[September 2-9] CCG’s Week in Review: Curated News in Information Law and Policy

This week, Delhi International Airport deployed facial recognition on a ‘trial basis’ for 3 months, landline communications were restored in Kashmir as the Government mulls over certification for online video streaming platforms like Netflix and PrimeVideo – presenting this week’s most important developments in law, tech and national security.

Aadhaar

  • [Sep 3] PAN will be issued automatically using Aadhaar for filing returns: CBDT, DD News report.
  • [Sep 3] BJD set to collect Aadhaar numbers of its members in Odisha, Opposition parties slam move, News 18 report; The New Indian Express report; Financial Express report.
  • [Sep 5] Aadhaar is secure, says ex-UIDAI chief, Times of India report.
  • [Sep 5] Passport-like Aadhaar centre opened in Chennai: Online appointment booking starts, Livemint report.
  • [Sep 8] Plans to link Janani Suraksha and Matra Vandan schemes with Aadhaar: CM Yogi Adityanath, Times of India report.

Digital India

  • [Sep 5] Digital media bodies welcome 26% FDI cap, Times of India report.
  • [Sep 6] Automation ‘not  threat’ to India’s IT industry, ET Tech report.
  • [Sep 6] Tech Mahindra to modernise AT&T network systems, Tech Circle report.

Data Protection and Governance

  • [Sep 2] Health data comes under the purview of Data Protection Bill: IAMAI, Inc42 report.
  • [Sep 2] Credit history should not be viewed as sensitive data, say online lenders, Livemint report.
  • [Sep 3] MeitY may come up with policy on regulation of non-personal data, Medianama report.
  • [Sep 3] MeitY to work on a white paper to gain clarity on public data regulations, Inc42 report.
  • [Sep 6] Treating data as commons is more beneficial, says UN report, Medianama report.
  • [Sep 9] Indian Government may allow companies to sell non-personal data of its users, Inc42 report, The Economic Times report.
  • [Sep 9] Tech firms may be compelled to share public data of its users, ET Tech report.

Data Privacy and Breaches

  • [Sep 2] Chinese face-swap app Zao faces backlash over user data protection, KrAsia report; Medianama report.
  • [Sep 2] Study finds Big Data eliminates confidentiality in court judgments, Swiss Info report.
  • [Sep 4] YouTube will pay $170 million to settle claims it violated child privacy laws, CNBC report; FTC Press Release.
  • [Sep 4] Facebook will now let people opt-out of its face recognition feature, Medianama report.
  • [Sep 4] Mental health websites in Europe found sharing user data for ads, Tech Crunch report.
  • [Sep 5] A huge database of Facebook users’ phone numbers found online, Tech Crunch report.
  • [Sep 5] Twitter has temporarily disabled tweet to SMS feature, Medianama report.
  • [Sep 6] Fake apps a trap to track your device and crucial data, ET Tech report.
  • [Sep 6] 419 million Facebook users phone numbers leaked online, ET Tech report; Medianama report
  • [Sep 9] Community social media platform, LocalCircles, highlights data misuse worries, The Economic Times report.

Free Speech

  • [Sep 7] Freedom of expression is not absolute: PCI Chairman, The Hindu report.
  • [Sep 7] Chennai: Another IAS officer resign over ‘freedom of expression’, Deccan Chronicle report.
  • [Sep 8] Justice Deepak Gupta: Law on sedition needs to be toned down if not abolished, The Wire report.

Online Content Regulation

  • [Sep 3] Government plans certification for Netflix, Amazon Prime, Other OTT Platforms, Inc42 report.
  • [Sep 4] Why Justice for Rights went to court, asking for online content to be regulated, Medianama report.
  • [Sep 4] Youtube claims new hate speech policy working, removals up 5x, Medianama report.
  • [Sep 6] MeitY may relax norms on content monitoring for social media firms, ET Tech report; Inc42 report; Entrackr report.

E-Commerce

  • [Sep 4] Offline retailers accuse Amazon and Flipkart of deep discounting, predatory pricing and undercutting, Medianama report; Entrackr report.
  • [Sep 6] Companies rely on digital certification startups to foolproof customer identity, ET Tech report.

Digital Payments and FinTech

  • [Sep 3] A sweeping reset is in the works to bring India in line with fintech’s rise, The Economic Times report.
  • [Sep 3] Insurance and lending companies in agro sector should use drones to reduce credit an insurance risks: DEA’s report on fintech, Medianama report.
  • [Sep 3] Panel recommends regulating fintech startups, RBI extends KYC deadline for e-wallet companies, TechCircle report.
  • [Sep 4] NABARD can use AI and ML to create credit scoring registry: Finance Ministry report on FinTech, Medianama report.
  • [Sep 5] RBI denies action against Paytm Payments bank over PIL allegation, Entrackr report.
  • [Sep 5] UPI entities may face market share cap, ET Tech report.
  • [Sep 6] NBFC license makes fintech startups opt for lending, ET Tech report.
  • [Sep 9] Ease access to credit history: Fintech firms, ET Markets report.

Cryptocurrencies

  • [Sep 1] Facebook hires lobbyists to boost crypto-friendly regulations in Washington, Yahoo Finance report.
  • [Sep 2] US Congress urged to regulate crypto under Bank Secrecy Act, Coin Telegraph report.
  • [Sep 2] Indian exchanges innovate as calls for positive crypto regulation escalate, Bitcoin.com report.
  • [Sep 4] Marshall Islands official explains national crypto with fixed supply, Coin Telegraph report.
  • [Sep 5] Apple thinks cryptocurrency has “long-term potential”, Quartz report.
  • [Sep 5] NSA reportedly developing quantum-resistant ‘crypto’, Coin Desk report.
  • [Sep 6] Crypto stablecoins may face bottleneck, ET Markets report.

Cybersecurity

  • [Sep 3] Google’s Android suffers sustained attacks by anti-Ugihur hackers, Forbes report.
  • [Sep 4] Firefox will not block third-party tracking and cryptomining by default for all users, Medianama report.
  • [Sep 4] Insurance companies are fueling ransomware attacks, Defense One report.
  • [Sep 5] Firms facing shortage of skilled workforce in cybersecurity: Infosys Research, The Economic Times report.
  • [Sep 5] Cybersecurity a boardroom imperative in almost 50% of global firms: Survey, Outlook report; ANI report.
  • [Sep 5] DoD unveils new cybersecurity certification model for contractors, Federal News Network report.
  • [Sep 5] Jigsaw Academy launches cybersecurity certification programme in India, DQ India report.
  • [Sep 6] Indians lead the world as Facebook Big Bug Hunters, ET Tech report.
  • [Sep 6] Australia is getting a new cybersecurity strategy, ZD Net report.
  • [Sep 9] China’s 5G, industrial internet roll-outs to fuel more demand for cybersecurity, South China Morning Post report.

Tech and National Security

  • [Sep 3] Apache copters to be inducted today, The Pioneer report.
  • [Sep 3] How AI will predict Chinese and Russian moves in the Pacific, Defense One report.
  • [Sep 3] US testing autonomous border-patrol drones, Defense One report.
  • [Sep 3] Meet the coalition pushing for ‘Cyber Peace’ rules. Defense One report.
  • [Sep 4] US wargames to try out concepts for fighting China, Russia, defense One report.
  • [Sep 4] Southern Command hosts seminar on security challenges, Times of India report; The Indian Express report
  • [Sep 4] Russia, already India’s biggest arms supplier, in line for more, Business Standard report.
  • [Sep 4] Pentagon, NSA prepare to train AI-powered cyber defenses, Defense One report.
  •  [Sep 5] Cabinet clears procurement of Akash missile system at Rs. 5500 crore, Times Now report.
  • [Sep 5] India to go ahead with $3.1 billion US del for maritime patrol aircraft, The Economic Times report.
  • [Sep 5] DGCA certifies ‘small’ category drone for complying with ‘No-Permission, No-Takeoff’ protocol, Medianama report.
  • [Sep 5] India has never been aggressor but will not hesitate in using its strength to defend itseld: Rajnath Singh, The Economic Times report.
  • [Sep 5] Panel reviewing procurement policy framework to come out with new versions of DPP, DPM by March 2020, The Economic Times report; Business Standard report; Deccan Herald report.
  • [Sep 5] Russia proposes joint development of submarines with India, The Hindu report.
  • [Sep 7] Proud of you: India tells ISRO after contact lost with CHandrayaan-2 lander, India Today report.

Tech and Elections

  • [Sep 4] ECI asks social media firms to follow voluntary code of ethics ahead of state polls: report, Medianama report.
  • [Sep 6] Congress party to reorganise its data analytics department, Medianama report.
  • [Sep 5] Why the 2020 campaigns are still soft targets for hackers, Defense One report.
  • [Sep 5] Facebook meets with FBI to discuss election security, Bloomberg report.
  • [Sep 5] Facebook is making its own AI deepfakes to head off a disinformation disaster, MIT Tech Review report.

Internal Security: J&K

  • [Sep 4] Long convoy, intel failure: Multiple lapses led to Pulwama terror attack, finds CRPF inquiry, India Today report; Kashmir Media Service report; The Wire report.
  • [Sep 4] Extension of President’s Rule in Kashmir was not delayed, MHA says in report to SC lawyer’s article, Scroll.in report.
  • [Sep 6] Landline communication restored in Kashmir Valley: Report, Medianama report.
  • [Sep 7] Kashmir’s Shia areas face curbs, all Muharram processions banned, The Quint report.
  • [Sep 7] No question of army atrocities in Kashmir as it’s only fighting terrorists: NSA Ajit Doval, India Today report.
  • [Sep 8] More than 200 militants trying to cross into Kashmir from Pakistan: Ajit Doval, Money Control report.
  • [Sep 8] ‘Such unilateral actions are futile’, says India after Pakistan blocks airspace for President Kovind, Scroll.in report; NDTV report.

Internal Security: NRC

  • [Sep 2] Contradictory voices in Assam Congress son NRC: Tarun Gogoi slams it as waste paper, party MP says historic document, India Today report.
  • [Sep 3] Why Amit Shah is silent on NRC, India Today report.
  • [Sep 7] AFSPA extended for 6 months in Assam, Deccan Herald report.
  • [Sep 7] At RSS mega meet, concerns over Hindus being left out of NRC: Sources, Financial Express report.

National Security Institutions and Legislation

  • [Sep 5] Azhar, Saeed, Dawood declared terrorists under UAPA law, Deccan Herald report; The Economic Times report.
  • [Sep 8] Home Minister says India’s national security apparatus more robust than ever, Livemint report.
  • [Sep 8] Financial safety not national security reason for women to join BSF: Study, India Today report.

Telecom/5G

  • [Sep 6] Security is an issue in 5G: NCSC Pant on Huawei, Times of India report.

More on Huawei

  • [Sep 1] Huawei believes banning it from 5G will make countries insecure, ZD Net report.
  • [Sep 2] Huawei upbeat on AI strategy for India, no word on 5G roll-out plans yet, Business Standard report.
  • [Sep 3] Huawei denies US allegations of technology theft, NDTV Gadgets 260 report; Business Insider report; The Economic Times report.
  • [Sep 3] Shocking Huawei ‘Extortion and Cyberattack’ allegations in new US legal fight, Forbes report; Livemint report, BBC News report; The Verge report
  • [Sep 3] Committed to providing the most advanced products: Huawei, ET Telecom report.
  • [Sep 4] Huawei says 5G rollout in India will be delayed by 3 years if it’s banned, Livemint report
  • [Sep 4] Trump not interested in talking Huawei with China, Tech Circle report.
  • [Sep 5] Nepal’s only billionaire enlists Huawei to transform country’s elections, Financial Times report.
  • [Sep 8] Trump gets shocking new Huawei warning – from Microsoft, Forbes report.

Emerging Tech

  • [Aug 30] Facebook is building an AI Assistant Inside Minecraft, Forbes report.
  • [Sep 3] AWS partners with IIT KGP for much needed push to India’s AI skilling, Inc42 report.
  • [Sep 3] Behind the Rise of China’s facial recognition giants, Wired report.
  • [Sep 4] Facebook won’t use facial recognition on you unless you tell it to, Quartz report.
  • [Sep 4] An AI app that turns you into a movie star has risked the privacy of millions, MIT Technology Review report.
  • [Sep 6] Police use f facial recognition is accepted by British Court, The New York Times report.
  • [Sep 6] Facebook, Microsoft announce challenge to detect deepfakes, Medianama report.
  • [Sep 6] Facial recognition tech to debut at Delhi airport’s T3 terminal; on ‘trial basis’ for next three months, Medianama report.

Internet Shutdowns

  • [Sep 3] After more than 10 weeks, internet services in towns of Rakhine and Chin restored, Medianama report.
  • [Sep 4] Bangladesh bans mobile phone services in Rohingya camps, Medianama report.

Opinions and Analyses

  • [Sep 2] Michael J Casey, Coin Desk, A crypto fix for a broken international monetary system.
  • [Sep 2] Yengkhom Jilangamba, News18 Opinion, Not a solution to immigration problem, NRC final list has only brought to surface fault lines within society.
  • [Sep 2] Samuel Bendett, Defense One, What Russian Chatbots Think About Us.
  • [Sep 2] Shivani Singh, Hindustan Times, India’s no first use policy is a legacy that must be preserved.
  • [Sep 3] Abir Roy, Financial Express, Why a comprehensive law is needed for data protection. 
  • [Sep 3] Dhirendra Kumar, The Economic Times, Aadhaar is back for mutual fund investments.
  • [Sep 3] Ashley Feng, Defense One, Welcome to the new phase of US-China tech competition.
  • [Sep 3] Nesrine Malik, The Guardian, The myth of the free speech crisis.
  • [Sep 3] Tom Wheeler and David Simpson, Brookings Institution, Why 5G requires new approaches to cybersecurity.
  • [Sep 3] Karen Roby, Tech Republic, Why cybersecurity is a big problem for small businesses.
  • [Sep 4] Wendy McElroy, Bitcoin.com, Crypto needs less regulation, not more.
  • [Sep 4] Natascha Gerlack and Elisabeth Macher, Modaq.com, US CLOUD Act’s potential impact on the GDPR. 
  • [Sep 4] Peter Kafka, Vox, The US Government isn’t ready to regulate the internet. Today’s Google fine shows why.
  • [Sep 5] Murtaza Bhatia, Firstpost, Effective cybersecurity can help in accelerating business transformation. 
  • [Sep 5] MG Devasahayam, The Tribune, Looking into human rights violations by Army.
  • [Sep 5] James Hadley, Forbes, Cybersecurity Frameworks: Not just for bits and bytes, but flesh and blood too.
  • [Sep 5] MR Subramani, Swarajya Magazine, Question at heart of TN’s ‘WhatsApp traceability case’: Are you endangering national security if you don’t link your social media account with Aadhaar? 
  • [ Sep 5] Justin Sherman, Wired, Cold War Analogies are Warping Tech Policy.
  • [Sep 6] Nishtha Gautam, The Quint, Peer pressure, militant threats enforcing civil curfew in Kashmir?
  • [Sep 6] Harsh V Pant and Kartik Bommakanti, Foreign Policy, Modi reimagines the Indian military.
  • [Sep 6] Shuman Rana, Business Standard, Free speech in the crosshairs.
  • [Sep 6] David Gokhshtein, Forbes, Thoughts on American Crypto Regulation: Considering the Pros and Cons.
  • [Sep 6] Krishan Pratap Singh, NDTV Opinion, How to read Modi Government’s stand on Kashmir.
  • [Sep 7] MK Bhadrakumar, Mainstream Weekly, The Big Five on Kashmir.
  • [Sep 7] Greg Ness, Security Boulevard, The Digital Cyber Security Paradox.
  • [Sep 8] Lt. Gen. DS Hoods, Times of India, Here’s how to take forward the national security strategy.
  • [Sep 8] Smita Aggarwal, Livemint, India’s unique public digital platforms to further inclusion, empowerment. 

Advertisements

India’s Latest National Security Dilemma: The Huawei Ban and NAM(O) 2.0

Over two weeks after the ban on Huawei was imposed by the United States on suspicions of facilitating espionage on behalf of China, the newly appointed Minister of Electronics and IT, Ravi Shankar Prasad acknowledged that there are ‘complex security concerns’ around the deployment of Huawei’s technology in India. His statement comes soon after the TRAI’s statement emphasizing the need to indigenize telecom infrastructure in the aftermath of the US ban on Huawei.

The Chinese tech giant has been at the centre of controversy even before May 16, when President Trump signed an Executive Order entitled ‘Securing the Information and Communications Technology and Services Supply Chain’, declaring a national cybersecurity emergency, placing Huawei on the ‘Entity List’ of the US Department of Commerce under Supplement 4 to Part 744 of its  Export Administration Regulations. This implies that any US persons and corporate entities that continue to do business with Huawei would face heavy penalties that could potentially include criminal sanctions. Owing to the design of export control laws in the United States, the enforcement of the ban in the United States has extraterritorial effects. According to a Reuters report, US Secretary of State Mike Pompeo warned allies of potential difficulties in sustained cooperation and data sharing with the United States if they continued to use Huawei equipment despite the ban.

Huawei in the United States

Criminal charges pending against Huawei in US courts include serious allegations of corporate espionage, bank fraud, theft of trade secrets and most importantly, conspiracy to violate the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq) (IEEPA) by export of telecommunications services provided by a US citizen to Iran without permission from the Office of Foreign Assets Control (OFAC). It was on the grounds of violation of the IEEPA that the US successfully urged Canada to detain Huawei’s CFO, Meng Wanzhou, who is now awaiting potential extradition to the United States for prosecution for the crimes alleged against Huawei.

Some in the US national security community have even argued that this could potentially be an abuse of the President’s emergency powers under the IEEPA, the legislation that enables the US to‘financially asphyxiate targeted countries, entities or individuals’ that pose ‘any unusual and extraordinary threat’ to US national security interests. Others, based on Trump’s statement that saw Huawei being potentially included in a future trade deal with China, take the view that the ban is no more than a leveraging tool to get concessions from the Chinese Government. Yet more view it as a measure designed purely to protect US telecom industries from Chinese competition in the 5G race, to prevent the US from losing its edge in communications technologies.

A major reason for the rapid rise of Huawei on the global tech scene has been its competitive prices and convenient payment plans. Thanks to the ban, rival companies like Cicso, Ericsson, Nokia and Samsung do indeed, stand to gain significant advantages and grab bigger market shares, but their prices so far have not been able to compete with those offered by their Chinese counterparts.

Despite this ‘emergency’, a week after President Trump signed an Executive Order, the restrictions were eased by the US Department of Commerce to give American companies a 90 days window to adapt to the new restrictions. In the time that has passed, several tech companies have severed business ties with Huawei. Google was the first to respond, cutting off Huawei’s access to its Android platform, restricting existing users’ access to future security patches and updates. Microsoft, Intel, Qualcomm, Xilinx, Broadcomm, Panasonic and British Chip manufacturer ARM soon followed suit, causing serious disruptions in the global ICT supply chain, especially in its smartphone manufacturing. However, the smart phone business is only a small part of Huawei’s overall products range. It is noteworthy that as on date, Huawei controls 28% of the global marketshare in telecom equipment. In the first quarter of 2019, Huawei surpassed Apple to become the world’s second largest manufacturer of smartphones. Much to the worry of American telcos, some forecasts indicate that China is expected to represent 40% of all global 5G connections by 2025.

Several reports indicate that Huawei had long been preparing for impending restrictions from the US Government. Reportedly, it is developing its own OS ‘Ark’ and has challenged the National Defence Authorization Act 2018, which bans US Government agencies from procuring products manufactured by Huawei or ZTE.

China’s Retaliation

Although Huawei’s founder and CEO, Ren Zhengfei has opposed retaliation by the Chinese Government against Apple or other American tech companies, it remains to be seen how China will respond in the ongoing trade tensions with the US. Some changes to set up a mechanism that allows for higher degree of protection to its own national security interests have already been introduced in Chinese cyber security law in response. China has also threatened the creation of a ‘sweeping blacklist of US firms’ in retaliation. Reports indicate that the export of rare earth minerals to China by the US could be the next frontier in these ‘hostilities’.

In addition, the Chinese Defense Minister Wei Fenghe came out to explicitly state that Huawei was not part of its military, several Chinese officials have refuted US claims alleging that the decision to blacklist Huawei was unsupported by any evidence. Unsurprisingly though, Russia has rolled out the red carpet for Huawei, where it signed a deal to develop 5G infrastructure for Russian telecom provider MTS.

However, the most important piece of Chinese legislation for India to consider is the Chinese intelligence law passed in 2017 that makes it obligatory upon Chinese companies and other entities to share onshore and offshore data with the Government as and when called upon in the interest of national security.

Huawei in India

Some have argued that India would need to conclusively prove allegations of assisting the Chinese government in carrying out cyber espionage before taking any concrete steps to ban Huawei, otherwise India risks undermining its strategic autonomy and playing into the hands of the US. However, the argument seems focused exclusively on the rapid introduction and operationalization of 5G in India and ignores India’s previous run-ins with Huawei’s technology.

Telecom companies through the Cellular Operators Association of India have sought clarification from the Department of Telecommunications (DoT) on its stance qua usage of Huawei-manufactured equipment by telecom operators. Such a clarification is much needed, considering that Huawei has been kept on a see-saw since September 2018, when the US first started attempting to persuade allies to wall out Huawei in the 5G race. In India, Huawei was first excluded, then extended an invitation which was later rescinded. Huawei India’s CEO Jay Chen recently made a statement demanding a ‘level playing field’ for Huawei in the 5G trials, reiterating the request of the Chinese Government from December of last year.

Presently, telecom operators including Airtel and Vodafone use Huawei equipment in many of their circles in India. While the TRAI has highlighted the need for indigenizing of telecom infrastructure, the truth of the matter is that as on date, almost 60% of the Government’s telecom equipment, including especially that of BSNL is supplied by the Chinese companies ZTE and Huawei. This is despite the fact that BSNL’s allegations against Huawei of hacking into its networks were investigated in 2014. This makes the argument that requires conclusive proof of malicious activity difficult to sustain, if the security of the existing infrastructure has already been compromised in the past.

Huawei itself has urged the DoT for an expedited decision on its inclusion in the 5G trials, reportedly after having answered all queries posed to it by the DoT. The DoT appears divided on the issue – with one section that views it as an issue of not just technology, but also one of security with geopoilitcal ramifications, and the other seemingly inclined towards Huawei’s inclusion to maintain the competition and mitigate risks of relying on supplies from European vendors alone.

The New Berlin Wall and India’s Posturing

At the moment, India seems to have been caught in the middle of what has been dubbed as the New Cold War in tech–faced with prohibitively high prices on the one side, and a risk of Chinese cyber espionage on the other. On this point, some take the view that ‘what is cheap now may not be good in the long run’. National security choices require nations to make difficult trade-offs between economic and strategic goals and considerations, and the contours of the new ‘Great Powers’ relations are radically different to the one that ended with the fall of the Berlin Wall. The New York Times viewed the ban as one that is “about much more than crippling one Chinese tech giant”, and is forcing “nations to make an agonizing choice: Which side of the new Berlin Wall do they want to live on?”

In the collision of tech and trade, foreign policy choices of Governments are now closely intertwined with the commercial interests and health of the domestic telecom and tech industries. Although it is reassuring that India’s telecom minister seems intent on taking ‘a serious look’ at the technological advantage versus security concerns calculus before deciding on Huawei’s inclusion in the upcoming 5G trials, remedial and mitigation measures like reviving MTNL and BSNL services are measures for the long run. However, what makes India the desired location for ‘proxy wars’ in tech is the treasure trove of data that lies beneath the massive subscriber base of over 1.19 billion individuals to telecom services. As for the health of domestic markets, if anything, Indian telecom giants like Reliance Jio that uses 4G equipment manufactured by Samsung, could potentially stand to gain from the move, if Huawei were to be excluded from the Indian market and the 5G trials. It remains to be seen whether such a protectionist measure, following the footsteps of the US, would be introduced by the new Government that has re-risen to power on the promise of strengthening national security. A legitimate concern is the threat of retaliatory pressure tactics from the US if India does fail to do so.

It is notable that India has taken some measures to avoid offending the United States’ declared policies, while the decision on Huawei remains pending. A week after the ban, India stopped importing oil from Iran as well as Venezuela to comply with US sanctions after the US ended exemptions for eight countries including India. More recently, the US revoked India’s preferential trade status under the GSP (Generalised System of Preferences) trade program, alleging that India has not “assured the US that it will provide equitable and reasonable access to its markets”. The US-China trade war presents a similar spectrum of choices to India – while the Ministry of Commerce is mulling over the imposition of ‘retaliatory tariffs’, others take the position that India should cut interest rates to take advantage of the trade war to gain a stronger foothold in both markets.

Against the backdrop of this new political economy of the cybersecurity industry, a new kind of non-alignment seems to be emerging, creating an unmistakable split in traditional alliances between NATO members. Only two of the ‘Five Eyes Alliance’ of intelligence sharing other than the United States – Australia and New Zealand responded quickly by banning Huawei in their respective national jurisdictions. Some European counties, specifically – the UK and Germany, while also remaining mindful of the risks posed by Chinese covert activity through its tech industry that has undeniably acquired a global influence, are seemingly intent on not abandoning Huawei in the design of their 5G infrastructure. Canada too, while juggling the pending extradition of Huawei’s CFO to the US, appears determined to make an independent decision on the 5G question. At the moment, India’s policies seem to just as non-aligned as those of Germany or the United Kingdom – aimed at maintaining the free flow of investments and information while steadily moving towards indigenization of ICT and expansion of markets instead of encouraging protectionism to curb competition.

Until such time that India can completely indigenize the equipment, or alter its telecom equipment procurement policies across the board to exclude obvious threats to the integrity of our cybersecurity infrastructure, India’s choice seems to be a limited to a cybersecurity policy along the lines of the Nehruvian-era doctrine of non-alignment, perhaps with only slight tilt— this time, toward the United States? It would appear that the time is ripe for NaMo 2.0 to revisit the doctrine as NAM 2.0, in a manner that allows India to preserve the security alliance with one side, and an economic partnership to avoid disruptions and price escalations in our ICT supply chain on the other. In other words, the need of the hour is ‘to effectively manage our global opportunities to maximize our choices’ while preserving strategic autonomy.

Transparency and Diversity in the 2017 MAG Renewal

Two days before the ongoing MAG meeting, the 2017 MAG renewal was announced. The CSCG protested the lack of civil society representatives among the new MAG members. This brought back focus on the need for MAG reform. Our report on multistakeholderism had identified the lack of transparency and geographic diversity in MAG selections. These issues remain relevant as another set of MAG meetings kick off in Geneva.

The Multistakeholder Advisory Group (MAG) of the Internet Governance Forum (IGF) was renewed for 2017 on Monday. The renewal has attracted controversy as no civil society members were added to this year’s MAG. The announcement has brought into focus a persistent criticism on the lack of transparency in the MAG nomination process. The lack of transparency and geographic diversity in the MAG was discussed in our report on multistakeholderism. Some of its findings are relevant to the 2017 MAG renewal.

Created on the recommendation of the Working Group on Internet Governance (WGIG), the MAG is responsible for organising the annual IGF. The MAG is not a decision-making body by design. But  Jeremy Malcolm  (pp. 420-422) points out  that the MAG effectively chooses issues that are debated on a global stage in the course of organising the IGF. In this respect, he argues that the MAG plays an important agenda setting role in internet governance.

MAG Nomination Process and Transparency

The make-up of the MAG is similar to the WGIG in that consists of representatives of all stakeholder groups (government, private sector, civil society and technical community). The selection of MAG members is made by the United Nations Department of Economic and Social Affairs (UN DESA) under the authority of the UN Secretary General. Nominations to the UN DESA are made through focal points from different stakeholder groups, but applicants can also apply to the UN DESA directly.

As noted in our report (pp. 70-72), once nominations are sent to the UN DESA, there is no clarity on how members are selected to the MAG. The only available information on DESA’s selection criteria are the five criteria listed on the IGF website. These criteria include achieving a geographic and gender balance and that representatives should have strong linkages to their stakeholder groups.

The controversy in this year’s MAG renewal arose out of the lack of new civil society representation on the MAG. The Civil Society Coordination Group (CSCG), which is the focal point for civil society nominations wrote to the IGF secretariat asking it to reconsider its decision. They pointed out that no civil society members were added to the MAG this year despite two civil society members retiring from the MAG (members are selected for 3 year terms and a third of the MAG retires each year). The letter also called on the IGF secretariat to select an additional civil society member to the MAG.

This is not the first time that MAG nominations have been controversial. In 2016, the CSCG wrote to the IGF secretariat asking for greater transparency and inclusiveness in selections to the MAG. Similarly, as discussed in our report (p. 73), an Indian civil society member nominated by the CSCG was not selected to the MAG in 2014. In the above cases, the CSCG had contacted IGF secretariat asking for greater clarity on how selections were made.

Geographic Diversity

One of the findings of our report with respect to the MAG was on the geographic diversity of the group. As mentioned above, geographic diversity is one of the stated criteria based on which the UN DESA selects members to the MAG. Our report found that on average, 8-10% of MAG members were from the United States (based on their affiliation mentioned on the IGF website). As shown in the chart below, this was the highest percentage representation from any country between 2011 and 2015.

Membership by country as a percentage of total MAG Membership (2011-15)

us-igf-mag

Source: Multistakeholderism in Action

This trend has continued in the 2017 MAG renewal with 4 members or 7% of the MAG being from the United States. No other country has more than 2 members in the current MAG. The FAQ section on MAG renewals acknowledges this disparity. It stated that the MAG currently has an excess of members from Western Europe and Others Group. It also states that a new selection process will attempt to make the MAG more regionally balanced. It remains to be seen if this imbalance will be addressed in the next MAG renewal cycle.

The MAG nomination process raises questions on the transparency of the process and the diversity within the MAG. However, there is very little publicly available information or communication from the UN DESA beyond the criteria listed on the IGF website. The 2017 announcement was made one day before the IGF Open Consultations and MAG meeting were to begin in Geneva (1st March). A CSCG representative who circulated the letter believed that the issue of non-selection of a civil society member might be taken up at the meeting.

I&B Ministry forms Committee to regulate content in Government Advertising

Written By Joshita Pai

Following the direction by the Supreme Court, the Ministry of Information and Broadcasting issued an order last month establishing a three member committee to effectuate the Supreme Court Guidelines on Content Regulation of Government Advertising. Government advertising refers to the use of public funds by ruling parties to project their achievements or make announcements about upcoming initiatives. These advertisements however, have occasionally been politically motivated, demonstrating the need for the guidelines issued by the Court in the Common Cause judgment. The guidelines were issued on the basis of a report submitted by a Court-appointed committee on the issue of use of public funds in government advertising.

According to the recent MIB order, the Supreme Court Guidelines will function as a stopgap arrangement until a legislation comes into force to regulate the content projected in government sponsored advertisements. The body set up by the Ministry will address complaints from the general public on violation of the guidelines prescribed by  the Court. The Committee will be assisted by a member secretary, and will be set up parallelly at the state level, appointed by the respective State Governments. The three member body will be responsible for implementation of the SC guidelines on regulating content in government advertising.

Government Advertising

Government advertising is often regarded as informative and in public interest since it facilitates circulation of necessary information with respect to upcoming welfare schemes or the progress of government initiatives. However, advertisements of this nature are often used gain political mileage. This practice has been criticized for several reasons, ranging from arbitrary use of public funds to non-objective presentation of information. Colourful presentation of information on the part of the government does not foster public interest. The right to freedom of speech and expression exercisable by the government is not dispensable but Article 19 also grants the right to information, and accurate information at that, which stands in equal measure. Balancing conflicting interests in this regard is a herculean task.

Government advertising, unlike political advertising which also often transcends permissible boundaries, is sponsored by the use of public funds that governments in power have access to. According to the Election Commission of India, the expenditure on government sponsored advertisements is incurred by the public exchequer and is contrary to the spirit of free and fair election, as the party in power gets an undue advantage over other parties and candidates. The practice has beckoned the need for an oversight authority and a set of workable standards to regulate such advertising, which have been recommended time and again, most recently in the Law Commission Report on Electoral Reforms. Moreover, the Election Commission too has assessed the mushrooming phenomenon of advertising by existing governments. In furtherance of these observations, the ECI recommended that advertisements for achievements of existing governments, either Central or State, in any manner, should be prohibited for a period of six months prior to the date of expiry of the term of the House.

The Guidelines issued by the Supreme Court     

The case that brought about the guidelines was set in motion when Common Cause and the Centre for Public Interest Litigation sought to restrain the Union of India and State Governments from using public funds on government advertising. The petitioners emphasized that the object of these advertisements is generally to promote functionaries and candidates of a political party. One of the primary objections raised in the case was that such advertising is generally politically motivated. The petition called for the Court to issue comprehensive guidelines on usage of public funds on such advertisements. Giving due weightage to the plea, the Court appointed a committee to examine best practices in order to demarcate permissible advertising during campaigning from politically motivated advertisements. The committee submitted its report to the Supreme Court in September 2014 which contained a set of guidelines on content regulation in government advertising. These guidelines will be implemented by the committee established by the MIB.  

According to the Guidelines, government advertising “includes any message, conveyed and paid for by the government for placement in media such as newspapers, television, radio, internet, cinema and such other media but does not include classified advertisements; and includes both copy (written text/audio) and creatives (visuals/video/multimedia) put out in print, electronic, outdoor or digital media.”

The guidelines further suggest that government advertisements should be politically neutral and should not include photographs of political leaders unless it is essential, in which case only the photographs of the Prime Minister/Chief Minister or President/Governor may be used.  The enforceability of the guidelines has been left to the three member body which shall recommend actions accordingly.

According to the Guidelines, regulation of content should be guided by five fundamental principles:

  1.  Advertising Campaigns to be related to Government responsibilities: The content of the government advertisement should be relevant to the government’s obligations and the rights of the citizens. 
  2. Advertisement materials should be presented in an objective, fair, and accessible manner and be designed to meet the objectives of the campaign: The content and the design of the advertisement should be executed after exercise of due care and should not present previous policies of the government as new ones.
  3. Advertisement materials should be objective and not directed at promoting political interests of ruling party: The advertisement should steer clear of making political arguments and should be neutral in nature and should not seek to influence public support.
  4. Advertisement Campaigns must be justified and undertaken in an efficient and cost-effective manner: Optimum use of public funds and cost-effective advertisements reflect a need-based advertising approach
  5. Government advertising must comply with legal requirements and financial regulations and procedures: The advertisements must be compliant with existing laws such as election laws and ownership rights.

Government advertisements are issued on several occasions. They are issued to present the completion of a successful tenure, to commemorate anniversaries of people and to announce public welfare projects. In these instances, the object of the advertisement can be achieved with objective presentation of information. The committee set up singularly seeks to ensure that the right of the government to use funds to sponsor advertisements is not misused.  

The New Dimension to the UIDAI Debate: The Aadhaar Bill, 2016

 

Written By Joshita Pai

The discourse around Aadhaar has only aggravated since its inception, and one of the primary contentions of the debate has been the lack of a statutory force behind the initiative. Amidst all the speculations, the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016 was introduced on 3rd of March as a money bill, on the grounds that subsidies and other benefits will be drawn from the Consolidated Fund of India. The Bill seeks to resolve the contention of the lack of a legislation backing Aadhaar. The Bill also allows for more schemes to be attached to Aadhaar in future. Presently, there are a handful of schemes attached to the Aadhaar which have been approved by the Supreme Court. The Bill is an ambitious task to provide a framework for operationalization of Aadhaar.

A Cursory Glimpse

The Bill, establishing the Unique Identification Authority of India (UIDAI) as the authority for the functionality of the Aadhaar process, provides for the conferment of an Aadhaar number, to every resident who submits her identity information. The Bill, in this context defines a resident in clause 2(5). Clause 2(n) provides that identity information includes biometric information and demographic information. Biometric information includes photograph, finger print, Iris scan, or such other biological attribute of an individual as may be specified by regulations. The demographic information includes information relating to name, date of birth, address and other relevant information of an individual specified by regulations but significantly excludes information about race, religion, caste, tribe, ethnicity, language, records of entitlement, income or medical history.

According to clause 9, an Aadhaar number shall not confer or be a proof of, citizenship or domicile The Bill also carries a provision which may require Aadhaar holders to update their biometric and geographic information. The inconsistency in predictability of biometric data of an individual has been a contentious issue but the object of the provision here is as mentioned, the continued accuracy of the information in the repository.

Dissecting the Clauses

The Bill elevates the existence of an Aadhaar number to a proof of identity by virtue of clause 4(3).

Chapter IV of the Bill establishes the UIDAI as a body corporate, consisting of a Chairperson, a CEO and two part-time members. The CEO of the Authority will not be below the rank of Additional Secretary to the Government and will be appointed by the Central Government. The chapter deals with functions of the members, grants by Central Government, accounts and audits, qualifications and enumerations of the members. The Authority is responsible for the establishment, operation and maintenance of the Central Identities Data Repository. Clause 49 provides that the members of the UIDAI will be deemed as public servants. Clause 50 provides that the Central Government is not empowered to issue directions pertaining to technical or administrative matters undertaken by the authority.

Clause 16 of the Bill places restrictions on the Chairperson and members of the UIDAI who have ceased to hold office. It bars them from accepting employment in any management or company, which has been associated with any work contracted by the UIDAI, for a period of three years after the expiry of their employment. Listing the functions of the UIDAI, clause 23 provides that the authority shall formulate policies, procedures for issuing Aadhaar numbers and for the performing authentication of the same. The Authority is designated to carve out regulations including process of collection of information, specify what includes biometric and geographic information. The specifications have been left open to the authority, including the appointment of an entity to operate the Central Identities Data Repository.

The Bill creates a Central Identities Data Repository [Clause 2(h)] which will be the centralized database containing all Aadhaar numbers and details thereto. It will also be responsible for authentication and verification of the information provided by Aadhaar holders, at the time of enrollment. The registration of Aadhaar, has been made voluntary by the force of the Court’s order in August, 2016.

In light of this, clause 7 of the Bill mandates that proof of Aadhaar number is  necessary for the receipt of certain subsidies, benefits and services. The clause carves out a potential exception to the effect that if an Aadhaar number is not assigned to an individual, an alternate means of identification shall be offered for delivery of benefits.

Enabling accessibility to the Aadhar process, clause 5 of the Bill provides for special measures for issuance of Aadhaar to senior citizens, children, persons with disability persons who do not have any permanent dwelling houses. The clause is inclusive in nature.

Chapter VII of the Bill deals with penalties and liabilities for several offences. Impersonation at the time of enrolment as well as impersonation for the purpose of changing the demographic information of an Aadhaar number holder, is punishable with imprisonment. Providing a heavy liability for companies, clause 43 states

Where an offence under this Act has been committed by a company, every person who at the time the offence was committed was in charge of, and was responsible to, the company for the conduct of the business of the company, as well as the company, shall be deemed to be guilty of the offence and shall be liable to be proceeded against and punished accordingly.

A provision which stands out in the chapter listing out penalties is Clause 44. It reads as follows:

(1) Subject to the provisions of sub-section (2), the provisions of this Act shall apply also to any offence or contravention committed outside India by any person, irrespective of his nationality.

(2) For the purposes of sub-section (1), the provisions of this Act shall apply to any offence or contravention committed outside India by any person, if the act or conduct constituting the offence or contravention involves any data in the Central Identities Data Repository (5(f))

Privacy Provisions in the Bill

The statement of objects and reasons appended to the Bill states that it seeks to provide “for measures pertaining to security, privacy and confidentiality of information in possession or control of the Authority including information stored in the Central Identities Data Repository”. 

Chapter VI of the Bill is built around the protection of information by the Authority, collected through the enrolment process. The Bill qualifies biometric information collected and stored in electronic form, as “electronic record” and “sensitive personal data or information” within the meaning of the Information Technology Act, 2000. The distinction between core biometric information and biometric information has been visibly emphasized. Clause 29 imposes a restriction on sharing information and bars the use of core biometric information for any purpose other than for the generation of Aadhaar numbers and authentication.

Clause 28(3) reads

“The Authority shall take all necessary measures to ensure that the information in the possession or control of the Authority, including information stored in the Central Identities Data Repository, is secured and protected against access, use or disclosure not permitted under this Act or regulations made thereunder, and against accidental or intentional destruction, loss or damage.”

Clause 28(5) further provides that the Authority or its officers or employees or any agency which maintains the Central Identities Data Repository shall not, whether during his service or thereafter, reveal any information stored in the Central Identities Data Repository or authentication record to anyone.

The Bill provides for information privacy at the stage of enrollment. According to Clause 3(2), the enrolling agency, which is appointed by the UIDAI for collection of identity information is bound to inform the individual at the time of enrollment, details about (i) the manner in which information collected will be used, (ii) the right of accessibility of information at the hands of the individual and the (iii) the nature of recipients of the information.  The manner of communication of such information has been left open to specific regulations which will be prescribed by the UIDAI.

The Bill provides for authentication of Aadhaar number by a requesting entity in relation to his biometric information or demographic information. Clause 2(u) defines “requesting entity” to mean an agency or person that submits the Aadhaar number, and demographic information or biometric information, of an individual to the Central Identities Data Repository for authentication.

Clause 8(2) makes it mandatory for the entity requesting authentication to obtain consent from the person whose information is to be collected for such authentication. It requires the requesting entity to ensure that the identity information of an individual is only used for submission to the Central Identities Data Repository for authentication. The clause further provides that the Authority shall respond to an authentication query with a positive, negative or any other appropriate response sharing such identity information excluding any core biometric information.

With respect to identity information, clause 29(3) restricts the use of such information available with a requesting entity and states that the identity information will only be used for the purpose specified to the individual at the time of enrollment and only with the prior consent of the individual.  Clause 32 enables an Aadhar number holder to access her/his own information and also mandates that records of request of authentication of an individual, should be maintained.

The functions of the Authority include performing authentication of Aadhaar numbers, deactivation of Aadhaar numbers. Clause 23(m) empowers the Authority to specify, by regulations, various processes relating to data management, security protocols and other technology safeguards under this Act; The UIDAI, according to Clause 23(q) is also entrusted with the function of promoting research and development for advancement in biometrics and related areas, including usage of Aadhaar numbers through appropriate mechanisms;

Disclosure of Information

Envisaging an exception to the protection of information provisions, clause 33 allows for disclosure of information in certain instances. It provides that disclosure of information, including identity information or authentication records is permissible if made in pursuance of an order of a Court (at least District judge), or in the interest of National Security by an officer of the level of Joint Secretary or above. However, the Bill does not define national security and the term in itself is vague and overbroad. It provides that such a direction shall be reviewed by an oversight committee consisting of Cabinet Secretary and Secretaries of Legal Affairs and DeitY. The problems of third party independent oversight and the volume of requests remain as is the case with the oversight committee under the Blocking Rules and the Telegraph Rules. The provisio appended to clause further provides that the direction in the interest of national security shall lapse after the expiry of three months from the date of issue.

Clause 37 of the Bill enshrines a penal provision for unauthorized disclosure of any identity information collected in the course of enrollment or the authentication process. This provision speculates a penalty for individuals as well as companies who engage in unwarranted disclosure. The Bill imposes a penalty for unauthorized access to the repository (clause 38), for tampering with data on the repository (clause 39). Chapter VII further provides for punishment of a requesting entity for unauthorized use of identity information.

The Bill contains vital provisions in terms of requesting entity applying for authentication, access of identity information by an Aadhaar-number holder to introducing liabilities. However, a deeper glance shows that several regulations are yet to be prescribed and have been left open-ended. The actualization of a legislation should however, not be conceived as a satisfactory response to the yet to be heard struggle for determining privacy as a constitutional right.              

 Joshita Pai was a Fellow at the Centre for Communication Governance from 2015-2016

TRAI releases Regulations enforcing Net Neutrality, prohibits Differential Pricing

Written by Siddharth Manohar

The Telecom Regulatory Authority of India (TRAI) has come out with a set of regulations explicitly prohibiting differential pricing for data services in India.

3. Prohibition of discriminatory tariffs.— (1) No service provider shall offer or charge discriminatory tariffs for data services on the basis of content.

(2) No service provider shall enter into any arrangement, agreement or contract, by whatever name called, with any person, natural or legal, that has the effect of discriminatory tariffs for data services being offered or charged to the consumer on the basis of content

TRAI recently concluded a public consultation process regarding differential pricing in data services (resources). The consultation paper covered all differently-priced or zero-rated services offered through data. The process has witnessed tremendous public participation, with a spirited campaign by Internet activists (Savetheinternet.in) and a counter-campaign by Facebook where it garnered support through users by using the narrative of connecting those who have no access (https://www.facebook.com/savefreebasics).

CCG submitted a formal response as part of this process, which you can read here, and filed an additional counter-comment signed by ten different civil society and research organizations.

The consultation process also involved a public discussion on the questions raised, where the usual suspects were all present – telecom companies arguing for differential pricing, and internet activists against. Also present were startup- and user- representatives.

Facebook’s telecom partner for carrying the Free Basics platform in India —Reliance Communications — was then instructed by TRAI to put a hold on rolling out Free Basics until they came up with a clear position on differential pricing and net neutrality. The regulator later confirmed that they received a compliance report to this effect as well. Facebook had been aggressively pursuing its campaign to collect support in favour of its platform for the entire duration of the public consultation.

TRAI has clarified that these regulations ‘may’ be reviewed after a two year period, or at an earlier time as decided by the Authority. An exception to the prohibition has also been included, to account for emergency services and services offered during ‘times of grave public emergency’. An additional exception is that of closed networks which charge a special tariff for their usage.

[We will shortly update the piece with more analysis of the regulations] 

SC asks Centre how to regulate Sexually Exploitative Content on Social Media

Written by Siddharth Manohar

The Supreme Court on Friday rejected a petition to block websites of dominant social media platforms, on the ground that they were used to spread videos of gang rapes and to facilitate a market for child prostitution. The two Judge bench of Justices UU Lalit and Madan B Lokur reasoned that blocking these sites was not a feasible solution, as it would set a trend of blocking wide parts of internet access to solve specific problems with how it is used.

The decision is in light of a petition filed by Hyderabad-based NGO Prajwala, asking the Court to ban social media websites used to traffic children and put in place a mechanism to monitor the content circulated through mobile applications such as Whatsapp. The same bench had in April recognized the importance of regulating objectionable sexual material being circulated through social media applications. This was based on suo-motu cognizance of a letter addressed to the then Chief Justice of India HL Dattu, asking the Court to take action against those responsible for posting a video of an incident of gang rape on social media.

The Court has asked the Additional Solicitor General to look into why no action was taken against the social media platforms by the police who were dealing with the cases.  The Centre had earlier communicated that it is difficult to monitor content which is circulated through mobile phones, and even more so to find the culprit starting the process. Tracking the user becomes much easier, they said, when a computer is used in spreading the objectionable content.

The Court did however refer to the Central Government the important question of whether these social media platforms can be prosecuted for their role in spreading offensive material such as video recordings of rape and child pornography. The Court added that they would wait for a response from the Central Government before deciding what action ought to be taken in the matter.

Earlier orders in the matters can be accessed here, and here.