Defender of your Digital Freedom

All Posts | Feb 19,2019

Submission to Parliamentary Committee on Information Technology

Parliamentary Committee on Information Technology invited views on the issue of “Safeguarding Citizens Rights on Social/Online News Media Platforms”. The views were heard on 11th February 2019 along with inputs from MeitY and Twitter.

We at SFLC.in made our submission on common forms of harm on the internet, common remedial measures undertaken or provided by online platforms and the existing legal provisions. We also submitted our recommendations supporting right to privacy, endorsing strong encryption, emphasising importance of safe harbour for intermediaries, advocating wider consultations for finding solutions to tackle hate speech, opposing proactive monitoring of content and suggesting that intermediaries be free to come out with their own Terms of Service. Our submitted views are given below:

All Posts | Feb 19,2019

Submission on Surveillance Industry and Human Rights to the UN Special Rapporteur

UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression had invited comments on the surveillance industry and human rights. In 1993 the United Nations Commission on Human Rights established the mandate of the Special Rapporteur that included gathering information on violations, responding to credible information, making recommendations and contributions to provision of technical assistance or advisory services by Office of the United Nations High Commissioner for Human Rights (OHCHR) to better promote and protection right to freedom of opinion and expression.

Last date for submissions from States, civil society, private businesses, and other interested stakeholders was 15th February 2019. The Special Rapporteur requested concise comments on domestic regulatory framework on development, marketing, deployment, facilitation and use of surveillance technologies. The aim of this exercise is to study obligations and responsibilities of States and businesses in the light of human right standards.

We have made our submissions highlighting the domestic laws, regulations, judicial decisions on the use of surveillance technologies in India and their consistency with human rights standards. These submission detailed below will be posted on the OHCHR website at the time of the report’s publication.

All Posts | Nov 30,2017

Visit to Asian Law School

On Thursday, 23 November 2017, Biju K. Nair (Executive Director) and Sukarn Singh Maini (Counsel) visited Asian Law School to teach law students about practical aspects of being a lawyer and our work on protecting your digital freedoms.

We discussed how to deal with clients, issues of software patents, licensing, freedom of speech, privacy, net neutrality, Aadhaar and the Information Technology Act, 2000 through a practical interactive session on how to deal with real life instances of these issues. We ended the session with a guide on how to protect one's privacy while browsing the internet through live demonstration of tools that can be used to analyze who is gathering your data, how to block web trackers and how to anonymize oneself online. The overall session lasted approximately two hours.

All Posts | Mar 29,2017

Joint letters to Chief Ministers raising concerns over Internet shutdowns

Concerned by the recurring Internet shutdowns imposed by states across India, we, along with a group of citizens and organizations, sent letters to the Chief Ministers of all states that have witnessed shutdowns in the past, requesting that immediate action be taken to curb this unjustifiable practice. Making note of the significant human rights deprivations and socio-economic costs that come with frequently preventing residents of entire states and regions from accessing the Internet, the letter urged the Chief Ministers of affected states to take necessary steps towards ensuring that any restrictions on communications imposed in the interest of maintaining law and order follow established legal protocol under the Information Technology Act, 2000, and that states refrain from imposing blanket Internet shutdowns under any circumstance.

The full text of the respective letters are available at these links:

Note: We will be re-sending these letters to the CMOs in a few weeks’ time with a larger pool of organizational/individual endorsements. We request all who wish to voice their support for this initiative to send in a line of endorsement of any/all of the above letters to mail@sflc.in. Please be sure to state your full name and designation as applicable in your email, and feel free to suggest any changes you would like to see in the current text of the letters.

All Posts | Jan 24,2013

Freedom after expression…

Sflc.in participated in the Third South Asian Meeting on the Internet and Freedom of Expression which was held in Dhaka, Bangladesh from 14-15 January 2013 . The focus of the meeting was on the increasing instances of hate speech and the issue of cyber security and surveillance. There were participants from Sri Lanka, Pakistan, Maldives, Nepal, India and the host country of Bangladesh.

It was an enlightening experience to learn about the experiences of those working in the area of Freedom of Expression in other countries in the region. The bottom line of the discussion was that in the region the issue was not Freedom of Expression, but Freedom after expression, or in other words, the security of the person who makes the expression. Unfortunately, the participants were in for a rude shock when in the late hours of the first day of the meeting, we came to know that Asif Mohiuddin, a popular Bangladeshi blogger was stabbed. The incident underlined the fact that true freedom of expression exists only when there is space for unpopular or diverging views.

Now let me give a brief overview of the topics discussed. The first two sessions focused on the issue of hate speech on the Internet. The report on hate speech by the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue was the basis for the discussion. Dixie Hawtin of Global Partners & Associates dwelt on the importance of the medium in protecting Freedom of Expression. There was also a discussion on the notion of harm and how that is an important element in devising whether expression can be classified as hate speech. It was pointed out that criticism of politicians will definitely not come under the definition of hate speech.

Professor K.S.Park from South Korea explained the 'clear and present danger' test for identifying hate speech. However, this may not be applicable in all countries and in India, the courts have held the test to be not applicable here. Tahmeena Rahman who works with the organisation called Article 19 explained the seven -tier test proposed by their organisation for identifying hate speech.

The session on cyber security and surveillance was interesting with tools like WireShark and technologies like Deep Packet Inspection being mentioned. I opined during the discussion that it is important to introduce encryption and privacy protection technologies to the public. I also introduced the Freedom Box project and explained how that could be the answer to many of our privacy worries.

A topic which evinced considerable interest from the participants and a lively discussion was the issue of anonymity. Pros and cons of user anonymity was discussed. Prof.Park explained the problem of user registration and privacy by showing how the user details of a large number of Koreans were compromised by a security breach and how the information was put up for sale. Rohan Samarajiva raised a contrary point and said that user details are often important in tracking criminals and many crimes are now solved using details of phone conversations.

Well, if you thought Section 66A of the Information Technology Act in India was bad, you have not seen the ICT Act of Bangladesh. Mohammad Shahriar Rahman introduced the provisions in the Act. Section 57 of the Act is produced below: 57. Punishment for publishing fake, obscene or defaming information in electronic form.--
(1) If any person deliberately publishes or transmits or causes to be published or transmitted in the website or in electronic form any material which is fake and obscene or its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, or causes to deteriorate or creates possibility to deteriorate law and order, prejudice the image of the State or person or causes to hurt or may hurt religious belief or instigate against any person or organization, then this activity of his will be regarded as an offence. (2) Whoever commits offence under sub-section (1) of this section he shall be punishable with imprisonment for a term which may extend to ten years and with fine which may extend to Taka one crore

It is interesting to note that in the case of defamation through any other medium the maximum term of imprisonment under the Penal code is two years. Treating the medium of Internet differently from other medium is not an India- specific issue and seems to be an issue in the entire region.

Aditya Prakash Rao introduced the issues related to jurisdiction in the case of cloud based data transfer and the importance of Mutual Legal Assistance Treaties(MLATs).

The meeting concluded with a public function attended by Hasanul Haq Inu, the Minister of Information in the Government of Bangladesh. The Minister made an interesting pronouncement where he said his Government plans to make the right to access to the Internet a fundamental right. The meeting issued a statement condemning the attack on Asif Mohiuddin and requesting the Government to bring the perpetrators of the crime to justice at the earliest.


All Posts | Dec 10,2011

Thank You Mr Sibal!

We at SFLC.in , have been crying ourselves hoarse, on the Government Of India's clamp down on Freedom of Speech and Expression since April 2011 . Why April? In April, the Central Government notified the new Information Technology ( Intermediaries Guidelines) Rules . These Rules cast an obligation upon an intermediary to remove any content which may be unlawful, blasphemous, libellous, grossly harmful, harassing or disparaging. This removal of content was to be done on receiving a complaint by an affected party.

It bothers us. In our view, it is unconstitutional , arbitrary, and downright Orwellian. We think the right to freedom of expression is under threat. Sounds like a conspiracy theory, doesn't it? But as a bunch of professionals working in the area of electronic civil liberties, we don't think so. We also realize that most internet users could not grasp the significance of these Rules owing to the legalese involved.

Along comes the Union Minister ( and we swear we did not bribe him). He does in one press conference what we have been trying to do for the past nine months : Bring the issue of the Big Brother censoring the internet, into public cognizance.

Mr Sibal as reported in "The Hindu" ( 6 , December 2011) met senior functionaries of You Tube, Facebook, Google and Yahoo and a few others ( but the media reports completely ignored to cover other invited parties)asked them to evolve a mechanism to filter "disparaging" content related to politicians and religious figures. Though, in all honesty what the Hon'ble Minister has proposed is beyond the Rules itself. Although the deamnd is very different from the already allowed backdoor censorship through IT rules promulgated in April 2011, Yet, in a way, it illuminates the issue of pre-censorship on vague grounds. Thankful as we are to Mr Sibal, we would still like to know more about his meeting. In order to obtain this information we sent an RTI Application on the 6thof December,2011, itself, asking for :

  1. Copy of the minutes of this meeting;

  2. Details of the steps suggested by the Government to these websites on screening and filtering such content;

  3. File notes if any, prepared in connection with this meeting.

This RTI application has been sent to Department of Information Technology and Department of Telecommunication. Why have we sent it to two departments? No, we are not jobless. It has been our experience that Ministries in the Government are RTI dodgers par excellence. So, its best to seek information from all concerned departments to uncover more about this meeting. Watch this space for further information.

All Posts | Jun 23,2011

The Caravan Injunction And How the New IT Rules Could Make It Easier for the Arindams of the World

The Caravan magazine issued a press release yesterday on the defamation suit filed by Indian Institute of Planning & Management(IIPM) against it for publishing a cover story on Arindam Chaudhury, Director of IIPM, in the February 2011 issue. The suit is filed against the magazine, Siddhartha Deb, the author of the story, Google and Penguin, the publisher of the forthcoming book, from which the article is extracted.

The magazine had to remove the article from its web site as an injunction order was passed by the Civil Court in Silchar, Assam restraining the magazine from maintaining the article in their website. The case is interesting, particularly in view of the article by Arindam Chaudhuri in "the Sunday Indian" titled "Internet Hooliganism", in which he welcomes the new Information Technology (Intermediaries guidelines) Rules, 2011 notified by the Government as it seeks to control the intermediaries and blogs. The author says "...it is not just bloggers with malicious intent, who will get dragged to the table of interrogation. Even intermediaries like all search engines and websites (which would include Google, Wikipedia, or even online payment & auction sites, social networking sites and hosted blogs), Telecom and Internet Service Providers (ISPs) and even cyber cafes, will be held liable for all harm caused to the party - individual or a body of individuals - which has lodged a complaint..."

In the Caravan case, IIPM had to approach a Court and obtain an injunction to get the article taken off from the website. The new IT rules make it so much easier for any person to get any content, which is not in his interest, to be removed from the web. The intermediary, who could be a hosting provider, a blog platform, a social networking site or an ISP will have to remove the content within 36 hours of receiving a complaint from any person regarding content posted online. In the current case, IIPM could have approached the hosting provider to get the content removed. This could soon become a censorship mechanism by which anybody who is not happy with a report on corruption, malpractice or a business fraud reported in any online magazine or blog or even a forum, could soon get it removed by filing a complaint with the intermediary. The user who posted the content does not have a remedy to get the content restored, and this makes the rules biased against the content creator. The provision for removal of content without the involvement of any judicial process has strong possibility of misuse and could severely affect the freedom of speech and expression of citizens in online media.

The quote attributed to Voltaire - "I detest what you write, but I would give my life to make it possible for you to continue to write" - encapsulates the spirit of democracy and freedom of speech. Freedom of speech and expression as well as the freedom of press are the basic foundations of a democracy and as India experienced during the period of emergency, curtailment of this freedom, could have grave consequences for a democracy. Posting of defamatory content or any unlawful matter online cannot be allowed, but at the same time, whether an act is unlawful or not has to be decided by a court of law and cannot be decided by an intermediary. Censorship of content, in any form, does not augur well for a democracy, and has to be resisted, especially when carried out by non-state actors.

All Posts | Apr 28,2011

Censored by the Intermediary

The Indian Express, during the time of emergency, published its newspaper with a blank editorial page to protest against the censorship policies of the Government. The Internet as we know in India today, will soon have a lot of blank pages, thanks to the intermediaries being forced to censor content. The Information Technology (Intermediaries guidelines) Rules, 2011 notified under the provisions of the Information Technology Act, 2000 lays downs stringent guidelines for intermediaries and threatens freedom of speech and expression on the internet.

In return for offering the intermediaries a safe harbour, the new rules demand the intermediaries to don the roles of a judge and censor. As per the Act, intermediaries include telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, on-line payment sites, on-line auction sites, on-line market places and cyber cafes. This wide list of services included in the list of intermediaries will result in a more controlled (read censored) internet. The new rules laying down guidelines for intermediaries expect the intermediaries to disable information within 36 hours, upon obtaining knowledge by itself or been brought to actual knowledge by an affected person that the information:

(a) belongs to another person and to which the user does not have any right to;
(b) is grossly harmful, harassing, blasphemous, defamatory, obscene, pornographic, paedophilic, libellous, invasive of another's privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever;
(c) harm minors in any way;
(d) infringes any patent, trademark, copyright or other proprietary rights;
(e) violates any law for the time being in force;
(f) deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature;
(g) impersonate another person;
(h) contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer resource; (i) threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or public order or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting any other nation.

In short, the intermediary is expected to act as the super-judge deciding what is:

Blasphemous– I thought only our western neighbour(No names, lest the web hosting company be forced to take this site off as violative of Rule 3.(2)(j) - insulting any other nation) had such rules. The Indian Penal Code does not define blasphemy. The closest offence one can find is Section 295A that deals with deliberate and malicious acts, intended to outrage religious feelings of any class by insulting its religion or religious beliefs. Defamatory, libellous– Deciding defamation/libel is no easy business for a Court of law, and the intermediary is expected to do that now. Infringement of Patent, trademark, copyright– The intermediary will soon need to have experts in every possible field to decide on infringement of intellectual property rights. Belongs to another person– any investigative reports quoting communications could come under this.

The DMCA, that governs online copyright violation in the US, provides a put-back provision to protect the interest of the user who posts the content online. The new rules do not have any put-back provision to protect the interests of the user and is thus heavily skewed against the creator of online content. In practice, the intermediaries, instead of deciding whether an information is in contravention of sub-rule(2) of rule 3, will end up disabling access to any information on receiving a take-down request, to ensure that they are not held liable. The rules, by putting restrictions on intermediaries will, in effect, would result in self-censorship and will have a chilling effect on online speech.

Although, reference to the term blogger, that was introduced in the draft rules, is not included in the notified rules, a blogger will squarely come under the definition of the term "user" and will be subject to restrictions imposed on content that can be posted on blogs and websites provided by intermediaries. The removal of content created by a blogger or any user could be a clear restriction of his freedom of speech and expression and such curtailment of freedom can only be done if it falls under reasonable restrictions imposed under Art. 19(2) of the Constitution .

The rules by forcing the intermediary to provide details of users to government agencies without any judicial order, puts the user at a risk of harassment by law enforcement agencies. The rules that mandate providing of information to government agencies on a mere written request will have major ramifications on the privacy of a citizen and will amount to "wire-tapping of the internet"

Let us consider a few instances were an intermediary could be forced to disable information posted:
Posts on Wikipedia - Many posts on Wikipedia could be considered obscene or defamatory
Wikileaks - Content posted on Wikileaks could be considered as belonging to another person and defamatory or libellous or disparaging. Intermediaries ranging from hosting providers to on-line payment sites could be forced to disable such information.
Online citizen journalism - Many topics touching on corruption could be noted to be defamatory and libellous or disparaging. Blogs - Blog posts on controversial topics ranging from insurgency to corruption could be considered violative of the rules.

The rules in the current form may be beyond the rule making power of the Government and could be unconstitutional as well as ultra-vires of the Act. The 2008 Amendment of the IT Act was a reaction to the 26/11 Mumbai attacks and these rules seem to be the result of a paranoia that seems to have gripped the Government after the developments in Tunisia and Egypt and the Wikileaks phenomenon.

Justice V.R.Krishna Iyer, while deciding a matter on the power of Government to seize a book written by Periyar EVR , a political figure and rationalist, inState of Uttar Pradesh Vs. Lalai Singh Yadav, AIR 1977 SC 202, 1976(4) SCC 213, observed:

"India is a land of cultural contrarities, co-existence of many religions and anti-religions, rationalism and bigotry, primitive cults and materialist doctrines. The compulsions of history and geography and the assault of modern science on the retreating forces of medieval ways-a mosaic like tapestry of lovely and unlovely strands-have made large and liberal tolerance of mutual criticism, even though expressed in intemperate diction, a necessity of life. Governments, we are confident, will not act in hubris, but will weigh these hard facts of our society while putting into operation the harsh directives for forfeiture. From Galileo and Darwin, Thoreau and Ruskin to Karl Marx, H.G. Wells, Barnard Shaw and Bertrand Russel, many great thinkers have been objected to for their thoughts and statements-avoiding for a moment great Indians from Manu to Nehru. Even today, here and there, die-hards may be found in our country who are offended by their writings but no Government will be antediluvian enough to invoke the power to seize their great writings because a few fanatics hold obdurate views on them."

All Posts | Aug 14,2010

The BlackBerry Emergency

According to the Government of India, private service providers like AirTel and Vodafone are failing in their legal obligations under the Information Technology Act, hastily amended in the days immediately following the Mumbai 7/11 attacks, by not providing access to the content of emails and texts sent to or from BlackBerry users. As a lawyer, I have some doubt about this legal position, no doubt under discussion between GoI and the service providers. But there is no doubt that the Government has failed to make clear the context of this dispute, or the real consequences of the demands it is making.

BlackBerry devices use the wireless networks of the local service providers to deliver email and texts through servers operated by Research in Motion located outside India. If you or I as individuals buy a BlackBerry through one of the offering service providers, our email and text traffic will not be encrypted, and GoI will have whatever access to our communications the law requires. If, however, your BlackBerry was given to you as an employee of an MNC or a large local enterprise, for work use, those emails and texts will be encrypted so that only the sender and receiver, but not Research in Motion (RIM) and not the local Indian wireless service provider, will be able to read them. Since these parties do not have access to the content of encrypted messages, and therefore cannot provide what Government says the Act requires, the Government now threatens to force a halt to their services as of August 31.

Unless a ring of terrorists is embedded entirely within some MNC, and is using its email and messaging system to plan terrorist attacks or other crimes using corporate BlackBerries, such a service cut would not be likely to prevent the planning or execution of any attacks. What it would do, however, is effectively cut off India from the global financial system. The ability of banks, insurance companies, law firms, consultancies and other professional service enterprises to operate around the globe depends entirely on the flow of confidential intra-firm communications. People cannot do business anywhere unless they can be sure that their firm's business communications are not being overheard by competitors or other parties using breaches in communications networks. So every such enterprise relies upon mechanisms that ensure complete confidentiality on which the movement of trillions of crores every day in the world economy depend. BlackBerry provides one portion of that network to a large subset of that market. Any country which shuts off encrypted BlackBerry communications has shut down its place in the global economy.

Government knows, what the extent of its threat implies if our connection with the global economy is temporarily lost. But if the Government were clear with the public now about the small security benefit to gain and the magnitude of the harm it will cause if its threat is carried out, its dis-proportionality would raise questions in the mind of the public. Apparently GoI believes that such a threat can, from its very desperate dramatic quality, induce a useful result. Unfortunately, this too is wrong. Because nobody but the enterprises themselves have an access to the decrypted information, Government must get inside the BlackBerry itself if it is to read the messages.

Thus, it is likely that GoI is pressurizing the local service providers like Airtel and Vodafone to put spyware within the BlackBerries attached to their networks. Thus, an arriving investment banker or CEO from New York or Frankfurt would have his BlackBerry subject to the introduction of spyware by the network, along with all the BlackBerries used by Indian financial services firms. There is precedent for this effort. One UAE wireless company, Etisalat, was caught installing spyware on more than 100,000 enterprise BlackBerries in the Emirates last year. Research in Motion was required by its customers to bear the cost of software upgrades to the system to remove the spyware and secure their business communications. Etisalat has been fundamentally injured in its credibility in international business, and is in some danger of becoming a global pariah.

GoI is making threats that could only be fulfilled at cataclysmic cost to the economy. It will in effect result in causing immense harm to India's telecommunications sector and our reputation in the global financial services economy, where so many of our jobs are being created. In the end, it would inflict immense damage, much greater than any terrorist could ever cause scarcely achieving any additional security.