(New York) - United States technology companies should urge India’s visiting prime minister, Narendra Modi, to end censorship and attacks on free speech and enact a privacy law that meets international standards, Human Rights Watch said today. Modi will meet the chief executive officers (CEOs) of top technology companies such as Google, Apple, Microsoft, Adobe, and Facebook, among others, during his visit to California’s Silicon Valley on September 26-27, 2015.
The CEOs should emphasize to Modi that they will vigorously oppose any laws that weaken access to strong encryption and anonymity and compromise the privacy of their users. Information and communications technology companies have a responsibility to advance the enjoyment of human rights on freedom of expression and privacy globally, Human Rights Watch said.
“Top technology firms have not hesitated to criticize the US and other governments that impose overly intrusive surveillance measures, unnecessarily block websites, or engage in censorship, so they shouldn’t lose their voices when they meet Prime Minister Modi,” said Brad Adams, Asia director at Human Rights Watch. “While India presents significant business opportunities, CEOs should tell Modi that they will oppose any steps that erode free expression or privacy rights.”
On September 22, the Indian government hastily withdrew a draft policy on encryption after criticism that it would make Internet users more vulnerable to data breaches and crime. The draft would have required users and businesses to keep encrypted data as plain text, defeating the purpose of encryption and weakening the information security of both individuals and businesses. It also would have outlawed all encryption standards not specifically allowed by the government and required all companies using encryption to register with the authorities.
India’s communications and information technology minister said the policy would be redrafted, adding, “The purport of this encryption policy is only to regulate those who encrypt. It is not to regulate consumers.”
Technology companies should tell Modi that a new draft should recognize that strongencryption and anonymity are fundamental to protect cybersecurity and human rights, as the United Nations expert on freedom of expression has noted, Human Rights Watch said.
Indian authorities already have policies to regulate encryption that should worry information and communications technology companies, Human Rights Watch said. For instance, contracts signed by telecom and Internet service providers in India prohibit them from deploying “bulk encryption” on their networks. This would affect companies such as Facebook, which recently said it would start a Wi-Fi service in India, as companies would be required to sign a contract that would leave them unable to provide sufficient privacy protections for its users.
“As they have in the US, information and communications technology companies should oppose any government efforts to require them to compromise anonymity and encryption,” Adams said. “To the extent regulations are even needed, the companies should urge the Indian government to ensure that its laws and policies are consistent with the recommendations of UN human rights experts.”
In his interactions with top business and technology leaders in the US, Modi is expected to seek support for and investment in “Digital India,” an ambitious government initiative that aims to expand public access to the Internet; provide universal access to mobile connectivity; enable electronic delivery of services in areas such as healthcare, banking, insurance, and education services; improve e-governance; and boost manufacturing of electronic goods. If properly carried out, these initiatives could help improve governance, reduce corruption, and result in inclusive development.
However, this initiative could also lead to increased collection of personal information on citizens by the government as it offers government services and benefits online. Increased digitization can improve people’s lives and their human rights, but it also means that governments have an enhanced ability to monitor people’s movements, censor speech, block or filter access to information, and track communications. As the UN expert on freedom of expression has noted: “A State’s ability to collect and retain personal records expands its capacity to conduct surveillance and increases the potential for theft and disclosure of individual information.”
Human Rights Watch expressed concerns that Digital India is being created in the absence of a legal framework on privacy. India has had a draft privacy bill in the works for several years, but successive governments have failed to enact it. A 2012 report by an expert group created by India’s Planning Commission recognized the need for a privacy law in India and laid down nine fundamental principles, stating that any framework on the right to privacy in India needs to include “privacy-related concerns around data protection on the internet and challenges emerging therefrom, appropriate protection from unauthorised interception, audio and video surveillance, use of personal identifiers, bodily privacy including DNA as well as physical privacy.” However, the Modi administration recently argued in the Indian Supreme Court that privacy was not a fundamental right under the Indian constitution.
“Collection of personal data and digital surveillance in the absence of adequate privacy safeguards puts human rights at particular risk,” Adams said. “Privacy is a gateway right that affects the ability to exercise almost every other right, in particular the freedoms of expression, assembly, and association.”
In an environment in which legal protections are inadequate, companies looking to invest in India should take steps to safeguard privacy and other rights of Indian Internet users, as provided by the UN “Protect, Respect, and Remedy” Framework and Guiding Principles on Business and Human Rights. The Guiding Principles set out a global standard for preventing and addressing adverse effects on human rights linked to business activity: “The responsibility to respect human rights applies throughout a company’s global operations regardless of where its users are located, and exists independently of whether the State meets its own human rights obligations.”
“The government’s initiative to digitize India will benefit from enhancing people’s security online, which requires stronger privacy and free speech safeguards,” Adams said. “Technology executives should tell Modi that without a strong legal framework to protect privacy and prevent censorship, they won’t be willing to make the kinds of increased investments the Indian government clearly wants.”