Header image alt text


Building a Responsible Cyber Society…Since 1998

Internet Censorship drives business out of India

Posted by Vijayashankar Na on January 29, 2013
Posted in Cyber LawNetizen's Forum  | No Comments yet, please leave one

The Twitter Transparency Report is reported to have indicated that during the last 6 months of 2012, Twitter received two requests covering 16 accounts demanding for removal of content. One of the requests was from a Court and the other from the Government. Twitter also received 10 requests (from officials) for user information during the period. Twitter has refused all requests since they were deficient in information.

According to the Twitter report, the website received 42 requests to remove content or accounts worldwide in the last two quarters compared to just 6 in the first half of 2012. The number of requests seeking information about users was also up. In last six months Twitter received 1009 such requests compared to 849 in the first half of 2012. The number of copyright notices was, however, down from 3378 to 3268.

The website received highest number of censor requests from France that targeted 40 accounts. United Kingdom was second as it targeted 25 accounts while Brazil, which targeted 22 accounts, was third. India was fourth. In terms of number of requests, Brazil topped the list with 16 requests.

It appears that the failure to get the content removed had prompted the Indian Government to consider blocking of the Twitter accounts through the ISPs. Obviously this report does not refer to the action taken by the Police in arresting Twitter users for objectionable content.

The report provides a clear indication that worldwide the Governments are moving towards Internet Censorship. It is for the Netizens to recognize the trend and organize themselves to meet this assault on their freedom.

The Twitter’s refusal to provide information easily to Government will be seen as a strength by the Internet freedom lovers and is bound to enhance its popularity.  While many entrepreneurs in India are trying to set up business competing with Twitter or Facebook, their success will depend on their attitude to “Privacy”.

In the absence of a “Privacy Act’, at present Indian entrepreneurs need to follow the prescriptions under ITA 2008. When a proper notice is received under ITA 2008, the website which is considered an “Intermediary” has to take action to either release the account holder’s information or remove the content. Otherwise they face the prospect of being held criminally liable.

We may also recall that in the recent Headlines Today interview, Mr Kapil Sibal made a mild threat that he may introduce a law to make user identity disclosure compulsory for Twitter type accounts. Given the propensity of the Indian Police to misuse law, User’s may therefore feel unsafe to use Indian micro blogging websites or Indian social networking websites. This attitude is likely to shift Social Networking and Micro Blogging website business out of India to countries where “Privacy Standards” are strong. This is an adverse impact of the current Government policy.

In this context the call for an All India Forum of Netizens (www.aifon.org.in) becomes even more relevant.


HIPAA-HITECH Act Data Breach Audit

Posted by Vijayashankar Na on January 29, 2013
Posted in HIPAAPrivacy  | No Comments yet, please leave one

The Final Rule on HIPAA-HITECH Act released by HHS after a prolonged public discussion makes some changes in the way the Data Breach notification needs to be handled by Covered Entities and Business Associates.

The key points of the Final Rule are as follows:

1. Breach notification is not required under the final rule if a covered entity or business associate, as applicable, demonstrates through a risk assessment that there is a low probability that the protected health information has been compromised, rather than demonstrate that there is no significant harm to the individual as was provided under the interim final rule.

2. The onus of proving that an “Impermissible use or disclosure” of PHI is not a “breach” lies with the covered entity. In other words, all impermissible uses are “breaches” unless the entity “Demonstrates” that there is a low probability that the PHI has been compromised.

This essentially means that whenever an “Impermissible” use or disclosure is observed, the entity should initiate a “Data Breach Audit” process and document if the impermissible use is in fact a “Breach”. Such a “Data Breach Audit” will determine if there has been a breach and whether the probability of compromise is significant.


On 26th and 27th of this month, Headlines Today broadcast an interesting discussion  with Mr Kapil Sibal, the minister of Communications and IT. The discussion put Mr Sibal in the center stage and direct questions were put to him by the recent victims of Section 66A arrests including Mr Assem Trivedi, (Cartoonist who published anti corruption cartoons) the Palghar girl (who opposed Mumbai Bundh on Bal Thakre’s death on Facebook) and Mr Ravi Srinivasan( who tweeted about Karti Chidambaram’s wealth). There were also a few eminent Cyber Law aware professionals in the audience along with general public. Mr Rahul Kanwal moderated the show.

Mr Sibal being an excellent orator and an experienced advocate himself easily warded off the questions from the audience. He generally defended Section 66A stating that it only provides for “Reasonable restrictions” to the “Freedom of Expression” guaranteed by Article 19(1) (a) of the Constitution and the stray cases that are being talked about are errors of judgement on the part of the Police. He also stated that since the matter of constitutionality of Secion 66A is with the Supreme Court now, Government will wait for the views of the Supreme Court and take an appropriate decision.

Neither Mr Rahul Kanwal or the audience were able to confront and effectively argue against Mr Sibal. The advocates present were too tight-lipped to be able to provide a credible counter argument. Mr Sibal was even able to bully the advocates regarding whether Section 66A provided for arrest without warrant.

While watching the program I was reminded of an NDTV Big Fight debate in the year 2000 when the same Mr Kapil Sibal criticized ITA 2000 as a “Draconian Law” because Section 80 of the Act allowed “Arrest without warrant”. At that time, Pramod Mahajan was the IT Minisiter and Mr Sibal was an advocate in the opposition Congress party and he was reacting as a “Political Opponent” and not as a “Professional”.

Presently in ITA 2008, the same Section 80 remains and provides powers of arrest without warrant. In ITA 2000 passed by the NDA, the powers were vested only with the DSPs. Now ITA 2008 vests the same powers with the Inspectors. No body asked Mr Sibal if this did not make the law more draconian than what it was in 2000?

Secondly, I have maintained from the beginning that in all the recent cases of police excesses, it is not the law to blame but the Police misinterpreting the law. (Please see earlier article 1 in Naavi.org earlier article 2 in Naavi.org) .

I therefore expect that the Supreme Court is most likely to come to the conclusion that Section 66A is not against the Constitutional provision of “Freedom of Expression”. However the wide mis-perception about the section and the inability of the media to project the correct information to the public has created a situation where any decision by Supreme Court stating that “We donot think Section 66A should be scrapped or changed” would be seen as an endorsement of the actions taken by Police in all the recent cases. This should be avoided at all costs. In case the Supreme Court clarifies its decision in detail it will help marginally. But even that clarification will be lost in the din of the media misrepresentation.

The Headlines Today debate only extended this mis perception and did not provide the proper clarification on the topic.

It was necessary for the debate to corner Mr Sibal on whether mandatory provisions can be added to ITA 2008 in the next amendment for “Punishment of the Police officers” found to misuse the law. Police will continue to misuse the law with impunity since they act under instructions from the political leaders. Every time it is not possible to invoke Human Rights Commission. The vocal human rights activists only act when they have to support terrorists and criminals. When an ordinary citizen is wronged no human rights activists dear to the media would come forth to defend.

Mr Kapil Sibal is therefore responsible for ensuring that the law (ITA 2008) itself incorporates some safeguards for misuse. However despite many suggestions in this regard from Naavi.org itself, Mr Sibal is guilty of inaction. Mr Sibal is also directly responsible for the closure of Cyber Appellate Tribunal which is the apex judicial body specially formed under ITA 2000/8 to redress the grievances of Cyber Crime victims.

Unfortunately, Mr Rahul Kanwal or any of the advocates present in the debate who are supposed to be informed about these aspects on which Mr Sibal has a direct control raised these issues with him.

In summary, we can say that the debate was good and useful but could have been more useful if it had been properly handled. I must however congratulate Mr Sibal for his ability to convert an adverse situation to his advantage and his comments that there are many criticisms about himself including comments such as “Kill Mr Sibal” on the Internet and he has chosen to ignore them. This would have certainly evoked lot of sympathy amongst the audience and a projection of a freedom friendly attitude of the Minister. The audience was hardly a match for the wit and intelligence of Mr Sibal and he came out as a clear winner of the debate.

I take this opportunity to reiterate that Netizens in India are terrorised  by the Section 66A arrests and Mr Sibal’s assurances not withstanding the terror will only grow. Law will not come to our help since political masters and Police control the law to their advantage. In between the discussions, Mr Sibal has held out a mild threat that he is prepared to pass the law to make “Posting of comments on the Internet in anonymous names will be made punishable”. Though this was stated more in the course of the debate, the possibility of this being made real is very very high.

There is therefore an urgent need for Netizens of India to organize themselves into a strong outfit and be prepared to come together to fight for the freedom of speech. Naavi is therefore suggesting Netizens to come together in the platform of “All India Forum of Netizens” (www.aifon.org.in). This should not remain just a website but should develop itself in strength so that it acts as a pressure lobby to represent the interest of the Netizens. It should also grow into a platform where referendum can be held on various Netizen’s issues and before 2014 should gain such strength as to influence the election results at least in some cities where the Netizen population is decisive.


Mobile Apps.. Guidelines on Privacy

Posted by Vijayashankar Na on January 28, 2013
Posted in Cyber LawPrivacyTELCO  | No Comments yet, please leave one

California Department of Justice has released a set of guidelines for Mobile Apps developers which act as “privacy Practice Recommendations”. The practices recommended here are expected to help in the compliance of the California Online privacy protection Act (COPPA) Being perhaps the first of such codes, this is a useful document to be adopted by all mobile apps developers as well as other stakeholders such as app platform providers, mobile networks etc.

These principles include making an app’s privacy policy available to consumers on app platform, before they download the app. It is stated that major app platform providers such as Amazon, Apple, Google, HP, Microsoft, RIM< and Facebook have agreed to the principles.

Highlights of the recommendations are:

For App Developers

•Start with a data checklist to review the personally identifiable data your app could collect and use it to make decisions on your privacy practices.
•Avoid or limit collecting personally identifiable data not needed for your app’s basic functionality.
•Develop a privacy policy that is clear, accurate, and conspicuously accessible to users and potential users.
•Use enhanced measures – “special notices” or the combination of a short privacy statement and privacy controls – to draw users’ attention to data practices that may be unexpected and to enable them to make meaningful choices.

For App Platform Providers

•Make app privacy policies accessible from the app platform so that they may be reviewed before a user downloads an app.
• Use the platform to educate users on mobile privacy.

For Mobile Ad Networks

•Avoid using out-of-app ads that are delivered by modifying browser settings or placing icons on the mobile desktop.
•Have a privacy policy and provide it to the app developers who will enable the delivery of targeted ads through your network.
•Move away from the use of interchangeable device-specific identifiers and transition to app-speciic or temporary device identifiers.

For Operating System Developers

•Develop global privacy settings that allow users to control the data and device features accessible to apps.

For Mobile Carriers
• Leverage your ongoing relationship with mobile customers to educate them on mobile privacy and particularly on children’s privacy

This is a good starting point for a new regime on privacy protection on the mobile platform. Hopefully it would be adopted at the earliest by responsible apps developers and distributors.


Copy of Guidelines

Mis-perceptions about Section 66A

Posted by Vijayashankar Na on January 24, 2013
Posted in Cyber LawNetizen's Forum  | No Comments yet, please leave one

Section 66A of ITA 2008 has been one of the most abused sections of the Act in recent days. There is also a discussion about the constitutional validity of this section on  whether this section infringes on the constitutional “Right to Freedom of Expression” as provided in Article 19(1) (a) of the Constitution. The discussion has arisen due to the filing of criminal cases in recent days in the case of Ravi Srinivasan of Pondicherry over a tweet, and two ladies in Palghar over postings in Facebook,

Article 19(1)(a) of the constitution is subject to “Reasonable Restrictions” as mentioned in Article 19(2) which provides discretion for any Government to frame and implement laws  infringing on the freedom of expression under the following condition namely,

“in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality or in relation to contempt of court, defamation or incitement to an offence”

The question therefore is whether Section 66A of ITA 2008 is a legislation framed under the exceptions provided under Article 19(2) of the Constitution.

This discussion would be relevant only if there is an impact of this section 66A on the “Freedom of Expression” under Article 19(1) in the first place. The perception of the community is of course that section 66A does infringe on the “Freedom of Expression” as otherwise the police action in the case of Ravi Srinivasan and the Palghar ladies were unwarranted.

However when we analyze the situation we need to also consider  whether the action of the Police in the above two cases were in fact because the Police considered that Section 66A was an exception under Article 19(1) or simply because they misread the law.

If the Police had misread the law the remedy is not in removing the section but in punishing the Police for “Human Rights Violation” and providing such clarifications as would ensure that in future similar mistakes would not be done.

In this context it becomes necessary to discuss if Section 66A of ITA 2008 was indeed meant to address the situation where a Facebook post or a Twitter post could cause annoyance to another individual and that the person who had expressed the objectionable view could not be protected under Article 19(1).

Section 66A has three parts.

It is reproduced below for immediate reference.

Section 66A: Punishment for sending offensive messages through communication service, etc

Any person who sends, by means of a computer resource or a communication device,-

a) any  information that is grossly offensive or has menacing character; or

b) any   information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently  by making use of such computer resource or a communication device,

c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages

shall be punishable with imprisonment for a term which may extend to two three years and with fine.

Explanation: For the purposes of this section, terms “Electronic mail” and “Electronic Mail Message” means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, image, audio, video and any other electronic record, which may be transmitted with the message

This section  applies to “Any Person” who “Sends” by means of a computer resource or a communication device, “any Information” or “Electronic Mail” or “Electronic Mail Message”.

It may be noted that this section is applicable to “Messages” and not for “Publishing” a content on a web platform. Under ITA 2008 offenses related to “Publishing” were covered under Sections 67, 67A and 67B and were restricted to content which was “Obscene”.

Then does it mean that ITA 2008 did not address situations where “Defamation” could occur through non obscene content being published on the web as in the case of the above cases?. The clear indication in the legislation is “Yes”. ITA 2008 did not try to address “Defamation” in electronic space except where the content was obscene.

The perception that Section 66A addressed defamation arose from the fact that it referred to “Information that is grossly offensive or menacing” under Section 66A(a)  as well as “information” that could cause “annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will” under Section 66A(b) and “Causing annoyance” under Section 66A(c).

The first time the section was invoked to address defamation was in the Delhi High Court case of E2labs Vs Zone-H.org. In this case the remedy sought was shutting down of a website which allegedly hosted some defamatory content. Since the defendant in this case was a foreigner and chose not to respond to the notices of the Court for reasons of his own, the Court passed an interim order blocking the website which has remained in place permanently since the defendant will never contest the injunction.

The interim judgement has therefore created a perception that the Court agrees that “Defamation” was caused by the publication and hence the site was blocked. This perception provides a sort of legitimacy to the claim that “Section 66A can be invoked when defamatory content is published on the web platform and it does not get restricted by the constitutional rights of freedom of expression”.

It must however be noted that Section 66A was meant to address “Information” that can be “Sent” and not “Information which is static”. Information which is “Sent” is a “message” and is sent from one person to another. It is “Pushed” . On the other hand a content which is “Posted” is  not directed at any person. It is only “Pulled” by persons who have become part of a “Community” who have agreed to exchange information with other members of the community.

A “Facebook” post or a “Twitter Post” falls into this category of “Hosted content” and does not fall into the category of “messages”. They can be dealt with under the Section 499 of IPC and there is no need to invoke Section 66A.

The fact that Section 66A was meant for “messages” is also evident from the fact that Section 66A(b) used he word “Persistently”. This means that if a person is again and again sending a message (which he knows to be false and is sending it with the malicious intention of causing annoyance etc). In a website posting, the content is posted and not sent again and again to another person.

Section 66A(a) does not use the word “Persistently” but it applies only to such messages which can be considered as “Grossly offensive or Menacing”.

Section 66A(c) also does not use the word “Persistently” but it is specifically mentioned that it is addressed to an “Electronic Mail”.

Thus it can be inferred that Section 66A was meant only for “messages” and not for “Content”. This is justifiable since Section 499 may not be apt for “letters sent from one person to another” and also that the web presented the possibility of a higher level of annoyance than the physical equivalent of “Bulk letter mailing” since “Bulk email bombardment” is more likely.

Section 66A addressed the message because there were offences such as Cyber bullying and Cyber Stalking as well as “Spam” which could not be effectively dealt with under Section 499.

In view of the above we can conclude that Section 66A ITA 2008 was never meant to address “Defamation” and never meant to overlap Section 499 of IPC but was meant to address situations which in the cyber space were significant threats and were not addressed effectively by the physical world equivalent addressed by IPC.

If therefore we come to the conclusion that “No change is required in Section 66A” it will be because the section was never meant to address “Defamation” and  exclusions under Article 19(2) of the constitution and not because we endorse the view that Section 66 A is within the constitutional validity of Article 19(2).

Media needs to understand the issues involved and does not misinterpret the views that may be expressed by the Court in this regard.


Silicon India interview

Posted by Vijayashankar Na on January 22, 2013
Posted in Uncategorized  | No Comments yet, please leave one

Naavi was recently interviewed by Silicon India. The interview is available in the community page of Silicon India. A link is available here.  The interview is presented in the physical society identity of Naavi.

The theme of the interview is basically my views on “Leadership”.