Chapter 9 of my forthcoming book opens with quotes from an infamous April 2011 BBC interview with RIM's co-CEO Mike Lazaridis, in which he ends the interview abruptly after the BBC's Rory Cellan-Jones presses him to answer questions about RIM's “arguments with the Indian government and various other governments in the Middle East" over those governments' desire to gain access to Blackberry messages and e-mails. In August 2010, the United Arab Emirates and Saudi Arabia threatened to ban BlackBerry services until RIM agreed to allow a satisfactory level of government access to communications sent through RIM devices within the country. India soon followed suit with its own demands for access. Late last month, the Wall Street Journal reported that RIM has set up a facility in Mumbai "to help the Indian government carry out lawful surveillance of its BlackBerry services." The report further quotes a RIM statement which says that "we believe the government of India is now applying its security policy in a consistent manner to all handset makers and service providers in India, which means that RIM should not be singled out any more than any other provider."
There is a larger problem, however. When it comes to censorship in India, the hardworking folks at the Centre for Internet and Society in Bangalore recently concluded that the Indian government is violating not only Indian laws but also the Indian Constitution in the way it handles censorship demands to companies. What are the chances, then, that the Indian government is not violating its citizens' rights in similar ways when it comes to demands for user information to RIM and other mobile service providers? CIS's Pranesh Prakash compared Google's most recent Transparency Report, which reveals the number of content removal and user data requests made between January and June 2011 by the Indian government, and compared that information with an official response to CIS queries on content removal and blocking by the Ministry of Communications & Information Department of Information Technology. Prakash's conclusion:
...it would seem that law enforcement agencies are operating outside the bounds set up under the Indian Penal Code, the Code of Criminal Procedure, as also the Information Technology Act, when they send requests for removal of content to companies like Google. While a company might comply with it because it appears to them to violate their own terms of service (which generally include a wide clause about content being in accordance with all local laws), community guidelines, etc., it would appear that it is not required under the law to do so if the order itself is not legal. However, anecdotal evidence has it that most companies comply with such 'requests' even when they are not under any legal obligation to do so. This way the intention of Parliament in enacting s.69A of the IT Act—to regulate government censorship of the Internet and bring it within the bounds laid down in the Constitution—is defeated.
As I reported in the book, in April 2011, the Ministry of Communications and Information Technology issued new rules under which Internet companies are expected to remove within thirty-six hours any content regulators designated as “grossly harmful,” “harassing,” or “ethnically objectionable.” Indian free speech advocates have vowed to challenge the rules’ constitutionality. Google publicly protested the rules in a statement warning that “if Internet platforms are held liable for third party content, it would lead to self-censorship and reduce the free flow of information.” As Prakash put it then, “The Indian Constitution limits how much the government can regulate citizens’ fundamental right to freedom of speech and expression. Any measure afoul of the constitution is invalid.”
More details about surveillance and censorship in India can be found in the India-focused chapter of a new book, Access Contested: Security, Identity, and Resistance in Asian Cyberspace, produced by the Open Net Initiative, coming out in December from MIT Press. The India chapter is not currently available online but I discuss India's issues in a related chapter titled "Corporate Accountability in Networked Asia" (The Citizenlab, one of ONI's partners, has made that chapter, along with all of Part I of the book, available online here.) I wrote it late last year and it went into production before the new April 2011 rules came out (academic presses take a long time), but I think the larger point remains very relevant. I compare the role played by companies in facilitating government censorship and surveillance in China to the role of companies in two Asian democracies: South Korea and India. I argue that "efforts to hold companies accountable for free speech and privacy in authoritarian countries like China will face an uphill battle unless companies in Asia’s democracies are pushed by domestic civil society actors to defend and protect user rights in a more robust manner than is currently the case."
The first step is for companies to follow Google's lead in being more transparent about how they respond to government demands. Then civil society organizations in democracies, like India's CIS, will be equipped and empowered with the information they need to push their governments to stop using companies as an opaque and unaccountable extension of state power. RIM can and must recognize that by being evasive with the public it is standing firmly on the wrong side of history.
Here is the video of Lazaridis' interview: