Centre for Internet and Society

Suryaprava

praskrishna — 2016-06-04T04:23:54Z

Suryaprava

For more details visit http://editors.cis-india.org/home-images/SuryapravaJune2.jpg

Surveillance: Privacy Vs Security

praskrishna — 2013-08-19T05:32:55Z

The Foundation for Media Professionals is organizing a debate at the India International Centre, New Delhi on August 17, 2013. Shri Kapil Sibal will give the opening speech. Natgrid chief Raghu Raman is one of the debaters. Pranesh Prakash is participating in this event as a panelist.

This was published by the Foundation for Media Professionals on their website. Also read the blog post by Vivian Fernandes and Ninglun Hanghal.

In the backdrop of the recent disclosures by US defense contractor Edward Snowden about the activity of the National Security Agency (NSA) and reports that NSA may have collaborated with India on surveillance program in the country that have raised concerns about privacy and right of citizens, Foundation for Media Professionals (FMP) in partnership with Friedrich Ebert Stiftung (FES) invited Pranesh Prakash to a panel discussion on "Surveillance: Privacy vs. Security".

Guest Speaker
Kapil Sibal, Union Minister for Communications and Information Technology, Govt. of India

Panelists

Pranesh Prakash, Policy Director, Centre for Internet and Society

Dr. Usha Ramanathan, Independent Law Researcher
Saikat Datta, Resident Editor, DNA
Capt. Raghu Raman, National Intelligence Grid (Natgrid)

Moderator

Paranjoy Guha Thakurta

For more details visit http://editors.cis-india.org/news/foundation-for-media-professionals-august-17-2013-surveillance-privacy-v-security

Surveillance Technologies (Table 2)

praskrishna — 2013-05-09T10:22:41Z

For more details visit http://editors.cis-india.org/internet-governance/blog/table-2.pdf

Surveillance Technologies (Table 1)

praskrishna — 2013-05-09T10:02:56Z

For more details visit http://editors.cis-india.org/internet-governance/blog/table-1.pdf

Surveillance Tec

praskrishna — 2013-05-07T10:31:27Z

Surveillance Tech

For more details visit http://editors.cis-india.org/home-images/surveillancetechpic.jpg

Surveillance Talk

praskrishna — 2018-10-31T01:38:24Z

Surveillance Talk

For more details visit http://editors.cis-india.org/home-images/Abraham.jpg

Surveillance rises, privacy retreats

praskrishna — 2015-05-02T06:43:33Z

WikiLeaks founder Julian Assange and former US National Security Agency contractor Edward Snowden have, at considerable personal cost, revealed how surveillance has eroded the private space in a world driven by digital technology.

The article was published in the Business Standard on April 12, 2015. Sunil Abraham is quoted.

In India, the extent of surveillance became evident after Union human resource development minister Smriti Irani walked into the trial room of a FabIndia outlet in Goa last week, only to discover closed-circuit television (CCTV) cameras pointed towards the trial room. The country woke up to the porous divide between privacy and surveillance.

Now, senior officials of FabIndia find themselves embroiled in a case of voyeurism and seven of them have taken interim anticipatory bail from a district court. They claim the CCTV cameras were in the retail area, not the trial room.

The FabIndia incident might have blown the lid on how flimsily our privacy is protected but there is no doubt that India is slowly but surely moving towards a surveillance regime, both in the private and the public spheres.

“After the Snowden episode, there are only two kinds of nations: Ones that know they are being watched, and others that don’t,” said Pavan Duggal, an advocate at the Supreme Court of India.

Despite the surge in surveillance, there are hardly any specific laws governing this.

A few laws
In 2000, India enacted the Information Technology Act, primarily to bring e-commerce under legal framework. After the Mumbai terrorist attack in 2008, the Act was amended, to give the government sweeping powers for mass surveillance.

In the context of private surveillance, the 2008 amendment added two definitions: (a) communication device; (b) intermediary.

A communication device, according to the law, means cell phones, personal digital assistance, or a combination of both or any other device used to communicate, send or transmit any text, video, audio, or image. An intermediary was defined as any person who, on behalf of another person, stores or transmits message or provides any service with respect to that message.

Rules regarding CCTV surveillance are governed by the IT Act, 2008, as CCTVs are considered to be communication devices, with computerised memory. However, the laws in relation to a communication device and intermediary deal mostly with third-party data sharing.

“Article 21 of the Constitution guards the right to privacy as a Fundamental Right. We do not have an explicit Act in this regard, but Section 43A of the IT Act, 2000, along with the IT Rules, 2011, protects data privacy in India,” said Prashant Mali, a cyber law and cyber security lawyer.

There were no amendments of the laws governing CCTVs.

However, Section 66E of the IT Act, states: “Whoever, intentionally or knowingly, captures, publishes or transmits, the image of a private area of any person, without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment, which may extend to three years, or with a fine not exceeding Rs 2 lakh, or both, with explanation.”

“The IT Act is not a privacy enabling law. Hence, the challenges to privacy in surveillance are not fully addressed in it,” said Duggal.

Internationally, there are more stringent laws governing CCTV cameras. For example, in the UK, there is a prescribed code. A person filmed by a surveillance camera can seek the footage. In the US, too, there are state-specific laws which prohibit the unauthorised installation or use of cameras in private places, like restrooms and trial rooms.

“Privacy laws must be compliant with international practices. Laws governing CCTVs should be more comprehensive. It should not be specific to voyeurism,” said Sunil Abraham, the executive director of Bengaluru-based research organisation, the Centre for Internet and Society.

The government has been working on a Privacy (Protection) Bill, which provides safeguards on personal data of individuals and sets conditions under which surveillance is allowed. It is expected that the Bill will lead to the creation of the offices of privacy commissioner and data protection commissioner. However, it is mostly silent on laws governing CCTV usage.

“In India, the concern over enacting privacy laws, implementing them and our understanding of privacy are low, compared to the global context. The Privacy Protection Bill, 2013 is pending before Parliament. When this gets enacted, our laws would be at par with those in the West,” said Mali. “But doubts remain about their implementation.”

Government surveillance
Amendments to the IT Act in 2008 gave the government wide powers of interception, encryption and blocking. The amendment introduced Section 66A, which made sending “offensive” messages through a computer or any other communication device, such as a cell phone or a tablet, a punishable offense.

The Supreme Court recently struck down the provision as infringing the constitutional right of freedom of speech.

“Every nation is under the classical dilemma to balance national security with privacy and freedom of expression. Always, when there is a conflict between the two, national security wins hands down. However, apart from international consensus, we need customise national solutions,” said Duggal.

Today, some of the biggest government projects based on the powers vested to it under the IT Act. It has enabled the progression of surveillance procedures like the Central Monitoring System (CMS) and National Intelligence Grid (Natgrid), enabled through information on Aadhar card or unique identification number.

The CMS gives the government access to records of any mobile to landline calls, to read private emails, texts, and even browsing history through telecom operators. Natgrid could make the information available to nearly 11 central agencies.

“It is reported that the CMS can monitor close to 900 million people at one go. There is neither confirmation nor denial from the government,” said Duggal. However, compared to the US and China, that practice blanket surveillance, India is still considered a low-surveillance category nation.

“India is still low on surveillance. In India, we have targeted surveillance. At any given point in time, less than 200,000 phone calls are being intercepted. Not more than a couple of lakh of surveillance orders are given by both state and central governments,” said Abraham.

Surely, with so many surveillance devices around, it is a closely watched world like never before.

SALIENT FEATURES ON PRIVACY IN THE IT ACT, 2008

Communication Device: Cell phones, personal digital assistance, or combination of both or any other device used to communicate, send or transmit any text, video, audio, or image
Intermediary: Any person, who on behalf of another person, stores or transmits messages or provides any service
Sections 66A to 66F: Added to Section 66, prescribing punishment for offences such as sending obscene messages, identity theft, cheating by impersonation using computer resources, violation of privacy and cyber terrorism
Section 69: Amended to give power to the state to issue directions for interception or monitoring or decryption of any information through any computer resource
Sections 69A and B: These grant power to the state to issue directions for blocking public access of any information through any computer resource and to authorise to monitor and collect traffic data or information through any computer resource for cyber security.

For more details visit http://editors.cis-india.org/internet-governance/news/business-standard-namrata-acharya-april-12-2015-surveillance-rises-privacy-retreats

Surveillance in the name of Security

praskrishna — 2018-12-11T13:47:11Z

Surveillance in the name of Security

For more details visit http://editors.cis-india.org/home-images/SurveillanceinthenameofSecurity.jpg

Surveillance in India: Policy and Practice

praskrishna — 2017-03-15T01:05:07Z

The National Institute of Public Finance and Policy organized a brainstorming session on net neutrality on February 8, 2017 and a public seminar on surveillance in India the following day on February 9, 2017 in New Delhi. Pranesh Prakash gave a talk.

Pranesh presented a narrative of the current state of surveillance law, our knowledge of current surveillance practices (including noting where programmes like Natgrid, CMS, etc. fit in), and charted a rough map of reforms needed and outstanding policy research questions.

Pranesh Prakash

Pranesh Prakash is a Policy Director at - and was part of the founding team of - the Centre for Internet and Society, a non-profit organisation that engages in research and policy advocacy. He is also the Legal Lead at Creative Commons India and an Affiliated Fellow at the Yale Law School's Information Society Project, and has been on the Executive Committee of the NCUC at ICANN. In 2014, he was selected by Forbes India for its inaugural "30 under 30" list of young achievers, and in 2012 he was recognized as an Internet Freedom Fellow by the U.S. government.

His research interests converge at the intersections of technology, culture, economics, law, and justice. His current work focuses on interrogating, promoting, and engaging with policymakers on the areas of access to knowledge (primarily copyright reform), 'openness' (including open government data, open standards, free/libre/open source software, and open access), freedom of expression, privacy, digital security, and Internet governance. He is a prominent voice on these issues, with the newspaper Mint calling him “one of the clearest thinkers in this area”, and his research having been quoted in the Indian parliament. He regularly speaks at national and international conferences on these topics. He has a degree in arts and law from the National Law School in Bangalore, and while there he helped found the Indian Journal of Law and Technology, and was part of its editorial board for two years.

Click here to see the agenda for the brainstorming session on net neutrality.

Video

For more details visit http://editors.cis-india.org/internet-governance/news/surveillance-in-india-policy-and-practice

Surveillance Graph

praskrishna — 2013-05-07T10:23:18Z

Surveillance Graph

For more details visit http://editors.cis-india.org/home-images/copy_of_Surveillancetechgraph.png

Surveillance Graph

praskrishna — 2013-05-07T10:20:42Z

For more details visit http://editors.cis-india.org/home-images/Surveillancetechgraph.png

Surveillance Camp: Privatized State Surveillance

praskrishna — 2013-01-29T06:51:39Z

This is the second in a series of posts mapping global surveillance challenges discussed at EFF’s Surveillance Camp in Rio de Janeiro, Brazil.

Katitza Rodriguez's blog post was published by the Electronic Frontier Foundation on their website on January 28, 2013. Elonnai Hickok is quoted.

In December 2012, EFF organized a Surveillance and Human Rights Camp in Brazil that brought together the expertise of a diverse group of people concerned about state electronic surveillance in Latin American and other countries. Among other concerns, participants spotlighted the many ways in which the private sector is increasingly playing a role in state surveillance. Here are a few examples:

Voluntary Agreements Between Law Enforcement and Private Companies

Often law enforcement agencies will approach companies asking for voluntary disclosure of information for investigative purposes. Those requests may look and sound more like threats, with a great deal of moral pressure applied on the companies.

This voluntary assistance remains out of the public eye and shrouded in secrecy, as notification of state access is never given to the individual concerned, is not codified in law, and is not clearly disclosed in the company's terms of service or user agreement. Currently there is minimal, if any, oversight over such voluntary cooperation, so the scope of assistance provided is not well-documented.

Canada

Canadian ISPs have jointly decided to provide identifying data about Canadian Internet users to law enforcement in child exploitation investigations. In fact, several Canadian ISPs have developed a formal protocol in conjunction with various law enforcement agencies to be used when those authorities are seeking identification information associated with a given IP address at a specific date and time. Since the adoption of this protocol, some ISPs have expanded their information sharing practices to cover customer identification data in other contexts, such as online harassment cases.

Law Enforcement Approaching Service Providers Without Legally-Required Authorization

A growing concern is the number of law enforcement officers skirting the law by asking service providers to simply fork over information without any sort of search warrant. Even when legal procedures, such as a search warrant, exist, police increasingly request information without obtaining a legal authorization. Nevertheless, they often expect full compliance from service providers.

Chile

In 2008, a Chilean website called Huelga.cl (“strike” in English) was approached by the Cyber Crime Section of the Chilean Police. The site is an online space for coordinating union actions. The agency demanded that the webmaster hand over data related to pseudonymous user accounts, such as IP addresses, records of previous connections, real names, and physical addresses. The targeted users had left comments on a website about an ongoing strike.

In this case, because police did not have a court order to back up the request for information, Huelga.cl took a stand by resisting police pressure and refusing to hand over the data without a fight. For legal assistance, they turned to Derechos Digitales, a Chilean online human rights nonprofit organization, and managed to resist the request.

In another case, the Regional Director of the Chilean Department of Labor, the agency responsible for ensuring the enforcement of labor laws, sent a letter to Huelga.cl simply demanding the removal of “inappropriate content” from their website along with the disclosure of user information, but it was only for administrative purposes as opposed to serious criminal investigations. Huegal.cl again refused to comply and instead, made the director’s demands public.

It is not always the case that service providers can resist extralegal government requests, find legal advice or have enough economic resources to fight against those demands as Huelga.cl did. Huelga.cl should be praised for speaking up and managing to make the request from law enforcement public.

Governments Pressure Private Sector

Governments frequently impose heavy fines for non-compliance with their requests for data access. This form of coercion acts as a mechanism of enforcement over service providers and can raise serious concerns for free expression. The service provider is left with little incentive or option to resist illegitimate requests from the government when they are threatened with heavy fines.

Brazil

In 2012, a judge from northern Brazil froze Google's accounts and imposed a fine on the company for refusing to remove three anonymous blogs or reveal contact details of the bloggers. The content of the blogs state d the mayor of Varzea Alegre of corruption and embezzlement.

While some companies might be able to withstand governmental pressure, alarms were raised that this won’t be the case for smaller companies that lack resources and influence. This is particularly true in contexts where heavy fines for noncompliance are written into legislation, and companies are not given legal avenues to appeal or fight the fine.

Foreign Governments Access To Individuals’ Data in the Cloud

Governments are increasingly seeking to negotiate access or interceptation capabilities to user data with companies that do not lie within their jurisdictions. This form of access is complicated because it is not always clear which country’s laws apply or to what extent. Because of the complex nature of these requests, governments often look for "easy" solutions that call for voluntary disclosure of information or simply allow full access to the user data.

For example, government officials in India have been pushing for real time interception capabilities for all BlackBerry services. In response to the demands from the Indian Government, after a number of unsatisfactory proposals, in 2012 RIM set up a NOC in Mumbai, providing security agencies with access to BlackBerry Messenger services, and created a solution for access to Blackberry Internet Services. In addition to asking RIM for real time access to communications, the Government of India had required Service Providers in India to adopt the solution provided by RIM by end of 2012 or risk being shut down.

According to Elonnai Hickok from the Centre for Internet and Society in Bangalore, India, the discussions between RIM and the Indian Government is just one example of how governments are trying to negotiate their interests in light of the challenges posed by communications stored in the cloud and in multiple jurisdictions.

While the Internet is technically borderless, in reality, state actors impose their sovereignty onto online environments with increasing frequency. The exercise of sovereignty over shared spaces can subject individuals to the laws of another country without any awareness on their part that this has happened. This in effect transforms the surveillance efforts of one country into privacy risks for all the world’s citizens.

Conclusion

State agencies and law enforcement are increasingly outsourcing investigations to private companies who are not under the same sort of judicial oversight as official law enforcement entities would be. The increasingly close and non-transparent connection between the private sector and law enforcement needs to be addressed, as it poses a risk to the rights and freedoms of the individual. Of major concern to all Camp participants was the notion that private companies are routinely complying with the requests of law enforcement in the absence of due process. We encourage further research and documentation of this phenomenon. To highlight on this issue, we will be blogging next about the privatization of public security in Latin America.

For more details visit http://editors.cis-india.org/news/electronic-frontier-foundation-january-28-2013-katitza-rodriguez-surveillance-camp-privatized-state-surveillance

Surveillance and Privacy Law Roundtable Invite

praskrishna — 2014-08-25T09:24:31Z

For more details visit http://editors.cis-india.org/internet-governance/blog/surveillance-privacy-roundtable-invite.pdf

Surveillance and Privacy Law Roundtable

praskrishna — 2014-08-25T15:08:33Z

The Centre for Internet and Society, COAI and Vahura invite you to a privacy roundtable at the India International Centre in New Delhi on September 1, 2014.

Download the Invite (PDF, 1207 Kb)

Recent legislative developments regarding privacy law in India
In 2010, the European Union commissioned an assessment of the adequacy of Indian data protection laws in light of the transfer of personal data of European data subjects into India for processing. That assessment made adverse findings on the adequacy and preparedness of Indian privacy law to safeguard personal data. Consequently, in 2011, the Department of Personnel and Training (DoPT) proposed draft privacy legislation called the ‘Right to Privacy Bill, 2011’. The DoPT Bill contained provisions for the regulation of personal data, interception of communications, visual surveillance and direct marketing. Simultaneously, the Ministry of Communications and Information Technology issued the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 to give effect to section 43A of the Information Technology Act, 2000.

The Justice Shah Group of Experts on Privacy and the National Privacy Principles
Aware of the need for privacy laws to enable economic growth, the Planning Commission constituted a Group of Experts under the chairmanship of Justice Ajit P. Shah to make specific proposals for future Indian privacy law. The Group of Experts submitted its Report to the Planning Commission in October 2012 wherein it proposed the adoption of nine National Privacy Principles. These are the principles of notice, choice and consent, collection limitation, purpose limitation, disclosure of information, security, openness, and accountability. The Report recommended the application of these principles in future privacy law.

Surveillance law in India
The cases of Kharak Singh v. State of Uttar Pradesh (1963) and Gobind v. State of Madhya Pradesh (1975) first brought the questions of permissibility and limits of surveillance to the Supreme Court for judicial review. The regime governing the interception of telecommunications is contained in section 5(2) of the Indian Telegraph Act, 1885 read with rule 419A of the Indian Telegraph Rules, 1951. The Telegraph Rules were twice amended to give effect to certain procedural safeguards laid down by the Supreme Court in PUCL v. Union of India (1996). In addition, further subordinate legislation issued to fulfil the provisions of sections 69(2) and 69B(3) of the Information Technology Act permit the interception and monitoring of electronic communications to collect traffic data and to intercept, monitor, and decrypt such communications.

About these roundtable consultations
These roundtable consultations are hosted by the Centre for Internet & Society (CIS), COAI and Vahura. They are a series of national roundtables to focus on surveillance regulation and interception of communications in relation to telecom service providers, internet service providers, internet access providers, and internet-based service providers. These roundtables are designed to elicit comments on legal proposals to regulate surveillance. The text of these legal proposals has been drafted at CIS and continues to be modified to reflect the opinions and consensus at each roundtable consultation. The objective of these meetings is gain a stakeholder-based, participatory, and democratic consensus on the future of Indian surveillance and privacy law.

For more details visit http://editors.cis-india.org/events/surveillance-privacy-roundtable

Surveillance and Privacy

praskrishna — 2014-04-03T06:02:27Z

Presented by Sunil Abraham at LirneAsia event on March 9, 2014 in Gurgaon.

For more details visit http://editors.cis-india.org/internet-governance/blog/surveillance-and-privacy.pdf