India: Digital freedom under threat? Surveillance, privacy and government’s access to individuals’ online data
By Melody Patry / 21 November, 2013CONTENTS Introduction and Recommendations | 1. Online censorship | 2. Criminalisation of online speech | 3. Surveillance, privacy and government’s access to individuals’ online data | 4. Access: obstacles and opportunities | 5. India’s role in global internet debates | Conclusion
Full report in PDF
(3) SURVEILLANCE, PRIVACY AND GOVERNMENT’S ACCESS TO INDIVIDUALS’ ONLINE DATA
Recent revelations in the Hindu have raised concerns over the extraordinary extent of domestic surveillance online, without any legal and procedural framework to protect privacy.[30] This chapter looks at how the Indian government’s surveillance and access to individuals’ online data presents a threat to freedom of expression. When people know or assume that governments or companies are monitoring their private communications, they are less inclined and less likely to communicate freely. The UN’s Special Rapporteur on Freedom of Expression Frank La Rue delivered a report to the Human Rights Council outlining how state and corporate surveillance undermine freedom of expression and privacy.[31] His report states that “Privacy and freedom of expression are interlinked and mutually dependent; an infringement upon one can be both the cause and consequence of an infringement upon the other.”
At the end of 2012, major telecom companies in India agreed to grant the government real-time interception capabilities for the country’s one million BlackBerry users. The Indian government has consistently requested that major web companies set up servers in India to allow them to monitor local communications.[32] Such surveillance capabilities potentially breach international human rights standards and have been subject to court challenges. In 1996, the Indian Supreme Court held that the citizen’s privacy has to be protected from abuse by the authorities.[33] Yet, Section 69 of the IT Act gives the state surveillance powers in the interest of national security or “friendly relations with foreign states”.[34]
In April 2013, India began implementing a $75 million Central Monitoring System (CMS) that will allow the government to access all digital communications and telecommunications in the country.[35] Content covered by the CMS will include all online activities, phone calls, text messages and even social media conversations. The scope of the programme, in development since 2009, is still to be determined, but some worry about the lack of safeguards against abuse in its implementation. Pranesh Prakash, Policy Director at the Centre for Internet and Society, argues: “In India, we have a strange mix of great amounts of transparency and very little accountability when it comes to surveillance and intelligence agencies.”[36]
Opponents of the system and human rights advocates worry the government will abuse the CMS to monitor or arrest political critics rather than to enhance national security as intended.[37] Arguably, CMS may violate Article 21 of the Constitution guaranteeing “personal liberty”. Concerns remain that without comprehensive privacy laws in India, the system will not be sufficiently accountable, and could chill free expression. Cynthia Wong, senior Internet researcher at Human Rights Watch, says: “The Indian government’s centralized monitoring is chilling, given its reckless and irresponsible use of the sedition and Internet laws. New surveillance capabilities have been used around the world to target critics, journalists, and human rights activists.”
In addition, new laws passed in April 2011 expanded internet surveillance in cybercafés, the primary point of access for the majority of Indians who cannot afford private computers or smartphones (see the section on access). Furthermore, Indians are required to register their real names to activate SIM cards and mobile and internet service providers (ISPs) are required to grant government authorities access to user data. Requesting user data becomes problematic when data is used for prosecuting free speech online and stifling political criticism (see section on criminalisation of online speech and social media).
India is one of the worst offenders globally both for takedown and for user requests, though on user information it is ranked after the US. The Google Transparency Report shows that India ranks second – after the United States – in the number of government requests for users data.[38] In August 2013, Facebook released a similar report. During the first six months of 2013, India ranks second in number of total requests (3,245 requests) and Facebook produced data in 50 percent of the cases.[39] It is possible that data requested by the government will be used in criminal prosecutions for defamation, hate speech, or harming “communal harmony”. This is problematic because these laws in themselves are too vague and broad and do not protect freedom of expression adequately, resulting in disproportionate arrests and prosecutions merely for the expression of views on a blog, liking a post on Facebook, or writing a political tweet. Without privacy law and safeguards to protect data, the collection and retention of such data can be misused and generate a chilling effect among the Indian population.
Many Indian MPs are aware of the need for a legal framework to protect the privacy of Indian citizens. In 2011, Parliament passed new data protection rules, but there is still no privacy law in India. Privacy is a fundamental human right and underpins human dignity and other key values such as freedom of association and freedom of expression. Key changes suggested by internet advocates include a Privacy Bill to address data protection and surveillance, and the establishment of a Privacy Commission.[40] It is time for the Indian government to take better account of the right to privacy and protection from arbitrary interference with one’s privacy.[41] Addressing mass surveillance and unwarranted digital intrusions in India are both necessary steps to fight self-censorship and promote freedom of expression.
CONTENTS Introduction and Recommendations | 1. Online censorship | 2. Criminalisation of online speech | 3. Surveillance, privacy and government’s access to individuals’ online data | 4. Access: obstacles and opportunities | 5. India’s role in global internet debates | Conclusion
This report was originally posted on 21 Nov 2013 at indexoncensorship.org
[30] Shalini Singh, The Hindu, ‘India’s surveillance project may be as lethal as PRISM’ (21 June 2013), http://www.thehindu.com/news/national/indias-surveillance-project-may-be-as-lethal-as-prism/article4834619.ece accessed on 24 September 2013.
[31] Brian Pellot, Index on Censorship, ‘UN report slams government surveillance’, http://www.indexoncensorship.org/2013/06/government-surveillance-apple-google-verizon-facebook/ accessed on 10 September 2013.
[32] Firstpost, ‘Telecos agree to real-time intercept for Blackberry messages’ (31 December 2012), http://www.firstpost.com/tech/telecos-agree-to-real-time-intercept-for-blackberry-messages-573612.html accessed on 10 September 2013.
[33] Pranesh Prakash, New York Times, India Ink (blog), ‘How Surveillance Works In India’ (10 July 2013), http://india.blogs.nytimes.com/2013/07/10/how-surveillance-works-in-india/?_r=0 accessed on 10 September 2013.
[34] The Information Technology Act, Amendment, 2008, Section 69, ‘Directions of Controller to a subscriber to extend facilities to decrypt information’, http://cca.gov.in/cca/sites/default/files/files/itact-amendments2009.pdf accessed on 23 September 2013.
[35] Times of India, ‘Government can now snoop on your SMSs, online chats’ (7 May 2013), http://timesofindia.indiatimes.com/tech/tech-news/internet/Government-can-now-snoop-on-your-SMSs-online-chats/articleshow/19932484.cms accessed on 5 September 2013.
[36] Pranesh Prakash, New York Times, India Ink (blog), ‘How Surveillance Works In India’ (10 July 2013), http://india.blogs.nytimes.com/2013/07/10/how-surveillance-works-in-india/?_r=0 accessed on 10 September 2013.
[37] Mahima Kaul, Index on Censorship, ‘India’s plan to monitor web raises concerns over privacy’, http://www.indexoncensorship.org/2013/05/indias-plan-to-monitor-web-raises-concerns-over-privacy/ accessed on 5 September 2013.
[38] Google, ‘Google Transparency Report’, http://www.google.com/transparencyreport/userdatarequests/IN/ accessed on 5 September 2013 and 15 November 2013.
[39] Facebook, ‘Global Government Requests Report’, https://www.facebook.com/about/government_requests accessed on 5 September 2013.
[40] In 2013, the Centre for Internet and Society drafted a Privacy Bill addressing data protection, surveillance and interception of communications. Centre for Internet and Society, ‘Privacy (Protection) Bill, 2013: Updated Third Draft’ (30 September 2013), http://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-updated-third-draft accessed on 4 October 2013.
[41] The Universal Declaration of Human Rights, Article 12: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.” http://www.un.org/en/documents/udhr/
Tags: digital freedom | freedom of expression | India