Aadhaar case is a fight between honest citizens of India and the Benami property and Black Money owners

Posted on January 24, 2018 by Vijayashankar Na

In the case of Justice Loya’s death due to heart attack, many senior advocates like Mr Dushyant Dave and Indira Jaisingh as well as politicians like Mr Rahul Gandhi are complaining that an enquiry needs to be ordered under the supervision of the Supreme Court. Common Citizens perceive that there is a political conspiracy in this complaint so that they can then hold their gun at the head of Mr Amit Shah and say that he is a suspect and therefore should not be MP etc.

Similarly the Aadhaar case is another case before the Supreme Court where there appears to be a conspiracy to some how derail the intention of the Government to use Aadhaar identity to prevent Black Money Transactions and benami Property holdings. It is very clear to common citizens that the intense opposition to Aadhaar linking to financial information is because it will make it difficult for Black Money holders to keep Benami Bank accounts and Properties.

To sustain their argument, people are complaining that “Aadhaar infringes the fundamental right of Privacy”, “Aadhaar creates a Sureveillance State” etc.

There is no doubt that the Privacy Judgement under the Puttaswamy judgement was expected to help the Anti Aadhaar lobby and hence there was a fight within the Judiciary to fix the bench. Now that the CJI has not allowed it to happen, the politicians are trying to impeach the CJI himself.

All these developments confirm my doubt that there is a serious conspiracy behind this “Aadhaar is un-constitutional” petition led by the Black Money supporters and this is a fight between the honest citizen of India and the Benami property holders. The Privacy arguments are only a cover for ensuring that the Benami property and Black Money owners can enjoy their ill gotten wealth as they were used to in the pre-Modi days.

There was a strange argument presented today as indicated in an affidavit now in the public domain.

According to the afidavit,

1.the  project poses a constitutionally impermissible danger to citizens’ basic civil liberties including their privacy”.

2. “this project is highly imprudent, as it throws open the clear possibility of compromising basic privacy by facilitating real-time and non-real-time surveillance of UID holders by the UID authority and other actors that may gain access to the authentication records held with the said authority or authentication data traffic as the case may be.”

3. it is quite easy to know the location and type of transaction every time such authentication takes place using a scanner for fingerprints or iris and the records of these in the UID / “Aadhaar” database.

4.  it is not dissimilar to knowing the place from where a person made a call using his / her mobile phone. Just as the mobile phone connects to a tower from where the phone signals are sent to other towers and the servers of the mobile phone companies, biometric scanners also have SIMs and IP Addresses to locate the place from the transaction took place and its nature. Any administrator of the UIDAI server or any employee or other person with access
to transaction data, with a little help from the servers (Authentication User Agents and Authentication Server Agents, as they are called in UIDAI literature), through which authentication request is sent to the UIDAI, will be able to track the transaction and the person carrying out the same.

5. that UIDAI recommends that each point of service device i.e. the device from which an authentication request emanates, register itself with the UIDAI and acquire for itself a unique device id, which shall then be passed to the UIDAI along with the request for every authentication transaction. I state herein that the said method of uniquely identifying every device and being able to map every authentication transaction to be emanating from a unique registered device, further makes the task of tracking down the exact location and place from which an authentication request emanates easier.

6. a centralized database has the problem that once hacked all data can be lost. Specifically, consider if the Army personnel use this as an authentication mechanism before getting their salaries. The location from which they authenticate can be found as it will be done via a scanner which has an IP address / is on a mobile internet. From the tower to which the scanner connects via its SIM card, its location can be found. This data will be available in the
logs of the Aadhaar system. Any compromise of the Aadhaar system means that the hackers can know the exact location of each army personnel of the country at the time when they take their salary. This can be a big risk to national security, and this is just one example as to why it is, in my opinion, imprudent to use such a system.

I am sorry to say that the above arguments are contrived and cannot be considered as valid arguments to oppose Aadhaar.

My doubts arise from the following.

  1. “Privacy” is a loosely used fig leaf to cover the need for “Secrecy” by the anti-Aadhaar lobby. Just as we say “Your freedom to extend arms ends at the tip if the nose of the neighbor”, the “Right to Privacy” of one person ends with the “Right to Security” of the other person. Though the Supreme Court says that Right to Privacy is a “Fundamental Right”, it can only be a right with a lower priority to “Right to Security”.

If Security is not available to a nation, it cannot sustain democracy and protect the Right to Privacy where it is required. Aadhaar is only an identity that holds certain information of the citizens so that the State can know who its citizens are and whether they pose any threat to the security of the nation. (which includes prevention of looting of public money with duplicate employment records or ration card records). National security is therefore paramount and even the “Right of Privacy” has to voluntarily yield to the “Right to Security”.

It is therefore wrong to call Aadhaar as posing a “Constitutionally impermissible danger” to citizens”. As a citizen of India I abhor those who hide their identity and hold benami properties, black money, Bitcoins etc. The Supreme Court has to uphold my “Right to Know exercised through the Government” as much as the “Right to remain secret” which others want the Court to protect.

It would be a challenge for the Supreme Court to demonstrate if it is with the honest citizens of India or it sides with the dishonest citizens of India under some technicalities of protecting the Right to Privacy.

2. The charge that “Other actors” may gain access to the authentication records or data traffic to facilitate “Surveillance” is a speculation. In fact this is true of any activity of a Citizen. If some body is reading this article on the web, it is possible for the ISP to track the activity along with the location from which the person is accessing the web. What is special therefore to blame Aadhaar except to mislead the Court because the petitioner may think the Judge does not know technology so that any claim even if false can be pressed.

3.  If the records of the  finger print scanners can be accessed, it is possible to trace the location of the transaction is no rocket science.

4. As the petitioner himself agrees, this is not dissimilar to the Tower data of a mobile call which if properly analyzed, can trace a person within say 3-5 meters. This does not require Aadhaar at all.

Google earth can have a high resolution image which can identify a person moving around on the street from far above the sky. A person with a google glass can scan the credentials of a passer by instantly. An RFID scanner can scan your credit card even when it is inside your pocket.

While all these are acceptable to the Anti Aadhaar lobby, Aadhaar alone seems to be unacceptable because it is the Modi Government which can take the data if it wants.

This is a purely political opposition to the current Government and not based on any logical consideration. If one is concerned about privacy, we need to stop using mobile and live in a cocoon.

Why do such persons want any benefits of being a Citizen?. Let them not have a Bank account. Let them not have ration cards. Let them live as a hermit lives.

It is dishonest of these persons to ask for all the privileges of being a citizen of India including being protected from a terrorist attack or a Cyber crime attack but they themselves should be out of gaze of any law enforcement authority.

Supreme Court should recognize the inherent dishonesty of these anti-Aadhaar lobby and call the bluff.

5. The registration of the Access devices involved in Aadhaar authentication is a critical security requirement and I donot know how security specialists can oppose this feature. In fact, I am of the opinion that these devices should be made in India by an authority like BEL which manufactures EVMs and made as a tamper proof hardware that will self destruct if any attempt to tamper them is made.  Registration per-se is not some thing that can be objected to.

The petitioner repeatedly qualifies that the security can be compromised with “little help” from insiders. Yes every system can be compromised if an insider provides the “little help”.  What we need is to design the security systems with the knowledge of this possibility.

6. The reference to the army personnel being at risk because he draws his salary with aadhaar authentication is funny. Will the enemy target a specific soldier who is in the administrative office drawing salary?. If he has to be tracked, is it not better to intercept the radio messages or personal mobiles than looking for Aadhaar data?

Overall the petition and the affidavit to my mind appear a weak attempt to mislead the Supreme Court. If we follow the questions made by the judges during the proceedings, it appears that they are more aware than what the petitioners think about the ulterior motive of Aadhaar baiters and would not fall for their tricks.

The above argument does not mean that we are not advocating better security for Aadhaar. Yes better security is required. There has to be checks and balances for preventing misuse. But the security specialists are not helping the Government to fortify the security and at the same time UIDAI is not able to win over a large part of security professionals so that they provide positive suggestions.

There could be many reasons why security professionals are not on the side of UIDAI and we have highlighted it several times in this site. But now it is like war time.

All good intentioned citizens need to fight the anti-Aadhaar lobby which is trying to get Aadhaar being rendered impotent. We can forget the arrogance of UIDAI and defeat the nefarious designs of the Black Market community of India. We can then continue to argue with UIDAI about how the security can be improved.

Naavi

 

Posted in Cyber Law | Tagged , , , | Leave a comment

Aadhaar must be preserved with safeguards…. The root cause for Privacy breach is elsewhere

Posted on January 23, 2018 by Vijayashankar Na

An interesting debate is happening in the Supreme Court on whether “Aadhaar is Constitutional” and whether it should be scrapped. We are informed that the Anti Aadhaar advocates have started putting through their view points to convince the Court that Aadhaar is a violation of “Privacy” and it creates a “Surveillance State” and hence it should be scrapped.

I donot see the same commitment of these advocates when it comes to issues like banning Crypto Coins but on Aadhaar they feel that a great injustice is being done to the Indian citizens.

The essence of the anti Aadhaar arguments can be two fold.

First objection to Aadhaar could be that it is being linked to many activities and becoming a universal ID and therefore it will enable creation of a “Surveillance State”.

The second objection to Aadhaar is that the UIDAI has failed to secure the system and hence the system poses a Cyber Crime risk.

The two aspects may have some common link since “Lack of Security” leads to “Leakage of Information relevant for Privacy”.

But the objection so far presented is not because of the security risks but mostly on the ground that it enables the Modi Government to exercise a tight control on information flow particularly related to the financial activities of an individual. So far Black money owners had a field day in having “Benami” holdings of assets and the proposal to link Bank accounts and PAN to Aadhaar as a first step and now to link immovable properties to Aadhaar has really sent shivers down the spine of all the Benamis in India. The opposition to Aadhaar today is vocal because this population of Benamis of India is huge and encompasses politicians, bureaucrats and businessmen.

It is precisely for this reason, I support Aadhaar at present though I have serious reservations on the security aspects of Aadhaar. I believe that security aspects can be addressed if UIDAI is humble enough to admit the security challenges and seek help from appropriate experts, which UIDAI is at present avoiding.

The opposition to Aadhaar from the angle of the recent Supreme Court judgement in which Privacy is held as a “Fundamental Right” is not sustainable if properly countered. Mr Shyam Divan who presented the initial arguments seem to have heavily relied upon this angle and quoted extensively from the Justice Puttaswamy judgement to impress the bench.

We must remember that the Justice Puttaswamy judgement was a one page judgement and just held Privacy as a fundamental Right. It also contained hundreds of pages of reminiscences which did not form part of the order and hence has little value in defining how Aadhaar hurts the Privacy Right of an Indian citizen.

The essence of the Puttaswamy judgment was that “Privacy” cannot be defined and therefore there cannot be a direction on protecting Privacy. However, “Information Privacy” is one aspect of Privacy which can be protected and the Government should work on this.

“Information Privacy Protection” is nothing different from “Data Protection” related to “Personally identifiable information” and more particularly some of the “personally identifiable information” which can be classified as “Sensitive”.

Aadhaar system collects and stores “Individually identifiable Personal Information” and it also collects “Biometrics” which is a sensitive personal information. Aadhaar however does not collect and retain information which is “Health related”, Finance Related” or information related to sexual orientation, racial view points etc. Even before  Aadhaar, Banks have been collecting personal information and generating sensitive personal information. Similarly, health care operators have been collecting sensitive health information and storing them. The Privacy concerns can therefore be expressed even if Aadhaar link is not there to such information.

The only reason why Aadhaar is being discussed is that instead of blaming the Bank account number Privacy for data leakage in Banks and some other IDs for other data leakages, we have a new whipping boy called Aadhaar which is now a common factor for all data breach possibilities.

There is no doubt that convergence of risks do occur when multiple types of data are linked to one central identity parameter like Aadhaar. But it is important to note that leakages occur not because there is a link between the sensitive data and a common number but because the data managers fail to de-identify the data or secure the access to data while in their custody.  If the access to data in Banks or Hospitals can be secured and properly de-identified (or pseudonomized), then even if data is leaked, it will be “Information not identifiable with a living individual” and therefore becomes “Non Sensitive and Non Personal”.

If therefore the security of Aadhaar usage at the intermediary usage points is fortified, then Aadhaar per-se does not pose threat to Privacy of individuals. It is for this reason that the recent measures introduced/suggested by UIDAI to use “Virtual Aadhaar IDs” and to “Fortify the finger prints with a face identity parameter” assumes importance. If these measures are properly implemented, one can argue that the “Privacy Risk arising from the Aadhaar data base” becomes minimal.

The real risk areas are the network links through which the authorized aadhaar users (AUA/KUA agents) access the CIDR and the use of Aadhaar in the AEPS (Aadhaar enabled payment systems), besides the stored data at the user end. Currently, ITA 2000/8 considers these intermediaries as liable for any loss to the citizens arising out of their lack of due diligence or lack of reasonable security practice. This will continue and needs to be made more robust in implementation so that any member of public who loses his data due to the negligence of the Aadhaar intermediaries would be adequately compensated.

The grievance redressal mechanism under ITA 2000/8 will be improved upon when the new data protection act becomes effective and this has to be taken into account by the Supreme Court now.

Blaming Aadhaar system for the negligence of  Aadhaar User agencies which leaks out Aadhaar number of different persons is not fair.

We can blame UIDAI for not having adequate monitoring mechanism to make these intermediaries implement strong security measures and push them for better implementation of security along with deterrance which should be effective. We can also question them for not suspending defaulters for a long time and impose heavy fines, (all of which will be now possible through the new Data protection Act).

But we cannot jump to the conclusion that Aadhaar must be scrapped because of the risks of data leakage.

Some time back the honourable Supreme Court made a huge mistake in scrapping Section 66A of ITA instead of reading down the section and removing the deemed conflict with the “Freedom of Expression”. They should not repeat the same mistake now and end up scrapping Aadhaar.

Scrapping of Section 66A of ITA 2000/8 gave a “License to Defame” and diluted the Act for offences such as Cyber Stalking, Spam, Cyber Extortion, Phishing etc. The Court in a bid to dish out a populist judgement ignored the beneficial aspects of Section 66A.

Similarly, the beneficial aspects of Aadhaar needs to be kept in mind by the Court now before being tempted to give out another populist judgement. If Aadhaar is scrapped, there will no doubt a huge sensation created in the country and the opposition political parties would rejoice. It would also make the judges well known. But it would also immediately assist all Benamis who want to hide their financial transactions from being monitored by the State.

What the Court needs to focus is in asking questions on what checks and balances are planned by the Government to prevent misuse of Aadhaar infrastructure. So far no body seems to have urged the Government in this direction nor this has been a point of debate in the Aadhaar discussions amongst NGOs and other Privacy Activists.

I invite the Privacy activists therefore to start suggesting the infrastructure required to prevent misuse of Aadhaar and in the event of misuse providing proper grievance redressal to the Citizens as also the checks and balances to punish those Government officials who may misuse the system for harassing honest citizens rather than pursue the sole objective of getting Aadhaar scrapped.

If Supreme Court proceeds to take another Sec 66A kind of populist decision, then we will be removing an effective instrument of Governance, defeating the fight against Black money and corruption.

Supreme Court may not be responsible for Governance and hence it may not be their problem if Black Money in India grows and Benamis thrive.

But the progeny may blame the Court for missing an opportunity to drive India on a path to a good economic future and blame them that under the cover of providing Privacy Protection, they provided a Cover of secrecy for criminals to exploit.

Naavi

Posted in Cyber Law | Tagged , , , | Leave a comment

This move on Amazon and Flipkart is a regressive taxation policy and Anti Consumer

Posted on January 22, 2018 by Vijayashankar Na

A report in Economic Times today suggests that the IT Department of Bangalore has issued a notice to the E Commerce players Amazon and Flipkart that the customer discounts given by them should be considered as “Capital Expenditure” and not a revenue expenditure.

The move is highly disappointing and will affect Consumer interests adversely besides hitting on Start ups and innovation.

It is a common accounting practice to consider some expenditure as “Revenue Expenditure” and some as “Capital Expenditure” based on the accountant’s perspective of the period in which the benefit would accrue to an entity.

Accounting is always done on a “Going Concern Basis” where it is expected that any expenditure made today is an investment for the long term benefit of the company as an ongoing business. In a “Gone Concern” approach, expenditure is written off immediately since the company is not expected to survive over the long run. Even as a “Going Concern”, certain expenditure particularly of small value is always written off as a revenue expenditure.

In most other expenditure, it is the discretion of the accountant to consider whether the expenditure should be recognized immediately or deferred.

Similarly even an income may be recognized immediately or deferred. Conservative accountancy recognizes expenditures ahead of time and spreads out the income over a longer period.

Deferment of income reduces the current profit in the P&L account while deferment of expenditure increases the current profit.

Taxation authorities are not concerned about the survival of business in the long run and try to maximize their revenue collection by squeezing out as much tax as possible from an entity. In the process, they often “kill the Goose that lays Golden eggs.”. History of many business failures in India can be traced to such irrational action by the taxation authorities in the past.

While certain assesses escape tax liability when they should not, many innocent and honest businesses often end up paying tax when there is no income. (P.S: This is not related directly to either Flipkart of Amazon but is quoted only as a general observation).

The E Commerce Companies are now caught in this battle between the Taxation official’s need to maximize the tax collections and the needs of business to grow.

By asking the E Commerce companies to treat the “Customer Discounts” as a “Capital Expenditure”, the tax authorities are forcing the companies to reduce their write offs during the current year and spread it over 4-10 years. This will increase the profits for the current year and increased tax liabilities.

As a result, the E Commerce companies may reduce the discounts and this will increase the prices to the detriment of the consumers.

The “Discounts” are real reduction of cash profits of the E Commerce companies and not merely a matter of “Discretion”. Hence, the current move is a move to disallow cash expenses and collect tax on profits which are not there.

The argument that the “Discounts” build “Brand” is untenable since the value addition to the “Brand” is only notional and does not convert into revenue unless the business is valued on a “Gone Concern” basis.

In the “Going Concern” basis, the “Brand Value” is only a means of raising capital in the form of equity at higher levels from investors or for better negotiation during mergers and acquisitions.

If “Notional Brand Value” is taxed, then every other expenditure including salaries paid, advertisements etc can also be deferred and current profits inflated.

If the decision to defer is taken by the management to increase the current profits and declare it in their balance sheets, it would be appropriate for the tax authorities to collect tax. But Tax authorities should not become “Accountants” who determine whether an expenditure has to be written off in one year or in 10 years. This is a gross abuse of the powers available to the tax authorities.

By increasing the immediate profit for taxation purpose and penalizing the companies, the cash availability in business will be reduced and this will hurt many start ups and make their business unviable.

We need to remember that E Commerce is not like the old brick and mortar business where there is land and building which keep appreciating over a period though valued only at costs and keep adding secret reserves to the companies. The E Commerce business lasts only for a few years and hence it is not possible to write off expenditure over a long period. Most companies donot exist for 10 years since the business model would become redundant within  3 to 5 years.

The society has migrated in social values and replaced “life long marriage” commitments with  “marriage until divorce” concept. Similarly, business has also re-defined its principles from building an “Institution” to “Creating innovative idea houses”. These idea houses do spend as much as possible now to acquire customers and make hay while the sun shines.

Government anyway earns indirect taxes by way of all the E Commerce sales and the GST ensures that all transactions are accounted and taxed. Hence the Government should not be mean in looking at direct taxation to further squeeze the industry.

There is no doubt a pressure from Offline traders that E Commerce players are providing unreasonable discounts.  These offline traders often conduct part of their business in cash and evade on the taxes. But the E Commerce players account every transactions since not only the sales but also the payments are all made through digital means and Government will get full revenue on the sales without any tax evasion.

Of course, because E Commerce cannot generate black money, they cannot also pay black money to get their liabilities reduced during assessments or bribe the politicians to get favourable policy formulations.

In the “Congress Culture” which Mr Modi wants to get rid off, the policy is to assist more dishonesty in the system because that generates money to the politicians. We suppose that the present Government wants a “Congress Mukta Bharath”. If that is so, the current move on the E Commerce players is considered regressive.

I request Mr ArunJaitely to look into the matter and set the priorities right.

Naavi

Posted in Cyber Law | Tagged , , , , | Leave a comment

Misleading Article in Times of India on Mobile Pictures and CCTV footage as Evidence

Posted on January 20, 2018 by Vijayashankar Na

Today, there was a misleading article published in Times of India titled “Mobile pics, videos may be allowed as evidence”. By implication it meant that so far it is not accepted as evidence.

The article says that there is a proposal to amend Indian Evidence Act or Criminal Procedure code to enable Video Recording, CCTV Footages and images captured through Cellular phones as evidence as if the current provisions donot have such a provision.

I hope there is no ignorant Government official who would believe this and jump to get an amendment done. 

The  article was credited to one Mr Rohn Dual, quotes a UP Police officer and  a criminal lawyer Mr Tanvir Mir.

From the body of the article it appears that the lawyer has given the correct opinion that such evidence is acceptable under Section 65B of Indian Evidence Act.  But in his bid to make the headline attractive, an ignorant journalist and/or a sub editor has implied that currently such video evidence is not acceptable and a change of law is required to make it acceptable. Apart from the ignorance of the journalist, I am surprised that a UP Police officer who is quoted also may not have the proper appreciation of the current provisions unless he has been misquoted.

This could be a mischievous article planted by some body who wants such an impression to be gobbled up by some ignorant Judge. 

It is therefore necessary to strongly refute the article and provide a clarification so that no Court is mislead into thinking that mobile data or CCTV footage is not currently acceptable as evidence.

It is sad that people write such articles without understanding that Information Technology Act 2000 was drafted as applicable to “Electronic Documents” in general and not with reference to any hardware called “Computer” so that it could be excluded for another device called “Mobile”.

It is possible that there could be some misunderstanding about mobile documents as to who should certify.

Without going into another detailed discussion, I would like to briefly state as follows:

1.Section 65B of Indian Evidence Act recognizes that a “Computer Output” as described in the section may be presented as “Also a document” representing the “Original” and is admissible as evidence without the production of the “Original” provided the certificate as required under the section is produced.

2. The “Computer Output” can be a print out or another soft copy.

3. The “Original” is the “first recording” of the “String of zeros and ones” which together constitute “evidence” which is sought to be produced as a statement under Section 17 of Indian Evidence Act and as per the special provision of Section 65A.

4. The “Original” “string of zeros and ones” does not have any meaning to a human being unless they are processed through a computing device which consists of an application riding on a software platform which itself runs on a hardware running on a “BIOS” like embedded software. The string of zeros and ones have meaning only to such a compatible computer system and not to a human being directly.

5. In view of this dependency of the “Original” on the computer systems before it is experienced as a Text” or “Audio” or a “Video” by a human being, Section 65B envisages that some human being should take the responsibility for first “Viewing” the “Original String of zeros and ones” and put it in a form in which the Judge can admit it as evidence. That certificate has to say that a certain process was used to view/experience the electronic data and that is the essence of Section 65B.

6. Current provisions of Section 65B is therefore essential and cannot be diluted. Mobile data whether it is an SMS or audio or video, can be therefore presented with an appropriate Sec 65B certificate.

7. The Certificate under Section 65B refers to the generation of the “Computer Output” and not to the generation of the “Original stream of zeros and ones” which constitute the “Original electronic record”.

8. It is not necessary for the mobile operator such as Jio or Airtel or Vodofone or Idea to provide the certificate. Any other contractually capable person who understands how to convert the electronic document residing inside the mobile (earlier referred to as the string of zeros and ones) to a print out or another softcopy can provide the certified copy.

9. If the person providing the certificate is a “Trusted Third Party”, it is better. But this is not a pre-condition. But the credibility and reliability of the Certifier is an important consideration for the Court to admit the evidence without further confirmation from another expert on which the Court has confidence.

10. Section 65B is for “Admissibility” of the document and it does not bar the defense to question the “Genuinity” of the evidence. Genuinity of the “Original” is whether such a document ever came into being or not in the first place. The Section 65B certification is simply that the document as is present in electronic form in its original state is now available in the form of a certified Computer output.

CCTV footages

The above clarifications also apply for CCTV footages.

In the CCTV, there is a continuous stream of video which is stored in the form of a media file. Just as a hard disk contains thousands of documents of which one or two is picked up as relevant evidence, in the CCTV footage also only relevant portions can be picked up and presented as separate electronic documents.

The defence however may question the “selection” from the point of view of whether it was meant to suppress information or mislead as to the meaning of the entire evidence. For example, in a recording of CCTV footage in say a shop where 100 customers have transacted, picking up the portion indicating the 45th customer walking in , transacting and going out and excluding everything else in the evidentiary copy is acceptable. But within a conversation which consists of 10 sentences, picking some sentences and deleting the rest should be avoided.

If however there is a conversation for 1 hour and some body would like to present only 5 minutes of the same, it can be admitted with the proviso that the defence may demand the presentation of the entire conversation and allege that some thing contrary to what is presented happened earlier or subsequently.

CCTV owners must remember that as soon as they come to know that a particular piece of information captured is a “Potential Evidence”, whatever is reasonably suspected to be associated with it such as the immediate earlier and immediate later recording with reference to an incident should be considered as plausible evidence and the entire stream/s should be securely archived. If they are deleted with the knowledge that they are “evidence” then the CCTV owner may be liable to be charged with Section 65 of ITA 2000/8 or other IPC.204.

If any of the readers have any further doubt as to the above, I request them to contact me for further clarification.

Naavi

Posted in Cyber Law | Tagged , , , | 1 Comment

Section 65B and its relation to the Theory of Soul and Body, rebirth and past life memory

Posted on January 19, 2018 by Vijayashankar Na

I recently received a query about whether there is any case law which supports my view that even when a original memory card or CD is presented to the Court, a section 65B certificate is required.

I would like to elaborate on this query and submit my views.

Case Law and its limitations in an emerging area of technology

I understand that most practicing advocates consider that  “Law Becomes a Law only when a Judge says so”. Hence the arguments in most cases except when it reaches the higher courts, is always on the case laws and not on interpretation of the law.

The Judicial interpretations are important in assigning meaning to the words contained in the written law but it can always be re-interpreted. A lower court’s interpretation can be re-interpreted by a higher court and a smaller bench interpretation can be re-interpreted by a larger bench.

Hence when we base our legal view only on the strength of some case law, we are on a temporary time period when a particular judgement is considered as a precedent.

True Experts on the other hand will/should ignore interpretations based solely on case law and will/should always argue with a fundamental interpretation with relation to the legislative intent and what is necessary to meet the objectives of the legislation.

Yes, this would be an “opinion” of a ” Deemed Expert” who may be not anybody who is  “Certified by any government or judicial authority” or by passing an “Examination” in a University. But nevertheless, it cannot be ignored as our experience in the past under Sec 65B interpretation has proved.

It takes years for the Courts at higher levels to consider a legal issue, mull it over under different circumstances and contexts, hearing arguments of all hue and description and arrive at a near consensus view on a matter of legal interpretation of a law text, when it can be considered as a “Case Law”. In the meantime we should not curb our creative interpretation of the law and fail to challenge the decisions of the Court even if it comes from the highest Court.

In the domain of Information Technology Act 2000 as amended to the current date, which includes the Section 65B of Indian Evidence Act , I have always followed this principle that we need to dig up the truth from the current law until it is changed and all of us including the Courts at the highest level are in the process of understanding the law and interpreting them.

Some may consider it as not respecting the tradition where the arguments of practicing advocates start and end with

” In so and so vs so and so, the honourable Supreme Court said so and so and there rests my case, my lord”.

Fortunately, not being a practicing advocate gives me the creative freedom to think differently and let the Judges accept my view if they can hear me out fully and with an open mind. No disrespect is meant here for any judicial authority nor any arrogance is intended.

It is a belief that “God sees the Truth but waits”.

I consider that Cyber Jurisprudence in Information Technology Law and Section 65B is still developing and hence what I say is an input which needs to be considered as a “School of Thought”. I may differ in certain respects with other seemingly logical views of other practicing advocates more vocal than me and more active in the Judicial Academies or Legal seminars. But I would not budge from my considered view.

My Considered view in respect of

“whether a Section 65B certification is required for an electronic document when a original memory card or hard disk is presented before the Court”

is an emphatic yes. 

In such cases, the Court has to invite a person of its choice and ask him to view the electronic document and produce a Section 65B copy for the Court to appreciate.

Indian Philosophy shows us the way

The key to appreciate the above point is that an “Electronic Document that is a piece of evidence is not the memory card per se but the stream of binary data, the zeros and ones that are some where inside the memory card in the form of electric charge positive or negative”.

The memory card is the container or a box that contains the zeros and ones that when viewed in a special looking glass called a computer with appropriate hardware and software, provides some human experience such as a text, a sound or a video.

The process of conversion of the stream of zeros and ones which is the “Original” evidence into a readable document or a hearable sound or a viewable video is dependent on a hardware-software combination such as a card reader, computer, operating system, monitor, speaker, audio processor, video processor, besides the header information that precedes the binary representation of the evidentiary content.

Only when all these function properly in tandem the stream of zeros and ones become a humanly appreciable electronic document which the Judge considers as “Evidence”.

Therefore, while the original evidence such as a memory card can be presented as a physical artefact that is an “evidence” and also admitted as an artefact, the question of who will view the binary content contained there in and say that it contains a letter written by X to Y or a photograph or an audio etc., remains to be sorted out.

If the Judge himself views the electronic document which is dependent on the system used, software used etc, then he becomes the person responsible under Section 65B to state that the computer which rendered the binary stream contained in the memory card rendered in a particular manner and will do so in future also in similar circumstances.

We can then say that the onus of providing the Section 65B certificate shifts from the person producing the memory card to the Court itself.

The fact that an electronic document residing in Yahoo Group server could be accepted as evidence based on a certificate produced locally by a private person like me was established in the Suhas Katti case in 2004 itself. There was no need for the “hard disk of yahoo group” to be produced in the Court. I suppose this is a universally accepted fact as of now that where there is a Section 65B certificate of a computer output, there is no need for the production of the original electronic document.

In the Basheer case one part that I did not agree with was a reference to the CD in which the offending speech or song was contained as a “Original”. This term has to be correctly defined.

The terminology that should have been used here was the “First Container of the stream of electronic data elements that constitute the evidence in question” instead of the “Original CD”.

We should refrain from confusing between the “Stream of zeros and ones” which are “Binary impulses recorded for future reference and interpretation” in some form, and the container in which these are held together for the time being.

Imagine the situation where a laser computer screen is created in front of your eyes in free space where you see the information that you normally see on a computer monitor. The words are now floating in the air and there is no surface on which they seem to reside. But no such surface actually exists. This clearly establishes the fact that “binary stream” can exist and actually does exist independent of the “Container”.

Another easy way to understand this is in the concept of the “Soul” and the “Body” in Indian philosophy. Does soul exist independent of the body?.. Indian philosophy agrees that Soul exists independent of the body and that when a person dies, the soul leaves the body and ultimately finds another body in which its past life memories are in tact and if there is a right environment, the erased and reformatted memory of the soul in the past life can be rendered in the new body.  (Hypnotic age regression). The soul perhaps exists in this transitory state until it merges itself with the “Paramatma” which we call “Attaining Moksha” in some forms of philosophy.

Without going deeper into philosophy, we should conclude that

a) “Electronic Document means a stream of binary data arranged in such a manner that under appropriate rendition of the stream through a computer device, it produces the human experience of a readable document or an audio or a video.”

b) A memory card or a hard disk is a device which  holds the stream of binary data and makes it available to be used as a hardware which becomes part of the larger computer system that renders the human experience of a stream of binary data.

In an earlier article, I have referred to the Trisha Defamation Case in Chennai AMM Court where I was invited by the Magistrate in a similar circumstance when the CD was already in his hands and there was no need for an external party to certify it in ordinary prudence.

I appreciate the vision of the magistrate D. Arul Raj who correctly interpreted the law that he should not take the responsibility of writing in the judgement,

“I viewed the contents of the CD which contained so and so information… which contravenes such and such law…etc”.

He decided that he requires a third party to certify it and provide him a Section 65B certificate. In this case, I was the person called upon to do so.

Unfortunately This did not go into a judgement (as I understand) since the complainant later withdrew the complaint.

In my opinion, Cyber Jurisprudence does develop not only from the Judgements, but also from the views that emanate from the experts.

Remember that after Afsan Guru judgement in 2005,  many were quoting that I was not correct in maintaining that Section 65B certificate was mandatory for admissibility. But it took 9 more years of erroneous reading of the law to be upturned by the Basheer judgement in 2014.

In between I continued to hold my view and also argued with experts particularly in the National Police Academy who were listening to me on the one hand and also looking at the Afsan Guru judgement and spotted the discrepancy. Most other experts had not even observed this discrepancy and hence not raised the issue in any forum for a larger debate until the Basheer judgement reflected what I was saying all along.

Similarly, any of the views that I have expressed here may not be today the popular view or a view that is necessarily supported by a judgement. But I am confident that judgements will eventually follow what I have stated here.

May be there will be occasions when I will revise my view or the law itself may change. But presently my view is that

“Even when the original binary stream is presented in the container to the Court, the container has to be opened and the binary stream has to be interpreted with the assistance of hardware and software and hence it is necessary for the Judge to take the assistance of a Section 65B Certifier reliable to it. Such a certifier can be a Section 79A certified agency if available or other persons on whom the Court reposes confidence.”

Naavi

Posted in Cyber Law | Tagged , , , , , , , , | Leave a comment

Uphold the “Right to Know” against “Right to Privacy” in the new Data Protection Law

Posted on January 17, 2018 by Vijayashankar Na

As we enter the final stages of public consultation on the drafting of the new Data Protection Act of India following the release of the White Paper by the Justice Srikrishna Committee, one aspect of the law that needs attention is the “Right to Know” of an individual which often conflicts with the” Right to Privacy” of another individual.

Right To Know is a different concept

“Right to Know”  is a concept that GDPR also has ignored and there is an opportunity for India to introduce this concept into the discussions of Privacy.

Let me explain with an example why this concept is different from other known concepts including “Right to Information”.

When some body calls us on a phone, the first question we would like to know is “Who is calling?”. If the other person says, sorry, I value my privacy and would not like to reveal my identity or I would like to talk  under a pseudonomous name, the question arises as to whether this is a valid Privacy argument or not.

Similarly, when I receive an e-mail from some body who says he is Jignesh420@gmail.com, I have the right to know whether he is really somebody I know or not. I donot trust the display name since I know that Google does not do a KYC before allocating the user name. I therefore donot know if the e-mail is a “Spam”, is an attempt to “Impersonate” or is an attempt to commit a fraud on me. If I want to know more about the person, I need to know his IP address.

However, Google in its misdirected concept of Privacy hides the IP address with a proxy address from Google which cannot be deciphered without the intervention of law and takes too much of time and effort and often bribing of the law enforcement personnel just to send a notice to Gmail administration.

I therefore ask a question to the law makers,

Do I not have a right to know the true IP address of the person who has sent me an e-mail?

If Privacy activists want the IP address to be hidden in the email while it is in transit, I demand that Google should introduce a procedure by which every recipient of an e-mail should be able to raise a one click query to know the IP address from which an E-Mail has been sent to him and Google should automatically provide the information.

Similarly, any ISP should also provide the last mile resolution of the IP address to any person who can prove that he has been in receipt of a communication from such IP address.

This is what I consider as the “Right to Know” and it extends to the Facebook and Twitter accounts as well as social media such as the Whats App.

If “Right to Know” is upheld as a Right of an individual, it does not conflict with the right to privacy of an individual except that such right stops at the door steps of the rights of the receiver of a communication. On the other hand it provides a new right to the recipient of an electronic communication just like the “Right to Speech” co-exists with the Right of Privacy in law.

This “Right to Know the IP address” extends to other instances such as

a) Right to Know the identity of a Domain Name Registrant

b) Right to know the identity of the owner of a Telephone number or Mobile Number from which the recipient has received at least one call or is reasonably suspected to have been used for the commission of an offence.

…. and may be for other instances as well to be  defined just like the multiple parameters we may use for classifying “Sensitive Personal Information” under the law.

Aadhaar has recently introduced a link on its site to provide information on Aadhaar usage history of a person which is a great measure towards transparency. But the information provided is on the basis of a transaction code that cannot make any sense to the Aadhaar user. It has to provide the name of the entity that made the query either directly on the website itself or through a link for which there can be a second OTP authentication. This falls under the “Right to Know”.

The procedure for extracting the information in the above cases must be simple and nothing more than

a) Identification of the person who is making the request with something like the digital signature or Aadhaar

b) Statement of the suspected contravention of law or proof of being a recipient of an attempted communication

c) A commitment not to misuse the information for any purpose other than the stated purpose with an undertaking to be liable for consequences of misuse

I request Justice Srikrishna Committee to consider this suggestion and incorporate it into its recommendations.

(Comments Invited)

Naavi

Posted in Cyber Law | Tagged , , , , | 3 Comments