Logo

Defender of your Digital Freedom

All Posts | Nov 07,2019

FAQ on surveillance in India.

What exactly is surveillance?

The Merrian - Webster dictionary defines surveillance as “keeping a close watch kept on someone or something”. In the context of this FAQ we refer to the word ‘surveillance’ only to the act of real-time surveillance conducted by Governments through telecommunication systems (namely, telephones and the Internet), though private actors may also conduct surveillance through various methods and offline methods are also used by governments to conduct surveillance.

 

Is there a way that survellience can happen offline as well?

Yes, Section 26 of the Indian Post Office Act, 1898 gives the government the power to intercept articles for public good. It has been mentioned in the section that when there is an occurrence of a public emergency or in the interest of public safety/tranquility an authorized officer of either the state or the central government by making an order in writing can intercept, detain or dispose of any kind of postal article. The subsection (2) of the section mentions that when there is unsurity of if the interception/detention or disposing off was done in public interest, a certificate issued by the government will be conclusive proof. However, for the purpose of this article, we will not be diving into details of offline surveillance.

 

Is suveillance in India legal?

Yes, as there exists a legal framework which enables the Government to conduct surveillance on the occurrence of certain circumstances. However, the surveillance has to be undertaken within the boundaries of this legal framework.

 

Which are the laws that regulate surveillance conducted by the government?

Telephones

1. The Indian Telegraph Act, 1885

  1. Section 3(1AA): Defines what a 'telegraph' is and means, “...any appliance, instrument, material or apparatus used or capable of use for transmission or reception of signs, signals, writing, images, and sounds or intelligence of any nature by wire, visual or other electro-magnetic emissions, Radio waves or Hertzian waves, galvanic, electric or magnetic means...”
  2. Section 5(2): This section is invoked to conduct surveillance over telegraph lines (as defined above, but with the occurence and condition of the pre-requisites of a public emergency or the interest of public safety.

2. Indian Telegraph Rules, 1951

  1. Rule 419A: This provision lays down the procedural law regarding telephone tapping. It was introduced by way of an amendment in 2007, which was necessitated by the Supreme Court's condemnation in the case People's Union for Civil Liberties v. Union of India (AIR 1997 SC 568) of the lack of procedure governing telephone tapping. The provision mandates that telephone tapping can be done only through a lawful order.
diagram explaining how lawful order to tap telephones are procured

Internet

Provisions dealing with Internet surveillance may be found interspersed throughout the Information Technology Act 2000 and several rules made thereunder.

1. Information Technology Act, 2000

diagram depicting the differences between the grounds for interception under Section 5 clause 2 of the Telelegraph Act and Section 69 B of the information technology act

 

  1. Section 69: Modeled extensively after Section 5(2) of the Telegraph Act, allows the Government to engage in surveillance of Internet data. However, there exists no pre- requisites for the invocation of Section 69 when compared with Section 5(2) of the Indian Telegraph Act, 1885 and has enlarged grounds.>
  2. Section 69B: This provision in turn deals with the surveillance of Internet metadata as compared to Internet data. Metadata is any data that gives information about other data. For example, if person A sends a message to person B, then the content of the message will be data and the data such as the time and date of sending and receiving the message, information about the devices from which the message was sent and received, profile information, etc. would be the metadata.

2. Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009

These rules lay down the provision for the procedural law related to the Internet-data surveillance conducted under Section 69 of the Information Technology Act.

3. Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009

These rules lay down the provision for the procedural law related to the Internet-data surveillance conducted under Section 69B of the Information Technology Act.

Under both the above Rules, the procedure laid down is substantially similar to the procedure laid down in Rule 419A of the Indian Telegraph Rules, 1951.

In addition to these laws, license agreements such as the Unified Access Service License (UASL), Internet Service License (ISL), and the Unified License (UL) which incorporates the former two licenses between the Department of Telecommunications and telecommunications service providers also enable the government to receive assistance from telecommunication service providers in conducting surveillance. Licensees must also provide in the interests of security, 'suitable monitoring equipment as per the requirement of the DOT or law enforcement agencies.

 

Are there any monitoring systems in place in India?

As per available information, the Central Monitoring System (CMS) and the National Intelligence Grid (NATGRID) are the two intelligence systems in place in India. Also, another system named Network Traffic Analysis (NETRA) was rumoured to be launched in 2014. NETRA was developed by the Centre for Artificial Intelligence and Robotics (CAIR), a lab under the Defense Research and Development Organisation (DRDO). However, not much information is available regarding the project.

In additions to such dedicated systems, state police forces also conduct monitoring of social media platforms and the web. For example, the Mumbai police force monitored social media platforms to tackle fake news surrounding the Maharashtra elections and similarly, the Uttar Pradesh police force has been put on ‘high alert’ in anticipation of the Ayodhya verdict and as part of vigilance, is conducting social media monitoring. However, this is purely not ‘backdoor’ surveillance but a scan and analysis of publicly available social media posts.

 

Which are the government agencies involved or carry out surveillance in India?

In a starred question which was raised in the Lok Sabha and answered on 11.02.2014, the names of the agencies authorised to intercept and collect details of telephonic conversations under Section 5(2) of the Indian Telegraph Act, 1885 read with Rule 419A of Indian Telegraph (Amendment) Rules, 2007. were listed as follows:


# Central Agencies

  1. Intelligence Bureau

  2. Narcotics Control Bureau

  3. Directorate of Enforcement

  4. Central Board of Direct Taxes

  5. Directorate of Revenue Intelligence

  6. Central Bureau of Investigation

  7. National Investigation Agency

  8. Research & Analysis Wing (R&AW)

  9. Directorate of Signal Intelligence, Ministry of Defence - for Jammu & Kashmir, North East & Assam Service Areas only

# State Agencies

  1. Director General of Police, of concerned state/Commissioner of Police, Delhi for Delhi Metro City Service Area only


As per the order of the Ministry of Home Affairs S.O. 6227(E) dated 20.12.2018 the following Security and Intelligence Agences were authorised “for the purposes of interception, monitoring and decryption of any information generated, transmitted, received or stored in any computer resource under the Sub-section 69 (1) of the Information Technology Act, 2000 (21 of 2000) read with rule 4 of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009

  1. Intelligence Bureau

  2. Narcotics Control Bureau

  3. Enforcement Directorate

  4. Central Board of Direct Taxes

  5. Directorate of Revenue Intelligence

  6. Central Bureau of Investigation

  7. National Investigation Agency

  8. Cabinet Secretariat (RAW)

  9. Directorate of Signal Intelligence (For service areas of Jammu & Kashmir, North-East and Assam only)

  10. Commissioner of Police, Delhi

 

 

What is the remedy available in case you suspect that you have been placed under surveillance illegaly, for example the WhatsApp-NSO scandal?

Judicial recourse is obviously the effective remedy available for negating unlawful monitoring/surveillance efforts by the Government. Illegal monitoring methods, such as the one employed in the WhatsApp-NSO Spyware employs malicious hacking (also known has black-hat hacking) methods which amount to violation of Sections 43 and 66 of the Information Technology Act, 2000, which ascribes liability on the perpetrator of the crime.

Section 43

Section 43 of the Information Technology Act, 2000 deals with penalties and compensation for damage to computer, computer system etc. Section 43 ascribes civil liability to anyone who causes any damage to a computer or a computer system and demands the actor to pay damages (compensation) to the affected person.

Section 66

Section 66 deals with computer related offences. If any person, dishonestly or fraudulently, does any act referred to in Section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both. Section 66 ascribes criminal liability onto the prepetrator of a cyber crime.

 

 

How can I approach forums for securing a remedy?

1. Approaching Cyber Cells

All state police forces have a cybercrime division or a cyber cell or a dedicated cybercrime police station established where victims of cybercrimes can file complaints in case of a malicious cyber incident. First Information Reports can be filed under S. 154 of the Criminal Procedure Code, 1973 in case you are a victim of a cyber crime such as malicious hacking.

It is advised to provide as much information as you can while filing such complaints, including information regarding application and system logs, IP addresses, relevant screenshots. It would be wise to approach a cyber security expert or a digital forensics examiner if you are unaware of how to retrieve necessary information.

2. Approaching Magistrate Courts

If under any circumstances, the police officer/cell refuses to receive or investigate your complaint, recourse may be taken by approaching the Magistrate court through Section 156 (3) read with Section 190 of the Criminal Procedure Code, 1973 by filing a private complaint and seek a direction to the police station concerned to investigate the matter (called a ‘forwarding petition’).

3. Approaching the High Courts

If you suspect that you are being placed under surveillance through an illegal order in contravention to Section 5(2) of the Indian Telegraph Act, 1955 and Rule 419A of the Indian Telegraph Rules, 1951, or under Section 69 of the Information Technology Act, 2000, you can approach the appropriate state High Court under Article 226 of the Constitution of India invoking the ‘writ’ jurisdiction of the High Court to quash the illegal surveillance order and also for exemplary compensation. It is advisable to obtain relevant information regarding the surveillance order by filing RTI applications.

If you suspect that you are a victim of the WhatsApp-NSO Spyware row, then you can approach the High Court if your name has been revealed in any list released by Citizen Lab or any other publicly reported list.

What if the Information Officer under the State/Central authority refuses to furnish information your RTI Application is rejected citing exemptions under Section 8 of the Right to Information Act, 2005 or is delayed?

Under the RTI Act, application for information maybe refused to be furnished citing exemption from disclosure under different grounds enumerated in Section 8 of the Act (and also Section 9 if it infringes copyright of a person other than the State).

Normally, information sought by an application under the RTI Act, has to be furnished within 30 days from the receipt of the application by the public authority and if the information sought for by the applicant is concerned with the life and liberty of a person, it is to be provided within 48 (forty-eight) hours.

If any of the above is a case concerning your application or if you are not satisfied with the information supplied to you, you can still raise an appeal (within 30 days) to the first appellate authority (who is an officer senior in rank to the Information Officer) in the office of the public authority wherein you sought the application. If in case the first appellate authority also furnishes unsatisfactory information, you can approach the State/Central Information Commission (depending on whether the public authority is under the State or Central Government) by filing an appeal.

All Posts | Oct 31,2019

Our Statement on the WhatsApp Surveillance Issue

Our Statement on the WhatsApp Surveillance Issue

The use of sophisticated surveillance technology by governments violates basic human rights of privacy and free speech on the Internet. Vulnerable groups including journalists, minorities and lawyers rely on end-to-end encryption technology, like the one offered by WhatsApp, to remain secure online. Targeting journalists, academics and civil society by using surveillance technology, compromises constitutional and democratic principles on which our nation is built. Governments should refrain from using such methods which affect the security infrastructure the Internet is built on. At SFLC.in we've always argued that the Indian government must introduce comprehensive surveillance reform law to protect the rights of citizens. A few years back, we wrote a report on surveillance in India highlighting some major issues. We also conduct Digital Security Trainings for vulnerable groups such as - journalists and minorities to spread awareness about digital security practices such as encryption over the web - emails, browsers and texting apps.

To support our work on fighting for privacy and security online, you may donate to us at - https://sflc.in/donate.

All Posts | Jun 13,2019

TRAI Consultation on OTT Regulation – Follow-up Submission on Surveillance Reform

On 20 May 2019, during TRAI’s 'Open House Discussion' in Delhi on OTT communication services, certain arguments were raised regarding national security concerns surrounding encrypted communication services, including those services that have end-to-end encryption. The prime factor in these arguments was that terrorists could use end-to-end encrypted communication services to securely communicate among themselves, and such communication cannot be intercepted in time to gather intelligence and act swiftly. It was stated that if all communication could be intercepted in real-time, then terrorist activities could be prevented.

If one places themselves in the shoes of a sovereign that has the responsibility to protect the country from external threats, the prospect of legally requiring an app or a service to hand over all data or information is alluring. After all, this has been done for more than a century with letters, telegram and telephone. Letters could be opened, and telephone and telegram networks could be tapped. Why then, one might wonder, should digital services be treated any differently?

By way of a follow-up submission to TRAI on its public consultation on a regulatory framework for OTT communication platforms, we have addressed the technical and legal concerns around mass monitoring of online communication and the need for reforming surveillance law in India.

Our submission to TRAI can be downloaded below. Our comments and counter comments to TRAI's public consultation on OTT communication services can be downloaded from - here and here, respectively.

All Posts | Apr 12,2019

A ‘Digital Rights Reform Agenda’ for India – What Have Political Parties Missed Out this Election Season?

Yesterday, India entered 7-phases of national elections spanning a little over a month. This election season, we bring to you a ‘Digital Rights Reform Agenda’ which is missing from most political parties’ promises and manifestos. We believe that these topics should be on the agenda list of all political outfits in India claiming a stake on parliament seats. A list of key digital rights issues worthy of political importance are (more…)

All Posts | Apr 04,2019

A Look at Party Manifestos for the 17th Lok Sabha Elections- Will Political Parties Defend Our Digital Freedom?

The 7-phase, 17th Lok Sabha elections will begin on April 11, 2019 and continue until May 19, 2019. Five major national parties – Indian National Congress, Bharatiya Janta Party, Communist Party of India (Marxist), Communist Party of India and All India Trinamool Congress have released their manifestos[fn]CPI (M) Election Manifesto, https://cpim.org/pressbriefs/cpim-election-manifesto-17th-lok-sabha;

CPI Election Manifesto, https://www.communistparty.in/blog/election-manifesto-of-the-communist-party-of-india-for-the-17th-lok-sabha-elections-2019;

TMC Election Manifesto, http://aitcofficial.org/wp-content/uploads/2019/03/TMC-MANIFESTO-Eng.pdf;

INC Election Manifesto, https://manifesto.inc.in/en/index.html

BJP Election Manifesto, http://www.documentcloud.org/documents/5798075-Bjp-Election-2019-Manifesto-English.html[/fn], outlining party priorities and future course of action the parties promise to take if voted to power. At of the time of publication of this post, Aam Aadmi Party has not released its manifesto. We will update this blog as and when it is published. Acknowledging the indispensable role of digital technology in society and its capacity to impact our human rights, most party manifestos have touched upon digital rights.

We studied these manifestos and have captured promises made by these five national parties on digital rights. Kindly refer to the following table for a comparison:

All Posts | Apr 01,2019

Our Comments to DPIIT on the Draft National E-commerce Policy

On 23rd February, 2019, the Department for Promotion of Industry and Internal Trade (“the DPIIT”) released the Draft National E-Commerce Policy (“the Draft Policy”) with the objective to help stakeholders fully benefit from opportunities arising from the progressive digitization of the domestic digital economy and establish a level playing field for all stakeholders in the digital economy.

Though, titled as the ‘National E-Commerce Policy’ the document addresses a wide range of subjects, such as data protection and ownership, cross-border data flow, foreign investment, tax, competition issues, intellectual property and intermediary liability, among other things. These issues affect a number of stakeholders and industries in addition to e-commerce websites and their consumers.

Our comments, inter alia, address issues with the Draft Policy like - jurisdiction of the DPIIT, data ownership and sovereignty, data localisation, intermediary liability and law enforcement access to data. Our detailed comments are as follows:

All Posts | Feb 19,2019

Submission on Surveillance Industry and Human Rights to the UN Special Rapporteur

UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression had invited comments on the surveillance industry and human rights. In 1993 the United Nations Commission on Human Rights established the mandate of the Special Rapporteur that included gathering information on violations, responding to credible information, making recommendations and contributions to provision of technical assistance or advisory services by Office of the United Nations High Commissioner for Human Rights (OHCHR) to better promote and protection right to freedom of opinion and expression.

Last date for submissions from States, civil society, private businesses, and other interested stakeholders was 15th February 2019. The Special Rapporteur requested concise comments on domestic regulatory framework on development, marketing, deployment, facilitation and use of surveillance technologies. The aim of this exercise is to study obligations and responsibilities of States and businesses in the light of human right standards.

We have made our submissions highlighting the domestic laws, regulations, judicial decisions on the use of surveillance technologies in India and their consistency with human rights standards. These submission detailed below will be posted on the OHCHR website at the time of the report’s publication.

All Posts | Aug 08,2018

Social Media Communications Hub: A Privacy Nightmare

On April 25, 2018 the Ministry of Information and Broadcasting released a bid document (“SMCH Bid Document”) stating its intent to establish a Social Media Communication Hub (“SMCH”) which would enable processes such as analyzing large volumes of data across diverse digital platforms in real time, comprehensive analytics along with monitoring and analyzing social media communications etc.

The proposal was challenged in the Supreme Court by Trinamool Congress MP, Mahua Moitra and was subsequently withdrawn by the Government, as informed by the Attorney General, Mr. K.K Venugopal on August 3, 2018.

There were multiple points of concern regarding this SMCH Bid Document, some of which have been addressed hereunder :

1. Establishment of a Surveillance State

The SMCH Bid Document goes on to define how a “technology platform is needed to collect Digital media chatter from all core Social Media Platforms as well as digital platforms” and should further support “creation of a 360 degree view of the people who are creating buzz across various topics.” The technology is required to have the capability to “listen” for and collect data not only from social media platforms but also from email. The ability to “Monitor individual social media user/ account” is a specific mandate being given to the service provider. Based on this, the software should be able to “identify influencers” and “see historic conversation of each user in a reverse chronological manner along with the ability to merge conversations across channels.” This clearly is a step in the making of a surveillance state, where every activity of every citizen on any social media platform will be monitored, analyzed, studied and reported. Justice D.Y. Chandrachud, while hearing a Public Interest Litigation moved by the Trinamool Congress (TMC) legislator Mahua Moitra seeking a stay on the establishment of the Hub commented that, “If the government starts tapping WhatsApp messages, we will be moving towards becoming a surveillance state.”[fn]https://www.livemint.com/Politics/Dg8XuocPJe7fYWPn8kSo9N/SC-likens-govt-social-media-hub-to-surveillance-state.html [/fn]

Intrusion to privacy can be in any form, including through devices or technological aids. Every individual is entitled to be in a state of repose and to work without being disturbed, or otherwise observed or spied upon. Surveillance by the state cannot be such as to squeeze the fundamental freedoms guaranteed to all citizens or to obstruct the free exercise and enjoyment of those freedoms; nor can it be so as to intrude or offend the dignity of an individual.[fn] Malak Singh v. State of Punjab and Haryana (1981) 1 S.C.C. 420[/fn] What is fearsome is the present technological age which has the capacity of making surveillance even more convenient. That is why, in the recent Privacy judgement, the Supreme Court observed that surveillance is not new, but technology has permitted it in ways that are unimaginable. [fn] Justice K.S. Puttaswamy(Retd) v. Union Of India, (2017) 10 S.C.C. 1[/fn]

 

2. Legality of the SMCH

Hon’ble Justice Chandrachud in the Privacy judgement laid down a threefold requirement for

any law to put a restriction on the privacy of an individual; these requirements were as follows:

 

  1. There must be a law in existence to justify an encroachment on privacy;

  2. The requirement of a need, in terms of a legitimate state aim, ensured that the nature and content of the law which imposed the restriction fell within the zone of reasonableness mandated by Article 14; and

  3. The means which were adopted by the legislature were proportional to the object and needs sought to be fulfilled by the law.

 

In the backdrop of these threefold requirements, the SMCH fails on all fronts; (1) The SMCH is not created by any legislative authority, in fact, the Social Media Communication Hub will be housed under the New Media Cell which has itself not been created by any statutory enactment but by a notification dated December 19, 2013 bearing No. A-50013/167/2013-Admn.IV which merely notes that it is to, “disseminate the information through newly emergent social media and concurrent media”. Hence, the Social Media Communication Hub is an extralegal body being created without statutory backing; (2) the SMCH is not, by any stretch of imagination, a reasonable action and there is a very fair chance of it being used it an arbitrary manner ignoring any moral or legitimate state aims; (3) this action of mass surveillance and strike on an individual’s right of privacy under the garb of a SMCH is by no means proportional to the government’s “a Social Media Hub to facilitate information flow regarding its policies and programmes through social media platforms i.e. Facebook, Twitter, Instagram, YouTube etc.” stance.

 

3. Censorship

The SMCH Bid Document[fn] Request for Proposal bearing RFP Ref No: BECIL/Social Media/MIB/02/2018-19 dated 24.04.2018[/fn] explained that it is looking for a tool that would have the capacity to provide inputs to the Ministry of Information and Broadcasting.[fn] Page 28, Request for Proposal bearing RFP Ref No: BECIL/Social Media/MIB/02/2018-19 dated 24.04.2018.[/fn] This tool was required to do a predictive analysis and find out how public perception could be moulded in a positive manner for the country and how nationalistic feelings could be inculcated in the masses.[/fn] Page 34, Request for Proposal bearing RFP Ref No: BECIL/Social Media/MIB/02/2018-19 dated 24.04.2018.[/fn] These practices of the State, amongst others, would essentially lead to indirect censorship.

The pith of the SMCH seems to be one, to benefit and promote the welfare of the citizens by gauging public opinion on a specific scheme, making people aware of their rights and promoting India on a countrywide level. This objective would be impossible to achieve when citizens know and feel that their true thought could have direct or indirect consequences against them. The Supreme Court has explained that privacy has both positive and negative content. While the negative content restrains the State from committing an intrusion upon the life and personal liberty of a citizen, its positive content imposes an obligation on the State to take all necessary measures to protect the privacy of the individual.[fn]Justice K.S. Puttaswamy(Retd) v. Union Of India, (2017) 10 S.C.C. 1[/fn]

It is further pertinent to note that Article 19(2) of the Constitution lays down certain grounds under which censorship is permissible, viz., sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality or in relation to contempt of court, defamation or incitement to an offence. However, the SMCH does not fall under any of these heads of reasonable restrictions, and thus it would be an illegal/invalid censorship.

In an India where people know that they are being profiled based on the influence they carry and the thoughts they put out in their public or private social space, where people are afraid to voice their real opinions fearing that if their opinion is anything but the “correct” one, they will face direct and indirect penalties by a government elected by themselves; whether intended or not, censorship and chilling effect is but an obvious consequence of such a SMCH.

 

4. Limited Government

Once the Constitution is regarded as the supreme law and the powers of all the other organs of government are considered as limited by its provisions, it follows that not only the legislature, but also the executive, and all administrative authorities, are equally limited by its provisions, so that any executive or administrative act which contravenes the provisions of the Constitution must, similarly, be void and the Courts must invalidate them.[fn]D. D. Basu. “Commentaries on The Constitution of India”, p. 165, Vol. I. 1955.[/fn] Notably, even the Supreme Court has expressly stated that the principle of limited government is a part of the basic structure of the Constitution.[fn] Keshavananda Bharti v. State of Kerala, (1973) 4 S.C.C. 225[/fn]

However, through the SMCH, the government is trying to cross and abuse the threshold which the Constitution grants it. The SMCH, without any safeguards in place, would be open to abuse not only by the government but also the private entity that is tasked with its management. There is no limit to which such an open system can penetrate into the life of an individual if the controlling agent is a hostile entity. Free and open targeting, profiling people are unfortunately a very real possibility with such a system in place. Such profiling can result in discrimination based on religion, ethnicity and caste; and this would be against the spirit of the constitution.[fn] Keshavananda Bharti v. State of Kerala, (1973) 4 S.C.C. 225[/fn] The tenets of our Constitution prohibit such discrimination by any authority much less the government.

 

5. Data Protection Laws for Big Data

Through the SMCH Bid Document, the Government aims and plans to create a technology platform to collect Digital media chatter from all core Social Media Platforms as well as digital platforms like news, blogs and forums along with a proprietary Mobile Insights platform in a single system providing real time insights, metrics and other valuable data. Specific capabilities of the tool, mentioned, include live search, monitoring, collecting, indexing and storage of personal data including location-based data and “meta-data”. By doing so, the Government will collect large amount of data in one place. The platform will be deployed in the private data centre and will need to integrate with the mobile platform database for a seamless view across all data platforms.[fn] Page 28, Request for Proposal bearing RFP Ref No: BECIL/Social Media/MIB/02/2018-19 dated 24.04.2018[/fn]. Therefore, the data to be collected is going to be in the possession and control of a private agency.

‘Informational privacy’ is an important aspect of the right to privacy that can be claimed against state and non-state actors. The right to informational privacy allows an individual to control and protect information about herself and prevent it from being disseminated.[fn] Justice K.S. Puttaswamy(Retd) v. Union Of India, (2017) 10 S.C.C. 1[/fn] However, what is worrisome about the SMCH, is that there is no framework/ system for the protection of this database. Collection of information about an individual using web crawlers to create a 360-degree-profile cannot be permitted since India does not have appropriate laws to handle such a project.

The importance of the need for a data protection framework has also been recognised by the Justice Srikrishna Committee and a draft bill and a report have also been published. Clearly, a new and comprehensive legislation will be needed to make specific rules pertaining to big data without which collection of data at such a large scale would be a very risky exercise. The Data Protection Framework, which provides for a comprehensive data protection regime for India is still under process and without the protection of the same, initiating the SMCH is untenable.

 

6. Alternate Means

There is no doubt that a SMCH would help analyze public opinion much better than any system India has previously seen but the fundamental question here is whether such an initiative is needed? There are various already existing ways by which the government can gauge public opinion such as polls, tweets, opinion pieces, publically available articles, interviews, state elections etc. Television debates, newspapers, radio shows also provide a taste of how people are perceiving schemes of the government.

Given the fact that every citizen has a fundamental right to privacy and complete freedom of speech and expression, the SMCH seems like a major infringement to the privacy of the people of the country and especially one which the government can do without.

 

7. Data Misuse

The SMCH Bid Document requires the vendor to not only create the software but also execute it through manpower deployment that extends beyond technical support to various functions of collection of data, analysis and publication. This is to be implemented by a team of Social Media Executives (SMEs) who are private persons employed by a third party service provider handling sensitive personal data of individuals including their 360 degree profiles who are to act under the guidance and directions of the Ministry of Information & Broadcasting.

To imagine the misuse of such a software which keeps a track of and monitors social media profiles of every internet user in India is unfathomable. Extortion, forced resignations, severe tampering of the democratic process, are just a few of the unimaginable ways in which such software system could be misused. Besides, the entire process would bring personal sensitive data of individuals in direct control of private players.

 

8. Misinformation and Propaganda

The stated intent, as per the SMCH Bid Document, is to try to influence social media conversations. This purpose is clearly set out in the RFP in the part titled as, “predictive analysis” as, “how could the public perception be moulded in positive manner for the country, how could nationalistic feelings be inculcated in the masses, how can the perception management of India be improved at the world, how could the media blitzkrieg of India’s adversaries can (sic) be predicted and replied/neutralized, how could the social media and internet news/discussions be given a positive slant for India.”

In the age when the severity of fake news has risen to such an extent that they have become the basis of lynching of people either due to their food preference or religion or other factors etc.; it is unfathomable that the control SMCH will give to the government to not only study its citizens to a micro-managerial granular level but tailor (fake?) news to something that will speak to them at either an individual or district level. Not forgetting that the government has also specified in this tender document a response analysis of each post in a certain area before it is even posted. This would indeed be the end of a democratic unbiased election as we know it.

 

9. Threat to Democracy

The SMCH Bid Document states that the software must “Measure the effectiveness of hashtag campaigns and compare the performance of brand campaign with competitors by ingesting relevant keywords” and the Social Media Command Centre should provide real-time monitoring of competitors. If the platform was intended to be used only by the MIB solely for the purpose of monitoring social welfare schemes, the question of competitors would not arise.

The social media analytical tool would ‘listen’ to conversations on all major digital channels. More significantly, it would also be able to monitor email. The SMCH Bid Document lists “Monitoring individual social media user/account’ as one of the requirements of the project which can very easily be misused to analyze, spot and possibly target user’s behavior and sentiment and subsequently target individuals who criticise the policies and methods of the government.

The SMCH Bid Document also requires capabilities to “mould public perception” in a “positive manner” for the country and inculcate “nationalistic sentiments”, as well as counter the “media blitzkrieg” of India’s adversaries. An automated system that analyzes unfathomable amounts of data on an everyday basis to further the propaganda of the existing government will result in the termination of democracy.

 

10. No Adjudicating Authority

Currently, no specific or specialized authority is tasked with issues which arise from the Information Technology Act, 2000. The Cyber Appellate Tribunal, India’s only specialized body to adjudicate cyber law matters has been defunct since 2011[fn] https://www.hindustantimes.com/india/india-s-only-cyber-appellate-tribunal-defunct-since-2011/story-208HGrEN7hXrABg7lAb69N.html[/fn] and in the absence of an express body to check the scope, use and misuse of such a database strictly, there is no doubt that this SMCH could be misused against anyone either by way of opinion manipulation, restriction of free speech and expression, leaking a person’s personal details so collected with the victim having no specialized body for redressal.

Without an express need and weighing the SMCH against the Puttaswamy judgement combined with the lack of appropriate legislation and lack of a redressal mechanism, coupled with the possibility of grave misuse, the SMCH was a privacy nightmare and has been rightly withdrawn. Polls, tweets, opinion pieces, publicly available articles, interviews, state elections, among other things. should be enough of an understanding exercise for the government to understand the mood of the people lest an initiative to promote better democracy becomes the end of it.

 

All Posts | Jun 25,2018

Welcome AI! – The Indian Government’s Ambitious Policy Proposal

Healthcare, Education, Smart Cities and Transportation Identified as Key Sectors

On June 4th, the NITI Aayog published a discussion paper[fn]Can be downloaded from - http://niti.gov.in/writereaddata/files/document_publication/NationalStrategy-for-AI-Discussion-Paper.pdf [/fn] titled “National Strategy for Artificial Intelligence”. While recognizing the potential of AI for the economic and social growth of India, the paper identifies five sectors which are set to play a pivotal role in the adoption of AI in the country and are likely to benefit from Government intervention – Healthcare, Agriculture, Education, Smart Cities and Infrastructure and Smart Mobility and Transportation. These sectors were chosen as private sector participation alone was deemed insufficient to drive AI adoption in these categories (sectors such as banking and manufacturing seem to have been purposely ignored despite them driving AI usage in India). The paper envisions India as a research hub for AI related technologies; it recognizes the need for skilling its workforce for better adoption; the need for creating awareness and supporting start-ups; and the importance of maintaining ethics, privacy and security with the use of AI.

India – AI Garage of the World

The discussion paper pits India’s ambitions in becoming an AI garage for the world. It imagines India to be a playground for global institutions to develop scalable solutions which can be easily adopted in other developing nations. For establishing India as a research hub, the paper calls for setting-up of centres of research - Centre of Research Excellence in AI (these institutions will focus on core research and building a knowledge base around AI) and International Centre for Transformational AI (these institutions will be focused on creation and adoption of AI based applications). The paper also calls for a change in the Intellectual Property (“IP”) framework in India to strengthen laws for bringing AI applications under the purview of patents and protecting the financial interests of innovators, ignoring finer details like how growth of innovation will be ensured if AI applications[fn]As AI applications are computer based technologies, it is important to clarify that for the purpose of this discussion, AI applications are construed as either – a set of algorithms/ computer programme or software.[/fn] are patented and concentrated in a few hands in the industry. It has been a long standing view of experts that making computer programmes patentable will hinder innovation in technology. Currently, algorithms and computer programmes (per se)[fn]Though, as per section 3(k) of The Patents Act, 1970, computer programmes are per se not patentable, the Controller of Patents has in the past offered Patents to companies such as – Facebook, Google and Apple for their computer related inventions.[/fn] are completely excluded and are not patentable under Indian law - as per section 3(k) of The Patents Act, 1970[fn]Section 3(k) of The Patents Act, 1970, excludes mathematical or business methods, computer programmes per se and algorithms from being considered as inventions for the purposes of the Act.[/fn]. If algorithms/ computer programmes are brought under patent law, large corporations will win in the race of filing claims, thereby creating a patent thicket, impenetrable by small players. This will lead to hampering of growth, as sprucing innovation often requires open platforms and active sharing, specially in the field of technology. Even in mature patent jurisdictions like the United States, there is a growing concern around patenting of computer programmes (software). According to renowned patent reformers Bessen and Meurer – granting patents to computer software hinders innovation. In their book - ‘Patent Failure – How Judges, Bureaucrats and Lawyers Put Innovators at Risk’ they distinguish softwares from other inventions on the basis that – claims under software patents are often abstract and ambiguous which leads to a problem in determining their applicability. They say, “Abstract claims in software patents might be especially difficult to translate into well defined property boundaries.” For Bessen and Meurer, abstract claims for software patents end up rewarding patentees for inventions they do not invent and lead to reduced incentive for future inventors. They also argue that due to increased litigation in issues of software patents, the costs of litigation for such inventions far exceeds their profits.

Thus, a change in the IP framework to bring AI applications under the purview of patents is trickier than it seems. Firstly, this will require a major overhaul of the law itself, as patent law currently doesn’t recognize algorithms and computer programmes as inventions. Secondly and more importantly, the rationale behind patenting of AI applications will need to be debated, to ensure that innovation isn’t hampered.

NITI Aayog envisions ambitious uses like – Internet of Medical Things and Autonomous Trucking

The paper comprehensively enumerates various challenges faced by the identified industry sectors and offers recommendations on how AI can help overcome these challenges, but it fails to illustrate the implementation mechanism of these ambitious goals. Moreover, the solutions seem to be slightly disconnected from the ground realities of India. For example, the paper advocates the use of robotics and Internet of Medical Things for solving problems in healthcare in India and helping the Government meet its social objectives. Considering the low affordability and penetration of health services in India, it does not visit details of how such a task will be implemented or scaled up. Similarly, in Agriculture and Education, recommendations such as – soil and crop health monitoring; and adaptive learning and intelligent tutoring systems seem to be lofty goals not contextualized to the Indian situation. Implementing AI tools for soil and health monitoring will require substantial investment on both sides, (government level, as well as at farms) including educating farmers on the use of this new technology. Similarly, with ICT infrastructure a challenge in public schools, along with low teacher awareness, putting in place mechanisms such as intelligent tutoring systems and adaptive learning seems far fetched.

The paper quotes low driver cost per kilometer questioning the economic practicality of autonomous vehicles in India, but recommends investment in such technologies for the purposes of export and to build ancillary expertise. While brushing away the use of autonomous vehicles on Indian roads, the paper routes for autonomous trucking, AI in railways and use of AI in Indian cities for solving traffic woes. The chapter on smart cities and infrastructure warrants red-flagging as it recommends controversial applications of AI such as – crowd management by monitoring and predicting behaviour and implementation of safety systems by keeping a check on people’s movements by using sophisticated surveillance systems and social media intelligence platforms. Crowd monitoring and predictive behaviour need to be addressed with issues of privacy and data protection before implementation and the suggestion of a social media intelligence platform is reminiscent of the I&B Ministry’s proposed Social Media Communication Hub.

A National Data Marketplace for Increased Access to Meaningful Data

One of the most innovative suggestions of the discussion paper is the establishment of a data marketplace for solving the problem of access to data sets by new entrants in the AI foray. The paper envisages the formation of a decentralized data marketplace based on distributed ledger technology, it puts the responsibility on the Government to introduce regulations for the setting-up of such a data marketplace by private players. The paper predicts that the introduction and use of a National AI Marketplace will lead to collaboration, access and accelerated adoption of AI among enterprises and public authorities. Though, establishment of a national data marketplace will benefit smaller players and increase access to meaningful data, it also raises questions of privacy and protection of sensitive data. Before such a marketplace is installed, India requires a robust data protection law, which not only sets comprehensive guidelines for the collection of data but also prescribes reasonable penalties for their violation.

Explainable AI and Self Regulation

On the Ethics, Privacy and Security front – the paper advocates for elimination of data bias by identifying and removing them on a case-by-case basis. Though, the paper discusses explainable AI/ algorithms, it is vague in its applicability. The paper calls for the enactment of a robust data protection law (it also makes a reference to the Justice Srikrishna Committee – which has been tasked with drafting a new data protection law for India) and formulation of sector specific regulations for diversity in applicability. Adherence to International Standards for safety and privacy and encouragement of self-regulation are some of the other methods suggested by the paper to ensure privacy. The paper calls for establishing negligence tests and safe harbours as opposed to strict liability for estimating damages for abuse of process. Though these recommendations are forward looking, there are some issues worth highlighting – the paper acknowledges the concept of explainable AI but doesn’t tackle government use of AI and transparency. It’s essential that the government makes AI use transparent and accessible in the public domain to eliminate instances of foul-play. Rules for self regulation and safe harbour might not be effective in situations of gross negligence and corporate oversight or when dealing with new technologies. The paper is also silent on use of AI technologies in military practices – considering the Indian armed forces are working on incorporating AI in their operations[fn]http://www.thehindu.com/news/national/india-gears-up-for-ai-driven-wars/article23944083.ece[/fn], it is an important moot point.

Conclusion

This discussion paper is a step in the right direction and NITI Aayog’s move should be sufficiently acknowledged, but as policy design and implementation goes in India, the magic lies in execution. The paper has recommended some ambitious uses of AI in Indian life without going into the financial viability of such projects, given that public participation has not been invited yet, this paper is a pre-cursor to a larger policy debate which shall ensue in the coming months. With the draft law on data protection on its way and India standing on the brink of federal elections in the coming year, it will be interesting to see where and how NITI Aayog and the central government take the debate on AI from here.