Defender of your Digital Freedom

All Posts | Apr 23,2020

Our Statement on the BECIL Tender – COVID – 19 Patient Tracking Tool

Our Statement on the BECIL Tender - COVID – 19 Patient Tracking Tool

Broadcast Engineering Consultants Limited, a government of India undertaking under the Ministry of Information & Broadcasting had recently released a tender inviting “Expression of Interest (EOI) for Empanelment of Agency for Supply of Healthcare Equipments”. The tender invites EOI for agencies to be empaneled to supply various ‘healthcare items’. To this tender a corrigendum was released adding three more items to be supplied: (1) Hand Held Thermal Imaging System (2) Optical Thermal Fever Sensing System (3) COVID – 19 Patient Tracking Tool.

Reading through the specifications of the tracking tool, it is evident that the item, presumably a comprehensive software, goes beyond a healthcare tool and opens up the possibility of mass surveillance.

The first specification for the equipment brands the equipment as an “Intelligence investigation platform & tactical tool to detect, prevent and investigate threats to national security using CDR, IPDR, Tower, Mobile Phone Forensics Data.”

The use of the phrase “national security” points to the possibility of the Government using this equipment to turn on an ‘always-active’ regime of surveillance in the guise of managing a pandemic.

The specification also mandates that it “should allow user to import data extracted from Mobile Forensic Tools like CellebriteUFED, Micro-Systemation XRY and HANCOM GMD”. It is also provided that the tool should be compatible with the i2 Analyst Notebook for advanced link Analysis. Cellebrite UFED (Universal Forensic Extraction Device), Micro-Systemation XRY and HANCOM GMD are linked to mobile forensics. It is not clear as to why a patient tracking tool should have such forensic capabilities. The use of CDR, tower data, and geo-location also indicates that chances are high that the entire system will be connected with already existing systems such as CMS and NATGRID. The tool with analysis of cell tower dumps and gateway scans and CDR records has the potential to be used as a mass surveillance tool.

SFLC.IN considers this move by the government to use technology to build a system that has the potential to be used for mass surveillance to be dangerous as we do not have sufficient safeguards against mass surveillance. Although the use of technology will be required for contact tracing, this has to be done in conjunction with conventional methods of tracking and the pandemic should not be an excuse to introduce a blanket system of surveillance. Many components of the tool included in the tender document go beyond the common requirements of contact tracing and could result in pervasive surveillance. SFLC.in along with other organisations and individuals had earlier sent a joint letter to the Central Government and various state governments requesting that any technology measures taken during the pandemic phase should respect the privacy of citizens and should be time -limited and in tune with the principles of necessity and proportionality.

[pdfjs-viewer viewer_width=0 viewer_height=800 url=https://alpha.sflc.in/wp-content/uploads/2020/11/BECILEOIHealthcarepdf-7dc6ef71921897ecd732748bcc824802.pdf download=true print=true fullscreen=true fullscreen_target=false fullscreen_text="View%20Fullscreen" zoom=auto ]
[pdfjs-viewer viewer_width=0 viewer_height=800 url=https://alpha.sflc.in/wp-content/uploads/2020/11/Corrigendumhealthcarepdf-66a662d4d6c8e2facb46fd1574ab41f4.pdf download=true print=true fullscreen=true fullscreen_target=false fullscreen_text="View%20Fullscreen" zoom=auto ]

All Posts | Dec 24,2018

Technology Policy Developments in India: 2018

As we tread towards the end of the year, 2018. SFLC.in brings you a summary of Tech-Policy developments for the year. We at SFLC.in, participated in some interesting technology policy initiatives in 2018. After the Right to Privacy judgment and EU GDPR, India this year saw extensive activity on the tech-policy front, TRAI submitted its recommendation on privacy, B.N Srikrishna Committee presented the draft of the first Personal Data Protection Bill and the much awaited Aadhaar verdict was delivered by the Constitutional bench. Apart from these, the sphere saw various initiatives, they can be summarized as follows:

Item No.


Policy Initiative/ Document



April 25, 2018

Social Media Communications Hub (SMCH)

The Ministry of Information and Broadcasting released a bid document (“SMCH Bid Document”) stating its intent to establish a Social Media Communication Hub, which would enable processes such as analyzing large volumes of data across diverse digital platforms in real time, comprehensive analytics along with monitoring and analyzing social media communications etc.

The proposal was challenged in the Supreme Court by Trinamool Congress MP, Mahua Moitra.

The project was subsequently withdrawn by the Government, as informed by the Attorney General, Mr. K.K Venugopal on August 3, 2018.

SFLC.in live tweeted the developments in the matter. There were multiple points of concern regarding the SMCH Bid Document, a few of the issues are highlighted here: https://sflc.in/social-media-communications-hub-privacy-nightmare


May 1, 2018

Draft National Digital Communications Policy.

The Department of Telecommunication released the draft with an objective of inviting public comments/ inputs to make the National Digital Communications Policy-2018 a robust document and an enabler for achieving the desired goals. Stakeholders comments were invited until 1st June 2018.

The Draft policy has been quite broad in terms of recognizing and outlining various issues that have an impact on communications network in India. A few significant issues that were highlighted: access to Internet, net neutrality, data protection and privacy, to name a few.

SFLC.in analysed the policy and submitted it’s comments based on its extensive research on issues of access and open source softwares.


May 22, 2018

Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018

Salient Features:

  1. All organisations having “Protected System”(U/s 2(k); primary covers government organisations) shall constitute an Information Security Steering Committee(ISSC) under the chairmanship of CEO/MD/Secretary.

  2. Mandate of ISSC includes approving information security policies of Protected Systems; setting mechanisms for timely communication of cyber incidents; sharing information security audits etc.

  3. Nominate Chief Information Security Officer (CISO) as provided in “Guidelines for Protection of Critical Information Infrastructure”

  4. Establish, monitor and continually improve Information Security Management System (ISMS) of the Protected System.


June 4, 2018

NITI Aayog published India’s strategy document on Artificial Intelligence

It was published by NITI Aayog on June 4, 2018 by NITI Aayog. It identified 5 priority sectors for leveraging AI: Healthcare, Agriculture, Education, Smart Cities and Infrastructure and Smart Mobility and Transportation. Besides, it deliberated on challenges, ethical, privacy, security issues related to AI and skill development.

SFLC.in analysis can be found here - https://sflc.in/welcome-ai-indian-governments-ambitious-policy-proposal

CEO Amitabh Kant informed that a task force would be setup for speedy implementation of the suggestions; setting up COREs (centres of research excellence) and ICTAIs (international centers of transformational AI).


July 16, 2018

Telecom Regulatory Authority of India (TRAI) issued: Recommendations on "Privacy, . Security and Ownership of Data in the Telecom Sector".

TRAI had suo-moto issued recommendation on "Privacy,

Security and Ownership of Data in the Telecom Sector". The recommendations analyses if the current data protection framework is adequate. The recommendations dealt with certain important issues such as: control over data, data security, cross border data transfers among others, consent, data minimization and encryption among others.

The DoT stated that they would currently not take up these recommendations, and they referred the same to B.N Srikrishna Committee.

SFLC.in actively participated both rounds of consultation process. Comments and counter-comments to TRAI consultation may be accessed at:https://privacy.sflc.in/our-comments-on-the-trai/ & https://privacy.sflc.in/our-counter-comments-on-the-trai-consultation-paper-on-privacy-security-and-ownership-of-data-in-the-telecom-sector/


July 27, 2018

The Personal Data Protection Bill, 2018

The Bill has recognized the right to privacy as a fundamental right and protection of personal data as an essential facet of informational privacy. It provides for data protection obligations such as purpose and collection limitation, notice and consent regime; provides stricter consent requirements for sensitive personal data and personal data of children; sets up enforcement and grievance redressal mechanism and various other provisions related to data protection. However, there are certain issues with the bill as well. These include data localisation, lack of independence in Data Protection Authority of India, wide exemptions, online surveillance, independence of data protection officers among others.

SFLC.in’s contribution: Team submitted comments on the draft bill, which may be accessed: https://privacy.sflc.in/our-comments-draft-data-protection-bill/.


July 27, 2018

Justice BN Srikrishna Committee Report

The Personal Data Protection Bill, 2018 came along with the J. BN Srikrishna Committee Report. Its key focus areas include consent and notice; data ownership and user rights, data processing, data protection officers/authority, jurisdiction and data localisation, protection against surveillance etc. The committee elicited public consultations, comments until Jan., 2018.

SFLC.in’s Contribution: SFLC.in was at the forefront of public consultations and submitted comments. Prior to submitting the comments, team organized series of round-table discussions in Delhi, Mumbai, Bangalore and Kochi to understand the perspective of various stakeholders. Report of these events is located at: https://sflc.in/summary-report-series-discussion-personal-data-protection-bill-2018.


July 31, 2018

DoT’s approval of TRAI’s recommendations on Net Neutrality

TRAI released its recommendations on Net Neutrality in November, 2017 These included:

  1. Prohibiting discriminatory treatment of content, updating license agreements for ISP to incorporated principles of non discriminatory treatment of content

  2. Setting up a multistakeholder watchdog under DoT for enforcing net neutrality, website blocking by government/court orders kept outside the ambit; IoT kept within the ambit of net neutrality.

In July, 2018, the Telecom Commission approved these recommendations.


Sept 26, 2018

Justice K.S. Puttaswamy (Retd) & And vs. UOI & Ots (CWP 494 (2012))

(Aadhaar Judgment)

The Supreme Court delivered its much awaited judgment in the Aadhaar case, wherein it upheld the constitutionality of the Aadhaar Act, 2016 barring a few provisions on disclosure of personal information, cognizance of offences and use of the Aadhaar ecosystem by private corporations.

Major Features of the judgment can be accessed here: https://sflc.in/key-highlights-aadhaar-judgment, FAQ on the Aadhaar judgement: https://sflc.in/faqs-aadhaar-judgment


November 28, 2018

State of Rajasthan Government: No more Internet Shutdowns for prevention of cheating in examinations.

A Public Interest Litigation challenging orders that were promulgated to impose Internet Shutdowns in Rajasthan to prevent cheating in examinations was filed at the Jodhpur High Court, located in the State of Rajasthan on 25th July 2018.

Home Department of Rajasthan submitted an additional affidavit stating that the suspension of Internet Services for conducting examinations does not fall in the ambit of ‘public safety’ or ‘public emergency’ as provided under the Temporary Suspension of Telecom Services Rules, 2017. In the light of the said affidavit filed by the State of Rajasthan, a division bench comprising of Justice Sangeeta Lodha and Justice Dinesh Mehta disposed off the matter, on Wednesday, 28th November 2018.

Read more at: https://sflc.in/home-department-state-rajasthan-no-more-internet-shutdowns-prevention-cheating-examinations


December 20, 2018

Ministry of Home Affairs notified certain competent authorities under sub-section (1) of Section 69 of IT Act 2000.

In the exercise of powers conferred upon sub-section (1) of Section 69 of IT Act 2000 read with rule 4 of the IT Rules 2009, Ministry of Home Affairs notified the following authorities as competent authority:

Intelligence Bureau, Narcotics Central Bureau, Enforcement Directorate, Central Board of Direct Taxes, Directorate  of Revenue Intelligence, CBI, NIA, RAW, Directorate of Signal Intelligence, & Commissioner of Police, Delhi.


All Posts | Jan 22,2016

Cryptoparty – January 2016

SFLC.in will be organizing a cryptoparty on 30th January 2016 at 3pm in its office in Jangpura, Delhi. It will be a hands-on workshop where we teach and learn basic cryptography tools to secure our digital communication, to understand data privacy and mass surveillance issues.

Why Cryptoparty?

The state of digital communication hasn't improved much despite the scary revelations made by Edward Snowden back in 2013. Governments and corporations have been engaged in massive surveillance programs which strip our digital lives of all forms of privacy or anonymity, which are essential components to exercise our right to free speech and expression. Hackers have long been practicing the use of mathematics and cryptography tools to circumvent surveillance and keep their communications private. These tools are now necessary for people working in all fields, given the inevitability of digital communication everywhere.

Cryptoparty is a social gathering of people to help learn basic cryptography tools by getting their laptops, mobile phones and other gadgets and learn to secure their digital lives.

What to expect?

  • How to encrypt your emails using PGP

  • How to browse anonymously using Tor

  • How to avoid being tracked online
  • Fun and Food


3pm to 5:30pm on 30th January, 2016

How to get there?

Address: K-9, Birbal Road, Jangpura Extension, New Delhi - 14 Metro: Jangpura Metro Station on Violet Line

Let us know in advance, so we can help you better. RSVP to sarath@sflc.in