[bestbits] Report on Surveillance in India released

Prasanth Sugathan prasanth at cyberjuris.in
Wed Sep 3 11:08:31 EDT 2014 

Dear all,

SFLC.in released a report titled "India's Surveillance State" at the
Internet Governance Forum which commenced on September 2, 2014 at
Istanbul, Turkey.

The report delves into communications surveillance in India and takes an
in-depth look at various aspects of India's surveillance machinery,
including enabling provisions of law, service provider obligations, and
known mechanisms. It examines compliance of India's legal provisions on
surveillance with the International Principles on the Application of
Human Rights to Communications Surveillance that were formulated after a
global consultation with civil society groups, industry, and
international experts in communications surveillance law, policy, and
technology.

Talking about the report and the importance of privacy, Mishi Choudhary,
Executive Director of SFLC.in said "We are delighted to release the
first in a series of reports on India's communications surveillance and
are hopeful that it will kick start a constructive dialogue on online
privacy in the country. We are also very optimistic about the new Indian
Government who unlike its predecessor has taken up the issue of state
surveillance seriously. We look forward to working with them towards
building a more equal internet. We are thankful to the Web We Want
Initiative for their guidance and support"

Some major points brought out in this report:

  *

    An application under the Right to Information Act filed by SFLC.in
    revealed a list of 26 companies, including foreign companies, that
    had expressed interest in placing bids on a tender floated for
    Internet monitoring systems clearly evincing a large number of firms
    active in selling surveillance equipment in India. Several of these
    companies have incidentally been included in the list disclosed as
    part of /the Spy Files /project of Wikileaks.

  *

    Another revelation was that on an average more than a lakh (100,000) of  telephone interception orders are issued by the Central government alone every year. On adding the surveillance orders issued by the State Governments to this, it becomes clear that India routinely surveills her citizens' communications on a truly staggering scale.

  *

    State surveillance of citizens' private communications is authorized
    by legislative enactments such as the Indian Telegraph Act and the
    Information Technology Act, which allow Indian law enforcement
    agencies to closely monitor phone calls, texts, e-mails and general
    Internet activity on a number of broadly worded grounds. They
    establish an opaque surveillance regime that is run solely by the
    Executive arm of the Government, and make no provisions for
    independent oversight of the surveillance process.

  *

    An unknown number of Lawful Interception and Monitoring (LIM) systems tasked with the collection and analysis of citizens' communications data and meta-data are already installed into India's communication networks. On top of these, capability-enhancing technologies and databases such as the Central Monitoring System (CMS), Network Traffic Analysis (NETRA) and National Intelligence Grid (NATGRID) are in varying stages of deployment. The Government of India is also known to outsource surveillance initiatives to private third parties, some of which go so far as to infect target devices using malicious software in order to gain access to information stored within.

  *

    It was revealed by a source that NETRA storage servers will be installed at more than 1000 locations across India, each with a storage capacity of 300 GB totaling to 300 TB of storage initially.

  *

    Section 69 of the Information Technology Act, 2000 imposes an obligation by which Internet Service Providers are to provide all assistance to the government agencies to intercept any communication and a  failure to comply with it may result in imprisonment for upto 7 years and fines.

  *

    The Controller of Certifying Authorities uses Section 28 of the IT Act, an ambiguous provision, to collect user data from technology companies.  An RTI request revealed that they have made 73 requests under this provision in 2011. 

  *

    Indian laws, policies and practices with respect to surveillance are not in conformity with International human rights law as evinced by the report of the UN High Commissioner on Human Rights released on June 30, 2014.

  *

    Considering how all the above takes place in a framework that has yet to accord legislative recognition to the existence of a Right to Privacy, no concerns over undue State surveillance can be termed as unfounded.

A copy of the report can be downloaded here :
http://sflc.in/indias-surveillance-state-our-report-on-communications-surveillance-in-india/


About SFLC.in :

/SFLC.IN is a donor supported legal services organization that brings
together lawyers, policy analysts, technologists, and students to
protect freedom in the digital world. SFLC.IN promotes innovation and
open access to knowledge by helping developers make great Free and Open
Source Software, protect privacy and civil liberties for citizens in the
digital world by educating and providing free legal advice and help
policy makers make informed and just decisions with the use and adoption
of technology./


-- 
Prasanth Sugathan
Counsel,
sflc.in,
K-9, Birbal Road, Second Floor,
Jangpura Extension,
New Delhi-110014
Phone# +91-11-43587126
Cell: +91 9013585902
www.sflc.in



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/bestbits/attachments/20140903/1cab7b1b/attachment.htm>

More information about the Bestbits mailing list