaily.com/wp-content/uploads/2017/12/Aadhaar_Surveillance_infographic.jpg?resize=660%2C480&ssl=1" width="629" /></p>
<p style="text-align: justify; "> </p>
<p style="text-align: justify; "> </p>
<p style="text-align: justify; "><figure class="aligncenter wp-caption" id="attachment_12230">A look at data points gathered by Hyderabad’s Integrated Information Hub</figure></p>
<p style="text-align: justify; "> </p>
<p style="text-align: justify; "> </p>
<p style="text-align: justify; ">“The end product shows on a map where you live, what you consume, did you take PDS, move to some other place, your mobile number, gender… there’s a lot of data in the hands of the very lowest level of government, which doesn’t have any protection as by a parliamentary committee or anything like that. It’s run by bureaucrats, so that has huge implications,” he says. “If you see Citizen Four (a 2014 documentary about Edward Snowden), it shows a similar system, where you enter one’s SSN, and it shows everything you have done, and are planning to do. We are building the same system…Governments change, today we might have a good government, tomorrow we might have the worst possible government on the planet.”</p>
<p style="text-align: justify; ">Pranesh Prakash, Policy Director of CIS says he doesn’t regard Aadhaar as a surveillance project. “I see Aadhaar as something that can facilitate surveillance, but by and of itself, it isn’t surveillance,” he says, adding that it does so in a non-consensual manner. “By having Aadhaar numbers across multiple databases, you make surveillance easier. But you need to tie it up to a surveillance system. For instance, Aadhaar without NATGRID isn’t surveillance, but Aadhaar with NATGRID can be helpful for surveillance.” NATGRID (National Intelligence Grid) was first proposed in late 2009 following 26/11 attacks by the Union Home Minister, to enhance India’s counter-terror capabilities. It links 21 citizen databases for access to intelligence/enforcement agencies.</p>
<p style="text-align: justify; "><img class="size-full wp-image-12236" height="354" src="https://i1.wp.com/factordaily.com/wp-content/uploads/2017/12/screenshot.jpg?resize=660%2C371&ssl=1" width="629" /></p>
<p style="text-align: justify; ">Ongrid’s website earlier had this visualisation depicting its verification service, which made privacy advocates cringe. Source: Twitter.</p>
<p style="text-align: justify; ">We discussed some worst-case scenarios around the commercial use of Aadhaar and India Stack companies with Thejesh. “Let’s say there’s a screening company and they have your Aadhaar ID. They will send it to Airtel, or Vodafone, and ask for a list of all the websites you have viewed. Maybe you’ve watched porn or something, at some point in your life, and that could hurt your employment,” he says.</p>
<h2 style="text-align: justify; "><b>Curbing your data exhaust</b></h2>
<p style="text-align: justify; ">The EFF (Electronic Frontier Foundation) has published a number of<a href="https://www.eff.org/deeplinks/2013/10/ten-steps-against-surveillance" rel="noopener nofollow external noreferrer" target="_blank"> useful articles</a> and<a href="https://ssd.eff.org/en" rel="nofollow external noopener noreferrer"> resources</a> for countering internet surveillance. Recommendations include using end-to-end encryption through tools such as OTR (a messaging protocol available on Adium),<a href="https://ssd.eff.org/en/module/how-use-pgp-mac-os-x" rel="noopener nofollow external noreferrer" target="_blank"> PGP</a> (to exchange secure emails), and Signal (messenger).</p>
<p style="text-align: justify; ">Other useful tips:</p>
<h2 style="text-align: justify; "><b>Use VPNs </b><b><br /> </b></h2>
<p style="text-align: justify; ">VPNs (virtual private networks) use encryption protocols and secure tunneling techniques to keep your internet activity impervious to snooping. With a VPN, you can bypass ISP restrictions on blocked websites or access services (Spotify) not available in your country, making it appear that you are browsing from another part of the world. Keep in mind that you can still be outed by your VPN provider, so it’s important to choose one that respects your privacy. There are hundreds of VPN service providers to choose from, <a href="https://thatoneprivacysite.net/vpn-comparison-chart/" rel="noopener nofollow external noreferrer" target="_blank">That One Privacy Guy</a> maintains a detailed comparison chart of over a hundred VPN providers, with details on jurisdiction, price, ethics, logging policies, VPN protocols supported, and more. Out of these, the country that the VPN provider is based in is a key filter: you don’t want to choose a VPN service based out of the ‘<a href="https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/" rel="noopener nofollow external noreferrer" target="_blank">14 eyes</a>‘, as they are known to do mass surveillance.</p>
<h2 style="text-align: justify; "><b>Use TOR</b></h2>
<p style="text-align: justify; ">Tor, an acronym for ‘The Onion Router’, is a free app that lets you anonymise your online communication by directing a web browser’s traffic through a volunteer-run network of thousands of servers. It is funded by the US-based National Science Foundation, Mozilla, and Open Technology Fund, among others. Tor is <a href="https://www.torproject.org/download/download-easy.html.en" rel="noopener nofollow external noreferrer" target="_blank">available for download</a> on Windows, Mac, Linux, and Android.</p>
<p style="text-align: justify; "><img class="wp-image-12257 size-full" height="579" src="https://i0.wp.com/factordaily.com/wp-content/uploads/2017/12/tor-web-browser.jpg?resize=660%2C607&ssl=1" width="629" /></p>
<p style="text-align: justify; "><figure class="aligncenter wp-caption" id="attachment_12257">Browsing on Tor can be far slower than a regular web browser, but it keeps you anonymous.</figure></p>
<h2 style="text-align: justify; "><b>Encrypt your storage</b></h2>
<p style="text-align: justify; ">It’s now a default feature on your phone, or computer, so there’s no reason why you shouldn’t make use of it. To check if it is turned on in Windows 10, Go to Settings > System > About, and look for a “Device encryption” setting at the bottom of the About tab. Keep in mind that you need to sign into Windows with a Microsoft account <a href="http://www.independent.co.uk/news/edward-snowden-claims-microsoft-collaborated-with-nsa-and-fbi-to-allow-access-to-user-data-8705755.html" rel="noopener nofollow external noreferrer" target="_blank">to enable this setting</a>, so it’s likely that the NSA or FBI might be able to bypass it.</p>
<p style="text-align: justify; ">On a Mac, you turn on full-disk encryption through FileVault, accessible in > System Preferences > Security & Privacy.</p>
<p style="text-align: justify; ">On an iPhone, data protection is enabled once you set up a passcode on your device.</p>
<p style="text-align: justify; ">Android 5.0 and above devices support full-disk encryption. If it isn’t turned on by default on your device, you can turn on encryption under the Security menu.</p>
<p style="text-align: justify; ">Sensitive documents can also be encrypted using <a href="http://truecrypt.sourceforge.net" rel="noopener nofollow external noreferrer" target="_blank">TrueCrypt</a>. Though you must keep in mind that key disclosure laws apply in India, under the Section 69 of the <a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20(amendment).pdf" rel="noopener nofollow external noreferrer" target="_blank">Information Technology Act</a>, which states that there’s a seven-year prison sentence for failing to assist the central and state governments in decrypting information on a computer resource.</p>
<h2 style="text-align: justify; "><b>Use an air-gapped PC</b></h2>
<p style="text-align: justify; ">An air-gapped PC is one that is not connected to the internet or to any computers that are connected to the internet. Air-gapped PCs are typically used when handling critical infrastructure, and this is an extreme measure one can take when working with sensitive data that you don’t want to be leaked.</p>
<h2 style="text-align: justify; "><b>Use</b><a href="https://www.eff.org/https-everywhere" rel="noopener nofollow external noreferrer" target="_blank"> <b>HTTPS everywhere</b></a></h2>
<p style="text-align: justify; ">HTTPS Everywhere offers plugins for Firefox, Chrome, and Opera, and turns every link you open or key in, to a secure version of the HTTP protocol, which is encrypted by Transport Layer Security (TLS). The tool protects you from eavesdropping or tampering with the site you are visiting, but only works on sites that support HTTPS. Keep in mind that this tool won’t conceal the sites you have accessed from eavesdroppers but it won’t reveal the specific URL that you visited.</p>
<h2 style="text-align: justify; "><b>Turn on Advanced Protection in Gmail</b></h2>
<p style="text-align: justify; ">If you trust Gmail with your data, take the relationship to the next level with <a href="https://landing.google.com/advancedprotection/" rel="noopener nofollow external noreferrer" target="_blank">Advanced Protection</a>, which safeguards your account against phishing attacks, limits access to trusted apps, and adds extra verification features to block fraudulent account access. You will need a <a href="https://myaccount.google.com/advanced-protection/enroll/details?pli=1" rel="noopener nofollow external noreferrer" target="_blank">Bluetooth key and a USB key</a> to turn this feature on.</p>
<h2 style="text-align: justify; "><b>Some other don’ts</b></h2>
<ul style="text-align: justify; ">
<li>Don’t leave any cameras open. Tape them up if you are a potential surveillance target.</li>
<li>Don’t use freemium apps, which trade in your privacy. A recent example of a<a href="http://www.zdnet.com/article/popular-virtual-keyboard-leaks-31-million-user-data/" rel="noopener nofollow external noreferrer" target="_blank"> worst-case scenario</a>.</li>
<li>Don’t send any data via free email services that you would like to keep private.</li>
<li>Don’t use Google or Facebook, as Snowden says, if you value your privacy. Don’t take our <a href="https://techcrunch.com/2014/10/11/edward-snowden-new-yorker-festival/" rel="noopener nofollow external noreferrer" target="_blank">word for it</a>.</li>
</ul>
<p style="text-align: justify; ">As for Aadhaar, Thejesh says that there isn’t much one can do as it is forcibly linked to many essential services. He recommends using different email ids for official work and unofficial work. “Use one email ID for Aadhaar and mobile related accounts, and use the other one for regular communication. It separates the accounts from surveillance and adds a layer of security,” he says. “Don’t use Aadhaar until is necessary. If you use Aadhaar and you are not in a mood to resist everything, then don’t use it where it is not required. Don’t use it like a regular address proof,” he adds.</p>
<p style="text-align: justify; ">If you are already an Aadhaar holder, it makes sense to use the biometric locking system provided by UIDAI on <a href="https://resident.uidai.gov.in/biometric-lock" rel="noopener nofollow external noreferrer" target="_blank">its website</a> to protect against identity theft and unauthorised access. The biometric locking feature sends an OTP code to your registered mobile number to unlock or disable the locking system.</p>
<p style="text-align: justify; ">If someone is concerned about surveillance, CIS’s Prakash recommends not having a cell phone. “The cellphone is the single largest means of data gathering about you,” he says.</p>
<p style="text-align: justify; ">Surveillance can take many forms: it can be physical or off-the-air surveillance (an interception technique used to snoop on phone calls), he points out.</p>
<p style="text-align: justify; "><figure class="aligncenter wp-caption" id="attachment_12232"><img class="size-full wp-image-12232" height="415" src="https://i2.wp.com/factordaily.com/wp-content/uploads/2017/12/surveillance-cctv.jpg?resize=660%2C436&ssl=1" width="629" />A CCTV camera fitted on top of a Hyderabad Police vehicle</figure></p>
<p style="text-align: justify; ">Surveillance is not always bad: medical surveillance, for instance, an entire field around the spread of diseases, is necessary, Prakash clarifies. “Even state surveillance for national security purposes is absolutely necessary. A nation-state can’t survive without surveillance so I am quite clear that those who oppose all forms of surveillance are opposing all kinds of rights – because you can’t have rights without security. And indeed, individual security is a human right guaranteed under the Universal Declaration of Human Rights and guaranteed in Article 21 of the Indian Constitution. Without security of the person, you can’t have the right to freedom of speech, you can’t enjoy the right to privacy… If you’re in a state of war or in a state of terror, then you can’t enjoy rights – so clearly for me, surveillance is necessary,” he says.</p>
<p style="text-align: justify; ">That said, surveillance in India is highly problematic as the laws and the democratic framework for surveillance is very weak, and enforcement of that framework is even worse, Prakash adds. “One of the best ways of countering surveillance, I would suggest, is to actually demand a democratic framework for surveillance in India. Demand that your MLA and MP take up this issue at the state and central level… and that we have a democratic framework for both our intelligence agencies and for all the surveillance that is conducted by the state in India,” he says.</p>
<p style="text-align: justify; ">He calls everything else – “the technological stuff, using anonymising networks, end-to-end encryption” – a second order issue. “It can help you as an individual, but it doesn’t help us as a society.”</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/factor-daily-sriram-sharma-december-12-2017-paranoid-about-state-surveillance-here-s-the-fd-guide-to-living-in-the-age-of-snoops'>http://editors.cis-india.org/internet-governance/news/factor-daily-sriram-sharma-december-12-2017-paranoid-about-state-surveillance-here-s-the-fd-guide-to-living-in-the-age-of-snoops</a>
</p>
No publisherAdminInternet GovernanceSurveillance2017-12-16T13:38:46ZNews ItemWorkshop on 'Urban Data, Inequality and Justice in the Global South'
http://editors.cis-india.org/internet-governance/news/workshop-on-urban-data-inequality-and-justice-in-the-global-south
<b>Aayush Rathi and Ambika Tandon presented our research on video-based surveillance in New Delhi at a workshop on urban data, inequality, and justice in the global South at the University of Manchester on 14 June 2019.</b>
<p style="text-align: justify; ">The agenda for the workshop and the presentations made by CIS can be <a class="external-link" href="https://cis-india.org/raw/unpacking-video-based-surveillance-in-new-delhi-urban-data-justice">accessed here</a>. <span>The research was conducted as part of a grant from the University, as part of a project on justice in data systems within cities. It will bepublished as a working paper by the university in July-August.</span></p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/workshop-on-urban-data-inequality-and-justice-in-the-global-south'>http://editors.cis-india.org/internet-governance/news/workshop-on-urban-data-inequality-and-justice-in-the-global-south</a>
</p>
No publisherAdminSurveillanceInternet GovernancePrivacy2019-07-06T01:30:16ZNews Item