Defender of your Digital Freedom

All Posts | May 02,2019

Google v. Visakha: Final Arguments

In 2009, Visakha Industries, a construction company involved in the manufacturing of asbestos cement sheets, filed a criminal defamation case against Ban Asbestos Network India (BANI), its coordinator and Google India. It alleged that the coordinator of BANI had written blog posts on a website owned by BANI, that contained scathing criticism of the company and therefore harmed its reputation in the market. Google India was also arraigned as a party in the litigation because the blog post was hosted on the blog publishing service of Google (Google Groups).

Google India moved the High Court of Andhra Pradesh for dismissal of the criminal charges against it on the grounds that it enjoyed safe-harbour protection under Section 79 of the IT Act. It was contended that Google is neither the publisher nor endorser of the information, and only provides a platform for dissemination of information. It, therefore cannot be held liable. The High Court refused to accept Google’s contention and dismissed the petition on the ground that Google failed to take appropriate action to remove the defamatory material, in spite of receiving a take-down notice from the company. Aggrieved by the judgment of the High court, Google filed an appeal in the Supreme Court in 2011, where the matter is currently pending.

On April 23, 2019, the matter came up for final arguments in the court of Justices Ashok Bhushan and K.M. Joseph. Senior Counsel Sajan Poovayya appeared on behalf of Google India and submitted that Google India is a subsidiary of Google US, which is a company incorporated under the laws of the United States of America. He asserted that Google India, by virtue of being a mere subsidiary does not exercise any editorial control over content posted on google groups. It was further contended that the relief claimed by the complainants is misdirected and hence not maintainable since Google India has been arraigned wrongly in this matter. Since Google US is the parent company of Google India, it is an intermediary in the present case, stated Mr. Poovayya. He mentioned that even if Google US is made a co-accused, it will be eligible for safe harbour under Section 79 of the Information Technology Act. Mr. Sajan Poovvayya pointed out that child pornography or content that is blatantly illegal is immediately pulled down from platforms, but whether a particular content is a defamatory cannot be determined by a private company. It has to be a judicial determination. It was highlighted that the terms of services is a document of unimpeachable character which clearly mentions that there is a contract between the content creator and Google Inc. The terms of services also lays down the types of content that cannot be uploaded on Google Groups. On country-specific domain names, Mr. Poovayya clarified that google.co.in is owned and operated by Google Inc and not Google India and the kind of content that can be posted on platforms is different for different countries, depending on the social and cultural context of that particular country.

Mr. Poovayya then emphasized that the present complaint is not against Google, but technology itself, since the complainant has mentioned that Google provides a service that helps in dissemination of information. He mentioned that it is not humanly possible to verify each blog post that is posted on the website since the volume of content is phenomenal. Ms. Madhavi Divan, appearing for Union of India interjected and said that Google India cannot wash its hands off saying that they are a subsidiary and therefore have no control over the content. Someone has to be made responsible.

Mr. Poovayya went on to explain the intermediary liability regime in India, including the procedure for notice and take down which had been overhauled by the Shreya Singhal judgment. He asserted that giving adjudicatory powers to intermediaries is dangerous and will lead to chilling of free speech. The law recognizes that the primary responsibility is on the originator of information since she is the author, and not on the intermediary. In a free speech democracy like India, there cannot be control of content on the Internet, he emphasized. Justice Ashok Bhushan remarked that defamation is subjective. What may be defamatory for one might not be defamatory for another. At this point, Mr. Poovayya gave the example of flag burning which is an offence in India but a symbolic act in the United States.

The hearing continued on May 1, 2019.

Mr. Sajan Poovayya appearing on behalf of Google India reiterated that removal of any content is in the hands of the parent company (Google Inc) and not Google India. He requested the bench to go through Section 2(1)(w) of the IT Act that defines ‘intermediary’ and Section 81 (IT Act to have overriding effect). He then explained that an intermediary is the connector between the ‘originator’ and ‘addressee’ as explained in the IT Act. Mr. Poovayya stated that in this case, the pre-amended section 79 of the Act will apply, but it doesn't make a difference, because Google India is not an intermediary in the present case.

Mr. Poovayya mentioned that in common law, the intermediary is not the publisher of the information. The author and publisher converge in the electronic world. He pointed out that simply hosting content does not constitute ‘knowledge’. Justice K.M Joseph enquired about the kind of functions Google India performs, to which Mr. Poovayya responded by saying that Google India is involved in research and development of software. He remarked that Google India is the subsidiary of an intermediary, but to say Google India is an intermediary is wrong.

Mr. Poovayya then addressed the criminal complaint against Google India and asserted that just because Google’s technology is responsible for dissemination of information, they cannot be made an accused in the present case. He read out Google Inc’s response to the defamation complaint, which said that Google Inc had asked for the exact message ID of the alleged defamatory content and other relevant information. Mr. Poovayya highlighted that the summons that was issued to Google India in Bangalore was outside the jurisdiction of the court. Thereafter, Google had moved the Andhra Pradesh High Court to quash the complaint. He maintained that Google Inc has no liability by virtue of being an intermediary. Explaining Shreya Singhal v. Union of India, Mr. Poovayya stated that ‘actual knowledge’ was read down to mean that a private takedown notice cannot be sent to the intermediary. It has to be either a court order or a government notification. He remarked that Google cannot sit in judgment to decide the legality of a private notice, and therefore the notice and takedown system was scrapped in Shreya Singhal. He cited the American case of Anderson v. New York wherein it was held that a telephone company is a mere conduit and cannot be held responsible for the actions of a third party.

The counsel for Visaskha Industries contended that the exemption given under Section 79 of the IT Act is subject to fulfilment of certain due diligence conditions and it will be a matter of fact whether Google adhered to the Rules. He mentioned that Google India is very secretive about the kind of functions they perform. They should come forward and tell the court what exactly is their function in India. Counsel for Visakha Industries highlighted that Google had all the power to remove the content but did not remove it which suggests that they had consented to the publication of the defamatory content. He maintained that Google may have a defence prior to Visakha Industries sending them a notice, but after receiving the notice, they were obligated to remove it as it affected the complainant’s right to reputation. Concluding his arguments, he stated that Google is present everywhere and hence cannot claim the defence of geographical location. Google ads are local in nature depending on the geographical location of the user.

Senior Counsel Madhavi Divan appeared for the Union of India. She submitted that the role of intermediaries has changed over time. Intermediary is not the publisher of information was the view 2-3 years ago. They were regarded as neutral highways, but this has changed. Now they are curating content on the basis of user behaviour and therefore cannot be regarded ‘neutral’, Ms. Divan remarked. She stated that governments all across the world are grappling with the issue of moderating illegal content on the Internet and gave the example of the Christ Church shooting in New Zealand where the perpetrator live streamed the act on Facebook. Citing Shreya Singhal, Ms. Divan maintained that it cannot be left to the subjective judgment of intermediaries to determine the legality of particular content.

The matter is reserved for judgment and all the parties are requested to submit their written submissions within a week.

All Posts | Apr 08,2019

Madras High Court Bans Downloading of TikTok

On April 3, 2019, the Madurai Bench of the Madras High Court issued an order (the court order is attached below) prohibiting downloading the TikTok mobile app. The bench comprising Justices N Kirubakaran and SS Sundar has also restrained the media from telecasting videos made on the app and has asked the Central Government whether it will enact a statute similar to the United State’s Children’s Online Privacy Protection Act. The public interest litigation [Writ Petition (MD) no. 7855 of 2019] was filed by one S. Muthukumar against the Telecom Regulatory Authority of India, Ministry of Communications, District Collector (Madurai District), Commissioner of Police (Madurai) and the Business Head of TikTok.

Citing misuse of the app, the petitioner prayed (a copy of the petition is attached below) for issuance of a writ of mandamus and banning the TikTok mobile application. The petitioner highlighted widespread circulation of pornography, exposure of children to disturbing content and their susceptibility to paedophiles, degrading culture, social stigma and medical health issues between teens, as reasons for filing the petition. The petition sought to direct the attention of the court to Tamil Nadu State Information Technology Minister’s statement before the State Assembly, urging the Central Government to ban the TikTok app. To emphasize the instances of menace created by various apps, the petitioner cited 159 deaths in India due to incidents involving selfies. The petitioner also mentioned the steps taken by countries such as Indonesia which blocked the TikTok app for circulation of pornographic and blasphemous content as well as the USD 5.7 million fine imposed on the app by the United States under its Children’s Online Privacy Protection Act (COPPA). The petition doesn't quote any legal provision and it simply relies on conjecture for asking the court to ban the TikTok app.

A quick reading of the order indicates that the court has not relied on prevailing judicial or legal principles on free speech, censorship and intermediary liability in arriving at the said order. Based on one-sided averments, the court has taken recourse to social morality and endorsed the remarkably overbroad language of the petition which says that the app promotes “degrading culture and encourages pornography besides causing pedophiles and explicit disturbing content, social stigma and medical health issues between teens.” The bench goes on to assert that “nobody can be pranked or shocked or being made a subject of mockery by any third party and it would amount to violation of privacy”. The court further affirmed that addictive apps like TikTok spoil the future and the minds of youngsters.

TikTok, an online intermediary that provides a platform for users to create and share short videos, enjoys safe-harbour protection under Section 79 of the Information Technology Act, 2000 (Section 79 provides intermediary platforms like TikTok protection against third-party content on their platforms). The Madras High Court has completely disregarded the dictum of the Supreme Court in the case of Shreya Singhal v. Union of India, wherein the apex court had held that intermediaries enjoy a safe-harbour protection for  third-party user generated content on their platforms. The court had also stated that intermediaries are neutral platforms that cannot judge the legitimacy of the content posted on their website(s).

The order violates the fundamental right of free speech as enshrined under Article 19(1)(a) of the Constitution of India. Several judicial pronouncements such as Romesh Thapar v. State of Madras[fn][1950] S.C.R 594 at 602[/fn], Bennett Coleman & Co. v. Union of India[fn][1973] 2 S.C.R 757 at 829[/fn], and Shreya Singhal v. Union of India[fn]AIR 2015 SC 1523[/fn] have held that freedom of speech and expression is the bedrock of democracy. The grounds for prohibiting the use of the TikTok app does not fall within the purview of Article 19(2) (which provides for constitutional restrictions on free speech), but instead seems to be based on a skewed sense of morality, which cannot be a guiding principle for constitutional interpretation. In the case of Navtej Singh Johar v. Union of India, the Supreme Court had laid down that constitutional morality trumps social morality and ‘it is the responsibility of all the three organs of the State to curb any propensity or proclivity of popular sentiment or majoritarianism.’

The gag order on media is a classic example of judicial pre-censorship and is against the judgment of the Supreme Court on the issue. The position in common law, as espoused by William Blackstone has been that ‘the liberty of the press is indeed essential to the nature of a free state; but this consists in laying no previous restraints upon publications.’ In 2017, a bench of Justices Khehar and D.Y Chandrachud clarified that pre-broadcast or pre-publication regulation of content was not in the court’s domain.[fn]Common Cause v. Union of India[/fn], The court also said that the role of a court or a statutory authority will come in only after a complaint is levelled against a telecast or publication.

In the case of R. Rajagopal v. State of Tamil Nadu, the court had held that there is no law that authorizes prior restraint. Citing New York Times v. United States, the court observed that "any system of prior restraints of (freedom of) expression comes to this court bearing a heavy presumption against its constitutional validity.”

Though the Madras High court has urged the Government of India to enact a statute like the United State’s COPPA for protecting online privacy of children, it has ultimately banned further download of the application. The court’s order prohibiting the use of the app far exceeds a “proportionate regulatory response” to protect children’s data, as recommended by the Justice B.N.Srikrishna Committee.

TikTok has challenged the order of the Madras High Court before the Supreme Court of India.

The petition and a copy of the order are attached below:

All Posts | Nov 13,2017

Round Table: “Right to Privacy: What now?” on 16th November 2017

The Supreme Court's recognition of privacy as a fundamental right is the beginning of a new era in Indian constitutional jurisprudence. The SC's unanimous judgment in this regard (K.S.Puttaswamy vs Union of India) will usher in a period of great technical and legal creativity. Also considering that IT-based service industries are core components of any Digital India economic strategy, privacy considerations are bound to manifest in a big way in our developmental road-map.

Against this backdrop, we are organizing a Round Table discussion titled "Right to Privacy: What now?" with Ananta Aspen Centre on 16th November 2017 from 02:00 pm to 05:00 pm at the Deputy Chairman’s Hall, Constitution Club, Rafi Marg, New Delhi. This would be a closed-door brainstorming session (Chatham House Rule) chaired by Mr. Baijayant Panda (Member of Parliament, Lok Sabha), focusing on policies and frameworks for inclusivity, sustainable development, security, safety and freedom, technology and partnerships for upholding digital democracy, maximizing collaboration for strengthening security and safety and advocating dialogue diplomacy.

Other speakers from the select group of 20-25 would be from diverse fields including Industry and its associations, civil society, government and think-tanks who would deliberate on contentious issues, opportunities and challenges faced in the cyber world to pave the way for a better digital future.

This event is by invitation only. To register, please drop us a line at mamta@sflc.in.

All Posts | Apr 07,2017

RightsCon 2017, Brussels – An Overview

RightsCon 2017 is over, and we have lots to say about it. The Conference took place over a three day period, i.e. 29-31 March 2017 in Brussels, Belgium. We would like to thank Access Now for organizing and managing a smoothly conducted conference with over a thousand people in attendance. Mishi Choudhary, Biju K. Nair and Sukarn S. Maini from our team participated in the conference.

We organized a session in collaboration with Mozilla, called Connecting the Unconnected: Innovative Ways to Provide Affordable Access to the Internet. We were panelists in various other sessions, including extensive participation in the entire #KeepItOn Summit on Internet shutdowns, as well as the sessions mentioned below:1

  • Advances in Measuring Internet Shutdowns.
  • Better Ways to Document Internet Shutdowns.
  • Freedom Online Coalition: Multilateral Approaches to Network Disruptions.
  • Intermediary Liability and Beyond: Trends, Challenges, and Opportunities for Human Rights.
  • Let’s Talk Sex Toy Security – Internet of Things and Liability Issues.
  • Tackling Harmful Speech: What Harms Rights Least?
  • Zero-Rating Done Right? Establishing Principles and Guidelines to Address the Affordability Barrier.

We organized a booth on the first day, where we handed out physical copies of our reports on Online Harassment – A Form of Censorship and India’s Surveillance State. To generate more awareness about India’s digital rights landscape, we also distributed brochures, stickers, t-shirts and maps of Internet shutdowns in India.

Watch out for a post coming soon with details of sessions that we were a part of, and the outcome of those sessions.

1 The full RightsCon 2017 program can be accessed at https://www.rightscon.org/cms/assets/uploads/2017/03/RightsCon-Brussels-2017-Official-Program.pdf

All Posts | Mar 21,2016

Without rules, Sahibs may own your data

Now that the inevitable death of Free Basics by Facebook has happened and the dust has settled, the real outlines of the government of India’s Internet and Digital India policies are coming into focus.

The four pillars of the government’s intentions have been declared and are already under construction: a policy to prefer free and open source software in all egovernance software solutions; new guidelines on patenting ‘computer-related inventions’, which will adhere strictly to the prohibition on patenting computer programs; comprehensive reliance on Aadhaar to provide a biometrically-backed digital identity for every Indian citizen; and the ‘India Stack’, a set of software designs that build atop the Aadhaar unified digital identity to provide cashless payment systems available to all Indians, electronic government services and a ‘consent layer’ for transactions exchanging Indians’ personal information in the private market.

This is an immensely ambitious agenda, but how this agenda is fulfilled, and, in particular, what the consequences are for freedom in the world’s largest democracy, will depend on the fifth pillar of the new Digital India. This pillar is protection of all citizens’ right of privacy.

About the role of privacy in the future Digital India, the government is plainly ambivalent. Having announced it would seek a definitive Supreme Court ruling in the ongoing Aadhaar litigation, the government last week chose instead to rush Aadhaar legislation through Parliament under the contentious claim that it represented a money bill insulated from Rajya Sabha consideration, thus avoiding any significant form of public policy debate.

The Aadhaar legislation ensures that there will be a single database, at CIDR, holding fingerprint, retinal scan and, eventually, full genomic information on every Indian, along with name, address, phone number and — in a continuing reminder that every Indian woman is treated as some man’s property—the name of each woman’s husband or father. From this data, the ordinary conduct of the simplified statistics, we call data science, can infer other pieces of sensitive information with almost flawless reliability.

The rules concerning access to and operations on this data — which will be determined by future subordinate legislation — whether the surveillance and control of will be enormously facilitated; whether each Indian’s purchases, savings, gifts and receipts will be trackable, controllable and preventable by anyone with sufficient political power or a stolen set of digital keys.

The Bill accords the government an unrestricted right to access and use CIDR’s database for purposes of "national security", a term nowhere defined in this legislation, or anywhere else in Indian law. Given that this database can be used to identify, locate and control people — and the likelihood that any uses made for "national security" will be kept secret and outside the scope of judicial review —only the declaration by the Supreme Court of the broadest and most powerful individual constitutional right of citizen privacy can prevent the inevitable misuse of this power by some future government.

Ministers of the present government who were jailed under the Emergency declared by a government without such tools, or whose phones were surveilled by a more recent past government with lesser tools, should be among those most concerned by the possible consequences The government’s concern with acquiring free and open-source software and its decision to resist the blandishments and threats of the multinational IT companies speak to the strongly nationalistic quality of the Digital India vision.

But without an equally clear and determined set of policy commitments to protect the privacy of Indian citizens comprehensively, the digitisation of identity and payment threatens to replace foreign "white" owners of Indians’ lives with domestic "brown" ones. Because information is power, such an oligopoly of data, if it is not imperialism, would be tyranny.

This article was written by Eben Moglen and Mishi Choudhary for The Economic Times Blog published on March 21, 2016.

All Posts | Dec 03,2015

How Have Internet Shutdowns Impacted Your Life? – The Huffington Post

With the advent of the internet, the global communications landscape has undergone a number of dramatic changes. Not only has the internet made communications technology more universal and affordable, it has also provided a whole new platform for self-expression bundled with elements of decentralisation and anonymity, making it one of the most powerful tools for political discourse in the 21st century. This also means that the internet has been increasingly targeted for control, and complete regional shutdowns of the public internet are frequently resorted to in parts of the world.

Between 2013 and 2015, access to the public internet has been blocked nine times across four Indian states. Annual instances of shutdowns climbed from one in 2013 to two in 2014 and six in 2015. Jammu & Kashmir saw the highest number of shutdowns with four instances over 2013, 2014 and 2015, followed by Gujarat with three internet clampdowns over 2014 and 2015. Nagaland and Manipur had internet shutdowns enforced once each in 2015.

While most shutdowns were instituted in the interest of maintaining law and order under the threat of widespread violence, the process followed remains shrouded in uncertainty. Despite there being a detailed procedure laid down by India's Information Technology Act to block public access to online content under specified circumstances, this is often discarded in favour of blanket shutdowns, which may be easier to implement in the short term, but come with collateral damage in terms of non-access to essential services that depend on the internet for their functioning. In 2011, the Organisation for Economic Co-operation and Development (OECD) estimated that a complete five-day internet shutdown in Egypt resulted in direct costs of at least USD 90 million. A 2015 study by the Germany-based Centre of Internet and Human Rights on "The Impact of Mobile Network Shutdowns in Pakistan" stresses how "Network shutdowns are a fundamental risk, not just to freedom of expression, national or personal security or business operations, but also to the most fundamental of sustainable development challenges faced by all state.

We invite readers to narrate their stories of how the shutdowns impact their day to day lives and business. A record of such shutdowns can be found at the website of the Software Freedom Law Centre.

This article first appeared on The Huffington Post (India Edition) on 2nd November 2015.

Photo byStahlkocher / CC BY-SA 3.0 EDIT: And updated version of the Infographic is available here. [19/02/2016]

All Posts | Jan 24,2013

Freedom after expression…

Sflc.in participated in the Third South Asian Meeting on the Internet and Freedom of Expression which was held in Dhaka, Bangladesh from 14-15 January 2013 . The focus of the meeting was on the increasing instances of hate speech and the issue of cyber security and surveillance. There were participants from Sri Lanka, Pakistan, Maldives, Nepal, India and the host country of Bangladesh.

It was an enlightening experience to learn about the experiences of those working in the area of Freedom of Expression in other countries in the region. The bottom line of the discussion was that in the region the issue was not Freedom of Expression, but Freedom after expression, or in other words, the security of the person who makes the expression. Unfortunately, the participants were in for a rude shock when in the late hours of the first day of the meeting, we came to know that Asif Mohiuddin, a popular Bangladeshi blogger was stabbed. The incident underlined the fact that true freedom of expression exists only when there is space for unpopular or diverging views.

Now let me give a brief overview of the topics discussed. The first two sessions focused on the issue of hate speech on the Internet. The report on hate speech by the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue was the basis for the discussion. Dixie Hawtin of Global Partners & Associates dwelt on the importance of the medium in protecting Freedom of Expression. There was also a discussion on the notion of harm and how that is an important element in devising whether expression can be classified as hate speech. It was pointed out that criticism of politicians will definitely not come under the definition of hate speech.

Professor K.S.Park from South Korea explained the 'clear and present danger' test for identifying hate speech. However, this may not be applicable in all countries and in India, the courts have held the test to be not applicable here. Tahmeena Rahman who works with the organisation called Article 19 explained the seven -tier test proposed by their organisation for identifying hate speech.

The session on cyber security and surveillance was interesting with tools like WireShark and technologies like Deep Packet Inspection being mentioned. I opined during the discussion that it is important to introduce encryption and privacy protection technologies to the public. I also introduced the Freedom Box project and explained how that could be the answer to many of our privacy worries.

A topic which evinced considerable interest from the participants and a lively discussion was the issue of anonymity. Pros and cons of user anonymity was discussed. Prof.Park explained the problem of user registration and privacy by showing how the user details of a large number of Koreans were compromised by a security breach and how the information was put up for sale. Rohan Samarajiva raised a contrary point and said that user details are often important in tracking criminals and many crimes are now solved using details of phone conversations.

Well, if you thought Section 66A of the Information Technology Act in India was bad, you have not seen the ICT Act of Bangladesh. Mohammad Shahriar Rahman introduced the provisions in the Act. Section 57 of the Act is produced below: 57. Punishment for publishing fake, obscene or defaming information in electronic form.--
(1) If any person deliberately publishes or transmits or causes to be published or transmitted in the website or in electronic form any material which is fake and obscene or its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, or causes to deteriorate or creates possibility to deteriorate law and order, prejudice the image of the State or person or causes to hurt or may hurt religious belief or instigate against any person or organization, then this activity of his will be regarded as an offence. (2) Whoever commits offence under sub-section (1) of this section he shall be punishable with imprisonment for a term which may extend to ten years and with fine which may extend to Taka one crore

It is interesting to note that in the case of defamation through any other medium the maximum term of imprisonment under the Penal code is two years. Treating the medium of Internet differently from other medium is not an India- specific issue and seems to be an issue in the entire region.

Aditya Prakash Rao introduced the issues related to jurisdiction in the case of cloud based data transfer and the importance of Mutual Legal Assistance Treaties(MLATs).

The meeting concluded with a public function attended by Hasanul Haq Inu, the Minister of Information in the Government of Bangladesh. The Minister made an interesting pronouncement where he said his Government plans to make the right to access to the Internet a fundamental right. The meeting issued a statement condemning the attack on Asif Mohiuddin and requesting the Government to bring the perpetrators of the crime to justice at the earliest.


All Posts | Mar 05,2012

Look Who’s Watching

Do you think someone is looking over your shoulder as you type an email, buy grocery or fill a simple raffle for that fair you visited with your child? As you give information to medical health providers or banks or airlines, do you get the feeling you are being monitored? Sounds like the conspiracy theory to beat all urban legends. Read on...

In India the right to privacy debate on monitoring of communications was addressed by the Hon'ble Supreme Court of India in the PUCL case. This case dealt with the issues of telephone tapping and guidelines were prescribed on the procedure for issuing telephone tapping orders. These guidelines were adhered to while substituting Rule 419 A of the Indian Telegraph Rules, 1951 in March 2007. Thereafter, these guidelines were incorporated by the Government in the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 that prescribed the procedure to be followed while issuing orders for monitoring information on the Internet.

However, we see attempts being made by the Government to bye-pass these safeguards by means of a loop-hole in the Information Technology Act, 2000 (IT Act) and the rules notified in 2011 under the IT Act. To unravel this Gordian knot we need to refer to Section 28 of the IT Act. Under this section, the Controller of Certifying Authority (CCA) is empowered to investigate contraventions of the provisions of the IT Act. This power becomes potent when seen in the light of the Information Technology (Reasonable security practises and procedures and sensitive personal data or information) Rules 2011. When Section 28 is read with the proviso of Rule 6 of the aforementioned Rules: it essentially translates into the CCA having the power to obtain information, including sensitive personal information, from any company or body corporate, albeit at the request of government agencies. This power to obtain information from intermediaries is again explicitly provided under sub-rule (7) of Rule 3 of the the Information Technology (Intermediaries guidelines) Rules, 2011.

A reasonable reading of the title of Chapter VI of the IT Act (under which the subject of the Regulation of the CCA is dealt with ) seems to convey that this is an authority that deals with the Licensing of Certifying authorities that grant Electronic Signature Certificates. Until, of course, you read Section 28. Even then it does not amount to much until you dig further into the various rules that have been passed under the IT Act. So the question that comes up is: how can the government seek to deprive us of our right to privacy as simply as this. We have been asking this over and over again. These rules are made by the executive. They are made to help in the smoother functioning of any act of the parliament. However, at least, in the case of the IT Act they definitively override the mandate provided by the legislature. And so today the government agencies can seek any information regarding any person from a body corporate by sending a request to the CCA . The body has to oblige the CCA or face a stiff penalty. This incidentally is in violation of the law laid down by the Supreme Court of India on the right to privacy. It means any data belonging to you and me can be accessed by the CCA and in turn the government agencies.

So what happens if the body corporates refuse? Under Section 44 ( A) of the IT Act they can be slapped with asteep fine just as Yahoo India was. At the time of writing this blog, the case is sub-judice and hence it will be difficult to comment, but we at sflc.in wanted to find out more.

On January 10 2012 we sent an RTI to the Office of the Controller of Certifying Authority. We specifically requested for the following information:

  1. Number of requests received in the last three years, by the CCA from government agencies like the Intelligence Bureau , Ministry Of Home Affairs etc.

  2. Number of notices issued by the CCA under Section 28 of the IT Act in the last 3 years.

  3. Names of the recipients of notices under Section 28.

  4. Names of body corporates on whom a fine under Section 44 (A) has been imposed.
  5. Information on the methodology of scrutiny of requests from government agencies. Any rules or guidelines regarding the same.
We received areply to this RTI vide a letter dated February 8, 2012. We were told in this reply that as far as questions 1, 2 and 3 were concerned the CCA needed permission from the concerned government agencies to disclose this information . Further the response of the government agencies concerned was awaited. In response to question no. 4 we have been informed that only Yahoo India has been fined under Section 44 (A) of the IT Act. Question no.5 has elicited the response that matter concerning our query is in a confidential file and hence cannot be disclosed.

Further on March 2, 2012we received another reply to our RTI application whereby we were informed that as the CCA had sought approval from the concerned agency they could give us further information. This reply revealed that 73 ( seventy three ) notices were issued by the CCA under section 28 of the I.T. Act, in the last three years. This reply also informed us that notices have been issued to Yahoo India, Google, AOL, Facebook, Orkut and Hotmail.

While we at sflc.in shall follow the procedures provided by the Right to Information Act to find out more and dig a little deeper, it does surprise us that the CCA does not think that it is bound even by the Right to Information Act to disclose or refuse disclosure of information. Either that or our questions have made them uncomfortable and they have replied in the vaguest possible manner.

But if names like Yahoo, Google, Facebook, Orkut , Hotmail or AOL sounds familiar then we suggest you reread what is said above.

All Posts | Oct 10,2011

Curtailing the Right to Information

Freedom to have access to information, as a right, is essential for the functioning of a transparent and accountable democracy. The Right To Information Act 2005 ( RTI Act) in India was enacted to fulfill this goal. Under the RTI Act, the Government of India is duty bound to provide information to its citizens within a specified time. This is however subject to Section 8 of The RTI Act which lays down the grounds for the exemptions from disclosure of information by the Government.

The recentGlobal Right to Information rating by the Centre for Law and Democracyranks India in the third place, as far as the overall strength of the legal framework for RTI is concerned. While the intent and the framework for right to information seem to be present, yet the Government is, sometimes, seen as being reluctant to embrace this right of its citizens. Recently the Department of Personnel and Training, issues a circular dated 16.9.2011 whereby it was stated that " ...Only such information can be supplied under the Act which already exists and is held by a public authority or held under the control of a public authority. The Public Information Officer is not supposed to create information or interpret information..." The circular went on to quote the Supreme Court of India in the matter of Central Board of Secondary Education and Another Vs. Aditya Bandopadhyay and Others(Civil Appeal No. 6454 of 2011) wherein it was held that " Where the information sought is not a part of the record of a public authority, and where such information is not required to be maintained under any law or the rules or regulations of the public authority, the Act does not cast an obligation upon the public authority, to collect or collate such non-available information and then furnish it to an applicant..."

With the Government, as it is, being bestowed with wide range of exemptions under Section 8 of the RTI Act , this judgment and the following circular further curtail the right to information. With a population as large as India:the idea of information which readily available in an antiquated system of bureaucracy such as ours is a farcical notion. Government records in India are not as yet fully computerized and Public Information Officer in reality have to collate and collect information sought under RTI Act

SFLC has for over the last few months as a part of its CTAG ( Citizens for Accountable and Transparent governance) Project filed a large number of RTI Applications. These RTI applications have been filed for the purposes of obtaining information from various departments of the Government of India on its policies and orders on varied matter especially those that affect the digital freedom. We have found that the Government freely utilizes Section 8 of the RTI Act when information is sought about issues that affect digital freedom. The issues raised by these RTI Applications filed by SFLC have dealt with the violation of basic human rights of the digital citizens of the country. Whether it is the working and authority of the National Intelligence Grid (NATGRID); or the monitoring of social networks; or internet based financial transactions by the Intelligence Bureau; or even the barring of mobile phone companies from launching Nokia's popular push mail and power mail messaging services , the information is denied. The denial of information is under Section 8 (1) ( a), or 8 (1) (g), or 8 (1)( h) being put forth as the reason. There is no justification provided how these sections of the RTI Act may be applicable to the information sought. No reason as to why the information sought falls under the ambit of Section 8 of the RTI Act is put forth by the Public Information Officer in any of its replies.

With the Government further vide the above quoted circular advising its Public Information Officer to not create collate or interpret information, the effectiveness of the RTI Act is bound to be diluted further.