Logo

Defender of your Digital Freedom

All Posts | Dec 06,2018

Second Appeal to the RTI Application revealed procedural lapses: only 11 review committee meetings despite 40 Internet Shutdowns in Rajasthan

We at SFLC.in define Internet Shutdowns as "a Government-imposed disablement of access to the Internet as a whole within a particular locality or localities for any duration of time". To track instances of Internet Shutdowns in India, we built an interactive tracker that can be located at: www.internetshutdowns.in. This year, according to our tracker, India has witnessed 130 instances of Internet shutdowns – the highest in the world.

Our tracker records shutdowns on the basis of data collected from media reports (online and offline). Over the course of our shutdowns project, we have expanded to include a citizen reportage mechanism i.e. a method for citizens, in or around affected areas, to bring instances of shutdowns to attention, and share stories on how shutdowns affect them and their communities. Nevertheless, all data recorded by our tracker continues to be secondary, which means that its accuracy is highly dependent on media reportage.

In the absence of any reliable means to gain access to Internet shutdown orders, to get a sense of the true extent of unreported shutdowns (if any), we filed an application under the Right to Information Act 2005 to the Rajasthan Home Department in April 2018 asking various questions, a few of them were as following:What is the exact number of Internet Shutdowns that were ordered in Rajasthan during 07.08.2017 to 01.05.2018?” and “How many meetings of the Review Committee [as per the Temporary Suspension of Telecom Services (Public Emergency or Public Safety) Rules, 2017] have taken place in the said time period and requested copies of the minutes of these meetings, including file notes.”

In response to our RTI application, the Home Department responded by stating that our applications had been forwarded to various district-level departments as the requisite information was available with them. When we received further replies from districts of Rajasthan, it was revealed that there have been 40 instances of Internet shutdowns between 07.08.2017 and 01.05.2018 across different districts. Considering that our tracker had recorded only 14 instances of Internet shutdowns across all of Rajasthan during the same time period, we gathered that there were at least 26 unreported instances of Internet shutdowns in Rajasthan alone during the eight-odd months in question. A detailed note on these replies ,as received from the Home Department, Government of Rajasthan can be found at: https://sflc.in/rti-reply-rajasthan-home-department-reveals-21-unreported-internet-shutdowns

However, the Home Department refused to furnish any information vis-a-vis the number of review committee meetings and copies of minutes of these meetings. They submitted that the information requested was classified information related to the security of the nation and hence was exempted from being shared under Section 8(1)(a) of the RTI Act, 2005. We filed first appeal to Home (Appeal), Department, State of Rajasthan on the basis of two main grounds : 1. That the requested information does not fall within the ambit of Section 8(1)(a) of the RTI Act, 2005. While the minutes of the meeting may be classified, the number of meetings conducted to review the suspension orders are not per se classified. Moreover, citizens have a right to know the safeguards and measures implemented towards protecting their freedom of speech and therefore, access to information sought is in the larger interest of the public; and 2. That Section 10 of the RTI Act, 2005 should have been applied and officer should have provided at least that part of the information which can reasonably be severed from any part that is believed to contain prejudicial information.

The First Appellate Authority failed to give a satisfactory reply to for refusal to grant the information sought. In fact, it vaguely rejected the appeal by giving unsubstantiated reasons. Not only did the FAA fail to specify the substantial reason against which such a rejection may be preferred, it also failed to explain and provide reasons as to how the disclosure of sought information affects the security of State. The State Public Information Officer (SPIO) claimed exemption under Sec. 8(1)(a) of the RTI Act, 2005 without offering any explanation whatsoever, and the Appellate Authority merely upheld the decision of the SPIO. Unsatisfied by this decision, we filed a second appeal. The second appeal was admitted and heard.

The State Information Commission of Rajasthan dismissed the appeal stating that the State Home Department shall furnish all the information that does not affect the security of the state. As a result, we received a response from Home Department stating that there have been 11 review committee meetings in the said time period: 07.08.2017 to 01.05.2018. Out of 11, the department shared copies of minutes of only six meetings, they claimed national security exemption to prevent sharing the remaining information.

It can be gathered from our existing data and the RTI responses that there have been 40 instances of Internet shutdowns across all of Rajasthan during the time period: 07.08.2017 to 01.05.2018. Of these, at least 29 instances of Internet shutdowns in Rajasthan did not have a review committee meeting during the eight months in question.

The response from State Home Department, Rajasthan to SFLC.in's Second Appeal is provided below:

All Posts | Jul 24,2018

[RTI] Minutes of the third meeting of the Expert Committee on Data Protection

The minutes of the first and second meetings of the Committee of Experts on data protection framework held on September 11, 2017 and October 3, 2017 respectively were disclosed in February 2018 in response to an RTI request made by a private citizen. It informed us that the Committee had been divided into four working groups and each working group was tasked with specific issues related to the proposed framework.

We filed a similar RTI application to MeitY asking for the minutes of all the subsequent meetings held after October 3, 2017. However, we were only provided details of the third meeting. It was communicated to us that the third meeting took place on November 13, 2017 and a fourth meeting was scheduled to take place on December 28, 2017.

The agenda of the third meeting of the Group of Experts on Data Protection, as provided in the response was as follows:

1. Discussion of respective parts of the White Paper:

a. Presentation to be made by Working Group on Grounds of Processing;

b. Presentation to be made by Working Group on Regulation and Enforcement; and

c. Presentation to be made by Working Group on Scope and Exemptions

3. Discussion on standard-setting under the proposed bill

4. Discussion on Key Issues raised by Dr. Gulshan Rai on the Draft MeitY Bill

5. Strategy for Public Consultation / Stakeholder Consultation and timelines.

The minutes of the meeting revealed that Dr. Arghya Sengupta and his team from Vidhi Centre for Legal Policy gave a detailed presentation on the consolidated white paper. The committee members deliberated on the issues outlined in the white paper and some of the important discussion points made during the presentation are:

  • Right of the data subject and harm incurring to him due to personal data collection, use and disclosure needs to be kept at the core of the Act.

  • The definition of identified, identifiable or reasonably identifiable personal data needs to be explicitly provided.

  • The implicit / explicit consent for the purpose and its use needs to be amply clear, which is a major ground for lawful processing of personal data. A checkbox method is one such option.

  • Besides the Data controller, whether the category of data processor and others need to be defined separately?

  • For child consent, while considering two options-putting in place an age bar and obtaining parental consent for the purpose of making a valid contract through some mechanisms. It was stated that Indian Contract Act require age of 18 years or more for the ability to sign a valid contract. It was also deliberated that owing to variety of target audience, one single model of consent may not work.

  • Data Controller should be more responsible in case of child’s consent and data processing. Australian Privacy Act model may also be looked at.

  • Notice to be made comprehensible for data subject to understand the meaning and the consequences arising thereof.

  • The purpose specification, use limitation, storage limitation and data quality, automated data, processing on the automated data and right to be forgotten needs to be clearly defined for the individual participation rights. Dr. Gulshan Rai opined that the white paper may include a question like “Whether Right to be Forgotten should be there or not?” He further opined that this will also help Government to get more insight of how technology companies view this issue.

  • Liability on data controller and processor connected to dealing with data.

  • Data Protection Authority and its functional rights similar to SEBI or IRDA may be explored. Data Protection body should be an independent body.

  • Strategy to adopt when imposing a penalty- percentage of global turnover or fixed optimum rupee limit.

  • The possibility of including class action suits and provisions of other Acts for compensation/offences.

  • The problem of enforceability of law against foreign entities dealing with the data of Indian subjects.

  • The concept of co-regulation or self regulation for he data controller needs to be examined.

  • The data audit of data controller to be done internally as well as externally.

  • Definitions of journalistic, artistic, literary exemptions to be reviewed or expanded.

  • Data Localization concept needs to be clarified in the context of globalization of data and its impact on the digital economy.

  • In the adjudicating mechanism, expenditure incurred can be of very high value due to high infrastructure requirements. The judicial impact assessment of this legislation can also be part of the white paper.

  • Every chapter of the white paper should include an open ended question in respect of suggesting “Any other alternative”.

  • Provisions for security standards which can be incorporated through subordinate legislation.

All Posts | Jul 14,2018

RTI reply from Rajasthan Home Department reveals 26 unreported Internet Shutdowns

We at SFLC.in have been tracking incidents of Internet shutdowns across India in an attempt to draw attention towards the number and frequency of shutdowns, which are imposed for reasons ranging from curbing unrest to preventing cheating during examinations. This data is made publicly available in the form of an interactive Internet Shutdown Tracker hosted on our dedicated website www.internetshutdowns.in, which also features additional resources on the topic. (more…)

All Posts | Oct 09,2017

[RTI] 23030 websites/URLs currently blocked in India

According to the Cyber Laws and E-Security Group under Ministry of Electronics and Information Technology Group (MeitY), as many as 23,030 websites /URLs are currently blocked in India.

This information was received as a reply to a Right to Information application filed by us on August 28, 2017.

The following information was sought in the RTI application:

1) Number of websites / URLs currently blocked in India.

2) Names and URLs of the websites that are blocked.

3) Copies of blocking orders issued by the Department of Telecommunications, Ministry of Communications to block such websites.

The reply to the RTI application was received by us on Oct 6, 2017, wherein only the specific number of blocked websites / URLs was provided with. The rest of the information was denied on the basis of Rule 16 of the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009 which says that strict confidentiality shall be maintained regarding all the blocking requests and complaints received and actions taken thereof.

The response to the RTI application is provided below.

All Posts | Sep 18,2017

[RTI] Darjeeling Internet Ban: 3 months and counting

The ongoing Internet shutdown in Darjeeling, West Bengal completes 3 months today. This day, three months earlier, mobile Internet was shutdown in the city due to the ongoing agitation for a separate Gorkhaland. Two days later, on 20thJune, the orders were extended to the broadband services as well, effectively shutting down the entire Internet. Since then, the Internet ban has been extended several times by the district administration, without any hope of it being restored in the near future. We published a short report on the impact of the embargo on the daily lives of the people as the subsisting shutdown completed two months.

In August, we filed an application under the Right to Information Act, 2005, seeking details regarding the ongoing shutdown in Darjeeling and the copies of the orders that authorised these internet shutdowns. However, we were informed in response to the application, that the information asked by us could not be provided as it is exempted from disclosure under para 1(A)(2) of Notification No. 541-PAR(AR)/O/3M-29/2005 Pt. VIIIA dated 29 August, 2005 of Department of Personnel & Administrative Reforms, Government of West Bengal. Hence, the application was disposed of.

Notably, para 1(A)(2) of the above-mentioned notification exempts the Home Department, under section 24(4) of the Right to Information Act, 2005, to provide information under Political Branch relating to the Interception of mails and other personal communications including phones/mobiles under Indian Post Office Act, 1898 and Indian Telegraph Act, 1885.

The response to the RTI application is reproduced below:

All Posts | May 05,2017

RTI responses provide copies of Internet shutdown orders

India has seen a steep rise in the number of Internet shutdowns over the last few years. At SFLC.in, we have been tracking such instances of Internet shutdowns – see our dynamic Internet Shutdown Tracker at internetshutdowns.in for details.  These shutdowns are generally imposed under the authority of orders issued by State Governments under Section 144 of the Code of Criminal Procedure, 1973, blocking mobile and/or fixed line Internet services for different reasons.

In May 2016, we filed applications under Right to Information Act, 2005 seeking, amongst other details, copies of the orders that sanctioned Internet shutdowns in Haryana in February 2016. In response to the applications and the information sought, we received the following information:

  1. Copies of orders issued under Section 144 of the Criminal Procedure Code, 1973, by the District Magistrates  of Jind, Hisar and Bhiwani, ordering the stoppage of the Internet services, and
  2. Copies of orders issued by the District Magistrates of Jind and Hisar, allowing for restoration of Internet services.

These orders are reproduced below:

All Posts | Jan 05,2017

Information received regarding SWAYAM under Right To Information Act, 2005

SWAYAM, the national Massive Open Online Courses (MOOCs) project established by Ministry of Human Rights Development (MHRD), is a laudatory effort set to serve as a source for courses related to all fields from high school to post graduation. This one stop destination is meant to bridge the educational and digital divide by ensuring learning resources are made accessible in consonance with principles of equity and affordability in the varying socio-economic sectors of the country. Last year it was announced that the development of SWAYAM platform has been decided to be pursued through proprietary platform, disregarding free and open source software (FOSS) options that have proved successful and are being used in MOOC platforms such as edX at the global scale.

SFLC.in conducted in-depth research regarding the discussions that took place by the committees within the MHRD that led to the decision of choosing proprietary software, despite India having implemented the Policy on adoption of Open Source Software for the Government of India in 2015 that makes it a mandatory requirement for all e-governance projects undertaken by various Government organizations to adopt open source software as a preferred option in comparison to closed source software, and wherever making the decision to choose closed source software, to provide reasons in writing. To generate awareness about this issue, a Joint Letter, signed by various academics, non profit organizations, and individuals, was drafted by us and sent to the MHRD. A copy of this Joint Letter can be accessed here.

[Our findings from this research, and a time-line of the events since the inception of the project in 2014 can be accessed here and here respectively.]

In addition, we also filed applications under the Right to Information Act, 2005 for a complete set of minutes of certain meetings that were unavailable on MHRD’s online portal. The applications filed by us asked for the minutes of the meeting held by the technical committee that decided to use proprietary software and awarded the contract to Microsoft. In the reply received by us, we were provided with the minutes of the 9thmeeting of the SWAYAM Project Cell (SPC) where Microsoft was finalized as the Systems Integrator for SWAYAM.

It has details of the discussions regarding the projected costs and further states that the technical and management committees constituted by The All India Council for Technical Education (AICTE) for the purpose of deciding the method of development of SWAYAM had come to the conclusion that in-house developers from National Informatics Centre Services Inc. (NICSI) should be recruited for developing the platform, and “keeping in view the complexity of the project and the requirement of timely and reliable servicing facility, SWAYAM should be developed on a proprietary IT platform rather than open source.”

Furthermore, it states that available systems of Microsoft, Oracle, IBM, and SAP were evaluated, and Microsoft was chosen for the following reasons:

  1. Microsoft platform has the whole bouquet of systems required for designing the MOOCs application, viz SQL, Windows servers, Share point, Dot Net and System Centre.

  2. The Software licenses (Educational versions) are available at highly subsidized rates under Education Discount Policy through their Authorized Education Partners (AEPs) as LSPs.

  3. Microsoft platform is available on DGS&D Rate Contract, so we can buy the same off the shelf.” [Point 9.3 of the minutes of the meeting]

Watch this space for updates on further RTIs we have filed on this topic.

For the entire text of the RTI reply and the minutes of the above mentioned meeting, refer here.

All Posts | Sep 04,2014

Information on India’s surveillance practices received under the Right to Information Act, 2005

 

In order to procure details on India's communications surveillance practices, SFLC.in had filed a number of applications over the years under the Right to Information Act, 2005 (RTI Act) before various Ministries and Departments of the Government. This being an extremely sensitive area of law and policy, a good portion of questions raised were not answered over security concerns. Nevertheless, here are some applications that did manage to elicit responses from the addressees.

SFLC.in had filed an RTI application before the Prime Minister's Office in May 2011, seeking certain administrative, budgetary and operational details connected with the National Intelligence Grid (NATGRID) project. This application was forwarded by the PMO to the NATGRID office, which revealed inter alia that the project had been established with the approval of the Cabinet Committee on Security, and that an amount of Rs. 13 crore had been utilized during 2010-2011 for the project's development. The initial application along with the complete set of responses are given below:

RTI Application Reply From NATGRID

In January 2012, SFLC.in filed an RTI application before the Office of the Controller of Certifying Authorities, seeking among others, the number of requests for user data made by the CCA under Section 28 of the Information Technology Act, and the identities of those from whom information was requested. The Office of the CCA responded stating that a total of 73 such requests had been made in 2011 to Yahoo, Google, Facebook, AOL, Orkut and Hotmail. The concerned application and final response are given below:

RTI Application Reply From CCA

SFLC.in had filed an RTI application before the Department of Telecommunications in May 2013, where we had asked for certain budgetary and administrative details regarding the Central Monitoring System (CMS). Though the DOT initially refused to provide the requested information citing security reasons, SFLC.in on tendering an appeal before the First Appellate Authority, was provided copies of responses to questions in this regard that had been raised by parliamentarians before the Lok Sabha and Rajya Sabha. The initial RTI application before the DOT, along with the final reply, are given below:

RTI Application Reply From DOT

In 2011, the Provisioning & Logistics Department of the Delhi Police had issued a global notice inviting "expression of interest" from Indian and foreign technology companies to supply Internet monitoring equipment. SFLC.in filed an RTI application before the Delhi Police in December 2013 seeking a list of companies that had responded to this notice. The response to the RTI revealed 26 Indian and foreign companies as having expressed interest in supplying monitoring equipment. Said RTI application as well as the final reply are given below:

RTI Application Reply From Delhi Police

In March 2014, SFLC.in filed an RTI application before the Union Ministry of Home Affairs, seeking the total number of interception orders issued under Rule 419A of the Indian Telegraph Act, and the number of orders issued by each authority authorized to issue such orders under the Rule. Though the latter part of our application was not answered due to security reasons, the MHA revealed that on an average, around 7500 to 9000 phone interception orders are issued under Rule 419A by the Central Government alone every month. Below are the relevant RTI application and final response from the MHA.

RTI Application Reply From MHA

 

All Posts | May 03,2014

Government Refuses To Reveal Phone Interception Procedure

On 10th January 2014, several Indian national newspapers ran reports on a fresh set of procedures for interception of telephones issued by the Government of India. According to said reports, this set of procedures issued on 2nd January 2014 bears the title 'Standard Operating Procedures (SOP) for Lawful Interception and Monitoring of Telecom Service Providers (TSP)' and is numbered 5-4/2011/S-II. While the broad framework for phone interception has been provided primarily under Section 5 of the Indian Telegraph Act 1885 read with Rule 419A of the Indian Telegraph Rules 1951, its administrative details are usually prescribed by periodic guidelines or notifications such as the present SOP.

The Hindu in particular, claiming to have accessed this document, noted that it significantly came two weeks after the Government had set up a commission to enquire into the Gujarat-based snooping scandal. It further said that under the SOP, interception of voice, SMS, GPRS, MMS, Video and VoIP calls is subject to eight checks before monitoring is allowed, though the checks themselves were not reported in their entirety. While several additional tidbits were cited from what is apparently a 45-page document containing 11 sections (which detail the operational structure, types of request, validation of interception request, legal intercept under number portability, reconciliation & pruning processes, consequences, list of 10 law enforcement agencies authorised to intercept and a set of 10 annexures relating to interception), a comprehensive picture of the whole process was surprisingly absent.

In order to procure a copy of the SOP, SFLC.IN filed two applications under the Right to Information (RTI) Act, 2005 - one before MTNL and a replicate before the Department of Telecommunications (DOT), Ministry of Communications and Information Technology.

The application filed before MTNL was subsequently forwarded to the DOT, stating that the 'case pertain to DOT' [sic]. Meanwhile, the second application filed directly before the DOT was rejected by its Central Public Information Officer on the grounds that 'the desired information … deals with the classified information related to the security of the nation' [sic], and is hence exempted from the RTI Act's purview under Section 8(1)(a) of the Act. The first application that eventually found its way to the DOT was also foreseeably rejected on the same grounds.

In the light of DOT's refusal to part with the SOP, SFLC.IN filed an appeal before the First Appellate Authority [DDG (Security), DOT] on the grounds that:


  • The requested information does not fall within the ambit of Section 8(1)(a)
  • Sufficient justification was not provided by the CPIO while claiming exemption under Section 8(1)(a)

However, by an order dated 20.3.2014, the Appellate Authority informed SFLC.IN that the requested SOP 'is a restricted document having detailed procedure including internal mechanism of communication within TSP, level of officers on law-enforcement agencies as well as Telecom Service Providers, format for communication etc. about lawful interception and monitoring' [sic]. For this reason, the CPIO's refusal to furnish the information due to the applicability of Section 8(1)(a) of the RTI Act was ruled to be in order.

This calls for a quick look at Section 8(1)(a). It reads:

Notwithstanding anything contained in this Act, there shall be no obligation to give any citizen … information, disclosure of which would prejudicially affect the sovereignty and integrity of India, the security, strategic, scientific or economic interests of the State, relation to foreign State or lead to incitement of an offence.

Thus, while Section 8(1)(a) does exempt from disclosure any information, whose disclosure would compromise national security, it ostensibly leaves the task of categorising such information to the responding Government official.

That said, one utterly fails to understand how the nation's security might be compromised by the disclosure of a set of purely procedural guidelines that specify how phone interception requests are to be handled by those involved. Whereas the specific contents of intercepted calls may understandably be brought under the exemption granted by Section 8(1)(a), there are no evident grounds that justify extending this line of reasoning to the broad procedural framework of interception. Responses to neither RTI application carried any clarification to this end. This unsubstantiated denial of information assumes special intrigue considering the Central Information Commission's ruling in the case of Dhananjay Tripathi v. Banaras Hindu University, where it was held that quoting provisions of Section 8(1) of the RTI Act to deny information without giving any justification or grounds as to how these provisions are applicable is simply not acceptable, and clearly amounts to mala fide denial of legitimate information.

Not only is such blind invocation of Section 8(1)(a) ungrounded in law, but it is also illustrative of a highly disturbing tendency on the part of Government authorities to not disclose the tiniest detail regarding its surveillance initiatives. In light of a considerable lack of legislative clarity on State surveillance of communications and in the absence of any judicial or parliamentary oversight of the process whatsoever, this stubbornly tight-lipped stance of the Government is cause for much concern. Making matters even worse is the conspicuous absence of a Right to Privacy under Indian law, save a judicial nod in the direction, where Right to Privacy was interpreted as an implicit content of the Right to Life as guaranteed under Article 21 of the Constitution of India.

Given the circumstances, it is the duty of the Government of India to assuage its citizens' privacy concerns and disclose the interception processes and the safeguards implemented to protect the privacy of citizens– all the more so in view of a slew of surveillance super-systems in the pipeline such as the Centralized Monitoring System and the National Intelligence Grid among others. While SFLC.IN will certainly appeal the DOT's refusal to part with the recent SOP, it is imperative that the Government rethinks its mode of addressing entirely justified privacy concerns of its citizenry.