Is Your Aadhaar Number Confidential?*

Earlier this week, an agency entrusted with enrolling individuals under the Aadhaar scheme inadvertently published Mahendra Singh Dhoni’s personal information online. When it was pointed out this amounted to a gross violation of privacy, the government released a statement confirming that such publication was illegal and that the agency had accordingly been blacklisted. Another post indicated that several databases containing individuals’ Aadhaar numbers can be obtained by a simple online search. Over the last few months, the government has made the Aadhaar number mandatory for a host of benefits, including essential schemes such as the mid-day meal scheme for school children. As Aadhaar increasingly becomes the gateway to accessing benefits, the lack of clarity about how the number can be used, displayed or stored deserves further attention.

Aadhaar was introduced in 2009 as a way to plug leakages in the welfare delivery mechanism. It proposed to do so by creating a secure authentication mechanism that is capable of accurately verifying the identity of beneficiaries. Under the regulations framed under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act 2016 (‘Aadhaar Act’), this can be done in three ways –

  • Demographic authentication – requires some demographic information (such as name or address) along with one’s Aadhaar number
  • One Time Password authentication – authentication through a One Time Password, sent to an individual’s registered mobile number, coupled with one’s Aadhaar number
  • Biometric authentication – uses biometrics along with the Aadhaar number

However, besides authentication, the Aadhaar number, usually printed on paper card and laminated has gained wide currency as a regular identification card. It is popularly used as a proof of identity, and photocopies of it are readily submitted where identity proof is required for compliance with certain legal obligations (such as hotel reservations, use of a cyber-café etc.). The wide circulation of information printed on these cards – Aadhaar numbers as well as basic demographic information such as one’s name and address, makes it susceptible to misuse.

To illustrate, if an entity opted to authenticate its customers using the ‘demographic authentication’ model, the easy availability of such information would make it exceptionally easy to avail the service under a false identity. Even for authentication using biometrics, it has been repeatedly argued that fingerprints can easily be copied and re-created. This points to a need for more restricted use of the Aadhaar number, and stringent safeguards for its storage and sharing.

The legal framework does not specifically prohibit the use of Aadhaar as an identity document, but news reports indicate that the UIDAI does regard this as being problematic. In the weeks following demonetisation, the UIDAI, through its Twitter handle, had ‘advised’ people not to share their Aadhaar numbers printed on such cards. It further warned that if a photocopy was being submitted, it should be self-attested and the purpose for sharing should be clearly stated to avoid misuse. This form of advisory, without any formal action to tackle concerns regarding misuse of Aadhaar data raises several concerns.

The Aadhaar (Sharing of Information) Regulations 2016 (Regulations) require that any individual or entity that collects the Aadhaar number must –

  • Not publish or publicly display it;
  • Ensure its security and confidentiality;
  • Ensure that numbers have been redacted before publishing any database that contains them;
  • Not transfer it in an unencrypted form, except when required for correction errors or grievance redressal; and
  • Not hold such data for longer than is necessary to achieve the desired purpose.

However, a blog post that has been shared widely shows that organisations including government departments have been callous in how they store Aadhaar information. Under the Regulations, this constitutes a violation of Section 29 of the Aadhaar Act. Such a lapse in storing Aadhaar information is punishable with imprisonment for a term which may extend to three years or a fine that may extend to ten thousand rupees or both (in case of a company, the fine may extend to one lakh rupees). However, it remains to be seen if the UIDAI will initiate any action against these entities.

This highlights another weakness of Aadhaar’s legal framework – it does not allow individuals to approach the court for any instance of data mismanagement. The complaint can only be initiated at the behest of the UIDAI. As a result, individuals whose data has been made public can only hope that the UIDAI will take action against erring entities. A recent report highlights that the UIDAI has only initiated criminal complaints in three out of 1390 complaints received by it so far.

Besides this major lacuna, what qualifies as adequate security for storing Aadhaar numbers remains unknown, as the regulations do not prescribe any standard. They are therefore inadequate to ensure that the Aadhaar number remains confidential.

So is the Aadhaar number confidential? The law certainly seems to suggest so, but its wide use as an identity proof indicates otherwise. It is apparent that the Aadhaar is popularly used as an identity document, contrary to its original purpose as a means for authentication or verification of identity. Despite being in contradiction with the scheme of the regulations, there has been little effort on the UIDAI’s part to initiate any course correction. It has been pointed out that one reason for this could be that it will reduce the public acceptability of Aadhaar, and public perception may take a hit. But it is extremely short-sighted to sacrifice individuals’ security and privacy in order to maintain public perception.

__________________________________________________________________

*Builds on important disclosures made by @St_Hill in a post here.

Law Enforcement Initiatives Towards Tackling Cyber Crime in India

Cyber crime has been rising across India. This post reviews advancements in policing technologically advanced crimes and considers potential next steps. 

With rising instances of cybercrime being noted across the country, the need for vigilance in the cyber sphere has been highlighted by a number of commentators. These crimes have gained attention subsequent to the notification of demonetization, with rising online banking transactions and a governmental push towards a digital economy.

Several new issues stemming from the distrust in digital payment systems have been reported. For example, the cybercrime cell of the Mumbai Police has received several reports of a scam characterized by persons receiving fraudulent calls allegedly from banks, discussing a new RBI policy. These calls informed consumers that credit and debit cards were soon to be deactivated, but if they released their card details, they would be permitted to continue usage. Once released, these details were misused. While issues such as these do not require extensive cyber expertise to resolve, their incidence is on the rise. Countering them requires banks as well as law enforcement agencies to increase their efforts towards educating new adopters.

More concern may be caused by technology-intensive hacking attacks, both from within the country and outside. Recent instances include the hostilities faced by several Telangana-area software companies by alleged Pakistani attackers, as well as attacks by the group known as Legion. Their actions allegedly include the hacking of the twitter and email accounts of Rahul Gandhi, Vijay Mallya and Barkha Dutt, among others. There has also been an upswing in ransomware attacks recently, with over 11,000 attacks being reported in just three months. Reports of India’s first online Ponzi scheme are also now coming to light. This is despite the fact that that 80% of cybercrimes remain unreported according to recent news reports. This post will review some initiatives taken towards the more efficient investigation of cybercrime by law enforcement across the country.

Cyber Policing in India

Crime and Criminal Tracking Network and Systems (CCTNS)

Approved by the Cabinet Committee on Economic Affairs in 2009, with an allocation of INR 2 billion, the CCTNS is a project under the National e-Governance Plan. It aims at creating a nationwide networking infrastructure for an IT-enabled criminal tracking and crime detection system. The integration of about 15,000 police stations, district and state police headquarters and automated services was originally scheduled to be completed by 2012. However, this still remains incomplete.

Apart from the slow pace of implementation and budgetary problems, on-the-ground hurdles to fully operationalizing CCTNS include unreliable Internet connectivity and under-trained personnel at police stations. Other issues include unavailability of facilities for cyber forensic analysis in most locations, and lack of awareness regarding online citizens’ services such as verification of tenants and employees and clearance for processions and events.

Online Complaints

The Central Government, in response to queries by the Supreme Court regarding measures taken to tackle cybercrime, recently announced that they would be setting up a ‘Centre Citizen Portal’. This portal will allow citizens to file complaints online with respect to cybercrimes, including cyber stalking, online financial fraud and others, suffered or observed by them.

The governmental response also details the proposed process, stating that any such complaint on the portal will trigger an alert at the relevant police station and allow the police department to track and update its status, while the complainant too would be able to view updates and escalate the complaint to higher officials.

Cyber Police Stations

Cyber police stations generally include trained personnel as well as the appropriate equipment to analyse and track digital crimes. Maharashtra, where cybercrime has risen over 140% in recent times, and which had the dismal distinction of only recording a single conviction related to cybercrime last year, is converting its existing cybercrime labs into cyber police stations. This will mean there is a cyber police station in each district of the state. The initiative in Maharashtra is useful especially because of the rise in online transactions in Tier II and Tier III cities and the rising cybercrime related thereto. However, despite the rise in cybercrime, complaints remain of low reportage and low success rates in solving crime. Police officers point to problems processing evidence, with complex procedures being required to retrieve data on servers stored abroad.

Further, there have been complaints in Bengaluru of the limited jurisdiction of cyber police stations. Pursuant to a standing order of the DG & IGP of Bengaluru City Police issued in June 2016, only cases with damages of over INR 5 lakh can be registered at cyber police stations in case of bank card fraud. In cases of online cheating, only those instances where damages exceed INR 50 lakh are amenable to the jurisdiction of cyber police stations. All other cases are to be registered with the local police station which, unlike cyber police stations, do not generally include trained personnel or the appropriate equipment to analyse and track digital crimes.

While the order is undoubtedly creating problems for cybercrime victims, it was made taking into account the woefully under-resourced cybercrime police station in Bengaluru which, at the time, consisted of a 15-member staff with two vehicles at its disposal.

Predictive Policing

Predictive policing involves the usage of data mining, statistical modeling and machine learning on datasets relating to crimes to make predictions about likely locations for police intervention. Examples of predictive policing include hot-spot mapping to identify temporal and spatial hotspots of criminal activity and regression models based on correlations between earlier, relatively minor, crimes and later, violent offences.

In 2013, the Jharkhand Police, in collaboration with the National Informatics Centre, began developing a data mining software for scanning online records to study crime trends. The Jharkhand Police has also been exploring business analytics skills and resources at IIM-Ranchi, in order to tackle crime in Jharkhand.

The Delhi Police has tapped into the expertise at the Indian Space Research Organisation in order to develop a predictive policing tool called CMAPS – Crime Mapping, Analytics and Predictive System. The system identifies crime hotspots by combining Delhi Police’s Dial 100 helpline calls data with ISRO’s satellite imagery and visualizing it as cluster maps. Using CMAPS, Delhi Police has slashed its analysis time from the 15 days it took with its erstwhile mechanical crime mapping to the three minutes it takes for the system to refresh its database.

The Hyderabad City Police is in the process of building a database, called the ‘Integrated People Information Hub’ which, according to the City Police Commissioner, would offer the police a “360-degree view” of citizens, including names, aliases, family details, addresses and information on various documents including passports, Aadhaar cards and driving licenses.

The data is combed from a wide-ranging variety of sources, including information on arrested persons, offenders’ list, FIRs, phone and electricity connections, tax returns, RTA registrations and e-challans. It is further indexed with unique identifiers, and is used to establish the true identity of a person, and present results to relevant authorities within minutes. While the system is aimed at curbing criminal activity and detecting fraud, a lack of clearly identified cyber security and privacy protocols is a worrying sign.

Conclusion

We recently reviewed the National Crime Records Bureau’s statistics relating to cybercrime, as set out in their Crime in India Report 2015. Some concerns that stemmed from the figures set out in the report were the low conviction rates and high pendency of cases. Experts have linked these issues, amongst other things, with the limited mechanisms available for cyber policing and the effectively-defunct status of the cyber tribunals. A recent report by the Bureau for Police Research and Development also highlighted resource constraints affecting police stations, with several stations lacking basic necessities such as a vehicle or a phone connection. Over five lakh posts sanctioned posts also remain vacant.

Given resource limitations, both in fiscal terms and relating to trained personnel, it is heartening to see the steps that have been taken towards efficient cyber-policing. While this post highlights some steps that have been taken in major jurisdictions, there are several initiatives even in non-metro cities towards tackling cybercrime. A National Cybersecurity Co-ordination Centre is also due to be launched around June this year. In a recent response to the Supreme Court, additional solicitor general Maninder Singh also informed the Court of substantial investments being made by the Central Government towards police and judicial training and towards the creation of cybercrime prevention cells. It is hoped that these measures will help to stem the growing tide of cybercrime in India.

 

Transparency and Diversity in the 2017 MAG Renewal

Two days before the ongoing MAG meeting, the 2017 MAG renewal was announced. The CSCG protested the lack of civil society representatives among the new MAG members. This brought back focus on the need for MAG reform. Our report on multistakeholderism had identified the lack of transparency and geographic diversity in MAG selections. These issues remain relevant as another set of MAG meetings kick off in Geneva.

The Multistakeholder Advisory Group (MAG) of the Internet Governance Forum (IGF) was renewed for 2017 on Monday. The renewal has attracted controversy as no civil society members were added to this year’s MAG. The announcement has brought into focus a persistent criticism on the lack of transparency in the MAG nomination process. The lack of transparency and geographic diversity in the MAG was discussed in our report on multistakeholderism. Some of its findings are relevant to the 2017 MAG renewal.

Created on the recommendation of the Working Group on Internet Governance (WGIG), the MAG is responsible for organising the annual IGF. The MAG is not a decision-making body by design. But  Jeremy Malcolm  (pp. 420-422) points out  that the MAG effectively chooses issues that are debated on a global stage in the course of organising the IGF. In this respect, he argues that the MAG plays an important agenda setting role in internet governance.

MAG Nomination Process and Transparency

The make-up of the MAG is similar to the WGIG in that consists of representatives of all stakeholder groups (government, private sector, civil society and technical community). The selection of MAG members is made by the United Nations Department of Economic and Social Affairs (UN DESA) under the authority of the UN Secretary General. Nominations to the UN DESA are made through focal points from different stakeholder groups, but applicants can also apply to the UN DESA directly.

As noted in our report (pp. 70-72), once nominations are sent to the UN DESA, there is no clarity on how members are selected to the MAG. The only available information on DESA’s selection criteria are the five criteria listed on the IGF website. These criteria include achieving a geographic and gender balance and that representatives should have strong linkages to their stakeholder groups.

The controversy in this year’s MAG renewal arose out of the lack of new civil society representation on the MAG. The Civil Society Coordination Group (CSCG), which is the focal point for civil society nominations wrote to the IGF secretariat asking it to reconsider its decision. They pointed out that no civil society members were added to the MAG this year despite two civil society members retiring from the MAG (members are selected for 3 year terms and a third of the MAG retires each year). The letter also called on the IGF secretariat to select an additional civil society member to the MAG.

This is not the first time that MAG nominations have been controversial. In 2016, the CSCG wrote to the IGF secretariat asking for greater transparency and inclusiveness in selections to the MAG. Similarly, as discussed in our report (p. 73), an Indian civil society member nominated by the CSCG was not selected to the MAG in 2014. In the above cases, the CSCG had contacted IGF secretariat asking for greater clarity on how selections were made.

Geographic Diversity

One of the findings of our report with respect to the MAG was on the geographic diversity of the group. As mentioned above, geographic diversity is one of the stated criteria based on which the UN DESA selects members to the MAG. Our report found that on average, 8-10% of MAG members were from the United States (based on their affiliation mentioned on the IGF website). As shown in the chart below, this was the highest percentage representation from any country between 2011 and 2015.

Membership by country as a percentage of total MAG Membership (2011-15)

us-igf-mag

Source: Multistakeholderism in Action

This trend has continued in the 2017 MAG renewal with 4 members or 7% of the MAG being from the United States. No other country has more than 2 members in the current MAG. The FAQ section on MAG renewals acknowledges this disparity. It stated that the MAG currently has an excess of members from Western Europe and Others Group. It also states that a new selection process will attempt to make the MAG more regionally balanced. It remains to be seen if this imbalance will be addressed in the next MAG renewal cycle.

The MAG nomination process raises questions on the transparency of the process and the diversity within the MAG. However, there is very little publicly available information or communication from the UN DESA beyond the criteria listed on the IGF website. The 2017 announcement was made one day before the IGF Open Consultations and MAG meeting were to begin in Geneva (1st March). A CSCG representative who circulated the letter believed that the issue of non-selection of a civil society member might be taken up at the meeting.

Two Takes on the Right to be Forgotten

Last month saw important developments in the discourse around the right to be forgotten. Two high courts, Gujarat and Karnataka, delivered judgments on separate pleas to have particular judgments either removed from online repositories and search engine results or have personal information redacted from them. The Gujarat High Court dismissed the petition, holding that there was no legal basis to seek removal of a judgment from the Internet. On the other hand, the Karnataka High Court ordered the Court’s Registry to redact the aggrieved person’s name before releasing the order to any entity wanting to publish it. This post examines both judgments to understand the reasoning and legal basis for denying or accepting a claim based on the right to be forgotten.

 Gujarat High Court

According to the facts reproduced in the order, the petitioner in this case had criminal charges filed against him for several offences, including murder, which ultimately resulted in an acquittal. At the appellate stage too, the petitioner’s acquittal was confirmed. The judgment was classified as ‘non reportable’ but nevertheless published on an online portal that reproduces judgments from all superior courts in India. It was also indexed by Google, making it easily accessible. Being distressed about this, the petitioner sought ‘permanent restrain of free public exhibition of the judgement…over the Internet’.

While dismissing the petition, the Court held that it was permissible for third parties to obtain copies of the judgment under the Gujarat High Court Rules 1993, provided their application was accompanied by an affidavit and stated reasons for requiring the judgment. Moreover, it held that publication on a website did not amount to a judgment being reported, as the classification of ‘reportable’ was only relevant from the point of view of law reports. In the Court’s opinion, there was no legal basis to order such removal and the presence of the judgment on the Internet did not violate the petitioner’s rights under Article 21 – from which the right to privacy emanates.

The Court’s dismissal of the argument that a non-reportable judgment is on an equal footing with a reportable judgment is problematic, but hardly surprising. In a 2008 decision, while describing the functions of a law reporter that was a party before it, the Supreme Court observed that “the [law report] publishes all reportable judgments along with non-reportable judgments of the Supreme Court of India” The distinction between reportable and non-reportable judgments was not in issue, but it does call for some introspection on the legal basis and rationale for classification of judgments. In an article on the evolution of law reporting in India, the constitutional expert M.P Jain explains that law reports were created as a response to Indian courts adopting the doctrine of precedent. This is the doctrine that binds lower courts to decisions of the higher courts. Precedent is created when a court lays down a new principle of law or changes or clarifies existing law. Consequently, the decision to make a ruling reportable (ideally) depends on whether it sets a precedent or not. Presumably then, there is a lesser public interest in having access to non-reportable judgments as compared to reportable ones.

While there is a clear distinction between publication in a law report and publication of the transcript of the judgment, the lack of a public interest element could have been taken into account by the High Court while deciding the petition. Moreover, it is unclear how reliance on the High Court Rules helped the Court decide against the petitioner. Third parties may be entitled to obtain a copy of a judgment, but the motivation behind a right to be forgotten is to only make information less accessible, when it is determined that there is no countervailing interest in its publication. At its root, the right is intended to enable citizens to exercise greater control over their personal information, allowing them to live without the fear that a single Google search could jeopardise their professional or personal prospects.

Karnataka High Court

Less than three weeks after the Gujarat High Court’s decision, the Karnataka High Court ordered its Registry to redact the name of the petitioner’s daughter from the cause title as well as the body of an order before handing out copies of it to any ‘service provider’. It accepted the petitioner’s contention that a name-wise search on a search engine might throw up the order, adversely affecting his daughter’s reputation and relationship with her husband. The Court clarified that the name need not be redacted from the order published on the Court’s official website.

Towards the end, it remarked that such an action was ‘in line with the trend in Western countries’ where the right to be forgotten exists as a rule in ‘sensitive cases involving women in general and highly sensitive cases involving rape or affecting the modesty and reputation of the person concerned’.

This statement is problematic. The right to be forgotten emanates from the right to privacy and data protection, which are both regarded as fundamental rights in Europe. Basing the right on ideas of honour and modesty [of women] creates some cause for concern. Further, an important distinction between this case and the one before the Gujarat High Court is that neither Google nor any website publishing court judgments were made parties to it. The claim was based on redaction of information from the source, rather than de-listing it from search engine results or deleting it from a website. This is interesting, because it allows us to think of the right to be forgotten as a comprehensive concept, instead of a singular right to de-list information from search engine results. It provides courts with a choice, allowing them to opt for the least restrictive means to secure an individual’s right to online privacy.

However, the lack of a clear legal basis to allow or deny such claims raises cause for concern. As is already apparent, different high courts are likely to take divergent views on the right to be forgotten in the absence of an overarching data protection framework that grants such rights and prescribes limits to them. In several cases, the right to be forgotten will trigger a corresponding right to freedom of expression and the right to know. The criteria to balance these important but competing claims should be in place for courts to be able to decide such requests in a just manner.

Supreme Court considers installation of CCTV units in courts – but will it regulate what happens next?

Earlier this month, the Supreme Court heard a petition seeking directions to ensure audio-visual recording of the proceedings in trial courts. The reasoning behind the request was that recording proceedings would enhance the fairness of trials. The Supreme Court decided to limit the question to whether CCTV (video only) cameras may be installed at various locations in the courts, in order to better serve security and administrative needs.

This is not the first time the Supreme Court has discussed the use of CCTV cameras for security and other purposes. However, there is also no comprehensive law that deals with the use of CCTV cameras and related security and privacy issues.

In the present case, the Court initially noted that multiple courts, including the courts in Gurgaon have undertaken such efforts in the past. The Court then requested the additional solicitor general and a senior advocate present in the court as amicus to visit the courts in Gurgaon, and report on the matter within four weeks. It stated that once the report is received, it will consider directing installation of CCTV (video only) cameras at district courts in various states. It has also indicated that any recordings made by these CCTV cameras will not be available to the public, and will be retained for specified periods of time only.

The Court has considered the use of CCTV cameras in public places in previous cases. In Deputy Inspector General of Police and Anr. v. S. Samuthiram, a case regarding eve-teasing / sexual harassment, the Court took cognizance of such cases and the need for prevention mechanisms. Amongst other things, it directed all states and union territories to install CCTV cameras in public places. The CCTV cameras were to be positioned such that they act as a deterrent to potential offenders, and if an offence was committed, the offenders would be caught / identified.

In Dilip K. Basu v. State of West Bengal and Ors, the Court considered the request of the amicus, and directed state governments to: (a) take steps to install CCTV cameras in all the prisons in their respective states, within a period of one year from the date of the order (but not later than two years), and (b) consider installation of CCTV cameras in police stations in a phased manner depending upon the incidents of human rights violation reported in such stations.

State governments have also, in various instances, directed the installation of CCTV cameras in public places. In Tamil Nadu, the state government has directed that CCTV cameras must be installed in every public building. The cameras must be installed in accordance with the recommendations of the local police officers. Such recommendations may be made for purposes such as ensuring public order or controlling crimes and the reasons for the recommendation must be recorded in writing.

In Chandigarh, the local government released a set of draft rules meant to regulate mobile app-based transport aggregators (such as Uber and Ola). Among other things, these draft rules require that every taxi must install a CCTV unit to monitor activities inside the taxi in real time. The rules suggest that the video feed from the CCTV cameras should be linked to a control room established by the aggregator.

The above are some examples of courts and government bodies providing for installation and use of CCTV cameras and video recordings. There is a common trend among them – the orders and rules only deal with when and where the units are to be installed, and used. They do not, however, provide a procedural / regulatory mechanism to ensure proper, lawful use of such cameras and associated video recordings.

Maintenance of law and order, security, deterrence of criminal activity, and identification of offenders, are all important issues, and appropriate means should be adopted to provide for the same. At the same time, there needs to be a balance between such means, and individual rights, such as the right to privacy. These laws and orders largely deal with installation and use of CCTV cameras in public places, where some may argue that an individual does not have a reasonable expectation of privacy. However, reports suggest there is misuse of CCTV cameras, especially where installed in customer heavy locations such as retail outlets.

Such misuse could be dealt with under some existing provisions of laws such as the Information Technology Act, 2000 – for example under the provision which criminalizes capturing of images or videos of an individual’s private parts, or the data protection rules. However, these laws are of limited applicability, and deal mostly with sensitive personal information, and images or videos of a private / sexual nature. We do not currently have a comprehensive law that deals with  surveillance equipment and its use in public spaces. Although some states such as Tamil Nadu provide that CCTV cameras must be installed based on police recommendations, there is no general prohibition or restriction on their installation and use. Further, there are no specific restrictions on the collection, use, retention, or transfer of any video recordings, or information that is derived from such recordings. There is no mechanism put in place to deal with a situation where an individual’s data is shared without authorization.

Certain authorities within the country appear to have recognized this gap, and taken some steps towards addressing these issues. In Maharashtra, the local municipal corporation in Navi Mumbai has implemented a CCTV surveillance system to help the local police maintain law and order. The corporation has issued a ‘voluntary code of conduct’ in relation to all surveillance camera systems in public and private places. This document attempts to “provide a framework to all the stakeholders so that there is proportionality and transparency in their use of surveillance”. Among other things, it provides that (i) the use of a surveillance system must always be for a legitimate and specified purpose; (ii) establishments must be transparent about the use of CCTV cameras on their premises; and (iii) access to the video feed will be limited and subject to clearly defined rules on persons who can gain access and purposes for which access may be gained.

Even a limited framework such as this, goes a long way towards ensuring transparency and protection of individual rights and freedoms. Perhaps the Supreme Court will provide more nuanced directions, not only on the installation of CCTV cameras, but also on the use of associated video recordings when the matter is next brought up.

The Supreme Court Hears Sabu Mathew George v. Union of India – Another Blow for Intermediary Liability

The Supreme Court heard arguments in Sabu Mathew George v. Union of India today. This writ petition was filed in 2008, with the intention of banning ‘advertisement’ offering sex selective abortions and related services, from search engine results. According to the petitioner, these advertisements violate Section 22 of the Pre-Conception and Pre-Natal Diagnostic Techniques (Regulation and Prevention of Misuse Act), 1994 (‘PCPNDT Act’) and consequently, must be taken down.

A comprehensive round up of the issues involved and the Court’s various interim orders can be found here. Today’s hearing focused mainly on three issues – the setting up of the Nodal Agency that is entrusted with providing details of websites to be blocked by search engines, the ambit and scope of the word ‘advertisement’ under the PCPNDT Act and thirdly, the obligation of search engines to find offending content and delete it on their own, without a government directive or judicial order to that effect.

Appearing for the Central Government, the Solicitor General informed the Court that as per its directions, a Nodal Agency has now been constituted. An affidavit filed by the Centre provided details regarding the agency, including contact details, which would allow individuals to bring offending content to its notice. The Court was informed that Agency would be functional within a week.

On the second issue, the petitioner’s counsel argued that removal of content must not be limited only to paid or commercial advertisements, but also other results that induce or otherwise lead couples to opt for sex selective abortions. This was opposed by Google and Yahoo! who contended that organic search results must not be tampered with, as the law only bans ‘advertisements’. Google’s counsel averred that the legislation could never have intended to remove generic search results, which directly facilitate information and research. On the other hand, the Solicitor General argued that that the word ‘advertisement’ should be interpreted keeping the object of the legislation in mind – that is, to prevent sex-selective abortions. On behalf of Microsoft, it was argued that even if the broadest definition of ‘advertisement’ was adopted, what has to be seen is the animus – whether its objective is to solicit sex selective abortions, before content could be removed.

On the third issue, the counsel for the petitioner argued that search engines should automatically remove offending content – advertisements or otherwise, even in the absence of a court order or directions from the Nodal Agency. It was his contention that is was not feasible to keep providing search engines with updated keywords and/or results and the latter should employ technical means to automatically block content. This was also echoed by the Court. On behalf of all search engines, it was pointed out that removal of content without an order from a court or the government was directly against the Supreme Court’s judgment in Shreya Singhal v. Union of India. In this case, the Court had read down Section 79 of the Information Technology Act 2000 (‘IT Act’) to hold that intermediaries are only required to take down content pursuant to court orders or government directives. The Court seemed to suggest  that Shreya Singhal was decided in the context of a criminal offence (Section 66A of the IT Act) and is distinguishable on that ground.

Additionally, it was also pointed out that even if the respondents were to remove content on their own, the lack of clarity over what constitutes as an ‘advertisement’ prevents them from deciding what content to remove. Overbroad removal of content might open them up to more litigation from authors and researchers with informative works on the subject. The Court did not offer any interpretation of its own, except to say that the ‘letter and spirit’ of the law must be followed. The lack of clarity on what is deemed illegal could, as pointed out by several counsels, lead to censorship of legitimate information.

Despite these concerns, in its order today, the Court has directed every search engine to form an in-house expert committee that will, based “on its own understanding” delete content that is violative of Section 22 of the PCPNDT Act. In case of any conflict, these committees should approach the Nodal Agency for clarification and the latter’s response is meant to guide the search engines’ final decision. The case has been adjourned to April, when the Court will see if the mechanism in place has been effective in resolving the petitioner’s grievances.

Dirty Picture Project: Dangal- A truly dhakkad biopic

By Sthavi Asthana and Anushka Sachdev

1

Watching Dangal was a truly memorable experience, from the high adrenaline wrestling scenes to the rush of pure pride during the last scene, where Geeta Phogat (Fatima Sana Shaikh) wins the first gold medal in wrestling for the country. It showcases how Mahavir Singh Phogat (Aamir Khan) trained his daughters Geeta and Babita (Sanya Malhotra) to become competitive wrestlers in the backdrop of patriarchal Haryana. The film is a refreshing feminist breakthrough especially when compared to the unfortunate state of contemporary Bollywood cinema. It brings to the fore struggles faced by Indian athletes, especially women athletes coming from a society where sports are seen to be the forte of boys.

Humari betiyaan chhoron se kam hain kya? (are my daughters any less than boys?)

Mahavir was a National level wrestler himself, but had been forced to give up the sport to earn a living, a common enough phenomenon in our country. He had to forego his dreams of winning a medal for his country, but consoled himself with the hope that his son would continue the legacy. But his hopes are dashed when despite several attempts, he fails to father a son. This is where the film so succinctly captures how normal it is to covet sons over daughters, with just about everyone in the village lining up to offer a fail proof ‘totka’ (superstitious remedy) that would guarantee the couple a baby boy. People who brought sweets to offer congratulations would make sympathetic noises and turn away when it is revealed that the baby born was a girl. Even his daughters never questioned why their father wanted a son, why they were not good enough.

However, things change one day when Geeta and Babita beat up two boys for calling them names. Mahavir suddenly realised that even his daughters could carry his dream forward and decided to train them to become wrestlers. This is where we get to see a shift from the ingrained patriarchy. Conditioned to accept established gender roles, Mahavir, and indeed everyone in the village, simply could not imagine that girls could also wrestle. However, once he got the idea, his commitment to their training made him set aside all notions of orthodox ‘modesty’ that was shared by most of the village. This ranged from insisting that his daughters wear the appropriate clothes for their training- t shirts and shorts, to making them wrestle with boys, something that would be considered taboo because of the amount of physical contact required between the contestants. He started to ask “why not” when people told him girls could not become wrestlers, announcing to the world that his daughters were no less than boys.

3

In such a situation, would it be right to call him sexist for wanting a son in the beginning? Or was he simply unaware, as is seen when he told his wife “maine toh socha hi nahi…medal toh medal hai, chaahe ladka jeete chaahe ladki” (I never realised, a medal is a medal, whether won by a boy or a girl). The film captures a transformation of perspective in its true sense, when a man from orthodox rural Haryana who was desperate for a son to fulfil his dream, dared to think that why not my daughters!

The haanikarak (harmful) training regimen!

The strenuous training that Geeta and Babita were subjected to by their father has faced a lot of criticism. Some claim that it was borderline abusive, while others questioned the right of the father to foist the burden of his dreams on his daughters, forcing them to endure physical hardship as well as social ridicule.

But the message behind the movie must be kept in mind while critiquing the film. Growing up in such a patriarchal social setup, the concept of opportunity as experienced by the girls would be automatically limited. Their aspirations would be restricted to areas which are traditionally considered appropriate for girls, and it is very unlikely that they would seek to achieve glory in sports on their own, especially a completely male dominated sport like wrestling. In such a situation, some amount of direction would be necessary even if it looks forceful initially.

As for the exacting training, it was no more than the training involved in making any other athlete fit enough to withstand the rigours of competition. The girls eventually began to enjoy the sport and became famous for beating much stronger boys in a sport where physical strength would play such a major role. This would obviously require discipline and commitment on their behalf, something that would be unpalatable to most young children. We must also account for the fact that women seeking to make their mark in a male dominated field must often work harder than men to gain the same amount of respect; they cannot afford to be average. Had the girls not been so proficient in their sport, they would likely have been ridiculed throughout and would not have had a very bright future at all. So, if Mahavir wanted his daughters to break the moulds of society and become wrestlers, he had to train them to win, and winning does not come easily.

2

Papa khush nahi honge (Father won’t be happy)

One thing that stood out in the entire movie was the domineering role played by Mahavir, being the father figure in the family. Although a heavy- handed approach might have been acceptable, even necessary when it came to the girls’ training, such behaviour would be less than ideal when it extends to other aspects of the family. Mahavir was the centre of every discussion, had the last say in every argument. He represents the stereotypical father; his daughters are afraid to discuss things with him, opting to approach their mother to act as mediator instead. Their mother too, was seen to defer to his decisions in every matter, and tries to smooth things by telling the girls to avoid acting in ways that would displease their father. The family would literally stand at attention when Mahavir enters the room.

This male centric view does perpetuate stereotypes, but if considered in the context of the type of society the film seeks to represent, it is unfortunately true. The transformation from one generation (their mother- Daya, played by Sakshi Tanwar) to another (Geeta and Babita) -where the mother hardly spoke against her husband, to Geeta wrestling her father, is truly phenomenal. It went from the role of the mother being confined to bearing children and cooking for the family, to the daughters leading independent lives. All of this was solely possible due to the motivation they received from their father and this is what makes the film revolutionary. Mahavir, despite being a stereotypical father and husband, is extremely revolutionary in his actions. However, it was essential to express the original mindset of the family to highlight the transition in his perspective.

The movie successfully passes the Bechdel test. Geeta and Babita have many conversations centred around wrestling which have little or nothing to do with their father. However, it would not meet the requirements of the Makomori test, since the entire narrative of the movie is centred around Mahavir Phogat’s dream of his child winning an international medal in wrestling for the country. But the Makomori test is only a basic test indicating the representation of women in a movie. Passing the test does not automatically make a movie feminist, and similarly, failing it would not make a movie sexist. Dangal may not pass the test but it takes a major step forward by showing women as professional athletes. Such a representation of strong, independent women is of great significance, especially considering the current scenario where most films only portray women in a romantic narrative, or in traditional roles as the mother or wife of the hero.