Author Archives: Praveen Dalal

Digital India Is Biggest Panopticon Of Human Race The Moment It Is Clubbed With E-Surveillance Tool Named Aadhaar

Praveen Dalal-Managing Partner Of Perry4Law And CEO Of PTLBDigital India is a very ambitious and significant project by Indian Government. However, it is also suffering from some “Shortcomings” that have still not been tackled properly. As a result the Digital India project is heading towards rough waters and may face many legal and technological challenges in the near future.

I would not discuss all these shortcomings in this article but am focusing on a particular problem that has taken the shape of a “Civil Liberties Violations Menace”. Yes I am talking about the E-Surveillance and Eavesdropping aspects of Indian Government projects like Central Monitoring System (CMS), National Intelligence Grid (Natgrid), Internet Spy System Network and Traffic Analysis System (NETRA), National Cyber Coordination Centre (NCCC), etc. To make the matter worst, Indian Government has been postponing Intelligence Agencies Reforms for many decades.

However, nothing can beat the draconian e-surveillance project named Aadhaar that has been designed to take a complete control over the digital lives of Indians. Surprisingly both the Indian Parliament and Supreme Court of India are watching helplessly while the Executive branch has usurped the “Legislative Powers” and literally mocked all sorts of Judicial Review.

Take the example of the interim order (PDF) issues by Supreme Court of India mandating that Aadhaar cannot be made mandatory for availing various public services. Although Central Government has informed the Supreme Court that Aadhaar is not mandatory for availing public services yet it has been made compulsory for almost all the digital and non digital services in India. As a result a wonderful project like Digital India would be heading for rough waters if our Judiciary is even “Remotely Sensitive” to Civil Liberties Violation issues.

This is also not the end of the story. When everything is clubbed with Aadhaar, it gives a complete control to our E-Surveillance loving Government over our digital and non digital lives. There is nothing left to claim Informational Privacy from our own Government. Privacy is our Human Right and not a Government charity and it should not be taken away with direct or indirect methods.

What is most anguishing is the “Deafening Silence” of the Parliament of India and Indian Supreme Court to resolve these issues. Why Parliament has abdicated its “Legislative Powers” in favour of the Executive and why Supreme Court has not taken the Executive stringently cannot be explained with any rationale explanation. However, in the absence of exercise of their “Constitutional Duties” we can safely conclude the “Separation of Powers” under the Indian Constitution has “ceased to exist” in the present and turbulent E-Surveillance era of India.

Privacy Protection In The Information Era

Praveen Dalal-Managing Partner Of Perry4Law And CEO Of PTLBPrivacy Protection in the Information Era has become a major challenge for those who love their Privacy. Governments around the world are indulging in illegal and unauthorised e-surveillance and eavesdropping that the Constitution of their respective Country is not permitting.

There are two theories that are detrimental to Civil Liberties Protection in Cyberspace. The first one presumes that if a person has done nothing wrong, he needs not to be afraid of the illegal and unauthorised e-surveillance and eavesdropping of his Government. The second one is even more sinister in the sense that it presumes that National Security is “Above” Civil Liberties in “All Cases”, without even defining what constitutes National Security. Both these theories are not only “Faulty” but they are also “Inconsistent” with National Constitutions and Human Rights Protection regime of  United Nations Declaration on Human Rights.

There is no escape from this situation except that Human Rights Protection in Cyberspace must be Internationally Recognised. The United Nations (UN) has the “Legal Capacity” to do so but it has failed to protect this Human Right in Cyberspace so far. The only solace can be found in the form of the text approved by the United Nations regarding Right to Privacy in the Digital Age. But that is too little and too late and a more “Aggressive Role” must be played by UN in this regard.

A good initiative in this regard has been taken by the Hague Institute for Global Justice. The Hague Institute has constituted a High Level Commission known as the Commission on Global Security, Justice and Governance (PDF). The official website of the Commission states that Humanity is facing unique and growing range of challenges like political violence, environmental decay, cyber insecurity and cross-border economic shocks. These issues have global security and justice implications that need urgent attention but far exceed state and global institutional capacities.

To overcome this capacity deficit, The Hague Institute for Global Justice and the Stimson Center have convened a Commission on Global Security, Justice, and Governance. The Commission also brings together a select group of eminent statespersons and public intellectuals to draft and recommend reforms in this regard that would be considered during the 70th Anniversary Summit of the United Nations in September 2015.

This can be a good opportunity to consider and debate about Civil Liberties Protection in Cyberspace by various Nations. There is an urgent need to bring Transparency, Accountability and Parliamentary Oversight of the Illegal and Unconstitutional E-Surveillance activities of various Nations, including India.  The United Nations and its Affiliates/Agencies can play a pro active role in this regard.

Unfortunately, this is a very time consuming and sensitive issue and an “International Solution” may not come early and as expected. Self Defence and Privacy Protection must be ensured by Individuals and Companies at their respective levels. Privacy Software can provide a good protection against illegal and unconstitutional e-surveillance activities.  However, a Privacy Software cannot provide 100% protection and a Nation or its Agencies with sufficient resources can “Compromise” such Privacy Software. Nevertheless, it is a “Good Cyber Hygiene Practice” to use Privacy Software while surfing Internet, or making Confidential communications or sending Sensitive Data or Information.  Reset the Net and Prism Break are good starting points in this regard.

As far India is concerned, it has to work “Really Hard” in this regard. Indian Government’s present mentality is more on the side of Civil Liberties Violations than their Preservation and Protection. Indian Government must not only ensure Privacy Rights to Indians but Indian Government must “Reconcile” Civil Liberties and National Security requirements as well. E-Surveillance Projects of India also need Parliamentary Oversight and Judicial Scrutiny. The Intelligence Agencies of India need Parliamentary Oversight on a priority basis. Supreme Court of India must also immediately declare Aadhaar Project as Unconstitutional. The Encryption Laws in India are not at all satisfactory and they must be properly formulated.

Digital India Project of India and Internet of Things (IoT) (PDF) Initiatives have also been launched by Indian Government. These Projects would facilitate E-Delivery of Public Services in India in the long run. However, Indian Government must keep in mind the requirements of Civil Liberties Protection, Cyber Security, etc that would obviously arise in the near future.

Aadhaar In Its Present Form Has No Welfare Elements Attached To It Whatsoever But Is An E-Surveillance Project

Praveen Dalal-Managing Partner Of Perry4Law And CEO Of PTLBAadhaar Project was visualised as a public good project but it ended up being a project that is violating various Constitutional and Statutory Provisions. The Constitutional Validity of the Aadhaar Project has been questioned before the Supreme Court of India. In another related case, the Supreme Court of India has held that the Aadhaar cannot be made compulsory for availing Public Services. Similarly, the Supreme Court has also restrained UIDAI from transferring any Biometric Information of any person who has been allotted the Aadhaar number to any other Agency without his consent in writing (PDF).

Just like Congress Government even the BJP Government has declared that it would bring and ensure a Legal Framework for Aadhaar. However, till the writing of this Article, no news about a Legal Framework for Aadhaar is available. As a result the position on the date is that Aadhaar is operating without any Legal Framework and Parliamentary Oversight.

Aadhaar Project in its “Current Form” is suffering from many “Illegalities and Infirmities”. For instance:

(1) Aadhaar has been made “Mandatory and Exclusive” for availing many Public Services in India despite Supreme Court’s Interim Order and Constitutional Prohibitions.

(2) Aadhaar Project is not supported by any Legal Framework and is not subject to “Parliamentary Oversight”.

(3) Aadhaar Project is violating various “Civil Liberties” like Privacy Rights of Indians.

(4) Aadhaar Project is “Grossly Weak” on the fronts of Cyber Security and Data Security.

(5) Aadhaar is not “Full Proof and Tamper Proof” and it can be “Obtained Illegally” and in Wrong Name.

(6) The “Authentication Mechanism” of Aadhaar Project is also faulty and in many cases gives “False Negative Alarms”.

(7) The present Practices and Methods adopted by Indian Government and its Agencies for Biometric Collection of Indians/Residents is Unconstitutional.

(8) Even “Clubbing/Merging” of Biometric Data of Aadhaar and National Population Register (NPR) has “Serious Constitutional Ramifications” and the same should not be done.

(9) Absence of Encryption Policy of India (PDF) to safeguard Biometrics Data, etc.

If we add the “Unaccountable Intelligence Related Exercises” of Indian Government, its Agencies and Foreign Partners like United States, the list is too bulky to be discussed here. Suffice is to say that the Aadhaar Project is suffering from many “Vices and Illegalities”. These include Civil Liberties Violations, Unconstitutional E-Surveillance Issues, Data Security and Cyber Security Issues, Compulsory Nature of Aadhaar, Unaccountable Intelligence Agencies, Foreign E-Surveillance Threats, Telecom Security Issues, Integration with Surveillance projects like NATGRID, Unconstitutional Biometrics Collections, etc.

All these aspects make the Aadhaar Project an Unconstitutional Project that was required to be Scrapped by the Modi Government. Alternatively, all these Constitutional Infirmities and Illegalities were required to be “Eliminated” by the Modi Government before allotting further funds to Aadhaar Project. There cannot be a “Third Option” for the Modi Government and wasting precious “Public Money” on Unconstitutional Project like Aadhaar “Can Never Be Justified” even by the Standards of the “Fancy Words and Empty Promises” made by the Congress and BJP Governments regarding Aadhaar Project.

Not only this, the entire situation has also raised “Serious Questions” about the “Real Intentions” of Indian Government vis-à-vis Aadhaar Project. The “Present Form” of Aadhaar Project and the behaviour of Indian Government regarding Civil Liberties have definitely negated the theory of Welfare Project as projected by both Congress and BJP Government. But if Aadhaar Project is not a Welfare Project what is its purpose and true nature?

In my personal opinion, Aadhaar in its present form has no Welfare Elements attached to it whatsoever but is an “Endemic E-Surveillance Project” that is operating well beyond the Constitutional Protections, Parliamentary Oversight and Judicial Scrutiny. The sole purpose seems to be to club the Biometric Details of Indian Citizens/resident with other “Centralised Databases” like National Intelligence Grid (NATGRID) Project of India, Central Monitoring System (CMS) Project of India, Internet Spy System Network and Traffic Analysis System (NETRA) of India, Crime and Criminal Tracking Network and Systems (CCTNS) Project of India, etc. Gradually, both Biometrics and Non Biometrics based details and data would be clubbed with the DNA Databank of India that Indian Government would definitely go for in the near future.

It is for You to decide whether You wish to give Your Children a “Free and Transparent India” or You wish Your Children to be a Guinea Pig or Lab Rat for Indian E-Surveillance Projects like Aadhaar that are clearly Illegal and Unconstitutional.

Privacy Is Your Human Right Not A Government Charity

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW AND CEO OF PTLBBenjamin Franklin has rightly said that those who would give up Essential Liberty, to purchase a little Temporary safety, deserve neither Liberty nor Safety. This expression is applicable to all the Countries of the World that are dedicated to kill Privacy Rights under the false pretext of Security/National Security. India is no exception to this practice as Privacy Right in India is, perhaps, “Lowest and Most Negligible” in the World.

The starting point to protect the Privacy Rights in India is to understand that Privacy is your Right not a Charity. We expect our Government to protect our Privacy Rights rather than protecting same ourselves. We are very comfortable in surrendering our Privacy in exchange of slightest “Convenience” and our Governments take advantage of this attitude of ours. This has also made India a “Sitting Duck” in the fields of Cyberspace and Civil Liberties Protection Regime.

For those who care for their Privacy Rights, our Indian Government has introduced “Technological Methods” to invade our Privacy. For instance, India has been using, and is still using right now, the Unconstitutional E-Surveillance Projects like Central Monitoring System and NETRA. The Narendra Modi Government has still not “Cleared its Stand” on these Unconstitutional E-Surveillance Projects that must have been done long before. This means that the BJP led Government would also continue with CMS, NETRA, etc.

Further, there are little chances of getting Parliamentary Oversight of Intelligence Agencies of India. Similarly, there are almost no chances of Intelligence Agencies Reforms in India that can bring their functioning in lines with Constitutional Requirements. Illegal and Unconstitutional E-Surveillance and Phone Tapping is rampant in India with no Judicial and Parliamentary Oversight.

However, nothing can match the “Draconian and Unconstitutional Project” named Aadhaar as managed by UIDAI. In fact, the illegality of Aadhaar Project has been questioned before the Constitutional Courts of India. The Supreme Court of India has been critical about the Aadhaar Project and its implementation. The Supreme Court has held that “Aadhaar cannot be made Mandatory” for availing public services in India. Similarly, the Supreme Court has also prohibited UIDAI from Sharing Biometric Data with Indian Government Agencies without data owner’s consent.

These were sufficient hints that the Aadhaar Project, in its present form, must be scrapped by the Narendra Modi Government. Nevertheless, as per media reports, the Modi Government has decided to continue the Aadhaar Project. Some hints have been given by the Government that a “Legal Framework” would be formulated to grant “Legal Status” to Aadhaar/UIDAI but that is just “Part of the Solution”. Other considerations like Cyber Security, Data Security and Civil Liberties Implications of Aadhaar Project and Unconstitutional Biometric Collection by UIDAI in India have still to be resolved. It is high time for the Modi Government to sort out these issues before rolling out the Controversial and Unconstitutional Aadhaar Project in India.

Privacy Is Your Right Not A Charity And National Security In India Is A White Lie Not A Reality

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW AND CEO OF PTLBWhat would you do if somebody tries to invade your Privacy or the Privacy of your Family? Most of us would fight back to protect the same. However, almost none of us fights back if the same violation is done by or own Government or Government of Foreign Nations. Even our own Government ditches us and supports such foreign Governments in their illegal E-Surveillance activities.

India is one such Country that is not only indulging in Illegal and Unconstitutional E-Surveillance upon Indian Citizens but is also allowing other Countries like United States to do the same. For instance, India has been using, and is still using right now, the Unconstitutional E-Surveillance Projects like Central Monitoring System and NETRA. The Narendra Modi Government has still not “Cleared its Stand” on these Unconstitutional E-Surveillance Projects that must have been done long before.

After more than a month of being in power, it is safe to presume that the Modi Government “Intends to Continue” with these Illegal and Unconstitutional Projects just like its predecessor Congress Government. This may prove that the Modi Government is worst than Congress Government as far as Civil Liberties Protection in Cyberspace is concerned. Atleast Congress Government was “Honest Enough” to admit launch and use of these E-Surveillance Projects. But Modi Government is “Notoriously Silent” on these Issues and Projects.

In fact, India is Collaborating with other Countries to facilitate “Mutual E-Surveillance” in an Illegal and Unconstitutional manner. Recently, Telecom Company Vodafone confirmed that Secret Wires have been used around the World to indulge in Illegal Eavesdropping. India is also doing the same but all that Modi Government has done in this regard is ordering a Sham, Ineffective and Casual Analysis of the situation. After more than two weeks, the Department of Telecommunication is still not been able to provide a “Public Report” in this regard and the same may never see the light of the day as well.

On the contrary, the Modi Government has given hints that it is not at all willing to let go the Illegal and Unconstitutional E-Surveillance Projects like CMS, NETRA, etc. These hints can be found in the proposed National Telecom Security Policy of India 2014 wherein Snooping and Eavesdropping have found mention without any Privacy and Procedural Safeguards.

For instance, the draft Telecom Security Policy prescribes that cellular operator will mandatorily have to allow Law Enforcing Agencies to intercept calls, messages, and any other communications and the access to monitor it in real time, while keeping the communications secured. However, there is no Constitutional Lawful Interception Law in India as on date and this requirement would be a violation of Fundamental Rights of Indian Citizens.

If all this is not enough, the U.S. Foreign Intelligence Surveillance Act (FISA) Court has been Issuing Orders to allow U.S. National Security Agency (NSA) to indulge in E-Surveillance at a “Global Scale”. This includes conducting E-Surveillance upon Indian Citizens, Political Organisations like Bharatiya Janata Party (BJP), etc. It is really surprising how India allows a local U.S. Court to play with its “Sovereignty and Constitution”.

The fact is that India is a Sitting Duck in the Cyberspace and Civil Liberties Protection Regime. Similarly, India is also a Sitting Duck in the Cyber Security Field. This position is “Serving Indian Government’s Purpose” and this is not going to change very soon. So there must be an “Alterative” to this whole chaos and “Civil Liberties Violation Fiasco”.

It is well understood that those who surrender their Liberty in exchange for “False Promises of National Security” would loose both. This equally applies to Indian Citizens as well. Privacy is your Right and not a Charity and National Security of India is a White Lie and not A Reality.

Indian Government is not going to safeguard our Privacy Rights and we have to “Reclaim” the same ourselves. There are little chances of getting Parliamentary Oversight of Intelligence Agencies of India. Similarly, there are almost no chances of Intelligence Agencies Reforms in India that can bring their functioning in lines with Constitutional Requirements.

We cannot “Enact Laws” but we can use “Counter Technologies” to prevent Illegal and Unconstitutional E-Surveillance and Eavesdropping. Self Defence and Privacy Protection in India must be ensured by us at our own levels. The initiatives titled PRISM Break and Reset the Net are the “Starting Point” in this regard. I would come up with detailed articles dedicated to protection of Civil Liberties of all those who care for their Privacy and Right to Speech and Expression in Cyberspace and this Information Era.

US Foreign Intelligence Surveillance Act (FISA) Court Is A Trouble For Indian Privacy Rights And Civil Liberties

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW AND CEO OF PTLBThere are many “Double Standards” that United States Government is adopting vis-à-vis India in general and Indian Citizens in particular. There is no second opinion that U.S. is the biggest and most blatant violator of Civil Liberties in Cyberspace. Whether it is use of Malware of the types of Stuxnet or Duqu or a combined use of Radio Wave and Malware, U.S. is on the top in the list.  U.S. Government is also the biggest purchaser of Malware in the World. In short, U.S. is the most prominent and notorious purchaser and user of Malware at the Cyber Warfare and Cyber Espionage levels.

U.S. has been indulging in “Illegal and Unconstitutional” E-Surveillance and Eavesdropping in India for long. Sometimes it is “Covert” while other times it is “Overt” and with the “Active Collaboration of India”. In fact, James Clapper had confirmed that NSA has been targeting Foreign Citizens for Surveillance. Surprisingly, this is happening despite the fact that the Constitutions of both Countries forbid such blatant “Privacy Rights Violations”. Recently, the U.S. Supreme Court in Riley v. California, No. 13–132, 573 U. S. (2014) held that “Digital Data” requires protection from “Warrantless Searches” and generally a warrant is required to conduct search of a cell phone of an arrested person.

However, the Supreme Court of India and U.S. Supreme Court are “Helpless and Powerless” when it comes to exercise of “Extra Territorial Powers” by the U.S. Foreign Intelligence Surveillance Act (FISA) Court. What is frustrating is how a local court like FISA can exercise “Powers” over an “Independent and Sovereign Nation” like India. What gives a FISA Court power to violate provisions of Indian Laws and Indian Constitution? Either this is happening with the “Active Assistance of India” or our Indian Government is a “Sitting Duck” incapable of protecting the Civil Liberties of its Citizens from foreign players and foreign Intelligence Agencies like NSA.

Not only the U.S. Government is indulging in double standards but even U.S. Companies are doing the same. For instance, if information is sought from U.S. Companies they insist upon following U.S. Laws. However, if the same Companies are asked by U.S. Government or U.S. Intelligence Agencies to provide data and details stored even in Foreign Jurisdictions and Data Centres, they are more than willing to help them. This is happening despite the fact that the Laws of such Foreign Jurisdictions also forbid sharing of such data or information but they become simply “Inapplicable” in such cases. Many U.S. Companies have been providing information and data about Indian Citizens even in active violation of Indian Laws and our Government is not doing anything in this regard. All that is required for such U.S. Companies is an order from a FISA Court that, in most cases, is not even “Public” but is shrouded in complete “Secrecy”.

According to leading Academics of U.S. the Secret Loopholes Exist that could allow the NSA to bypass Fourth Amendment protections to conduct massive domestic surveillance on U.S. citizens. For instance, the Research Paper released on Monday by researchers at Harvard and Boston University details how the U.S. Government could “conduct largely unrestrained surveillance on Americans by collecting their network traffic abroad,” despite Constitutional protections against warrantless searches. U.S. surveillance Laws presume Internet traffic is non-American when it is collected from overseas. This is a “Very Convenient Arrangement” as India can “Collect” information and data in India on behalf of U.S. and U.S. can collect information and data on behalf of India in U.S. This way “Constitutional Protections” available in both the Countries can be “Bypassed” without attracting the wrath of Courts of both Countries. And this is exactly what is happening as per my personal opinion.

The ultimate effect of this situation is that both India and U.S. can “Collect Information” about their own Citizens as well as those of other Nation’s. It would be a “White Lie” if India and U.S. suggest that they are not indulging in E-Surveillance and Eavesdropping that is violative of the Constitutional Protections.

As per media reports, the Bharatiya Janata Party (BJP) was one of the six non-US political parties across the Globe that the NSA received official permission in 2010 to covertly spy upon. So U.S. cannot deny anymore that Indian Citizens and Indian Political Organisations are under “Constant Scrutiny” of her Intelligence Agencies like NSA.

The natural question is should we “Trust” U.S. Companies, Software and Hardware while providing “Sensitive and Crucial Information” and utilising the same for Critical Infrastructures (PDF). The Cyber Security Trends in India (PDF) clearly indicate that we must stress more upon “Indigenous Capabilities” when it comes to Cyber Security and Cyber Technologies. When Anti Virus updates are themselves source of Malware India cannot trust Foreign Cyber Security Products in this regard.

The Security Agencies of India have stressed upon using “Indigenously made Cyber Security Softwares”. Similarly, Indian Government has also given approval to establish two Semiconductor Wafer Fabrication Manufacturing Facilities in India (PDF). This would benefit Companies of Japan and Korea in expanding their bases in India. The Electronic System Design and Manufacturing (ESDM) Policy of India has also been streamlined by Indian Government. The U.S. Companies must be allowed to sell their Products and Services in India only once their Products or Services are “Rigorously Tested” before being used in India, Government Departments or Public Services providing Organisations.

U.S. Companies are hiding behind the veil of Conflict of Laws in Cyberspace and India must pierce the same to ascertain the true identity of “Rouge Companies”. Internet Telephony and VOIP Service Providers must “Mandatorily Establish Servers in India”. The Intelligence Bureau (IB) is also expediting the testing of VOIP Interception System in India. The ultimate solution is that India Must Ensure Techno Legal Measures to Regulate Indian Cyberspace that can prevent Illegal and Unconstitutional E-Surveillance and Eavesdropping from Foreign Nations. Otherwise, Judicial Orders from Courts like FISA would keep on violating the Civil Liberties of Indian Citizens.

Riley v. California, No. 13–132, 573 U. S. (2014)- U.S. Supreme Court’s Case On Search Of Cell Phone Of An Arrested Person Without Warrant

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW AND CEO OF PTLBUnited State has been struggling hard to deal with issues of E-Surveillance and Eavesdropping for long.  The truth is that many of the E-Surveillance Programs of U.S. are “Simply Unconstitutional” and they cannot pass the test of Constitutionality. Telephone Tapping and Surveillance are on top priority of U.S. Law Enforcement and Intelligence Agencies. In fact, U.S. Government sought an order from FISA Court for extended storage of telephone metadata and call records.

After Edward Snowden’s revelations, even the White House has limited and difficult options to restructure National Security Agency’s phone surveillance program. Meanwhile, U.S. Courts have started strengthening Privacy Rights of U.S. citizens’ vis-à-vis their cell phones. For instance, the Massachusetts Supreme Judicial Court has ruled that phone users have Reasonable Expectation of Privacy. Similarly, the Texas Appeals Court has ruled that Law Enforcement Officials do need a Warrant to search an arrested person’s cell phone after they’ve been jailed.

Now U.S. Supreme Court has endorsed the approach of Texas Court. In Riley v. California, No. 13–132, 573 U. S. (2014) (PDF), the U.S. Supreme Court has held that the Police generally may not, without a warrant, search “Digital Information” on a cell phone seized from an individual who has been arrested. The Court further held that a warrantless search is reasonable only if it falls within a spe­cific exception to the Fourth Amendment’s warrant requirement. A search incident to arrest must be limited to the area within the arrestee’s immediate control, where it is justified by the interests in officer safety and in preventing evidence destruc­tion.

The U.S. Supreme Court declined to extend the categorical rule laid down by United States v. Robinson, 414 U. S. 218 decision to searches of data stored on cell phones. It observed that the Court generally determines whether to ex­empt a given type of search from the warrant requirement “by as­sessing, on the one hand, the degree to which it intrudes upon an in­dividual’s Privacy and, on the other, the degree to which it is needed for the promotion of Legitimate Governmental Interests”. That balance of interests supported the search incident to arrest exception in Robinson. But a search of digital information on a cell phone does not further the government interests identified in Chimel v. California, 395 U. S. 752 and implicates substantially greater individual Privacy interests than a brief physical search. Thus, the digital data stored on cell phones does not present either Chimel risk.

The Court further held that digital data stored on a cell phone cannot itself be used as a weapon to harm an arresting officer or to effectuate the arrestee’s es­cape. Officers may examine the phone’s physical aspects to ensure that it will not be used as a weapon, but the data on the phone can endanger no one. To the extent that a search of cell phone data might warn officers of an impending danger, e.g., that the arrestee’s confederates are headed to the scene, such a concern is better ad­dressed through consideration of case-specific exceptions to the war­rant requirement, such as exigent circumstances.

The United States and California raise concerns about the destruction of evidence, arguing that, even if the cell phone is physi­cally secure, information on the cell phone remains vulnerable to re­mote wiping and data encryption. The Court did not agree with those arguments and held that as an initial matter, those broad concerns are distinct from Chimel’s focus on a defendant who re­sponds to arrest by trying to conceal or destroy evidence within his reach. The briefing also gives little indication that either problem is prevalent or that the opportunity to perform a search incident to ar­rest would be an effective solution. And, at least as to remote wiping, law enforcement currently has some technologies of its own for combating the loss of evidence. Finally, law enforcement’s remaining concerns in a particular case might be addressed by responding in a targeted manner to urgent threats of remote wiping or by taking action to disable a phone’s locking mechanism in order to secure the scene.

The Court held that a conclusion that inspecting the contents of an arrestee’s pockets works no substantial additional intrusion on Privacy beyond the arrest itself may make sense as applied to physical items, but more substantial privacy interests are at stake when digital data is involved. Cell phones differ in both a quantitative and a qualitative sense from other objects that might be carried on an arrestee’s per­son. Notably, modern cell phones have an immense storage capacity. Before cell phones, a search of a person was limited by physical reali­ties and generally constituted only a narrow intrusion on Privacy.

But cell phones can store millions of pages of text, thousands of pic­tures, or hundreds of videos. This has several interrelated privacy consequences. First, a cell phone collects in one place many distinct types of information that reveal much more in combination than any isolated record. Second, the phone’s capacity allows even just one type of information to convey far more than previously possible. Third, data on the phone can date back for years. In addition, an el­ement of pervasiveness characterizes cell phones but not physical records. A decade ago officers might have occasionally stumbled across a highly personal item such as a diary, but today many of the more than 90% of American adults who own cell phones keep on their person a digital record of nearly every aspect of their lives.

The scope of the Privacy interests at stake is further com­plicated by the fact that the data viewed on many modern cell phones may in fact be stored on a remote server. Thus, a search may extend well beyond papers and effects in the physical proximity of an ar­restee, a concern that the United States recognizes but cannot defini­tively foreclose. Thus, the fallback options offered by the United States and California are flawed and contravene this Court’s (See Michigan v. Summers, 452 U. S. 692, 705, n. 19) general preference to provide clear guidance to law enforcement through categorical rules.

One possible rule is to import the Gant standard from the vehicle context and allow a warrantless search of an arrestee’s cell phone whenever it is reason­able to believe that the phone contains evidence of the crime of ar­rest. That proposal is not appropriate in this context, and would prove no practical limit at all when it comes to cell phone searches. Another possible rule is to restrict the scope of a cell phone search to information relevant to the crime, the arrestee’s identity, or officer safety. That proposal would again impose few meaningful con­straints on officers. Finally, California suggests an analogue rule, under which officers could search cell phone data if they could have obtained the same information from a pre-digital counterpart. That proposal would allow law enforcement to search a broad range of items contained on a phone even though people would be unlikely to carry such a variety of information in physical form, and would launch Courts on a difficult line-drawing expedition to determine which digital files are comparable to physical records.

U.S. Supreme Court also acknowledged that it is true that this decision will have some impact on the ability of Law Enforcement to combat crime. But the Court’s holding is not that the information on a cell phone is immune from search; it is that a warrant is generally required before a search. The warrant re­quirement is an important component of the Court’s Fourth Amend­ment jurisprudence, and warrants may be obtained with increasing efficiency. In addition, although the search incident to arrest excep­tion does not apply to cell phones, the continued availability of the ex­igent circumstances exception may give law enforcement a justifica­tion for a warrantless search in particular cases.

Are India And United States Collaborating On Illegal And Unconstitutional E-Surveillance And Eavesdropping?

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW AND CEO OF PTLBCivil Liberties Protection in Cyberspace is a complicated techno legal field that requires a techno legal orientation and framework. Neither technological nor legal method alone is sufficient to manage Civil Liberties issues in Cyberspace. Conflict of Laws in Cyberspace adds further complications and techno legal challenges for various stakeholders. As a result, the approach towards Civil Liberties and Conflict of Laws in Cyberspace is largely “Territorial and National” in nature.

This has given a wide range of “Options for E-Surveillance” and “Illegal Searches” that is otherwise not possible in a “Constitution bound Nation”. For instance, James Clapper has confirmed that NSA has been targeting foreign Citizens for Surveillance. Similarly, many believe that NSA has been doing E-Surveillance and Eavesdropping through Utah Data Center though it is denied by the NSA. Similarly, NSA has also been using Radio Waves and Malware to indulge in Unconstitutional and Illegal E-Surveillance around the World. If this is not enough, Anti Virus Updates are being used as a potential tool to install Malware, steal information and launch Cyber Warfare Attacks. These activities have serious Civil Liberties implications that are also “Teasing and Testing” the Constitutional Safeguards and Protections.

It is not at all possible to indulge in “Global E-Surveillance and Eavesdropping” till other Nations approve the same. For instance, FinFisher is a Global Electronic Spying, E-Surveillance and Eavesdropping Malware. The Command and Control Servers for FinFisher were found in 36 Countries including India. Similarly, Vodafone has confirmed existence of “Secret Wires” for Government E-Surveillance and Eavesdropping Worldwide, including in India. The Department of Telecommunication (DOT) has already ordered an Investigation in this regard but the same is just a tactics to ward off criticism of blatant and endemic E-Surveillance activities of India.

There are “Strong Reasons to Believe” that India and United States are “Collaborating” on Illegal and Unconstitutional E-Surveillance and Eavesdropping on a “Mutually Beneficial Basis”. This is happening with great disregard to the Constitutions of India and United States. There is an urgent need to “Investigate” about this “Unholy Nexus” between India and United States that is striking at the very root of Civil Liberties Protection in Cyberspace.

Intelligence agencies of India are working in a condition that required immediate Parliamentary Oversight and Intelligence Reforms in India.  The Intelligence Infrastructure of India needed Transparency and Strengthening in these circumstances. However, Congress Government was not interested in bringing such reforms and it kept on violating the Civil Liberties of Indians in a blatant manner.

Till now there is no “Public Report” of the investigation made by DOT against the Vodafone’s allegations. In fact, the Narendra Modi Government has still not cleared its stand regarding “Illegal and Unconstitutional Projects” like Central Monitoring System (CMS) Project of India and Internet Spy System Network and Traffic Analysis System (NETRA) of India. In these circumstances, it is safe to presume that the Modi Government would continue with the Illegal and Unconstitutional E-Surveillance activities of the Congress led Government.

The proposed National Telecom Policy of India 2014 is also “Silent” on Protection of Civil Liberties in Cyberspace and Illegal E-Surveillance and Eavesdropping. In fact, it is “Neither Balance nor Constitutional” as on date. The Narendra Modi Government must ensure Privacy to Indians on a priority basis. This must be done by formulating and enacting a dedicated Privacy Law of India as soon as possible. The Parliamentary Committee has already slammed Indian Government for Poor Privacy Laws in India.

There are many problems that Modi Government would face while ensuring Privacy to Indians. We have no E-Surveillance Policy (PDF) and Encryption Policy (PDF) in India. We have no dedicated Data Protection and Privacy Laws in India (PDF). We have Draconian and Colonial Laws like Cyber Law and Telegraph Law that deserve immediate repeal. We have Bad Cyber Security Conditions (PDF) and a missing Telecom Security Policy of India. This would raise serious Cyber Security Challenges before the Modi Government in near future and would adversely impact the Privacy Rights of Indians in the Cyberspace.

Whatever the case may be, we need to ensure Civil Liberty Protection in Cyberspace for Indian Citizens “At All Costs and By All Means”. The digital life of Indian Citizens is not at all safe and is open to various forms of E-Surveillance and Eavesdropping. In the absence of support form Indian Government, Self Defence is the only viable option left before Indian Citizens to safeguard their digital lives. The initiatives titled PRISM Break and Reset the Net are worth exploring in this regard as a “Starting Point”.

Supreme Court Of India Prohibits UIDAI From Sharing Biometric Data With Indian Government Agencies Without Data Owner’s Consent

PRAVEEN DALAL MANAGING PARTNER OF PERRY4LAW AND CEO OF PTLB Aadhar Project by Unique Identification Authority of India (UIDAI) is the “Most Vicious Project” that has been undertaken by Indian Government so far. It is actively violating various Constitutional Protections as prescribed by Indian Constitution. The very existence of Aadhar is based upon Deception, Lie, Illegality and Unconstitutionality. Under the garb of Public Welfare, Indian Government has been pushing Draconian E-Surveillance Project that cannot withstand the tests of Constitutionality. Further, the very Collection of Biometrics Details of Indian residents/Citizen is Unconstitutional. UIDAI has also Validated E-Aadhaar as a Valid Document like Paper based Aadhaar Number.

Aadhar Project is also suffering from many Fallacies and Weaknesses. These include lack of Data Security, Cyber Security, Data Protection (PDF), Privacy Protection, etc. Recently, the Parliamentary Committee slammed Indian Government for Poor Privacy Laws in India. Indian Government and its Agencies have been violating Civil Liberties of Indians in Cyberspace for long. Privacy Rights in the Information Era need to be properly safeguarded by Indian Government to remain on the right side of the Constitution.

India has also launched E-Surveillance and Privacy Violating Projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), Internet Spy System Network And Traffic Analysis System (NETRA) of India, etc. None of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny. Even the essential E-Surveillance Policy of India is missing till now.

It was natural that in these circumstances the Aadhar Project was bound to be challenged before various Courts in India. The Supreme Court of India is hearing one such case against Compulsory use of Aadhar Number for delivery of Public Services. The Supreme Court has already held in the past that Aadhar Number/Card cannot be made Mandatory for providing Public Services. Even the Banks in India have “Out Rightly Rejected” the demand of Reserve Bank of India to use Aadhaar Number/Card/Data by all new ATMs and Point of Sale (POS) Machines.

In another jolt to the Aadhar Project, the Supreme Court on Monday restrained the Centre and the UIDAI from sharing the vast biometric database of Aadhaar cards with any third party or agency without the consent of the registered person. The Court also directed that people cannot be denied any service or benefit for not having an Aadhaar card.  The court said any order passed by authorities to make Aadhaar mandatory shall be withdrawn immediately. On using the database in Criminal Investigation, a Bench led by Justice B S Chauhan said that information about fingerprints and other data could be shared only after a suspect approves it. This is a sensible direction by the Supreme Court and Indian Government must now focus more upon enactment of Privacy Law and a Law Governing UIDAI and its Illegal and Unconstitutional Biometrics Collections.

Parliamentary Committee Slams Indian Government For Poor Privacy Laws In India

PRAVEEN-DALAL-MANAGING-PARTNER-OF-PERRY4LAW-CEO-PTLB Privacy Rights in India are in really bad shape. This is more so when it comes to cyberspace as Civil Liberties Protection in Cyberspace is still an unachievable dream for Indian Citizens. We have no dedicated Data Protection Laws in India (PDF) and both Privacy and Data Protection aspects are at the mercy of those who are well committed to violate the same.

For instance, India has launched E-Surveillance and Privacy Violating Projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), Internet Spy System Network And Traffic Analysis System (NETRA) of India, etc. None of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny. Even the essential E-Surveillance Policy of India is missing till now.

We at Perry4Law have been stressing for years that India needs a Dedicated, Holistic and Comprehensive Privacy Legal Framework. However, Indian Government has been “Deliberately Postponing” formulation and implementation of a good Privacy Law in India. A dedicated Privacy Law is urgently required as emerging fields/areas like E-Commerce, Online Pharmacies, Mobile Application Development, Cloud Computing, Encryption Laws, Website Development, M-Health, Telemedicine, E-Mail Policies, Online Payment Service Providers, Mobile Payment, Payment Gateway and Pos Terminal Service Providers, etc would absolutely rely upon such a Privacy Law.

Even the Parliamentary Standing Committee on Information Technology in its report titled “Cyber-Crime, Cyber Security and Right to Privacy”, which was submitted on February 10, has slammed Indian Government for not coming up with a Dedicated Privacy Legislation.

“The Committee are extremely unhappy to note that the government is yet to institute a legal framework on privacy”, the report states. The 88-page report also shows that the members of Parliament are both aware and concerned about issues of privacy, noting that, “balancing cyber security and right to privacy is extremely complex.” However, CERT-IN’s efforts regarding strengthening India’s cyber security have been appreciated by the Committee.

Surprisingly, various Government Officials and Bureaucrats tried to convince the Committee that the scanty provisions under the Information Technology Act, 2000 are enough to protect Privacy and Data Protection Rights in India. They also tried to convince the Committee that the present IT Act, 2000 is equipped to deal with the growing incidences of Cyber Crimes in and Cyber Attacks against India and Indian Citizens. However, I personally believe that the Cyber Law of India and the Indian Telegraph Act, 1885 deserve an “Urgent Repeal”. If the Base Laws themselves are “Illegal and Unconstitutional”, deriving Privacy Rights Protection out of them is a fatal mistake. This also means that a Comprehensive and Holistic Privacy Law must be separately enacted by Indian Government.

Fortunately, the Committee has rightly rejected the Government?s contention that the IT Act was sufficient to protect the Privacy of Citizens and Human Rights. The Privacy Rights in India in the Information Era cannot be protected in the manner suggested by Indian government and its officials. Rather, these methods are used to “Subvert’ Privacy Rights in India and this is exactly what is happening in India.

In India, Phone Tapping and Interceptions are done without a Court Warrant and by Executive Branch of the Constitution of India. Phone Tapping in India is “Unconstitutional” and the Parliament of India has not thought it fit to enact a “Constitutionally Sound Law” for Phone Tappings and Lawful Interceptions. India’s stand is also violating United Nation’s Resolution on Right to Privacy in the Digital Age.

The Committee has recommended that, “The Department of Electronics and Information Technology (DeitY) in coordination with Department of Personnel and Training, multidisciplinary professionals/experts should come out with a comprehensive and people-friendly policy that may protect the privacy of citizens and is also fool-proof from security point-of-view”.

I personally believe that this is high time for Indian Government to enact a Techno Legal Privacy Law of India as soon as possible.