Increasing internet surveillance: online transparency concerns in India
26 February 2014
Early this February, internet giants including Google, Facebook, Yahoo! and Twitter made a breakthrough in online transparency laws, pushing the boundaries on how much information they can publish about U.S government requests made to them for data on online customers. This breakthrough followed Edward Snowden’s disclosure of the mass data gathering exercises orchestrated by the National Security Agency (NSA) last year. The long and heated debate on the lack of transparency in U.S government-initiated internet surveillance mechanisms divided opinion between the right to privacy versus protecting national security.
After a long battle with the government, online companies are now able to report the number of Foreign Surveillance Information Act (FISA) requests and national security letters that they receive from the U.S government. While this is an important step towards beginning to understand the nature of government led surveillance, perhaps ‘breakthrough’ overshoots the definition of what happened in February.
Several rules imposed by the U.S government still manage to take the bite out of the data published. Two important features that hinder companies publishing updated, transparent information are:
a) Companies cannot provide specific numbers – reports on total number of requests made by the government have to be published in bands of 1000s
b) Information demanded under FISA would have to be published 6 months after the data is provided.
Despite these rules, online companies have inched towards clearing the air about how many requests they entertain from government agencies. Online service providers have published Transparency Reports on their websites that list government requests to provide or remove information. Most of them have user-friendly, downloadable datasets of government requests made over six month periods.
Why is this move important for India?
A comparison across governments reveals an interesting trend – India makes it top of the list of governments asking for information across a number of online platforms in 2013, as indicated in the following tables. At present, there is little information regarding the nature of government organizations collecting information and the type of information collected by governments. Considering the recent change in policy in America, this would be an ideal time to press for greater transparency in India too.
Google and YouTube (January – June 2013)
No. | Country | Total Requests made by Govt. | Percentage of requests where some data was provided* | Specific users / accounts requested by Govt. |
1 | United States | 10918 | 83 | 21683 |
2 | India | 2691 | 64 | 4161 |
3 | Germany | 2311 | 48 | 3079 |
4 | France | 2011 | 49 | 2481 |
5 | United Kingdom | 1274 | 67 | 1818 |
Facebook (January – June 2013)
No. | Country | Total Requests made by Govt. | Percentage of requests where some data was provided | Specific users / accounts requested by Govt. |
1 | United States | 11000 – 12000 | 79 | 20000 – 21000 |
2 | India | 3,245 | 50 | 4,144 |
3 | United Kingdom | 1,975 | 68 | 2,337 |
4 | Germany | 1,886 | 37 | 2,068 |
5 | Italy | 1,705 | 53 | 2,306 |
Yahoo! (January – June 2013) Though India is not amongst the top five, it ranks #7 on the list.
No. | Country | Total Requests made by Govt. | Percentage of requests where some data was provided* | Specific users / accounts requested by Govt. |
1 | United States | 12,444 | 37 | 40,322 |
2 | Germany | 4,295 | 5 | 5,306 |
3 | Italy | 2,637 | 10 | 2,937 |
4 | Taiwan | 1,942 | 3 | 2,650 |
5 | France | 1,855 | 11 | 2,373 |
7 | India | 1,490 | 23 | 2,704 |
*Does not include Non Content Data Disclosed
Twitter (July – December 2013) Though India is not amongst the top five, it ranks #6 on the list.
No. | Country | Total Requests made by Govt. | Percentage of requests where some data was provided* | Specific users / accounts requested by Govt. |
1 | United States | 833 | 69 | 1,323 |
2 | Japan | 213 | 23 | 253 |
3 | France | 57 | 23 | 102 |
4 | United Kingdom | 56 | 43 | 117 |
5 | Brazil | 20 | 30 | 55 |
6 | India | 19 | 32 | 27 |
*Does not include countries that made emergency disclosure requests
Several organizations such as Google, Microsoft, Yahoo! and Apple, amongst others have demanded a Global Government Surveillance Reform. Partly to establish their stance against data requests made by governments and partly, I would assume, to clear the air against the bad press they earned in the debate for greater internet privacy. This push for reforms can be the starting point for a mutually agreed upon framework that spans across governments across the world to uphold the rights of individuals online. It can also mark the beginning for country-specific advocacy for greater transparency.
A summary of the reform agenda:
a) Governments should self-regulate and request for specific data related to clearly-defined cases as opposed to asking for large quantities of information
b) Charter a legal framework to protect the rights of individuals and provide checks and balances against authorities asking for data
c) Allow disclosure of information by companies providing the data (number and nature of demands) and governments demanding the data
d) Open information borders, so that citizens can access information stored outside their country and service providers do not have to operate locally
e) Create a transparent framework that stretches across borders and homogenizes conflicting laws
In addition to the issues covered above, this blog post attempts to raise more questions for discussion:
a) Is there a need for a shared forum to discuss what an individual can do once they are alerted to the fact that their privacy has been compromised? (Whom can they contact, what are country specific laws?) In the case where companies cannot disclose to individuals that their information was shared, can there be a mutually agreed upon time-lapse– after which governments and companies can deem it safe to let the individual know that their information was compromised in the past?
b) Who is liable to keep data safe once it has been handed over to governments? Where does the responsibility for safekeeping of the data begin and end for those asking for and those providing data? How long can a government agency store an individual’s data?
c) How do we create a space for more research to disambiguate current data published by companies? For example, are increasing demands for information relative to the growing number of subscribers for an online product? What criteria define companies to comply with or deny requests? Is this criterion uniform across companies and uniformly applicable to all governments – what explains the higher compliance to certain countries requests such as the U.S?
d) Finally, how can we hold our governments responsible to publishing their own transparency reports? At present, the word ‘government’ offers no nuances on the departments demanding, using and storing data – thus making it difficult to demand transparency measures from them.
Considering India is high on the list of governments requesting data – at least in terms of absolute numbers of requests made, it would be worthy to begin compiling what information and laws exist or progress has been made to increase transparency within the country.