Quarterly Transparency Report for January-March 2024: Censorship, Surveillance, Smartcities and more

tl;dr

In 2023, IFF’s transparency vertical filed 64 RTI applications with various public authorities at the state and union levels to bring transparency and accountability into the functioning of a number of public authorities, and empower Indian citizens with information that affects their digital rights. Some notable responses from this quarter include a push-and-pull with MIB on comments it received in the Broadcasting Services (Regulation) Bill, 2023, stonewalling of information on censorship and content blocking/takedown orders from the government, more non-transparency into the Digi Yatra ecosystem, the POSHAN App being non-mandatory, and more. 

Why should you care?

The Right to Information Act, 2005 (“RTI Act”) was enacted to promote transparency and accountability in the working of public authorities by ensuring that citizens are able to secure access to information in control of these authorities. Facilitating such access is necessary to ensure that democratic processes are not subverted by public authorities acting in private interests. Where transparency is not upheld as a value of public decision-making, citizens are at a disadvantage when it comes to keeping a check on abuse of power by the public authorities.

The RTI Act is thus one of the most important tools at the disposal of the public to engage with, and demand transparency and accountability from, our union and state governments. The Digital Transparency vertical at IFF strives to routinely extract information about various ongoing policies and projects introduced in the public sector through RTI Applications filed under the Act. Responses we receive often pave the way for government engagement, advocacy, and even strategic litigation. Previous reports on our transparency endeavours can be accessed here. 

RTIs we filed

Here is a list of RTIs we filed this quarter:

1. On November 23, 2023 the Department of Personnel and Training published a notification bearing reference number G.S.R 864(E), placing the Indian Computer Emergency Response Team (“CERT-In”) under the Second Schedule of the RTI Act—thereby exempting it from the application of the Act. In an attempt to have more transparency on the legislative processes involved in notifying a public authority under this schedule, we filed 8 RTIs this quarter asking the Department for legislative process and history of 8 exempted intelligence and security agencies (including CERT-In). Read our statement on how exempting CERT-In from the RTI Act dilutes institutional transparency and weakens individual privacy here.
2. We asked the Ministry of Electronics & IT (“MeitY”) detailed questions about the WhatsApp message sent from the ‘Viksit Bharat Sampark’ account to millions of users, including where they got our numbers from. Read our post decoding the message and what it means for voter privacy during the 2024 General Elections here.
3. We filed a number of RTIs on the surveillance and censorship efforts during the Ram Temple consecration ceremony in Ayodhya on January 22, 2024. We asked the Ministry of Home Affairs (“MHA”) about the blocking of 100 social media accounts ahead of the Ram Temple consecration ceremony by MHA and real-time monitoring of social media websites by a “cyber experts group”, and the installation of “high accuracy” CCTV cameras in Ayodhya as a security measure by the UP Government.
4. We asked MeitY and the Ministry of Information & Broadcasting (“MIB”) many questions on content censorship, takedowns, and blocking:
   1. We asked MeitY and MIB about the takedown of Bihar railway worker protest videos from YouTube.
   2. We asked MeitY and MIB about the suspension of Media Swaraj channel from YouTube.
   3. We asked MeitY and MIB about X/Twitter accounts blocked during the Farmers’ Protests in February 2024 through 12 separate RTIs. We maintained a tracker for these blockings and our RTIs.
   4. We asked MeitY and MIB about the takedown of the Caravan Magazine story ‘Screams from the Army Post’.
5. We asked the Bengaluru Traffic Police about their pilot project where they allegedly sent information about the specific traffic violation to the violator’s respective IT company through email or Whatsapp of the company employees.
6. We asked about the constitution of fact-check units in Patna (here) and Odisha (here).
7. We asked many public authorities about the use of artificial intelligence in governance:

8. We asked MeitY about the parental control app ‘Safenet’ which it is developing.
9. We asked the MHA about takedown powers of agencies it has notified as the agencies that can send takedown orders to intermediaries on illegal content related to cyber crimes under Section 79(3)(b) of the Information Technology Act, 2000, including the National Crime Records Bureau and recently the Indian Cyber Crime Coordination Centre.
10. We asked the Gujarat State Revenue Department about a notification they issued introducing Aadhaar verification for registration of documents under Gujarat Registration Rules, 2023.
11. We asked about the legal framework behind the lawless Automated Permanent Academic Account Registry (“APAAR”) student ID.
12. In context of the Farmers’ Protests again, we asked about the use of drones for surveillance of protesters by the Haryana Police.
13. We asked MIB for copies of comments and interministerial communications it received in response to the consultation on the Broadcasting Services (Regulation) Bill, 2023.
14. We asked about two AI interventions in health, namely Doctor on Wheels (here) and Project BHISHM (here).
15. We asked about a tender published by Andhra Pradesh State Council of Higher Education for the development of SSO service to facilitate access to the State’s Learning Management System portal.
16. MeitY notified an amendment to Rule 23 (sub-rule 1) of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules 2009 on February 26, 2024 vide GSR 133(E), allowing certain security agencies to destroy interception records. We asked MeitY about interministerial communications it received in response to the amendment.
17. We asked the Election Commission about their partnership with Staqu Technologies Pvt Ltd as is claimed on the latter’s website.

Round-up of prominent responses 

We tracked policy consultations, news headlines, and emerging government schemes to make measured RTI interventions on a number of concerning initiatives. Here are some key responses we received to our RTIs this year, along with a summary of outcomes that emerged from them:

The Broadcasting Bill files

In November 2023, the MIB published the draft Broadcasting Services (Regulation) Bill for public consultation. On December 07, 2023, we submitted our comments on the bill, and launched the Letuschill.in campaign, encouraging our community to also send in templatised email responses as comments for the bill. Following this, on February 23, 2024, we wrote a letter to MIB requesting the publication of all received comments on the Ministry's website, with personal information redacted. Simultaneously, we filed an RTI application with MIB, seeking details and copies of the consultation responses. 

Then, things got interesting. On March 01, 2024, MIB sent an email to us and other stakeholders who submitted comments, saying they have received RTI requests to disclose their comments, requesting them to give consent for the same within 10 days. We promptly provided our consent as IFF, and sent a mailer to our community explaining the process to them and encouraging them to give their consent with personal details redacted, if they so prefer. 

Thereafter, we received an RTI response from MIB through which they made some interesting arguments. First, they claimed that the comments submitted by stakeholders cannot be disclosed without their consent as that would violate their privacy and intellectual property rights. Despite this, MIB requested a sum of Rs. 934 from us to send us copies of the 417 comments it could make public. We duly paid the sum and now await their response. Additionally, alongside this process on March 04, 2024, we reiterated the necessity of transparently sharing all consultation responses, urging the redaction of personal details before publication. We await movement on this and will keep you posted.

What happens in Ayodhya…

In our ongoing efforts to gather comprehensive information surrounding the Ram Temple ceremony in Ayodhya on January 22, 2024, we filed 4 RTI requests with different departments, seeking details and procedures associated with the widespread AI-enabled surveillance and security measures being adopted in the city (as described above). The response from the DGP, UP was particularly noteworthy, as they shared a copy of the Standard Operating Procedure (SOP) used by the UP Police during the ceremony. This document may hold some valuable insights into the protocols and strategies adopted by the local police—we are currently in the process of meticulously analysing the SOP and will publish it shortly. 

Don’t ask, don’t tell: Censorship edition

In all our efforts to get information on content censorship, takedowns, and blocking across Farmers’ protests, Caravan story takedown, media blocking and constitution of fact-check units, we got comparable tight-lipped responses. The trifecta of Section 69A (Information Technology Act), Rule 16 (Information Technology rules), and 8(1)(a) of the RTI Act was used liberally in response. We await responses on some of these and will be collating these findings in a censorship report shortly, deeply analysing these responses and identifying trends. 

Daastan-e-DigiYatra

We sought information on the data ecosystem and operations of Digi Yatra with regional airports in December 2023, but the responses lacked information and clarity. Ministry of Civil Aviation and Airports Authority of India stated that Digi Yatra is not mandatory (though the story on ground is different!), and the Bengaluru International Airport Limited (“BIAL”) stated that whether BIAL is a public authority and therefore under the RTI Act is still “sub-judice” (being decided by a court of law).

Don’t act smart(city) with me!

Because of the recent surge and deployment of artificial intelligence in the public sector, especially in smart city initiatives, we filed a bunch of RTIs with the different ministries and departments. But as usual, received little to no information in return. IFF has built an AI/ML tracker Transparency Tracker on the use of AI/ML in the Indian public sector (we will make this public soon!), which goes to show the extent of non-transparency and accountability evasion in this domain.

POSHAN Tracker not mandatory

We filed 3 separate RTIs with the Ministry of Women and Child Development last year in the context of the POSHAN tracking application regarding beneficiary concerns, Anganwadi and health worker concerns (if it is mandatory and if they are being provided with any technical training), collecting and tracking data of children with disabilities and asking if there is privacy impact assessment and a cost-benefit analysis instituted for the POSHAN app. One response (which came many months late!) stated that the POSHAN app is not mandatory for Anganwadi workers and that technical training of Anganwadi workers on the app is done on a regular basis through the National e-Governance Division and National Institute of Public Corporation and Child Development. They also mentioned that POSHAN is not used to track attendance, or at least mandatorily. Lastly, they noted that the privacy impact assessment and a cost-benefit analysis are points under “active consideration”.

The APAAR trouble

We have filed a host of RTIs with the Ministry of Education about the seemingly lawless APAAR ID which is being implemented at breakneck speed across India, only to receive mind-numbing responses. We will soon release a detailed analysis of our transparency efforts around APAAR in a separate post.

ECI’s big secret?

We filed an RTI with the Election Commission of India (“ECI”) regarding the partnership between the ECI and technology provider Staqu Technologies Pvt. Ltd (Staqu). In the response, the PIO disposed of this RTI vide the impugned response stating that the “Election Commission of India has not been partnership or engaged with M/s Staqu Technologies Pvt. Ltd.(Staqu) for voter awareness related activities”. We are planning to file a first appeal as the information given was inadequate and incomplete. In the RTI, the information sought was for all and any partnerships between the ECI and Staqu Technologies Pvt. Ltd. and is not limited to only “voter awareness activities” to which the ECI has responded. 

So, what’s next?

Well, we shall continue to track the news and file pertinent RTI requests, and keep fighting the good fight for transparent, accountable, and citizen-led democratic institutions. We look forward to receiving responses to the remaining RTIs and will keep you updated in our next quarterly report, so stay tuned!

*This post was co-authored by Vinamra Harkar, Policy Intern, Internet Freedom Foundation