Access To Knowledge (A2K)

Breaking Down Section 66A of the IT Act

pranesh — 2012-12-14T09:51:17Z

Section 66A of the Information Technology Act, which prescribes 'punishment for sending offensive messages through communication service, etc.' is widely held by lawyers and legal academics to be unconstitutional. In this post Pranesh Prakash explores why that section is unconstitutional, how it came to be, the state of the law elsewhere, and how we can move forward.

Back in February 2009 (after the IT Amendment Act, 2008 was hurriedly passed on December 22, 2008 by the Lok Sabha, and a day after by the Rajya Sabha[1] but before it was notified on October 27, 2009) I had written that s.66A is "patently in violation of Art. 19(1)(a) of the Constitution of India":

Section 66A which punishes persons for sending offensive messages is overly broad, and is patently in violation of Art. 19(1)(a) of our Constitution. The fact that some information is "grossly offensive" (s.66A(a)) or that it causes "annoyance" or "inconvenience" while being known to be false (s.66A(c)) cannot be a reason for curbing the freedom of speech unless it is directly related to decency or morality, public order, or defamation (or any of the four other grounds listed in Art. 19(2)). It must be stated here that many argue that John Stuart Mill's harm principle provides a better framework for freedom of expression than Joel Feinberg's offence principle. The latter part of s.66A(c), which talks of deception, is sufficient to combat spam and phishing, and hence the first half, talking of annoyance or inconvenience is not required. Additionally, it would be beneficial if an explanation could be added to s.66A(c) to make clear what "origin" means in that section. Because depending on the construction of that word s.66A(c) can, for instance, unintentionally prevent organisations from using proxy servers, and may prevent a person from using a sender envelope different from the "from" address in an e-mail (a feature that many e-mail providers like Gmail implement to allow people to send mails from their work account while being logged in to their personal account). Furthermore, it may also prevent remailers, tunnelling, and other forms of ensuring anonymity online. This doesn't seem to be what is intended by the legislature, but the section might end up having that effect. This should hence be clarified.

I stand by that analysis. But given that it is quite sparse, in this post I will examine s.66A in detail.

Here's what s. 66A of the IT (Amendment) Act, 2008 states:

66A. Punishment for sending offensive messages through communication service, etc.,
Any person who sends, by means of a computer resource or a communication device,—
(a) any information that is grossly offensive or has menacing character;
(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently by making use of such computer resource or a communication device,
(c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages

shall be punishable with imprisonment for a term which may extend to three years and with fine.

Explanation: For the purposes of this section, terms "electronic mail" and "electronic mail message" means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, images, audio, video and any other electronic record, which may be transmitted with the message.[2]

A large part of s.66A can be traced back to s.10(2) of the UK's Post Office (Amendment) Act, 1935:

If any person —
(a) sends any message by telephone which is grossly offensive or of an indecent, obscene, or menacing character; or
(b) sends any message by telephone, or any telegram, which he knows to be false, for the purpose of causing annoyance, inconvenience, or needless anxiety to any other person; or
(c) persistently makes telephone calls without reasonable cause and for any such purposes as aforesaid;
he shall be liable upon summary conviction to a fine not exceeding ten pounds, or to imprisonment for a term not exceeding one month, or to both such fine and imprisonment.

Section 66A bears a striking resemblance to the three parts of this law from 1935, with clauses (b) and (c) being merged in the Indian law into a single clause (b) of s.66A, with a whole bunch of new "purposes" added. Interestingly, the Indian Post Office Act, 1898, was never amended to add this provision.

The differences between the two are worth exploring.

Term of Punishment

The first major difference is that the maximum term of imprisonment in the 1935 Act is only one month, compared to three years in s.66A of the IT Act. It seems the Indian government decided to subject the prison term to hyper-inflation to cover for the time. If this had happened for the punishment for, say, criminal defamation, then that would have a jail term of up to 72 years! The current equivalent laws in the UK are the Communications Act, 2003 (s. 127) and the Malicious Communications Act 1988 (s.1) for both of which the penalty is up to 6 months' imprisonment or to a maximum fine of £5000 or both. What's surprising is that in the Information Technology (Amendment) Bill of 2006, the penalty for section 66A was up to 2 years, and it was changed on December 16, 2008 through an amendment moved by Mr. A. Raja (the erstwhile Minister of Communications and IT) to 3 years. Given that parts of s.66A(c) resemble nuisance, it is instructive to note the term of punishment in the Indian Penal Code (IPC) for criminal nuisance: a fine of Rs. 200 with no prison term.

"Sending" vs. "Publishing"

J. Sai Deepak, a lawyer, has made an interesting point that the IT Act uses "send" as part of its wording, and not "publish". Given that, only messages specifically directed at another would be included. While this is an interesting proposition, it cannot be accepted because: (1) even blog posts are "sent", albeit to the blog servers — s.66A doesn't say who it has to be sent to; (2) in the UK the Communications Act 2003 uses similar language and that, unlike the Malicious Communication Act 1988 which says "sends to another person", has been applied to public posts to Twitter, etc.; (3) The explanation to s.66A(c) explicitly uses the word "transmitted", which is far broader than "send", and it would be difficult to reconcile them unless "send" can encompass sending to the publishing intermediary like Twitter.

Part of the narrowing down of s.66A should definitely focus on making it applicable only to directed communication (as is the case with telephones, and with the UK's Malicious Communication Act), and not be applicable to publishing.

Section 66A(c)

Section 66A(c) was also inserted through an amendment moved by Mr. Raja on December 16, 2008, which was passed by the Lok Sabha on December 22, 2008, and a day after by the Rajya Sabha. (The version introduced in Parliament in 2006 had only 66A(a) and (b).) This was done in response to the observation by the Standing Committee on Information Technology that there was no provision for spam. Hence it is clear that this is meant as an anti-spam provision. However, the careless phrasing makes it anything but an anti-spam provision. If instead of "for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages" it was "for the purpose of causing annoyance and inconvenience and to deceive and to mislead the addressee or recipient about the origin of such messages", it would have been slightly closer to an anti-spam provision, but even then doesn't have the two core characteristics of spam: that it be unsolicited and that it be sent in bulk. (Whether only commercial messages should be regarded as spam is an open question.) That it arise from a duplicitous origin is not a requirement of spam (and in the UK, for instance, that is only an aggravating factor for what is already a fine-able activity).

Curiously, the definitional problems do not stop there, but extend to the definitions of "electronic mail" and "electronic mail message" in the 'explanation' as well. Those are so vast that more or less anything communicated electronically is counted as an e-mail, including forms of communication that aren't aimed at particular recipients the way e-mail is.

Hence, the anti-spam provision does not cover spam, but covers everything else. This provision is certainly unconstitutional.

Section 66A(b)

Section 66A(b) has three main elements: (1) that the communication be known to be false; (2) that it be for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will; (3) that it be communicated persistently. The main problem here is, of course, (2). "Annoyance" and "inconvenience", "insult", "ill will" and "hatred" are very different from "injury", "danger", and "criminal intimidation". That a lawmaker could feel that punishment for purposes this disparate belonged together in a single clause is quite astounding and without parallel (except in the rest of the IT Act). That's akin to having a single provision providing equal punishment for calling someone a moron ("insult") and threatening to kill someone ("criminal intimidation"). While persistent false communications for the purpose of annoying, insulting, inconveniencing, or causing ill will should not be criminalised (if need be, having it as a civil offence would more than suffice), doing so for the purpose of causing danger or criminal intimidation should. However, the question arises whether you need a separate provision in the IT Act for that. Criminal intimidation is already covered by ss. 503 and 506 of the IPC. Similarly, different kinds of causing danger are taken care of in ss.188, 268, 283, 285, 289, and other provisions. Similarly with the other "purposes" listed there, if, for instance, a provision is needed to penalise hoax bomb threats, then the provision clearly should not be mentioning words like "annoyance", and should not be made "persistent". (At any rate, s. 505(1) of the IPC suffices for hoax bomb threats, so you don't need a separate provision in the IT Act).

I would argue that in its current form this provision is unconstitutional, since there is no countervailing interest in criminalising false and persistent "insults", etc., that will allow those parts of this provision to survive the test of 'reasonableness' under Art.19(2). Furthermore, even bits that survive are largely redundant. While this unconstitutionality could be cured by better, narrower wording, even then one would need to ensure that there is no redundancy due to other provisions in other laws.

Section 66A(a)

In s.66A(a), the question immediately arises whether the information that is "grossly offensive" or "menacing" need to be addressed at someone specific and be seen as "grossly offensive" or "menacing" by that person, or be seen by a 'reasonable man' test.

Additionally, the term "grossly offensive" will have to be read in such a heightened manner as to not include merely causing offence. The one other place where this phrase is used in Indian law is in s.20(b) of the Indian Post Office Act (prohibiting the sending by post of materials of an indecent, obscene, seditious, scurrilous, threatening, or grossly offensive character). The big difference between s.20(b) of the IPO Act and s.66A of the IT Act is that the former is clearly restricted to one-to-one communication (the way the UK's Malicious Communication Act 1988 is). Reducing the scope of s.66A to direct communications would make it less prone to challenge.

Additionally, in order to ensure constitutionality, courts will have to ensure that "grossly offensive" does not simply end up meaning "offensive", and that the maximum punishment is not disproportionately high as it currently is. Even laws specifically aimed at online bullying, such as the UK's Protection from Harassment Act 1997, can have unintended effects. As George Monbiot notes, the "first three people to be prosecuted under [the Protection from Harassment Act] were all peaceful protesters".

Constitutional Arguments in Importing Laws from the UK

The plain fact is that the Indian Constitution is stronger on free speech grounds than the (unwritten) UK Constitution, and the judiciary has wide powers of judicial review of statutes (i.e., the ability of a court to strike down a law passed by Parliament as 'unconstitutional'). Judicial review of statutes does not exist in the UK (with review under its EU obligations being the exception) as they believe that Parliament is supreme, unlike India. Putting those two aspects together, a law that is valid in the UK might well be unconstitutional in India for failing to fall within the eight octagonal walls of the reasonable restrictions allowed under Art.19(2). That raises the question of how they deal with such broad wording in the UK.

Genealogy of UK Law on Sending 'Indecent', 'Menacing', 'Grossly Offensive' Messages

Quoting from the case of DPP v. Collins [2006] UKHL 40 [6]:

The genealogy of [s. 127(1) of the Communication Act] may be traced back to s.10(2)(a) of the Post Office (Amendment) Act, 1935, which made it an offence to send any message by telephone which is grossly offensive or of an indecent, obscene or menacing character. That subsection was reproduced with no change save of punctuation in s.66(a) of the Post Office Act 1953. It was again reproduced in s.78 of the Post Office Act 1969, save that "by means of a public telecommunication service" was substituted for "by telephone" and "any message" was changed to "a message or other matter". Section 78 was elaborated but substantially repeated in s.49(1)(a) of the British Telecommunications Act 1981 and was re-enacted (save for the substitution of "system" for "service") in s.43(1)(a) of the Telecommunications Act 1984. Section 43(1)(a) was in the same terms as s.127(1)(a) of the 2003 Act, save that it referred to "a public telecommunication system" and not (as in s.127(1)(a)) to a "public electronic communications network". Sections 11(1)(b) of the Post Office Act 1953 and 85(3) of the Postal Services Act 2000 made it an offence to send certain proscribed articles by post.

While the above quotation talks about s.127(1) it is equally true about s.127(2) as well. In addition to that, in 1988, the Malicious Communications Act (s.1) was passed to prohibit one-to-one harassment along similar lines.

The UK's Post Office Act was eclipsed by the Telecommunications Act in 1984, which in turn was replaced in 2003 by the Communications Act. (By contrast, we still stick on to the colonial Indian Post Office Act, 1898.) Provisions from the 1935 Post Office Act were carried forward into the Telecommunications Act (s.43 on the "improper use of public telecommunication system"), and subsequently into s.127 of the Communications Act ("improper use of public electronic communications network"). Section 127 of the Communications Act states:

127. Improper use of public electronic communications network
(1) A person is guilty of an offence if he —
(a) sends by means of a public electronic communications network a message or other matter that is grossly offensive or of an indecent, obscene or menacing character; or
(b) causes any such message or matter to be so sent.
(2) A person is guilty of an offence if, for the purpose of causing annoyance, inconvenience or needless anxiety to another, he —
(a) sends by means of a public electronic communications network, a message that he knows to be false,
(b) causes such a message to be sent; or
(c) persistently makes use of a public electronic communications network.
(3) A person guilty of an offence under this section shall be liable, on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale, or to both.
(4) Subsections (1) and (2) do not apply to anything done in the course of providing a programme service (within the meaning of the Broadcasting Act 1990 (c. 42)).

Currently in the UK there are calls for repeal of s.127. In a separate blog post I will look at how the UK courts have 'read down' the provisions of s.127 and other similar laws in order to be compliant with the European Convention on Human Rights.

Comparison between S. 66A and Other Statutes

Section 144, IPC, 1860

Power to issue order in urgent cases of nuisance or apprehended danger

...obstruction, annoyance or injury to any person lawfully employed, or danger to human life, health or safety, or a disturbance of the public tranquillity

Babulal Parate v. State of Maharastra and Ors. [1961 AIR SC 884] (Magistrates order under s. 144 of the Cr. PC, 1973 was in violation of Art.19(1)(a) of the Constitution).

A special thanks is due to Snehashish Ghosh for compiling the below table.

Section	Term(s)/phrase(s) used in 66A	Term(s)/ phrase(s) used in similar sections
Section 66A (heading)	Punishment for sending offensive messages through communication service, etc	Section 127, CA, 2003, "Improper use of public electronic communications network"
Section 66A(a)	Any person who sends, by means of a computer resource or a communication device	Section 1(1), MCA 1988, "Any person who sends to another person..."
Section 66A(a)	Grossly offensive	Section 1(1)(a)(i), MCA 1988; Section 127(1)(a),CA, 2003; Section 10(2)(a), Post Office (Amendment) Act, 1935; Section 43(1)(a), Telecommunications Act 1984; Section 20, India Post Act 1898
Section 66A(a)	Menacing character	Section127(1)(a),CA, 2003
Section 66A(b)	Any information which he knows to be false	Section 1(1)(a)(iii), MCA 1988 "information which is false and known or believed to be false by the sender"; Section 127(2)(a), CA, 2003, "a message that he knows to be false"
Section 66A(b) “purpose of...”	Causing annoyance	Section127(2), CA, 2003
	Inconvenience	Section 127 (2), CA, 2003
	Danger
	Insult	Section 504, IPC, 1860
	Injury	Section 44 IPC, 1860, "The word 'injury' denotes any harm whatever illegally caused to any person, in body, mind, reputation or property."
	Criminal intimidation	Sections 503 and 505 (2), IPC, 1860
	Enmity, hatred or ill-will	Section 153A(1)(a), IPC, 1860
	Persistently by making use of such computer resource or a communication device	Section 127(2)(c), CA, 2003, "persistently makes use of a public electronic communications network."
Section 66A(c)	Deceive or to mislead	-

Notes
MCA 1988: Malicious Communications Act (s.1)
CA: Communications Act 2003 (s.127)
*Replaced by Communications Act 2003

[1]. The Information Technology (Amendment) Bill, 2008, was one amongst the eight bills that were passed in fifteen minutes on December 16, 2008.
[2]. Inserted vide Information Technology Amendment Act, 2008.

This was re-posted in Outlook (November 28, 2012)

For more details visit https://cis-india.org/internet-governance/blog/breaking-down-section-66-a-of-the-it-act

Breaking Down ICANN Accountability: What It Is and What the Internet Community Wants

ramya — 2015-11-05T15:29:26Z

At the recent ICANN conference held in Dublin (ICANN54), one issue that was rehashed and extensively deliberated was ICANN's accountability and means to enhance the same. In light of the impending IANA stewardship transition from the NTIA to the internet's multi-stakeholder community, accountability of ICANN to the internet community becomes that much more important. In this blog post, some aspects of the various proposals to enhance ICANN's accountability have been deconstructed and explained.

The Internet Corporation for Assigned Names and Numbers, known as ICANN, is a private not-for-profit organization, registered in California. Among other functions, it is tasked with carrying out the IANA function[1], pursuant to a contract between the US Government (through the National Telecommunications and Information Administration – NTIA) and itself. Which means, as of now, there exists legal oversight by the USG over ICANN with regard to the discharge of these IANA functions.[2]

However, in 2014, the NTIA, decided to completely handover stewardship of the IANA functions to the internet’s ‘global multistakeholder community’. But the USG put down certain conditions before this transition could be effected, one of which was to ensure that there exists proper accountability within the ICANN.[3]

The reason for this, was that the internet community feared a shift of ICANN to a FIFA-esque organization with no one to keep it in check, post the IANA transition if these accountability concerns weren’t addressed.[4]

And thus, to answer these concerns, the Cross Community Working Group (CCWG-Accountability) has come up with reports that propose certain changes to the structure and functioning of ICANN.

In light of the discussions that took place at ICANN54 in Dublin, this blog post is directed towards summarizing some of these proposals - those pertaining to the Independent Review Process or IRP (explained below) as well the various accountability models that are the subject of extensive debate both on and off the internet.

Building Blocks Identified by the CCWG-Accountability

The CCWG-Accountability put down four “building blocks”, as they call it, on which all their work is based. One of these is what is known as the Independent Review Process (or IRP). This is a mechanism by which internal complaints, either by individuals or by SOs/ACs[5], are addressed. However, the current version of the IRP is criticized for being an inefficient mechanism of dispute resolution.[6]

And thus the CCWG-Accountability proposed a variety of amendments to the same.

Another building block that the CCWG-Accountability identified is the need for an “empowered internet community”, which means more engagement between the ICANN Board and the internet community, as well as increased oversight by the community over the Board. As of now, the USG acts as the oversight-entity. Post the IANA transition however, the community feels they should step in and have an increased say with regard to decisions taken by the ICANN Board.

As part of empowering the community, the CCWG-Accountability identified five core areas in which the community needs to possess some kind of powers or rights. These areas are – review and rejection of the ICANN budget, strategic plans and operating plans; review, rejection and/or approval of standard bylaws as well fundamental bylaws; review and rejection of Board decisions pertaining to IANA functions; appointment and removal of individual directors on the Board; and recall of the entire Board itself. And it is with regard to what kind of powers and rights are to be vested with the community that a variety of accountability models have been proposed, both by the CCWG-Accountability as well as the ICANN Board. However, of all these models, discussion is now primarily centered on three of them – the Sole Member Model (SMM), the Sole Designator Model (SDM) and the Multistakeholder Empowerment Model (MEM).

What is the IRP?

The Independent Review Process or IRP is the dispute resolution mechanism, by which complaints and/or oppositions by individuals with regard to Board resolutions are addressed. Article 4 of the ICANN bylaws lay down the specifics of the IRP. As of now, a standing panel of six to nine arbitrators is constituted, from which a panel is selected for hearing every complaint. However, the primary criticism of the current version of the IRP is the restricted scope of issues that the panel passes decisions on.[7]

The bylaws explicitly state that the panel needs to focus on a set on procedural questions while hearing a complaint – such as whether the Board acted in good faith or exercised due diligence in passing the disputed resolution.

Changes Proposed by the Internet Community to Enhance the IRP

To tackle this and other concerns with the existing version of the IRP, the CCWG-Accountability proposed a slew of changes in the second draft proposal that they released in August this year. What they proposed is to make the IRP arbitral panel hear complaints and decide the matter on both procedural (as they do now) and substantive grounds. In addition, they also propose a broadening of who all have locus to initiate an IRP, to include individuals, groups and other entities. Further, they also propose a more precedent-based method of dispute resolution, wherein a panel refers to and uses decisions passed by past panels in arriving at a decision.

At the 19^th October “Enhancing ICANN-Accountability Engagement Session” that took place in Dublin as part of ICANN54, the mechanism to initiate an IRP was explained by Thomas Rickert, CCWG Co-Chair.[8]

Briefly, the modified process is as follows -

An objection may be raised by any individual, even a non-member.
This individual needs to find an SO or an AC that shares the objection.
A “pre-call” or remote meeting between all the SOs and ACs is scheduled, to see if objection receives prescribed threshold of approval from the community.
If this threshold is met, dialogue is undertaken with the Board, to see if the objection is sustained by the Board.
If this dialogue also fails, then IRP can be initiated.

The question of which “enforcement model” empowers the community arises post the initiation of this IRP, and in the event that the community receives an unfavourable decision through the IRP or that the ICANN Board refuses to implement the IRP decision. Thus, all the “enforcement models” retain the IRP as the primary method of internal dispute resolution.

The direction that the CCWG-Accountability has taken with regard to enhancement of the IRP is heartening. And these proposals have received large support from the community. What is to be seen now is whether these proposals will be fully implemented by the Board or not, in addition to all the other proposals made by the CCWG.

Enforcement – An Overview of the Different Models

In addition to trying to enhance the existing dispute resolution mechanism, the CCWG-Accountability also came up with a variety of “enforcement models”, by which the internet community would be vested with certain powers. And in response to the models proposed by the CCWG-Accountability, the ICANN Board came up with a counter proposal, called the MEM.

Below is a tabular representation of what kinds of powers are vested with the community under the SMM, the SDM and the MEM.

Power	SMM	SDM	MEM
Reject/Review Budget, Strategies and OPs. + Review/Reject Board decisions with regard to IANA functions.	Sole Member has the reserved power to reject the budget up to 2 times. Member also has standing to enforce bylaw restrictions on the budget, etc.	Sole Designator can only trigger Board consultations if opposition to budget, etc exists. Further, bylaws specify how many times such a consultation can be triggered. Designator only possesses standing to enforce this consultation.	Community can reject Budget up to two times. Board is required by bylaws to reconsider budget post such rejection, by consulting with the community. If still no change is made, then community can initiate process to recall the Board.
Reject/Review amendments to Standard bylaws and Fundamental bylaws	Sole Member has right to veto these changes. Further, member also standing to enforce this right under the relevant Californian law.	Sole Designator can also veto these changes. However, ambiguity regarding standing of designator to enforce this right.	No veto power granted to any SO or AC. Each SO and AC evaluate if they want to voice the said objection. If certain threshold of agreement reached, then as per the bylaws, the Board cannot go ahead with the amendment.
Appointment and Removal of individual ICANN directors	Sole Member can appoint and remove individual directors based on direction from the applicable Nominating Committee.	Sole Member can appoint and remove individual directors based on direction from the applicable Nominating Committee.	The SOs/ACs cannot appoint individual directors. But they can initiate process for their removal. However, directors can only be removed for breach of or on the basis of certain clauses in a “pre-service letter” that they sign.
Recall of ICANN Board	Sole Member has the power to recall Board. Further, it has standing to enforce this right in Californian courts.	Sole Designator also has the power to recall the Board. However, ambiguity regarding standing to enforce this right.	Community is not vested with power to recall the Board. However, if simultaneous trigger of pre-service letters occurs, in some scenarios, only then can something similar to a recall of the Board occur.

A Critique of these Models

SMM:

The Sole Member Model (or SMM) was discussed and adopted in the second draft proposal, released in August 2015. This model is in fact the simplest and most feasible variant of all the other membership-based models, and has received substantial support from the internet community. The SMM proposes only one amendment to the ICANN bylaws - a move from having no members to one member, while ICANN itself retains its character as a non-profit mutual-benefit corporation under Californian laws.

This “sole member” will be the community as a whole, represented by the various SOs and ACs. The SOs and ACs require no separate legal personhood to be a part of this “sole member”, but can directly participate. This participation is to be effected by a voting system, explained in the second draft, which allocates the maximum number of votes each SO and AC can cast. This ensures that each SO/AC doesn’t have to cast a unanimous vote, but each differing opinion within an SO/AC is given equal weight.

SDM:

A slightly modified and watered down version of the SMM, proposed by the CCWG-Accountability as an alternative to the same, is the “Sole Designator Model” or the SDM. Such a model requires an amendment to the ICANN bylaws, by which certain SOs/ACs are assigned “designator” status. By virtue of this status, they may then exercise certain rights - the right to recall the Board in certain scenarios and the right to veto budgets and strategic plans.

However, there is some uncertainty in Californian law regarding who can be a designator - an individual or an entity as well. So whether unincorporated associations, such as the SOs and ACs, can be a “designator” as per the law is a question that doesn’t have a clear answer yet.

Where most discussion with respect to the SDM has occurred has been in the area of the designator being vested with the power to “spill” or remove all the members of the ICANN Board. The designator is vested with this power as a sort of last-resort mechanism for the community’s voice to be heard. However, an interesting point raised in one of the Accountability sessions at ICANN54 was the almost negligible probability of this course of action ever being taken, i.e. the Board being “spilled”. So while in theory this model seems to vest the community with massive power, in reality, because the right to “spill” the Board may never be invoked, the SDM is actually a weak enforceability model.

Other Variants of the Designator Model:

The CCWG-Accountability, in both its first and second report, discussed variants of the designator model as well. A generic SO/AC Designator model was discussed in the first draft. The Enhanced SO/AC Designator model, discussed in the second draft, also functions along similar lines. However, only those SOs and ACs that wanted to be made designators apply to become so, as opposed to the requirement of a mandatory designator under the SDM model.

After the second draft released by the CCWG-Accountability and the counter-proposal released by the ICANN Board (see below for the ICANN Board’s proposal), discussion was mostly directed towards the SMM and the MEM. However, the discussion with regard to the designator model has recently been revived by members of the ALAC at ICANN54 in Dublin, who unanimously issued a statement supporting the SDM.^{^[9]} And following this, many more in the community have expressed their support towards adopting the designator model.[10]

MEM:

The Multi-stakeholder Enforcement Model or MEM was the ICANN Board’s counter-model to all the models put forth by the CCWG-Accountability, specifically the SMM. However, there is no clarity with regard to the specifics of this model. In fact, the vagueness surrounding the model is one of the biggest criticisms of the model itself.

The CCWG-Accountability accounts for possible consequences of implementation every model by a mechanism known as “stress-tests”. The Board’s proposal, on the other hand, rejects the SMM due to its “unintended consequences”, but does not provide any clarity on what these consequences are or what in fact the problems with the SMM itself are.[11]

In addition, many are opposed to the Board proposal in general because it wasn’t created by the community, and therefore not reflective of the community’s views, as opposed to the SMM.[12]

Instead, the Board’s solution is to propose a counter-model that doesn’t in fact fix the existing problems of accountability.

What is known of the MEM though, gathered primarily from an FAQ published on the ICANN community forum, is this: The community, through the various SOs and ACs, can challenge any action of the Board that is CONTRADICTORY TO THE FUNDAMENTAL BYLAWS only, through a binding arbitration. The arbitration panel will be decided by the Board and the arbitration itself will be financed by ICANN. Further, this process will not replace the existing Independent Review Process or IRP, but will run parallely.

Even this small snippet of the MEM is filled with problems. Concerns of neutrality with regard to the arbitral panel and challenge of the award itself have been raised.[13]

Further, the MEM seems to be in direct opposition to the ‘gold standard’ multi-stakeholder model of ICANN. Essentially, there is no increased accountability of the ICANN under the MEM, thus eliciting severe opposition from the community.

What is interesting to note about all these models, is that they are all premised on ICANN continuing to remain within the jurisdiction of the United States. And even more surprising is that hardly anyone questions this premise. However, at ICANN54 this issue received a small amount of traction, enough for the setting up of an ad-hoc committee to address these jurisdictional concerns. But even this isn’t enough traction. The only option now though is to wait and see what this ad-hoc committee, as well as the CCWG-Accountability through its third draft proposal to be released later this year, comes up with.

[1]. The IANA functions or the technical functions are the name, number and protocol functions with regard to the administration of the Domain Name System or the DNS.

[2]. http://www.theguardian.com/technology/2015/sep/21/icann-internet-us-government

[3]. http://www.theregister.co.uk/2015/10/19/congress_tells_icann_quit_escaping_accountability/?page=1

[4]. http://www.theguardian.com/technology/2015/sep/21/icann-internet-us-government

[5]. SOs are Supporting Organizations and ACs are Advisory Committees. They form part of ICANN’s operational structure.

[6]. Leon Sanchez (ALAC member from the Latin American and Caribbean Region) speaking at the Enhancing ICANN Accountability Engagement Session !, ICANN54, Dublin (see page 5) https://meetings.icann.org/en/dublin54/schedule/mon-enhancing-accountability/transcript-enhancing-accountability-19oct15-en

[7]. Leon Sanchez (ALAC member from the Latin American and Caribbean Region) speaking at the Enhancing ICANN Accountability Engagement Session !, ICANN54, Dublin (see page 5) https://meetings.icann.org/en/dublin54/schedule/mon-enhancing-accountability/transcript-enhancing-accountability-19oct15-en

[8]. Thomas Rickert (GNSO-appointed CCWG co-chair) speaking at the Enhancing ICANN Accountability Engagement Session !, ICANN54, Dublin (see page 15,16) https://meetings.icann.org/en/dublin54/schedule/mon-enhancing-accountability/transcript-enhancing-accountability-19oct15-en

[9]. http://www.brandregistrygroup.org/alac-throws-spanner-in-icann-accountability-discussions

[10]. http://www.theregister.co.uk/2015/10/22/internet_community_icann_accountability/

[11]. http://www.theregister.co.uk/2015/09/07/icann_accountability_latest/

[12]. http://www.circleid.com/posts/20150923_empire_strikes_back_icann_accountability_at_the_inflection_point/

[13]. http://www.internetgovernance.org/2015/09/06/icann-accountability-a-three-hour-call-trashes-a-year-of-work/

For more details visit https://cis-india.org/internet-governance/blog/breaking-down-icann-accountability-what-it-is-and-what-the-internet-community-wants

Breach Notifications: A Step towards Cyber Security for Consumers and Citizens

Amelia Andersdotter — 2017-11-14T15:38:15Z

Through the Digital India project the Indian government is seeking to establish India as a digital nation at the forefront. Increasingly, this means having good cyber-security policies in place and enabling a prosperous business environment for companies that implement sound cyber-security policies. This paper will look at one such policy, which enables investments in cyber-security for IT products and services through giving consumers a way to hold business owners and public authorities to account when their security fails.

Electronic data processing has awarded societies with lots of opportunities for improvements that would not have been possible without them. Low market entrance barriers for new innovators have caused a flood of applications and automations that have the potential to improve citizens’ and consumers’ lives, as well as government operations. But while the increasing prevalence of electronic hardware and programmable software in many different parts of society and industry, combined with the intricate value chains of international communications networks, devices and equipment markets and software markets, have created a large number of opportunities for economic, social and public activity, they have also brought with them a number of specific problems pertaining to consumer rights.

Read full report here

For more details visit https://cis-india.org/internet-governance/blog/breach-notifications-a-step-towards-cyber-security-for-consumers-and-citizens

Brazil’s experience a red flag for WhatsApp in Indian polls, say experts

Admin — 2018-10-28T06:06:19Z

Data shows that the share of active WhatsApp users in rural India has doubled since 2017, according to a survey by the Centre for the Study of Developing Societies.

The article by Vidhi Choudhary was published in Hindustan Times on October 21, 2018. Sunil Abraham was quoted.

Instant messaging service WhatsApp will have to put more safeguards in place to avoid its misuse in the 2019 Lok Sabha elections,experts say. Some point to the experience in the recent elections in Brazil,where the Facebook-owned platform battled allegations on its use to influence the popular vote, with mass-WhatsApp messages pushing anti-leftist propaganda.

“There is no easy way to say this but the likelihood of a WhatsApp scandal in the run-up to the 2019 elections in India is imminent. I won’t be surprised if there is already something similar taking place in India. That’s because there is no way to control the message that is being shared on the platform. The only way to stop this is by revoking the end-to-end encryption which will impair the privacy WhatsApp users enjoy,” said lawyer Rahul Matthan, partner at the law firm Trilegal and author of Privacy 2.0, which traces the historic origin and current debates on privacy.

WhatsApp has over 200 million users in India, its largest market. The absence of a data protection law in India (one is in the works but is unlikely to be passed before the elections) only adds to this problem, although this transcends WhatsApp.

“The large scale sale of phone numbers, and subsequent bombardment of messages, without seeking consent is also a reminder that we urgently need rules to limit the use of personal data for political campaigns. Europe’s law, the GDPR (General Data Protection Regulation), for example, puts strict limits on direct marketing, including by political parties and campaigners. Yet India is approaching its own elections without any effective data protection rules in place,” said Amba Kak, public policy adviser at web browser Mozilla.

The election commission is aware of the challenge. In an interview to Hindustan Times, chief election commissioner OP Rawat said the biggest challenge for the ECI right now is posed by technology firms that have wherewithal to influence voters.

According to a survey conducted by the Digital Empowerment Foundation (DEF) and reported by the HT earlier this week, 40% of rural users of the messaging platform were part of WhatsApp groups created by members or representatives of political parties. A third of the users spend between one hour and four hours on the app daily, the survey found. “This reflects the level of campaigning and penetration of political parties. Villages are always politically sensitive and also interested in politics,” the HT report said, quoting DEF’s Osama Manzar.

The survey noted that 63% of the respondents were not on the service in 2014. The share of active WhatsApp users in rural India has doubled since 2017, according to the Centre for the Study of Developing Societies.

A possible solution is to make sure voters are consistently informed about the issue of misinformation and fake news in India, added Matthan. “WhatsApp should continue to build a concerted marketing campaign against fake news to make voters aware, so that they exercise restraint while sending and sharing messages received from other users. The only trouble is if the message is received from a trusted ally, then one is likely to believe it. That’s why there is no absolute way to ensure shadow campaigns are not circulated on WhatsApp,” he explained.

The Facebook-owned platform has said in an earlier statements that it believes this is a challenge that requires government, civil society and technology companies to work together. “Our strategy has been twofold. First, to give people the controls and information they need to stay safe; and second, to work proactively to prevent misuse on WhatsApp,” WhatsApp said in the statement in July.

In July, WhatsApp launched a label to identify forwarded messages in a bid to combat fake news and the spread of misinformation globally, including India. It later set a limit to the use of forwarded messages to five chats in India. After that WhatsApp took out full-page advertisements in Indian newspapers offering “easy tips” to distinguish between fact and fiction as it battles rising pressure to curb the spread of misinformation in India after the lynching of at least 30 people in the country since May, with at least some being caused by rumours forwarded over phones.

Sunil Abraham, director at the think tank Centre for Internet and Society said WhatsApp could employ a network of fact checkers and explore “in application education”.

Local authorities in various parts of the country have resorted to Internet shutdowns to counter incidents of violence triggered by rumours on WhatsApp. Law firm Software Freedom Law Center (SFLC), based in New Delhi, has tracked down 116 Internet shutdowns across India in 2018 alone. In 2017, India reported 79 shutdowns; in 2016, the number was 31 and in 2012 it was just three. The rise from three shutdowns in 2012 to more than 100 this year marks a 3,766% surge. “State and central government and local authorities might consider this a solution. But a shutdown is completely against freedom of speech and that’s our view,” said an SFLC spokesperson. WhatsApp users in rural India do not blindly trust messages they receive on the messaging service, according to the DEF survey.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-vidhi-choudhary-october-21-2018-brazil-s-experience-a-red-flag-for-whatsapp-in-indian-polls-say-experts

Brazil passes Marco Civil; the US-FCC Alters its Stance on Net Neutrality

geetha — 2014-04-24T10:05:32Z

Hopes for the Internet rise and fall rapidly. Yesterday, on April 23, 2014, Marco Civil da Internet, the Brazilian Bill of Internet rights, was passed by the Brazilian Senate into law.

Marco Civil, on which we blogged previously, includes provisions for the protection of privacy and freedom of expression of all users, rules mandating net neutrality, etc. Brazil celebrated the beginning of NETmundial, a momentous first day about which Achal Prabhala blogs, with President Rousseff’s approval of the Marco Civil.

At about the same time, news broke that the US Federal Communications Commission is set to propose new net neutrality rules. In the wake of the Verizon net neutrality decision in January, the proposed new rules will prohibit Internet service providers such as Comcast from slowing down or blocking traffic to certain websites, but permit fast lane traffic for content providers who are willing to pay for it. This fast lane would prioritise traffic from content providers like Netflix and Youtube on commercially reasonable terms, and result in availability of video and other content at higher speeds or quality. An interesting turn-around, as Marco Civil expressly mandates net neutrality for all traffic.

For more details visit https://cis-india.org/internet-governance/blog/brazil-passes-marco-civil-us-fcc-alters-stance-on-net-neutrality

Braitenberg Cybernetic Vehicles: Workshop, Film Screening & Discussion

praskrishna — 2012-07-30T13:13:31Z

The Metaculture Media Lab at the Centre for Internet & Society, Bangalore is organizing a fun event, next Saturday, April 14, 2012. The event will begin at 2.30 p.m. and will end at 6.00 p.m.

A tentative schedule of the event in three parts:

A short presentation about Braitenberg Vehicles :
It is based on a thought experiment by Italian cyberneticist, in his book : ''Vehicles: Experiments in Synthetic Psychology'' where 'vehicles' with simple sensorimotor capabilites display interesting life-like behaviour WITHOUT the need for internal memory, representation of the environment, or inference. (Basically none of the task based hyper robotic coding/processing) Read more about it here on the wiki page : http://en.wikipedia.org/wiki/Braitenberg_vehicle
This will be followed by a quick Hands-on-proactive-workshop, where we will build some simple Braitenberg Vehicles, using common motors, wheels, and light sensors, and watch them interact and play with each other.
- The Technically inclined might ( Well If you don't know electronics, the block digram will be self explanatory anyway) have fun teaching eachother how to couple motors with light sensors. Designers can also contribute to the interaction paradigm/visuals. While others may chill in the shady part of the lawn with juice, until the vehicle action starts)
Finally, a film screening followed by a short discussion about it , revisiting our ideas about robots, autonomous vehicles, transport, society and policy, possibly moderated by volunteers/students/citizen researchers in this field, in a dialogue with the rest of the audience.

Additionally , if anyone want to build their own vehicles to take home, please email yelena@cis-india.org (by April 10) for instructions on what to pick up from SP Road.

For more details visit https://cis-india.org/internet-governance/cybernetic-vehicles

[···]

kaeru — 2026-03-14T04:30:47Z

For more details visit https://cis-india.org/internet-governance/blog/

Bowing to public pressure, govt withdraws draft encryption policy

praskrishna — 2015-10-01T02:15:17Z

Bowing to pressure from the public, the government on Tuesday withdrew a draft policy that sought to control secured online communication, including through mass-use social media and web applications such as WhatsApp and Twitter.

The article was published by the Hindustan Times on September 22, 2015. Pranesh Prakash was quoted.

Communications and information technology minister Ravi Shankar Prasad announced the government’s decision at a news conference, saying the draft National Encryption Policy will be reviewed before it is again presented to the public for their suggestions.

“I read the draft. I understand that the manner in which it is written can lead to misconceptions. I have asked for the draft policy to be withdrawn and reworded,” Prasad said. He said the draft would be re-released, but did not say when it would be made public.

“Experts had framed a draft policy...This draft policy is not the government’s final view,” he added. “There were concerns in some quarters. There were some words (in the draft policy) that caused concern.”

The draft will be reviewed and experts will be asked to specify to whom the policy will be applicable, Prasad said. He did not say when the new draft will be made public.

Those using social media platforms and web applications fell outside the scope of an encryption policy, Prasad said.

Several countries have felt the need for an encryption policy because of the boom in e-commerce and e-governance, he remarked. “Cyber space interactions are on the rise. There are concerns about security. We need a sound encryption policy,” he said.

Before Prasad announced the withdrawal of the draft policy, the government had issued an addendum early on Tuesday to keep social media and web applications like WhatsApp, Twitter and Facebook out of its purview.

Secure banking transactions and password protected e-commerce businesses too will be kept out of the ambit of the proposed policy, the addendum said.

The climb down by the government came following a storm of protests from users who objected to any stringent state controls on the use of email, social media accounts and apps.

According to the original draft, users of apps such as WhatsApp and Snapchat would be required to save all messages for up to 90 days and be able to produce them if asked by authorities.

Experts told Hindustan Times the draft policy, if implemented in its current form, could compromise the privacy of users and hamper the functioning of several multi-national service providers in India.

Nikhil Pahwa, editor of the MediaNama website that tracks cyber issues and tech news, said there were several problems even with the addendum to the draft policy.

“The usage of the phrase ‘currently in use’ renders the policy vague: Firstly, when is ‘currently’?” he questioned in a post on his website.

“Will a new service that uses a different kind of encryption to protect its users, still be covered? Why should users be ‘restricted to encryption currently in use’? Why should services like Whatsapp, Facebook and Twitter define our security standards?” said Pahwa, who also volunteers for savetheinternet.in.

Pranesh Prakash, policy director for The Centre for Internet and Society, tweeted that even the addendum “does not clarify anything, but further muddles the encryption policy”.

Social media users called the draft “draconian” and “delusional”, and Congress leader Manish Tewari too attacked the Union government.

“The encryption policy (draft) is a snooping and spying orgy. After net chats, the government may want you to keep a video record of what you do in your bedroom for 90 days,” the Congress spokesperson told reporters.

The draft policy had been posted online last week to seek suggestions from the public.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-september-22-2015-bowing-to-public-pressure-govt-withdraws-draft-encryption-policy

Bouquets & brickbats for Google's new privacy policy

praskrishna — 2013-10-25T05:40:56Z

Google's recent privacy policy change that allows the internet search company to use names, photographs and endorsements by its users in online advertisements is getting mixed reviews in India - advertisers love it, and activists love to hate it.

This article by Indu Nandakumar was published in the Economic Times on October 18, 2013. Sunil Abraham is quoted.

Internet rights activists called it another incursion into individual privacy by the California-based company that uses 'Don't be evil' as an informal corporate motto. Brand advisers and marketers praised the ingenuity of personalisation that can make advertising much more effective.

"From a user perspective, there is a higher chance of them buying a product if it is endorsed by a friend," said Kunal Jeswani, chief digital officer at Ogilvy & Mather India. To his mind, the argument about user privacy is "naive" because when a user enters a social network, he/she should know his/her personal information, such as profile photographs and names, is already on the web.

Google announced its policy change regarding user information will be effective on November 11, giving the company the right to use profile names, photos and comments alongside advertisements by clients who use its online advertising network of over 2 million websites.

For instance, if a user has endorsed a product by giving it a "+1" or rated a product on the Google Play app store, his/her image will appear next to the ad when it is displayed to people who are part of his/her social circle on the social networking service Google Plus. The move is seen as Google's attempt to catch up with rival Facebook, which first introduced the concept of 'social ads' that let corporations use the power of influence of people within a person's social network to sell products.

Internet rights activists said such practices raise privacy concerns as they do not take prior consent of users.

"We are not comfortable with user information being used without their permission, especially since Google's privacy standards are not very high," said Uday Mehta, associate director at Consumer Unity and Trust Society (CUTS International).

Last year, the agency complained to Competition Commission of India to investigate Google's alleged anti-competitive practices here. An investigation is ongoing.

In an emailed response, Google said it is notifying users about the change in policy, so that if a user does not like it, he/she can turn it off.

"Since we're updating an existing setting, we will continue to respect the choice you made about the old setting. That means if you already told us that you didn't want your +1s to appear in ads, none of your other shared endorsements will appear in ads," a Google spokesman said.

For example, Google said, if a user reviewed a restaurant, people who aren't in his/her Google Plus Circles of friends would not see that review in an ad that the restaurant might run through Google.

The latest ad strategy comes at a time when companies such as Google and Facebook have been attempting to increase their ad revenues by personalising advertisements to attract user attention. Over 90% of Google's $46-billion revenue in 2012 came from advertisements.

Sunil Abraham, executive director of the Center for Internet and Society said the issue highlights the need for a stronger internet privacy statute in India. The absence of clear privacy laws makes it impossible for government officials to understand the harm caused to personal rights because of the default settings of Google, he observed.

For more details visit https://cis-india.org/news/economic-times-october-18-2013-indu-nandakumar-bouquets-brickbats-google-new-privacy-policy

Book Review: Apocalypse Now Redux

nishant — 2016-08-06T04:16:07Z

My review for Arundhati Roy and John Cusack's new book that captures their encounter with Edward Snowden, 'Things that can and cannot be said' is now out. It's an engaging, if somewhat freewheeling, political critique of the times we live in.

The review was published in the Indian Express on August 6, 2016.

Book: Things That Can and Cannot Be Said
Authors: Arundhati Roy & John Cusack
Publication: Juggernaut
Pages: 132
Price: Rs 250

The title of the book — Things That Can and Cannot be Said — demands an imperative. It is as if Arundhati Roy and John Cusack, aware of their internal turmoil in dealing with a world that is rapidly becoming unintelligible, though not incomprehensible, are demanding an order where none exists. Hence, they are advocating for certainty and assurance, only to undermine it, ironically, through their own freely associative writing that mimics linear time and causative narrative. This deep-seated irony of needing to say something, but knowing that saying it is not going to shine a divining light on the sordid realities of the world that is being managed through the production of grand structures like valorous nation states, virtuous civil societies, the obsequious NGO-isation of radical action, and the persistent neutering of justice through the benign vocabulary of human rights, defines the oeuvre, the politics and the poetics of the book. Written like a scrap book, filled with excerpts from long conversations scattered over time and space, annotated by reminiscences of books read long ago that have seared their imprints on the mind, and events that are simultaneously platitudinous for their status as global landmarks and fiercely personal for the scars that they have left on the minds of the authors, the book remains an engaging, if a somewhat freewheeling, ride into a political critique that makes itself all the more palatable and disconcerting for the levity, irreverence and the dark sense of humour that accompanies it.

Composed in alternating chapters, the first half of the book is about Cusack and Roy laying themselves bare. They spare no words, square no edges, and put their personal, political and collective wounds on display with humble pride and proud humility. Cusack’s experience as a screenplay writer comes in handy — he rescues what could have been a long tirade, into a series of conversations. The familiar narratives are rehistoricised and de-territorialised, put into new contexts while eschewing the older ones, thus providing a large landscape that refers to state-sponsored genocide, structural reorganisation of nation states, the dying edge of political action, the overwhelming but invisible presence of capital, and the dithering state of social justice that treats human beings like things. Cusack, identifying the poetic genius of Roy, gives her centre stage, making her the voice in command.

Roy, for her part, seems to have enjoyed this moment in the soapbox — something that she has been doing quite effectively and provocatively to a national and global audience — and gives it her all. There are moments when the text feels indulgent, when the voice feels a little relentless, when the almost schizophrenic global and historical references become a litany of mixed-up events that might have required further nuance and deeper interpretation. However, the whimsical style of Roy’s narrative, with her sense of what is right, and her demeanour that remains friendly, curious and disarming, saves the text from being heavy handed, even when it does dissolve into cloying poignancy and makes you pause, just so that you can breathe.

Surprisingly, it is the second part of the book, where the two encounter Edward Snowden along with Daniel Ellsberg, the “Snowden of the 1960s” who had leaked the Pentagon papers, that falters. Snowden had jocularly mentioned that Roy was there to “radicalise him”. She does that, but in a way that doesn’t give us anything more than what we already know. While Cusack and Roy were committed to getting to know Snowden beyond his systems-man image, there wasn’t much that they could uncover, either in dialogue or in discourse, that could have told us more, endeared us further to possibly the most over-exposed person in recent times. However, one realises that the genius of the narrative is actually in reminding us how transparent Edward Snowden has become to us. We know all kinds of things about this young man — from his girlfriends past to his actions future, from his values and convictions to his opinion on the NSA watching people’s naked pictures — and yet, what has been missing in the Snowden files, has been the larger arc of global politics, social reordering, and perhaps, a glimpse of the post-nation future that Snowden might have seen in his act of whistleblowing that is going to remain the landmark moment that defines the rest of this century.

Once you have gotten over the fact that this is not a book about Snowden, the expectations are better tailored for what is to come, and suddenly, the long prelude to the meeting falls into place. Snowden matches Roy and Cusack in whimsy, irony, political conviction, and the sacred faith in human values that make you want to give them all a fierce hug of hesitant reassurance. What Snowden says, what Roy and Cusack make of it, and how they leave us, almost abruptly at the end, breathless, unnerved, and severely conflicted about some of the 20th century structures like society, activism, nation states, governance, communication, technologies, sharing and caring is what the book has to be read for. The tight screen-writing skills of Cusack meet the perfect timing of Roy’s prose, and all of it becomes surreal, futuristic and indelibly real when it gets anchored on the physical presence of Snowden, who, in exile, talks achingly of the home that has thrown him out and the home that he can never really call his own.

And while there are lapses — fragments, translations and evocations which might have needed more explanations to have their pedagogic intent shine through — there is no denying that, in all its flaws, much like the narrators, the book manages to first immerse you in the cold shock of a sobering reality, clearly positioning the apocalypse as the now, and then drags you out and wraps you up in a warm blanket, opening up forms of critique, formats of intervention, and functions of political commitment towards saying things that have and have not been said. The book should have, perhaps, been titled what could, would, should have been said, but can’t, won’t, shan’t be said — not because of anything else, but because it seems futile.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-nishant-shah-august-6-2016-book-review-apocalypse-now-redux

Bolstering right to remain private

praskrishna — 2012-10-29T09:00:13Z

The Justice AP Shah panel has done to well to lay down an enforceable roadmap that can strengthen privacy laws in the country. It’s now for the legislature to take the issue to a logical conclusion.

Apar Gupta's column was published in the Pioneer on October 29, 2012.

A haveli courtyard is an apt metaphor for the complexity which is involved in drafting a law on privacy. Though the courtyard gives an appearance of openness, it is limited by the walls, doors and windows which surround it. The architecture represents a mediated understanding of the options which are available to the resident in sharing and limiting information to family and strangers. A somewhat similar project is in the works with the Union Government taking steps towards the enactment of a privacy law.

Privacy law as it is understood at present is usually limited to the odd writ petition filed against the Government by a private individual seeking enforcement of a fundamental right to privacy. Recently, such adjudication has been limited to high-profile individuals, and where there is wide voyeuristic interest. For instance, two recent petitioners include industrialist Ratan Tata and former Samajwadi Party leader Amar Singh. Here, it is important to stress that with the state gathering more and more data about individuals through the Unique Identification Authority of India scheme, there is a need to democratise the right by making legal provisions for its enforcement. In making such provisions a balance has to be maintained, where information which serves public interest or gathered through informed consent is not encumbered in the name of protecting individual privacy.

To find this balance, the Government late last year tasked a Committee of Experts chaired by Justice AP Shah to prepare a report on the Privacy Bill. Readers would recall that Justice Shah had authored a judgement which read down Section 377 of the Indian Penal Code, decriminalising homosexual activity. A closer reading of the judgement shows the reliance placed by the court on the privacy right and to reach its determination. With such credentials, the Justice Shah Committee has exceeded the high expectations placed on it, presenting a fair and balanced approach towards a privacy law in India.

At the very outset the report clearly marks its objectives, from which it then commences to study judicial precedent on privacy as well as the experience of foreign jurisdictions. On the basis of this study, it has evolved nine privacy principles which encompass within it distinct aspects of individual privacy. Such a nuanced approach to privacy is certainly welcome given that privacy as a right is often subjective, varying drastically in its appreciation as per civil society, private industry and even Government itself.

Beyond the specific aspects of the privacy right, the report extends the right both to Government as well as private industry. This is a sign of the times, best put by Pranesh Prakash, policy director, Centre for Internet and Society, when he says that citizens reveal more data about themselves to social networking websites than they would to the Government under torture!

Another significant aspect is the proposed co-regulatory regime which the report suggests. And, experience has taught us that a right without an effective remedy to enforce it counts for a little more than a black letter on paper. In this respect, the report proposes a sectoral regulator which has supervision over State level privacy commissioners. In addition to this, the report also proposes a system of self-regulation where industry-specific standards may be proposed and then sanctioned by the privacy commissioners. However, contrary to the present approach of tribunalisation, the report suggests that recourse to civil courts for aggrieved persons should always be kept open.

Though the origins of the privacy rights may be antiquated, widespread consensus suggests that the modern practice and substance of privacy law owes its beginning to an article published in the fourth volume of the Harvard Law Review. The article, authored by Louis Brandeis and Samuel Warren drawing a physical justification for what seemed like a novelty back then, stated that the law regarded a man’s house as his castle.

Sadly, the right has not seen a proper development in India, mainly due to the absence of an overarching legislation as well as a lack of understanding of its proper contours. At least in this respect, the report marks a significant development in the drafting of a comprehensive privacy legislation in India. A haveli, a house or a castle — the Justice Shah panel has provided a useful blueprint to the legislature to build an effective and balanced statute to safeguard individual privacy.

(The writer is a partner in a Delhi-based law firm and visiting faculty at the National Law University, Delhi)

For more details visit https://cis-india.org/news/daily-pioneer-columnists-oct-29-2012-apar-gupta-bolstering-right-to-remain-private

Bloggers' Rights Subordinated to Rights of Expression: Cyber Law Expert

elonnai — 2012-03-21T09:35:06Z

Vijayashankar, an eminent cyber law expert answers Elonnai Hickok’s questions on bloggers' rights, freedom of expression and privacy in this e-mail interview conducted on May 19, 2011.

A set of rules relating to regulation of the Internet (mentioned in section 79 of the ITAA, 2008) was released in April 2011. In light of the rules framed under the IT Act, and as part of our research on privacy and Internet users, we have been looking into questions surrounding bloggers’ rights, freedom of expression, and privacy.

The new rules require among other things that intermediaries take down any content that could be considered disparaging. In practice, these rules will act to limit the ability of individuals to express their opinions on the Internet — especially for the bloggers. Though these requirements seem to only impact the freedom of expression of bloggers, a blogger’s privacy rights, especially in relation to the protection of their identity, are also pulled into question. Other issues surrounding bloggers’ rights and privacy include: if bloggers are identified as journalists, then whether they should be afforded the same protections and privileges, e.g., should bloggers have the right to free political speech and should intermediaries have freedom from liability for hosting speech or others’ comments? Are bloggers allowed to publish material that is under copyright on their website?

On May 19, 2011, through e-mail, I had the opportunity to interview Vijayashankar, an expert in cyber law, on issues regarding the rights of bloggers freedom of expression, and privacy. Vijayashankar has authored multiple books on cyber law, taught in many universities, and is an active leader of the Netizen movement in India. Below is a summary of the questions I posed to Vijayashankar and his responses.

I began the interview by trying to understand bloggers’ rights and how they are defined. Often the term 'bloggers' rights is used casually, but it is important to understand the different roles that a blogger plays in order to understand what his/her rights are, how they could be violated, and how they could be protected. Vijayashankar explained that a blog is comprised of two parties: a blogger and an intermediary – which is the application host. Bloggers have many different roles: authors, editors, or publishers of content, and thus, a blogger’s rights should be defined within these contexts. As authors, bloggers write their own article/blog or adds comments to others’ blogs. As such, they should have the freedom to express their thoughts and opinions and determine a level of privacy with which to maintain them, without regulation or censorship from a third party. Though the freedom of expression and privacy should be basic rights for blog authors, bloggers must also be held accountable and responsible for the content that they choose to make public by posting on accessible web pages.

The need for a blogger to be held responsible and accountable is similar to the limitation on speech that informs defamation law, and it means that a blogger cannot be entirely anonymous – at least not once a blog is public and is challenged. Thus, accountability must limit the right to be entirely private and anonymous. Though a blogger should be held accountable, the international implications give rise to thorny issues of jurisdiction and accountability under unforeseen laws: all of which raises the question whether, instead of local jurisdictions seeking to enforce their laws against potentially out-of-the-jurisdiction bloggers, an international third party should be entrusted with the responsibility of holding bloggers accountable and responsible – whether that takes the form of an organization like the WTO or WIPO or looks more like specially trained international arbitrators.

This challenge arises because bloggers live in different jurisdictions where different rules apply, but their opinions cross multiple borders and boundaries. This raises questions such as: Which jurisdictional law should the blogger be accountable to? Should a blogger be held responsible for actions that are considered violations in a jurisdiction in which a blog is read, even if those actions are not violations in the jurisdiction in which it is written? And if a blogger is to be held responsible, who should hold him responsible – the country where the action is considered a violation or his own country – and where does a private party have a cause of action? According to Vijayashankar, blogger’s rights’ are always subordinated to the rights of expression guaranteed to the blogger in his country where he is a citizen.

Furthermore, the rights of a blogger have to be seen in the context of who has the "cause of action" against blog writing, i.e., which party involved has the right to complain. If an individual is a victim of a blog, and that individual is a citizen of another country and is guaranteed certain rights, the blogger's rights cannot override the rights of the victim in his own country. Hence, the victim has the right to invoke law enforcement in his country, and the law enforcement agencies do have a right to seek information from the blogger. If, however, a citizen brings a private civil action against a blogger, the discovery limitations are much more severe across boundaries, and the blogger’s national policy on responding to discovery from other countries will determine the extent to which information from the blogger will be made available. To the extent that the impact of a blogger’s expression reaches across boundaries, his actions should be considered similar to a situation where a citizen of one country does certain things which affect the rights enjoyed by a citizen of another country. It does not seem right that a blogger can say something offensive in one jurisdiction and be held liable, but a different blogger can say the same thing from another jurisdiction and be protected. On the one hand, since the Internet as a medium broadcasts across geographical boundaries, it is the responsibility of the individual countries to erect their "cyber boundaries" if they do not want the broadcast to reach their citizens. On the other, individuals should be able to invoke international laws to seek consistent application of standards about what is actionable and what information is discoverable in support of an action. This suggests that an international tribunal might be the best solution.

Other questions to think about when exploring the idea of a trusted third party holding online bloggers accountable include: who would form the third party, what legal authority/power would they have, would this group also be in charge of reviewing a country’s "cyber boundaries" in addition to holding online bloggers accountable? and how would it avoid being influenced by any one government or by other stakeholders?

Next I asked him for examples of common privacy violations that happen to online users. A few he said included identity theft in the form of phishing, which leads to financial frauds, and is one of the most dangerous consequences of privacy breach. Other examples included manipulation of online profiles in social networking sites to cause annoyance, defamation, and coercion; cyber squatting with content which can be misleading; posting of obscene pictures with or without morphing of victim’s photographs to other obscene photographs/pictures; and SPAM – particularly through mobile phones – are all serious forms of privacy violations.

My third question focused on privacy violations and bloggers. How could a blogger’s rights be compromised, especially with a focus on privacy? For bloggers, is privacy important simply to protect their identity and content, or are there other implications for privacy and bloggers? In our research we have looked into ways in which practices such as data retention by ISPs, government/law enforcements’ access to web content including private conversations, and poorly established user control over privacy settings on websites can violate online users’ privacy. According to Vijayashankar, a blogger is mainly concerned about privacy in the context of protecting his identity. It is important for bloggers to protect their identity because the content they create could be considered controversial or illegal in different regions. Thus, it is critical for bloggers to have the right to blog anonymously. An exception to this right is that if the blog is so offensive then the law enforcement agency can take action. In some countries individuals also can sue bloggers. To help protect bloggers from unreasonable and ungrounded searches, Vijayashankar suggested that a mechanism be created by which international and domestic law enforcement agencies can request 'sensitive' information. This mechanism would work to filter and evaluate requests for information without bias, and according to a country’s law own domestic law.

I then asked him what legal protections he felt bloggers needed. He said that he believes that it is important that bloggers and online users’ right to anonymity, protection of identity and freedom of expression (political and non-political) are protected from excessive regulations. An interesting point that he raised was about the protection of bloggers from international requests for information. According to –him — bloggers can be protected only to the extent to which their rights are protected in their own country. If a request for information comes to a law enforcement agency of a country of which the blogger is a citizen, information may need to be released unless an “asylum” has been granted.

An example of the situation Vijayashankar is referring to is that if a blogger in India writes content that is found to be controversial by the U.S Government; the U.S Government then has a right to request and access that information, unless the Indian Government provides protection over the citizen and the information and refuses to release it. Though right to information requests tend to be governmental, this rule changes if it is a citizen requesting information. Very rarely can a citizen of one country request information about a blogger from another country and gain access. The question of international discovery over Internet material is one that has many angles that need to be taken into consideration – a few being: what the content on the blog contained; was the content against an individual or a government; who is requesting the information — a citizen or the government, and whom are they requesting the information from? For example, in the US Supreme Court case, Calder vs. Jones 465 U.S. 783 (1984), information about a woman, Shirley Jones, was published in another state, but the court ruled that the wrongful action was directed to her where she was.

A large part of the debate over bloggers’ rights is centered on governments’ need to monitor online activity. Developments such as the new rules to the IT Act, the Indian Government’s request for blackberry’s encryption keys, and the news about the government wiretapping citizens’ phones show that the Government of India is demanding access to see and regulate content created by online users in India. When asked about bloggers’ rights and government access to content, Vijayashankar stressed that there has to be a mechanism to check the requests from government agencies, and any such mechanism should have popular representation. He went on to explain that presently an order for the blocking of a blog or for private information is made by a government agency or a court. Unfortunately, government agencies may be responsive to certain interests. Likewise, decisions of conventional courts can be inconsistent. Therefore, it is important that a mechanism that reflects the common person’s input is put in place. This could either be a stand-alone private body, such as Netizen Protection Agency, acting as one more layer of protection, or the government body itself could build in adequate public representation. Courts would need to recognize such bodies and seek their opinion as an input to any dispute. This is an innovative option, but one that is a radical departure from the view of a court as an impartial tribunal that is supposed to weigh every matter independently on its merits.

Lastly, I asked if a privacy legislation could address the issue at hand i.e., could a privacy legislation work to protect bloggers’ rights by providing them identity protection and protection of their content and in general what should be included in a comprehensive privacy legislation? Though India already addresses bloggers’ rights through the Information Technology Act, it could be possible that privacy legislation could establish a third party group to work to protect bloggers’ rights and hold both governments and bloggers’ accountable. When asked what should be included in a comprehensive privacy legislation, Vijayashankar suggested that it should recognize that privacy rights of individuals are part of the larger interests of the society, and a comprehensive legislation should work to take all the stakeholders into consideration.

For more details visit https://cis-india.org/internet-governance/blog/privacy/bloggers-rights-and-privacy

Bloggers battle India's supreme court over prosecution for internet threats

sachia — 2011-04-02T16:17:48Z

Article by Randeep Ramesh in the Guardian, 26 February 2009

India's supreme court is facing the wrath of the country's bloggers over the prosecution of a student because of anonymous comments published on a social networking group he created.

The computer science student, named as Ajith D, was arrested over allegations that death threats had been posted on his "anti-Shiv Sena" group on Google's networking site, Orkut. The 20-year-old also faces charges of criminal intimidation and hurting religious sentiments.

The Shiv Sena (Army of Shiv) is a political party that made its name in the 1990s for populist policies that were anti-Muslim and favoured locals over outsiders. Its leader, Bal Thackeray, has been quoted as admiring Hitler.

Mumbai police had been monitoring the site since the Sena staged violent protests against Orkut for carrying anti-party statements, vandalising cybercafes across Mumbai. Officers contacted federal authorities in Delhi before bringing charges.

In response, the lawyer representing the student asked the supreme court to quash the case, saying his client had published nothing provocative. However India's chief justice, KG Balakrishnan, refused the application saying: "We will not do that. Anything that is posted on the internet goes to the public. The internet is open to the world."

The case highlights how India, the world's largest democracy, deals with the thorny issue of freedom of speech on the internet. A law about to arrive on the statute books places the onus for publishing material on the web, not on hosts of the material, such as Google's Orkut service, but on individuals who create blogs and websites.

"The difficulty here is that my client did not make the threats. He simply set up a community group and left it unmoderated," Jogy Scaria, Ajith's lawyer, said. "He only created the anti-Shiv Sena site."

Orkut is one of India's most popular social networking sites and many bloggers vented their fury online. "I am not able to gather how it is possible that bloggers can be hit with libel and criminal suits on the basis of anonymous postings on their websites," wrote one on Ekawaaz-One Voice.

Lawrence Liang, India's foremost authority on freedom of speech on the internet, wrote about the case on Kafila.org.

"When organisations like the Shiv Sena start using defamation laws, it smacks of chutzpah to me … What other way can we describe the bizarre situation of the violence-prone macho men, who suddenly run around screaming about the violation of their legal rights and the slurring of their reputation?"

India's constitution guarantees freedom of expression as long as this does not extend to libel, national security, contempt and a broad category of public morality – which includes "hurting religious sentiments".

Pranesh Prakash of Bangalore's Centre for Internet and Society, a thinktank specialising in web civil rights, said the internet had allowed "everyone to become a publisher but not the awareness of what responsibilities of a publisher. The way the law is dealing with it is highly problematic."

-----

To read the article at the Guardian website, click here.

For more details visit https://cis-india.org/news/bloggers-battle-indias-supreme-court-over-prosecution-for-internet-threats

Blocking Twitter: How Internet Service Providers & telcos were caught between tweets and tall egos

praskrishna — 2012-08-25T07:36:04Z

Long derided as 'dumb pipes' to the Web, Internet service providers (ISPs) are discovering these days that insult is being increasingly followed up by injury.

Joji Thomas Philip and Harsimran Julka's article was published in the Times of India on August 25, 2012. Pranesh Prakash is quoted.

In the fight between netizens who spare no effort at lampooning the powers that be and alarmingly frequent government flashes of rage at comments that can range from the mildly disrespectful to downright defamatory, telcos and ISPs find themselves much like the grass in the age-old Swahili saying "When two elephants fight, it's the grass that suffers".

The latest reminder of the hard place they find themselves in came earlier this week when news first broke that the government had asked for some accounts on social media site Twitter to also be part of websites and Internet pages it wanted blocked by ISPs. The news triggered a wave of outrage across cyberspace, with many users venting their rage at the first entity they associate the web with - their ISP, which in many cases is also their telecom operator.

"We acted immediately to the government's orders, but ended up being targetted and criticised wrongly only because we acted first," explained one official, who sought anonymity for himself and the company to avoid offending bureaucrats.

It's a common feeling. Telcos and ISPs are increasingly finding themselves in a 'Damned if you do, Damned if you don't' predicament these days, having to walk a tightrope between government orders and a restive netizenry.

And government orders can range from the super-urgent to arbitrary to sometimes ill-conceived. Very often, its 'one ban fits all' makes little allowance for differences between social networking sites and regular websites.

Executives in telecom companies recounted the instance when the government on August 18 ordered a ban on bulk SMSes and restricted text messages to five per day as part of efforts to combat the large-scale migration of people of north-eastern origins from other states to their home provinces fearing reprisal attacks.

"Within an hour of the directive, we started getting calls seeking compliance," said a top executive with a leading telco. But as the Centre was demanding compliance reports, operators were busy trying to decipher its notification, which read: "(a) Block bulk SMS (more than 5) for the next 15 days in the entire country across all states/UTs (b) Block bulk MMS (more than 5) and all MMS with attachment more than 25 KB for the next 15 days in the entire country across all states/UTs."

Shoot first, talk later

Telecom operators were nonplussed by the notification. Did it apply only to senders of bulk text messages who use this facility for commercial purposes? Or, did it mean customers could not send SMSes to more than five people simultaneously?

"When we sought clarification, the explanation was completely different and took a new dimension. It was five text messages per day per customer," said the regulatory head of a GSM operator, requesting anonymity as he did not want to offend the government.

Mobile phone companies then approached the department of telecom explaining that they did not have any technology with which they could impose a five SMSes a day limit for postpaid users. "The home and telecom ministries had not even realised that a facility did not exist before issuing the directive," said the marketing head of a leading telco.

In this case, the government accepted the operator's arguments and relented, but still told the companies not to highlight the limitation. "This time around, our arguments were accepted. Going by past instances, some operators had feared that the government would slap a hefty penalty for non-compliance without considering what we had to say," the marketing head said.

Industry officials say the tendency of 'shoot first, talk later' among bureaucrats and ministers long used to having their orders followed, especially when it came to the world of social networking which very few of them had any idea about, meant that it was safer to obey first and correct later.

"We don't even do any application of mind to the government's notices on requests. We wholesale block them. We can't even question the government's requests. A notice is a law in effect. Violation means a potential penalty which can go up to the cancellation of my licence and thus end to my business," said the head of a Delhi-based ISP that serves business users.

Executives with several ISPs and telcos say most often, court orders, government notifications and directives are not in public domain, and these result in angry consumers assuming that their service provider is up to some mischief.

ISPs say public clarifications by the government would go a long way in addressing the issue. "There has to be transparency. The government should have proactively disclosed the names of the websites it wanted blocked. The persons and intermediaries hosting the content should have been notified and provided with 48 hours to respond as required by the IT Act," said Pranesh Prakash of the Centre for Internet and Society, a research organisation.

For more details visit https://cis-india.org/news/times-of-india-aug-25-2012-blocking-twitter

Blocked websites: Where India flawed

praskrishna — 2012-08-27T03:00:16Z

Apart from not giving 48 hours response time, the Indian government has blocked some websites which don't exist or don't have web addresses, says an analyst.

Published in CIOL on August 23, 2012. Pranesh Prakash's analysis is quoted.

India is threatening to block Twitter as the latter has allegedly failed to respond to the government's order to remove some inflammatory posts.

That has come to light as it is being widely covered in media, but there are hundreds of websites which have already been shut, apparently without due notice to the owners.

Apart from Facebook, Twitter and YouTube accounts, the blocked websites include which are sympathetic to Hindu and Muslim radical groups.

In an analysis of 309 websites blocked in the wake of exodus of North eastern people from Bangalore, Pranesh Prakash of the Centre for Internet and Society (CIS), says the government has blocked these sites under the Information Technology Act, but it failed to provide the mandatory 48 hours to respond (under Rule 8 of the Information Technology Procedure and Safeguards for Blocking for Access of Information by Public, Rules 2009).

He writes in his post: "The persons and intermediaries hosting the content should have been notified. Even if the emergency provision (Rule 9) was used, the block issued on August 18, 2012, should have been introduced before the "Committee for Examination of Request" by August 20, 2012 (within 48 hours), and that committee should have notified the persons and intermediaries hosting the content.

Internet censorship is acceptable as long as it is in the purview of the law and doesn't encroach one's freedom. In this case, some people and posts debunking rumours have been blocked, says Pranesh.

He points to some discrepancies in the way the websites are blocked:

Some of the items are not even web addresses (e.g., a few HTML img tags were included). Some of the items they have tried to block do not even exist (e.g., one of the Wikipedia URLs).
An entire domain was blocked on Sunday, and a single post on that domain was blocked on Monday.
For some YouTube videos, the 'base' URL of YouTube videos is blocked, but for other the URL with various parameters (like the "&related=" parameter) is blocked. That means that even nominally 'blocked' videos will be freely accessible.

He concludes: "All in all, it is clear that the list was not compiled with sufficient care."

For more details visit https://cis-india.org/news/www-ciol-com-aug-23-2012-blocked-websites