Quarterly Transparency Report for July-September 2024: Surveillance, AI, a Broadcasting Bill update, and more

tl;dr

In the third quarter of 2024, IFF’s transparency vertical filed 227 RTI applications, 6 first appeals and 5 second appeals with various public authorities at the state and union levels to bring transparency and accountability into the functioning of a number of public authorities, and empower Indian citizens with information that affects their digital rights. Some notable responses from this quarter include the continued evasion of information regarding the APAAR ID, MIB’s secret (failed) attempt to bring forth a new draft of the Broadcasting Bill 2024, non-transparent and vague responses for countless government backed AI projects, and more. 

Why should you care?

The Right to Information (“RTI”) Act, 2005 was enacted to promote transparency and accountability in the working of public authorities by ensuring that citizens are able to secure access to information in control of these authorities. Facilitating such access is necessary to ensure that democratic processes are not subverted by public authorities acting in private interests. Where transparency is not upheld as a value of public decision-making, citizens are at a disadvantage when it comes to keeping a check on abuse of power by the public authorities.

The RTI Act completed 19 years on October 12, 2024. However, over the years the Act has suffered major setbacks like the dilution of Section 8(1)(j) through the passage of the Digital Personal Data Protection Bill, 2023. The amendment removes the legal basis for allowing government agencies to share personal information in public interest. Even in these circumstances, the RTI Act is one of the most important tools at the disposal of the public to engage with, and demand transparency and accountability from, our union and state governments. The Digital Transparency vertical at IFF strives to routinely extract information about various ongoing policies and projects introduced in the public sector through RTI Applications filed under the Act. Responses we receive often pave the way for government engagement, advocacy, and even strategic litigation. Previous reports on our transparency endeavours can be accessed here. 

RTIs filed

Here is a list of RTIs we filed this quarter:

1. We asked the Tamil Nadu eGovernance Agency in detail about its program to create an integrated digitalised social registry platform aimed at enhancing social protection programs for differently-abled individuals in the state. We asked about the law and guidelines grounding this project, its current implementation status and coverage, the start date for individual registration, guidelines for operation, the nature of registration (mandatory or voluntary), consent procedures, access details for entities, and security measures against data breaches. We are awaiting the response to our queries. 
2. In recent years, the use of facial recognition technologies and biometric scans by Union and state government agencies to record attendance has increased. This technology is being implemented in public offices, hospitals, and schools without sufficient safeguards, putting citizens’ sensitive data at risk. Following this trend, the Uttar Pradesh Government introduced digital attendance systems using biometrics to monitor teacher attendance in government schools. However, after widespread protests, the government retracted this decision. In light of this, We asked the Department of Basic Education, UP government about several aspects, including about the status of the mobile app for managing teacher attendance in state-run schools, along with any relevant government orders or notices. We also requested details on Standard Operating Procedures, the number of schools set to use this system in 2024, the types of data collected, alternative methods for attendance recording for those unable to use the app, and the legal provisions governing the use of such technology in schools. We are still waiting for our queries to be answered. 
3. In the budget session, the Union government announced that it will assign the Unique Land Parcel Identification Number (“ULPIN”) to all land in rural areas under Digital India Land Records Modernisation. We asked the Ministry of Rural Development for comprehensive information regarding the ULPIN initiative. Specifically, the copies of relevant tender or policy documents for empanelment in the ULPIN allotment process, criteria for selecting land parcels, and whether ULPIN is linked to other government identification documents, along with an exhaustive list of such links. Additionally, we inquired about the measures that have been taken to ensure the security and privacy of land data collected under ULPIN and the safeguards taken to protect this data from unauthorised access or misuse. On 18th September, we received response to this RTI in which the department of Land resources, Ministry of Rural Development stated that the department, in collaboration with the NIC, the National Remote Sensing Centre (“NRSC”), and the Ministry of Science and Technology, has developed a software application for ULPIN. To our query related to ULPIN’s linkage to other government identification systems for citizens, they stated that the information is not available with them.
4. We identified two instances of blocking of YouTube videos this quarter. In one instance, the Union Information and Broadcasting Ministry (“MIB”) issued orders to YouTube to block access to a documentary titled “Infiltrating Australia – India’s Secret War” about the alleged involvement of the Narendra Modi government in targeting the Indian diaspora in Australia through intelligence agencies. On another occasion, the Ministry of Home Affairs (“MHA”) ordered the blocking of a YouTube Short created by Juice Media, an Australian-based channel. We separately asked the MIB and MHA for a copy of the notice/order sent to YouTube, the legal basis empowering the ministries to issue such orders, the specific grounds for the takedown order and permission to conduct a physical inspection of all related documents. We received a response from MIB  on September 30, 2024 where MIB stated  that the guidelines for blocking content under Section 69A of the Information Technology Act, 2000, along with Part III of the IT Rules, 2021, and the IT (Procedure and Safeguards for Blocking Access to Information by the Public) Rules, 2009, mandate confidentiality regarding all requests and complaints received, as well as actions taken in response. Consequently, information pertaining to these matters is exempt from disclosure under Section 8(1)(a) of the Information Technology Act. 
5. In July 2024, we witnessed a rising trend in the use of drones by various state administrations. It was reported that the district administration of Ludhiana was using drones to oversee the voting process at polling stations from May 30 till June 1, 2024. In a similar vein, it was reported that the Cyberabad Traffic Police was introducing drones to monitor and manage traffic. In our efforts to gather comprehensive information, we filed RTIs [here and here] with both authorities asking them about the specifications of the drones, and also requested a copy of the MoUs signed between the respective authorities and the vendors of the drones, among other information.
6. We asked Police Headquarters/Commissionerates for information related to the formation of fact-check units/ Social media monitoring cells:

Authority	RTI asked about	Media link	RTI copy
Haryana Police Department	Social media Watch unit	Link	RTI
Home Department, Karnataka	Fact Check units in all districts of Karnataka	Link	RTI
Commissioner of Police, Ludhiana	Social Media Monitoring Cell	Link	RTI

7. To combat misinformation and fake news, several Indian states have started constituting state-level FCUs or other authorities. To seek clarity and further details on how these states are addressing fake, false, and misleading information, and if they have established any state-level FCU for this purpose we have filed two separate RTI applications with all the States and Union Territories – first, asking them about the efforts and steps taken by them to monitor and regulate the dissemination of fake, false, and misleading information online as well as online, and the second, asking the States about the establishment or constitution of any fact-check unit, or any other authority, to regulate the dissemination of fake, false and, misleading information. We will keep you updated on the notable responses!
8. On June 19, 2024, it was reported that the UP government decided to set up a Farmer Producer Cell to expedite the online registration and support of FPCs, aiming to strengthen agricultural growth and ensure farmers receive the full benefits of government schemes. We asked the Agriculture Directorate of the state for a copy of the tender/RFP/bidding document regarding the establishment of the Farmer Producer Cell in UP. 
9. We filed an RTI with Tamil Nadu’s Ministry of Finance when it was reported that the Tamil Nadu registration department is introducing fingerprint scanner facilities to combat fraud during the document registration process. Our questions were regarding the guidelines, or directives for the functioning of the fingerprint scanner facilities and the consent mechanism through which the government is collecting these fingerprints. 
10. In July 2024, MIB reportedly circulated a watermarked copy of the revised draft Broadcasting Services (Regulation) Bill, 2024 (“Broadcasting Bill, 2024” or “2024 Bill”) with a select set of stakeholders after holding private, closed-door meetings with them. This version of the Bill was never officially published by MIB, however, several unofficial copies of the 2024 Bill were circulated online. In our efforts to gather comprehensive information, on July 29, 2024, we filed an RTI request seeking information on the private meetings convened by MIB on the revised draft, including the number, dates, an exhaustive list of participants, agendas, submissions, and outcome documents related to each meeting. We also asked MIB why the 2024 version has not been made public, and if there are plans to open it up for public consultation. Read about our efforts to gather comprehensive information about the Broadcasting Bill, 2024 here. The response we received is examined in detail in later sections.
11. On July 19, 2024, it was reported that the Central Board of Indirect Taxes and Customs mandated biometric Aadhaar authentication for certain GST registrations. Concerned about this, we asked the Ministry of Finance for details on the legal framework enabling this requirement, including relevant acts and notifications. We sought information on the data analytics and risk parameters for identifying taxpayers for Aadhaar verification, as well as SOPs to prevent data misuse. Additionally, we inquired about the privacy policy for data collection, the consent form provided to individuals, and who has access to this data. We also asked about the data retention period, whether a privacy impact assessment and cost-benefit analysis were conducted, and the process for citizens to withdraw consent or delete their information. These questions become pertinent as the nature of biometric data itself increases the harms that may result from any data breach or misuse. Unlike passwords, biometric data cannot be changed and thus, once breached the harms may be irrevocable.
12. On July 8, 2024, it was reported that Bengaluru-based SISA received a government patent for a unique system for managing Aadhaar data, aimed at automating detection, masking, and secure management without user intervention. We requested  UIDAI for a copy of the patent certificate, details on the evaluation process for compliance with UIDAI standards, and a list of regulations SISA adheres to. Additionally, we inquired about how SISA’s technology enhances Aadhaar data security, the legal basis for a private entity managing this data, and UIDAI’s advanced security measures. We also sought clarification on SISA’s integration with UIDAI’s CIDR, its functionalities like deletion and encryption, and its operation while ensuring data confidentiality. 
13. We asked many public authorities about the use of artificial intelligence in governance:

Authority	RTI asked about	Media link	RTI copy
Nagpur Police Commissionerate	Staqu’s launch of AI-powered SIMBA to enhance law enforcement capabilities of Nagpur Police	Link	RTI
Ministry of Railways	Use of FRT by Railways	Link	RTI
Andhra Pradesh Government	Signing of MoU between Google and Andhra Pradesh Government under initiative AI	Link	RTI
Uttar Pradesh Government	Use of AI CCTV in Mahakumbh	Link	RTI
Transport Department- Maharashtra	Linking of bank Account and traffic challans	Link	RTI
Department of Science & Technology – Gujarat	AI cluster in GIFT City	Link	RTI
Odisha Police	Use of AI-enabled CCTV Cameras	Link	RTI
Lucknow Police	Use of AI Cameras to detect emotions	Link	RTI
Prasar Bharti	Use AI anchors on DD Kisan	Link	RTI

14. We filed three RTIs with the Ministry of Electronics and IT (“MeitY”) regarding notices issued to app stores to block mobile applications. We asked for information pertaining to the total number of mobile applications that have been banned, including a year-wise breakdown and the criteria used by MeitY for determining the blocking of mobile applications. We also enquired about the safeguards in this framework, specifically the appellate mechanism available to individuals.
15. Following the reports on August 28, 2024, regarding the Uttar Pradesh (UP) government’s Digital Media Policy, 2024, we filed an  RTI  requesting to get the policy document and details about the consultation process, as the policy had not been officially released to the public. In our research, we discovered that MIB and several other states also have similar digital media policies. Consequently, we submitted RTIs to MIB, Haryana, Punjab, and Himachal Pradesh,  requesting information on the number of empanelled influencers, cancellations of empanelments, budget allocations, any legal actions taken against influencers, and details of consultations for these policies.

Additionally, media reports indicated that Rajasthan, Assam, and Sikkim had also initiated similar empanelment processes for social media influencers to promote government schemes, yet these policy documents are not publicly accessible. This lack of transparency undermines the state’s accountability to its citizens. Therefore, we filed RTIs with these states (see here, here and here) to request the policy documents and to inquire whether public consultations were conducted prior to their implementation.

Furthermore, we noted that the policies in Madhya Pradesh and Meghalaya regarding social media and influencer engagement differ significantly in scope and focus from those in the previously mentioned states. Some policies specifically aim to promote tourism, while others relate to government welfare advertisements but limit their focus to print media and news portals, excluding social media entirely. We also submitted RTIs to these states (See here and here) to obtain their policy documents and details on any consultations held prior to their release, among other information. 

16. It was reported on August 17, 2024, that the Agartala Food and Civil Supplies department has decided to mandate Aadhaar e-KYC through fingerprint verification for ration card holders for uninterrupted ration supply. We filed an RTI with the Food, Civil Supplies and Consumer Affairs Department, Government of Tripura asking about the legal basis for the use of Aadhaar-based verification. We also asked whether Aadhaar is mandatory for verification and, if not, for a list of alternative identity documents. Additionally, we requested a copy of the Aadhaar consent form and information on the duration for which the government can retain this data. Lastly, we sought clarification on citizens’ rights to withdraw consent or delete their information, along with the procedures for doing so.

Round-up of prominent responses 

We tracked policy consultations, news headlines, and emerging government schemes to make measured RTI interventions on a number of concerning initiatives. Here are some key responses we received to our RTIs this year, along with a summary of outcomes that emerged from them:

The never-ending saga of APAAR ID 

We have submitted numerous RTIs to the Ministry of Education and MeitY regarding the seemingly unchecked implementation of the APAAR ID across India, but have yet to receive any responses. We filed an RTI to the Ministry of Education on April 26, 2024, regarding the APAAR ID and requested a specific document titled “Schooling: Access and Quality” which had supposedly been presented by the Minister of Education at the National Conference of Chief Secretaries held in New Delhi on December 28-29, 2023. This simple RTI has been transferred more than 30 times between various departments within the Ministry in the past five months since it was filed. 

On August 12, 2024, we received a partial response to the second question of our RTI where we had asked for discussions, communications or outcome documents from the meeting which was held to discuss the National Education Policy. In the reply, they mentioned that a copy of the National Education Policy 2020 and all details pertaining to this policy are available on this website. This website only comprised the policy itself and did not indicate any discussions or communications that were involved in the policy formulation. We are still waiting for the specific document that we had asked for which had been reportedly presented in December 2023. This follows a consistent trend of evading any question regarding APAAR ID which may be a PR darling for MoE but it surely does not want to talk about it much when asked. It is having a gala time playing passing the parcel within its own department. Read about our ongoing efforts to gather comprehensive information about the APAAR ID here. 

Don’t frown: the mystery of the AI-enabled Emotion detection cameras  

We filed an RTI with the Lucknow Police regarding the reported installation of AI-enabled cameras to detect women’s expressions and alert Lucknow Police about possible threats. We asked about the current status of the project and if any SOPs or guidelines were in place for the use of such AI-enabled CCTV cameras. Additionally, we inquired about the data sharing and retention policy of the data being collected through these cameras. The Lucknow Police responded by saying that the CCTV cameras have only been installed for traffic surveillance purposes and none of the cameras are used to detect people’s expressions. The response denied the use of AI-enabled cameras to detect people’s emotions. Interestingly, we had filed this RTI with the Lucknow Commissioner of Police but the response that we received was from a private company, Technosys Integrated Solutions Pvt. Ltd. We found this to be very odd and it certainly raises some questions regarding the actual authorities in charge of implementation of projects. 

Transparency concerns surrounding the Broadcasting Bill and Draft Digital Competition Bill consultation 

On August 28, 2024, MIB responded to our RTI dated July 29, 2024, about the Broadcasting Bill, stating that the ‘2023 Bill’ is currently in the “drafting stage” but did not acknowledge the 2024 versions despite reports of their secret circulation. The MIB provided a non-exhaustive list of stakeholders, including IBDF, NBDA, IMAI, AIDCF, Tata Play, Bharti Airtel, Facebook/Meta, Google, and Netflix, with whom they met on June 14, June 21, and July 9, 2024. However, requests for the “minutes of the meeting” and physical inspection were denied, as the Ministry claimed it had not maintained such documents. We cover this development in detail in this blogpost.

Similarly, an RTI inquiry to the Ministry of Corporate Affairs regarding the Digital Competition Bill yielded limited information, with most details denied under Section 8 (1) (d), (e), and (i) of the Right to Information Act, 2005. The Ministry only mentioned that stakeholder comments on the Draft Digital Competition Bill are under consideration and that inter-ministerial consultation would be required before it progresses to the legislative stage.

UIDAI and SISA: another public-private partnership in the making

On August 21, 2024, UIDAI responded briefly to our RTI inquiry regarding its collaboration with a Bengaluru-based forensics and cybersecurity solutions firm SISA. The response indicated that for information on the patent certificate evaluation process and compliance with UIDAI standards, the Patent Office should be contacted. UIDAI did not provide a list of specific regulations adhered to by SISA and did not disclose the legal provisions allowing a private entity to manage Aadhaar data. Regarding how SISA’s technology enhances security protocols, UIDAI referred to the Aadhaar Act, 2016. Additionally, UIDAI clarified that SISA’s system is not integrated with its Central Identities Data Repository (“CIDR”). For details on advanced security technologies used to protect Aadhaar data and measures for actions like deletion or encryption, UIDAI directed inquiries to a specific link. Overall, the response was limited and directed many queries to other sources or legislation.

AI projects without any clarity?

In our last transparency report, we found some interesting responses where despite the media reporting their involvement with AI, the ministries denied any such projects taking place. This quarter also, it was reported that DD Kisan, a government TV channel dedicated to farmers, has launched two AI anchors, AI Krish, and AI Bhoomi. We asked Prasar Bharti for the specifications of the AI technology used in developing these AI models and if any guidelines or regulations are in place to govern the use of AI technology in broadcasting. Prasar Bharti responded by denying information to all of the queries by citing exemption under section 9 of the RTI Act, 2005 which apparently involves information pertaining to commercial confidence, intellectual property, and or trade secrets. They mentioned the launch date of AI Anchors, i.e. 26/05/2024. On the question pertaining to the legal basis for the use of AI in broadcasting, it replied that the commercial as well as program codes of Doordarshan are available on the Prasar Bharati website which is in the public domain.

Another example of such a so-called use of AI is when it was reported that the Tamil Nadu Forest Department was installing AI-based tracking and detection systems near railway tracks to prevent elephant deaths. We asked about the status of the project and the AI technology being used in the project. According to the response, the AI system in place was mainly for thermal detection via motion-detecting camera and this helped in early detection of animal movement near railway tracks. The budget allocation for this project is a whopping Rs. 7.24 Crores. These projects reflect a growing trend of using AI in everything the government introduces without any real application of the technology. 

First Appeals

We received two responses from Gujarat to the first FCU RTIs from the PIO, Office of the Additional Director General of Police, and Gujarat Cyber Crime Cell. Both refused to provide the said information on the ground that the information sought falls under the Special Branches of the Home Department of the Government of Gujarat are exempted from the provisions of the RTI Act, 2005 because of notification no. SB-I/102001/8203/GOI/62 dated 25.10.2005 by the Home Department of Gujarat. Similarly, Meghalaya (office of the Director General of Police) claimed exemption stating that the said information on the ground that the information sought falls under the domain of CID Organisation, Meghalaya Police which has been exempted by the State Government’s notification dated February 13, 2024. Meghalaya and Gujarat also claimed the same exemptions in response to the second FCU RTIs. We have filed first appeals to these responses arguing that even though Section 24 exempts information relating to ‘intelligence and security’, proviso to Section 24(4) any information relating to allegations of corruption and human rights violation cannot be exempted. We will keep you updated on the responses.

Second Appeals

CERT-In Direction (iii)

On March 16, 2023, IFF filed RTI applications to MeitY seeking information on compliance with Direction (iii) of Direction No. 20(3)/2022-CERT-In (“CERT-In 2022 Directions”). Direction (iii) addresses issues posed by data breaches, directing information to be provided to take proactive and preventive measures against such incidents. It sought to manage issues related to data breaches, specifying that real-time information will have to be provided by the service provider for proactive and preventive actions related to cyber incidents by CERT-In. In the absence of a robust data protection framework, such requirements have the potential to enable mass surveillance.

MeitY initially disclosed that only VPN service providers were issued notices seeking compliance with Direction (iii) and that the information sought is “mostly related to unspecified third parties”. However, they refused to share any further information, including information related to the total number of compliance notices issued by them and the list of entities to whom the notices were served.

Even after filing a first appeal, MeitY refused to disclose information, stating that an appropriate reply had been given by the CPIO and disposing of the matter “under Section 8(g) of the RTI Act.” Dissatisfied with this response, IFF approached the Central Information Commission (CIC), where the Chief Information Commissioner noted that any information permissible for disclosure under the RTI Act had been provided to the Appellant and as such, no further intervention was warranted.

 ECI’s Takedown Orders

On April 19, 2024, we filed seven separate RTIs with the ECI regarding the content takedown orders issued to ByteDance, Facebook, Google, ShareChat, X, and WhatsApp. In the interest of due diligence, we also filed an RTI seeking statistical information on the content takedown orders to all the social media platforms from 01.01.2023 until the receipt of the RTIs. Almost a month later, the ECI in its response stated that they issued 55 takedown orders, providing concurring information in the social media platform-specific RTIs as well. 

However, they refused to provide copies of the takedown orders citing Section 8 (1)(j) of the RTI Act, 2005, and relied on Vihar Durve v. CPIO, Election Commission of India (CIC/ECOMM/A/2022/63217, dated 14.07.2023). The ECI stated that it issues takedown orders to social media platforms under the Voluntary Code of Ethics, an agreement they have signed to voluntarily conduct awareness campaigns on electoral laws, and related instructions. Further, on being questioned about the ‘criteria for objectionable content’, the ECI has simply stated “You may refer to Handbook for Media Matters for CEOs and DEOs available on IICI’s website.” 

We filed the first appeals for the generic response as well as the responses relating to Facebook, X, and Google on 16.06.2024 as the information given was inadequate and incomplete. On June 28, 2024, the ECI First Appellate Authority upheld the response of the CPIO and also cited Section 8(1)(j) of the RTI Act, 2005, relying on Vihar Durve v. CPIO, Election Commission of India. In September, we filed four second appeals for all four responses respectively, we will keep you posted on any developments.

Social Media Platforms	FA Response
Generic Questions	Link
Facebook	Link
Google	Link
X	Link

So, what’s next?

Well, we shall continue to track the news and file pertinent RTI requests and first appeals where necessary, and keep fighting the good fight for transparent, accountable, and citizen-led democratic institutions. We look forward to receiving responses to the remaining RTIs and will keep you updated in our next quarterly report, so stay tuned!