The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 961 to 975.
All India Privacy Symposium
http://editors.cis-india.org/internet-governance/privacy-symposium
<b>Privacy India in partnership with the International Development Research Centre, Canada, Society in Action Group, Gurgaon, Privacy International, UK and Commonwealth Human Rights Initiative is organizing the All India Privacy Symposium at the India International Centre, New Delhi on Saturday, February 4, 2012.</b>
<p>Since June 2010, Privacy India has been engaging in discussions with policy makers, the public and sectoral experts about privacy in India. The discussions have ranged from topics of identity and privacy, to minority rights and privacy, and consumer privacy. The findings of our research show that privacy was a neglected area of study for India in the past, however, this is changing. Advancements in technology, the introduction of e-governance initiatives like the National Fibre Optic Network, the introduction of new legislations, and debates surrounding national security, have brought privacy debates to the forefront in India. Although currently sectoral legislation deals with privacy issues, e.g., the Telegraph Act or RBI guidelines for banking, India has just begun to consider a horizontal legislation that deals comprehensively with privacy across all contexts. This conference is an opportunity to look forward to what could be the future scope of privacy in India.</p>
<p>Privacy India was set up in collaboration with the Centre for Internet and Society, Bangalore and Society in Action Group, Gurgaon, under the auspices of an international organization ‘Privacy International’. Privacy International is a non-profit group that provides assistance to civil society groups, governments, international and regional bodies, the media and the public in a number of countries. For more info, visit its <a class="external-link" href="https://www.privacyinternational.org/">website. <br /></a></p>
<p>This is a public meeting. For participation in the event, get in touch with Elonnai (<a class="external-link" href="mailto:elonnai@cis-india.org">elonnai@cis-india.org</a>)</p>
<h2>Symposium Advisors</h2>
<p>Sunil Abraham, Centre for Internet &Society (<a href="http://editors.cis-india.org/" class="external-link">www.cis-india.org</a>)<br />Rajan Gandhi, Society in Action Group<br />Phet Sayo, IDRC (<a class="external-link" href="http://www.idrc.org/">www.idrc.org</a>)<br />Gus Hosein, Privacy International (<a class="external-link" href="http://www.privacyinternational.org/">www.privacyinternational.org</a>)<br />
Sudhir Krishnaswamy, Centre for Law and Policy Research, Bangalore (<a class="external-link" href="http://www.clpr.org.in/">www.clpr.org.in</a>)<br />
Vickram Crishna, Privacy International (<a class="external-link" href="http://www.privacyinternational.org/">www.privacyinternational.org</a>)</p>
<h2>Agenda <strong><br /></strong></h2>
<table class="plain">
<tbody>
<tr>
<td>09:30- <br />10:00</td>
<td><strong>Registration</strong><br /></td>
</tr>
<tr>
<td>10:00- <br />10:15</td>
<td><strong>Welcome & Introduction to Privacy India</strong><br />Elonnai Hickok (Policy Advocate, Privacy India)<br /></td>
</tr>
<tr>
<td>10:15- <br />10:30</td>
<td><strong>Tea Break</strong><br /></td>
</tr>
<tr>
<td>10:30-<br />11:30 <br /></td>
<td><strong>Panel I: Privacy and Transparency</strong><br />Moderator: Sunil Abraham (Executive Director, Centre for Internet & Society)<br />Panelists: Prashant Bhushan (Senior Advocate, New Delhi), Simon Davies (Director General, Privacy International, UK), Ponnurangam K (Assistant Prof, IIIT New Delhi), Chitra Ahanthem (Journalist, Imphal), Aruna Roy (Social & Political Activist), Deepak Maheshwari (Director Corporate Affairs, Microsoft)<br />Poster:Srishti Goyal (Law Student)<br /></td>
</tr>
<tr>
<td>11:30- <br />12:30</td>
<td><strong>Panel II: Privacy and E-Governance Initiatives</strong><br />Moderator: Sudhir Krishnaswamy (Professor, Azim Premji University)<br />Panelists: Anant Maringanti (Independent Social Researcher), Usha Ramanathan (Advocate&Social Activist), Ram Sewak Sharma (Director General, UIDAI)*, Gus Hosein (Executive Director, Privacy International, UK), R K Singh (Union Home Secretary, New Delhi)*, Apar Gupta (Advocate, Supreme Court of India)<br />Poster: Adrija Das (Law Student)<br /></td>
</tr>
<tr>
<td>12:30- <br />13:30</td>
<td><strong>Lunch</strong></td>
</tr>
<tr>
<td>13:30- <br />14:30</td>
<td><strong>Panel III: Privacy and National Security</strong><br />Moderator: Justice A P Shah (Former Chief Justice, Delhi High Court)*<br />Panelists: Menaka Guruswamy (Advocate, Supreme Court, New Delhi), Amol Sharma (Journalist, Wall Street Journal)*, Saikat Datta (Journalist, DNA), Eric King (Human Rights and Technology Advisor, Privacy International, UK), Prasanth Sugathan (Legal Counsel, Software Freedom Law Center) and Oxblood Ruffin (Cult of the Dead Cow Security and Publishing Collective)<br />Poster: Suchithra Menon (Law Student)<br /></td>
</tr>
<tr>
<td>14:30- <br />15:30</td>
<td><strong>Panel IV: Privacy and Banking</strong><br />Moderator: Prashant Iyengar (Associate Professor, Jindal Law University)<br />Panelists: M R Umarji (Chief Legal Advisor, IBA), N A Vijayashankar (Cyber Law Expert), Sucheta Dalal (Managing Editor, MoneyLife Magazine)*, Malavika Jayaram (Advocate, Bangalore)<br />Poster: Malavika Chandu (Law Student)<br /></td>
</tr>
<tr>
<td>15:30- <br />15:45</td>
<td><strong>Tea Break</strong><br /></td>
</tr>
<tr>
<td>15:45- <br />16:45</td>
<td><strong>Panel V: Privacy and Health</strong><br />Moderator: Ashok Row Kavi (Journalist & LGBT Activist)<br />Panelists: K K Abraham (President, Indian Network for People with HIV), Shri Sayan Chatterjee (Secretary, National Aids Control Organization)*, Dr V M Katoch (Secretary, Department of Health Research)*, Dr B S Bedi (Advisor, CDAC & Media Lab Asia)<br />Poster: Danish Sheikh (Alternative Law Forum)<br /></td>
</tr>
<tr>
<td>16:45- <br />17:00</td>
<td><strong>The Way Forward</strong><br />Elonnai Hickok (Policy Advocate, Privacy India)<br /></td>
</tr>
</tbody>
</table>
<h2><strong>Bios of Speakers</strong></h2>
<h3>Usha Ramanathan<br /></h3>
<p>Usha Ramanathan is an internationally recognized expert on the jurisprudence of law, poverty and rights. She writes and speaks on leading issues like the Bhopal gas leak tragedy, mass displacement, civil liberties, criminal law, environment and the judicial process. She is involved in the UID project and has written and debated extensively on it. She is a member of Amnesty International's Advisory Panel on Economic, Social and Cultural Rights and has been called upon by the World Health Organisation as a expert on mental health on various occasions. Her writings can be found at <a class="external-link" href="http://www.ielrc.org/">http://www.ielrc.org/</a>.</p>
<h3>NA.Vijayashankar</h3>
<p>NA.Vijayashankar, more popularly known as Naavi, is a Techno Legal Information Security Consultant based in Bangalore, India. Naavi is a pioneer in the field of Cyber Law in India. He is the author of the first book (1999) and first E-Book (2003) on Cyber Laws in India. He has also authored a book titled “Cyber Laws, Corporate Mantra for the Digital Era”, “Cyber Laws Demystified” and “Cyber Laws for Engineers” as well as a book on Cyber Crimes in Kannada.<br /><br />Naavi is the founder of <a href="http://editors.cis-india.org/internet-governance/www.cyberlawcollege.com" class="external-link">www.cyberlawcollege.com</a> which is the pioneering virtual educational institution in India dedicated to Cyber Law Education. Cyber Law College presently conducts offline and virtual courses on Cyber Laws. It has conducted several courses in association with law colleges in Karnataka such as KLE Law College, Bangalore, JSS Law College, Mysore, SDM law college Mangalore and KLE Law College Hubli.<br /><br />Naavi is also the founder of <a href="http://editors.cis-india.org/internet-governance/www.cyberlawcollege.com" class="external-link">www.naavi.org</a> the premier Cyber Law Portal in India. Naavi has been engaged in the training of Police in Tamil Nadu and Karnataka and conducts several courses in Cyber Laws for different audiences. He has been a guest faculty in a number of institutions including NPA, IDRBT, DTRI, ISACA, NADT, LBS National Academy, Judicial Academies, NALSAR, etc., as well as several law, engineering and management institutions.<br /><br />Naavi has over three decades of senior Corporate executive experience behind him. He has been an ex-Banker and Consultant to several Companies in IT Services. He has conducted hundreds of training sessions to professionals of various disciplines such as bankers, lawyers, chartered accountants, engineers, software professionals, police and judicial officers through workshops and in-house training programmes in cyber laws, cyber crimes, information security and related areas.</p>
<h3>Chitra Ahanthem</h3>
<p>Chitra Ahanthem is a features writer with Imphal Free Press, published in Imphal, Manipur. She is also a freelance writer and researcher on issues around HIV/AIDS, child rights, conflict and gender.</p>
<h3>Baljit Singh Bedi <br /></h3>
<p>Baljit Singh Bedi did his B.Tech and M.Tech. from Indian Institute of Technology (IIT), Delhi. After serving for five years in the Centre for Applied Research in Electronics (CARE) IIT, Delhi he joined the Department of Information Technology (DIT), Ministry of Communication & IT (MCIT), Government of India. The major responsibilities and contributions over the years cover conceptualizing, evolving and implementation of a number of major schemes/programmes and projects in the field of electronics and IT applications with primary role in healthcare. He was instrumental in starting an integrated programme in promoting the area of Electronics, IT and Electronic Medical Records (EMR) Standards in Healthcare in India. As the head of Medical Electronics & Telemedicine division, he was looking after the activity of promotion of e-health & tele–health technology and R&D in medical electronics and launched a number of schemes in India. He was part of the National Task Force Telemedicine in India set up by the Ministry of Health & Family Welfare (MoH&FW), Government of India and headed the Group on Standards. He was a Member of National Knowledge Commission’s Working Group on India-Health Information Network Development (I-HIND) and is part of the Advisory Group for follow-up implementation program under the consideration of MoH&FW. He is actively involved in policy, development and deployment programmes of IT in Health initiatives of DIT, MoH&FW, and Media Lab Asia. He is a member of the National Committee set up by MoH&FW for EMR Standardization and Heading its Task Group on Interoperability. He is also International Telecommunication Union (ITU) Expert for e-Health Standardization. He is Executive Member of Indian Association of Medical Informatics (IAMI) and President, Telemedicine Society of India (TSI). At present, he is an Adviser to the Centre for Development of Advanced Computing (CDAC), Scientific Society of MCIT, Government of India. </p>
<h3>Deepak Maheshwari <br /></h3>
<p>Deepak Maheshwari is Director – Corporate Affairs with Microsoft in India and responsible for interactions with the policymakers & regulators as well as with industry associations & the civil society organizations. An active participant and a keen observer of the interplay between technological innovation and socio-economic development, he has been closely associated with <strong>development & evolution of Information & Communication Technology policy</strong>, <strong>law & regulation</strong> for more than a decade and is often invited as a speaker and a contributor of articles & opinions in the media.<br /> <br />He has been active in several trade associations and served as committee chair & co-chair. He served for two consecutive terms as the elected secretary in the <strong>ISP Association of India</strong> and co-founded <strong>National Internet eXchange of India (NIXI)</strong> as well as the <strong>ITU-APT Foundation of India</strong>. He is also a member on the academic board of the <strong>IIM Ahmedabad- IDEA Telecom Centre of Excellence</strong>. <br /> <br />At times mistaken as a lawyer, he was actually awarded degree in engineering by one of India’s leading technical institute<strong> IT-BHU</strong>. His professional experience of more than 2 decades spans functional responsibilities across sales, marketing, operations and last but not the least, corporate affairs.</p>
<p><strong>*Participants to be confirmed</strong></p>
<ul><li><a href="http://editors.cis-india.org/internet-governance/privacy-symposium.pdf" class="internal-link" title="Symposium"></a><a href="http://editors.cis-india.org/internet-governance/all-india-privacy-symposium.pdf" class="internal-link" title="All India Privacy Symposium">Download the poster here</a><br /></li><li><a href="http://editors.cis-india.org/internet-governance/privacy-symposium.pdf" class="internal-link" title="Symposium">Download the agenda here</a><strong> </strong>(PDF, 755 KB)</li></ul>
<p> </p>
<p><strong>VIDEOS</strong></p>
<iframe src="http://blip.tv/play/AYLs7gcA.html?p=1" frameborder="0" height="250" width="250"></iframe><embed style="display:none" src="http://a.blip.tv/api.swf#AYLs7gcA" type="application/x-shockwave-flash"></embed>
<iframe src="http://blip.tv/play/AYLtgXAA.html?p=1" frameborder="0" height="250" width="250"></iframe><embed style="display:none" src="http://a.blip.tv/api.swf#AYLtgXAA" type="application/x-shockwave-flash"></embed>
<iframe src="http://blip.tv/play/AYLtgz4A.html?p=1" frameborder="0" height="250" width="250"></iframe><embed style="display:none" src="http://a.blip.tv/api.swf#AYLtgz4A" type="application/x-shockwave-flash"></embed>
<iframe src="http://blip.tv/play/AYLtrUIA.html?p=1" frameborder="0" height="250" width="250"></iframe><embed style="display:none" src="http://a.blip.tv/api.swf#AYLtrUIA" type="application/x-shockwave-flash"></embed>
<iframe src="http://blip.tv/play/AYLtrl4A.html?p=1" frameborder="0" height="250" width="250"></iframe><embed style="display:none" src="http://a.blip.tv/api.swf#AYLtrl4A" type="application/x-shockwave-flash"></embed>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/privacy-symposium'>http://editors.cis-india.org/internet-governance/privacy-symposium</a>
</p>
No publisherpraskrishnaConferenceEvent TypeInternet GovernancePrivacy2012-02-27T11:08:32ZEventComment by CIS at ACE on Presentation on French Charter on the Fight against Cyber-Counterfeiting
http://editors.cis-india.org/a2k/blogs/ace-7-french-charter-cis-comment
<b>The seventh session of the World Intellectual Property Organization's Advisory Committee on Enforcement is being held in Geneva on November 30 and December 1, 2011. Pranesh Prakash responded to a presentation by Prof. Pierre Sirinelli of the École de droit de la Sorbonne, Université Paris 1 on 'The French Charter on the Fight against Cyber-Counterfeiting of December 16, 2009' with this comment.</b>
<p> </p>
<p>Thank you, Chair. I speak on behalf of the Centre for Internet and Society. First, I would like to congratulate you on your re-election.<br /><br />And I would like to congratulate Prof. Sirenelli on his excellent presentation.<br /><br />I would like to flag a few points, though:</p>
<ol><li>One of the benefits of normal laws, as opposed to the soft/plastic laws, which he champions, is that normal laws are bound by procedures established by law, due process requirements, and principles of natural justice. Unfortunately, the soft/plastic laws, which in essence are private agreements, are not.</li><li>The report of the UN Special Rapporteur on the Freedom of Expression and Opinion made it clear in his report to the UN Human Rights Council that the Internet is now an intergral part of citizens exercising their right of freedom of speech under national constitutions and under the Universal Declaration of Human Rights. That report highlights that many initiatives on copyright infringement, including that of the French government with HADOPI and the UK, actually contravene the Universal Declaration of Human Rights</li><li>The right of privacy is also flagged by many as something that will have to be compromised if such private enforcement of copyright is encouraged.<br /></li></ol>
<p>I'd like to know Prof. Sirinelli's views on these three issues: due process, right of freedom of speech, and the right to privacy.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/a2k/blogs/ace-7-french-charter-cis-comment'>http://editors.cis-india.org/a2k/blogs/ace-7-french-charter-cis-comment</a>
</p>
No publisherpraneshAccess to KnowledgeCopyrightPrivacyFreedom of Speech and ExpressionIntellectual Property RightsPiracyCensorshipWIPO2011-12-01T11:59:45ZBlog EntryIs Facebook tracking your virtual footprints?
http://editors.cis-india.org/news/facebook-tracking-footprints
<b>Social media experts claim number of cases of privacy violations against the site has increased in past few months; Facebook rubbishes the allegations. This article by Sheetal Sukhija was published in MidDay on 22 November 2011.</b>
<p>If you thought your online footprints would be erased by merely clicking on the 'delete web history' option and no one would ever know about your virtual movements, think again.</p>
<p>For, some popular social networking sites have been accused of tracking their users' movements on the Internet even when they log out from the sites.</p>
<p>According to reports in the international media, Facebook, the virtual face of around 80 crore people across the globe, is battling a series of legal cases for alleged violating users' privacy worldwide.<br /><br />While the social media giant has categorically said that they have not misused any user data, internet experts have dubbed the website 'the big brother of new media'.<br /><br />"Many users claim that when they log onto their accounts, Facebook automatically installs a cookie onto a user's browser, which keeps tracking their movement on the internet.<br /> <br />We believe that Facebook might be using this just to boost their marketing and not to sell this data to any third party," said Sunil Abraham, Executive Director, Centre For Internet and Society.<br /><br />Experts also believe that using such strategies have now made Facebook the world leader when it comes to credible demographic information.<br /> <br />"Facebook has achieved the status of possessing the most accurate demographic information. It is a credible source to understand consumer habits of a single unique user and even user groups. However, using such information is surely a violation of privacy," he added.<br /> <br />Former member of NASSCOM, Pratap Reddy, believes that often people ignore the 'fine print' or the agreement page while creating an account on a social networking site or elsewhere on the net. "When users sign up on these social networking websites, they often ignore the fine print.<br /><br />When legal cases come up, companies often defend their stance by saying that their agreement page (or privacy policy page) mentioned all such things and make up a leeway for themselves," argued Reddy.<br /><br />He added, "This is surely a violation, but there is also a positive side to this. Such websites are only trying to facilitate users better, based on their past web history. This helps them put you onto people/issues/topics that you have previously searched - like a mediator," added Reddy.</p>
<p><strong>All about marketing?</strong><br />Experts argued that this is not for the first time a website is being sued for such an act. In the past, Google, Adobe, Microsoft, Yahoo and other online advertising agencies too have been criticised for using such controversial tracking cookie technology.<br /><br />According to reports, users from across the world have been taking legal recourse after pointing out that Facebook used cookie technology to track their virtual movements even after they have logged out of the social networking site.<br /> <br />Australian blogger Nik Cubrilovic is the latest user to join the growing list of people suing the website for violating federal wiretap laws, reported a UK-based tabloid.<br /><br /><strong>The other side</strong><br />Defending their stance, Facebook argued in its official statement that they are not tracking users across the web.<br /><br />Facebook's official stance: Facebook does not track users across the web. Instead, we use cookies on social plugins to personalise content, to help maintain and improve what we do, or for safety and security.<br /> <br />No information we receive when you see a social plugins is used to target ads, we delete or anonymise this information within 90 days, and we never sell your information.<br /><br />Specific to logged out cookies, they are used for safety and protection. They are used for identifying spammers and phishers, detecting when somebody unauthorised is trying to access your account, helping you get back into your account if you get hacked, disabling registration for a under-age users who try to re-register with a different birth date, powering account security features such as 2nd factor login approvals and notification and identifying shared computers to discourage the use of 'keep me logged in'.<br /><br /><strong>Security tips</strong><br />Internet security software experts suggest that installing strong anti-virus software would be the first step towards protecting your privacy. <br /><br /><strong>Installing an anti-virus software </strong><br />Every such software has a social network control option that prompts users when any unsolicited cookie is installed. By using this option, a user holds the right to refuse such installations.</p>
<p>Read the original article published in MidDay <a class="external-link" href="http://www.mid-day.com/news/2011/nov/221111-Is-Facebook-tracking-your-virtual-footprints.htm">here</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/facebook-tracking-footprints'>http://editors.cis-india.org/news/facebook-tracking-footprints</a>
</p>
No publisherpraskrishnaInternet GovernancePrivacy2011-11-24T03:02:00ZNews ItemThe 2nd IJLT-CIS Lecture Series — A Post-event Report
http://editors.cis-india.org/internet-governance/ijlt-cis-lecture-series-report
<b>The Indian Journal of Law and Technology (IJLT) and the Centre for Internet and Society (CIS), organised the 2nd IJLT-CIS Lecture Series on the 21st and 22nd of May 2011 at the National Law School of India University, Nagarbhavi, Bangalore. The main theme for this year was Emerging Issues in Privacy Law: Law, Policy and Practice.</b>
<h3>Speakers and Topics</h3>
<p>Spread over two days, the National Law School hosted six speakers who held forth on the different aspects of privacy law, speaking from perspectives that were grounded in theory and actual practice and some that were India-centric while others applied equally to any jurisdiction.<br /><br /><strong>Vivek Durai</strong>, Partner, Atman Law Partners, addressed the gathering and gave the general introduction to the need for a discussion relating to privacy and the law. He spoke of technology and certain current events, including technological advances, have made privacy an issue with which serious engagement of the law has become imperative. <br /><br /><strong>Usha Ramanathan</strong>, an independent law researcher, spoke of the Unique Identity Project (Aadhar) launched by the Government of India and its implications on the privacy and data relating to the citizens. Ms. Ramanathan was critical of the Government’s plans on the basis that an ill-planned and executed project that sought to collect data such as this could provide easy fodder for data-mining. The latest 2011 rules that outline the relationship between the citizen and the state and the extent of privacy the citizen has in respect of this relationship.<br /><br /><strong>Hamish Fraser</strong>, a leading Australian practitioner in the field of technology law, addressed the gathering via video conference and spoke about cloud computing and privacy of parties using such facilities. He highlighted how technology such as cloud computing where the storage of data is almost fully virtual, with only the weakest of links to any physical storage space, were being increasingly widely used. He helped provide a practitioners perspective to the lecture as well by discussing how companies and individuals seeking to utilise cloud computing facilities, particularly for business purposes, must check for some essential legal provisions that would allow them to retain control over their data and prevent their data from being misappropriated by the provider of the virtual storage space in the cloud. He briefly also discussed the draft Australian privacy legislation.<br /><br /><strong>Sean Blagsvedt</strong>, founder of Baba Jobs, discussed the interplay between privacy and transparency and argued convincingly that under certain circumstances, transparency holds greater value than blind protection of privacy. He spoke of his experience in setting up Baba Jobs that seeks to act as a job portal-cum-social networking site for persons providing essential services such as plumbers, electricians, carpenters, house painters, etc. Rather than seeking to strictly protect the details and identity of these persons, Blagsvedt found that one of the most important factors for future employers while considering hiring such service personnel were the details of their previous assignments and testimonials from previous employers – the transparency that Baba Jobs offered became its USP. Blagsvedt talked of how a misplaced over-emphasis on privacy could often lead to greater detriments than benefits and prevent trust due to a lack of information. He concluded by predicting that as people increasingly shifted social and commercial transactions to the online world, the demands for privacy online would soon be offset by demands for greater transparency. <br /><br /><strong>Sudhir Krishnaswamy</strong>, Professor of Law at the Azim Premji University, Bangalore delivered a lecture on the state and privacy in India illustrating the development of the law on the matter. He also discussed about the balance that needs to be struck between the individual’s requirement for privacy and the state’s desire for secrecy. He also spoke about two manners in which to conceptualise privacy — recognising privacy as an inherent right that may be at times restricted to a certain extent, vis-a-vis seeing privacy as a right that the state grants to a citizen.</p>
<p><strong>Abhayraj Naik</strong>, Assistant Professor, Jindal Global Law School, Sonepat, gave a lecture on informational privacy in comparative contexts. The discussion centred on information surveillance in different jurisdictions and how the values attached to the attribution of information reflects in the laws relating to privacy in those different jurisdictions. His approach included mathematical modelling of information attribution and provided an interdisciplinary approach.</p>
<h3>Participation</h3>
<p>The lecture series saw registration from over 50 people, including students from law schools all over the country, practitioners, and even educators. Since the lectures were streamed live online, and this was only the second event in NLS to use this facility apart from the Annual Convocation, many more people listened to the lectures online. The lectures were available online for a period of one week after the conclusion of the lecture series.</p>
<h2>IJLT-CIS Lecture Series 2011 Registration</h2>
<p>The following people participated in the event:</p>
<p>Adithya Banavar, Akanksha Arora, Anand VJ, Aniket Singhania, Ankit
Verma, Anupama Kumar, Aparna Gokhale, Arjun Krishnamoorthy, Arjun
Sharma, Arun Menon, Asif Ayaz, B. N. Vivek, Batool, Chirag Tanna,
Deepakar Livingston.P., Deepthi R, Dheer Bhatnagar, Dinesh Subramany,
Esha Goel, Gopalakrishnan R., J Suresh, Jamshed Ansari, Kanti Jadia,
Khadeeja Nadeem, Khumtiya Debbarma, Mani Bhushan, Manish, Nayan Jain,
Neha Baglani, Panduranga Acharya, Partha Chakravarty, Parul Bali,
Prashanth Ramdas, Prateek Rath, Preyanka Sapru, Prianca Ravichander,
Priytosh Singh, Purushotham.G, Ralph A, Ruhi Chanda, S. Badrinath, S.
Bhushan, S. K. Mohanty, Sahana Manjesh, Sanjana Chappalli, Santosh
Dindima, Shalini Iyengar, Shalini S, Sibani Saxena, Spoorthy M. S.,
Tarang Shashishekar, Tarun Kovvali, Tejaswini Rajkumar, Vaishali Kant,
and Y. Shiva Santosh Kumar.</p>
<p>See the <a href="http://editors.cis-india.org/internet-governance/letter-of-agreement.pdf" class="internal-link" title="Letter of Agreement">Letter of Agreement</a> [PDF, 1 MB]</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/ijlt-cis-lecture-series-report'>http://editors.cis-india.org/internet-governance/ijlt-cis-lecture-series-report</a>
</p>
No publisherpraskrishnaInternet GovernancePrivacy2011-11-17T10:25:56ZBlog EntryPrivacy & Sexual Minorities
http://editors.cis-india.org/internet-governance/privacy-sexual-minorities
<b>Danish Sheikh examines the status of sexual minorities in the light of privacy framework in India. Culling out some real life examples based on various studies, media reports and judgments from the Supreme Court and the High Courts of Delhi and Allahabad, the research brings to light the privacy violations being committed by both individuals as well as state authorities. The research concludes by saying that privacy doesn’t necessarily encompass a one-size-fits-all approach, and can raise as many questions as it answers.</b>
<h2 style="text-align: justify; ">Defining Privacy</h2>
<p style="text-align: justify; ">In examining the status of sexual minorities vis-à-vis the privacy framework in India, this research takes into account a definition of privacy that encompasses protection against physical interference with a person and their property as well as the state of being free from intrusion in one’s private life or affairs.<a href="#fn1" name="fr1">[1]</a> This involves an understanding of privacy violations being committed by both an individual as well as the State. On the one hand is the extent to which a private individual is entitled to personal information about another individual and on the other is the extent to which government authorities can intrude into the private life of a citizen to keep watch over his or her movements or exercise control over personal choices.<a href="#fn2" name="fr2">[2]</a></p>
<p style="text-align: justify; ">No mention of sexuality and privacy in India can stand without a nod to Section 377 of the Indian Penal Code (IPC). In 1860, with the institution of the IPC by Lord Macaulay, section 377 criminalized homosexuality by putting forth that, "carnal intercourse against the order of nature"<a href="#fn3" name="fr3">[3]</a> was to be punishable by law. While this archaic law stands even today, it was read down significantly in a landmark Delhi High Court judgment in 2009<a href="#fn4" name="fr4">[4]</a> which will be referred to later. As stated in an open letter by Vikram Seth and a host of others and endorsed by Amartya Sen, the law has been used to "systematically arrest, prosecute, terrorize and blackmail sexual minorities. It has spawned public intolerance and abuse, forcing tens of millions of gay and bisexual men and women to live in fear and secrecy at tragic cost to themselves and their families."<a href="#fn5" name="fr5">[5]</a> When understood in its conception as non-interference by the State, as the right to be left alone,<a href="#fn6" name="fr6">[6]</a> privacy isn’t necessarily an empowering right for lesbian, gay, bisexual and transgender (LGBT) persons. For one, the claim to privacy when it comes to same-sex acts tends to get construed as a claim for secrecy: it is to carry out purportedly "clandestine" acts that the sexual minority community wants refuge from the State. The same strategy can further backfire when claims for heightened scrutiny might in fact be requested, such as in discrimination actions.<a href="#fn7" name="fr7">[7]</a> A zonal understanding of privacy also subverts the fact that many instances of expression of identity happen in the public sphere.<a href="#fn8" name="fr8">[8]</a></p>
<p style="text-align: justify; ">For a while, privacy jurisprudence hinged on this idea of privacy as a negative right by disallowing infringement of a person’s right to a private life by the State. This understanding may be located in an international regime which has for a while insisted on dividing civil and political rights at one side, and social and economic rights on the other. With this split, what was institutionalized was the idea that civil and political rights were as such "negative" rights, while social and economic rights were "positive" in their content. In effect, the presumption that stood was that while states needed to expand resources to uphold social and economic rights, no such correlative obligation required observance in respect of civil and political rights.<a href="#fn9" name="fr9">[9]</a> Recent human rights conventions such as the Convention on the Rights of Persons with Disabilities acknowledge the flaw in this understanding, based on the reasoning that both civil and political rights and social and economic rights give rise to positive and negative duties.<a href="#fn10" name="fr10">[10]</a> The Naz Foundation<a href="#fn11" name="fr11">[11]</a> judgment propels the understanding of privacy as a positive right. It’s easy enough to split the analysis in this study neatly with the judgment which, in the course of declaring unconstitutional the aforementioned IPC provision, discussed at length the right to privacy, exploring it as a function of dignity. To divide what the Delhi High Court said about the right into three parts — first, they discussed privacy as dealing with persons and not places,<a href="#fn12" name="fr12">[12]</a> implying that the right to privacy is not only a claim to space from state intervention but that it protects the autonomy of the private will and a person’s freedom of choice and action, second, they tied it in with dignity and connected it with the value and worth of all individuals,<a href="#fn13" name="fr13">[13]</a> and third, they talked of the right to privacy as being based on one’s autonomous identity. In the context of privacy, this means that it is "the inner sanctum of the person such as his/her family life, sexual preference and home environment which is shielded from erosion by conflicting rights of the community."</p>
<p style="text-align: justify; ">While there will be a bit of a before-Naz/after-Naz tint to the analysis, it is important to appreciate that the nature of privacy discourse when it comes to sexual minorities remains somewhat murky even after the grand affirmation that the judgment provided. A large part of this of course is concerned with society struggling to catch up with the developments in the law.</p>
<p style="text-align: justify; ">Before moving on to the next chapter, I’ll unpack the term "sexual minority" to delineate the different communities that will feature in the course of this paper, whilst also attempting to renegotiate the idea of privacy contextually. Using Arvind Narrain’s seminal monograph Queer as a template,<a href="#fn14" name="fr14">[14]</a> the term gay will be employed to describe a man who is attracted to another man emotionally, sexually or physically; a lesbian woman is attracted to women emotionally, sexually or romantically; while someone who is bisexual maintains that attraction towards members of both sexes. A transgender person assumes the gender identity of the opposite sex; within Indian discourse they are called as <i>hijras</i>, constituted of a transgender person who is biologically male and takes on the gender role of a female. The <i>hijra</i> community in India maintains a unique form of social organization within its parallel society. We then have the term "eunuch", used in a more derogatory fashion, which medically refers to a castrated male, and is sometimes employed in India to refer to the <i>hijras</i>. Another South Asian constructed identity is that of the <i>kothi</i> — a male homosexual who is feminized and takes a passive/receptive role in sex.</p>
<p style="text-align: justify; ">The next section of this study will look at a string of privacy concerns of sexual minorities in India as sourced from various studies and media reports. The analysis pauses at the interplay of rights surrounding the transgender community in particular: how do issues of recognition of their particular category impact members of the community? The subsequent section jumps past the timeline of the Naz Foundation judgment to understand the kind of changes – if at all – that the high court’s words have effected when it comes to this idea of privacy.</p>
<h2 style="text-align: justify; ">Privacy Rights and Wrongs</h2>
<p style="text-align: justify; ">The incidents highlighted in this chapter took place before the Delhi High Court altered the way we conceived of queer rights in general and privacy in particular. Two issues permeate this analysis: one, the notion of criminality hovering above queer identity, and two, the somewhat one-dimensional idea of privacy that existed then. A third, more complex issue in the context of the <i>hijra</i> community becomes the idea that one conception of privacy may not always be the most empowering for a community, and the subsequent negotiations that have to be made in that sphere.</p>
<h3 style="text-align: justify; "><b>Entrapment: The Lucknow Incidents</b></h3>
<p style="text-align: justify; ">In July of 2001, a set of raids: first on a public park frequented by the men who have sex with men (MSM)<a href="#fn15" name="fr15">[15]</a> community, and next on the offices of two NGOs working on safe sex issues led to the arrests of ten people. The operation was conducted on the basis of an FIR filed with a Lucknow police station wherein it was alleged that a certain Suresh had sodomized the complainant. Notable in the incident was the climate of homophobia stoked by the media which indulged in sensationalizing headlines,<a href="#fn16" name="fr16">[16]</a> with the magistrate concerned further refusing bail to the men. In denial of bail, instead of siding with the relevant law, the magistrate clearly proceeded on the basis of his perceptions regarding homosexuality: "they…are polluting the entire society by encouraging the young persons and abetting them for committing the offence of sodomy."<a href="#fn17" name="fr17">[17]</a></p>
<p style="text-align: justify; ">If we were to extend the Supreme Court’s reasoning in the catena of surveillance cases vis-a-vis privacy starting from <i>Kharak Singh v. State of U.P.</i>, <a href="#fn18" name="fr18">[18]</a> it is clear that the NGO members’ right to privacy was violated by the way of unwarranted search and seizure operations carried out by the police. As the court said in <i>Govind v. State of M.P.,</i><a href="#fn19" name="fr19">[19]</a> domiciliary visits and picketing by the police should be reduced to the clearest cases of danger to community security. While the judges were referring to matters relating to follow-up from a conviction/release from prison, it seems evident that a higher standard should be given to cases where such prior conviction itself hasn’t taken place.</p>
<p style="text-align: justify; ">As for the accused, Narrain notes how the response of the State and media ended up harming them, regardless of the final judicial decision. <a href="#fn20" name="fr20">[20]</a> The public hearings meant that in Lucknow, their sexual identities became public, with a definite impact on their future prospects and present perceptions. The question, as Narrain poses, is the issue of the suitability of the courts to protect the rights of people who are still in the closet. If approaching the courts means compulsory 'outing' with all its attendant negative outcomes, how does one articulate the rights of such a minority?<a href="#fn21" name="fr21">[21]</a></p>
<p style="text-align: justify; ">There are thus three major facets of privacy violation here: the police’s lawlessness resulting in the primary intrusion; the media’s sensationalization which harshly exposed the accused to the public glare; and finally, the magistrate’s bias which legitimized these privacy violations.</p>
<p style="text-align: justify; ">Yet another set of arrests took place in the city, this time in 2006, with the police in Lucknow arresting four men under section 377 for allegedly having sex in a public park. News reports revealed pictures of all the four men with their names and home addresses.<a href="#fn22" name="fr22">[22]</a></p>
<p style="text-align: justify; ">The first information report (FIR) here contradicted the investigation of a fact finding team of activists and lawyers: it emerged that none of the men were actually involved having public sex, with the story by the police being a completely fabricated one. It turned out that one of the men had been arrested by the police on their knowledge about his homosexuality, following which his contacts were tapped to stage an entrapment of the other three men.<a href="#fn23" name="fr23">[23]</a></p>
<p style="text-align: justify; ">This notion of raiding homosexual gatherings was taken to its extreme by a police raid on a gay party in the outskirts of Mumbai in 2008, in the course of which six persons were detained. "…. neither was he able to give a satisfactory explanation for organizing the party," said the API on questioning the event organizer.<a href="#fn24" name="fr24">[24]</a></p>
<p style="text-align: justify; ">In these instances of interplay between criminal procedure, media ethics and judicial process, it is worth questioning whether general reforms in those areas will positively affect privacy rights of sexual minorities in particular. Unwarranted searches and arrests are barely an uncommon occurrence in the country, neither is the fact of accounts of people’s sexual behaviour finding themselves very publicly outed in the media, and nor, again, are accounts of judges overlooking police excesses rare. It’s a bit difficult to make an exact value judgment over what kinds of privacy violations is more damning, in a society that takes its sexual mores quite seriously, be they with regard to hetero or homosexual sex. More than anything though, that just makes the need for across the board reforms in these areas more urgent, and sharpens the kind of alliances across communities that would be required to effect change. Of course, this kind of advocacy can only happen in an atmosphere where homosexuality continues to be decriminalized – the fate of the Naz Foundation appeal before the Supreme Court is of paramount importance.</p>
<h3 style="text-align: justify; "><b>Gender Identity and Transgender Issues</b></h3>
<p style="text-align: justify; ">A survey of the situation regarding the transgender community in India throws up a fascinating picture of instances where seemingly positive sounding regulation doesn't always serve its intended effects – when such "positive sounding" regulation does happen at all. To start with, there is the question of the status of the transgender community in India itself – a PUCL report<a href="#fn25" name="fr25">[25]</a> notably documented, and numerous reports and articles<a href="#fn26" name="fr26">[26]</a> have affirmed, the reality of the transgender community today as one of harassment, abuse, and sexual violence. These accounts reveal a deep-rooted fear inculcated by mainstream society of sexual and gender non-conformity, which manifests itself in the refusal of basic citizenship rights to these communities.</p>
<p style="text-align: justify; ">The PUCL report gives a detailed account of harassment by the police in public places, at home, in police stations, and instances of entrapment similar to the Lucknow cases. Instead of reiterating that aspect which would simply involve repeating the above analysis, this section will look into other gender-specific issues that arise with respect to the community and the multiple questions these give rise to:</p>
<p style="text-align: justify; "><b>Transgender Toilets</b></p>
<p style="text-align: justify; ">The first example relates to efforts by the Chennai Municipal Corporation to build toilets specifically for the transgender population,<a href="#fn27" name="fr27">[27]</a> in a move stated as being part of a pilot project to recognize the considerable community in South and Central Chennai. Each lavatory in these toilets was to contain male, as well as female urinals. In the words of the municipal commissioner, the scheme was aimed at "extending recognition to the community and mainstreaming them", and more facilities could be built if the public responded well to the idea.</p>
<p style="text-align: justify; ">The reaction from the community was mixed at best: sure, it was regarded as a positive move to the extent that not every person who identified themselves as transgender had undergone sex change; simultaneously, the city saw one section of the community fearing the move as a step towards discrimination and isolation. "I don’t agree with this. We want to mingle with the mainstream. We don’t want to be separated like this," said Aasha Bharati, president of the Aravanigal Association. The idea of privacy here is at odds with something else the community is striving for: inclusion. The fear then was of one kind of recognition trumping another. What would a policy maker then privilege? Would this possibly be a better short-term move, as we move towards a future understanding of not being disabled by difference, or would the ideal of privacy trump even that?</p>
<p style="text-align: justify; ">The way this issue has played out in the Indian context stands in interesting contrast to cases in America. A bill in Maine which would allow restroom owners in business establishments and institutions from mandating what gender persons would use what washroom was met with sharp opposition from the transgender community on claims of dignity and privacy.<a href="#fn28" name="fr28">[28]</a> For a person who, say, externally had strongly masculine features, but identified as a woman, two options existed: either break the law and walk discreetly into the male compartment – or risk the outrage of other women as she walked into their compartment and was faced with their indignation of having a "man" use their toilet. In such an instance, there stand two rival conceptions of privacy: one in which respecting privacy would, somewhat ironically, stand as a transgender person’s right to assert their distinct identity in public without fear, versus a conception of privacy as anonymity – their right not to be compelled to make a political statement in the course of going about their daily lives.</p>
<p style="text-align: justify; ">Now that kind of issue wouldn’t come up in the Indian context for a large section of the transgender community simply owing to the hyper-visibility of the <i>hijras</i>. For all its contemporary stigmatization, the <i>hijra</i> community is a discernible one in public with an acknowledged history. <i>Hijras</i> have won elections in India, and are very much an acknowledged part of public space.<a href="#fn29" name="fr29">[29]</a> To that extent, privacy isn’t quite the overriding concern here in the way that it might be in the West – one might even say that the lack of such a conception can in this particular case be somewhat empowering.</p>
<p style="text-align: justify; "><b>Passport Forms</b></p>
<p style="text-align: justify; ">The next example concerns gender-sensitivity when it comes to passport forms.<a href="#fn30" name="fr30">[30]</a> The Ministry of External Affairs moved to allow for the option of entering a person's sex as "E" instead of either "M" or "F", the "E" then standing for "Eunuch". At the time of introduction of this category there was a degree of ambivalence: it was not available on the form itself, instead being listed as an option only in the rules. As activists noted however, it was a victory in the sense of being the first official recognition of the community. The particular category of recognition was problematic: for one the term "eunuch" would only reasonably represent one part of the transgender population; for another, large sections of the community would consider that term insulting. The government subsequently made an ameliorative measure by changing the category to "Other".<a href="#fn31" name="fr31">[31]</a> Again, the logical privacy question that would arise here would be regarding one's desire to be identified as transgendered in the first place. Similar to the toilets example, the issue would play out differently in India in many cases, given the hyper-visibility of the <i>hijra</i> community which provides an instant marker for a <i>hijra</i>, and subsequently ensures that there isn’t really a privacy violation when it comes to such kind of identification.</p>
<p style="text-align: justify; ">Of course, this declaration of otherness leads to issues for someone uncomfortable with disclosing transgender identity as such, and wanting to perform maleness or femaleness specifically. Would marking either the "M" or "F" column be considered an illegality?</p>
<p style="text-align: justify; "><b>Recognition – and Resolving Privacy</b></p>
<p style="text-align: justify; ">Where official recognition is clearly ameliorative, it doesn't always stay. Following years of struggle, the community was given recognition in Andhra Pradesh under the Minorities Welfare Department. It was short-lived, however: protests by religious minority groups forced the government to go back on its decision.<a href="#fn32" name="fr32">[32]</a> The kind of privacy violations that the <i>hijra</i> community suffers in India are thus in stark contrast to the kinds suffered by members of the gay and lesbian community: where one side deals with its invisibility, the other contends with the problems of its hyper-visibility. <i>Hijras</i> walk about as constant targets of police intrusion. A gay man or lesbian woman wouldn’t necessarily face those issues at the same level, except in instances where public sex is involved. The exceptions to even that are incidents of entrapment such as the Lucknow case, but it is evident that it is the <i>hijra</i> community which deals with such police action much more than the others. What is also uniquely empowering for the community is this very aspect of their identity, this ever-present identification. The kind of fears of disclosure and blackmail that someone who fears outing might face fizzle out in the case of the <i>hijras</i>.</p>
<p style="text-align: justify; ">The discourse gets complicated when you take up the identities of non-<i>hijra</i> transgendered persons: there are the female-to-male transgendered identities of Thirunambigal in Tamil Nadu, Magaraidu in Andhra Pradesh and Gandabasaka in Karnataka – as well as male to female identities such as the Jogappas in Northern Karnataka, and Jogathas in Andhra Pradesh.<a href="#fn33" name="fr33">[33]</a> The idea of hyper-visibility which is so crucial to locating a sense of empowerment for the <i>hijra</i> community in their lack of loss of privacy disappears here. The discussion here then springs back to the U.S. example of transgender toilets, and the complications that arise when external identity doesn’t necessarily match the internal one.</p>
<p style="text-align: justify; "><b>The Medical Establishment</b><a href="#fn34" name="fr34">[34]</a></p>
<p style="text-align: justify; ">Relevant to this section of the study is the understanding of privacy under the ambit of autonomy. Referring to Naz Foundation, instead of using liberty to describe and support privacy as under Article 21 of the Constitution of India, the court refers to autonomy holding that "exercise of autonomy enables an individual to attain fulfillment, grow in self-esteem and form relationships of his or her choice and fulfill all legitimate goals that he/she may set."<a href="#fn35" name="fr35">[35]</a>;</p>
<p style="text-align: justify; ">The medical establishment in India constantly undermines that autonomy by its treatment of homosexuality as a disease, and of LGBT persons as "others". LGBTs in India have often been detained in clinics against their will and subjected to treatment including shock therapy aimed at curing them.<a href="#fn36" name="fr36">[36]</a></p>
<p style="text-align: justify; ">In 2001, the National Human Rights Commission (NHRC) admitted a complaint from a patient at the All Indian Institute of Medical Sciences, alleging psychiatric abuse at the hands of the consulting doctor, having been put on a four year course of drugs and told he had to be "cured" of his homosexuality. The NHRC finally chose to reject the complaint, with informal conversations with the chairman showing his belief that till section 377 was read down, nothing could be done. <a href="#fn37" name="fr37">[37]</a></p>
<p style="text-align: justify; ">According to Vinay Chandran, Executive Director of the Swabhava Trust, medicine in India continues to be obsessed with curing homosexuality, with health professionals in many places still offering behavioural therapy including electric shock treatment as well as psychiatric drugs and hormones in order to "cure" patients of homosexual desire. Vinay reports that a couple of psychiatrists in Bangalore mentioned that there were possibilities of discovering which gene determines sexual preference and scientifically suppressing it.<a href="#fn38" name="fr38">[38]</a></p>
<p style="text-align: justify; ">Of course quacks exist across the spectrum, and medicinal malpractice is barely limited to serving disastrous advice/ treatment to persons "afflicted" with homosexuality. For understanding how the debate moves beyond merely unqualified doctors, we have to factor in the category of ego-dystonic homosexuality, which is endorsed by the WHO. Here, the gender identity or sexual preference of the individual is not in doubt, but the individual wishes it were different and seeks treatment.<a href="#fn39" name="fr39">[39]</a></p>
<p style="text-align: justify; ">The way a number of psychiatrists’ engage with the situation is summed up by the statement: "it’s not my job to tell him that it’s okay to be gay." No, the psychiatrist’s job it seems is to attempt to "cure" the oft-acknowledged incurable.</p>
<p style="text-align: justify; ">The fundamental factor not taken into account is that it is very often the environment that surrounds expression of homosexual identity that the patient is concerned about, as opposed to merely the idea of being LGBT. The relationship between patient and doctor is a fiduciary one, premised on absolute trust. In consulting a doctor, the patient entrusts fundamental decision making powers to the practitioner. The medical professional is often unable to comprehend the question of choice. This in turn results in effectively infringing the patient’s autonomy: the component of attaining fulfillment, the growth in self-esteem that the Delhi High Court elaborated on is robbed in the process of stifling sexuality, even when it is something the patient specifically requests the doctor for.</p>
<p style="text-align: justify; "><b>Lesbian Unions</b></p>
<p style="text-align: justify; ">Maya Sharma, in her book Loving Women locates the stories of a number of working-class lesbian women struggling to be with each other against the odds.<a href="#fn40" name="fr40">[40]</a> In a vein that parallels the reaction elicited to inter-religious or inter-caste marriages in a number of regions, it is often the honour of a family/village that is invoked in opposition to the demands of two people who want to be each other. One incident involves a woman who "dares" to elope with another being beaten and stripped, having her face blackened and being paraded around a village with a garland of shoes on her neck. Sahayatrika, a lesbian women's collective in Kerala has documented 24 cases of lesbian couple suicides in Kerala during the period between 1996 and 2004.<a href="#fn41" name="fr41">[41]</a> Earlier this year, two sets of lesbian couples committed suicide within a month of each – one in Sonarpur,.<a href="#fn42" name="fr42">[42]</a> and the other in Nandigram.<a href="#fn43" name="fr43">[43]</a></p>
<p style="text-align: justify; ">Sexuality has often been used as a means for controlling women. The immoral/ tainted woman when placed in contrast with the idealized image of the model Indian woman is an image played out in various daily social interactions. In carrying out the agenda of control, the act of agency displayed by women who choose to step out of the heterosexual woodwork is a direct threat to that very system. The acts of family members in attempting to separate lesbian unions display a lack of respect for autonomy and for the private decisions of the women concerned. The feelings of fear, shame and isolation experienced by women who dare to explore their sexuality are compounded by instances of persecution by the family. The state is further complicit in numerous documented instances with the police often working with the family to track down the runaway brides and get them back home to familial watch under lock and key.</p>
<p style="text-align: justify; ">Privacy again battles with privacy in this realm: an oft-heard feminist critique of privacy hinges on the idea that privacy can be dangerous for women when it is used to cover up repression and physical harm to them by creation of the public/private divide.<a href="#fn44" name="fr44">[44]</a> The private realm is premised on non-intervention by the State. In this instance however, it is another aspect of privacy that needs to be valued, and one that even calls for state intervention: the aforementioned act of autonomy.</p>
<h3 style="text-align: justify; "><b>Privacy in the Time of Naz</b></h3>
<p style="text-align: justify; ">The examples up until now have been coloured with a pre-Naz conception of privacy and queer rights – this chapter takes up two incidents post the judgment that captured the public imagination. First is the sting operation carried out on an Allahabad Muslim University professor that began a chain of events leading to his death; the second is an "expose" on the gay community carried by TV9. In both incidents, the "Spectre of Naz" <a href="#fn45" name="fr45">[45]</a> looms in the background, in many ways acting as an empowering, legitimizing force.</p>
<p style="text-align: justify; "><b>The Allahabad Muslim University Sting Operation</b></p>
<p style="text-align: justify; ">In February 2010, newspapers widely reported the story of Dr. Shrinivas Ramchandra Siras a 64 year-old Reader & Chairman, Department of Modern Indian Languages, Aligarh Muslim University (AMU) being filmed having consensual sex with another adult male. When the video was made public, AMU suspended Siras for immoral sexual activity.<a href="#fn46" name="fr46">[46]</a> The implications of the suspension both in terms of the perception of homosexuality as immoral despite the judgment of the Delhi High Court as well as the disturbing nature of the occurrence of the filming of Dr. Siras in the privacy of his home prompted a nationwide outrage.<a href="#fn47" name="fr47">[47]</a></p>
<p style="text-align: justify; ">On April 1 of the same year, the Allahabad High Court ordered AMU to reinstate Siras, holding that his right to privacy had been violated, stating "the right of privacy is a fundamental right, needs to be protected and that unless the conduct of a person, even if he is a teacher is going to affect and has substantial nexus with his employment, it may not be treated as misconduct."<a href="#fn48" name="fr48">[48]</a></p>
<p style="text-align: justify; ">Then comes the news that Uttar Pradesh police had arrested two of those who broke into Siras’ house and filmed him. Many university officials were also charged with criminal offences. As Vinay Sitapati notes, none of this could have happened in a context where gay sex was illegal. In that context, it would have been Siras who was the criminal, and the additional wrongs done simply irrelevant – "this is not how the story was supposed to pan out. Those who broke into Siras’s house and AMU (and there are allegations that they are one and the same) assumed that Siras’s transgressions were so repellent, that their own would be forgiven." The judicial narrative — of a victimized Siras, a callous administration and criminal house-breakers — owes much to the Delhi High Court’s view that Siras’s sexual choice was legitimate.<a href="#fn49" name="fr49">[49]</a></p>
<p style="text-align: justify; ">Going back to the understanding that the right to privacy is integrally linked to the notion of autonomy and the right to live with dignity ‒ it is this most fundamental of Constitutional safeguards that the AMU authorities clearly colluded in negating by being complicit in the sting operation and subsequently suspending Dr. Siras. A press release by the AMU authorities demonstrated a continuing disrespect for privacy: "the university respects the privacy of a teacher living in its premises but it also expects everyone to behave in a respectful manner giving due regard to its valued cultural ethos and the campus sensitivity including their neighbours concerns and to the great moral credentials that AMU has been nurturing since its inception."<a href="#fn50" name="fr50">[50]</a></p>
<p style="text-align: justify; "><b>The TV9 “Expose”</b></p>
<p style="text-align: justify; ">In February of 2011, the news channel TV9 aired what it called an expose on the Hyderabad gay community titled "Gay Culture in Hyderabad". The video starts by worrying about how gay culture in Hyderabad is "increasing drastically". Following this, footage of a gay club is shown, without any attempt to blank out faces. The show then puts itself in the mode of investigative journalism, as TV9 sets itself the target of exposing the "truth" about gay culture in the city.</p>
<p style="text-align: justify; ">Next, viewers are informed about gay dating websites, with the anchor taking special care to inform viewers that it is software employees and students who mostly "fall prey" to this gay culture. Then, in an astonishingly blunt violation of privacy, pictures of men on one dating site are flashed on the screen, accompanied by conversations between the concerned man and a TV9 journalist soliciting sex. "While some do it for new pleasures, some get spoilt by friends, others do it for the crave of money and the remaining are vowed by the lust some of them have changed it into a business by capturing teenager's mind and get them into hell."</p>
<p style="text-align: justify; ">The video recording of the telecast on YouTube was taken off the site following a sustained protest from users of the site. Notices for legal action were sent to TV9 offices, including a detailed petition from Adhikaar, a Delhi based NGO. Two questions were primarily asked on LGBT mailing lists across the country<a href="#fn51" name="fr51">[51]</a>: first, regarding how safe establishing one’s homosexual identity online, or attending gay parties would be anymore, and secondly, whether a protest should take place, and what the nature of the same should be.</p>
<p style="text-align: justify; ">As highlighted by the petition drafted by Adhikaar, a Delhi-based NGO, this act of TV9 was violative of Code 6 of the News Broadcasters Association Code which deals with matters of privacy, and states:<a href="#fn52" name="fr52">[52]</a></p>
<p class="callout" style="text-align: justify; ">"As a rule channels must not intrude on private lives, or personal affairs of individuals, unless there is a clearly established larger and identifiable public interest for such a broadcast. The underlying principle that news channels abide by is that the intrusion of the private spaces, records, transcripts, telephone conversations and any other material will not be for salacious interest, but only when warranted in the public interest."</p>
<p style="text-align: justify; ">By way of entrapping a set of gay men through calling them and asking them pointed personal questions about their sexual lives, TV9 was further in violation of Code 9 (Self-Regulation Section) of the News Broadcasters Association which deals with sting operations and which states:<a href="#fn53" name="fr53">[53]</a></p>
<p class="callout" style="text-align: justify; ">"As a guiding principle, sting and undercover operations should be a last resort of news channels in an attempt to give the viewer comprehensive coverage of any news story. News channels will not allow sex and sleaze as a means to carry out sting operations, the use of narcotics and psychotropic substances or any act of violence, intimidation, or discrimination as a justifiable means in the recording of any sting operation."</p>
<p style="text-align: justify; ">A month later, the News Broadcasting Standards Authority, New Delhi censured TV9 and ordered it to pay a fine of Rs.1,00,000 and broadcast an apology in prime time both in English and in Telugu. The Authority determined that TV9 has violated the codes of ethics and broadcasting standards.<a href="#fn54" name="fr54">[54]</a></p>
<p style="text-align: justify; ">Justice JS Verma called the story a sensationalized depiction of gay culture in Hyderabad and the story needlessly violated the privacy of individuals, with possible alternate sexual orientation. He also pointed out that alternate sexual orientation is no longer considered as a taboo or a criminal act. The channel was directed to run an apology for three consecutive days beginning the Monday next, in prime time with the following text:</p>
<p class="callout" style="text-align: justify; ">"TV9 apologizes for the story “Gay Culture Rampant in Hyderabad” telecast on this channel on 22 February, 2011 from3.11 p.m. to 3.17 p.m. particularly since the story invaded the privacy of certain persons and was in violation of the Code of Ethics & Broadcasting Standards of the News Broadcasters Association. Any hurt or harm caused to any person thereby is sincerely regretted."</p>
<p style="text-align: justify; ">Again, it must be noted that the order of the NBSA would not have been possible in a context where gay sex was illegal: it is that very notion that allowed the Authority to move past the issue of homosexuality and instead delve into the merits of the actual harm done here.</p>
<h2 style="text-align: justify; ">Conclusion</h2>
<p style="text-align: justify; ">It is possible to mount an argument that nothing has really changed post-Naz. The AMU’s attitude even in the face of the flak it received after the sting operation was phlegmatic at best: a summary statement saying that while it respected his privacy, it also expected a certain degree of behavior keeping in line with its "valued cultural ethos". Reactions like this threaten to lock the idea of privacy into a closed epistemic loop of judicial discourse: the courts might go hoarse extolling the significance of privacy, but it is for nought if the AMU decides it can still walk away with its flagrant violation of basic civil liberties. Or perhaps the frenzy generated by the incident will work as a deterrent factor to future institutions fixing their moral gaze upon their members. The strength of an incident as precedent can only be gauged effectively by how its future echoes use it as a reference point.</p>
<div class="pullquote" style="text-align: justify; "><b>Meanwhile, what do these stories tell us about privacy? </b></div>
<p style="text-align: justify; ">The issues faced by the transgender community tell us that privacy doesn’t necessarily encompass a one-size-fits-all approach, and can raise as many questions as it answers. The issues faced by the Lucknow NGOs narrate a tale of institutionalized disrespect for privacy that has marginally more devastating consequences for the homosexual community by the spectre of outing. The issues faced by lesbian women evidence yet another need for breaching the public/private divide, demonstrating how the protection of the law might be welcome in the family sphere regardless of the bull-in-a-china-shop<a href="#fn55" name="fr55">[55]</a> prophecies of doom. Alternate sexual orientation and gender identity might bring the community under a common rubric, but distilling the components of that rubric is essential for engaging in any kind of useful understanding of the community and the kind of privacy violations it suffers – or engage with situations when the lack of privacy is empowering.</p>
<h2 style="text-align: justify; "><b>Selected incidents reported from 2001-2011</b></h2>
<table class="plain" style="text-align: justify; ">
<tbody>
<tr>
<td>1</td>
<td>NGO charged with running gay club</td>
<td>8 July 2001</td>
<td>Times of India</td>
<td><a class="external-link" href="http://goo.gl/MNHzw">http://goo.gl/MNHzw</a></td>
</tr>
<tr>
<td>2</td>
<td>Homosexuality okay if practiced in private</td>
<td>14 September 2011</td>
<td>Sify News</td>
<td><a class="external-link" href="http://goo.gl/iF3PQ">http://goo.gl/iF3PQ</a></td>
</tr>
<tr>
<td>3</td>
<td>Male callers harass lesbian helpline</td>
<td>26 October 2003</td>
<td>Mid Day Mumbai</td>
<td><a class="external-link" href="http://goo.gl/Xf0fj">http://goo.gl/Xf0fj</a></td>
</tr>
<tr>
<td>4</td>
<td>Lesbian marriages, born of a legal loophole, stir debate in India</td>
<td>4 February 2005</td>
<td>DesPardes</td>
<td><a class="external-link" href="http://goo.gl/O30Hf">http://goo.gl/O30Hf</a></td>
</tr>
<tr>
<td>5</td>
<td>Third sex finds a place on Indian passport forms</td>
<td>10 March 2005</td>
<td>Telegraph</td>
<td><a class="external-link" href="http://goo.gl/nBQIt">http://goo.gl/nBQIt</a></td>
</tr>
<tr>
<td>6</td>
<td>Lesbian couple sparks debate in Uttar Pradesh state</td>
<td>9 April 2005</td>
<td>Sify News</td>
<td><a class="external-link" href="http://goo.gl/9GxuF">http://goo.gl/9GxuF</a></td>
</tr>
<tr>
<td>7</td>
<td>The Indian city of Chennai is set to build toilets for trans people</td>
<td>July 2005</td>
<td>Pink News</td>
<td><a class="external-link" href="http://goo.gl/52Llq">http://goo.gl/52Llq</a></td>
</tr>
<tr>
<td>8</td>
<td>Homosexual gangs</td>
<td>3 January 2006</td>
<td>Pioneer</td>
<td><a class="external-link" href="http://goo.gl/NX2NP">http://goo.gl/NX2NP</a></td>
</tr>
<tr>
<td>9</td>
<td>Nihal was used to homosexual sex since 1986</td>
<td>4 January 2006</td>
<td>Dainik Jagran</td>
<td><a class="external-link" href="http://goo.gl/NX2NP">http://goo.gl/NX2NP</a></td>
</tr>
<tr>
<td>10</td>
<td>Ain’t no cure for love</td>
<td>6 June 2006</td>
<td>India Together</td>
<td><a class="external-link" href="http://goo.gl/V9Vjn">http://goo.gl/V9Vjn</a></td>
</tr>
<tr>
<td>11</td>
<td>Police bust gay party</td>
<td>4 February 2008</td>
<td>Times of India</td>
<td><a class="external-link" href="http://goo.gl/n2nyz">http://goo.gl/n2nyz</a></td>
</tr>
<tr>
<td>12</td>
<td>Aligarh Muslim University professor suspended for being gay</td>
<td>18 February 2010</td>
<td>Times of India</td>
<td><a class="external-link" href="http://goo.gl/D8LuD">http://goo.gl/D8LuD</a></td>
</tr>
<tr>
<td>13</td>
<td>Class monitors</td>
<td>8 March 2010</td>
<td>Outlook</td>
<td><a class="external-link" href="http://goo.gl/Q2dkV">http://goo.gl/Q2dkV</a></td>
</tr>
<tr>
<td>14</td>
<td>Aligarh gay professor found dead, may have killed self</td>
<td>8 April 2010</td>
<td>Times of India</td>
<td><a class="external-link" href="http://goo.gl/FyeIz">http://goo.gl/FyeIz</a></td>
</tr>
<tr>
<td>15</td>
<td>AMU professor a victim of clash between ‘tradition’ and privacy</td>
<td>25 February 2010</td>
<td>The Hindu</td>
<td><a class="external-link" href="http://goo.gl/AtiJW">http://goo.gl/AtiJW</a></td>
</tr>
<tr>
<td>16</td>
<td>Criminal case registered against six in gay professor case</td>
<td>10 April 2010</td>
<td>India Today</td>
<td><a class="external-link" href="http://goo.gl/LfwDI">http://goo.gl/LfwDI</a></td>
</tr>
<tr>
<td>17</td>
<td>AMU Prof promised money for sex: Rickshaw-puller</td>
<td>19 April 2010</td>
<td>Times of India</td>
<td><a class="external-link" href="http://goo.gl/aXmBz">http://goo.gl/aXmBz</a></td>
</tr>
<tr>
<td>18</td>
<td>Varsity paid for sting on gay professor</td>
<td>19 February 2010</td>
<td>India Today</td>
<td><a class="external-link" href="http://goo.gl/cyQxL">http://goo.gl/cyQxL</a></td>
</tr>
<tr>
<td>19</td>
<td>TV channel outs gay men, women in Hyderabad</td>
<td>24 February 2010</td>
<td>NDTV</td>
<td><a class="external-link" href="http://goo.gl/w6NG4">http://goo.gl/w6NG4</a></td>
</tr>
<tr>
<td>20</td>
<td>News Broadcasting Standards Authority censures TV9 over privacy violations</td>
<td>25 March 2011</td>
<td>Privacy India</td>
<td><a class="external-link" href="http://goo.gl/rY7bT">http://goo.gl/rY7bT</a></td>
</tr>
<tr>
<td>21</td>
<td>In a first, Gurgaon Court recognizes lesbian marriage</td>
<td>29 July 2011</td>
<td>Times of India</td>
<td><a class="external-link" href="http://goo.gl/70KPr">http://goo.gl/70KPr</a></td>
</tr>
</tbody>
</table>
<p style="text-align: justify; "><b>Notes</b></p>
<p style="text-align: justify; ">[<a href="#fr1" name="fn1">1</a>].Madhavi Goradia Divan, Facets of Media Law, Eastern Book Company, Lucknow, 2006.</p>
<p style="text-align: justify; ">[<a href="#fr2" name="fn2">2</a>].For instance, an HIV positive man’s right to marry as discussed in <i>Mr. X v. Hospital Z</i>, 1998 (8) SCC 296.</p>
<p style="text-align: justify; ">[<a href="#fr3" name="fn3">3</a>].Section 377, Indian Penal Code.</p>
<p style="text-align: justify; ">[<a href="#fr4" name="fn4">4</a>].(2009) 160 DLT 277.</p>
<p style="text-align: justify; ">[<a href="#fr5" name="fn5">5</a>].<a class="external-link" href="http://www.openletter377.com/">http://www.openletter377.com/</a>, last accessed 20 October 2007.</p>
<p style="text-align: justify; ">[<a href="#fr6" name="fn6">6</a>].Olmstead v. U.S., 277 U.S. 438, 478 (1928) (Brandeis, J., dissenting).</p>
<p style="text-align: justify; ">[<a href="#fr7" name="fn7">7</a>].Cathy Harris, Outing Privacy Litigation: Towards a Contextual Strategy for Lesbian and Gay Rights, 65 Geo. Wash. L. Rev. 248.</p>
<p style="text-align: justify; ">[<a href="#fr8" name="fn8">8</a>].Ibid.</p>
<p style="text-align: justify; ">[<a href="#fr9" name="fn9">9</a>].Amita Dhanda, Constructing a New Human Rights Lexicon : Convention on the Rights of Persons with Disabilities, Year 5 No. 8 Sao Paulo June 2008.</p>
<p style="text-align: justify; ">[<a href="#fr10" name="fn10">10</a>].See Henry Shue, Basic Rights Subsistence Affluence and US Foreign Policy, Princeton University Press, 2nd ed. 1996.</p>
<p style="text-align: justify; ">[<a href="#fr11" name="fn11">11</a>].<i>Naz Foundation v. Government of NCT, Delhi</i>, 160 (2009) DLT 277.</p>
<p style="text-align: justify; ">[<a href="#fr12" name="fn12">12</a>].Ibid., 47.</p>
<p style="text-align: justify; ">[<a href="#fr13" name="fn13">13</a>].Ibid., 26, 83, 113.</p>
<p style="text-align: justify; ">[<a href="#fr14" name="fn14">14</a>].Arvind Narrain, Queer: Law and Despised Sexualities in India, Books for Change, 2004.</p>
<p style="text-align: justify; ">[<a href="#fr15" name="fn15">15</a>].Men who have sex with men.</p>
<p style="text-align: justify; ">[<a href="#fr16" name="fn16">16</a>]."Gay Club Supplied Boys to Politicians"; "Gay Culture Started in UP in 1998 Itself", The Times of India.</p>
<p style="text-align: justify; ">[<a href="#fr17" name="fn17">17</a>].Criminal Misc. Case No. 2054/2001, as taken from Arvind Narrain, Queer: Law and Despised Sexualities in India.</p>
<p style="text-align: justify; ">[<a href="#fr18" name="fn18">18</a>].AIR 1963 SC 1295; it was Justice Subba Rao’s minority decision here that laid the foundation for the right to privacy in India.</p>
<p style="text-align: justify; ">[<a href="#fr19" name="fn19">19</a>].1975 (2) SCC 148.</p>
<p style="text-align: justify; ">[<a href="#fr20" name="fn20">20</a>]. Arvind Narrain, Queer: Law and Despised Sexualities in India, Books for Change, 2004.</p>
<p style="text-align: justify; ">[<a href="#fr21" name="fn20">21</a>].Ibid.</p>
<p style="text-align: justify; ">[<a href="#fr21" name="fn21">21</a>].Alok Gupta, Section 377 and the Dignity of Indian Homosexuals, <a class="external-link" href="http://www.iglhrc.org/binary-data/ATTACHMENT/file/000/000/15-1.pdf">http://www.iglhrc.org/binary-data/ATTACHMENT/file/000/000/15-1.pdf</a>, last accessed on 9 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr22" name="fn22">22</a>].Ibid.</p>
<p style="text-align: justify; ">[<a href="#fr23" name="fn23">23</a>].<a class="external-link" href="http://timesofindia.indiatimes.com/Mumbai/Police_bust_gay_party/articleshow/2753740.cms">http://timesofindia.indiatimes.com/Mumbai/Police_bust_gay_party/articleshow/2753740.cms</a>, last accessed on 8 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr24" name="fn24">24</a>].Human Rights Violations in the Transgender Community: A Report by PUCL-K, 2nd ed. 2005.</p>
<p style="text-align: justify; ">[<a href="#fr25" name="fn25">25</a>].<a class="external-link" href="http://www.guardian.co.uk/world/2008/jul/04/india-gender">http://www.guardian.co.uk/world/2008/jul/04/india-gender</a>, last accessed on 9 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr26" name="fn26">26</a>].<a class="external-link" href="http://www.pinknews.co.uk/news/articles/2005-11518.html">http://www.pinknews.co.uk/news/articles/2005-11518.html</a>, last accessed on 10 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr27" name="fn27">27</a>].Transgender people deserve privacy, dignity, in public bathrooms, Maine Opinion, available at <a class="external-link" href="http://bangordailynews.com/2011/05/17/opinion/transgender-people-deserve-privacy-dignity-in-public-bathrooms/">http://bangordailynews.com/2011/05/17/opinion/transgender-people-deserve-privacy-dignity-in-public-bathrooms/</a>, last accessed on 20 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr28" name="fn28">28</a>].Transgender people deserve privacy, dignity, in public bathrooms, Maine Opinion, available at <a class="external-link" href="http://bangordailynews.com/2011/05/17/opinion/transgender-people-deserve-privacy-dignity-in-public-bathrooms/">http://bangordailynews.com/2011/05/17/opinion/transgender-people-deserve-privacy-dignity-in-public-bathrooms/</a>, last accessed on 20 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr29" name="fn29">29</a>].Siddharth Narrain, Being a Eunuch, available at <a class="external-link" href="http://www.countercurrents.org/gen-narrain141003.htm">http://www.countercurrents.org/gen-narrain141003.htm</a>, last accessed on 20 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr30" name="fn30">30</a>].<a class="external-link" href="http://webcache.googleusercontent.com/search?q=cache:gLqrElQbWboJ:infochangeindia.org/human-rights/news/-third-sex-finds-a-place-on-indian-passport-forms.html+PASSPORT+APPLICATION+INDIA+gender&cd=4&hl=en&ct=clnk&gl=in&source=www.google.co.in">http://webcache.googleusercontent.com/search?q=cache:gLqrElQbWboJ:infochangeindia.org/human-rights/news/-third-sex-finds-a-place-on-indian-passport-forms.html+PASSPORT+APPLICATION+INDIA+gender&cd=4&hl=en&ct=clnk&gl=in&source=www.google.co.in</a>, last accessed on 9 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr31" name="fn31">31</a>].<a class="external-link" href="http://passport.gov.in/cpv/ppapp1.pdf">http://passport.gov.in/cpv/ppapp1.pdf</a>, last accessed on 9 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr32" name="fn32">32</a>].<a class="external-link" href="http://www.ndtv.com/article/india/andhra-pradesh-government-gives-in-to-sexuality-bias-71454">http://www.ndtv.com/article/india/andhra-pradesh-government-gives-in-to-sexuality-bias-71454</a>, last accessed on 8 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr33" name="fn33">33</a>].Gee Ameena Suleiman, Non-Hijra Transgenders Struggle for Identity, Daily News and Analysis, available at <a class="external-link" href="http://www.dnaindia.com/lifestyle/report_non-hijra-transgenders-struggle-for-identity_1588421">http://www.dnaindia.com/lifestyle/report_non-hijra-transgenders-struggle-for-identity_1588421</a>, last accessed on 25 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr34" name="fn34">34</a>].Arvind Narrain and Vinay Chandran, It’s Not My Job to tell you It’s okay to be Gay – Medicalisation of Homosexuality: A Queer Critique, available at http://www.altlawforum.org/gender-and-sexuality/publications/medicalizationfinal.rtf/at_download/file<a class="external-link" href="http://www.altlawforum.org/gender-and-sexuality/publications/medicalizationfinal.rtf/at_download/file">http://www.altlawforum.org/gender-and-sexuality/publications/medicalizationfinal.rtf/at_download/file</a>, last accessed on 20 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr35" name="fn35">35</a>].160 (2009) DLT 277.</p>
<p style="text-align: justify; ">[<a href="#fr36" name="fn36">36</a>].<a class="external-link" href="http://www.unhcr.org/refworld/pdfid/4b6fe2110.pdf">http://www.unhcr.org/refworld/pdfid/4b6fe2110.pdf</a>, last accessed 9 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr37" name="fn37">37</a>].Arvind Narrain. and Tarunabh Khaitan, Medicalisation of Homosexuality : A Human Rights Approach, as taken from Bina Fernandez (ed.), Humjinsi: A Resource Book on Lesbian, Gay and Bisexual Rights in India (New Delhi : India Centre for Human Rights and the Law, 2002).</p>
<p style="text-align: justify; ">[<a href="#fr38" name="fn38">38</a>].Vinay Chandran, Ain’t no cure for love, India Together, last accessed on 8 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr39" name="fn39">39</a>].Supra n. 32.</p>
<p style="text-align: justify; ">[<a href="#fr40" name="fn40">40</a>].Maya Sharma, Loving Women: Being Lesbian in Unprivileged India, Yoda Press, 2006.</p>
<p style="text-align: justify; ">[<a href="#fr41" name="fn41">41</a>].India: Second NGO Shadow Report on CEDAW, November 2006, available at <a class="external-link" href="http://www.iwraw-ap.org/resources/pdf/India%20Shadow%20report.pdf">http://www.iwraw-ap.org/resources/pdf/India%20Shadow%20report.pdf</a>, last accessed on 10 September 2011.</p>
<p style="text-align: justify; ">[<a href="#fr42" name="fn42">42</a>].<a class="external-link" href="http://articles.timesofindia.indiatimes.com/2011-01-24/kolkata/28367047_1_girls-suicide-lesbian-couple">http://articles.timesofindia.indiatimes.com/2011-01-24/kolkata/28367047_1_girls-suicide-lesbian-couple</a>, last accessed on 10 September 2011.</p>
<p style="text-align: justify; ">[<a href="#fr43" name="fn43">43</a>].<a class="external-link" href="http://articles.timesofindia.indiatimes.com/2011-02-22/kolkata/28624865_1_lesbian-couple-suicide-field">http://articles.timesofindia.indiatimes.com/2011-02-22/kolkata/28624865_1_lesbian-couple-suicide-field</a>, last accessed on 10 September 2011.</p>
<p style="text-align: justify; ">[<a href="#fr44" name="fn44">44</a>].Saptarshi Mandal, Right to Privacy in Naz Foundation: A Counter-Heteronormative Critique, 3 NUJS L. Rev. 2009.</p>
<p style="text-align: justify; ">[<a href="#fr45" name="fn45">45</a>].Vinay Sitapati, The Spectre of Naz, as available at <a class="external-link" href="http://www.indianexpress.com/news/the-spectre-of-naz/609695/0">http://www.indianexpress.com/news/the-spectre-of-naz/609695/0</a>, last accessed on 9 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr46" name="fn46">46</a>].<a class="external-link" href="http://articles.timesofindia.indiatimes.com/2010-02-18/india/28118769_1_shrinivas-ramchandra-siras-rickshaw-puller-amu-campus">http://articles.timesofindia.indiatimes.com/2010-02-18/india/28118769_1_shrinivas-ramchandra-siras-rickshaw-puller-amu-campus</a>, last accessed on 11 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr47" name="fn47">47</a>]. Arvind Narrain, et al, Policing Morality at AMU: An Independent Fact-Finding Report, available at <a class="external-link" href="http://www.fridae.com/newsfeatures/2010/03/10/9724.policing-morality-at-amu-an-independent-fact-finding-report?n=sea&nm=amu">http://www.fridae.com/newsfeatures/2010/03/10/9724.policing-morality-at-amu-an-independent-fact-finding-report?n=sea&nm=amu</a>, last accessed on 11 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr48" name="fn48">48</a>].<i>Dr. Shrinivas Ramchandra Siras & Ors v. The Aligarh Muslim University & Ors</i>, Civil Misc. Writ Petition No.17549 of 2010.</p>
<p style="text-align: justify; ">[<a href="#fr49" name="fn49">49</a>].Vinay Sitapati, The Spectre of Naz, as available at <a class="external-link" href="http://www.indianexpress.com/news/the-spectre-of-naz/609695/0">http://www.indianexpress.com/news/the-spectre-of-naz/609695/0</a>, last accessed on 9 August 2011.</p>
<p style="text-align: justify; ">[<a href="#fr50" name="fn50">50</a>]. Supra n. 32</p>
<p style="text-align: justify; ">[<a href="#fr51" name="fn51">51</a>].<a class="external-link" href="mailto:lgbt-india@yahoogroups.com">Lgbt-india@yahoogroups.com</a>. This is possibly the most prolific mailing list for LGBT persons in the country, and is constantly active with atleast 4-5 mails being exchanged per day.</p>
<p style="text-align: justify; ">[<a href="#fr52" name="fn52">52</a>].Code of Ethics and Broadcasting Standards of the News Broadcasters Association.</p>
<p style="text-align: justify; ">[<a href="#fr53" name="fn53">53</a>].Code 9, Code of Ethics and Broadcasting Standards of the News Broadcasters Association.</p>
<p style="text-align: justify; ">[<a href="#fr54" name="fn54">54</a>].TV9 Ordered to Air Apology for Sting available at <a class="external-link" href="http://www.dnaindia.com/lifestyle/report_tv9-ordered-to-air-apology-for-sting_1527622">http://www.dnaindia.com/lifestyle/report_tv9-ordered-to-air-apology-for-sting_1527622</a>, last accessed on 10 September 2011.</p>
<p style="text-align: justify; ">[<a href="#fr55" name="fn55">55</a>].“Introduction of constitutional law in the home … is like introducing a bull in a china shop. It will prove to be a ruthless destroyer of the marriage institution”, Rohatgi, J. in <i>Harvinder Kaur v. Harmander Singh Choudhry</i>, AIR 1984 Del 66.</p>
<p style="text-align: justify; "><b>* The author, Danish Sheikh works with the Alternative Law Forum in Bangalore, India. </b></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/privacy-sexual-minorities'>http://editors.cis-india.org/internet-governance/privacy-sexual-minorities</a>
</p>
No publisherDanish SheikhInternet GovernancePrivacy2013-09-20T09:22:44ZBlog EntryUID: Questions without Answers – A Talk by Usha Ramanathan
http://editors.cis-india.org/internet-governance/blog/UID_Questions_without_Answers
<b>UID enrolment is in full swing, providing an official identification to millions of Indians, yet there are numerous unanswered questions. A public talk on UID was held at the Institute of Science, Bangalore on September 6, 2011. Usha Ramanathan, an independent law researcher on jurisprudence, poverty and rights, discussed the questions that plague the UID project and the veil of silence enveloping the answers.</b>
<p style="text-align: justify;">Ms. Ramanathan
began her presentation by describing the progress and evolution of the UID
project. She stated three adjectives that reflect the target goal of the Unique
Identification Authority of India (UIDAI): unique, ubiquitous and universal.
She demonstrated how their initial objectives and claims have been drastically
altered in three major ways.</p>
<p style="text-align: justify;">First and
foremost, the UIDAI claimed that enrolment is voluntary, not mandatory, and
hence, inclusive. Yet, Nandan Nilekani has
consistently maintained that other agencies may make it compulsory.
UID is becoming ubiquitous and is a prerequisite for access to a wide variety
of welfare schemes and services such as PDS, MGNREGS, banks, public health,
etc. It is thus clear that this could
actually exclude those who do not have a number or whose biometrics doesn't work. Therefore, this undermines the inclusive nature of the project.</p>
<p style="text-align: justify;">Second, the
UIDAI claimed that the UID would enable inclusive growth. Ms. Ramanathan expressed a
serious concern surrounding the risk of exclusion. Instead of facilitating
inclusion, around two to five per cent of the Indian population would be
excluded from the current process of authentication and potentially from having
a UID number, as they do not have viable biometric data.<a name="_ftnref" href="#_ftn1"><span class="MsoFootnoteReference">[1]</span></a> Physical or visual impairments such as corneal blindness, corneal scars, and
malnourishment induced cataracts or ‘low-quality’ fingerprints from a lifetime
of hard labour inhibit those from providing valid fingerprints or iris scans.<a name="_ftnref" href="#_ftn2"><span class="MsoFootnoteReference">[2]</span></a>
<u></u></p>
<p style="text-align: justify;">Third, Ms. Ramanathan reiterated that
the <a class="external-link" href="http://www.prsindia.org/uploads/media/NIA%20Draft%20Bill.pdf">National Identification Authority India Bill </a>prohibited sharing data, except by the consent of the resident, by
a court order or for national security. However, UID information is being directly fed into the National Intelligence Grid
(NATGRID) who will then provide information about people that is in 21
databases, to eleven security agencies, including the RAW and IB over which
there is no superintendence or oversight.<a name="_ftnref" href="#_ftn3"><span class="MsoFootnoteReference">[3]</span></a> She
discussed the high likelihood of a breach of privacy as there are insufficient
standards protecting an individual from unlawful invasion. Additionally, the
UIDAI does not have mechanisms in place for an individual to be notified if there
is a data breach. </p>
<h3><u>Who owns this project?</u></h3>
<p style="text-align: justify;">A very important question asked is, “Who owns this project?” Ms.
Ramanathan stated that the convergence of information especially during the
‘de-duplication process clearly reflects the corporatization of the project.
She also questioned the background of some of the technological companies
involved. For instance, L-1 Identity
Solutions is well known for its links with the CIA. Additionally, Accenture is
on a Smart Borders project with US Homeland Security. She explained that ownership also plays into the
feasibility and financial cost of the project. Furthermore, the UIDAI has not
conducted a
feasibility study on the technology or the financial cost of the project.</p>
<h3><u>International Experience</u></h3>
<p style="text-align: justify;">Lastly, Ms. Ramanathan discussed the international experience of a
universal identity system. In the United Kingdom, their universal system of
identification was labelled as ‘intrusive bullying’ as well as ‘an assault on personal
liberties’. The United States and the United Kingdom both abandoned a
universal identity system, as it was impractical, unjustified and dangerous.</p>
<p style="text-align: justify;">Ms. Ramanathan raised many questions that evoked thought and discussion from the
audience. She provided numerous examples of ambiguity, misconceptions and confusion
surrounding the UID project. She urged the audience to exercise their civil
liberties or risk losing them. Lastly, she believed that an informed debate
involving the UIDAI and the public is long overdue.</p>
<p style="text-align: justify;">“The UIDAI must clarify misconception and provide detailed answers to
crucial questions, as there is a lack of understanding within the general
population about the UID. Therefore, the UIDAI and the Government of India must
increase and ensure transparency of the UID project”, she added. </p>
<p style="text-align: justify;"><em>Ms. Usha Ramanathan was speaking at an event organised by Concern, an IISc Student group. She was speaking in her personal capacity and the opinions reflected above are necessarily not those of CIS.</em></p>
<p style="text-align: justify;"> </p>
<div><br clear="all" />
<hr align="left" size="1" width="33%" />
<div id="ftn">
<p><a name="_ftn1" href="#_ftnref"><span class="MsoFootnoteReference">[1]</span></a> Biometrics Design Standards for UID
Applications (December 2009).</p>
</div>
<div id="ftn">
<p><a name="_ftn2" href="#_ftnref"><span class="MsoFootnoteReference">[2]</span></a> Biometrics Design Standards
for UID Applications (December 2009).</p>
</div>
<div id="ftn">
<p style="text-align: justify;"><a name="_ftn3" href="#_ftnref"><span class="MsoFootnoteReference">[3]</span></a>Usha Ramanathan, The Myth of the Technology Fix, http://www.india-seminar.com/2011/617/617_usha_ramanathan.htm.</p>
<p style="text-align: justify;"><strong>VIDEO</strong></p>
<p> </p>
</div>
</div>
<iframe src="http://blip.tv/play/AYLRySYA.html" frameborder="0" height="250" width="250"></iframe><embed style="display:none" src="http://a.blip.tv/api.swf#AYLRySYA" type="application/x-shockwave-flash"></embed>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/UID_Questions_without_Answers'>http://editors.cis-india.org/internet-governance/blog/UID_Questions_without_Answers</a>
</p>
No publisherNatasha VazInternet GovernancePrivacy2011-11-24T04:41:41ZBlog EntryPutting Users First: How Can Privacy be Protected in Today’s Complex Mobile Ecosystem?
http://editors.cis-india.org/news/how-can-privacy-be-protected
<b></b>
<p><span class="Apple-style-span">Traditional approaches to ‘online privacy’ are often based on ‘compliance’ with a patchwork of local laws (where they exist). However, as new mobile services, applications and data flows become increasingly global, geo-graphically-bound laws appear unable to keep pace. Self-regulation has an important role to play in ensuring that mobile users’ privacy is treated consistently irrespective of the location of companies, the technologies and business models involved. A key challenge for industry is (a) to identify mobile-friendly ways of helping users make informed decisions about their information and privacy; and (b) to ensure user privacy is respected and protected by those designing and building the services and applications of tomorrow. </span></p>
<p>The aim of this proposed workshop is to foster a constructive conversation around three key issues: </p>
<div>
<div>
<ol><li>Are privacy challenges on the mobile platform different to the fixed-pc environment? [Particularly in the context of:<br />Location privacy<br />Behavioural Advertising <br />Applications and related services<br /></li><li>To what extent is mobile users’ privacy protected across technological and legal boundaries?</li><li>What are different stakeholders doing, what can they do and what should they be doing to address these challenges?</li></ol>
<div> </div>
</div>
</div>
<div><strong>Which of the five broad IGF Themes or the Cross-Cutting Priorities does your workshop fall under?</strong></div>
<div>Security, Openness and Privacy</div>
<div> </div>
<div>
<div><strong>Have you organized an IGF workshop before?</strong> No</div>
<div><strong>If so, please provide the link to the report</strong>:</div>
<div>No link to this report</div>
</div>
<div> </div>
<div><strong>Provide the names and affiliations of the panellists you are planning to invite</strong>:</div>
<div>The GSMA is working to address these privacy related challenges and is also committed to helping establish and shape a culture of privacy that respects and protects the privacy of users across the mobile ecosystem. Its work is coordinated through the GSMA Mobile Privacy Initiative. Through this Initiative the GSMA has been working closely with Industry stakeholders, Regulators, Governments and NGOs globally. For this workshop, we would propose to invite a panel of 7-8 participants (including the moderator) which could represent the following stakeholder categories:</div>
<div> </div>
<div>
<div>
<ul><li>A Representative from GSMA (Pat Walshe, Director of Privacy) </li><li>One mobile operator: Jeff Brueggeman (Vice President-Publiy Policy AT&T)</li><li>A rep from the online industry: (i) Patrick Ryan, Policy Counsel, Open Internet for Google Inc</li><li>A rep from an open source software developer: Ms Juliana Rotich, Executive Director of Ushahidi Inc </li></ul>
</div>
</div>
<div> </div>
<div><strong>Two Civil Society/ NGO representatives</strong>:</div>
<div>
<ul><li>Sunil Abraham, executive director, The Centre for Internet and Society (India)</li><li>An academic (Ian Brown, co-director of Oxford University's Information Security and Privacy Programme )</li></ul>
<div><br />Panel Moderator: Ambassador David Gross, Partner, Wiley Rein LLP</div>
</div>
<div> </div>
<div>Remote panel moderator: Yiannis Theodorou, Regulatory Policy Manager, GSMA</div>
<div> </div>
<div><strong>Provide the name of the organizer(s) of the workshop and their affiliation to various stakeholder groups</strong>:</div>
<div>
<ul><li>Natasha Jackson: Head of Content, GSMA and Board member of the Family Online Safety Institute (FOSI)</li><li>Pat Walshe: Director of Privacy, GSMA, Member British Computer Society, International Association of Privacy Professionals</li></ul>
</div>
<div> </div>
<div>The GSMA and its members actively participated in previous IGF workshops. GSMA has proven expertise and capacity to organise multi-stakeholder workshops and conferences – including the Mobile World Congress, Mobile Asia Congress, Government Mobile Forum every year, attended by tens of thousands of delegates and also organised a roundtable on mobile privacy at the 32nd International Conference of Data Protection and Privacy Commissioners held in Israel in October 2010.</div>
<div> </div>
<div>The GSMA represents the interests of the worldwide mobile communications industry. Spanning 219 countries, the GSMA unites nearly 800 of the world's mobile operators, as well as more than 200 companies in the broader mobile ecosystem, including handset makers, software companies, equipment providers, Internet companies, and media and entertainment organisations.</div>
<div><br /><strong>Organization</strong>:GSM Association</div>
<div><strong>Contact Person</strong>: Yiannis Theodorou, Regulatory Policy Manager, GSMA</div>
<div> </div>
<div>Workshop Number: 75 </div>
<div>See the <a class="external-link" href="http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=WSProposals2011View&wspid=75">event details</a> on the IGF website.</div>
<p>
For more details visit <a href='http://editors.cis-india.org/news/how-can-privacy-be-protected'>http://editors.cis-india.org/news/how-can-privacy-be-protected</a>
</p>
No publisherpraskrishnaPrivacy2011-09-22T10:03:58ZNews ItemPrivacy, Security, and Access to Rights: A Technical and Policy Analyses
http://editors.cis-india.org/news/privacy-security-access-to-rights
<b>Privacy and security are often presented as zero-sum outcomes with respect to issues affecting Internet governance. This dichotomous treatment often results in policy outcomes that directly limit access and rights. The meanings of privacy and security, however, are not used uniformly and often vary with the regards to the issue at hand (i.e. financial crimes, copyright enforcement) as well as cultural and political context.</b>
<p>This workshop aims to explore the nuances in the relationship between privacy and security through a series of technical demonstrations alongside policy analyses from different regions to determine how rights and access can be best protected. </p>
<p>The Workshop Agenda is as follows:</p>
<ol><li>Introduction - Workshop Agenda, Issues, and Panelists (5 minutes) </li><li>Regional Perspectives - Cultural and Policy Understandings of Privacy and Security, and the implications for access and rights (20 min)</li><li>Technical Perspectives - Designing privacy and security through technology (20 min)</li><li>Policy Opportunities and Challenges (10 min)</li><li>Question and Answer (30 min)</li></ol>
<div> </div>
<div>
<div><strong>Which of the five broad IGF Themes or the Cross-Cutting Priorities does your workshop fall under?</strong></div>
<div>Security, Openness and Privacy</div>
</div>
<div> </div>
<div>
<div><strong>Have you organized an IGF workshop before?</strong> No</div>
<div><strong>If so, please provide the link to the report</strong>:</div>
<div>No link to this report</div>
</div>
<div> </div>
<div><strong>Provide the names and affiliations of the panellists you are planning to invite</strong>:<br />Invited Panelists:</div>
<div>
<div>
<ul><li> Karen Reilly, Tor Project (United States)</li><li>Carlos Affonso Pereira de Souza, Centro de Technologica e Socieda (Brazil)</li><li>Smari McCarthy, International Modern Media Initiative (Iceland)</li><li>Christopher Soghoian, Indiana University (United States)</li><li>Bob Pepper, Cisco (United States)* </li><li>Sunil Abraham (India)</li></ul>
<div> </div>
</div>
<div>
<div>Remote Moderator:</div>
<div>Cameran Ashraf, University of California, Los Angeles</div>
</div>
<div> </div>
<div>
<div><strong>Provide the name of the organizer(s) of the workshop and their affiliation to various stakeholder groups</strong>:</div>
<div>
<ul><li>Kim Pham, Expression Technologies, Civil Society</li><li>Karen Reilly, Tor Project, Technical/Civil Society</li></ul>
</div>
</div>
</div>
<div><strong>Organization</strong>: Expression Technologies</div>
<div><strong>Contact Person</strong>: Kim Pham</div>
<div> </div>
<div>See the <a class="external-link" href="http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=WSProposals2011View&wspid=219">event details</a> on the IGF website</div>
<p>
For more details visit <a href='http://editors.cis-india.org/news/privacy-security-access-to-rights'>http://editors.cis-india.org/news/privacy-security-access-to-rights</a>
</p>
No publisherpraskrishnaPrivacy2011-09-22T09:28:56ZNews ItemIISc students boycott UID, don’t want Big Brother to keep watch
http://editors.cis-india.org/news/iisc-students-boycott-uid
<b>The programme doesn’t have statutory backing. It is still in parliament </b>
<p>Nandan Nilekani may be Bangalore’s blue-eyed boy making waves at the national level with his Unique Identification Number (UID), but there’s one part of the city that’s not impressed: A section of students and faculty of Indian Institute of Science (IISc).</p>
<p>While many Bangaloreans have started enrolling for UID, the students are in boycott mode and say they will never do so.</p>
<p>Professor Shiv Sethi, astrophysics department, Raman Research Institute, said, “They (the authorities) have moved faster than us by starting the enrolment. It was during the discussion phase that we tried to impress upon them the loopholes of UID. Now that they have started the enrolment, it’s our turn to protest. We will meet and discuss with other like-minded people.”</p>
<p>IIScians say they don’t want to be under surveillance and that they are not comfortable with giving away their personal details since studies have proved how unsafe electronic data can be. The programme has been scrapped in the UK, they said.</p>
<p>In fact, when Nilekani visited IISc a few months back to deliver a lecture, the anti-UID group protested with placards and banners that read, ‘Beware, Big Brother is watching you’ and ‘Secure electronic archive is a myth’.</p>
<p>And now, apart from not signing up, some students are even considering burning copies of UID forms, a la team Anna burning copies of the draft Lokpal bill.</p>
<p>Prathamesh, a scholar, said: “UID is not going to solve problems of leakages. The government should universalise the PDS system to control misuse of subsidised foodgrain that find their way to restaurants. The project is fraught with loopholes and doesn’t have statutory backing. I will burn copies of the forms.”</p>
<p>Prathamesh added that the UID project was the brainwave of software companies who do not have a regular stream of revenue.</p>
<p>Even IISc alumni are putting up a fight. One of them who participated in the protest said, “I will not register. The programme does not have statutory backing. It is still in parliament. First, they said it was voluntary. Now, they are trying to link it to banks, LPG connections and other utilities.”</p>
<p>Sethi added, “A few people have approached the court. We will decide the next course of action.”</p>
<p>There are others who have doubts. Consumer activist Chandrasekhar of Malle-swaram feels that he needs to clarify all his doubts before enrolling. “I spoke with the officials. They told me it was voluntary. But now, it looks like they are linking it with other utilities.”</p>
<blockquote class="webkit-indent-blockquote">
<p>Nishant Shah, director, research, Centre for Internet Society, said, "We need to check for three issues: data retention, data protection and data privacy. Only after these issues are resolved can we have a UID for every citizen." </p>
</blockquote>
<p><span class="Apple-style-span">This article by Sameer Ranjan Bakshi was published in the Bangalore Mirror on August 23, 2011. The original story can be read <a class="external-link" href="http://www.bangaloremirror.com/article/10/20110823201108230010571621d4f13b8/IISc-students-boycott-UID-don%E2%80%99t-want-Big-Brother-to-keep-watch.html">here</a>.</span></p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/iisc-students-boycott-uid'>http://editors.cis-india.org/news/iisc-students-boycott-uid</a>
</p>
No publisherpraskrishnaInternet GovernancePrivacy2011-08-23T08:24:14ZNews ItemIn the Right Circle
http://editors.cis-india.org/news/right-circle
<b>I’ve been on Google Plus for a few weeks now. In the beginning, it felt like showing up early at a much-talked-up party. There was a small scatter of people, poking around, examining the place, making preliminary conversation with the few others they knew. Most of the talk was, unsurprisingly, about Google Plus. </b>
<p>Unlike the crash-bang disaster of Google Buzz, its awkward attempt at social networking that alienated most users by publicly exposing their contact list, and then proceeded from error to error, Google Plus has been a low-key, careful affair.</p>
<p>In the first two weeks, Google calibrated entry, depending on its capacity — letting early adopters and "power users" examine the platform and tell them what’s missing, and what works.</p>
<p>Google Plus mimics the real world, where people interact in clusters, and relate outwards in concentric circles of trust, rather than Facebook’s megaphone model. You drag and drop people into different circles, and can either mark individual posts to specific circles and combinations (‘family’ ‘college buddies’, ‘artsy types’), or make them public to everyone. You can catch up on these circles separately, and toggle between your many worlds, or choose to read the great river of updates on your “public" stream. Google Plus shows you a civilised way of arranging your acquaintances, avoiding that playground-level, plaintive, Facebook question: "why am I in your limited profile?"</p>
<p>In concept, Facebook also lets you slice your social world with friend lists, but it’s a tedious labour that few have undertaken. Design is everything — and Facebook was clearly not built for such fine-grained customisation, because everything about its default settings pointed the other way. In fact, its young CEO Mark Zuckerberg seemed to think an attachment to privacy was some faintly embarrassing, vestigial trait — the sooner we accept its obsolescence, the better.</p>
<p>Facebook has a remarkably flat view of friendship. If your Facebook friends are too wide and various, it can make you clam up, conscious of what a few people might think. Most people, as social media scholar danah boyd has noted, tend to focus on a part of their network, mentally blocking out the rest.</p>
<p>"I’d like to have separate interactions with my mother, my friends, my students and my university colleagues without bombarding my colleagues with my vacation pictures or boring my mother with research chatter," says Mallesh Pai, an academic who works on the economics of the internet. "Plus actually lets me do that."</p>
<p>Facebook works with the fiction that there is a single self you present to the world – while, in fact, you are a posse of selves. You might be the naïve seeker in some contexts, the voice of authority in others. In the real world, you read others by their voice and expression, factor in their situations, and modulate your own speech accordingly. But in Facebookland, you talk at an invisible audience. The problem of “collapsed contexts”, and the anxiety of audience is Facebook’s most obvious flaw, and Google Plus has focused squarely on that aspect. It obviously works best for those who are acutely aware of social role-play and judgment. Many people may claim not to care about finessing their personalities to different audiences, or see the point of migrating to a new platform —but once you wrap your head around the rich, real-world aspect of Google Plus, it’s hard to imagine why you’d want to stay on Facebook.</p>
<p>But it’s not just Facebook that Plus directly takes on — Twitter could also take a direct hit. The “following” circle lets you add people you don’t know personally, and see all their public posts. “Sometimes, it’s weird to realise you’re being followed by so many people you don’t know, but like on Twitter, it seems like too much effort to edit the list. Thankfully, there aren’t any spambots on Plus yet,” says Pranesh Prakash, a lawyer and policy advocate at the Bangalore-based Centre for Internet and Society. There’s no arbitrary 140-character limit, and there are coherent threads of conversation — in fact, the level of visible engagement on Plus makes Twitter look like “a boring RSS reader”, as someone observed.</p>
<p>Apart from the Facebook and Twitter-type uses, Google Plus comes with a standout feature that’s all its own: Hangouts, spontaneous video chatting with up to 10 people. You start a hangout, and anyone may drop in to talk for a bit. “It’s trying to replicate the sort of gathering you have in a coffee shop, just drop in and chat about the news or whatever,” says Pai. It’s so obviously useful that Dell is reportedly considering dropping traditional customer service calls and choosing to hang out with Google instead. Yes, Facebook has recently teamed up with Skype in a self-declared "awesome" move — but Skype still makes you pay for multi-way video conferencing, and doesn’t offer the serendipitous pleasures of Hangout yet.</p>
<p>Then there is Sparks, Google Plus’s attempt to push the right content at you – you pick from a variety of interests, and Google supplies a steady scroll of interesting links. Given how much info the company has on people, Sparks could become eerily spot-on.</p>
<p>In fact, the chief problem with Google Plus may be that it tries to cram in too much, leaving users overwhelmed. The bewildering array of buttons and options may put off some, and right now, it’s difficult to control the signal-to-noise ratio. “It’s definitely not as over-complicated as Google Wave, which nobody could really figure out” says Pai. “And honestly, it would be difficult to imagine the kind of functionality that Plus provides being delivered in any other way.” Then there are some who are sceptical of Circles — saying that greater granularity isn’t going to take away the dilemmas of talking to a group. They predict that once the novelty wears off and Google Plus expands, you’ll be struggling to edit and divide your circles, and to pitch yourself right.</p>
<p>So will Google Plus lure 750 million-plus Facebook and Twitter users away? "Don’t underestimate Facebook’s network benefits," says Prakash. “When I first went online in 1996, the first thing to do was to create an email address. Now the first thing that people do to mark an online entry is to create a Facebook account”.</p>
<p>Besides, Google may not want to supplant Facebook as much as master an arena it has so far sucked at – the social world. As Pranesh Prakash says, “it’s not about competition with Facebook, as much as trying to improve Google’s own services, bring them together into a seamless whole and better understand its users.” Making social life machine-readable would obviously be the next big jackpot for Google, and it appears determined to invest the time, resources and effort to getting it exactly right. As Shimrit Ben-Yair, product manager of the social graph at Google told Wired magazine’s Stephen Levy, Google Plus could be a revolutionary service if it hits the sweet spot between Facebook oversharing and Twitter undersharing.</p>
<p>Besides, most would agree that a spot of vigorous competition would be good for Facebook, which has played fast and loose with privacy policy — changing its defaults, and then reacting to the outcry that follows. "For too long, it was the only game in town. Facebook has innovated more in the three weeks that Plus has been around, than in a lon time," says Pai.</p>
<p>So far, Google Plus has been extra-solicitous of privacy, and adjusted on the fly to field testers’ feedback. It has jumped to attend to mistakes – like responding to complaints that a user’s gender should not be publicly available. When someone pointed out that even limited posts could be reshared by others, that technical hole was immediately plugged. "It’s very heartening to see that they’ve learnt from the mistakes of Facebook and Buzz," says Prakash. Unlike Facebook’s possessiveness about your information and pictures, Google’s Data Liberation policy is explicitly committed to letting you erase all personal traces whenever you want, and free yourself from any product.</p>
<p>But as Prakash cautions, "Google may not have a coherent view of privacy across all its products — for all Google Plus’s delicacy and tact, Google Street View may have different ideas about what is acceptable." There are many who find it unnerving that a revenue-driven, publicly traded company should be the master switch of our information economy. Given Google’s girth and dominance, competitors can’t realistically wrest attention away, after a certain point.</p>
<p>"Google is bigger because it’s better and better because it’s bigger", writes Siva Vaidyanathan in The Googlization of Everything. Google Plus, then, marks another large advance in the company’s stated mission to organise the world’s information. Even Pai admits that “if a new mail application came along, it would have to offer so much more than Google for me to consider shifting – given how Gmail does everything, syncs my calendar, knows my friends." But then again, he says, “Let’s judge Google not on what we think it is, but what it does. Everything that’s too big in a bad way, even those considered invincible, gets stopped eventually. Right now, I’m reading about Murdoch’s undoing with great glee – a few weeks back, who would have imagined that?" </p>
<div class="pullquote">This article by Amulya Gopalakrishnan was published in the Indian Express on July 24, 2011. The original story can be read<a class="external-link" href="http://www.indianexpress.com/story-print/819917/"> here</a></div>
<p>
For more details visit <a href='http://editors.cis-india.org/news/right-circle'>http://editors.cis-india.org/news/right-circle</a>
</p>
No publisherpraskrishnaInternet GovernancePrivacy2011-08-23T07:40:57ZNews ItemWhole Body Imaging and Privacy Concerns that Follow
http://editors.cis-india.org/internet-governance/blog/privacy_wholebodyimagingcomparison
<b>Law student at the National University of Juridical Sciences, and intern for Privacy India, Srishti Goyal compares, contrasts, and critiques the Whole Body Imaging practices found in the US, the UK, and Australia, and makes recommendations for an Indian regime. </b>
<h3>Introduction</h3>
<p>Whole Body Imaging has been introduced in many countries in light of growing security concerns, two examples in particular being the attack on the twin towers in USA, and what is commonly known as the Christmas Bomb (A man by the name of Umar Farouk Abdulmutallab tried to detonate a bomb on a flight from Amsterdam as it was about to land in Detroit.) Despite the security concerns that have motivated the implementation of Whole Body Imaging, there are also many concerns that have prevented the full fledged application of this technology. Opponents to the technology have stated that the full body scanner would expose travelers to harmful radiation and is thus a health hazard. Others have stated that these digital strip searches (as they are popularly known) will violate child pornography laws. Some, who are trying to encourage the use of full body scanners, are of the opinion that it is better to opt for a whole body scan as the “pat down” searches are more invasive in nature. There are also the concerns that persons may be singled out on the basis of their color and ethnicity. The scope of research for this particular paper is limited to the extent of the privacy concerns that have arisen in light of the use of the technology in order to achieve better security. The question that forms the crux of the debate is: should ones personal privacy be compromised in order to ensure security for one and all? The primary reason why whole body scanners are said to breach privacy is because of the invasive nature of the images produced, which can be detailed enough to show genitalia of the person being scanned.<br />Learning from the experience of other nations that have already implemented the use of Whole Body Imaging” we can decide what policies India should have in place and most importantly whether or not India realistically has a use for this technology. <br />Adequate privacy, it is said, is obtained when the restriction on access to persons and personal information allows a person not to be subjected to intrusion and public exposure [<a href="#1">1</a>]. Full body scanners can be called intrusive because in effect they allow the government to carry out strip searches by using technology to remove clothes instead of physically doing the same. Apart from this there are other concerns. For instance there have been instances when these images have been saved and have been uploaded on the internet [<a href="#2">2</a>]. In Lagos these images have been used as pornographic material. There is also a cause of concern amongst transgender who do not feel comfortable in revealing their gender which is different from the gender that they portray[<a href="#3">3</a>] and they are of the opinion that this information could lead to harassment. Since the scanners can detect medical equipment people who use colostomy bags and catheters which are otherwise hidden may find these scans embarrassing [<a href="#4">4</a>].</p>
<h3>USA</h3>
<p>In the U.S, Whole Body Imaging was introduced in light of the growing concerns with regard to security at airports and terrorist attacks. The Transportation Security Administration is responsible for monitoring security at the airport. The TSA has thus introduced Full Body Scanners at airports. In order to address the privacy concerns that have been raised the TSA has taken the following steps:</p>
<ul><li> Ensuring that the Security officer who is privy to the scan is not the same as the officer interacting with the person who is being scanned. </li><li>The TSA has also stated that personally identifiable information will not be stored and distributed.[<a href="#5">5</a>] </li><li>Another step towards safeguarding the privacy of the passengers has been to blur the faces of the person being scanned.[<a href="#6">6</a>]</li></ul>
<p> Though the TSA has taken various steps to ensure the privacy of individuals, one can argue that these measures are not without loopholes. The fact that the Security Officer looking at the scan and the Security officer handling the passenger are different does not do away with this invasion of privacy. There is also the added concern that these images may be uploaded on the internet, which in fact has already been done. The release and collection of these images is in contravention of the Privacy Act of 1974 that governs the collection, maintenance, use and dissemination of personal identifiable information about individuals which in the possession of the federal agencies. The TSA assures that the images will not be retained, but the fact is that the machines have been programmed such as to enable retention of images, if the same has been disable, it can be tampered with. Lastly, on the point of blurring of faces, it is a software fix and can be undone as easily as the application of the software. The TSA in its Privacy impact Assessment report had listed down that full body scanning would initially be a secondary screening measure. What this means is that everyone goes through one level of security screening and if one is randomly selected or the security has reason to suspect a passenger, the passenger can be called for a second level of screening. At which point the passengers will undergo full body scanning.<br /> A federal judge in California, in 1976 said that the laws of privacy “encompass the individual's regard for his own dignity; his resistance to humiliation and embarrassment; his privilege against unwanted exposure of his nude body and bodily functions." As already stated, these body scanners lead to situations that can be embarrassing, do lead to unwanted exposure of body, and can lead to situation where the person scanned could be humiliated (as in the case of transgender and other persons with catheters and colostomy bags). The Electronic Privacy Information Center is a non-profit group that was established to focus attention on civil liberties issue. EPIC challenged the constitutional validity of full body scanning, claiming that the same violated the fourth amendment [<a href="#9">9</a>]. The amendment guards against unlawful searches and seizures. In the case of whole body imaging, travelers are subjected to “invasive searches” without any suspicion that they did anything wrong, and without being informed of the reason he/she is being subjected to a search of such a nature. [<a href="#10">10</a>] The latest is the use of this technology in courthouses in Florida and at train stations. </p>
<h3>UK</h3>
<p>In the UK if a passenger is selected for full body scanning, the passenger must comply [<a href="#11">11</a>]. The passenger is forbidden from flying if he or she refuses to the scanning process and cannot ask for an alternate screening process [<a href="#12">12</a>] Unlike the US in the UK the option of a pat-down search is not available. The steps taken to protect the privacy of the passengers are the same as practiced in the US.</p>
<ul><li>The images of the passengers are not retained </li><li>The images are produce in such a manner that the Security officer cannot recognize the person.</li></ul>
<p>A major concern in UK is the violation of child pornography laws that do not allow the creation of indecent images of a child. However, a rule that would have exempted persons under the age of 18 from full body scans was overturned by the government in the UK [<a href="#13">13</a>]. Gordon Brown the Prime Minister of UK in 2010 gave permission for the use of full body scanners at the airports. BAA Ltd, which operates six airports in UK (including the Heathrow Airport) has undertaken the installation of these scanners at its airports. In general, the security at the airports comes under the ambit of the Homeland Security and the department will be supervising the installation of the machines. Lord Adonis, the Transport Secretary, confirmed the new policy in a written parliamentary statement, saying that the scanners would help security staff to detect explosives or other dangerous items [<a href="#14">14</a>].</p>
<p>One of the major opponents of Whole Body Imaging has been the Equality and Human Right Commission (EHRC), which is of the opinion that the use of this technology would breach the privacy rules under the Human Rights Act [<a href="#15">15</a>]. The move to use this technology has raised concerns about the excessive collection of personal data. Big Brother Watch, a campaign that fights intrusion on privacy and protects liberties of people, started an online movement that opposes and raises concerns with full body scanning. It has also listed down all the airports around the world that are using (or are going to be using) this technology [<a href="#16">16</a>]. The only group that has openly welcomed this move of the government has been the Liberal Democrats [<a href="#17">17</a>]. The British Department of Transport has published an Interim Code of Practice covering the privacy, health and safety, data protection and equality issues associated with the use of body scanners. The Code calls for the implementation of detailed security standards and for an effective privacy policy to be put in place by airport operators.</p>
<p>The privacy policy should include as a minimum:</p>
<ul><li>rules regarding the location of the equipment;</li><li> A process for identifying who will read the screen (i.e., a person of the same sex as the person selected for scanning);</li><li>A process for selecting passengers (passengers must not be selected on the basis of personal characteristics such as, gender, age, race or ethnic origin);</li><li>Prohibition on copying or transferring the images in any way;</li><li>Instructions for the images of the passenger to be destroyed and rendered irretrievable once the image has been analyzed; and</li><li>A process to call on an appropriate Security Officer if an image suggests there is a viable threat to passenger or staff security.</li></ul>
<p>The BodyScanner Task Force was established by the European Commission to publish an impact assessment report and to advise the commission, but the task force has yet to publish its report with specific legislative proposals [<a href="#18">18</a>]. </p>
<p>Concerns in the UK also arose in light of a response of a judge to a complaint by the Electronic Privacy Information Centre (based in Washington). The judge stated that the Department of Homeland Security (USA) would be allowed to keep images of individuals screened at the airport [<a href="#19">19</a>]. This raises concerns amongst activists as to which images can and which images cannot be saved by the airport authorities.</p>
<h3>Australia</h3>
<p>Post the attempted attack on Christmas Day, pressure on countries such as Australia increased to make use of whole body imaging technology. However, the Association of Asia Pacific Airliners, an association of the international carriers servicing in Australia, criticised the use of full body scanners [<a href="#20">20</a>]. Apart from the privacy concerns, that people all over the world share, another aspect that is cause for concern in Australia is the increase in traveling cost. The machines used for whole body imaging is extremely expensive, and thus the question posed time and again in Australia is if it will be economically viable to make use of this technology?[<a href="#21">21</a>] The Queensland Council for civil liberties has opposed the use of this Advance Imaging Technology (AIT) and has stated that passengers should be allowed to refuse being scanned and should be allowed to opt for a pat down. Kevin Rudd (the Prime Minister of Australia at the time of implementation of this technology) had taken note of the privacy concerns and assured that such measure would be undertaken that would mitigate these concerns. Currently, Body scanners are installed at the international airports in Australia. The transport minister has said that the images produced would be stick figures and not naked images [<a href="#22">22</a>]. This move has been taken in light of the back clash that body scanners faced in the USA. Changes regarding whole body imaging have been referred to the Privacy Commissioner in order to ensure that privacy is not intruded. Namely, Full Body screening will not be applied to all the passengers - instead passengers will either be randomly selected or will be selected on the basis of their profiles [<a href="#23">23</a>].</p>
<h3>India</h3>
<p>Currently in India whole body scanners can be found at the Delhi International Airport [<a href="#24">24</a>]. Thus, debate and discussion about the use of these scanners has not gained much momentum in India. It would be advisable that when framing legislation or guidelines to govern full body scanners, India incorporates the experiences of other nations who have already started the use of this technology.</p>
<p>Generally speaking it seems as though the use of a full body scanner would not be recommendable for the Indian scenario. It has already been seen that these scans are not very effective in detecting plastic and fluids [<a href="#25">25</a>]. Additionally the scanner only shows objects that are on the body and not in the body. Thus, the effectiveness of these scanners is questionable (especially considering it cannot detect plastics and light fluids) [<a href="#26">26</a>]. Additionally, in India the demographic using these scanners would be very different from the people using these scanners in other countries. For instance, it has been pointed out that the interest of Muslim women has not been taken into account when introducing this method of screening. Apart from personal privacy issues there are religious issues that arise, and though the instances of the same maybe far apart in other nations, in India the same will act as a hindrance on a daily basis. If not dealt with delicately this can be a major cause of concern that will have far reaching ramifications. Furthermore, one cannot stress enough the cost that will be involved with the implementation of these scanners. These scanners are extremely expensive and require trained Security Officers to operate them. Additionally, what the scanners seek to accomplish can be achieved by insuring that the pat-downs are carried out properly. But there is a caveat that must be mentioned here. In US, one is allowed to choose between a pat-down and a body scanner. There have been instances when these pat-downs have been more intrusive than the body scanners. Thus, there should be guidelines in place as to how these pat-downs should be carried out. The guidelines should specify actions that the Security Officials would not be allowed to carry out.</p>
<p>Lastly, even if India decided to adopt the full body scanners, considering it helps save time and takes only 15 seconds to complete, it should not be used as a primary screening method. Hypothetically, if body scanners are used as a secondary screening process, alternate screening processes should be available if the passenger does not wish to subject himself/ herself to the scan. But then the question is why should the government invest so much in an expensive technology which the passengers can easily avoid?</p>
<p> </p>
<h3>Bibliography:</h3>
<p> <br /><a name="1">[1].A Companion to Philosophy of Law and Legal Theory, Constitutional Law and Privacy, Anita. L. Allen Pg 147.</a></p>
<p><a name="2">[2]</a><a href=".http://gizmodo.com/5690749/these-are-the-first-100-leaked-body-scans">.http://gizmodo.com/5690749/these-are-the-first-100-leaked-body-scans.</a></p>
<p><a name="3">[3]</a>.<a href="http://www.airlinereporter.com/2010/08/we-do-not-have-all-the-same-body-parts-and-body-scanners-violates-your-privacy/"> Available at http://www.airlinereporter.com/2010/08/we-do-not-have-all-the-same-body-parts-and-body-scanners-violates-your-privacy/.</a></p>
<p><a name="4">[4]</a><a href=".http://www.aclu.org/technology-and-liberty/aclu-backgrounder-body-scanners-and-virtual-strip-searchers">.http://www.aclu.org/technology-and-liberty/aclu-backgrounder-body-scanners-and-virtual-strip-searchers.</a></p>
<p><a name="5">[5]</a>.<a href="http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_tsa_wbi.pdf">Privacy impact assessment report. Available at - http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_tsa_wbi.pdf.</a></p>
<p><a name="6">[6]</a><a href="http://www.aclu.org/technology-and-liberty/aclu-backgrounder-body-scanners-and-virtual-strip-searches">.http://www.aclu.org/technology-and-liberty/aclu-backgrounder-body-scanners-and-virtual-strip-searches.</a></p>
<p><a name="7">[7].</a><a href="http://travel.usatoday.com/flights/2010-07-13-1Abodyscans13_ST_N.htm">http://travel.usatoday.com/flights/2010-07-13-1Abodyscans13_ST_N.htm .</a></p>
<p><a name="8">[8]</a><a href="http://editors.cis-india.org/internet-governance/blog/">.http://www.stopdigitalstripsearches.org/.</a></p>
<p><a name="9">[9].</a><a href="http://epic.org/privac/airtravel/backscatter/"> http://epic.org/privac/airtravel/backscatter/.</a></p>
<p><a name="10">[10]</a><a href="http://www.dailymail.co.uk/news/article-2012249/TSA-scanners-catch-implant-bomber-admit-officials.html?ito=feeds-newsxml">.http://www.dailymail.co.uk/news/article-2012249/TSA-scanners-catch-implant-bomber-admit-officials.html?ito=feeds-newsxml.</a></p>
<p><a name="11">[11]</a><a href="http://news.bbc.co.uk/2/hi/uk_news/8490860.stm">.http://news.bbc.co.uk/2/hi/uk_news/8490860.stm.</a></p>
<p><a name="12">[12]</a><a href="http://www.bigbrotherwatch.org.uk/home/2010/03/body-scanner-refuseniks.html">.http://www.bigbrotherwatch.org.uk/home/2010/03/body-scanner-refuseniks.html.</a></p>
<p><a name="13">[13]</a><a href="http://news.bbc.co.uk/2/hi/uk_news/8490860.stm">.http://news.bbc.co.uk/2/hi/uk_news/8490860.stm.</a></p>
<p><a name="14">[14].</a><a href="http://www.timesonline.co.uk/tol/news/uk/article7011224.ece">http://www.timesonline.co.uk/tol/news/uk/article7011224.ece.</a></p>
<p><a name="15">[15].</a><a href="http://www.timesonline.co.uk/tol/news/politics/article6990990.ece">http://www.timesonline.co.uk/tol/news/politics/article6990990.ece.</a></p>
<p><a name="16">[16]</a><a href="http://www.bigbrotherwatch.org.uk/home/2010/06/airports-with-body-scanners.html">.http://www.bigbrotherwatch.org.uk/home/2010/06/airports-with-body-scanners.html.</a></p>
<p><a name="17">[17]</a><a href="http://news.bbc.co.uk/2/hi/8438355.stm">.http://news.bbc.co.uk/2/hi/8438355.stm.</a></p>
<p><a name="18">[18]</a><a href="http://www.huntonprivacyblog.com/2010/02/articles/european-union-1/uk-airports-implement-compulsory-use-of-full-body-scanners/">.http://www.huntonprivacyblog.com/2010/02/articles/european-union-1/uk-airports-implement-compulsory-use-of-full-body-scanners/.</a></p>
<p><a name="19">[19]</a><a href="http://www.bigbrotherwatch.org.uk/home/2011/01/judge-blocks-investigations-into-body-scanners.html">.http://www.bigbrotherwatch.org.uk/home/2011/01/judge-blocks-investigations-into-body-scanners.html.</a></p>
<p><a name="20">[20].</a><a href="http://www.theaustralian.com.au/travel/backlash-to-airport-body-scans/story-e6frg8rf-1225817485755">http://www.theaustralian.com.au/travel/backlash-to-airport-body-scans/story-e6frg8rf-1225817485755.</a></p>
<p><a name="21">[21].</a><a href="http://www.sbs.com.au/news/article/1190826/full-body-scanners-to-be-introduced-at-airports">http://www.sbs.com.au/news/article/1190826/full-body-scanners-to-be-introduced-at-airports.</a></p>
<p><a name="22">[22].</a><a href="http://www.theage.com.au/travel/travel-news/fullbody-airport-scans-part-of-security-revamp-20100209-npqo.html">http://www.theage.com.au/travel/travel-news/fullbody-airport-scans-part-of-security-revamp-20100209-npqo.html.</a></p>
<p><a name="23">[23].</a><a href="http://www.theage.com.au/travel/travel-news/fullbody-airport-scans-part-of-security-revamp-20100209-npqo.html">http://www.theage.com.au/travel/travel-news/fullbody-airport-scans-part-of-security-revamp-20100209-npqo.html.</a></p>
<p><a name="24">[24].</a><a href="http://www.bigbrotherwatch.org.uk/home/2010/06/airports-with-body-scanners.html">List of Airports with full body scanners. Available at http://www.bigbrotherwatch.org.uk/home/2010/06/airports-with-body-scanners.html.</a></p>
<p><a name="25">[25].</a><a href="http://www.independent.co.uk/news/uk/home-news/are-planned-airport-scanners-just-a-scam-1856175.html">http://www.independent.co.uk/news/uk/home-news/are-planned-airport-scanners-just-a-scam-1856175.html.</a></p>
<p><a name="26">[26].</a><a href="http://www.bigbrotherwatch.org.uk/home/2010/01/invasion-of-the-body-scanners.html">http://www.bigbrotherwatch.org.uk/home/2010/01/invasion-of-the-body-scanners.html.</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/privacy_wholebodyimagingcomparison'>http://editors.cis-india.org/internet-governance/blog/privacy_wholebodyimagingcomparison</a>
</p>
No publisherSrishti GoyalInternet GovernancePrivacy2011-09-29T05:38:00ZBlog EntryIP Addresses and Expeditious Disclosure of Identity in India
http://editors.cis-india.org/internet-governance/ip-addresses-and-identity-disclosures
<b>In this research, Prashant Iyengar reviews the statutory mechanism regulating the retention and disclosure of IP addresses by Internet companies in India. Prashant provides a compilation of anecdotes on how law enforcement authorities in India have used IP address information to trace individuals responsible for particular crimes.</b>
<p>Over the past decade, with the rise in numbers of users, the internet has become an extremely fraught site that has been frequently used in India for the perpetration of a range of 'cyber crimes' — from extortion to defamation to financial fraud. In a revealing statistic, in 2010, the Mumbai police reportedly "received 771 complaints about internet-related offences, 319 of which were from women who were the victims of fake profiles, online upload of private photographs and obscene emails."[<a href="#1">1</a>]</p>
<p>Law enforcement authorities in India have not exactly lagged behind in bringing these new age cyber criminals to book, and have installed special ‘Cyber crime cells’ in different cities to combat crimes on the internet. These cells have been particularly adept at using IP Addresses information to trace individuals responsible for crimes. Very briefly, an Internet Protocol address (IP address) is a numeric label – a set of four numbers (Eg. 202.54.30.1) - that is assigned to every device (e.g., computer, printer) participating on the internet. [<a href="#2">2</a>] Website operators and ISPs typically maintain data logs that track the online activity of each IP address that accesses their services. Although IP Addresses refer to particular computers – not necessarily individual users – it is possible to trace these addresses backwards to expose the individual behind the computer. [<a href="#3">3</a>] As even a casual Google search with the phrase “IP, police, India” would reveal, police authorities in different cities in India have been quite successful in employing this technology to trace culprits.</p>
<p>However, along with its utility in the detection of crime, the tracking of persons by their IP addresses is potentially invasive of individuals’ privacy. In the absence of a culture of strict adherence to the ‘rule of law’ by the police apparatus in India, the unbridled ability to track persons through IP addresses has the potential of becoming an extremely oppressive tool of surveillance.</p>
<p>In this short note, we review the statutory mechanism regulating the retention and disclosure of IP addresses by internet companies in India. In order to provide context, we begin with a compilation of anecdotes on how various law enforcement authorities in India have used IP address information to trace individuals responsible for particular crimes.</p>
<h3>Examples of use and abuse by Indian authorities</h3>
<p>As mentioned above, the online media has been humming with stories which indicate the extent to which IP Addresses has become a useful and frequently deployed weapon in the arsenal of law enforcement agencies:</p>
<ul>
<li>In May 2010, an Army officer stationed in Mumbai was arrested for distributing child pornography from his computer. [<a href="#4">4</a>] He was traced by the Mumbai Police after the German Federal Police alerted Interpol that objectionable pictures were being uploaded from the IP address he was using. </li>
<li>In February 2011, Cyber Crime Police in Mumbai sought IP address details of a user who had posted ‘Anti Ambedkarite’ content on Facebook – the popular social networking site. [<a href="#5">5</a>]</li>
<li>In February 2008, internet search company Google was ordered by the Bombay High Court to reveal "particulars, names and the address of the person" who had posted defamatory content against a company on Google’s blogging service Blogger.[<a href="#6">6</a>]</li>
<li>In September 2009, a man was arrested by the Delhi Police in Mumbai for blackmailing classical musician Anoushka Shankar. The culprit had allegedly hacked into her email account and downloaded copies of personal photographs. He was traced by using his IP address.[<a href="#7">7</a>]</li>
<li>In April 2010, Gurgaon Police arrested a teenage boy for allegedly posting obscene messages about an actress on Facebook. The newspaper account reports that "During investigations, the police browsed through several service providers and finally zeroed in on BSNL, which helped them trace the sender's IP address to someone called 'Manoj Gupta' in Gurgaon. A team of policemen were sent to Gurgaon but the personnel found out that Manoj Gupta was fictitious name which the teenager was using in his IP address. The police arrested the accused as well as seized the hardisk of his personal computer." [<a href="#8">8</a>]</li>
<li>In February 2011, the police traced a missing boy who had run away from home, by following the IP address trail he left when he updated his Facebook profile status. [<a href="#9">9</a>]</li>
</ul>
<p>What is clearly evident from these accounts is a growing awareness and enthusiasm on the part of Indian law enforcement agencies to use IP address trails as a routine part of their criminal investigative process. While this is not unwelcome, considering the kinds of grievances listed above and the backdrop a dismal record of criminal enforcement in India, there is also a flip side. In a shocking incident in August 2007, Lakshmana Kailash. a techie from Bangalore was arrested on the suspicion of having posted insulting images of Chhatrapati Shivaji, a major historical figure in the state of Maharashtra, on the social-networking site Orkut. [<a href="#10">10</a>] The police identified him based on IP address details obtained from Google and Airtel – Lakshmana’s ISP. He was brought to Pune and jailed for 50 days before it was discovered that the IP address provided by Airtel was erroneous. The mistake was evidently due to the fact that while requesting information from Airtel, the police had not properly specified whether the suspect had posted the content at 1:15 p.m. or a.m.</p>
<p>Taking cognizance of his plight from newspaper accounts, the State Human Rights Commission subsequently ordered the company to pay Rs 2 lakh to Lakshmana as damages.[<a href="#11">11</a>] This incident sounds a cautionary note, amidst so many celebratory accounts, signalling that grave human rights abuses could result from the unchecked use of this technology.</p>
<p>These are just seven out of scores of instances of Indian investigative authorities tracing culprits using IP addresses. The crimes range from blackmail to impersonation, to defamation to planning terror attacks. Seldom in these cases has a court order actually been required by the agency that discloses the IP address of the individual.[<a href="#12">12</a>] Clearly there seems to be a very easy relation between law enforcement agencies in India one the one hand, and Internet Service Providers and online services such as Google and Facebook on the other.</p>
<p>Google’s own ‘Transparency Report’[<a href="#13">13</a>] which provides statistics on the number of instances where Governments agencies have approached the company demanding information or take-down, states that that it received close to 1700 ‘data requests’ from Indian authorities between January to June 2010 – ranking India 3rd globally in terms of such requests behind the United States and Brazil. That a high percentage – 79% - of these requests have been complied with indicate that within a short span of time, ‘Indian authorities’ have discovered in Google, a reliable and pliable ally in seeking information about their subjects. In 2007, Orkut -a social-networking site owned by Google- even entered into a co-operation agreement with the Mumbai police in terms of which “'forums' and 'communities'” which contained “defamatory or inflammatory content” would be blocked and the IP addresses from which such content has been generated would be disclosed to the police. [<a href="#15">15</a>]</p>
<p>Although similar transparency reports are not forthcoming from the other Internet giants such as Yahoo or Facebook, one may presume that this co-operation has not been withheld by them. [<a href="#16">16</a>]</p>
<p>In the sections that follow, we outline the legal framework that facilitates this co-operation between law enforcement authorities and web service providers.</p>
<h3>Lawful disclosure of IP Addresses</h3>
<p>In this section, we are seeking a legal source for the compulsion of ISPs and intermediaries (including websites) to disclose IP Address data. Are there guidelines in Indian law on how much information must be disclosed, under what circumstances and for how long?</p>
<p>Broadly, there are four sources to which we may trace this regime of disclosure and co-operation. Firstly, ISPs are required, under the operating license they are issued under the Telegraph Act, to provide assistance to law enforcement authorities. Secondly, the Information Technology Act contains provisions which empower law enforcement authorities to compel information from those in charge of any ‘computer resources’. Reciprocally, ‘intermediaries’ – including ISPs and websites - are charged under new Rules under the IT Act with co-operating with government agencies on pain of exposure to financial liability. Thirdly, the Code of Criminal Procedure defines the scope of police powers of investigation which include powers to interrogate and summon information and Fourthly, individual subscribers enter into contracts with ISPs and web services which do not offer any stiff assurances of privacy with regard to the IP Address details.</p>
<p>The sections that follow offer greater detail on each of these areas of the law.</p>
<h3>Monitoring of internet users under the ISP licenses</h3>
<p>ISPs are regulated and operate under a license issued under the Telegraph Act 1885. Section 5 of the Telegraph Act empowers the Government to take possession of ‘licensed telegraphs’ and to order interception of messages in cases of ‘public emergency’ or ‘in the interest of the public safety’. Interception may only be carried out pursuant to a written order by an officer specifically empowered for this purpose by the State/Central Government. The officer must be satisfied that “it is necessary or expedient so to do in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of an offence."</p>
<p>Although the statute governs the actions of ISPs in a general way, more detailed guidelines regulating their behaviour are contained in the terms of the licenses issued to them which set out the conditions under which they are permitted to conduct business. The Internet Services License Agreement (which authorizes ISPs to function in India) contains provisions requiring telecom operators to safeguard the privacy of their consumers or to co-operate with government agencies when required to do so. Some of the important clauses in this agreement are:</p>
<ul>
<li>Part VI of the License Agreement gives the Government the right to inspect/monitor the ISPs systems. The ISP is responsible for making facilities available for such interception. </li>
<li>Clause 32 under Part VI contains provisions mandating the confidentiality of information held by ISPs. These provisions hold ISPs responsible for the protection of privacy of communication, and to ensure that unauthorised interception of message does not take place. Towards this, ISPs are required:</li>
</ul>
<ol>
<li>to take all necessary steps to safeguard the privacy and confidentiality of any information about a third party and their business to whom they provide service and from whom they have acquired such information by virtue of those service and shall use their best endeavours to secure that :</li>
<li>to ensure that no person acting on behalf of the ISPs divulge or uses any such information except as may be necessary in the course of providing such service to the Third Party; and</li>
<li>This safeguard however does not apply where (i) The information relates to a specific party and that party has consented in writing to such information being divulged or used, and such information is divulged or used in accordance with the terms of that consent; or (ii) The information is already open to the public and otherwise known.</li>
<li>To take necessary steps to ensure that any person(s) acting on their behalf observe confidentiality of customer information.</li>
</ol>
<div>
<ul>
<li>Clause 33.4 makes it the responsibility of the ISP to trace nuisance, obnoxious or malicious calls, messages or communications transported through its equipment.</li>
<li>Clause 34.8 requires ISPs to maintain a log of all users connected and the service they are using (mail, telnet, http etc.). The ISPs must also log every outward login or telnet through their computers. These logs, as well as copies of all the packets originating from the Customer Premises Equipment (CPE) of the ISP, must be available in REAL TIME to Telecom Authority. The Clause forbids logins where the identity of the logged-in user is not known.</li>
<li>Clause 34.12 and 34.13 requires the ISP to make available a list of all subscribers to its services on a password protected website for easy access by Government authorities. </li>
<li>Clause 34.16 requires the ISP to activate services only after verifying the bonafides of the subscribers and collecting supporting documentation. There is no regulation governing how long this information is to be retained.</li>
<li>Clause 34.22 makes it mandatory for the Licensee to make available “details of the subscribers using the service” to the Government or its representatives “at any prescribed instant”. </li>
<li>Clause 34.23 mandates that the ISP maintain "all commercial records with regard to the communications exchanged on the network” for a period of “at least one year for scrutiny by the Licensor for security reasons and may be destroyed thereafter unless directed otherwise by the licensor". </li>
<li>Clause 34.28 (viii) forbids the ISP from transferring the following information to any person/place outside India:</li>
</ul>
<div><ol>
<li>Any accounting information relating to subscriber (except for international roaming/billing) (Note: it does not restrict a statutorily required disclosure of financial nature) ; and</li>
<li>User information (except pertaining to foreign subscribers using Indian Operator’s network while roaming).</li>
</ol></div>
</div>
<div>
<ul>
<li>Clause 34.28(ix) and (x) require the ISP to provide traceable identity of their subscribers and on request by the Government must be able to provide the geographical location of any subscriber at any given time. </li>
<li>Clause 34.28(xix) stipulates that “in order to maintain the privacy of voice and data, monitoring shall only be upon authorisation by the Union Home Secretary or Home Secretaries of the States/Union Territories”. (It is unclear whether this is to operate as an overriding provision governing all other clauses as well).</li>
</ul>
</div>
<p>From the list above, it is very clear that by the terms of their licenses, ISPs are required to maintain extensive logs of user activity for unspecified periods. However, it is unclear, in practice, to what extent these requirements are being followed by ISPs. For instance, an article in the Economic Times in December 2010 [<a href="#18">18</a>] reports:</p>
<p>"The Intelligence Bureau wants internet service providers, or ISPs, to keep a record of all online activities of customers for a minimum of six months. Currently, mobile phone companies and internet service providers do not keep online logs that track the web usage pattern of their customers. They selectively monitor online activities of only those customers as required by intelligence and security agencies, explained an executive with a telecom company." (emphasis added)</p>
<p>"The Intelligence Bureau wants internet service providers, or ISPs, to keep a record of all online activities of customers for a minimum of six months. Currently, mobile phone companies and internet service providers do not keep online logs that track the web usage pattern of their customers. They selectively monitor online activities of only those customers as required by intelligence and security agencies, explained an executive with a telecom company." (emphasis added)</p>
<p>The news report goes on to disclose the ambitious plans of the Intelligence Bureau to “put in place a system that can uniquely identify any person using the internet across the country” through “a technology platform where users will have to mandatorily submit some form of an online identification or password to access the internet every time they go online, irrespective of the service provider.” Worryingly, the report goes on to discuss the setting up by the telecommunications department of “India's indigenously-built Centralised Monitoring System (CMS), which can track all communication traffic—wireless and fixed line, satellite, internet, e-mails and voice over internet protocol (VoIP) calls—and gather intelligence inputs. The centralised system, modeled on similar set-ups in several Western countries, aims to be a one-stop solution as against the current practice of running several decentralised monitoring agencies under various ministries, where each one has contrasting processing systems, technology platforms and clearance levels.” Although as of this writing, this CMS is not yet fully functional, its launch seems to be imminent and will inaugurate with it, an era of constant and continuous surveillance of all internet users.</p>
<h3>Provisions under the IT Act 2000</h3>
<p>The IT Act enables government agencies to obtain IP Address details from intermediaries, including ISPs, by following a stipulated procedure. In addition, it enjoins intermediaries to co-operate with law enforcement agencies as a part of their due-diligence behaviour.</p>
<p>In a parallel, seemingly conflicting move, the IT Act also requires intermediaries to observe stiff Data Protection norms. In the sub-sections that follow, we look at each of these various provisions under the IT Act.</p>
<h3>Interception and Monitoring of computer resources</h3>
<p>There are two regimes of interception and monitoring information under separate sections the Information Technology Act. Both would seem capable of authorising access of IP Addresses, among other information to government agencies.</p>
<p>Section 69 deals with “Power to issue directions for interception or monitoring or decryption of any information through any computer resource”.</p>
<p>In addition, the Government has been given a more generalised monitoring power under Section 69B to “monitor and collect traffic data or information generated, transmitted, received or stored in any computer resource”. This monitoring power may be used to aid a range of “purposes related to cyber security.”[<a href="#19">19</a>] “Traffic data” has been defined in the section to mean “any data identifying or purporting to identify any person, computer system or computer network or any location to or from which communication is or may be transmitted.”</p>
<p>Rules have been issued by the Central Government under both these sections which are similar, although with important distinctions. These rules stipulate the manner in which the powers conferred by the sections may be exercised.</p>
<p>The important difference between the two sections is that while Section 69 provides a mechanism whereby specific computer resources can be monitored in order to learn the contents of communications that pass through such resource, Section 69B by contrast provides a mechanism for obtaining ‘meta-data’ about all communications transacted using a computer resource over a period of time – their sources, destinations, routes, duration, time etc without actually learning the content of the messages involved. The latter type of monitoring is specifically in order to combat threats to ‘cyber security’, while the former can be invoked for a number of purposes such as the securing of public order and criminal investigation. [<a href="#21">21</a>]</p>
<p>However, this distinction is not very sharp – an interception order under Section 69 directed at a computer resource located in an ISP can yield traffic data in addition to the content of all communications. Thus for instance, if a direction was passed ordering my ISP to intercept “all communications sent or received by Prashant Iyengar”, the information obtained by such interception would include a resume of all emails exchanged, websites visited, files downloaded etc. In such a case, a separate order under Section 69B would be unnecessary. An important clue about their relative importance may lie in the different purposes for which each section may be invoked coupled with the fact that while directions under Section 69 can be issued by officers both at the central and state level, directions under Section 69B can only be issued by the Secretary of the Department of Information Technology under the Union Ministry of Communications and Information Technology. [<a href="#22">22</a>] This indicates that the collection of traffic data by the government under Section 69B is intended to facilitate the securing of India’s ‘cyber security’ from possible external threats – a Defence function – while the interception powers under Section 69 are to be exercised for more domestic purposes as aids to Police functions.</p>
<p>The rules framed under Section 69 and Section 69B contain important safeguards stipulating, inter alia, to a) Who may issue directions b) How are the directions to be executed c) The duration they remain in operation d) to whom data may be disclosed e) Confidentiality obligations of intermediaries f) Periodic oversight of interception directions by a Review Committee under the Telegraph Act g)maintenance of records of interception by intermediaries h) Mandatory destruction of information in appropriate cases.</p>
<p>Although these sections provide powerful tools of surveillance in the hands of the state, these powers may only be exercised by observing the rather tedious procedures laid down. In the absence of any data on interception orders, it is unclear to what extent these powers are in fact being used in the manner laid down. Certainly, from the instances cited in the beginning of this paper, the police departments in the various states do not seem to need to invoke these powers in order to obtain IP Address information from ISPs or websites. This information appears to be available to them merely for the asking. How do we account for this unquestioning pliancy on the part of the ISPs?</p>
<p>In February 2011, Reliance Communications, a large telecom service provider disclosed to the Supreme Court that over a hundred and fifty thousand telephones had been tapped by it between 2006 and 2010 – almost 30,000 a year. A majority of these interceptions were conducted based on orders issued from state police departments whose legal authority to issue them is suspect. New rules framed under the Telegraph Act in 2007 required such orders to be issued only by a high-ranking Secretary in the Department/Ministry of Home Affairs. [<a href="#23">23</a>] The willing compliance by Reliance with the police’s requests indicates both their own as well as the police’s blithe unawareness about the change in the regime governing tapping. Things seem to have continued just as before through pure inertia.</p>
<p>To return to the question about why ISPs comply with police requests, it is conceivable that this same inertia, and an intuitive confidence both on the part of the police and the ISPs that they would not be made to answer for their disclosures, is what explains the ready and expeditious access that ISPs give police departments to IP Address details. In the next sub-section we examine intermediary liability rules which require intermediaries to positively disclose personal information to law enforcement authorities.</p>
<h3>Data Protection Rules</h3>
<p>Section 43A of the IT Act obliges corporate bodies who ‘possess, deal or handle’ any ‘sensitive personal data’ to implement and maintain ‘reasonable’ security practices, failing which, they would be liable to compensate those affected by any negligence attributable to this failure.</p>
<p>In April 2011, the Central Government notified rules under section 43A of the Information Technology Act in order to define “sensitive personal information” and to prescribe “reasonable security practices” that body corporates must observe in relation to the information they hold. Since traffic data including IP Address data is one kind of personal information that ISPs hold, and since all ISPs are ‘body corporates’, these rules apply to them equally and define the terms on which they may deal with such information.</p>
<p>Rule 3 of these Rules designates various types of information as ‘sensitive personal information’ including passwords, medical records etc.[<a href="#25">25</a>] Significantly, for the purposes of this paper, IP address details are not included in this list.</p>
<p>Body Corporates are forbidden from collecting any information without prior consent in writing for the proposed usage. Further, Sensitive personal information may not be collected unless - (a) the information is collected for a lawful purpose connected with a function or activity of the agency; and (b) the collection of the information is necessary for that purpose. [Rule 5]</p>
<p>Rule 4 enjoins a body corporate or its representative who “collects, receives, possess, stores, deals or handles” data to provide a privacy policy “for handling of or dealing in user information including sensitive personal information”. This policy is to be made available for view by such “providers of information” including on a website. The policy must provide the following details:</p>
<div>
<div><ol>
<li>Clear and easily accessible statements of its practices and policies;</li>
<li>Type of personal or sensitive information collected;</li>
<li>Purpose of collection and usage of such information;</li>
<li>Disclosure of such information as provided in rule 6 [<a href="#27">27</a>]</li>
<li>Reasonable security practices and procedures as provided under rule 8. </li>
</ol></div>
<p>Rule 6 enacts as a general rule that disclosure of information “by the body corporate to any third party shall require prior permission from the provider of such information”. Consent is, however, not required, “where disclosure is necessary for compliance of a legal obligation”. This is further fortified by a proviso to the rule which stipulates the mandatory sharing of information “without obtaining prior consent from provider of information, with Government agencies mandated under the law to obtain information including sensitive personal data or information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences.” In such a case, the Government agency is required to “send a request in writing to the body corporate possessing the sensitive personal data or information stating clearly the purpose of seeking such information.” The government agency is also required to “state that the information thus obtained will not be published or shared with any other person.” [<a href="#28">28</a>]</p>
<div>
<div></div>
</div>
<p>Sub Rule (2) of Rule 6 requires “any Information including sensitive information” to be “disclosed to any third party by an order under the law for the time being in force.” This sub-rule does not distinguish between orders issued by a court and those issued by an administrative/quasi-judicial body.</p>
<p>Rule 8 requires body corporates to implement documented security standards such as the international Standard IS/ISO/IEC 27001 on "Information Technology - Security Techniques - Information Security Management System”.</p>
</div>
<p>What is curious about these rules is that its provisions, particularly those relating to lawful disclosure, appear to go much further than the limited purpose authorised by section 43A under which they are framed. Section 43A is intended only to fix liability for the negligent disclosure of information by body corporates which results in wrongful loss. It is not intended to inaugurate a regime of mandatory disclosure, as the Rules attempt to do. In positively requiring, body corporates to disclose information upon a mere request by any ‘government agency’, these rules attempt to create a parallel, much softer mechanism by which the same information that is dealt with under Sections 69 and 69A and rules framed under them can be accessed by a far wider range of governmental actors.</p>
<div>
<p>Even more curious is the fact that the only legal consequence to the ISP for its negligence in disclosing information to government agencies as stipulated in the rules is that it exposes itself to possible civil liability from the ‘person affected’. [<a href="#29">29</a>] Thus, conceivably, if an ISP failed to disclose IP Address data of its users to the police at the instance of, say, targets of online financial fraud, they can be sued by the victims of such fraud. With no incentive to assume this ridiculous burden, it is foreseeable that ISPs would hasten to comply with every request for information from a government agency– however whimsically issued.</p>
<h3>Intermediary Due Diligence</h3>
<p>Section 79 of the IT Act makes intermediaries, including ISPs liable for third party content hosted or made available by them unless they observe ‘due diligence’, follow prescribed guidelines and disable access to any unlawful content that is brought to their attention. Rules were notified under this section in April 2011 which defined the ‘due diligence’ measures they were required to observe. [<a href="#30">30</a>]</p>
<div>
<div></div>
<div>Accordingly, ISPs are required to forbid users from publishing, uploading or sharing any information that:</div>
<div>
<div>
<ul>
<li>belongs to another person and to which the user does not have any right to;</li>
<li>is grossly harmful, harassing, blasphemous defamatory, obscene, pornographic, paedophilic, libellous, invasive of another's privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever;</li>
<li>harm minors in any way;</li>
<li>infringes any patent, trademark, copyright or other proprietary rights;</li>
<li>violates any law for the time being in force;</li>
<li>deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature;</li>
<li>impersonates another person;</li>
<li>contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer resource;</li>
<li>threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or public order or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting any other nation </li>
</ul>
</div>
</div>
</div>
<p>Upon being notified by any ‘affected person’ who objects to such information in writing, the ISP is required to “act within thirty six hours and where applicable, work with user or owner of such information to disable such information”. [<a href="#31">31</a>]</p>
<p>Further, “when required by lawful order”, the ISP, website or any other intermediary “shall provide information or any such assistance to Government Agencies who are lawfully authorised for investigative, protective, cyber security activity. The information or any such assistance shall be provided for the purpose of verification of identity, or for prevention, detection, investigation, prosecution, cyber security incidents and punishment of offences under any law for the time being in force, on a request in writing staling clearly the purpose of seeking such information or any such assistance.”</p>
<p>Visible here is the same attempt at subversion of Sections 69 and 69B as discussed in the previous section under the Data Protection Rules. Failure to observe these ‘due diligence’ measures – including disclosure of IP Address details – would expose ISPs and web-services like Google and Facebook to civil liability under Section 79, a risk they would not likely or lightly wish to assume.</p>
</div>
<h3>Police powers of investigation</h3>
<div>
<p>Apart from the provisions under the IT Act, to what extent are the police in India empowered under the Criminal Procedure Code to simply requisition information - including IP Addresses of suspects - from ISPs and Websites? In the course of routine investigation into other offences, the police have wide powers to summon witnesses, interrogate them and compel production of documents. Can these powers be invoked to obtain IP Address information? Are ISPs and Websites somehow immune from complying with these requirements?</p>
<p>Section 91 of the Code of Criminal Procedure empowers courts or police officers to call for, by written order, the production of documents or other things that are “necessary or desirable” for the purpose of “any investigation, inquiry, trial or other proceeding under the Code”.</p>
<p>Sub-section 3 of this section however limits the application of this power by exempting any “letter, postcard, telegram, or other document or any parcel or thing in the custody of the postal or telegraph authority.” Such documents can only be obtained under judicial scrutiny by following a more rigorous procedure laid down in Section 92. Under this section, it is only if a “District Magistrate, Chief Judicial Magistrate, Court of Session or High Court” is of the opinion that “any document, parcel or thing in the custody of a postal or telegraph authority is.. wanted for the purpose of any investigation, inquiry, trial or other proceeding under this Code” that such document, parcel or thing can be required to be delivered to such Magistrate or Court.</p>
<p>However the same section empowers lesser courts and officers such as “any other Magistrate, whether Executive or Judicial, or of any Commissioner of Police or District Superintendent of Police” to require “the postal or telegraph authority, as the case may be .. to cause search to be made for and to detain such document, parcel or thing” pending the order of a higher court.</p>
<p>Section 175 makes it an offence for a person to intentionally omit to produce a document which he is legally bound to produce. In case the document was to be delivered to a public servant or police officer, such omission is punishable with simple imprisonment of up to one month, or with fine up to five hundred rupees or both. If the document was to be delivered to a Court of Justice, omission could invite simple imprisonment up to six with or without a fine of one thousand rupees.</p>
<p>In the context of our discussion on IP Addresses, the following questions emerge:</p>
<ol>
<li>Are ISPs “telegraph authorities” so that the police are ordinarily prohibited from requisitioning information from them without obtaining orders from a court. </li>
<li>Similarly are Webmail and social networking sites “telegraph or postal authorities” so that securing information from them requires the following of the special procedure laid down in Section 92</li>
</ol>
<div>Section 3(6) of the Indian Telegraph Act, 1885 defines "telegraph authority" as “the Director General of [Posts and Telegraphs], and includes any officer empowered by him to perform all or any of the functions of the telegraph authority under this Act”. This would seem to exclude all private sector ISPs from the definition, presumably opening them up to ordinary summons issued under Section 91.</div>
<div></div>
<div>However, Section 3(2) defines a "telegraph officer" to mean “any person employed either permanently or temporarily in connection with a telegraph established, maintained or worked by [the Central Government] or by a person licensed under this Act;” Under this section, employees of private ISPs such as Airtel would also be regarded as “telegraph officers” and if we can extend this logic, with some interpretative work, the ISPs themselves might be regarded as “telegraph authorities”. In the absence of definite rulings by the judiciary on this question, however, the ordinary presumption would be that private ISPs are not “telegraph authorities” and are answerable, like all private companies, to requisitions made under Section 91.</div>
<div></div>
<div>This leaves open the question of whether a government company like BSNL would count as a ‘telegraph authority’. If it is, then it would put internet communications conducted through BSNL on a more secure footing than through other ISPs. As things stand, however, it appears that BSNL seems to be extending its co-operation to the police in tracking mischief online , in the same manner as other ISPs.</div>
<div></div>
<div>The second question is relatively more straightforward. The definition of “Post Office” in the Indian Post Office Act 1898 restricts its meaning to “the department, established for the purposes of carrying the provisions of this Act into effect and presided over by the Director General [of Posts and Telegraphs]” (Section 2k). Despite their primary functions as email providers, it seems unlikely that any magistrate would interpret webmail providers like Hotmail and Google as “postal authorities” so as to be immune from police summonses under Section 91. Such an interpretation would, nevertheless, be in keeping with the spirit of the postal exemptions, since these sections seem to be aimed at requiring judicial oversight before the privacy of communications may be disturbed. It would be fitting for an amendment to be introduced to the Code of Criminal Procedure to update these sections in line with new technological developments.</div>
<div></div>
<div>Before parting with this section, it must be asked whether the procedure under the IT Act or the CrPC must be followed. Section 81 of the Information Technology Act unequivocally declares that act to have “overriding effect” “notwithstanding anything inconsistent therewith contained in any other law for the time being in force.” This seems to suggest that at least with respect to interception of electronic communications and obtaining traffic data, the provisions of the CrPC would be overridden by the procedure laid down by the rules under the IT Act. The evidence from the practice of the Indian police routinely obtaining IP Address from web service providers and ISPs seems to suggest that the IT Act has not been invoked in these transactions. This is a trend that is likely to continue until their legality is questioned in a court of law.</div>
<h3>Subscriber Contracts with web service providers</h3>
<div>In addition to statutory provisions mandating the disclosure of IP Address information, such disclosure may also be permissible by the terms under which individual websites provides their services. Two examples would suffice here:</div>
<div>Google’s privacy policy which governs its full range of services from its popular search service to Gmail, as well as the groups and blogging services, states that the company will disclose personal information inter alia if</div>
<p>"We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against harm to the rights, property or safety of Google, its users or the public as required or permitted by law."</p>
<p>Information collected by Google includes server logs which include the following information: "your web request, your interaction with a service, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser or your account." [<a href="#34">34</a>]</p>
<p>Similarly, social networking site Facebook contains an equally expansive ‘lawful disclosure’ clause in its Privacy Policy [<a href="#35">35</a>] which states that the company will disclose information:</p>
<p>"To respond to legal requests and prevent harm. We may disclose information pursuant to subpoenas, court orders, or other requests (including criminal and civil matters) if we have a good faith belief that the response is required by law. This may include respecting requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law under the local laws in that jurisdiction, apply to users from that jurisdiction, and are consistent with generally accepted international standards. We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm, or to protect ourselves and you from people violating our Statement of Rights and Responsibilities. This may include sharing information with other companies, lawyers, courts or other government entities."</p>
<p>Information collected by Facebook includes information about the device (computer, mobile phone, etc) about your browser type, location, and IP address, as well as the pages visited. [<a href="#36">36</a>]</p>
<p>Examples of such clauses abound and it would be fair to assume that almost every corporate website one visits has analogously worded terms of service permitting ‘lawful disclosure’. This contractual backdoor negatives any expectation of absolute privacy of IP Address details that one might mistakenly have harboured.</p>
</div>
<h3>Conclusion</h3>
<div>
<p>As indicated in the introduction, IP addresses have proven to be a dependable way for the police in India to track down a range of cyber-criminals – from financial frauds, to vengeful spurned-lovers, to blackmailers and terrorists. The novelty of ‘cyber crimes’, as well as the relative high-tech ease of their resolution makes for attractive press, and offers an inexpensive way for police departments to accrue some credibility and goodwill for themselves. So long as the police track down genuine culprits, the question of privacy violations will necessarily remain suppressed since, in the words of the Supreme Court “the protection [of privacy] is not for the guilty citizen against the efforts of the police to vindicate the law." [<a href="#37">37</a>] However it is the possibility of an increase in egregious cases such as those of Lakshmana Kailash, mentioned above, wrongfully jailed for 50 days on account of a technical error, that reveals the pathologies of the unchecked system of IP Address disclosure that prevails today.</p>
<p>Legal regimes in the West have largely been indecisive about whether to characterize the maintenance of IP Address logs as handmaids for Orwellian thought-policing, or merely as implements that aid the apprehension of cyber criminals who have no legitimate expectation of privacy. Their laws typically come with procedural safeguards such as mandatory notices to affected persons [<a href="#38">38</a>], and judicial review which greatly mitigate the severity of these disclosures when they do occur.</p>
<p>Far from incorporating such safeguards, the various layers of Indian law create an atmosphere that is intensely hostile to the withholding of such information by ISPs and intermediaries. Overlapping layers of regulation between the Telegraph Act and the IT Act, and the conflict among various rules under the IT Act have created a climate of such indeterminacy that immediate compliance with even the most capricious of information demands by any government agency is the only prudent recourse for ISPs and other intermediaries. The DoT has issued a circular requiring the registration of public and domestic wifi networks to facilitate greater precision in tracking individuals behind IP Addresses. [<a href="#39">39</a>] For the same purpose, new Cyber Café Rules under the IT Act require extensive registers and logs to be maintained that track the identity of every user and the websites they have visited. [<a href="#40">40</a>] And if the full ambitions of the Unique Identity Numbering Scheme and the Centralised Monitoring System are realized, we will shortly be headed for exactly the kind of persistent surveillance society that Orwell wrote so fondly about.</p>
<p>The Indian judiciary, which could have played a counterbalancing role to the legislature’s apathy towards privacy and the executive’s increasingly totalitarian tendencies, has so far not risen to the challenge. The Supreme Court has repeatedly condoned the obtaining of evidence through illegal means, [<a href="#41">41</a>] and this has rendered the requirement of adherence to procedural due process by the police merely optional. This guarantee of judicial inaction in the face of executive illegality will be the biggest stumbling block to the securing of privacy – despite the occasionally good intentions of the legislature.</p>
<p>So, in the absence of a general assurance of privacy of our internet communications, where does one look to for hope? I would venture to suggest that there are four sources of optimism:</p>
<ul>
<li>Notwithstanding the iron determination of the Central Government to install a panoptic communication surveillance system, the realization and smooth functioning of these technocratic fantasies will depend on the reconfiguration of the relative powers of various ministries at the Central Level– chiefly the Ministry of Communications and Information Technology and the Home Ministry – and between the Centre and the State. One can rely, one feels, on the unwillingness of various ministries to cede their powers to forestall or at least delay or diminish the execution of this project. The success of the technology, in other words, is not as much in doubt as the success of the politics. Privacy will triumph in this ‘failure’ of politics. I advance this point naively and with only the slightest sense of irony. </li>
<li>Another ironic point : I suggest the ingenious and very Indian phenomena of inefficiency and ignorance as robust privacy safeguards. How does one account for the fact that despite heavily worded and repeated invocations of disclosure requirements in the ISP licenses for almost a decade, it was not until December 2010 that the Home Ministry tentatively suggests to ISPs that IP records must be kept for a minimum of six months? This despite the fact that the ISP license itself requires that such records be kept for one year. How does one explain the unanimous blinking astonishment of the industry at this suggestion, other than they expected never to have to implement it? Or that the extensive logs that cyber café owners are required to maintain about their clientele are seldom checked? [<a href="#43">43</a>] In India it seems to be an unstated element of the business climate that one can reliably depend on the non-enforcement of contractual clauses. Sometimes this inefficiency on the part of the state has inadvertent privacy-preserving effects. </li>
<li>The power of the state to rely on IP Addresses depends on the availability of global internet behemoths such as Microsoft, Google, Facebook and Yahoo who are vulnerable to bullying in order to maintain their transnational empires. In each of the success stories mentioned at the start of this paper, IP Address details were obtained from one of the big companies named, from which the lesson that emerges is that our ability to retain our anonymity will depend on our ability to find smaller, non-Indian substitutes who have nothing to fear from Indian authorities. In June 2010, for instance, the Cyber Crime Police Station, Bangalore sent a notice under Section 91 of the CrPC to the manager of BloggerNews.Net (BNN) seeking the IP Address and details of a user who had allegedly posted “defamatory comments” on BNN about an Indian company called E2-Labs. The manager of BNN bluntly refused to comply stating: “our policy is not to give out that information, BNN holds peoples privacy in high esteem.”[<a href="#44">44</a>] The lesson here is that in the future, the ability of Indians to preserve their online ‘privacy’ and freedom of speech will depend on their being able to find sufficiently small overseas clients to host their speech. Conflict of Laws rather than domestic legislation is a more reliable guarantor of privacy. </li>
</ul>
</div>
<pre>Notes</pre>
<p><br /><a name="1">[1].Hafeez, M., 2011. A tangled web of vengeance. Times Of India. Available at: http://articles.timesofindia.indiatimes.com/2011-03-28/mumbai/29353669_1_boyfriend-social-networking-police-officer [Accessed June 21, 2011].</a></p>
<p><a name="2">[2].Adapted from the Wikipedia entry on IP Address.</a></p>
<p><a name="3">[3].McIntyre, Joshua J., Balancing Expectations of Online Privacy: Why Internet Protocol (IP) Addresses Should be Protected as Personally Identifiable Information (August 15, 2010). DePaul Law Review, Vol. 60, No. 3, 2011. Available at SSRN: http://ssrn.com/abstract=1621102 [Accessed June 21, 2011] .</a></p>
<p><a name="4">[4].Anon, 2010. Army officer held in city for child porn -. Times Of India. Available at: http://articles.timesofindia.indiatimes.com/2010-05-08/mumbai/28292650_1_hard-disks-obscene-clippings-downloading [Accessed June 15, 2011].</a></p>
<p><a name="5">[5].Anon, 2011. Anti-Ambedkar page on Facebook blocked. Hindustan Times. Available at: http://www.hindustantimes.com/Anti-Ambedkar-page-on-Facebook-blocked/Article1-663383.aspx [Accessed May 24, 2011].</a></p>
<p><a name="6">[6].Sarokin, David. Google Ordered to Reveal Blogger Identity in Defamation Suit in India:Gremach Infrastructure vs Google India [Internet]. Version 5. Knol. 2008 Aug 15. Available from: http://knol.google.com/k/david-sarokin/google-ordered-to-reveal-blogger/l9cm7v116zcn/7.</a></p>
<p><a name="7">[7].Anon, 2009. Mumbai: Man held for blackmailing Anoushka Shanka. Rediff.com. Available at: http://news.rediff.com/report/2009/sep/20/police-arrest-man-for-blackmailing-anoushka-shankar.htm [Accessed May 24, 2011].</a></p>
<p><a name="8">[8].Anon, 2010. Cyber cell nets Delhi teen for lewd online posts - Times Of India. Times Of India. Available at: http://articles.timesofindia.indiatimes.com/2010-04-29/mumbai/28116011_1_cyber-cell-cyber-police-abusive-messages [Accessed March 23, 2011].</a></p>
<p><a name="9">[9].Hafeez, M., 2011. Police find runaway student “online” - Times Of India. Times Of India. Available at: http://articles.timesofindia.indiatimes.com/2011-02-17/mumbai/28554314_1_social-networking-networking-site-sim-card [Accessed June 21, 2011].</a></p>
<p><a name="10">[10].Holla, A., 2009. Wronged, techie gets justice 2 yrs after being jailed. Mumbai Mirror. Available at: http://www.mumbaimirror.com/index.aspx?page=article§id=2&contentid=200906252009062503144578681037483 [Accessed March 23, 2011].</a></p>
<p><a name="11">[11].Ibid.</a></p>
<p><a name="12">[12].This is not atypical. In the US, for instance, as Joshua McIntyre writes, “While various federal statutes protect similar data such as telephone numbers and mailing addresses as Personally Identifiable Information (PII), federal privacy law does not generally regard IP addresses as information worthy of protection. It has, therefore, become commonplace for litigants to subpoena ISPs to unmask online speakers. Many ISPs have no reason to fight these subpoenas and readily give up their subscribers’ names, addresses, telephone numbers, and other identifying data without demanding any court oversight or providing any notice to the subscriber. Even when courts become involved, a full consideration of the online speaker’s privacy interests is far from certain” Joshua McIntyre, supra note 3 at p.5.</a></p>
<p><a name="13">[13].Anon, 2011. User Data Requests - India. Google Transparency Report. Available at: http://www.google.com/transparencyreport/governmentrequests/IN/?p=2010-12&p=2010-12&t=USER_DATA_REQUEST&by=PRODUCT [Accessed June 29, 2011].</a></p>
<p><a name="14">[14].Ibid.</a></p>
<p><a name="15">[15].Anon, 2007. Orkut’s tell-all pact with cops. Economic Times. Available at: http://articles.economictimes.indiatimes.com/2007-05-01/news/28459689_1_orkut-ip-addresses-google-spokesperson [Accessed June 15, 2011].</a></p>
<p><a name="16">[16].In June 2011, Hotmail supplied IP Address details which enabled Delhi Police to trace, with further assistance from Airtel, the sender of obscene emails to a noted actress. Sharma, M., 2011. Priyanka Chopra’s cousin harrassed in Delhi. Mid-Day. Available at: http://www.mid-day.com/news/2011/jun/100611-news-delhi-priyanka-chopra-cousin-Meera-Chopra-harrassed.htm [Accessed June 28, 2011].</a></p>
<p><a name="17">[17]. In 1997, the Supreme Court of India held in PUCL v. Union of India that the interception of communications under this section was unlawful unless carried out according to procedure established by law. Since no Rules had been prescribed by the Government specifying the procedure to be followed, the Supreme Court framed guidelines to be followed before tapping of telephonic conversation. These guidelines have been substantially incorporated into the Indian Telegraph Rules in 2007. Rule 419A stipulates the authorities from whom permission must be obtained for tapping, the manner in which such permission is to be granted and the safeguards to be observed while tapping communication. The Rule stipulates that any order permitting tapping of communication would lapse (unless renewed) in two months. In no case would tapping be permissible beyond 180 days. The Rule further requires all records of tapping to be destroyed after a period of two months from the lapse of the period of interception.</a></p>
<p><a name="18">[18].Thomas Philip, J., 2010. Intelligence Bureau wants ISPs to log all customer details. Economic Times. Available at: http://articles.economictimes.indiatimes.com/2010-12-30/news/27621627_1_online-privacy-internet-protocol-isps [Accessed June 28, 2011].</a></p>
<p><a name="19">[19].The Monitoring Rules list 10 ‘cyber security’ concerns for which Monitoring may be ordered: (a) forecasting of imminent cyber incidents; (b) monitoring network application with traffic data or information on computer resource; (c) identification and determination of viruses/computer contaminant; (d) tracking cyber security breaches or cyber security incidents; (e) tracking computer resource breaching cyber security or spreading virus/computer contaminants; (f) identifying or tracking of any person who has contravened, or is suspected of having contravened or being likely to contravene cyber security; (g) undertaking forensic of the concerned computer resource as a part of investigation or internal audit of information security practices in the computer resource;(h) accessing a stored information for enforcement of any provisions of the laws relating to cyber security for the time being in force; (i) any other matter relating to cyber security.</a></p>
<p><a name="20">[20].Respectively the INFORMATION TECHNOLOGY (PROCEDURE AND SAFEGUARDS FOR INTERCEPTION, MONITORING AND DECRYPTION OF INFORMATION) RULES, 2009, G.S.R. 780(E) (2009), http://www.mit.gov.in/sites/upload_files/dit/files/downloads/itact2000/Itrules301009.pdf (last visited Jun 30, 2011). and INFORMATION TECHNOLOGY (PROCEDURE AND SAFEGUARDS FOR MONITORING AND COLLECTING TRAFFIC DATA OR INFORMATION) RULES, 2009, G.S.R. 782(E) (2009), http://cca.gov.in/rw/resource/gsr782.pdf?download=true (last visited Jun 30, 2011).</a></p>
<p><a name="21">[21].Section 69 lists the following grounds for which interception may be ordered : a) sovereignty or integrity of India, b) defense of India, c) security of the State, d)friendly relations with foreign States or e)public order or f)preventing incitement to the commission of any cognizable offence relating to above or g) for investigation of any offence.</a></p>
<p><a name="22">[22].Rule 2(d) of the Monitoring and Collecting of Traffic Data Rules 2009.</a></p>
<p><a name="23">[23].Telegraph (Amendment) Rules 2007, Available at: http://www.dot.gov.in/Acts/English.pdf [Accessed June 28, 2011].</a></p>
<p><a name="24">[24].INFORMATION TECHNOLOGY (REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OR INFORMATION), (2011), www.mit.gov.in/sites/upload_files/dit/files/GSR3_10511(1).pdf (last visited Jun 30, 2011).</a></p>
<p><a name="25">[25].The full list under Rule 3 includes : password; financial information such as Bank account or credit card or debit card or other payment instrument details ; physical, physiological and mental health condition; sexual orientation; medical records and history; Biometric information; any detail relating to the above clauses as provided to body corporate for providing service; and any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise.</a></p>
<p><a name="26">[26].“Provider of data” is not the same as individuals to whom the data pertains, and could possibly include intermediaries who have custody over the data. We feel this privacy policy should be made available for view generally – and not only to providers of information. In addition, it might be advisable to mandate registration of privacy policies with designated data controllers.</a></p>
<p><a name="27">[27].This is well framed since it does not permit body corporates to frame privacy policies that detract from Rule 6..</a></p>
<p><a name="28">[28].This is a curious insertion since it begs the question as to the utility of such a statement issued by the requesting agency. What are the sanctions under the IT Act that may be attached to a government agencies that betrays this statement? Why not instead, insert a peremptory prohibition on government agencies from disclosing such information (with the exception, perhaps, of securing conviction of offenders)?.</a></p>
<p><a name="29">[29].The consequence of disobeying the rules is that the ‘body corporate’ is legally deemed not to have observed ‘reasonable security practices’. Section 43A penalizes such failure if it causes wrongful loss due to the disclosure.</a></p>
<p><a name="30">[30].INFORMATION TECHNOLOGY (INTERMEDIARIES GUIDELINES) RULES, (2011), www.mit.gov.in/sites/upload_files/dit/files/GSR3_10511(1).pdf (last visited Jun 30, 2011).</a></p>
<p><a name="31">[31].The easily-affronted have thus been provisioned with a cheaper, swifter and more decisive means of curtailing free speech, where courts in India might have dithered ponderously instead Or they might not have. As of this writing, an obscure court in a Silchar, Assam issued an ex-parte injunction prohibiting the online publication of a highly-acclaimed biopic about Arindam Chaudhuri – a self-proclaimed ‘management guru’ who has gained notoriety in India due the questionable nature of a management institute that he runs. The choice of this particular court as the venue to file the suit, rather than one in New Delhi where both the plaintiff and the publisher reside, coupled Chaudhuri’s consistent success in obtaining such plenary gag-orders from this judge against any content he deems unflattering to himself, strongly suggests foul-play. Although this is not a typical case, it does caution against placing too much optimism on supposed judicial restraint and conservativeness. Anon, 2011. IIPM’s Rs500-million lawsuit against The Caravan. The Caravan, 3(6). Available at: http://caravanmagazine.in/Story/950/IIPM-s-Rs500-million-lawsuit-against-The-Caravan.html [Accessed June 28, 2011].</a></p>
<p><a name="32">[32].See Ali, S.A., 2010. Cyber cell nets Delhi teen for lewd online posts. Times Of India. Available at: http://articles.timesofindia.indiatimes.com/2010-04-29/mumbai/28116011_1_cyber-cell-cyber-police-abusive-messages [Accessed March 23, 2011]. (“During investigations, the police browsed through several service providers and finally zeroed in on BSNL, which helped them trace the sender's IP address to someone called 'Manoj Gupta' in Gurgaon. A team of policemen were sent to Gurgaon but the personnel found out that Manoj Gupta was fictitious name which the teenager was using in his IP address. The police arrested the accused as well as seized the hardisk of his personal computer.”); See also Rehman, T., 2008. A Case For Fools? Tehelka. Available at: http://www.tehelka.com/story_main40.asp?filename=Ws181008case_fools.asp [Accessed June 30, 2011].(“ The state police reportedly traced the email to the cyber café through its IP address. “We traced the email to a BSNL line. The BSNL has a cell in Bangalore to track such details. They traced the number to that particular cyber café in Shillong,” S.B. Singh, IGP (special branch) Meghalaya police told TEHELKA”)..</a></p>
<p><a name="33">[33].Anon, 2010. Privacy Policy. Google Privacy Center. Available at: http://www.google.com/privacy/privacy-policy.html [Accessed June 28, 2011].</a></p>
<p><a name="34">[34].Ibid.</a></p>
<p><a name="35">[35].Anon, 2010. Privacy Policy. Facebook. Available at: http://www.facebook.com/policy.php [Accessed June 28, 2011].</a></p>
<p><a name="36">[36].Ibid.</a></p>
<p><a name="37">[37].R. M. Malkani v State Of Maharashtra AIR 1973 SC 157, 1973 SCR (2) 417.</a></p>
<p><a name="38">[38].Eg. Title 18 US Code § 2703 provides for mandatory notice in case of wiretapping with a provision of ‘delayed notice’ where an ‘adverse result’ is apprehended such as (A) endangering the life or physical safety of an individual; (B) flight from prosecution; (C) destruction of or tampering with evidence; (D) intimidation of potential witnesses; or (E) otherwise seriously jeopardizing an investigation or unduly delaying a trial. Title 18,2705., Available at: http://www.law.cornell.edu/uscode/18/usc_sec_18_00002705----000-.html [Accessed June 28, 2011].</a></p>
<p><a name="39">[39].Ministry of Communications & IT. Letter to All Internet Service Providers. “Instructions under the ISP License regarding provisioning of Wi-Fi internet service under delicenced frequency band”, February 23, 2009. http://www.dot.gov.in/isp/Wi-%20fi%20Direction%20to%20ISP%2023%20Feb%2009.pdf (last visited Jun 30, 2011). Internationally, this does not appear to be an uncommon move. See Thompson, C., 2011. Innocent Man Accused Of Child Pornography After Neighbor Pirates His WiFi. Huffington Post. Available at: http://www.huffingtonpost.com/2011/04/24/unsecured-wifi-child-pornography-innocent_n_852996.html [Accessed June 30, 2011]. (“In Germany, the country's top criminal court ruled last year that Internet users must secure their wireless connections to prevent others from illegally downloading data. The court said Internet users could be fined up to $126 if a third party takes advantage of their unprotected line, though it stopped short of holding the users responsible for illegal content downloaded by the third party.”).</a></p>
<p><a name="40">[40].INFORMATION TECHNOLOGY (GUIDELINES FOR CYBER CAFE) RULES, 2011., G.S.R. 315(E) (2011), www.mit.gov.in/sites/upload_files/dit/files/GSR3_10511(1).pdf (last visited Jun 30, 2011).</a></p>
<p><a name="41">[41].See State Of Maharashtra v. Natwarlal Damodardas Soni AIR 1980 SC 593 , 1980 SCR (2) 340.</a></p>
<p><a name="42">[42].Supra note 15.</a></p>
<p><a name="43">[43].Manocha, S., 2009. Cops no more interested in checking cyber cafes. Times Of India. Available at: http://articles.timesofindia.indiatimes.com/2009-08-03/lucknow/28172232_1_cyber-cafe-proper-records-ip-address [Accessed June 28, 2011]. (The cyber cafe owners claim that the registers which they maintain are seldom checked by the police. "I maintained the records properly which included recording of the name and address of the visitors and a photocopy of their identification proofs but not even once any cop had checked my records," said Rajeev, a cyber cafe owner in Aliganj. "It is this carelessness on the part of cops that gives those not maintaining proper records to carry on their business without any fear of the law," he added).</a></p>
<p><a name="44">[44].Barrett, S., 2010. Blogger News Censored In India. Blogger News Network. Available at: http://www.bloggernews.net/124890 [Accessed June 28, 2011].</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/ip-addresses-and-identity-disclosures'>http://editors.cis-india.org/internet-governance/ip-addresses-and-identity-disclosures</a>
</p>
No publisherPrashant IyengarInternet GovernancePrivacy2012-12-14T10:20:59ZBlog EntryCyber Crime & Privacy
http://editors.cis-india.org/internet-governance/cyber-crime-privacy
<b>India is a growing area in the field of active Internet usage with 71 million Internet users.</b>
<h3><span class="Apple-tab-span"> </span>Introduction</h3>
<p>India is a growing area in the field of active Internet usage with 71 million Internet users.[<a href="#1">1</a>] “Cyberspace is shorthand for the Web of consumer electronics; computers and communication networks that interconnect the World”. [<a href="#2">2</a>] The recent incidents of hacking into various popular websites of Yahoo, CNN, Sony, the CBI and the Indian Army raise the very pertinent issue of online data privacy. This blog will examine the growing instances of hacking websites and its impact on data privacy.</p>
<h3>Cyber Crime</h3>
<p>“Cybercrime is a criminal offence on the Web, a criminal offence regarding the Internet, a violation of law on the Internet, an illegality committed with regard to the Internet, breach of law on the Internet, computer crime, contravention through the Web, corruption regarding Internet, disrupting operations through malevolent programs on the Internet, electric crime, sale of contraband on the Internet, stalking victims on the Internet and theft of identity on the Internet.”[<a href="#3">3</a>]</p>
<p>The computer age gave rise to a new field of crime namely “cybercrime” or “computer crime”. During the 1960s and 1970s cybercrime involved physical damage to the consumer system. Gradually computers were attacked using more sophisticated modus operandi where individuals would hack into the operating system to gain access to consumer files. The 1970s - through to the present - saw cybercrimes taking different trajectories like impersonation, credit card frauds, identity theft, and virus attacks, etc.[<a href="#4">4</a>]</p>
<p>The IT Act 2000 was enacted by the government to punish such acts of cyber crime. The Act was amended in the year 2008[<a href="#5">5</a>]. </p>
<h3><span class="Apple-tab-span"> </span>Cybercrime — An Overview: India</h3>
<p>The IT Act 2000 was enacted by the government in 2000 to punish acts of cyber crime. The Act was amended in the year 2008[<a href="#5">5</a>]. According to the National Crime Records Bureau, cyber crime is on the rise. The Bureau reported that 420 cases were reported under the IT Act in the year 2009 alone, which was a 45.8 per cent increase from the year 2008. [<a href="#6">6</a>] The NCRB data on cyber crime also provides a useful insight as to the growing awareness of the IT Act. The data clearly shows an increase in the number of cases reported from the years 2005 to 2009.[<a href="#7">7</a>]. Hacking and obscene [<a href="#8">8</a>] publication/transmission are the highest reported crimes with the highest rate of conviction under the IT Act 2008.</p>
<h3><span class="Apple-tab-span"> </span>Cyber Attack: No One is Safe!!</h3>
<p>In February 2000 the many ‘busy’ Internet websites were jammed shut by hackers causing a national upheaval in the USA with the then President Clinton calling in a high level meeting with experts from around the world. Websites like Yahoo.com were forced to shut down for three hours after they were ‘smurfed’ by hackers [<a href="#9">9</a>]. Many other websites like Amazon.com and CNN.com were also attacked by the same hackers. Hacking such popular websites within a span of few hours was unprecedented which left many, including the FBI, clueless. By far these are the most serious cyber attacks in the history of Internet. The attacks not only shut down important sites, but also highlighted a very disturbing growing trend. If such popular websites were shut down by unknown perpetrators then how in the world will these and similar sites be able to protect scores of personal data and credit card information of the customers they pledge to serve? </p>
<p>More recently cyber vandals attacked the US Senate website on the 14 June 2011, causing a huge security scare [<a href="#10">10</a>]. This instance again brings us to the pertinent question of the safety of our personal data held by these websites. If the personal data of the US Senators can be breached by somebody, then certainly we as consumers should be very wary of the cyberspace and its ability to protect our data.</p>
<h3><span class="Apple-tab-span"> </span>Closer Home</h3>
<p>On June 8, a group claiming to be “anonymous” hacked into the government’s National Information Centre to protest against the anti-graft agitation [<a href="#11">11</a>]. The same group was accused of hacking into the Indian Army’s website although no report of data theft was claimed by the government. Last year in December a Pakistani hacker group named Predators PK hacked into various websites including the website of the CBI.[<a href="#12">12</a>]</p>
<h3><span class="Apple-tab-span"> </span> Cyber Crime: Its Implications to Privacy</h3>
<p>Internet security has become an important issue. Recent cyber attacks on various important websites has placed many consumers at risk and vulnerable to cyber criminals. The hacking attack on the Sony website on April 16 and 17 led to the theft of 26.4 million SOE (Sony Online Enterprise) Accounts. The criminals even hacked into a 2007 database which held credit and debit card information of 23,400 customers.[<a href="#13">13</a>]</p>
<p>Attacks such as these demonstrate the vulnerability of websites, and the possibility of serious harm to a countries economy and security. Furthermore, consumers’ personal data can be used by hackers to extort and blackmail individuals. </p>
<p>The Internet has become a huge stakeholder in facilitating trade and e-commerce, subsequently cyberspace has become a large network of communication and commerce. We carry out a number of tasks on the Internet — from e-shopping and e-ticketing to e-banking. Though the recent attacks on the CBI website, and the Indian Army website did catch some attention from the media, and the government did make some noise about it, the issue slowly faded away. The government cannot seem to protect its own websites which houses sensitive details of national security, but seems confident about putting personal data and biometrics of a billion plus population under the AADHAR scheme [<a href="#14">14</a>] onto a web server which can be hacked anytime by almost anybody with a personal computer in China or Pakistan.[<a href="#15">15</a>]</p>
<h3><span class="Apple-tab-span"> </span>Privacy: No More?</h3>
<p>Data generated in cyberspace are a fingerprint of an individual which is detailed, processed, and made permanent.[<a href="#16">16</a>] The cyberspace generates a blue print of our whole personality as we navigate through a health site, pay our bills, or shop for books at Amazon.com. The data collected by surfing through all these domains creates a fitting profile of who we are. [<a href="#17">17</a>] When hackers and cyber vandals steal this very information, it becomes a gross violation of our privacy. </p>
<h3><span class="Apple-tab-span"> </span>Conclusion</h3>
<p>Privacy does not exist in cyber space. The various websites that offer varied services to its consumers fail to protect their personal data time and again. The Sony website including its play station and music website was hacked at least three times this year. Scores of personal data was stolen and the consumers were kept in dark regarding the breach for almost a week. Speaking as a consumer, if a large corporate company like Sony cannot protect its website from being hacked into, it is hard to imagine other websites protecting itself from attacks. </p>
<p>The rise of the Internet has brought with it a new dimension of crime. The IT Act 2000 has brought some reprieve to the aggrieved according to the NCRB. Despite this, the IT Act clearly will not completely deter criminals from hacking into websites, as was demonstrated in the NCRB report. The cyber criminals of the February 2000 cyber attacks have yet to be apprehended and the attacks on various websites have been increasing every year. </p>
<p>Despite progress being made on enacting cyber laws and implementing them, cyber crime is still not nipped in the bud. Governments can do precious little to stop it and only hope that a cyber criminal can be traced back and be punished. Hence, Internet users need to more careful of the sites they visit; know the privacy policy of these websites to protect their personal data as much as possible.</p>
<pre>Notes</pre>
<p><a name="1">[1] According to an annual survey conducted by IMRB and Internet and Mobile Association of India for the year 2009 – 2010. </a></p>
<p><a name="2">[2]</a><a href="http://www.jstor.org/stable/pdfplus/1229286.pdf?acceptTC=true"> http://www.jstor.org/stable/pdfplus/1229286.pdf?acceptTC=true</a></p>
<p><a name="3">[3]</a><a href="http://legal-dictionary.thefreedictionary.com/cybercrime"> http://legal-dictionary.thefreedictionary.com/cybercrime</a></p>
<p><a name="4">[4]</a><a href="http://www.mekabay.com/overviews/history.pdf"> http://www.mekabay.com/overviews/history.pdf</a></p>
<p><a name="5">[5]</a><a href="http://www.cyberlaws.net/itamendments/index1.htm">http://www.cyberlaws.net/itamendments/index1.htm</a></p>
<p><a name="6">[6]</a><a href="http://ncrb.nic.in/CII%202009/cii-2009/Chapter%2018.pdf"> http://ncrb.nic.in/CII%202009/cii-2009/Chapter%2018.pdf</a></p>
<p><a name="7">[7]</a><a href="http://ncrb.nic.in/CII%202009/cii-2009/Chapter%2018.pdf"> http://ncrb.nic.in/CII%202009/cii-2009/Chapter%2018.pdf</a></p>
<p><a name="8">[8]</a><a href="http://ncrb.nic.in/CII%202009/cii-2009/Chapter%2018.pdf"> http://ncrb.nic.in/CII%202009/cii-2009/Chapter%2018.pdf</a></p>
<p><a name="9">[9]</a><a href="http://www.pbs.org/newshour/extra/features/jan-june00/hackers_2-17.html"> http://www.pbs.org/newshour/extra/features/jan-june00/hackers_2-17.html</a></p>
<p><a name="10">[10]</a><a href="http://editors.cis-india.org/internet-governance/ http://in.reuters.com/article/2011/06/14/idINIndia-57677720110614"> http://in.reuters.com/article/2011/06/14/idINIndia-57677720110614</a></p>
<p><a name="11">[11]</a><a href="http://www.thinkdigit.com/General/Anonymous-hacks-Indian-govt-website-to-support_6933.html"> http://www.thinkdigit.com/General/Anonymous-hacks-Indian-govt-website-to-support_6933.html</a></p>
<p><a name="12">[12]</a><a href="http://www.deccanherald.com/content/117901/pakistan-hackers-wage-cyber-war.html"> http://www.deccanherald.com/content/117901/pakistan-hackers-wage-cyber-war.html</a></p>
<p><a name="13">[13]</a><a href="http://mashable.com/2011/05/03/sony-another-hacker-attack/"> http://mashable.com/2011/05/03/sony-another-hacker-attack/</a></p>
<p><a name="14">[14]</a> <a href="http://uidai.gov.in/">http://uidai.gov.in/</a></p>
<p><a name="15">[15]</a><a href="http://www.securitywatchindia.org.in/selected_Article_Cyber_warfare.aspx"> http://www.securitywatchindia.org.in/selected_Article_Cyber_warfare.aspx</a></p>
<p><a name="16">[16]</a><a href="http://www.jstor.org/stable/pdfplus/1229286.pdf?acceptTC=true"> http://www.jstor.org/stable/pdfplus/1229286.pdf?acceptTC=true</a></p>
<p><a name="17">[17]</a><a href="http://www.jstor.org/stable/pdfplus/1229286.pdf?acceptTC=true"> http://www.jstor.org/stable/pdfplus/1229286.pdf?acceptTC=true</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/cyber-crime-privacy'>http://editors.cis-india.org/internet-governance/cyber-crime-privacy</a>
</p>
No publishermerlinInternet GovernancePrivacy2011-09-01T09:36:11ZBlog EntryFinancial Inclusion and the UID
http://editors.cis-india.org/internet-governance/privacy_uidfinancialinclusion
<b>Since 2009, when Nandan Nilekani began to envision and implement the Unique Identification Project,
the UID authority has promoted the UID/Aadhaar scheme as a tool of development for India - arguing that an identity will assist in bringing benefits to the poor, promote financial inclusion in India, and allow for economic and social development. In this blog entry I will focus on the challenges and possibilities of the UID number providing the residents of India a viable method of access to financial services across the country.</b>
<p> </p>
<h3>Why the UID could bring financial inclusion</h3>
<p>In their strategy document “Exclusion to Inclusion with Micro payments” the UIDAI argues that a few of many challenges to successful financial inclusion in India for the poor have been: lack of identity, lack of accessibility of financial outlets, unreliability of infrastructure, high costs of banking, and the common presence of a middle man. For Indian banks the UID sites challenges such as: the high cost of transactions for banks servicing clients in rural areas, lack of infrastructure, costly processes of cash management, and high costs of IT.(UIDAI, 2010)The UID's solution to these obstacles is a system of financial services and micro payments based off of an individuals UID number, in which an individual with a UID number would be able to: open a bank account, make a payment, withdraw money, deposit money, and send remittances. The hope is that this system will allow banks to scale up their branch less banking, and reach out to larger populations. Residents having a bank account linked to their UID number is also key to the UID's larger scheme for subsidy delivery to the poor. Until all consumers who rely on government subsidies have a bank account linked to their UID number, the UID will not be able to implement a system of direct transfer of cash subsidies.(CNBC-TV18, 2011) For example, the UIDAI has started conducting a pilot disbursement of funds under the Mahatma Gandhi National Rural Employment Guarantee Scheme (MNREGS) to Jharkhand through Union Bank, ICICI Bank and Bank of India branches.(IBN-Live, 2011)</p>
<h3>How the UID will bring financial inclusion</h3>
<p>In their vision, the UIDAI has designed a system that involves bank branches enrolling individuals, bank branches establishing relationships with BC organizations, the use of Micro ATM's, and the use of the UID numbers for authentication in all financial transactions. In short the system of financial inclusion would work as follows:</p>
<p><strong>Step 1. Enroll and obtain UID number</strong></p>
<p>An individual enrolls for a UID number. During enrollment an individual shares his/her KYC information with the UIDAI. The UIDAI verifies the individuals KYC information, along with their other information, and issues the individual a UID number. If an individual already has a bank account at the time of enrollment they have the option to link their UID number to their bank account [1]</p>
<p>In India every bank must verify and confirm an individuals KYC information. This is to help reduce tax evasion and fraud. In December 2011, India's Ministry of Finance recognized the Aadhaar number has an officially valid identification to satisfy the KYC norms for opening bank accounts. By verifying an individuals KYC information at the enrollment stage the UIDAI is hoping reduce the amount of paperwork and time needed for an individual to open a bank account. In addition to satisfying KYC norms, the Government of India has also recognized the Aadhaar number as an acceptable form of identity for the purpose of obtaining a mobile connection. By having the UID number accepted for establishing both mobile connections and bank accounts, financial inclusion through mobile banking is encouraged as it allows for individuals who previously had no identity, to join the financial system and mobile network – thus allowing bank accounts to be more accessible than before, and aiding banks by simplifying the process of account opening.(Akhand Tiawari, Anurodh Giri, 2011)</p>
<p><strong>Step 2. Open UID Enabled Bank Account</strong><br />Now that the individual has a UID number they can open a bank account by presenting their UID number and thumb print to the bank branch for authentication. Currently the one bank enrolling citizens and issuing UID numbers and UID based ATM cards is the Bank of India.(Aggarwal, 2011) Bank of Maharashtra, State Bank of India and Indian Overseas Bank are currently waiting for approval from the UIDAI.(Chavan, 2011) In this scenario the UID number will be the only form of identification needed to open a bank account.</p>
<p><strong>3.Make financial transactions with UID number</strong><br />Once a UID Enabled Bank Account (UEBA) is opened, individuals can begin making financial transactions using their UID number and fingerprint. Individuals can access their UEBA through BC institutions. With a UEBA individuals have the option of using four basic banking services:</p>
<ul><li> Store cash for savings through electronic deposits and withdraw only small amounts of cash</li><li>Make payments</li><li>Send and receive remittances</li><li>Acquire balance and transaction history</li></ul>
<p>Transactions completed through the UID-enabled bank account work similarly to a prepaid mobile system. BC organizations, or Bank Correspondents, are organizations such as SHGs, kirana stores, dairy agents that larger banks develop a business relationship with. The BC organizations handle all transactions at the local level. Using BC organizations as financial outlets is meant to increase the penetration of financial outlets and make financial services more accessible in rural areas. How the process works is: a BC institution begins by depositing a certain amount of money with a larger banking institution. This ‘ prepaid balance’ paid by the BC institution changes with every transaction the BC institution makes. For example, when an individual makes a deposit it decreases as that money is then transferred into an individuals account, and increases when an individual withdraws money, because of the transaction fee that is charged to the individual. When the individual is making a deposit, he pays physical cash to the BC, who in turn makes an electronic transfer from the BC account to the individual's account. When making a withdrawal, the electronic transfer is made from the individual's account to the BC account, and the BC hands out physical cash to the customer, (UIDAI, 2010).</p>
<p><br />The micro ATM that is to be used at BC institutions is a hand held device, in this case a mobile phone, attached to a finger print reader. The micro ATM is meant to replace larger ATM’s and reduce the cost that banks incur when establishing full fledged ATM machines. The hand held device will be remotely accessed to the central server of the bank. Currently Italian tech company Telit Communication SpA, is hoping to provide the GSM wireless M2M modules that will allow the wireless device and the wired server to communicate with each other. (Kanth, 2011) The most significant difference between the micro ATM system and the traditional ATM system is that the BC employee executes the transaction. </p>
<p>Though having BC employees carry out financial transactions might eliminate the possibility of a fraudulent ATM being set up, it opens many possibly corrupt doors. How will it be ensured that the transaction is completed without fraud, and how can it be ensured that the Micro-ATM is not fraudulent, or that the BC organization itself is not fraudulent. Though this scenario might sound unlikely, the UID has already experienced difficulties with fake enrollment centers being set up, such as in Pune. (Gadkari, 2011), fake UID papers being issued, as was done in Patna(Tripathi, 2011) and enrollment centers illegally outsourcing work, as the IT company Tera Software was found doing (Prajakta, 2011). If these scenarios have all been tried, it is not unreasonable to see the same being tried with financial institutions.</p>
<h3><strong>Challenges to a system of authentication for financial transactions with the biometric based UID number</strong></h3>
<p>Not withstanding the fact that financial inclusion cannot be achieved only through an identity, focusing on the identity component of financial inclusion - in the report Low Cost Secure Transaction Model for Financial Services, published by Nitin Munjal, Ashish Paliwal, and Rajat Moona, from the Indian Institute of Technology, the authors note that present challenges in India to financial inclusion through access to financial institutions include(Munjal, Nitin Paliwal, Ashish Moona, 2011):</p>
<ul><li>Currently financial transactions require network connectivity to take place. For financial transactions made in rural areas this has lead to both high costs for each transaction and to high fixed IT costs.</li><li>Current financial schemes such as mobile banking depend on network connectivity, making the network indispensable, yet 70% of the Indian population is rurally located with limited or no network connectivity.</li><li>Current financial service outlets are densely located in urban areas and not rural areas. Rural populations are financially excluded, as in most cases the completion of financial transaction require the presence of financial outlets.</li><li>Currently there are no easy safeguards to protect against fake ATMS or fraud, because the current Financial Service Model is based on blind trust of the service outlet – this allows for high rates of fake ATM’s being installed and fraud.</li><li>For an individual to access financial services, an identity is required. In most cases the poor lack an identity.</li></ul>
<p><br />Clearly there are many obstacles that the UID identity card must overcome to successfully authenticate individuals in financial transactions and facilitate financial inclusion. For the system to be successful the UID must at the minimum do the following:</p>
<ul><li>Accurately generate unique numbers</li><li>Capture accurate personal information</li><li>Ensure security of the database</li><li>Ensure that the technology is secure and accurate</li><li>Ensure that only necessary information is collected</li><li>Verify BC centers</li><li>Provide a secure network that can handle large numbers of transactions</li></ul>
<p><br /><strong>Possible ways in which the system can go wrong include:</strong></p>
<ul><li>Inaccurate authentication</li><li>Delays in authentication</li><li>Fraud at the level of the BC institution</li><li>Over collection of personal information by banks</li><li>Linking of databases by banks, or other agencies</li><li>Network failure</li><li>Down time of the database</li></ul>
<p>Though UID enabled bank accounts have yet to be officially established the UID is already experiencing many of the listed difficulties. For instance, in an Indian Express article published on June 15th, it was reported that banks are issuing additional UID forms that ask if individuals have credit cards, operate mobile or internet banking accounts, own a two wheeler or four wheeler, or live in a rented or personally owned accommodation. (Indian Express, 2011) Even more alarming is a recent news item from the Deccan Herald, which details the efforts that have been taken by NATGRID to access banking clients personal information, and NATGRID's proposal to tie banking information to a linked database containing information from bank accounts, railways, airlines, stock exchanges, income tax, credit card, immigration records, and telecom service providers. (Arun, 2011)The banks<br />have refused to give NATGRID access to clients personal information, but the ease at which NATGRID could track and collect information about individuals with the UID is chilling – especially if the UID is linked to almost every bank account in India. Several news reports have also shared experiences of confusion, inconsistent requirements, and unorganized enrollment centers, which place doubt in the accuracy of the information collected and the accuracy of the UID numbers issued.(Tripathi, 2011). </p>
<p><br />Looking at the technology and operational design of the UEBA system, though the scheme relies on mobile networks, it fails to eliminate the need for connectivity to the central server, because authentication of individuals biometric must be done through comparison of one fingerprint to the central server of all fingerprints. This will not only complicate the effectiveness of delivery of services, as it is possible for connectivity to be limited and slow, but it will also incur large network overhead costs for each transaction that is verified. Furthermore, even though the use of BC institutions as financial service outlets is meant to increases the availability of financial outlets, a dependency is created on BC institutions – as they must be present for any financial transaction to take place.<br />Additionally, individuals have no way of authenticating and verifying BC institutions. As mentioned earlier this allows for possible scenarios of fraud. Additionally, the UID has not provided any alternative method of identification in the case that the network or technology fails, or if an individuals biometrics are incorrectly rejected.</p>
<h3>Could the SCOSTA standard be an option?</h3>
<p>Many developing countries, like Kenya and Brazil, that face similar challenges to financial inclusion have looked towards smart cards as secure methods for authenticating individuals. In 2003 India also implemented a smart card approach to identity management. The SCOSTA standard smart card was introduced with the MNIC national identification scheme. Though the scheme was eventually dropped by the Indian Government, the SCOSTA smart card standard is still a valid option for authentication of individuals in financial transactions. A SCOSTA standard based approach for financial inclusion would include: </p>
<ul><li>Authentication of an individuals key, pass-phrase, and pin. This is known as public keyinfrastructure. This will allow a person to protect their password and easily replace it if stolen.</li><li> Authentication through public key infrastructure would not depend on connectivity to thenetwork. This would allow for financial inclusion of populations not connected to networks and not be fully dependent on working networks.</li><li> Authentication through public key infrastructure establishes mutual trust of user and institution. This would lower the presence of fraudulent institutions and corrupt transactions.</li><li> Connection to a central server is not required for the authentication of an individual in a financial transaction. This will lower the cost of transactions and lower IT overhead costs (ibid Munjal, Nitin Paliwal, Ashish Moona, 2011)</li></ul>
<h3>Conclusion</h3>
<p>Though it is hard to say that a fool proof system of authentication can easily be made, and that system will indeed promote financial inclusion, when comparing the biometric UID number with the SCOSTA standard smart card, there are many benefits to the SCOSTA standard such as ability of individuals to verify banking institutions, no need for connectivity to the central server, and the ability to easily replace lost or stolen pins and passwords. No matter what standard is implemented though, it is important to clearly look at the current implementation, technological, and operational challenges that identification schemes face and the possible ramifications of such challenges before adapting it as a ubiquitous system.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/privacy_uidfinancialinclusion'>http://editors.cis-india.org/internet-governance/privacy_uidfinancialinclusion</a>
</p>
No publisherelonnai hickokInternet GovernancePrivacy2011-08-23T10:36:31ZBlog EntryCCTV in Universities
http://editors.cis-india.org/internet-governance/blog/privacy/cctv-in-universities
<b>Basic Closed Circuit Television (CCTV) Infrastructure is used to observe movements from a central room, and consists of one or more video cameras that transmit video and audio images to a set of monitors or video recorders.</b>
<h3>A Brief History of CCTV's</h3>
<p>Video surveillance as a means of policing gained prominence in the 1950s when the UK police installed two pan-tilt cameras on traffic lights to monitor traffic near the Parliament. Since then the United Kingdom has become the country with the most number of surveillance cameras.[<a href="#1">1</a>]</p>
<p>The proliferation of CCTVs has been attributed to the growing radicalization of human behaviour wherein organized groups terrorized entire nations and threatened their internal security. The 1985 terror attack on the then Prime Minister of Britain by the IRA and many such instances thereafter have led many countries to adopt CCTV as a means of policing. In India, terror attacks on the Mumbai stock market and successive instances have pushed the Indian Government to install CCTVs in prominent public areas so that it is possible to monitor suspicious movements.[<a href="#2">2</a>]</p>
<h3>CCTVs and Public Perspective <br /></h3>
<p>Since the 1950'sCCTVs have become ubiquitous and ever present, monitoring our daily movements, and infringing into our personal space. Though governments believe CCTVs are essential security instruments, the public is less convinced. The early anxiety to be safe from an unseen danger has given way to a new unease amongst the people, that of constantly being watched by an unseen eye. </p>
<h3>CCTVs in Educational Institutions</h3>
<p>CCTVs are typically used by the government or private agencies for surveillance in areas frequented by the public that need monitoring. Recently though, universities across the length and breadth of the country have resorted to the use of CCTVs for policing campus activities and to keep the students in check and under control. Huge budgets are set to wire campuses with CCTV infrastructure, t causing students to protest as well as laud the initiative by the administration. The debate on CCTVs has gained momentum in recent years with students staging huge rallies both in support of and against it.</p>
<p class="callout">Example 1:</p>
<p>The most prominent of the agitations against CCTVs was staged by the students of Jadavpur University in Kolkata on the administration’s decision to install 16 CCTVs on the four main exit points of the campus and other strategic locations.[<a href="#3">3</a>] The installation cost Rs.20 lakh. The students protested loudly against the decisions and ‘gheraoed’ the office of the vice chancellor for 52 hours. The students claimed that the administration was curbing their individual freedom and robbing the campus of it’s democratic atmosphere. The administration refused to remove the cameras, and claimed that the move was necessitated for the security of the students and to prevent any unforeseen incident.</p>
<p class="callout">Example 2:</p>
<p>The girl’s residing in the Women’s Hostel of The University of Pune protested against the setting up of CCTV cameras’ in the entrances of the hostel to check for unauthorized visits from boyfriends and friends. The girl’s vandalized the camera and claimed that they were an infringement to their privacy. The hostel authorities insisted that the cameras did not infringe on the privacy of the women, and were only installed at the entrance gates to keep a tab on visitors.[<a href="#4">4</a>] The authorities claimed that this step was taken in congruence with the hostel’s policy of not allowing visitors to stay the night.</p>
<p class="callout">Example 3:</p>
<p>The girls of the Churchgate’s Government Law College succeeded in getting the CCTV camera removed from the Girl’s Common Room, as it was seen as an infringement to their privacy. The MNS stepped up the agitation in favor of the students which led the college administration to finally take notice and remove the camera from the common room.[<a href="#5">5</a>]</p>
<h3>The Flip Side</h3>
<p>The issue of CCTVs in campuses takes an interesting turn when the students support the move to install cameras in campuses.</p>
<p class="callout">Example 1:</p>
<p>Delhi University installed CCTV cameras in their campuses after the Delhi Police issued an advisory for the same. They claimed that the advisory issued was to monitor the instances of on campus ragging. The Delhi Police also helped fund the setting up of CCTVs in the college. This move was lauded by the students, and the colleges took instant measures to wire their campuses.[<a href="#6">6</a>]</p>
<p class="callout">Example 2:</p>
<p>Recently, after the murder of a Delhi University student named Radhika Tanwar in broad day light, many student union groups assembled for a candle light vigil. They demanded CCTV cameras near the Satya Niketan bus stop where Radhika was killed which is an isolated stretch of a road. The massive agitation of almost a week brought the National Commission of Women into the foray who seconded the demand put forth by the student body.[<a href="#7">7</a>]</p>
<p class="callout"> Example 3:</p>
<p>The recent instance of an RTI exposing inflated bills for setting up CCTVs in the Punjab University Campus also throws light on an interesting facet to this debate as the students do not mind the CCTVs in their campus. The student’s union of the university demanded the authorities to look into the discrepancies of the budget, and also expressed anger as the CCTVs installed did not work. The students claimed that the rising violence in the campus is because of disinterested security men and non working CCTV cameras.[<a href="#8">8</a>]</p>
<h3>Conclusion</h3>
<p>The decisions to use CCTVs as a means of surveillance evokes mixed responses. On one side of the debate they are seen as a deterrent to crime while on the other side of the debate they are seen as beinggross infringements on privacy. CCTV surveillance remains as a bone of contention amongst students. If they feel that their personal space is being invaded by these cameras then it needs to be addressed by the administration in a manner which appeases their fear. Universities randomly adopt the policy of CCTV surveillance, disregarding any voice of dissent. Kashmir University put up CCTVs in it’s campus to shoo away lovebirds and the Aligarh Muslim University has installed 57 CCTV cameras in it’s campus to keep a check on students. The rise of the CCTVs in colleges relates to not the actual crime but to the fear of crime. Therefore, CCTVs have become a tool of re-assurance [<a href="#9">9</a>]which feeds a notion of safety and security to the authority in charge.</p>
<p>There is no black and white regarding the implementation of CCTVs in universities. A policy can only benefit both sides when decisions are taken with the students, and not on behalf of them. Indian Universities have no guidelines and policies regarding the implementation of CCTVs and students remain unaware of any decisions in this regard. The Universities should clearly spell out their take on CCTVs including:</p>
<ul><li>University policy regarding CCTVs policies</li><li>The reasons for introducing CCTVs</li><li>The proposed uses of CCTV infrastructure</li><li>Which areas in the campus will be kept under surveillance</li><li>How will the data collected be stored</li><li>How long will the data be retained</li><li>How will the data be deleted[<a href="#10">10</a>]</li></ul>
<p>The Universities should address all these issues to dispel fear from the minds of the students, and the student unions should be included in the discussions regarding the implementation of CCTVs. </p>
<pre>Notes</pre>
<p> <br /><a name="1">[1].</a><a href="http://www.surveillance-and-society.org/ojs/index.php/journal">Webster,William; CCTV policy in the UK: Reconsidering the evidence base; sueveillanceandsociety.org.</a></p>
<p><a name="2">[2].</a><a href="http://www.surveillance-and-society.org/ojs/index.php/journal">Norris, Clive;MC Cahill, Mike;Wood, David; The Growth of CCTV: A Global Perspective on the international diffusion of video surveillance in publically accessible space; surveillance-and-society.org.</a></p>
<p><a name="3">[3].</a><a href="http://www.haata.com">Timesnow.tv/jadavpuruniversity, www.haata.com.</a></p>
<p><a name="4">[4]</a><a href="http://www.ndtv.com/article/cities/female-hostellers-damage-cctv-cameras-to-protect-privacy-83889">.http://www.ndtv.com/article/cities/female-hostellers-damage-cctv-cameras-to-protect-privacy-83889,</a><a href="http://toostep.com/debate/is-it-right-to-install-a-cctv-in-girls-hostel-to-stop-unauth"> http://toostep.com/debate/is-it-right-to-install-a-cctv-in-girls-hostel-to-stop-unauth.</a></p>
<p><a name="5">[5].</a><a href="http://www.mumbaimirror.com/index.aspx?page=article§id=2&contentid=201101212011012104560935753ecb888">http://www.mumbaimirror.com/index.aspx?page=article§id=2&contentid=201101212011012104560935753ecb888, </a><a href="http://ibnlive.in.com/news/cctv-cameras-in-hostel-rob-pune-women-of-freedom/142681-3.html">http://ibnlive.in.com/news/cctv-cameras-in-hostel-rob-pune-women-of-freedom/142681-3.html.</a></p>
<p><a name="6">[6]</a><a href="http://www.expressindia.com/latest-news/after-delhi-police-advisory-du-to-install-cctv-cameras/761421/">.http://www.expressindia.com/latest-news/after-delhi-police-advisory-du-to-install-cctv-cameras/761421/.</a></p>
<p><a name="7">[7]</a><a href="http://www.indianexpress.com/news/women-constables-cctv-cameras-in-girl-stude/766083/">.http://www.indianexpress.com/news/women-constables-cctv-cameras-in-girl-stude/766083/.</a></p>
<p><a name="8">[8].</a><a href="http://www.punjabcolleges.com/5526999-itemdisplay-Misappropriation-of-funds-on-CCTV,-RTI-exposed-it-Chandigarh.htm">http://www.punjabcolleges.com/5526999-itemdisplay-Misappropriation-of-funds-on-CCTV,-RTI-exposed-it-Chandigarh.htm.</a></p>
<p><a name="9">[9].</a><a href="http://www.surveillance-and-society.org/ojs/index.php/journal/article/view/prozac/prozac">www.surveillance-and-society.org/ojs/index.php/journal/article/view/prozac/prozac.</a></p>
<p><a name="10">[10]</a><a href="http://www.ucl.ac.uk/estates/security/documents/cctvp">.www.ucl.ac.uk/estates/security/documents/cctvpolicy.doc,</a><a href="http://www.wustl.edu/policies/cctv-monitoring-and-recording.html"> http://www.wustl.edu/policies/cctv-monitoring-and-recording.html.</a></p>
<p><a name="10"></a></p>
<p><a name="10"></a></p>
<p><a name="10"></a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/privacy/cctv-in-universities'>http://editors.cis-india.org/internet-governance/blog/privacy/cctv-in-universities</a>
</p>
No publishermerlinInternet GovernancePrivacy2011-09-01T09:50:09ZBlog Entry