Naavi.org

The Ministry of Information and Broadcasting released a draft of a new Bill titled Broadcasting Services (Regulation) Bill 2023 on November 10. This Bill is meant to replace the Cable Television Networks (Regulation) Act 1995 and will regulate the OTT services. Like the Privacy legislation, this legislation is likely to be the next war front for the Digital media led by George Soros cult in India. I will be surprised if the Bill see the light of the day before 2024 elections. However since the debate has started, the academic circles need to examine the proposals and record their views.

Way back in 2001 we debated the “Communication Convergence Bill” would have replaced

The Indian Telegraph Act, 1885,
The Indian Wireless Telegraphy Act 1933, 
Telegraph Wire Unlawful Possession Act, 1950, 
Cable Television Networks (Regulation) Act 1995 and 
The Telecom Regulatory Authority of India Act, 1997.

The Bill caused the political disruption with the Ministry of Information Broadcasting and Ministry of IT having serious issues on overlapping powers and a turf war. The Bill was therefore a non-starter. Subsequently, in 2006 another draft Bill called Broadcasting Services Regulation Bill 2006 was released as a draft. The 2001 Bill was under BJP’s Vajapayee Government when Pramod Mahajan was the Minister and the 2006 Bill was under the UPA Government with Mr P V Narasimha Rao as PM and Dayanidhi Maran as Minister of IT.

The provisions of these Bills therefore had the blessings of both the Governments though for political expediency we can expect the Congress of 2023 to mount a scathing attack on the present Bill as having a “Chilling Effect” on freedom of speech. Already Wire, Medianama and other Soros group media have started their campaign. Though the Government has called for public comments, this would perhaps remain an academic debate.

Since the Notification of 25th February 2021 when the Ministers of IB and IT held a joint conference and released a notification, the Media regulation has been in discussion with the last major notification being on April 6 2023 in the form of “Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules 2023”

With this background this latest Bill has been released for public debate. Though the chances of the Bill being passed are remote, given the flurry of activities in the Ministries before the next election, even the impossible may be possible if Modi wants discipline in the media before the 2024 elections.

We need to look at this legislation therefore with respect.

It appears that the 2023 Bill is largely a replica of the 2006 Bill of the UPA and hence it would be interesting to see how the opposition counters the Bill. The schedule of penalties and the suggested self regulatory systems are additions.

A summary of the Bill as provided by PIB is available here

The key highlights mentioned are

Key Highlights:

1. Consolidation and Modernization: It addresses a long standing need of consolidating and updating the regulatory provisions for various broadcasting services under a single legislative framework. This move streamlines the regulatory process, making it more efficient and contemporary. It extends its regulatory purview to encompass broadcasting over-the-top (OTT) content and digital news and current affairs currently regulated through IT Act, 2000 and regulations made there under.

2. Contemporary Definitions and Future-Ready Provisions: To keep pace with the evolving technologies and services, the bill introduces comprehensive definitions for contemporary broadcasting terms and incorporates provisions for emerging broadcasting technologies.

3. Strengthens the Self Regulation Regime: It enhances self-regulation with the introduction of ‘Content evaluation committees’ and evolves the existing Inter-Departmental Committee into a more participative and broader ‘Broadcast Advisory Council’.

4. Differentiated Programme Code and Advertisement Code: It allows for  a differentiated approach to Programme and Advertisement Codes across various services  and require self-classification by broadcasters and robust access control measures for restricted content.

5. Accessibility for Persons with Disabilities: The bill addresses the specific needs of persons with disabilities by providing for enabling provisions for issue of comprehensive accessibility guidelines.

6. Statutory Penalties and Fines: The draft Bill introduces statutory penalties such as: advisory, warning, censure, or monetary penalties, for operators and broadcasters. Provision for imprisonment and/or fines remains, but only for very serious offenses, ensuring a balanced approach to regulation.

7. Equitable Penalties: Monetary penalties and fines are linked to the financial capacity of the entity, taking into account their investment and turnover to ensure fairness and equity.

8. Infrastructure Sharing, Platform Services and Right of Way: The bill also includes provisions for infrastructure sharing among broadcasting network operators and carriage of platform services. Further, it streamlines the Right of Way section to address relocation and alterations more efficiently, and establishes a structured dispute resolution mechanism.

…Continued

Naavi

Also Read

Control+Alt or Delete: The Draft Broadcast Bill is a blue print for censorship: Wire.com

Why India’s new draft broadcast bill has raised fears of censorship and press suppression : Scroll.in

Broadcast Bill plugs regulatory gaps, but some provisions need watching

Several articles

While discussing the DPDPA 2023 compliance in the industry, the standard response we derive is “We are already GDPR Compliant which is a “Gold Standard” for Privacy and hence Indian data privacy law can only be a subset of GDPR and we should be already compliant with it”.

This is a myth and a risky assumption.

DPDPA 2023 is applicable for Digital Personal Data and not for other forms of Personal Data and one has to look for additional provisions under the Constitution or other laws to understand certain aspects of responsibilities of an industry on Personal Data Protection in toto.

Though GDPR has the principles of “Consent”, the “Legitimate Interest” concept of GDPR and the non-consent based legal basis acceptable under GDPR are not the same as the “Legitimate Use” concept under DPDPA.

Similarly the rights protected under GDPR for a Data Subject are not the same as the rights provided to data principals under DPDPA.

The Right of Grievance Redressal and Right of Nomination provided under DPDPA 2023 are not available under GDPR.

The “Duties” of Data Principal are not provided under GDPR.

The concept of “Data Fiduciary” under DPDPA is different from the concept of “Data Controller” under GDPR.

The recognition of minors and other persons with legal guardians is handled differently under DPDPA.

The powers of the DPB are different from the powers of the Supervisory authority under GDPR.

The penalties under DPDPA 2023 are different from penalties under GDPR.

The impact of GDPR on Data Processors is direct where as in DPDPA it is only through the contract with the Data Fiduciary with direct liability under ITA 2000.

GDPR has a strict Data Localization where as DPDPA 2023 is flexible.

DPDPA 2023 respects the sovereignty of different countries and recognizes the redundancy of making a Data Fiduciary/Controller/Processor liable under two different data protection laws. It has provisions to enable segregation of obligations. GDPR does not respect the sovereignty of the other countries and tries to extend its hegemony over other countries.

In view of these and other differences, compliance to GDPR cannot be considered as compliance with DPDPA 2023. In fact we can positively state that “Compliance to GDPR is non compliance of DPDPA 2023).

Naavi

In an expected move, the Bengaluru police under the current political dispensation prevailing in the State decided not to consider the e-mail threat made to 68 schools recently as amounting to a terrorist activity and decided to book the case under other offences such as “Impersonation” etc.

According to this report from Indian Express …

“The FIRs have been filed under sections 66 C and 66 D of the Information Technology Act, 2008, and for criminal intimidation and malicious acts to outrage religious feelings under sections 506 and 295A of the Indian Penal Code (IPC). The police have not invoked Section 66 F of the Information Technology Act which covers cyber terrorism in the FIRs on account of the hoax nature of the bomb threats”.

If one looks at the above photograph, it is clear that thousands of parents of the 68 schools as well as many others went through a trauma arising out of the email threat and a situation where the community was put in terror had been created.

The email indicated among other things that it was a revenge for the terrorists who were killed during 26/11 serial bomb attack in Mumbai, declared “We Will Kill You”. It also urged “When you meet with non-believers, you chop off their heads”.

The Police Commissioner of Bengaluru as a professional needs to justify how these statements can be brushed aside as “hoax”. The email cannot be considered only as a bomb threat and since no bombs were found, it cannot be classified as a hoax. The other threats are serious life threatening messages and will remain in the memory of the community fo ever and create an atmosphere of fear in the community.

It is clear that the hands of the Police are being tied by political pressure to misinterpret the threat and ignore it. If in future any untoward incident occurs in the manner in which it is indicated here, the Police Commissioner will be exposed to the charge of dereliction of duty due to political expediency.

I wish that the political supporters of the Government who belong to the threatened community including the God fearing Mr D K Shivakumar, the DCM, come out openly to condemn this brazen threat. Even the responsible persons within the community that is threatening (such as the speaker of the assembly), should express their outright condemnation of the contents of the e-mail.

The High Court of Karnataka should also suo-moto take recognition and initiate a trial of the case to pass necessary orders treating this as a national threat situation to be handled by NIA and CBI and not the state police.

Silence of these persons can only be considered as a tacit support to the terrorists out of fear or conviction.

I also take this opportunity to urge the professionals in India of all communities to take a stand against such incidents and be vocal. They should not hide behind the pseudo secularism and excuse of being non communal etc. Remaining silent on such occasions is a communal decision and lack of commitment to the welfare of the community.

Naavi

World over discussions are going on regulating Artificial Intelligence. There are some persons like Elon Musk who have endorsed the urgent need to regulate AI while some are still arguing that this is not the time to introduce restrictions on AI and curb innovations.

It is important for us to realise that it may be already too late for regulations and any further delay would only be hazardous to the human race.

Some of the recent developments in AI include developments of large language models (LLM) which have the power to “hallucinate”. Hallucination in this context is expression of creativity which enables the LLM to develop a poem or a literary work which is fiction.

However, it is this ability to hallucinate which can create “Rogue” responses and render LLMs unfit to be relied upon.

However there are innovators who consider that it is time to appoint a humanoid robot as the CEO of a Company, render “Judgements” to introduce more objectivity and reduce corruption in judiciary etc.

In this context some argue that “AI algorithm” which is also the brain behind a humanoid robot like Sophia or Mika should be considered as a “Juridical Person”. In fact “Sophia” is reported to have been already granted citizenship of a country (Saudi Arabia) which essentially means that it is already a juridical person. What remains is the formalization of this concept in international circles.

I am not sure if Sophia holds a Saudi Arabian passport today, but in June 2022, Sophia did visit India and attended a Tech fest in the College of Engineering in Thiruvananthapuram. We donot know if she travelled as a personality or a technical luggage with a human fellow traveller.

If Sophia had been considered a juridical person, she ought to have applied for a “VISA” and we would have known how the Indian Government determined her legal status. If she had been considered as just a technology instrument then the Customs should have taken some documentation to waive off custom duty or value her for custom duty and refund it if she returned in the same status.

I would invite organizers of Tech-Fest, the customs authorities in Thiruvanathapuram and the VISA office in MFA to clarify how they handled this situation since it will be considered as a precedence in the law of AI.

At this juncture I am reminded of an article in Deccan Herald today about a few researchers at IIITB who have published a paper on a robotic model that they say understands and interacts with humans based on emotions. This ability for AI to go sentient is the threshold where AGI transforms into ASI and when the argument for consideration of AI as a juridical entity becomes stronger.

While there can be an academic debate on the issue of whether AI or a humanoid robot with AI should be considered as a juridical entity, this also gives raise to a though if it is also a time to consider human brain as a computer under ITA 2000 and Neuro data considered as equivalent to binary data.

The issue of granting Juridical status to an AI can be considered as similar to a “Minor” attaining “Adulthood” . Just as a “Minor” is represented by a “Guardian”, an AI before going sentient is considered as the responsibility of the developer (under Section 11 of ITA 2000). However on attaining the sentient capability the AI may claim for independent adult status which after an assurance certificate and testing process can be approved by an authority. I propose the introduction of such a process as part of the AI regulation.

Some extended philosophical thoughts

While we try to provide legal recognition to AI as a juridical person, in order to maintain the state of equality between the science of binary bits that drive a humanoid robot and the neuron activity in a human brain, a debate is due on whether “Neuro Data” can be considered as “Binary” and law of ITA 2000 be applied to the “Human Brain”.

In this concept, brain would be considered as an asset of a “Human Soul” . This would be just like the hands and legs are part of the assets of the human soul and would be similar to the computer peripherals attached to a computer brain.

The recognition of a human entity would in such case would be in reference to the “Consciousness” which is different from the body as well as the brain. The human identity would then be linked to the soul rather than the body.

This is an area where the Indian “Philosophy” which distinguishes the body, the mind and the consciousness can find some common ground for discussion with a computer hardware, software and the AI.

If “Neuro Data” is recognized as “Electronic Data” under ITA 2000, “Human Brain” becomes a “Computer” under ITA 2000 and judiciary should recognize “Brain Computer Interfaces” as tools to access computer and recognize the need for “Neuro Rights” as part of “current Privacy rights.

I am not sure if this thought is to be considered as a degeneration of the value of human intellect.

But if it is so, it is also an argument against granting juridical status to AI since we cannot legally equate a computer algorithm to the higher consciousness of a human being.

Alternatively, the recognition of AI under law should be as an entity with a different perspective than a human entity with necessary restrictions which has to be incorporated in the AI regulations. Perhaps the “Attribution” and responsibility for actions of an AI should continue to be with a master who should be a human being.

At this point of time, this thought may look crazy, but behind this lies Naavi’s theory of Neuro Rights and equivalence of neuro data and binary data under law. Watch out for more on this topic. 

Naavi

The 26/11 sympathisers emboldened by the appeasement attitude of the politicians in the Karnataka State Government and voted by the corrupt voters of Karnataka, have threatened several schools in Bangalore with an email and created a state of terror in the city and the nation.

If one looks at the content of the e-mail, it appears that this incident cannot be considered as a simple bomb threat but it is a threat to kill non believers of Islam. It is therefore an act of terrorism and law enforcement should book the case as a terrorist act.

This case comes under the jurisdiction of NIA and not state Police.

I urge the Central Government and MHA to take note and immediately take over the investigation. The State Police under the influence of the current political masters will only be interested in brushing the incident under the carpet.

Leaving the comments on the political aspects aside, let us look deeper at the legal issue where we also need to flag the role of E Mail providers in such crimes. The current system of anonymous e-mails is a system that does not fit into this Hamas age. It must be disbanded even if it hurts the progress of mankind. We need to switch over to “Identified E Mail user system” where e-mail service is provided only to those who are verified.

To start with, E-mail providers should start the practice of flagging “Unverified” e-mails as “Potential Spam” so that existing spam filters automatically flag such e-mails. Subsequently KYC based e-mail system should be used by the community.

In the current case, the email has come from topmail.com. Case should be registered against them and the domain should be immediately blocked from India under Section 69A of ITA 2000.

Currently there are some e-mail service providers who provide secure email service for corporate purpose. In such cases the corporate admin becomes the KYC assurance provider and takes care of verifying the user and onboarding them onto the e-mail system. No outsider can either send or receive emails from the domain. (eg: ledgermail)

Similar system should be used for public e-mail with several trust providers hosting the service of authenticating the end users. The Government may take care of authenticating the authenticators through an appropriate accreditation system.

The DPDPA-2023 now has a system of “Consent Managers” and it is time that E Mail services are also provided through such consent managers who are licensed and who should verify the users and then provide access to the current e-mail service providers.

The e-mail providers would be data fiduciaries who should be able to provide security including provision of information under 69B of ITA 2000. They are also subject to the provisions of Section 69A as well as Section 69. They can be blocked and demanded with decryption of encrypted e-mails.

All Consent Manager systems under DPDPA should be also declared as protected systems under Section 70 of ITA 2000.

Service Providers such as G Mail need to introduce a system of flagging the originating IP address and drop the system of substituting proxy IP address which contributes to the proliferation of phishing and terror emails.

The current system of “Redaction” of Domain name users accepted by ICANN is a fraud on the society. It has no relevance to “Privacy” since hosting a domain name does not come under any Privacy protected activities and the registrants have no Privacy Rights”.

Not introducing measures of flagging the originating IP address and the name and address of the registrant of the domain should be considered as a support to Phishing and therefore should render the E Mail service providers to be convicted for assisting in the commission of a crime.

This practice should start with the current Karnataka E Mail incident when a notice has to be issued to the e-mail provider to either own up the mail or identify the account holder under Section 69B of ITA 2000. If there is non-cooperation, case should be booked under Section 66F of ITA 2000 for creating terror in the community.

Anything other than such action would be considered as un-satisfactory.

Naavi

A Whois enquiry reveals that the domain name registrar of topmail.com has redacted the information on the topmail.com registrant and therefore made himself liable for being considered as part of the conspiracy. Hence the FIR should include Ke-Systems GmbH as the registrar who has abetted the crime. The registration appears to have been made from www.topsectechnology.com. The other domains involved in the hosting include topsec.com and an email dataprotected@maskeddetail.com, a referral domain tieredaccess.com .

It is necessary for the investigators to get into tieredaccess.com to find the identities. observed that these terror hosts are hosting their content in AWS.

Topmail is a customer of AWA. Probably AWS may have some of the information of the origin of these e-mails and information to block topmail service. Even the associate intermediaries such as AWS should be issued notices under Section 69B for information.

The FIR should include all these agencies (and more) as conspirators under Section 120 of IPC and the investigation should be undertaken at the international level.

Whenever we think of Public Private Partnership (PPP) projects, the immediate recall are the infrastructure projects like the Roads where there is a large investment requirements for public benefit, but the skills and resources are to be contributed by the private sector.

These road projects generate huge amount of data through the tolls. Similarly CCTV projects for traffic management or public health management projects also generate enormous amount of data as part of the project.

Considering that “Data” has a large financial value, it should be one of the key parameters in planning and executing such projects and we are doubtful if it is being given the due attention at present.

In addition to the traditional PPP projects where “Data” of substantial value is generated as a fall out of the project, there are certain projects where “Data” is the “Primary Project Asset”.

One example I can recall is the financial data of Banks and Credit card companies which is a valuable data asset from which huge revenue is generated by private data processing companies including the VISA and Master Cards.

If these Banks are “Public Sector” Banks or Government entities, there is a legitimate concern that the data asset used or generated in the project is a sovereign asset and are being given away to private use.

This kind of data requires to be not only protected and stored locally but we need to ensure that the commercial benefits arising out of the data ownership remains with the Indian Public entity at all times.

In most of the Data Driven PPP projects, the role of the Government could be to invoke the exemptions available under law to collect and process citizen’s data which is not available to the private entity while the skills can be brought in as a contribution of the private sector.

In this context, “Data Governance” becomes an important element of PPP projects that need to be factored in every PPP project. While this is more easily recognized in the citizen centric projects where there is large personal data generation, it is also important to remember that “Non Personal Data” collected during sensitive projects such as Airports or Railways etc are also important from national security point of view.

One example of what happens when “Data Governance” is neglected is the way 500+million data of Indian Banking customers effectively changed hands from Indian Banks to Transunion, a private US based company with the take over of CIBIL by TransUnion.

The unfortunate part of the transfer of nearly 90% shares of CIBIL to TransUnion was that all our Public Sector Banks and the RBI (Then under Mr Raghuram Rajan) did not make it transparent on the value of consideration they obtained for the transfer of shares to TransUnion.

This was a fraud on the shareholders of these Banks. Even SEBI which should have been alert to such share transfer remained silent. The Government of India which should have considered this as a “Data Laundering” incident similar to “Money Laundering” chose to remain silent and continues to do so even to this day. The Supreme Court which pokes its nose in every administrative aspect of the Government did not take any suo moto recognition of the transfer of 50 crore plus data sets containing sensitive financial information each of which could be valued at around rs 1000/- in the dark web without proper transparency.

I am also reminded of another project where Mysore university wanted Google to undertake a digitization project of its library unmindful of the value of information that was being transferred to Google from all the ancient texts which were being scanned. I am not sure if the project went through.

The failure of “Data Governance” in PPP projects therefore will be a factor that all of us should remember could lead to valuable Indian assets being plundered by private sector of foreign origin.

Hopefully the Government of the day incorporates a “Data Governance Audit” as a mandatory aspect of clearance of all Data Driven Governance Projects.

Naavi