Search interesting materials

Friday, May 18, 2018

India's communication surveillance through the Puttaswamy lens

by Vrinda Bhandari, Smriti Parsheera and Faiza Rahman.

"In an uncivilized society where there are no inhibitions, only physical restraints may detract from personal liberty, but as civilization advances the psychological restraints are more effective than physical ones. The scientific methods used to condition a man's mind are in a real sense physical restraints, for they engender physical fear channelling one's actions through anticipated and expected grove" --- Justice Subba Rao's minority view in Kharak Singh vs Union of India (1964).

Introduction

Post the Snowden leaks in 2013, the international political community has been faced with complex debates around the state's need to conduct surveillance activities and its impact on the privacy of individuals. In India, this debate has gathered steam with concerns around the surveillance capabilities of the Aadhaar framework and the Supreme Court affirming privacy as a fundamental right in KS Puttaswamy v. Union of India. However, the Court in the Puttaswamy case also clarified that the right to privacy, like any other fundamental right, is not absolute and the state may have an interest in placing reasonable restrictions on this right in pursuance of legitimate aims such as protecting national security, preventing and investigating crime, encouraging innovation, and preventing the dissipation of social welfare benefits. Apart from indicating the broad parameters for restrictions to the right to privacy, a majority of the judges (Chandrachud J. speaking for 4 judges and Kaul J.) endorsed a European law-style proportionality framework to balance the right to privacy against competing interests.

In his dissent in the Kharak Singh case, Justice Subba Rao un-tethered the concept of privacy from the home and extended it to the idea of "psychological restraint", a precursor to the chilling effect argument. The majority in Puttaswamy too, acknowledged the chilling effect of surveillance on speech, movement, and activities of individuals. This becomes particularly important in the context of surveillance in the digital age -- ready availability and ease of access to information should not become a source for indiscriminate or mass surveillance.

While the need for lawful access by law enforcement agencies (LEAs) cannot be denied, what we need is a legal framework that lays down clearly defined parameters around who can gain access to personal information, under what circumstances and the legal process for the same. In this post we discuss the extent to which India's current communication surveillance practices are likely to withstand scrutiny under the tests identified by the judges in the Puttaswamy case.

How the proportionality standard works

Among other things, the Puttaswamy verdict is significant for its extensive reliance on the rich privacy and surveillance jurisprudence from the United States, Canada, Europe and United Kingdom and its endorsement of the International Principles on the Application of Human Rights to Communication Surveillance (Necessary & Proportionate Principles, 2013). These principle require the government to demonstrate that surveillance was absolutely necessary and there was no other less-restrictive means of achieving the legitimate aim. The principles include requirements of judicial oversight, due process, user notification (under certain circumstances) and transparency. Drawing from this body of work, the judges in the Puttaswamy case identify the following four steps to assess the constitutional validity of a law that infringes upon the privacy and personal liberty of an individual:

  1. Legality: The existence of a law.
  2. Legitimate goal: The law should seek to achieve a legitimate state aim (Chandrachud J.).
  3. Proportionality: There should be a rational nexus between the objects and the means adopted to achieve them (Chandrachud J.). The extent of such interference must be proportionate and "necessary" to achieve its stated aim (Kaul J.). Justice Kaul's opinion can be read to espouse the European standard of least restrictive means.
  4. Procedural guarantees: To check against the abuse of state interference (Kaul J.)

We take the example of three kinds of communication surveillance tools being deployed in India -- interception of phone calls under the Telegraph Act; direct access to communication flows by government agencies under the Centralised Monitoring System (CMS); and restrictions on encryption of data -- to assess how they would fare under the Puttaswamy tests.

Applying the Puttaswamy tests to communication surveillance in India

In India, basic powers to carry out surveillance-related activities flow from the provisions of the Indian Telegraph Act, 1885 (Telegraph Act), the Information Technology Act, 2000 (IT Act), the Code of Criminal Procedure, 1973 (CrPC) and the rules framed under those laws. These provisions empower the police as well as central agencies like the Intelligence Bureau, Narcotics Control Bureau, Directorate of Enforcement, National Investigation Agency, Research and Analysis Wing and others to gain access to a person's messages, calls and data transmissions for certain identified purposes. The processes laid down under the law are supplemented by "standard operating procedures" issued by the Ministry of Home Affairs and the Department of Telecommunications to LEAs and telecom service providers (TSPs), respectively.

As per a right to information (RTI) response sought by SFLC an average of 7500 - 9000 telephone-interception orders are issued by the central government each month. Add to this, the orders for data interception issued under the IT Act and orders issued by the state governments and the total figure is likely to be staggeringly high. Information revealed under Google's transparency report offers another indication of the volume of requests made by Indian authorities -- in 2017 Google received 8,351 user data disclosure requests from India, affecting about 14,932 user accounts.

The lack of a transparent mechanism to report the total volume of surveillance activities being undertaken by government agencies presents a major challenge. While some pieces of information can be sewn together from RTI requests, Parliament questions and initiatives like Google's transparency reports, this cannot substitute the need for direct information disclosures by the intelligence bodies themselves. The fact that many of these agencies and programmes have their basis in executive action, and do not have statutory legitimacy, only magnifies these concerns.

While the Government has recognised nine central LEAs and the state police authorities to conduct lawful interception activities, there is an absence of legal or institutional oversight over the exercise of these powers by the various agencies. An attempt to address this issue was made through a private members Bill, The Intelligence Services (Powers and Regulation) Bill, 2011, that sought to regulate the functioning and exercise of powers by Indian intelligence agencies, specifically the IB, RAW, and the NTRO. The Bill also provided for a Designated Authority for authorisation procedures and systems of warrants (for surveillance), a National Intelligence and Security Oversight Committee for oversight, and a National Intelligence Tribunal for investigating complaints against these three agencies. However, the Bill lapsed in October 2012, and these intelligence agencies continue to lack legislative backing, further raising questions about the proportionality of surveillance operations in India.

Lawful interception under the Telegraph Act

Section 5(2) of the Telegraph Act empowers the state to conduct lawful interception of phone calls and messages under certain specified circumstances. The constitutionality of this framework was upheld by a two-judge bench of the Supreme Court in PUCL v. Union of India (1997), subject to the adoption of appropriate procedural safeguards. This resulted in the subsequent amendment of the Telegraph Rules, 1951 to incorporate Rule 419A containing the procedure suggested by the Supreme Court. We examine below how the surveillance processes under this law are likely to be treated in case of a fresh challenge post the Puttaswamy verdict, specifically in light of the four tests identified by the judges.

Legality: The central and state governments clearly have the statutory authority to order lawful interception activities under the Telegraph Act and the rules under it. However, we argue that the principle of legality needs to be seen from a broader perspective -- it is not just about the existence of a law but also the context in which that legality was conferred. The Telegraph Act and rules were drafted in a context when bulk surveillance was not as easily possible and the discourse around privacy and surveillance was not as well defined. Since then, the capability of interception technologies at the disposal of government agencies and the volume of interceptions being carried out by them have increased exponentially. This merits a re-examination of the existing legal framework. The Necessary & Proportionate principles also state that given the pace of technological changes, legality vis-a-vis communication surveillance would entail laws that restrict the right to privacy to be subject to periodic review through a consultative legislative or regulatory process.

Legitimate aim: Section 5(2) of the Telegraph Act states that the central and state governments may, on the occurrence of any public emergency, or in the interest of the public safety, direct the interception of communications, in the interest of the sovereignty and integrity of India, the security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of an offence. Therefore, an order of interception will satisfy the requirement of legitimate aim so long as it is issued upon the occurrence of public emergency or in the interest of public safety and in pursuance of any of the six legitimate objectives listed above.

Proportionality: The third test requires that the means adopted should be proportionate for achieving the identified legitimate aim. In the context of communication surveillance, this would require the authority ordering interception to weigh the degree of the proposed intrusion against its anticipated gain. In the next section, we discuss some of the limitations of the present legal process, which hinder the due application of mind required for such a scrutiny.

The proportionality test also encapsulates within itself the principle of "necessity", which means that interception of communication should take place only when it is the least intrusive way of achieving the legitimate purpose. Rule 419A(3) of the Telegraph Rules adopts this principle by stating that relevant officer should issue an interception order only when it is not possible to acquire the information by any other reasonable means. While targeted surveillance based on evidence of suspicion may be the least restrictive way of achieving a legitimate aim, the current wording of the rules allows each interception order to cover "messages or class of messages" involving a "person or class of persons" or "relating to a particular subject". In doing so, it creates possibilities of bulk access to communications, which will inevitably intrude upon the privacy rights of several unsuspecting individuals.

Procedural safeguards: Rule 419A of the Telegraph Rules sets out certain procedural safeguards to govern the interception of communications, which emanated from the Supreme Court's decision in the PUCL case. Significant time has lapsed since that verdict and both the scope and the volume of surveillance activities has increased. For instance, the government has launched surveillance programmes such as the CMS, NETRA, NATGRID and made corresponding changes to telecom licenses to provide real-time access to the traffic flowing through TSP networks. Even without taking into account these developments, we find that the current procedure in the law would fail to constitute a "fair, just and reasonable" process on the following counts:

  1. Rule 419A authorises members of the executive -- the Secretary to the Ministry of Home Affairs in the case of central government and the Secretary of the Home Department in the case of a state government (or in unavoidable circumstances, a Joint Secretary) -- to sanction orders of interception. Taking into account the volume of orders being issued by the government on a regular basis it is hard to make a case that the officers in charge of this function can ensure due application of mind to each and every request placed before them given their many other responsibilities.
  2. The Telegraph Rules set up a Review Committee to check if interception orders were issued in accordance with the law. This committee comprises only of members from the executive such as the Cabinet/Chief Secretary along with Secretaries in charge of legal affairs and telecommunications. There is a conflict of interest in this review mechanism, as both the interception order issuing authority and the oversight authority comprise of members only from the executive.
  3. There is no pre- or post-judicial oversight over the decision to place an individual under surveillance.

In contrast, surveillance legislations across democratic jurisdictions require that interception orders should be issued by a judicial authority. Other oversight mechanisms include bodies such as the Privacy and Civil Liberties Oversight Board in the U.S -- an independent statutory agency within the executive branch, which, among other things, reviews executive actions relating to counter-terrorism. Given the volume of interception requests and the technical nature of proportionality enquiry, the legal framework in India also needs to evolve accordingly. Elements of this framework should include (i) prior judicial scrutiny or post facto scrutiny, in emergency cases, for authorisation of interception requests; (ii) transparency requirements, such as the obligation to submit periodic reports to the Parliament detailing the volume and nature of the interceptions being carried out.

Centralised Monitoring System

Through a press release issued in 2009 the government announced its intention to set up "a centralized system to monitor communications on mobile phones, landlines and the internet in the country". This system would allow authorised LEAs to gain direct access to the traffic flows on the networks of TSPs. These plans were rolled out in 2013 when the telecom license agreement was amended to require TSPs to set up the prescribed infrastructure for their systems to be directly connected with regional monitoring centers (RMCs) of CMS through interception, store and forward servers. As per information placed before the Parliament in March, 2017, technology development and pilot trials of CMS had been completed and 18 of the 21 planned RMCs had been technically commissioned.

The CMS has been widely criticised for its all-encompassing nature, privacy threats and likely chilling effects (Litton, 2015). We question below how this system would fare under the specific tests under the Puttaswamy case.

Legality: The CMS project is not grounded in law (Datta, 2015). The only requirements relating to it emanate from the terms of the telecom license, which is in the nature of a contract between the government and TSPs. While a statutory requirement to ensure compliance with the licensing terms and conditions is contained under the Telecom Regulatory Authority of India Act, 1997, this is not a sufficient basis to attribute legality to CMS. Attempts to attribute legality to CMS may also be based on claims that it derives its powers from the existing provisions in the IT Act and the Telegraph Act. However, as we discuss below, the abilities of CMS extend far beyond the legislative intent of those laws which was to authorise interception of information only for certain specific purposes and after following a specified procedure.

Legitimate aim: Lawful interception by LEAs to meet the specific objectives identified under the IT Act and the Telegraph Act would constitute a legitimate aim. However, the manner in which CMS is designed does not provide for sufficient checks and balances to ensure that its use will in fact be confined to the satisfaction of those aims.

Proportionality: By its very design, a system that provides LEAs with direct access to all communications can not meet the requirement of proportionality. While the government may argue that the system is intended to be used only for lawful interceptions, the existence of a system where all information flows through the CMS and can be collected on tap by enforcement agencies vitiates the concept of targeted surveillance. Therefore, irrespective of whether such excesses are actually committed, the logical possibility of such an outcome reflects a lack of proportionality. As noted by the UN Special Rapporteur on human rights and countering terrorism, bulk access to communications is incompatible with the normative understanding of privacy as the "very essence of the right to the privacy of communication is that infringements must be exceptional, and justified on a case-by-case basis".

Procedural safeguards: The benefits of CMS, as articulated by the government, include having secure and instantaneous access to data by avoiding any manual intervention particularly from TSPs. However, by eliminating TSPs from the process, the system is also removing a layer of third party verification of interception requests. For instance, the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 (2009 Rules) provide that an intermediary that receives a request for interception is required to provide a written acknowledgment of the request; maintain proper records relating to the same; and submit a list of all requests received by it to the nodal officer of the authorised agency every fifteen days. By removing TSPs and other intermediaries from the interception process CMS will ensure that the complete control over the decision making and implementation of interception is vested wholly within different wings of the executive.

The lack of independent judicial oversight has already been pointed out to be an issue in the context of wiretapping under the Telegraph Act. This issue is further compounded in case of CMS due to the sheer scale of data that it allows LEAs to access without any accompanying safeguards. However, as noted above, the design of CMS does not even satisfy the minimum safeguards that are currently provided under the IT Act and the Telegraph Act. Any interception activities being conducted under it, even if for pilot tests, would therefore fall foul of present laws.

Encryption restrictions and decryption on demand

The adoption of sophisticated encryption technologies is a clear path towards ensuring better privacy protections. However, encryption also makes it harder for LEAs to access this information, often leading government agencies to demand lower encryption standards or backdoor entries to encrypted software and devices. Section 69 of the IT Act, read with the 2009 rules, permits the central and the state governments to order the decryption of a computer resource upon satisfaction of certain specified conditions. Further, Section 84A of the IT Act states that central government can frame rules to prescribe encryption standards and methods to secure electronic communications. While the government has not yet prescribed any modes and methods of encryption under Section 84A, a draft national encryption policy was released by them in September 2015, which was retracted shortly afterwards. This draft policy had, among other things, proposed requirements that:

  1. Users should be able to reproduce on demand plain text and encrypted text pairs using the software/hardware used to produce the encrypted text from the given plain text.
  2. The information should be stored for 90 days from the date of transaction and made available to LEAs on request.

Restrictions on encryption also flow from telecom license agreements. For instance, the Internet Service Provider (ISP) License Agreement requires ISPs to obtain prior governmental approval to deploy encryption which is higher than 40 bits (Part 1, Clause 2.2(vii)). The Unified License agreement (Clause 37.1), the Unified Access Services License agreement (Clause 39.1), and the ISP license agreement (Part 1, Clause 2.2(vii)) all prohibit bulk encryption by TSPs. Therefore, in the context of encryption, state surveillance capacity is bolstered through both the banning of encryption or laying down low encryption standards, and by providing for decryption on demand. We examine below how both these stipulations fare under the four-pronged proportionality analysis:

Legality: While the authority to order decryption of computer resources flows from Section 69 of the IT Act and the 2009 rules, no comprehensive encryption policy or rules have been framed under Section 84A of the IT Act prescribing encryption restrictions. The encryption restrictions that flow from telecom license conditions do not have a statutory backing.

Legitimate aim: Section 69 of the IT Act empowers the state to order decryption of a computer resource if it is necessary or expedient to do so in the interest of the sovereignty or integrity of India, defence of India, security of the state, friendly relations with foreign states, public order, for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence. Therefore, any order of decryption will satisfy the legitimate aim test if it is in pursuance of the objectives listed under this provision. Given that there is no rule or statute laying down when and how the government can set out restrictions on encryption standards, it is unclear if banning encryption or prescribing unreasonably low standards of encryption, which can potentially jeopardise network security entirely, is likely to achieve even the general legitimate aim of national security.

Proportionality: A complete restriction on encryption or setting out unreasonably low encryption standards will not pass the necessity test because while it ensures access to communication by LEAs during emergency situations, it also makes the entire communication network vulnerable to attacks at all times and will not qualify as the least restrictive measure. Further, measures such as asking users to maintain a plain text copy of all encrypted material for 90 days would also vitiate the very purpose of encryption leading to the same issues as banning encryption and therefore not satisfy the necessity test under proportionality analysis.

In relation to the framework for decryption on demand, ordering decryption of a particular computer resource or resources based on evidence of suspicion, as was done in the Apple-FBI matter, qualifies as targeted interception and may be the least retrictive way of achieving a legitimate aim. However, requiring private companies to create backdoors within all systems to enable decryption when necessary, renders computer resources of several unsuspecting individuals vulnerable to interception by governments and hackers alike. Therefore, ordering private companies to create backdoors within all systems is not the least restrictive way of achieving a legitimate aim and does not satisfy the proportionality standard. Further, it is advisable for governments to build in-house capacity for decryption in order to provide LEAs with targeted access to encrypted systems during an emergent situation, rather than waiting for technological assistance from companies during such times or requiring them to weaken all systems by creating backdoors.

Procedural safeguards: The 2009 rules set out certain procedural safeguards and review mechanisms that are similar to the procedural framework under Rule 419A of the Telegraph Act. Therefore, the procedural inadequacies identified in the context of lawful interception framework under the Telegraph Act are applicable to the framework for decryption on demand as well. Further, given the absence of any legislative or regulatory framework prescribing encryption standards or methods of deploying encryption under Section 84A of the IT Act, no procedural safeguards are currently in place to check against arbitrary encryption restrictions issued by the executive.

Surveillance by non-state actors

Although we have largely focused on the application of the Puttaswamy standard to the state's varied surveillance frameworks, this post would be incomplete without a mention of the rise in private actors such as Facebook and Google, and the prevalence of surveillance capitalism (Zuboff, 2015). In this model, tech companies serve as data harvesting giants that constantly collect, analyse, and share user data, without informed consent, with the aim to alter/shape behaviour and preferences.

As has been discussed previously on this blog (here and here), India lacks a data protection law. Currently, the actions of private actors are only regulated by the IT Act and the Information Technology (Reasonable Security Practices and Sensitive Personal Data or Information) Rules, 2011, which have also been acknowledged by the Srikrishna Committee White Paper as lacking "an effective enforcement machinery". In fact, it is these loopholes in the law that were exploited by Facebook and Cambridge Analytica to mine user data without their consent.

Acknowledging the challenges posed by big data to privacy, Chandrachud J. in Puttaswamy emphasised the importance of a data protection regime, that would also regulate the actions of private actors. Similarly, Kaul J. recognised the right of individuals to control the commercial use of their identity and to exclusively commercially exploit their identity and data. However, although the judges referred to the increased data collection and analysis capacity of non-state actors, the judgment in Puttaswamy did not grapple with the problems posed by commercial surveillance and private actors. This issue will have to be resolved in the new data protection law that is expected to be enacted after the Srikrishna Committee Report prepares a draft Bill.

Conclusion

The proportionality test, as laid out in Puttaswamy, and the extensive reliance on global privacy and search/surveillance jurisprudence has laid the groundwork for a re-examination of India's surveillance architecture. However, this was just the first step. The Court in Puttaswamy was not directly concerned with a surveillance claim, and thus, did not have to grapple with the application of its proportionality standard to the facts on ground. The Supreme Court has now reserved judgment in the Aadhaar case (Puttaswamy II), where extensive arguments on surveillance and chilling effect were made in the context of the centralised collection and storage of data, and the linking/seeding of various databases with the Aadhaar number. It is thus expected that the Court's judgment will further clarify the standard of proportionality, and its application in surveillance cases. We have to wait and see how the Court will balance these competing concerns of privacy and liberty with national security.

At the same time, we are looking towards the Justice Srikrishna Committee for specific recommendations to the government on how to introduce due process while providing exceptions for national security or other legitimate aims under the proposed data protection law. This will also entail a relook at the lawful interception provisions under existing laws.

References

Addison Litton, The State of Surveillance in India: The Central Monitoring System's Chilling Effect on Self Expression, 14 Wash. U. Global Stud. L. Rev. 799, 2015.

The International Principles on the Application of Human Rights to Communications Surveillance ("Necessary & Proportionate Principles), July 2013.

Software Freedom Law Centre, "India's Surveillance State: Communication Surveillance in India", 2014.

Saikat Datta, Surveillance and Democracy: Chilling tales from around the world, International Network of Civil Liberties Organizations, 2015.

Shoshana Zuboff, Big Other: Surveillance Capitalism and the Prospects of an Information Civilisation, 30 J. of Info. Tech. 75, 2015.

 

Vrinda Bhandari is a practicing advocate in Delhi. Smriti Parsheera and Faiza Rahman are researchers at the National Institute of Public Finance & Policy. We thank Saikat Datta for valuable discussions.

Monday, May 14, 2018

Interesting readings

Concerns about high tech companies by Ajay Shah in Business Standard, May 14, 2018. Also see: Google's Plan To Make Tech Less Addictive by Mark Wilson in Fast Co Design, May 9, 2018, Tim Berners-Lee on the future of the web: 'The system is failing' by Olivia Solon in The Guardian, November 16, 2017 and How the father of the World Wide Web plans to reclaim it from Facebook and Google by David Weinberger in Digital Trends, August 10, 2016.

When Spies Hack Journalism by Scott Shane in The New York Times, May 12, 2018.

Crypto exchanges join hands against RBI by Priyanka Pani in Business Line, May 11, 2018.

FRG insolvency cases dataset by Finance Research Group in Ifrogs.
and How Does One Measure the Effectiveness of The IBC? on Bloomberg, May 10, 2018.

Fugitive law can victimise the victim by Somasekhar Sundaresan on Wordpress, May 10, 2018.

Media by Julia Evans on Twitter, May 9, 2018.

What is an Indian company? Does it really matter! by A K Bhattacharya in Business Standard, May 9, 2018.

How to stop rapes: Death penalty is not the answer, but police and prosecutorial reform are by Baijayant 'Jay' Panda in The Times of India, May 9, 2018.

Understanding the 'chief of staff' position: Does Trump Want Even More Chaos in the White House? by Chris Whipple in The New York Times, May 9, 2018. "There is a difference between campaigning -- which is dividing, demonizing and disrupting -- and governing, which is building coalitions and making compromises."

What a triumph: Google Duplex: An AI System for Accomplishing Real-World Tasks Over the Phone by Yaniv Leviathan and Yossi Matias in Google AI Blog, May 8, 2018.

Google Bans Bail Bond Ads, Invites Regulation by Alex Tabarrok in Marginal Revolution, May 8, 2018. Also see: Google banning advertisements of payday loans: Is this vigilante justice? by Ajay Shah in Ajay Shah's Blog, June 29, 2016.

Varieties Of Argumentative Experience by Scott Alexander in Slate Star Codex, May 8, 2018.

The Engagement-Maximization Presidency by Cory Doctorow in Locusmag, May 7, 2018.

Reform, do not rationalise by Bhargavi Zaveri & Radhika Pandey in Business Standard, May 7, 2018 and Three Casualties of A Recent SEBI Diktat: FPIs, NRIs And Indian Investment Managers by Payaswini Upadhyay in Bloomberg, May 13, 2018. Capital controls reform needs to go deeper.

Education is broken: Ian McEwan helped his son write an essay about his own novel. His son got a C+ by Michael Schaub in Los Angeles Times, May 7, 2018.

Is It Time To Bring The Public Debt Management Office Debate Back From The Dead? by Ira Dugal in Bloomberg, May 7, 2018. The implementation path is worked out in detail in: Legislative strategy for setting up an independent debt management agency by Radhika Pandey and Ila Patnaik in NUJS Law Review, 2017.

How Much Should We Trust the Dictator's GDP Estimates? by Luis R. Martinez in SSRN, May 6, 2018.

The Binani Saga - Value Maximization Above All? by Jolly Abraham in Bar & Bench, May 6, 2018.

Economic Surveys Are a Danger to Markets by Jim Bianco and Ben Breitholtz in Bloomberg, May 4, 2018.

IT moves slower than we think. It's COBOL all the way down by Glenn Fleishman in Increment, April, 2018.

Tuesday, May 01, 2018

Interesting readings

The way forward for PSU banks by Ajay Shah in Business Standard, May 1, 2018.

Changing the culture of corporate credit by Bahram Vakil and Kaushik Krishnan in Mint, April 30, 2018.

The Sense of Justice That We're Losing by David Leonhardt in The New York Times, April 29, 2018. This is the sense of justice that we in India are not yet dreaming of.

The End of Intelligence by Michael V. Hayden in The New York Times, April 28, 2018. "To adopt post-truth thinking is to depart from Enlightenment ideas, dominant in the West since the 17th century, that value experience and expertise, the centrality of fact, humility in the face of complexity, the need for study and a respect for ideas."

The IBC requires some cleaning up by Somasekhar Sundaresan in Business Standard, April 25, 2018.

Newspaper op-eds change minds in ScienceDaily, April 24, 2018.

What will be the impact of physical delivery of stock derivatives? by Devangshu Datta in Business Standard, April 23, 2018. There was zero evidence in favour of the policy change.

Scrutiny gap in state Budget proceedings by Abhijit Banare in Business Standard, April 23, 2018.

Insolvency and Bankruptcy Code: a legislation mired in controversy by Bomi Daruwala in Mint, April 23, 2018.

Striking a fine regulatory balance in banking by Tarun Ramadorai in Mint, April 23, 2018.

An Alternative to Privatisation of Public Sector Banks by Deepti George in Dvara, April 23, 2018.

Data localisation blues in Business Standard, April 20, 2018.

Broad and standard by Bibek Debroy in Business Standard, April 20, 2018.

Great institutions are where you go after a head of state like this: A veteran defense lawyer explains how the feds could flip Michael Cohen by Adam Pasick in Quartz, April 19, 2018.

15th Finance Commission: Moving on by Rathin Roy in Business Standard, April 18, 2018.

India's Banks Need a Stronger Watchdog by Ila Patnaik in Bloomberg, April 18, 2018.

In Trying To Ban Telegram, Russia Breaks The Internet by Karl Bode in Techdirt, April 18, 2018.

Machine Learning's 'Amazing' Ability to Predict Chaos by Natalie Wolchover in Quanta, April 18, 2018.

Style Is an Algorithm by Kyle Chayka in Racked, April 17, 2018. "If everyone's editing Vogue, it wouldn't be Vogue." "We find ourselves in a cultural uncanny valley, unable to differentiate between things created by humans and those generated by a human-trained equation run amok."

Jai Bhim, not Ram by Manini Chatterjee in The Telegraph, April 16, 2018.

The Internet Apologizes by Noah Kulwin in New York Magzine, April 13, 2018.
"Stallman: I never tell stores who I am. I never let them know. I pay cash and only cash for that reason."

Too Much Music: A Failed Experiment In Dedicated Listening by James Jackson Toth in National Public Radio, January 16, 2018.

Monday, April 30, 2018

Fair play in Indian health insurance

by Shefali Malhotra, Ila Patnaik, Shubho Roy and Ajay Shah.

India's National Health Protection Scheme (NHPS) aims to be the world's largest government-funded health insurance programme. As in the existing government-funded health insurance schemes, health insurance companies are likely to play a crucial role in the implementation of NHPS. In addition, the number of Indians purchasing health insurance (on their own) has grown in the past few years. Of the total out-of-pocket expenditure (80% of the total health expenditure), payments for health insurance premium have increased from 5.28% in 2013-14 to 6.51% in 2015-16. However, all is not well in this growing industry. This has raised concerns of fair play and efficiency in the industry.

While there is some literature on consumer protection concerns in the overall insurance industry, the existing literature on the health insurance industry in India is sparse. In a new paper, Fair play in Indian health insurance, we study the functioning of this industry through an analysis of the claims ratio and the complaints rate.

Efficiency in the insurance market is commonly measured through the claims ratio. The claims ratio is defined as the percentage of the total premium collected that is paid out as claims by an insurer. Claims ratio close to (but less than) 100% indicates that the insurer is efficient (low operating costs). Claims ratio above 100% indicates that the insurance company is paying more than it is collecting as premium. This implies that the insurance company is unsustainable and may go bankrupt. When the claims ratio is too low, there are concerns about consumer protection. It indicates that the insurer is charging too much from the consumers. Figure 1 shows the range of claims ratio that insurance regulators use as an indicator for the insurer's quality.

Our analysis of the claims ratio shows that the functioning of the Indian health industry is neither desirable nor sustainable. A part of the industry, the private stand-alone health insurers, appear to be overcharging its consumers. Between 2013 and 2016, the claims ratio of these insurers fell from 67% to 58%. Such low claims would have triggered mandatory refunds if these insurers were operating in the US. However, there are no regulations mandating minimum claims ratio in India. Another part of the industry, the government insurers, suffers from financial fragility. Group insurance businesses and government-funded health insurance schemes also raise concerns related to insolvency. We conclude that the evidence from claims ratio raises concerns about consumer protection and micro prudential regulation.

In addition to the claims ratio, the complaints rate is used to measure the quality of products in the insurance industry. The complaints rate is the number of complaints made by consumers of insurance (to a third party) in a year per million persons covered. Our analysis of the complaints rate shows that India has the highest complaints rate when compared with other common law jurisdictions: Canada, Australia, UK and California. This finding is probably conservative for two reasons. First, unlike other jurisdictions, Indian health insurance only covers hospitalisation. In addition to hospitalisation, other jurisdictions provide clinical visits, medication and some wellness care under health insurance. Thus, increasing the number of touch points and transactions, where failures can generate complaints. Second, India is a less litigious country than other jurisdictions. So, we must adjust the Indian complaints rate with the litigation rate (civil suits filed per hundred thousand persons). Table 1 is our estimation of the complaints rate in India and the compared jurisdictions for 2015-16. The last column is our estimation of India's litigation rate adjusted complaints rate (Column 3).

Table 1: Complaints rate for the year 2015-16 (Source: Authors' calculation)
Country Complaints rate India's
complaints
rate
(2015-16) (Adjusted)
India 360.72 -
Australia 178.51 1607.48
Canada 11.53 1511.81
UK 337.54 3837.44
California 351.19 6052.34

Putting these two factors together, we view the complaints rate that prevails in the Indian health insurance industry as a source of concern. We also read a large number of court orders settling health insurance disputes. One common thread which stood out was the absence of complexity in these disputes, most relating to arbitrary and illegitimate rejection of claims by the insurers.

When we investigate the sources of these problems, they are traced to infirmities in the regulatory framework governing the health insurance industry. We identify three issues in the regulatory framework. The first issue is deficiencies in the existing regulations. For example, the regulations are not clear on disclosures that insurance companies should make to its consumers, the manner in which disclosures should be made and the procedure for settlement of claims. The second issue is poor enforcement of existing regulations. The insurance regulator and the insurance companies seem to easily bypass their obligations under the regulations without any repercussions. The third issue is fundamental deficiencies in the design of the insurance ombudsman, in so far as its offices and day to day administration is controlled by the insurance industry. We then engage in a comparative law analysis, where each of these issues is analysed with respect to the legal systems of Australia, South Africa, US and UK.

Finally, we turn to existing strategies for reform in the Indian insurance sector. Financial Sector Legislative Reforms Commission, provides insights into the approach to consumer protection for financial services. The report comprises of two volumes. Volume I is "Analysis and Recommendation". Volume II is the "Indian Financial Code", a model law for the regulation of the financial sector. We engage in counter-factual analysis of the three identified issues in a hypothetical world, where the Indian Financial Code was enacted. We find that all the three issues are suitably addressed. We conclude that the Financial Sector Legislative Reforms Commission, provides an intellectual framework through which the problems of health insurance can be understood and solved. Implementation of these measures will have positive implications for health insurance in India.



The authors are researchers at the National Institute of Public Finance and Policy.

Thursday, April 26, 2018

Concerns about the SC on the Atrocity Act

by Devendra Nath Goburdhun.

The problem

On March 20, 2018, a two-judge bench of the Supreme Court of India issued directions under The Scheduled Castes and the Scheduled Tribes (Prevention of Atrocities) Act, 1989 (The Act). This judgment was met with nation-wide protests from the members of the marginalised communities, resulting in violence. Over a dozen dalits lost their lives in the Bharat Bandh on April 2, 2018. The judgment had tinkered with protections of the dalits which they had under special laws which the Parliament has enacted during V. P. Singh’s government.

The parliamentary debate on the Atrocity Act, when it was first adopted, emphasised that despite various measures adopted to improve the socio economic conditions of the SC/STs, they have remained vulnerable. Even though our Constitution specifically states that untouchability stands abolished, the facts on the ground had not changed adequately. Dalits are denied basic civil rights and are subject to various indignities. Serious crimes are committed against them for various historical, social and economic reasons. Dr. Rajendra Kumar Bajpai, while introducing the bill in the Rajya Sabha said:

"Although many of these offences could probably be covered under the normal law of the land, we are witnessing today a difference in degree which calls for differentiation in kind in respect of these offences."
We should recognise the discrimination that they are subject to: Equal pay for equal work is denied to them. It was felt that a special legislation is necessary to check the atrocities that are conducted with impunity. As part of this, the Parliament felt that the grant of anticipatory bail was an area of concern: under this special law, the concept of bail before arrest shall not be applicable.

In some parts of India, there is increasing integration between castes. But, ironically, in some parts of the India, the socio-economic development of dalits is giving increased conflict. When dalits assert their rights, resist practices of untouchability, refuse to do bonded work, etc., this irritates their oppressors. The problems are alive and well. As a consequence, the Parliament has repeatedly amended the Act, including punishments for interfering with voting by dalits, intimidation from performing official duties in panchayats, economic boycott, filing malicious cases, denial of access, obstruction in the use of common property, etc. As part of this approach, the Modi administration did not modify the treatment of anticipatory bail by an alleged wrongdoer.

To summarise, this is not an oversight on the part of the Parliament. The Parliament consciously and deliberately, expressly excluded the grant of pre-arrest bail for alleged offenders, in S. 18 of the Act.

Recent developments in the Supreme Court

The Supreme Court recently has reversed this. I would like to humbly suggest that the august Supreme Court has not only erred in law, but chosen to not follow its own previous judgements, and thus breached judicial discipline.

In the present judgment, the petitioner contended that the provisions in the Act are being abused and the FIR registered against him should be quashed. Quashing the case against the petitioner, the court acknowledged the abuse of law of arrest and clarified that there is no absolute bar against grant of anticipatory bail under the Act. It then directed that no arrest can be made under the Act before approval of designated authorities. A provision of preliminary enquiry to be conducted by a Deputy Superintendent of Police (DSP) to ensure the allegations are not frivolous or motivated has also been introduced through the judgment. The government has asked for a review.

Pre-arrest bail and Art. 21 of the Constitution

In this case, there was no challenge to the constitutionality or validity of S.18. Yet, the Supreme Court gave a judgment that a dominant member of the community shall not be arrested unless a senior police officer (DSP) or senior government officer states in writing that his arrest be made. Dr. Mahajan’s case concerned quashing an FIR only; he stated that he had passed an administrative order which did not constitute any offence.

The Supreme Court has given sweeping directions on pre-arrest bail, and how arrest shall be made, using arguments based on Art. 21 (right to life). These directions, however, expressly conflict with the statute. They are contrary to the earlier judgments in Ram Krisnna, Manju Devi and a five judge bench decision in Kartar Singh, popularly known as the TADA case. In these cases, the Supreme Court has clearly stated that anticipatory bail is not a guaranteed right under Art. 21, and that denial of it in the atrocity act is not arbitrary and violative of Art. 14 (equal treatment), as this is a special law and forms a different class which protects the meekest of the meek.

The importance of precedents

​Faced with this set of precedents, the Supreme Court should have observed the judicial discipline of `Binding Precedents'. This yields consistency and stability in the administration of Law. Without this, if each Court is left free to pursue its views regardless of previous judgments of their own peers in an hierarchal system, the result will be chaotic. The doctrine of precedent is thus an indispensable foundation of the system of common law, and should be scrupulously followed.

In interpreting the Law, Courts cannot add, alter or subtract a single word, especially when the literal reading of the same produces an Intelligible result. If this principle is not followed, then Courts run the risk of veering into legislation. This golden rule of interpretation of statutes, right from Maxwell’s times, has been followed in all common law countries. The Supreme Court should then bow to the text of the law that the Parliament has laid down. In the past, all superior courts have held that the legislature knew exactly what they said, and even if it is badly drafted, their Lordships will not carry out any amendments.

 

Devendra Nath Goburdhun is a practising lawyer in the Supreme Court of India

Wednesday, April 18, 2018

Announcements

The National Institute of Public Finance and Policy (NIPFP) is looking to hire researcher(s) on a full-time basis. Our work is inter-disciplinary, bringing together knowledge of public economics, public administration, law, and quantitative research.

Researchers in technology policy


There is a great collision taking place between the development of science and technology, and the public policy process. In the Technology Policy group at NIPFP, we aspire to understand cutting edge issues in the field, develop novel ideas and insights, and contribute to the policy process. While our aspirations extend to a broad array of issues in the overall landscape of technology policy, at present, our work is primarily in telecom policy, privacy, Aadhaar, open data, open APIs, open source, RegTech, distributed ledger and crypto-currencies, and competition policy.

Some examples of our work in this field include:

  1. Suyash Rai, Dhiraj Muttreja, Sudipto Banerjee and Mayank Mishra The Economics of Releasing the V-band and and E-band Spectrum in India, April 2018.
  2. Smriti Parsheera, CCI's order against Google: infant steps or a coming-of-age moment?, Ajay Shah's blog, February 22, 2018.
  3. Submissions to the Justice Srikrishna Committee's White Paper on Data Protection.
  4. Ashim Kapoor, Smriti Parsheera, Faiza Rahman and Rachna Sharma supported the Telecom Regulatory Authority of India in the preparation of the White paper on measurement of wireless data speeds, February 5, 2018.
  5. Vinod Kotwal, Smriti Parsheera, Amba Kak, Open data and digital identity: Lessons for Aadhaar, ITU Kaleidoscope: Challenges for a Data-Driven Society, Conference held in Nanjing, China, November 27-29, 2017.
  6. Ajay Shah, Predatory pricing and the telecom sector, April 3, 2017 and Smriti Parsheera, Building blocks of Jio's predatory pricing analysis, April 27, 2017 on Ajay Shah's blog.
  7. Smriti Parsheera, Ajay Shah and Avirup Bose, Competition Issues in India's Online Economy, NIPFP Working Paper No. 194, April, 2017.
  8. Amba Kak, Mayank Mishra and Smriti Parsheera, TRAI's consultation towards a net neutrality framework in India, January 23, 2017.

NIPFP is an exciting workplace where you will be surrounded by interesting people.

The remuneration will be commensurate with the candidate's experience and will be comparable with what is found in other research institutions.

Requirements: You must have a Masters degree, two years of work experience, very strong written and spoken English. You must have a background in science/engineering/technology, public economics or public policy. Keen and demonstrated knowledge in areas relating to the frontiers of science and technology is a must.

Interested candidates may send in their CV to: lepg-recruitment@nipfp.org.in

Tuesday, April 17, 2018

Interesting readings

The great bank fiddle by Manish Sabharwal in The Indian Express, April 16, 2018.

A Guide to Getting Along in Putin's Russia by Maxim Trudolyubov in The New York Times, April 16, 2018.

The wrinkles beneath the RBI's cheery disposition by Rajrishi Singhal in Mint, April 16, 2018.

Indian currency manipulation by Ajay Shah in Business Standard, April 16, 2018.

RBI's powers over PSBs: What's the truth? - II by Debashis Basu in Business Standard, April 16, 2018.

Michael Cohen and the End Stage of the Trump Presidency by Adam Davidson in The New Yorker, April 14, 2018.

Can RBI press for open currency? by Devangshu Datta in Business Standard, April 13, 2018.

Is SEBI being a nanny to investors? by Aarati Krishnan in Business Line, April 12, 2018.

Not fair: Finance Commission's terms of reference stray from propriety in Business Standard, April 11, 2018.

Walking the digital financial tightrope by Gangesh Varma & Rajat Kathuria in Business Standard, April 11, 2018.

Further liberalise derivatives market in The Economic Times, April 10, 2018.

Fear of virtual currencies by Vaibhav Parikh & Arvind Ravindranath in Business Standard, April 9, 2018.

The Four Challenges Before NCLT And Why Losers Must Not Become Winners by R Jagannathan in Swarajya, April 9, 2018.

When the supervisor slept by Ila Patnaik in The Indian Express, April 9, 2018.

Unicorns of the Intellectual Right by Paul Krugman in The New York Times, April 8, 2018.

Addressing the insolvency code's many dilemmas in Mint, April 8, 2018.

Can someone ask India's central banker some tough questions please? by Sriram Iyer in Quartz, April 6, 2018. Also see: The undersupply of criticism by Ajay Shah in Ajay Shah's Blog, May 21, 2010.

The monetary policy committee report by Raghuvir Srinivasan in Business Line, April 5, 2018.

Confidence in the House by M.R. Madhavan in The Hindu, April 5, 2018.

Failing the law by Kapil Sibal in The Indian Express, April 5, 2018.

Sebi is at it again. NSE, BSE investors can't ignore regulatory risks by Mobis Philipose in Mint, April 5, 2018.

RBI's move to allow banks to downplay treasury losses can hurt investors in Business Line, April 4, 2018.