Category Archives: Media Law

RELIANCE JIO: REGULATORY AND PRIVACY IMPLICATIONS

Ed. Note.: This post, by Sayan Bhattacharya, is a part of the NALSAR Tech Law Forum Editorial Test 2016.

In the world of technology dominated by a power struggle in terms of presence and absence in data circles, Reliance Jio has probably made the biggest tech news of the year with its revolutionary schemes. By adopting a loss-leader strategy of immediate loss and ultimate dominance, Reliance Jio has promised its subscribers stellar features like free voice calls, extremely cheap data packages, abolition of national roaming  charges and striking down extra rates on national holidays on shifting to its network. This is set to significantly affect competition by taking India’s data scenario from a data scarcity to data abundance mode.

Tech companies were hesitant to hand over consumers too much data till this point since they believed the same would act contrary to their business interests. So intra tech-company competition existed within set boundaries till now.

A long standing argument has been in terms of data inequality, wherein people living in rural areas are greatly disadvantaged due to absence of accessibility to data, presence of high tariffs and lack of initiative. This marked shift is significantly going to  affect this particular section of society. The arrival of data-abundance schemes of Reliance Jio might trigger of the kind of competition needed to make internet more accessible and solve the divide existing in status quo.

The second shift which is less talked about in the classy launch statements is the treatment of these immense amount of data which will be at their disposal, post such a move.  The markets in United States and Europe have been relatively normalised to the idea of data abundance for tech companies in comparison to Indian markets. There also exists a subsequent system of checks and balances placed in the judiciary of these markets to control ethics of data collection like specific privacy laws, special courts, media and NGO sensitisation of existing problems with data collection. Such specific laws and structure is almost non-existent or minimally present in the India which makes such problems harder to deal with.

This article seeks to answer the implications of such a move in terms of privacy of consumer data, regulatory mechanisms and its subsequent impact on the market.

The  major transition when a user shifts from a conventional network to that of a Reliance Jio is in the shift from conventional calling facilities to data calling, wherein Reliance Jio uses a technology called VoLTE to make data calls. This technology is being introduced for the first time here but is already prevalent in European and US markets . These features are different from those available on social media platforms like WhatsApp which have exclusive privacy policies including checks and balances preventing breach of privacy like end-to-end encryptions.

Consequently huge amount of data will now be floating in terms of data calls and  concern is over a third party monitoring private calls. In the world of data, the flow of data is monitored using a technique known as Deep Packet Inspection, which is a form of computer network packet filtering that examines the data part in terms of a packet as it passes an inspection point, searching for protocol non-compliance,viruses, spam, intrusions, Apart from the legitimate inspections, its critique comes in the form of a third party inspection of data which can be grossly misused in terms of:-

  1. Data Snooping and Eavesdropping

  1. Data Mining – The ethics of digging up history of searches in order to use data for unfair advantage of parent companies. The problem with this kind of data history existing is surrounding the fact that algorithms instead of predicting future searches tends to show same results in order to orient users to preferential data. This becomes extremely problematic when it comes to Reliance Jio which aims at achieving a closed ecosystem through its applications thus exploiting net neutrality laws. This was debated extensively in the application of Free Basics of Facebook in which Reliance Jio was a stakeholder.

  1. Internet Censorship – Government intervention to control the flow of data is another concern. In this regard we are essentially concerned with silent monitoring of data to serve government propaganda in order to define what is viewable and what is not.

Further, Reliance Jio tries to incorporate an app ecosystem which comes as a part and parcel with the package which includes JioTV app, a JioCinema app, a JioMusic app, a personal digital wallet,  JioMags and a Newspaper application. The extensive push for a relatively close ecosystem might lead to exploitation of loopholes in Indian net neutrality laws, thus working to a disadvantage for third party. Data Mining techniques might even be used in this regard to identify customer patterns to suit needs of parent company in absence of a strict system of checks and balances as present in countries which have adopted this technology.

Reliance Jio network has worked relatively well insofar as Reliance to Reliance calls are concerned. But when it comes to calls to another operator there have been significantly high cases of call drops reported. Thus promising features intended to incentivise a switch to Reliance Jio network suffers a major roadblock in terms of implementation.

In light of the arguments presented, the shift that has been triggered by Reliance Jio needs an effective system of checks and balances in terms of regulatory measures to ensure the following:-

  • Maintenance of principles of net-neutrality
  • Protection of private consumer data
  • Prevention of privacy breaches
  • Consumer protection in terms of reducing call drops to other operators
  • Prevention of unfair trade practices in terms of data mining to suit needs of parent company
Advertisements

The Right to Be Forgotten – An Explanation

Ed. Note.: This post, by Ashwin Murthy, is a part of the NALSAR Tech Law Forum Editorial Test 2016.

The right to be forgotten is the right of an individual to request search engines to take down certain results relating to the individual, such as links to personal information if that information is inadequate, irrelevant or untrue. For example, if a person’s name is searched on Google and certain information appears relating to that person, the person can request Google to remove that information from the search results. This has its largest application in crime and non-consensual pornography (revenge porn or the distribution of sexually explicit material depicting a person without their consent). If X committed a petty crime and a person searching X’s name finds this petty crime, it leads to an obvious negative impact to X, in terms of job prospects as well as general social stigmatisation. X can ask the providers of the search engine to remove this result, claiming his right to be forgotten. The right is not necessarily an absolute right – in its current stage of discussion it merely applies to information that is inadequate, irrelevant or untrue and not any and all information relating to the person. Further there lies a distinction between the right to privacy and the right to be forgotten – the right to privacy is of information not available to the public while the right to be forgotten is removal of information already available publicly.

            Proponents of the right to be forgotten claim that it is a person’s right to have such outdated or immaterial information deleted from the Internet, or at least from the results of search engines. Photographs, comments, links shared – these are all things that people post in their youth (and sometimes at a not so young age) without a second thought. These people should have the right to delete such content from the Internet to protect their right to privacy and consequentially their right to be forgotten, protecting them from unnecessary backlash at rather innocuous actions. For example, a Canadian doctor was banned from the United States when an internet search showed that he experimented with LSD at one point of time in his life. With the right to be forgotten he can erase such pages from the results of the search engine. Victims of revenge and involuntary porn would have an easy mechanism to ensure that such objects are removed from the internet, a task that is difficult to achieve without such a right.  Critics however claim that this right to be forgotten is a substantial setback to the freedom of information and free speech. Any information spread on the Internet would have the potential to be taken down due to legitimate or seemingly legitimate claims of the right to be forgotten, regardless of the qualitative value of the information. Further, the right to be forgotten would impede with a person’s right to know. The easiest way to discover the background of a person is to Google them. This is especially relevant when employing someone or entering into an agreement of trust. If a person is looking for a security guard and a Google search shows that the applicant for the job is or was a thief, then this information on the Internet is of great use to this person hiring such a man – information that would otherwise not be available to the person. Removing this information denies the person their right to know and access this information. Also, implementation of such a right is technically difficult, forcing a complex algorithm to be developed to correctly identify what sites and results should and should not be removed in the event of a claim of right to be forgotten, especially considering the permanency of content on the Internet with the reposting and reproduction of content that occurs today. Locating every site to remove the content is technologically difficult.

            This right has its premier legal backing in the case of Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González, a decision by the Court of Justice of the European Union (CJEU). In the case, the Spanish citizen Gonzalez wished to remove a Google search result of an auction notice of his repossessed house that was fully resolved with and thus irrelevant. The Court held that the search engine (Google) must consider requests of removal of links and results appearing from a search of the requestor’s name under the grounds of the search result being irrelevant, outdated or excessive. The Court thus clarified that while people do possess this right to be forgotten, it is not absolute and must be balanced against other fundamental rights, including the freedom of expression. Thus the CJEU stated that assessment on the same must be decided on a case-to-case manner. This is line with an EU Regulation, the General Data Protection Regulation (GDPR), in providing only a limited form of the right to be forgotten. Originally this only applied to European countries – Google delisted search results only from European domains (google.fr, google.de, etc). Thus if a European citizen requested removal of a result, it would be removed from all European domains but nowhere else. CNIL, France’s data protection regulator, went to the length of fining Google for not removing the requested search results from all domains of Google worldwide, not just the French domain. While Google is fighting this case in France’s highest court, this is a symbol of a slow recognition of a far more expanded form of the right to be forgotten, applicable to search results worldwide.

            The right to be forgotten is not alien to India either – the first case of the same was a request in 2014 to the site Medianama.com to remove certain content, however this request was soon dropped. In 2016, a man raised a request before the Delhi High Court for a valid request for removal of his personal information from Google search results of a marital dispute. The Court recognized this claim and sent an inquiry to Google, to be replied to by September 19th. However, there is currently no legal framework present in India for the same nor does the landmark EU judgement apply in India.

            The right to be forgotten remains a nascent right, not fully developed or fleshed out. There are debates as to the pros and cons of such a right, and the extent to which such a right can and should be granted. However there is a clear rise as to its relevance in the technological and legal fields and will undoubtedly crystallise into a comprehensive right in the near future.

For further reading:

  1. The Audacious ‘Right to Be Forgotten’, Kovey Coles, CIS-India
  2. The Right to Be Forgotten, EPIC
  3. Debate: Should The U.S. Adopt The ‘Right To Be Forgotten’ Online? (audio), NPR

Privacy – A right to GO?

Ed. Note.: This post, by Ashwin Murthy, is a part of the NALSAR Tech Law Forum Editorial Test 2016.

For centuries rights have slowly come into existence and prominence, from the right to property to the right to vote and the right against exploitation. In the increasingly digital world of interconnection, the latest right to gain immense popularity is the right to privacy. This right entails the right to be let alone and more importantly the right to protect one’s own information – informational privacy. Thus armed with the right to privacy, one can limit what information others have access to and may use, and thus what information corporations might have or what is up on the Internet. This right to privacy comes in direct contact with applications downloaded on phones, which often ask for permissions to various information on the phone – a device which already possesses a great deal of information of the owner, including the location of the user, their phone number, their emails, their chat conversations and their photos. Applications often ask, either explicitly or in their terms and conditions, for permissions to access varying degrees of the information on the phone, sometimes in a rather unexpected fashion (such as a flashlight app asking for permissions to location), and more recently these apps have been singled out for their questionable privacy settings.

            The latest app to come under fire for its privacy settings is Pokémon GO, an Android and iOS game that took the world by storm, being downloaded over 100 million times by August. The game is an augmented reality game that allows people to catch Pokémon in the real world through synchronous use of the phone camera and location detection. With such popularity, the app was inevitably scrutinised for its privacy settings, especially since it appeared that Pokémon GO was given full permission of the owner’s account. Adam Reeve, a former software engineer at Tumblr, was the first to cause a commotion when he wrote a post detailing all the information the app supposedly had access to. Niantic, the creators of Pokémon GO, later stated that this was an error and the app only accessed basic account information for logging in and in fact could not access information in applications like Gmail or Calendar, later confirmed by security developers. While this was clarified and fixed by Niantic, there were many who were still sceptical, losing trust in not just Pokémon GO, but also in apps in general.

            This sceptical perspective is however what is required to prevent apps from unduly gaining information, particularly those created by the more unsavoury companies who are less scrupulous about their privacy setting, to the point of intentionally trying to get far more information than what was expected from such an app. Pokémon GO, with its shady privacy settings and thus ensuing headlines of hysteria, was merely the catalyst to this questioning as to why such permissions are in fact required by many apps. While it turned out that Niantic did not in fact have very much access to the information people suddenly thought it did, Pokémon GO, by its very nature of using the camera and location services of the phone, potentially has access to far more information than what would be desired, to the point where it has been speculated that the app could be used for spying purposes. While such speculations remain conspiracy theories, the existence of these conspiracy theories is important in itself. Security and governmental agencies are increasingly attempting to access and store the information that such apps and companies themselves have access to. An intelligence agency, if working in tandem with a Niantic, could easily just make Pokémon appear in the house and thus have an interior view of the house through the owner’s phone camera. Niantic’s privacy policy, among other things, states that it may collect and store information about the owner’s location – information that is almost too easy to use for less than noble purposes, and is just one of many apps that can do the same.

            While of course many consumers may not have a problem with these applications having access to such information, they must first have an awareness that these applications actually do have access to all of this information when they are downloaded. Consumers are often content to merely accept the terms and conditions of an app without reading them. The scope for abuse of privacy is almost unparalleled. For there to be a change, the sceptic atmosphere that Pokémon GO accidentally created is needed, and not just for the short period of time that it existed in the wake of Adam Reeve’s post. Currently there is almost zero awareness of the degree to which applications can access and store private information, especially when the privacy policies and terms and conditions are not read or are incomprehensible. The publishers and creators of apps and other such software must be made to disclose explicitly what access they have and what information they can see/store/use. A high level of scrutiny from the consumers would ensure this, especially in the dearth of laws that exist on this specific issue. India has implemented the Information Technology (Amendment) Act, 2008, adding S.43A and S.72A which deal with implementation of reasonable security practices for sensitive information and punishment for wrongful loss or gain by disclosing personal information respectively. These however are both inadequate and too broad to effectively deal with such issues as apps invading a person’s right to privacy. Further such laws would apply only to the app’s usage in India. Thus creation and effective implementation would still only be on a very localised level, further causing a need for the people to be more conscious themselves.

The privacy settings in Pokémon GO might have been a harmless error from a seemingly benevolent company however most companies are not quite as harmless. Consumers must be vigilant to prevent their private lives and affairs slipping away from them, a task which hopefully Pokémon GO has somewhat equipped them to do.

For Further Reading:

  1. Data Protection in India: Overview – Stephen Mathias and Naqeeb Ahmed Kazia, Kochhar & Co
  2. Don’t believe the Pokémon GO Privacy Hype – Engadget
  3. Pokemon GO raises security concerns among Google users – Polygon

TORRENTS: THE LEGAL RAMIFICATIONS

Ed. Note.: This 101, by Kaustub Bhati, is a part of the NALSAR Tech Law Forum Editorial Test 2016.

Have you ever used a torrent to download something not available freely? You must have. Ever wondered how it works and why there is so much fuss about it being illegal and people using it might face legal sanctions?

A torrent is typically a file sharing method in which large media files are shared between private computers by gathering different pieces of the file you want and downloading these pieces simultaneously from people who already have these files. This process increases the download speed manifold. An example would be if 5,000 people are downloading the same file then it doesn’t put much pressure on the main server itself but what happens is that every individual use contributes upload speed which in turn ensures that the file transfer is fast. The download, hence, doesn’t really take place from the main server but from the 4999 other users currently downloading. This is typically known as P2P or Peer-to-Peer sharing method.[1]

Now since the invention of torrents in 2001 by Bram Cohen, it is being used to share a massive no. of files everyday some of which are copyrighted materials such as video games, movies and songs which should technically be paid for but are being distributed freely. This loss of revenue for the copyright-holding companies and the subsequent law-suits brings us to the forefront of our discussion: The Legal issues.

The torrent is not wholly illegal as the general misconception is. It can be used to share files across different people legally but the line is drawn when it comes to copyrighted content because then it amounts to Intellectual property theft. Almost 97 – 98% hosting companies (the companies which provide the link rather than host the content themselves) do not allow hosting torrents, and most of them are simply afraid of the word torrent. In India too, the authorities are catching up, Sec 66 of IT Act provides for 2 years of imprisonment and fines for people who download pirated media from the internet.

The Cyber Cell Department catches this illegal downloading by paying some IP Troll companies which lets them join the hosts of people downloading torrents allowing them to see the IP addresses and hence come knocking on their door steps. This leads to another legal issue as the IP address only tells WHERE the file is being downloaded and not WHO is downloading and also what would be done if the downloader was a minor? These are some problems faced by the prosecution in the court of law.

One of the major problems that can be seen globally is the difference in copyright laws in different countries giving rise to file-sharing sites such as The Pirate Bay to swim through this crack by saying that no laws of the host country i.e. where the servers lie, are being violated and hence everything is legal. Internet sites like Pirate Bay even posts legal notices sent to them by companies like Sony, DreamWorks and Electronic Arts on their site accompanied by mocking retorts.[2]

The prominent arguments presented in favour of the sites like these are that the sites themselves are not illegally distributing copyrighted materials but are functioning just like any other search engine like google or yahoo providing relevant search results to a query after which the users themselves are responsible for the acquisition of the materials in question and they themselves should be held liable and not the intermediaries. While Sweden in its judgement against co-founders of Pirate Bay refuted this, countries like Netherlands, Ukraine, India and the privacy-conscious Switzerland have become new piracy havens due to the exact same loopholes in the law deeming the intermediaries as not guilty of what their customers do.

While countries like Japan have severely strict laws entailing a 10-year imprisonment for uploading and a 2-year imprisonment for downloading illegal content[3], Germany is also not far behind, imposing a fine of €1000 fines or more if even a single instance of a copyrighted material is downloaded through BitTorrent.

These were some of the legal ramifications regarding the use of torrents, in an era when everyone wants everything to be freely available with just a click, Peer-to-peer file sharing has become a platform for political activities against intellectual property laws and has sparked movements such as the anti-copyright movement advocating complete or partial remission of current legislations. In the end, the ball is thrown towards the general masses to catch and in turn be implicated in illegal activity or let it fall and support the rights of the creators of the content we so want to see.

[1] Carmen Carmack,” How BitTorrent Works”, http://computer.howstuffworks.com/bittorrent1.html

[2] Dennis H, A Pirates’s Life in Sweden, https://yalelawtech.org/2011/02/23/a-pirates-life-in-sweden/

[3]Japan introduces piracy penalties for illegal downloads, http://www.bbc.co.uk/news/technology-19767970

Cross Media Ownership in India: Cause for Concern?

The following post is by Shashank Atreya, a student of School of Law, Christ University, Bangalore. He is a founding member of the Committee on Public Policy and Governance, School of Law, Christ University, and has headed research panels drafting suggestions to the Parliament Standing Committee and Law Commission. Shashank is a Media Law enthusiast, and vouches for net neutrality. He brings us a detailed analysis  on TRAI’s recent suggestions on Cross Media Ownership, which formed part of it’s recommendations to the Law Commission of India. 


The media plays an important and multiple roles in society. The most obvious of these are collection and dissemination of information, communication and entertainment among the people. Further, through its reach to the people the media also transmits social and cultural values and serves as a medium of education. Thus by providing information the media can inspire and generate political social ideas and aid in shaping policy agenda and priorities.

Continue reading Cross Media Ownership in India: Cause for Concern?