We are anonymous, we are legion

A Large Byte of Your Life

nishant — 2016-06-05T03:35:34Z

With the digital, memory becomes equated with storage. We commit to storage to free ourselves from remembering.

The article was published in Indian Express on April 3, 2016.

This is the story of a broken Kindle. A friend sent a message to a WhatsApp group that I belong to that she is mourning the loss of her second-generation Kindle, that she bought in 2012, and since then had been her regular companion. It is not the story of hardware malfunction or a device just giving up. Instead, it is a story of how quickly we forget the old technologies which were once new. The friend, on her Easter holiday, was visiting her sister, who has a six-year-old daughter.

This young one, a true digital native, living her life surrounded by smart screens, tablets, phones, and laptops, instinctively loves all digital devices and plays with them. In her wanderings through her aunt’s things, she came across the old Kindle — unsmart, without a touch interface, studded with keys, not connected to any WiFi, and rendered in greyscale. It was an unfamiliar device. But with all the assurance of somebody who can deal with digital devices, she took it in her hands to play with it.

Much to her dismay, none of the regular modes of operation worked. The old Kindle did not have a touch screen operated lock. It wasn’t responding to scroll, swipe and pinch. It had no voice command functions. As she continued to cajole it to come to life, it only stared at her, a lock on the digital interface, refusing to budge to the learned demands and commands of the new user. After about 20 minutes of trying to wake the Kindle up, she became frustrated with it and banged it harshly on the table, where it cracked, the screen blanked out and that was the end of the story.

Or rather, it is the beginning of one. As my friend registered the loss of her clunky, clumsy, heavy, non-intuitive Kindle, and messages of grief poured in, with the condolence that the new ones are so much better and the assurances that at least all her books are safe on the Amazon cloud, I see in this tale, the quest of newness that the digital always has to offer.

If it has missed your attention, the digital is always new. Our phones get discarded every few seasons, even as phone companies release new models every few months. Our operating systems are constantly sending us notifications that they need to be updated. Our apps operate in stealth mode, continuingly adding updates where bugs are fixed and features are added. Most of us wouldn’t know what to do if we were faced with a computer that doesn’t “heal”, “backup” or “restore” itself. If our lives were to be transferred back to dumb phones, or if we had to deal with devices that do not strive to learn and read us, it might lead to some severe anxiety.

The newness that the digital offers is also found in our socially mediated lives. Our digital memories are short-lived — relationships rise and fall in the span of days as location-based dating apps offer an infinite range of options to choose your customised partner; celebrities are made and unmade overnight as clicks lead to viral growth and then disappear to be replaced by the next new thing; communities find droves of subscribers, only to become a den of lurkers where nothing happens; must-have apps find themselves discarded as trends shift and new must-haves crop up overnight. Breathless, bountiful and boundless, the digital keeps us constantly running, just to be in the same place, always the same and yet, always new.

We would be hard pressed to remember that magical moment when we first discovered a digital object. For millennials, the digital is such a natural part of their native learning environments that they do not even register the first encounter or the subsequent shifts as they navigate across the connected world. Increasingly, we tune ourselves to the temporality and the acceleration of the digital, tailoring our memories to what is important, what is now, and what is immediately of use, excluding everything else and dropping it into digital storage, assured in our godlike capacities to archive everything.

This affordance of short digital memories is enabled partly by the fact that we are subject to information overload, but partly also to the fact that our machines can now remember, more accurately and more robustly than the paltry human, prone to error and forgetfulness. With the digital, memory becomes equated with storage, and the more we commit to storage, the more we free ourselves from the task of remembering.

The broken Kindle is a testimony not only to the ways in which we discard old devices but also our older forms of individual and collective memory — quickly doing away with information that is not of the now, that is not urgent, and that does not have immediate use value. My friend’s Kindle got replaced in two days. All her books were re-loaded and she was set to go. However, as she told me in a chat, she is not going to throw away her old broken Kindle. Because she wants to remember it — remember the joy of reading her favourite books on it. She is scared that if she throws it away, she might forget.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-april-3-2016-nishant-shah-a-large-byte-of-your-life

Mapping MAG: A study in Institutional Isomorphism

jyoti — 2017-03-03T00:59:48Z

The paper is an update to a shorter piece of MAG analysis that had been conducted in July 2015. At that time our analysis was limited by the MAG membership data that was made available by the Secretariat. Subsequently we wrote to the Secretariat and this paper is based on the data shared by them including for the years for which membership details were previously not available.

This paper that delves into the history of the formation of the Multi-Stakeholder Advisory Group (MAG) and the Internet Governance Forum (IGF) including the lessons from the past that should be applied in strengthening its present structure. The paper covers three broad areas:

History of the formation of the MAG, its role within the IGF structure, influences that have impinged on its scope of work, manner in which its evolution has deviated from conceptualization
Analysis of MAG membership (2006-2015): Trends in the selection and rotation of the MAG membership
Recommendations to reform MAG/IGF

Jyoti Panday^[1]

The recent renewal of the Internet Governance Forum^[2] (IGF) mandate at the World Summit on the Information Society (WSIS)+10 High-Level Meeting^[3] was something of a missed opportunity. The discussions unerringly focused on the periphery of the problem - the renewal of the mandate, leaving aside questions of vital importance such as strengthening and improving the structures and processes associated with the IGF. The creation of the IGF as a forum for governments and other stakeholders to discuss policy and governance issues related to Internet was a watershed moment in the history of the Internet.

In the first decade of its existence the IGF has proven to be a valuable platform for policy debates, a space that fosters cooperation by allowing stakeholders to self-organise to address common areas of concern. But the IGF rests at being a platform for multistakeholder dialogue and is yet to realise its potential as per its mandate to “find solutions to the issues arising from the use and misuse of the Internet” as well as “identify emerging issues […] and, where appropriate, make recommendations”.^[4]

From the information available in the public domain, it is evident that the IGF is not crafting solutions and recommendations or setting the agenda on emerging issues. Even if unintended, this raises the disturbing possibility that alternative processes and forums are filling the vacuum created by the unrealised IGF mandate and helming policy development and agenda setting on Internet use and access worldwide. This sits uneasily with the fact that currently there is no global arrangement that serves or could be developed as an institutional home for global internet governance issues.

Moreover, the economic importance of the internet as well as its impact on national security, human rights and global politics has created a wide range of actors who seek to exert their influence over its governance. Given the lack of a global centralized body with authority to enforce norms and standards across political and functional boundaries, control of internet is an important challenge for both developed and emerging economies. As the infrastructure over which the internet runs is governed by nation states and their laws, national governments continue to seek to exert their influence on global issues.

Divergence of approaches to regulation and differences in capacity to engage in processes, has led to fragmentation of approaches to common challenges.^[5] Importantly, not all governments are democratic and may exert restrictions on content and access that conflict with the open and global nature of the internet. Alongside national governments, transnational private corporations play a critical role in security and stability of the internet. Much like the state, they too raise the niggling question of how to guard against the guardians.

Corporations control of sensitive information, their institutional identity, secrecy of operations: all are essential to their functioning but could also erode the practice of democratic governance, and the rights and liberties of users online. Additionally, as issues of human rights, access and local content have become interlinked with public policy issues civil society and academia have become relevant to traditionally closed policy spaces. Considering the variety of stakeholders and their competing interests, concerns about ensuring stability and security of the Internet have led the international community to pursue a range of governance initiatives.

Implementing a Multistakeholder Approach

At the broadest level debates about the appropriate way forward has evolved as a contestation between the choice of two models. On the one hand is the state-centric ‘multilateral’ model of participation, and on the other a ‘multistakeholder’ approach that aims for bottom up participation by all affected stakeholders. The multistakeholder approach sees resonance across several quarters^[6] including a high level endorsement from the Indian government last year.^[7] An innovative concept, a multistakeholder approach fits well within the wider debate about rethinking governance in a globalized world.

Proponents of the multistakeholder approach see it as a democratic process that allows for a variety of views to be included in decision making.^[8] Nevertheless, the intertwining of the Internet and society pitches actors and interests at opposing ends. While a multistakeholder approach broadens the scope for participation, it also raises serious issues of representation and accountability. Since multistakeholder processes fall outside the traditional paradigm of governance, establishing legitimacy of processes and structures becomes all the more important.

The multistakeholder concept is only beginning to be critically studied or evaluated. There have been growing concerns, particularly, from emerging economies^[9] of a lack of representation in policy development bodies and that issues affecting marginalised communities being overlooked in policy development process. From this view, the multistakeholder model has created ‘transnational and semi privatized’ structures and ‘transnational elites’.^[10] Such critics define emerging and existing platforms derived from the multistakeholder concept as ‘an embryonic form of transnational democracy’ that are occupied by elite actors.^[11]

Elite actors may include the state, private and civil society organisations, technical and academic communities and intergovernmental institutions. In the context thus sketched out, the key question that the WSIS+10 Review should have addressed is whether the IGF provides the space for the development of institutions and solutions that are capable of responding to the challenges of applying the multistakeholder concept to internet governance. The existing body of work on the role of the IGF has yet to identify, let alone come to terms with, this problem.

Applying critical perspectives examining essential structures and processes associated with the IGF becomes even more relevant given its recently renewed mandate. However, already the forum’s first planning meeting scheduled to take place in Geneva this week is already mired in controversy^[12] after a new Chair was named by the UN Secretary General.

The decision for appointing a new Chair was made without any form of public process, or any indication on the selection criteria. Moreover, the "multistakeholder advisory group" (MAG), which decides the content and substance of the forum, membership was also renewed recently. Problematically most of the nominations put forth by different constituent groups to represent them were rejected and individuals were appointed through a parallel top-down and secretive UN process. Of the 55 MAG members, 21 are new but only eight were officially selected by their respective groups.^[13]

This paper focuses on the role of the MAG structure and functioning and highlights issues and challenges in its working so as to pave the way for strategic thinking on its improvement. A tentative beginning towards identifying what the levers for change can be made by sifting through the eddies of history to uncover how the MAG has evolved and become politicised.

The paper makes two separate, but interrelated claims: first, it argues that as the de-facto bureau essential to the functioning of the IGF, there is an urgent need to introduce transparency and accountability in the selection procedure of the MAG members. Striking an optimum balance between expertise and legitimacy in the MAG composition is essential to ensure that workshops and sessions are not dominated by certain groups or interests and that the IGF remains an open, well-functioning circuit of information and robust debate.

Second, it argues for immediate evaluation of MAG’s operations given the calls for the production of tangible outcomes. There has been on-going discussion within the broader community about the role of the IGF with divisions between those who prefer a narrow interpretation of its mandate, while others who want to broaden its scope to provide policy recommendations and solutions.^[14]

The interpretation of the IGF mandate and whether the IGF should make recommendations has been a sticking point and is closely linked to the question of IGF’s legitimacy and relevance. Be that as it may, the intersessional work, best practices forum and dynamic coalitions over the last ten years have led to the creation of a vast repository of information that should feed into the pursuit of policy options and identification of best practices.

The true test of the multistakeholder model is not only to bring together wide range of views but to also ensure that accumulated knowledge is applied to address common problems. Implementing a multistakeholder approach and developing solutions necessitates enhanced coordination amongst stakeholder groups and in the context of the IGF, is contingent on the strength and stability of the MAG to be able to facilitate such cooperation.

The paper is organised in three parts: in the first section I delve into the history of the formation of the MAG. To understand the MAG’s role within the IGF structure it is essential to revisit the influences that shaped its conceptualisation and subsequent evolution over the decade. A critical historical perspective provides the context of the multiple considerations that have impinged on MAG’s scope of work, of the manner in which MAG’s evolution has deviated from intentions, and the lessons from the past that should be applied in strengthening its present structure.

The second section analyses trends in the selection and rotation of the MAG membership and traces out the elite elements in the composition of the MAG. The analysis reveals two distinct stages in the evolution of the MAG membership which has remained significantly homogeneous across stakeholder representation. The final section of the paper focuses on a set of recommendations to ensure that the MAG is strengthened, becomes sustainable and provides the impetus for IGF reform in the future.

Origins of the IGF

The WSIS process was divided in two phases, the Geneva phase focused on principles of internet governance. The outcome documents of the first phase included a Declaration of Principles and a Plan of Action being adopted by 175 countries. Throughout the process, developing countries such as China, Brazil and Pakistan opposed the prevailing regime that allowed US dominance and control of ‘critical infrastructure’. As the first phase of the WSIS could not resolve these differences the Working Group on Internet Governance (WGIG) was set up by the UN Secretary General to deliberate and report on the issues.

The establishment of the WGIG is an important development in the WSIS process not only because of the recommendations it developed to feed into the second phase of the negotiations, but also because of the procedural legitimacy the WGIG established through its working. The WGIG embodied the multistakeholder principle in its membership and open consultation processes. WGIG members were selected and appointed in their personal capacity through an open and consultative process. As a result the membership demonstrated diversity in the geography, stakeholder groups represented and gender demographics.

The consultations were open, transparent and allowed for a diverse range of views in the form of oral and written submissions from the public to feed into the policy process. At its final meeting the WGIG membership divided into smaller working groups to focus on specific issues, and reassembled at the plenary to review, discuss and consolidate sections which were then approved in a public forum. As the WGIG background paper notes “The WGIG agreed that transparency was another key ingredient to ensure ownership of the process among all stakeholders.”^[15]

The WGIG final report^[16] identified a vacuum within the context of existing structures and called for the establishment of a forum linked to the UN. The forum was to be modelled on the best practices and open format of the WGIG consultative processes allowing for the participation of diverse stakeholders to engage on an equal footing. It was in this context that the IGF was first conceptualised as a space for global multistakeholder ‘dialogue’ which would interface with intergovernmental bodies and other institutions on matters relevant to Internet governance.

The forum was conceived as a body that would connect different stakeholders involved in the management of the internet, as well as contribute to capacity-building for governance for developing countries drawing on local sources of knowledge and expertise. Importantly, the forum was to promote and assess on an ongoing basis the embodiment of WSIS principles in Internet governance processes and make recommendations’ and ‘proposals for action’ addressing emerging and existing issues not being dealt with elsewhere. However, as things turned out the exercises of power between states and institutional arrangements ultimately led to the development of a subtly altered version of the original IGF mandate.

Aftermath of the WGIG Report

The WGIG report garnered much attention and was welcomed by most stakeholders with the exception of the US government which along with private sector representatives such as Coordinating Committee of Business Interlocutors (CCBI) disagreed with the recommendations.^[17] Pre-empting the publication of the report, the National Telecommunications and Information Administration (NTIA) issued a statement in June 2005 affirming its resolve to “maintain its historic role in authorizing changes or modifications to the authoritative root zone file.”^[18]

The statement reiterated US government’s intention to fight for the preservation of the status quo, effectively ruling out the four alternative models for internet governance put forward in the WGIG report. The statement even referenced the WGIG report stating, “Dialogue related to Internet governance should continue in relevant multiple fora. Given the breadth of topics potentially encompassed under the rubric of Internet governance there is no one venue to appropriately address the subject in its entirety.”^[19]

The final report was presented to PrepCom 3 of the second phase in July 2005 and the subsequent negotiations were by far, the most significant in the context of the role and structure that the IGF would take in the future. US stance on its role with regard to the root zone garnered pushback from both civil society and other governments including Russia, Brazil, Iran and China. However the most significant reaction to US stance came from the European Union issuing a statement after the commencement of PrepCom 3 in September.

EU’s position recognised that adjustments were needed in institutional arrangements for internet governance and called for a new model for international cooperation which would include “the development and application of globally applicable public policy principles.”^[20] the US had not preempted this “shocking and profound change” and now isolated in its position on international governance of the internet, and it sent forth a strongly worded letter^[21] invoking its long-standing relationship and urging the EU to reconsider its stance.

The pressure worked since the US was in a strong position to stymie the achievement of a resolution from WSIS process. Moreover, introducing reforms to the internet naming and numbering arrangements was not possible without US cooperation. The letter resulted in EU going back on its aggressive stance and with it, the push for the establishment of global policy oversight over the domain names and numbers lost its momentum.

The letter significantly impacted the WSIS negotiations and shaped the role of the IGF. By creating a deadlock and by applying pressure US was able to negotiate a favourable outcomes for itself. The last minute negotiations led to the status quo continuing and in exchange the US provided an undertaking that it would not interfere with other countries’ ccTLDs. The weakened mandate meant that even though creation of the IGF under the WSIS process moved forward the direction changed from its conceptualisation and origins from the WGIG report.

Institutionalizing the IGF

In 2006, the UN Secretary General appointed Markus Kummer to assist with the establishment of the IGF. The newly formed IGF Secretariat initiated an open consultation to be held in Geneva in and issued an open call to stakeholders seeking written submissions as inputs into the consultation.^[22] Notably neither the US government nor the EU sent in a response to the consultation and submissions made by other stakeholders were largely a repetition of the views expressed at WSIS.

The division on the mandate of IGF was evident in this very first consultation. Private sector representatives such as the CCBI and ICC-Basis, government representatives from OECD countries like Canada and the technical community represented by likes of Nominet and ISOC^[23] opposed the development of the IGF as platform for policy development. On the other hand, civil society representatives such as APC called for the IGF to produce specific recommendations on issues where there is sufficient consensus.^[24]

With reference to the MAG structure, again there was division on whether the “effective and cost-efficient bureau” referred to in the Tunis Agenda should have a narrow mandate limited to setting the agenda for plenary meetings or if it should have a more substantial role. Civil society stakeholders envisioned assigning the bureau a more substantial role and notably the Internet Governance Project (IGP) discussion paper released in advance of the February 2006 Geneva consultations.^[25]

The paper offered design criteria for the Forum including specific organizational structures and processes proposing “a small, quasi-representational decision making structure” for the IGF Bureau.^[26] The paper recommended formation of twelve member bureau with five representatives from governments (from each UN geographic region) and two each from private sector civil society academic and technical communities. The bureau would set the agenda for the plenary meeting not arbitrarily through private discussions, but driven by working group proposals and it would also have the power to approve or reject applications for forming working groups.

The proposed structure in the IGP paper had it been implemented would have developed the bureau along the lines of the IETF where the working groups would develop recommendations which would feed into the deliberation process. However, there was a clear divide on the proposed structure with many stakeholders opposing the establishment of sub-groups or committees under the IGF.^[27]

Following the written submissions the first open consultations on the establishment of the IGF were held in Geneva on 16 and 17 February 2006, and were chaired by Nitin Desai.^[28] The consultation was well attended with more than 300 participants including 40 representatives from governments and the proceedings were webcast. Further, the two-day consultation was structured as a moderated roundtable event at which most interventions were read from prepared statements, many of which were also tabled as documents and later made available from the IGF Web site. This ofcourse meant that there was a repetition of the views expressed in response to the questionnaire or the WGIG report and as a consequence, there was little opportunity for consensus-building.

Once again there was conflict on whether the IGF should be conceptualised as annual ‘event’ that would provide space for policy dialogue or a ‘process’ of engaging with policy issues which would culminate in an annual event. The CCBI reiterated that “[t]he Tunis Agenda is clear that the IGF does not have decision-making or policy-making authority,” and the NRO emphasised that the “IGF must be a multi-stakeholder forum without decision-making attributions.”^[29]

William Drake argued for the IGF “as a process, not as a series of one-off meetings, but as a process that would promote collective dialogue, learning, and mutual understanding on an ongoing basis.”^[30] Government representatives were split for example see El Salvador statement “that the Internet Governance Forum will come up with recommendations built on consensus on specific issues,” and Brazil even characterised the first meeting as “an excellent opportunity to initiate negotiations on a framework treaty to deal with international Internet public policy issues.”^[31]

Although a broad consensus was declared on need for a lightweight multi-stakeholder bureau there was no consensus on its size, composition and the mandate of this bureau. Nitin Desai held the issue for further written input and the subsequent consultation received twelve submissions with most respondents recommended a body of ten and twenty five members. The notable exceptions were submissions from the Group of 77 and China that sought a combined total of forty members half of which would be governmental representatives.

The discussions during the February consultations and the input received from the written submissions paved the way for what eventually became the MAG. The IGF Secretariat announced the formation of a bureau with forty members and while not expressly stated, half of these would be governmental representatives. It has been speculated that the large membership decision was a result of political wrangling among governments, especially the G77 governments insisting on large group that would accommodate all the political and regional differences among its members.^[32]

IGF Secretariat - Set to Fail?

The unwieldy size of the MAG meant that it would have to rely on the newly constituted Secretariat for organization, agenda-setting, and results. This structure empowered the Secretariat while limiting the scope of the MAG, a group that was already divided in its interests and agenda. However, the Secretariat was restrained in its services to stakeholders as it had limited resources since it was not funded by the United Nations and relied upon voluntary donations to a trust fund.^[33]

Early donors included the Swiss Agency for Development and Cooperation (SWADC), ICANN and Nominet.^[34] Due to disjointed sources of funding, the Secretariat was vulnerable to the influence of its donors. For example, the decision to to base the Secretariat in Geneva was to meet the condition set by SWADC contribution. Distressingly, of the 20 non-governmental positions in the MAG, most were directly associated with the ICANN regime.

The over-representation of ICANN representatives in MAG selection was problematic since the IGF was conceptualised to address the lack of acceptance of ICANN’s legitimacy in the WSIS process. The lack of independent funding led to a deficit of accountability demonstrated in instances where it was possible for one of the MAG members to quietly insinuate that private sector support for the IGF and its Secretariat would be withdrawn if reforms unacceptable to that stakeholder group went ahead.^[35]

As might perhaps be expected from a Secretariat with such limited resources, its services to stakeholders were confined to maintaining a rudimentary website and responding to queries and requests. The transparency of the Secretariat’s activities was also very limited, most clearly exemplified by the process by which the Advisory Group was appointed.

Constituting the MAG

Following the announcement of the establishment of the MAG, a call for membership to the advisory group was made in March 2006. From the beginning the nomination process was riddled with lack of transparency and the nominations received from stakeholders were not acknowledged by the IGF Secretariat, nor was the selection criteria of made available. The legitimacy of the exercise was also marred by a top-down approach where first that nominees heard of the outcomes was the Secretariat's announcement of selected nominees. Lack of transparency and accountability resulted in the selection and appointment procedure being driven by patronage and lobbying.

The political wrangling was evident in the composition of the first MAG which was expanded to accommodate six regional coordinators personally appointed by Chair Nitin Desai to the Special Advisory Group (SAG). Of the twenty non-governmental positions, most were associated with the naming and numbering regime including sitting and former Board members and ICANN staff.^[36] Participation from civil society was limited as the composition did not recognise^[37] technical community as a distinct group, including it along with academic community and as part of civil society.

The political struggles at play was visible in the appointment of Michael D. Gallagher, the former head of the US Commerce Department's NTIA. This appointment was all the more relevant since it was Gallagher who had had only a few months back stated that the US government owns the DNS root and has no intention of giving it up. His presence signalled that the US government took the forum seriously enough to ensure its interests were voiced and received attention on the MAG.

Beyond issues of representation the working of the MAG suffered from a serious lack of transparency as meetings of the Advisory Group were closed, and no reports or minutes were released. The Advisory Group met in May and September in Geneva before the inaugural IGF meeting in Athens. Coordination between members for the preparations for Athens was done utilising a closed mailing list that was not publicly archived. Consequently, the detail of the operations of the Advisory Group ahead of the first IGF meeting were known only to its members.

Whatever little has been reported suggests that the Advisory Group possessed little formal authority, operating like a forum where members expressed views and debated issues without the object of taking formal decisions. Decisions were settled upon by rough consensus as declared by the Chair, and on all matters where there was no agreement the issues were summarised by the Chair in a report to the UN Secretary-General. The Secretary-General would take the report summary in consideration however retained the ultimate authority to make a formal decision.^[38]

The UN’s clear deciding role was not so obvious in the early years of the MAG’s existence because of the relatively novel nature of the IGF. Moreover Nitin Desai Chair, MAG and Markus Kummer, IGF Secretariat were appointed by the UN Secretary General and were on good terms with the then-Secretary General Kofi Annan and working together they acted as de facto selectors of the members of the MAG. Most of the MAG’s core membership in the first five years of its existence was made up of leaders from across the different stakeholder groups and self-selection within those groups was encouraged to lend broader stability.

Over the last decade, changes in institutional arrangements led the IGF to be moved as a ‘project’ under the UNDESA umbrella, where it is not a core mission, but simply one of many conferences that it handles across the world every year. The core personnel that shepherded the MAG and the IGF from its early days retired allowing for the creation a new core membership. The new group of leaders in the MAG membership have emerged partly as the result of selection and rotation process instituted by the UNDESA in appointing a ‘program committee’.

The history presented above is to help understand how the MAG was established under the UN umbrella and to highlight the key developments that shaped its scope and working. Importantly the weakened IGF mandate created divergences on the scope of the MAG to function as a ‘program committee’ limited to selecting proposals and planning the IGF or as an ‘advisory committee’ with a more substantial role in developing the forum as an innovative governance mechanism. In its conception the IGF was a novel idea and by empowering MAG and introducing transparency in the selection procedures of members and their workings could have perhaps led to a more democratic and accountable IGF. However, the possibility of this was stemmed early on.

The opacity in the appointment processes meant that patronage and lobbying became key to being selected as a member of the MAG. It established the worrying trend of ensuring diversity and representation taking precedent over the necessity of ensuring that representatives were appointed through a bottom-up multistakeholder process. Further, distributing the composition to ensure geographic representation severely limited participation of technical, academic and civil society. In the next section, I focus on the rotation of members of the MAG over the last ten years to identify and highlight trends that have emerged in its composition.

Analysis of MAG Composition (2006 - 2015)

This primary data for the analysis of the MAG membership has been collected from the membership list from 2010-2015 available on the I website. The membership list for 2005, 2006, 2007 and 2008 have been provided by the UN IGF Secretariat during the course of this research. To the best of my knowledge, this data is yet to be made publicly available and may be accessed here.^[39] The Secretariat notes that the MAG membership did not change in 2008 and 2009 and the confirmation is the only account of the list of members for both years, as the records were poorly maintained and are therefore unavailable in the public domain.

It is also worth noting that to the best of my knowledge, no data has been made available by the IGF Secretariat regarding the nomination process and the criteria on which a particular member has been re-elected to the MAG. The stakeholder groups identified for this analysis include government, civil society, industry, technical community and academia. Any overlap between two or more of these groups or movements of individuals between stakeholder groups and affiliations has been taken into account.

Over the decade of its existence, the MAG has had 196 unique members from various stakeholder groups. As per the Terms of Reference^[40] (ToR) of the MAG, it is the prerogative of the UN Secretary General to select MAG members. There also exists a policy of rotating one-third members of MAG every year for diversity and taking new viewpoints in consideration. Diversity within the UN is an ingrained process where every group is expected to be evenly balanced in geographic and gender representation. However, ensuring a diverse membership often comes at the cost of legitimate expertise. Further it may often lead to top-down decision making where individuals are appointed based on their characteristics rather than qualifications.

The complexity of the selection process is further compounded by the fact that the IGF Secretariat provides an initial set of recommendations identifying which members should be appointed to the MAG, but the selection and appointment is undertaken by UNDESA civil servants based in New York. Notably, while the IGF Secretariat staff is familiar with and interacts with stakeholder representatives at internet governance meetings and forums that are regularly held in Geneva, the New York UN based officials do not share such relationships with constituent groups.

Consequently, they end up selecting members who meet all their diversity requirements and have put themselves forward through the standard UN open nomination process. The practice of ensuring that UN diversity criteria is met, creates tension within the MAG membership as representatives nominated by different stakeholder and who have more legitimacy within their respective constituencies are not appointed to the MAG.

The stress on maintaining diversity is evident in the MAG membership’s gradual expansion from an initial group of 46 members in 2006 to include a total of 56 members as of 2015. However the increase in membership has not impacted representation of the technical, academic and civil society constituencies with only 56 members having been appointed from the three groups over the last decade.

This is problematic considering that at the time of its constitution of the MAG the composition did not recognise^[41] technical community as a distinct group, including it along with academic community as part of civil society. Consequently the three stakeholder groups have been represented collectively in the MAG and yet account for only 24.77% of the total membership compared to the government’s share of 39.3% and industry’s share of 35.7% respectively. At the regional level too membership across the three groups has ranged between 20-25% of the total membership.

The technical community is the least represented constituency accounting for only 5% of the total membership with only 10 members having been appointed over ten years. Of the 10, 6 were appointed from the WEOG region and there were no representatives appointed from the GRULAC region. Representatives from academia accounted for only 6% of the total membership with 13 representatives from the group having been appointed on the MAG. The technical community representation too was low from the US with only two members being appointed to the MAG and with each serving for a period of three years.

Civil society accounted for only 17% of the total membership with a total of 33 members and representation from the constituency was abysmally low across all regions. Civil society representation from the US included a total of five members, of which one served for one year, three served for two years each and only one representative continued for more than three years. Notably, there have been no academics from the US which is surprising given that most of the scholarship on internet governance is dominated by US scholars.

Industry was second largest represented group with a total of 64 members appointed to the MAG of which a whopping 30 members were appointed from the WEOG region. Representation was the highest across WEOG countries with 39.47% of the total membership and the group accounted for 32.4% and 32.5% of the total members from Africa and Asia Pacific respectively. Across Eastern European and GRULAC countries industry representation was very low accounting for merely 11.53% and 18.18% of the total membership respectively. Industry representative from the US Included two members serving one year each, five members who served two years each, two members who continued for three years each, one member was appointed for five years, one member who completed the maximum MAG term of eight years.

It is also interesting to note that the industry membership base expanded steadily, spiking in 2012 with a total of 40 representatives from the industry on the MAG. When assessed against the trend of the core leadership trickling out in 2012, the sudden increase in industry representation may point to attempts at capture from the stakeholder group in 2012. Industry representation from US in the MAG was by far the most consistent over the years and had the most evenly distributed appointment terms for members within a group.

Government has been the most dominant group within the MAG averaging a consistent 40% of the total membership over the last 10 years. At a regional level representation on the MAG was highest from Eastern Europe with more than 61% of its total membership comprising of individuals from the government constituency. GRULAC countries appointments to the MAG also demonstrate a preference for government representation with almost 58% of the total members appointed from within this group. The share of government representation in the total membership from Asia Pacific was 47.5% and 32.43% across Africa.

Another general policy followed in the selection procedure is that members are appointed for a period of one year, which is automatically extendable for two more years consecutively depending on their engagement in MAG activities. Members serving for one year term is inevitable due to the rotation policy, as new members replace existing members and often it may be the case of filling slots to ensure stakeholder group, geographic and gender diversity. Due to the limited resources made available for coordination between MAG members, one year appointments may not allow sufficient time for integrating new members into the procedures and workings of UN institutions.

Over the last decade 24.36% of the total appointed MAG members have been limited to serving a term of one year. Of the total 55 one year appointments 26 individuals served their first term in 2015 alone. This includes all nine representatives of civil society and it could be argued that for a stakeholder group with only 11% of the total membership share, such a rehaul weakens the ability of members to develop linkages severely limiting their ability to exert influence on decision making within the MAG.

Interestingly, the analysis reveals that one year term was a trend in the early years of the MAG where a core group took on the leadership role and continued guiding activities for newcomers including negotiating often conflicting agendas. The pattern of one year appointments was hardly visible from 2008-2012 but picked up again in 2013 and has continued ever since. The trend is perhaps indicative of the movement in the core MAG leadership as many of the original members retired or moved on to other engagements from 2010.

Importantly, the MAG ToR note that in case there is a lack of candidates fitting the desired area or under exceptional circumstances a member may continue beyond three years. However in the formative years the MAG this exception was the norm with most members continuing for more than three years. An analysis of the membership reveals that between 2006-2012 an elite core emerges which guided and was responsible for shaping the MAG and the IGF in its present day format. No doubt some of these members were exceptional talents and difficult to replace, however the lack of transparency in the nomination system makes it difficult to determine the basis on which these people continued beyond the stipulated one year term.

The analysis also suggests a shift in the leadership core over the last three years and points that a new leadership group is emerging which is distinguishable in that most members have served on the MAG for three or four years. Members serving for one, two or three years makes up more than 75% of the total membership and 111 individual members have served more than 2 years on the MAG. This could be the result of the depletion in membership of those familiar with internal workings and power structures within the UN, and the selection and rotation criteria and procedures that have weakened the original composition over the last decade.

Rotating membership might be necessary to prevent capture from any particular constituency or group, on the other hand more than half of the total members have spent less than three years on the MAG which makes the composition a shifting structure that limits long term engagement. Regular rotation of members can also lead to power struggles as continuing members exercise their influence to ensure that more members from within their constituency groups are appointed. Only seven individuals have completed the maximum term of eight years on the MAG while 23 individuals have completed five years or more on the MAG.

Finally, in terms of gender diversity, the ratio of male to female members is approximately 13:7 in the total membership with the approximate value in percentage being 65% and 35% respectively. Female representatives from WEOG countries dominate with a total of 29 women having been appointed from the region. Participation of women was the lowest across Asia Pacific and Eastern Europe with only nine and five representatives having been appointed respectively. There was a better balance of gender ratios across countries from Africa and GRULAC with 12 and 14 females having been appointed from the region.

Further analysis and visualisations derived from the MAG composition and identifying trends in appointment of individual members are available on the CIS website. The visualizations include MAG membership distribution across region^[42] and stakeholder groups^[43], evolution of stakeholder groups over the years^[44], stakeholder group distribution across countries^[45] and the timeline of total number of years served by individual members^[46]. The valuation also include a comparison of stakeholder group representatives appointed across India and the USA.^[47]

Recommendations: Reforming MAG & the IGF

Between April 4-6, 2016 the MAG convened in Geneva towards the IGF’s first planning meeting for the year^[48]. The meeting marks the beginning of MAG’s work in planning and delivering the forum, the first in its recently renewed and now extended mandate. This report is a much needed documentation of its working and processes and has been undertaken as an attempt to scrutinize if the MAG is truly a multi-stakeholder institution or if it is has evolved as a closed group of elite members cloaked in a multi-stakeholder name.

There is very little literature on the evolution of, or critiquing the MAG structure partly due to it being a relatively new structure and partly due its workings being shrouded in secrecy. The above analysis has been conducted with the aim of trying to understand MAG’s functioning of the selection of its membership. The paper explores the history of the formation of IGF and the MAG to identify the geo-political influences that have contributed to the MAG’s evolution and role in shaping the IGF over the last decade.

In this section I apply the theory of institutional isomorphism developed by DiMaggio and Powell in their seminal paper^[49] on organizational theory and social change. The paper posits that as organisations emerge as a field, a paradox arises where rational actors make their organizations increasingly similar as they try to change them. A focus on institutional isomorphism can add a much needed perspective on the political struggle for organizational power and survival that is missing from much of discourse and literature around the IGF and the MAG.

A consideration of isomorphic processes also leads to a bifocal view of power and its application in modern politics. I believe that there is much to be gained by attending to similarity as well as to variation between organisations within the same field and, in particular, to change in the degree of homogeneity or variation over time. In this paper I have attempted to study the incremental change in the IGF mandate as well as in the selection of the MAG members.

Applying the theoretical framework proposed by DiMaggio and Powell I identify possible areas of concern and offer recommendations for improvement of the IGF and reform of the MAG. I detail these recommendations through the impact of resource centralization and dependency, goal ambiguity, professionalization and structuration on isomorphic change. There is variability in the extent to and rate at which organizations in a field change to become more like their peers. Some organizations respond to external pressures quickly; others change only after a long period of resistance.

DiMaggio and Powell hypothesize that the greater the extent to which an organizational field is dependent upon a single (or several similar) source of support for vital resources, the higher the level of isomorphism. Their organisational theory also posits that the greater the extent to which the organizations in a field transact with agencies of the state, the greater the extent of isomorphism in the field as a whole. As my analysis reveals both hypotheses hold true for the IGF which is currently defined as a ‘project’ of the UNDESA. Since the IGF and the MAG are dependent on the UN for their existence, it is not surprising that both structures emulate the UN principles for diversity and governmental representation.

It is also worth noting that UN projects are normally not permanent and require regular renewal of mandate, reallocation of resources and budgets. When budget cuts take place as was the case during the global economic crisis, project funding is jeopardized as was the case when the IGF was left without an executive coordinator or a secretariat due to UN budget cuts.

This led to constituent groups coming together to directly fund the IGF secretariat through a special IGF Trust Fund created under an an agreement with the United Nations and to be administered by the UNDESA.^[50] The fund was drawn up to expire on 31 December 2015 and efforts to renew contribution to the fund for 2016 is being opposed and questions on the legality of the arrangement are being raised.^[51]

It is widely rumoured that the third party opposing the contribution is UNDESA itself. Securing guaranteed, stable and predictable funding for the IGF, including through a broadened donor base, is essential for the forum’s long term stability and ability to realize its underutilized potential. There have been several suggestions from the community in this regard including IT for Change’s suggestion that part of domain names tax collected by ICANN should to be dedicated to IGF funding through statutory/ constitutional arrangements. Centralisation of resources may lead to power structures being created and therefore any attempts at IGF and MAG reform in the future must consider the choice between incorporating the IGF as a permanent body with institutional funding under the UN and the implications of that on the forum’s structure.

There are four other hypotheses in DiMaggio and Powell’s framework that may be helpful in identifying levers for improvement of the IGF and the MAG. The first states that, the greater the extent to which goals are ambiguous within afield, the greater the rate of isomorphic change. As my analysis suggests, there is an urgent need to address the decade long debate on the MAG’s scope as a programme committee limited to planning an annual forum.

The question is linked to the broader need to clarify if the IGF will continue to evolve as an annual policy-dialogue forum or if it can take on a more substantive role that includes offering recommendations and assisting with development of policy on critical issues related to internet governance. Even the MAG is divided in its interpretation of its roles and responsibilities. A resurgence of the IGF necessitates that the global community reassess the need of the forum not only on the mandate assigned to it at the time of its conceptualisation but also in light of the newer and more complex challenges that have emerged over the decade.

The second hypothesis holds that the greater the extent of professionalization in a field greater the amount of institutional isomorphic change. DiMaggio and Powell measure professionalization by the universality of credential requirements, the robustness of training programs, or the vitality of professional associations. As the MAG composition analysis reveals the structure has evolved in a manner that gives preference to participation from the government and industry over participation from civil society, technical and academic communities.

Since the effect of institutional isomorphism is homogenization, the best indicator of isomorphic change is a decrease in variation and diversity, which could be measured by lower standard deviations of the values of selected indicators in a set of organizations. Such professionalization is evident in the functioning of the MAG that has taken on bureaucratic structure akin to other UN bodies where governmental approval weighs down an otherwise light-weight structure. Further the high level of industry representation creates distrust amongst other stakeholders and may be a reason the forum lacks legitimacy as a mechanism for governance as it could be perceived as being susceptible to capture.

The third hypothesis states that fewer the number of visible alternative organizational models in a field, the faster the rate of isomorphism in that field. The IGF occupies a special place in the UN pantheon of semi-autonomous groups and is often held up as a shining example of the ‘multistakeholder model’, where all groups have an equal say in decisions. Currently, there is no global definition of the multistakeholder model which at best remains a consensus framework for legitimizing Internet institutions.

It is worth noting that the system of sovereignty where authority is imposed is at odds with the earned authority within Internet institutions. Given the various interpretations of the approach, if multistakeholderism is to survive as a concept then it needs to be understood as a legitimizing principle that is strictly at odds with state sovereignty-based conceptions of legitimacy.^[52] Under a true multistakeholder system, states can have roles in Internet governance but they cannot unilaterally declare authority, or collectively assert it without the consent of the rest of the Internet.

Unfortunately as the MAG membership reveals the composition is dominated by governmental representatives who seek to enforce territorial authority over issues of global significance. Further, while alternative approaches to its application exist within the ecosystem they are context specific and have evolved within unique environments.^[53] As critics note emerging and existing platforms derived from the multistakeholder concept create ‘an embryonic form of transnational democracy’. Therefore it is important to recognise that the IGF is a physical manifestation of a much larger ideal, one where individuals and organizations have the ability to help shape the Internet and the information society to which it is intrinsically connected. This points to the need to study and develop alternative models to multistakeholder governance while continuing to strengthen existing practices and platforms.

As such, the IGF and its related local, national and regional initiatives represent a critical channel for expression especially for countries where such conversation is not pursued adequately and keeps discussions of the internet in the public space as opposed to building from regional/national initiatives. However, interaction between the global IGF and national IGFs is yet to be established. The MAG can play a critical role in developing and establishing mechanism to improve the national IGFs coordination with regional and national initiatives. A strengthened IGF could better serve national initiatives by providing formal backing and support to develop as platforms for engaging with long standing and emerging issues and identifying possible ways to address them.

DiMaggio and Powell’s final hypothesis holds that the greater the extent of structuration of a field, the greater the degree of isomorphism. As calls for creating structures to govern cyberspace pick up pace and given the extension of the IGF mandate its structure and working are in need of a rehaul. More research and analysis is needed to understand if there is a preferred approach for multistakeholder participation and engagement is emerging within both the IGF and MAG.

For example, if a portion or category of stakeholder group, countries and regions are not engaging in common dialogue, does the MAG have the mandate to promote and encourage participation? Has a process been established for ensuring a right balance when engaging different stakeholders and if yes, how is such a process initiated and promoted? The data shared by the IGF Secretariat confirmed that there were no records of the nomination procedure, that the membership list was missing for a year and that there was confusion in some cases who the nominees were are actually representing.

This opens up glaring questions on the legitimacy of the MAG such as on what criteria were MAG members selected and rotated? Was this evaluation undertaken by objective criteria or were representative handpicked by the UN? Moreover, it is important to asses of selection took place following an open call for nominations; or if members were handpicked by UN. Such analysis will help determine if there is scope within the current selection procedure to reach out to the wider multistakeholder community or if all MAG activities and discussions are restricted to its constituent membership. Clarifying the role of the IGF in the internet governance and policy space is inextricably linked to reforms in the MAG structure and processes and the questions raised above need urgent attention.

While these issues have been well known and documented for a number of years, yet there has been no progress on resolving them. Currently there is no website or document that lists the activities conducted by MAG in furtherance of ToR, nor does it produce annual report or maintain a publicly archived mailing list. Important recommendations for strengthening the IGF were made by the UN CSTD working group on IGF improvements.

The group took two years to produce its report identifying problems and offering recommendations that were to be implemented by end of 2015 and yet many of the problems identified within it have yet to be addressed. Worryingly, an internal MAG proposal to set up a working group to dig into the delays is being bogged down with discussions over scope and membership and a similar effort six months ago was also shot down.^[54]

The ineffectiveness of the MAG to institute reform have led to calls for a new oversight body with established bylaws as the MAG in its present form does not seem up to the task. Further the opaque decision making process and lack of clarity on the scope of the MAG means that each time it undertakes efforts for improvements these are thwarted as being outside of its mandate. There remains a lot of work to be done in strengthening the MAG structure as the group that undertakes the day-to-day work of the IGF and the many issues that plague the role and function of the IGF. A tentative beginning can be made by introducing transparency and accountability in MAG member selection.

^[1] This paper has been authored as part of a series on internet governance and has been made possible through a grant from the MacArthur Foundation.

^[2] The Internet Governance Forum See: http://www.intgovforum.org/cms/

^[3] World Summit on the Information Society (WSIS)+10 High-Level Meeting See: https://publicadministration.un.org/wsis10/

^[4]The mandate and terms of reference of the IGF are set out in paragraphs 72 to 80 of the Tunis Agenda for the Information Society (the Tunis Agenda). See: http://www.itu.int/net/wsis/docs2/tunis/off/6rev1.html

^[5] Samantha Bradshaw, Laura DeNardis, Fen Osler Hampson, Eric Jardine and Mark Raymond ‘The Emergence of Contention in Global Internet Governance’, the Centre for International Governance Innovation and Chatham House, 2015 See: https://www.cigionline.org/sites/default/files/no17.pdf

^[6] Mikael Wigell, ‘Multi-Stakeholder Cooperation in Global Governance’, The Finnish Institute of International Affairs. June 2008, See: https://www.ciaonet.org/attachments/6827/uploads

^[7] Arun Mohan Sukumar, India’s New ‘Multistakeholder’ Line Could Be a Game Changer in Global Cyberpolitics,The Wire, 22 June 2015 See:http://thewire.in/2015/06/22/indias-new-multistakeholder-line-could-be-a-gamechanger-in-global-cyberpolitics-4585/

^[8] Background Note on Sub-Theme Principles of Multistakeholder/Enhanced Cooperation, IGF Bali 2013 See: https://www.intgovforum.org/cmsold/2013/2013%20Press%20Releases%20and%20Articles/Principles%20of%20Multistakeholder-Enhanced%20Cooperation%20-%20Background%20Note%20on%20Sub%20Theme%20-%20IGF%202013-1.pdf

^[9] Statement by Mr. Santosh Jha, Director General, Ministry of External Affairs, at the First Session of the Review by the UN General Assembly on the implementation of the outcomes of the World Summit on Information Society in New York on July 1, 2015 See: https://www.pminewyork.org/adminpart/uploadpdf/74416WSIS%20stmnt%20on%20July%201,%202015.pdf

^[10] Jean-Marie Chenou, Is Internet governance a democratic process ? Multistakeholderism and transnational elites, IEPI – CRII Université de Lausanne, ECPR General Conference 2011,Section 35 Panel 4 See: http://ecpr.eu/filestore/paperproposal/1526f449-d7a7-4bed-b09a-31957971ef6b.pdf

^[11] Ibid. 9

^[12] Kieren McCarthy, ‘Critics hit out at 'black box' UN internet body’, The Register 31 March 2016 See: http://www.theregister.co.uk/2016/03/31/black_box_un_internet_body/?page=3

^[13] Ibid.

^[14] Malcolm Jeremy, ‘Multistakeholder governance and the Internet Governance Forum, Terminus Press 2008

^[15] Background Report of the Working Group on Internet Governance June 2005 See: https://www.itu.int/net/wsis/wgig/docs/wgig-background-report.pdf

^[16] Report of the Working Group on Internet Governance, Château de Bossey June 2005 http://www.wgig.org/docs/WGIGREPORT.pdf

^[17] Compilation of Comments received on the Report of the WGIG, PrepCom-3 (Geneva, 19-30 September 2005) See: http://www.itu.int/net/wsis/documents/doc_multi.asp?lang=en&id=1818%7C2008

^[18] U.S. Principles on the Internet's Domain Name and Addressing System June 30, 2005 See: https://www.ntia.doc.gov/other-publication/2005/us-principles-internets-domain-name-and-addressing-system

^[19] Ibid. 16.

^[20] Tom Wright, ‘EU Tries to Unblock Internet Impasse’, International Herald Tribune

Published: September 30, 2005 See: http://www.nytimes.com/iht/2005/09/30/business/IHT-30net.html

^[21] Kieren McCarthy, Read the letter that won the internet governance battle’, The Register, 2 Dec 2005 See: http://www.theregister.co.uk/2005/12/02/rice_eu_letter/

^[22] United Nations Press Release, 2 March, 2006 Preparations begin for Internet Governance Forum,

http://www.un.org/press/en/2006/sgsm10366.doc.htm

^[23] The Internet Society’s contribution on the formation of the Internet Governance Forum, February 2006 See: http://www.internetsociety.org/sites/default/files/pdf/ISOC_IGF_CONTRIBUTION.pdf

^[24] APC, Questionnaire on the Convening the Internet Governance Forum (IGF) See:http://igf.wgig.org/contributions/apc-questionnaire.pdf

^[25] Milton Mueller, John Mathiason, Building an Internet Governance Forum, 2 Febryary 2006, See: http://www.internetgovernance.org/wordpress/wp-content/uploads/igp-forum.pdf

^[26] Ibid.

^[27] Supra note 11.

^[28] Supra note 20.

^[29] Consultations on the convening of the Internet Governance Forum, Transcript of Morning Session 16 February 2006. See: http://unpan1.un.org/intradoc/groups/public/documents/igf/unpan038960.pdf

^[30] Ibid.

^[31] Ibid.

^[32]Milton Mueller, ICANN Watch, ‘The Forum MAG: Who Are These People?’ May 2006 See: http://www.icannwatch.org/article.pl?sid=06/05/18/226205&mode=thread

^[33] IGF Funding, See: https://intgovforum.org/cmsold/funding

^[34] Supra note 12.

^[35] Ibid.

^[36] ICANN’s infiltration of the MAG was evident in the composition of the first advisory group which included Alejandro Pisanty and Veni Markovski who were sitting ICANN Board members, one staff member (Theresa Swineheart), two former ICANN Board members (Nii Quaynor and Masanobu Katoh); two representatives of ccTLD operators (Chris Disspain and Emily Taylor); two representatives of the Regional Internet Address Registries (RIRs) (Raul Echeberria and Adiel Akplogan). Even the "civil society" representatives appointed were all associated with either ICANN's At Large Advisory Committee or its Noncommercial Users Constituency (or both) Adam Peake of Glocom, Robin Gross of IP Justice, Jeanette Hofmann of WZ Berlin, and Erick Iriarte of Alfa-Redi.

^[37] United Nations Press Release, Secretary General establishes Advisory Group to assist him in convening Internet Governance Forum, 17 May 2006 See: http://www.un.org/press/en/2006/sga1006.doc.htm

^[38] Jeremy Malcolm, Multi-Stakeholder Public Policy Governance and its Application to the Internet Governance Forum See: https://www.malcolm.id.au/thesis/x31762.html

^[39] MAG Spreadsheet CIS Website https://docs.google.com/spreadsheets/d/1uZzfBz9ihj1M0QSvlnORE0nRD62TCRxhA5d1E_RKfhc/edit#gid=1912343648

^[40] Terms of Reference for the Internet Governance Forum (IGF) Multistakeholder Advisory Group (MAG) Individual Member Responsibilities and Group Procedures See: http://www.intgovforum.org/cms/175-igf-2015/2041-mag-terms-of-reference

^[41] United Nations Press Release, Secretary General establishes Advisory Group to assist him in convening Internet Governance Forum, 17 May 2006 See: http://www.un.org/press/en/2006/sga1006.doc.htm

^[42] IGF MAG Membership Analysis, 2006-2015 http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_Treemap.html

^[43] IGF MAG Membership - Stakeholder Types and Regions - 2006-2015 See: http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_StakeholderTypes-Regions.html

^[44] IGF MAG Membership - Stakeholder Types across Years - 2006-2015 See: http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_StakeholderTypes-Years.html

^[45] IGF MAG Membership - Stakeholder Types and Countries - 2006-2015 See: http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_StakeholderTypes-Country.html

^[46] IGF MAG Membership Timeline, 2006-2015 See: http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_Member-Timeline.html

^[47] MAG Membership - India and USA - 2006-2015

See: http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_StakeholderTypes-India-USA.html

^[48] MAG Meetings in 2016

http://www.intgovforum.org/cms/open-consultations-and-mag-meeting

^[49] Paul J. DiMaggio and Walter W. Powell, ‘The Iron Cage Revisited: Institutional Isomorphism and Collective Rationality in Organizational Fields’, Yale University, American Sociological Review 1983, Vol. 48 (April: 147-160)

^[50] United Nations Funds-In-Trust Project Document Project number: GLO/11/X01 Project title: Internet Governance Forum Country/area: Global Start date: 1 April 2011 End date: 31 December 2015 Executing agency: UNDESA Funding: Multi-donor – extrabudgetary Budget: Long-term project framework – budget “A” See: http://www.intgovforum.org/cms/2013/TrustFund/Project%20document%20IGF.pdf

^[51] Kieren McCarthy, Critics hit out at 'black box' UN internet body, The Register 31 March 2016 See: http://www.theregister.co.uk/2016/03/31/black_box_un_internet_body/?page=2

^[52] Eli Dourado, Too Many Stakeholders Spoil the Soup, Foreign Policy, 15 May 2013 See:http://foreignpolicy.com/2013/05/15/too-many-stakeholders-spoil-the-soup/

^[53] IANA Transition, NetMundial are some of the other examples of multi-stakeholder engagement.

^[54] Ibid.

For more details visit https://cis-india.org/internet-governance/blog/mapping-mag-a-study-in-institutional-isomorphism

RightsCon Silicon Valley 2016

praskrishna — 2016-04-06T15:10:21Z

RightsCon is the world’s leading event convened around the issues of the internet and human rights. The annual conference convenes business leaders, visionaries, technologists, legal experts, civil society members, activists, and government representatives from across the globe on issues at the intersection of tech and human rights. The event was organized by RightsCon.

Program

This year, we had three days ofprogrammingplus a day of satellite events (Day Zero satellite events + three full days of main programming), tackling some of today’s most challenging business and policy issues: freedom of expression, online harassment and countering violent extremism, privacy and digital security, encryption, network discrimination and connectivity, human rights, trade and business, transparency reporting, digital inclusion, internet governance, and much more. Click here to see our program schedule.

With 250+ sessions and over 1,000 registered participants, RightsCon 2016 provided unparalleled opportunities to engage with leading speakers and organizations, both in sessions and through private meetings and discussions. It was also home to an array of parties, movie screenings, and social events throughout the week to help participants meet others in the space.

Elonnai Hickok participated in the following panels and meetings at RightsCon held at Mission Bay Conference Center in San Francisco, California from March 30 to April 1, 2016:

1. Beyond CSR: Promoting Strong Human Rights Performance - Centre for Law and Democracy
2. Ranking ICT Companies on Digital Rights; A How to Guide - Ranking Digital Rights
3. Who is an Intermediary? Harmonizing Definitions? - CIS
4. Manila Principles: One Year Later - CIS and EFF
5. Cross Border Data Requests - American University Washington College of Law, University of Kentucky College of Law.
6. Closed door meeting for Ranking Digital Rights
7. GNI meeting on Mutual Legal Assistance

More info on the RightsCon website

For more details visit https://cis-india.org/internet-governance/news/rightscon-silicon-valley-2016

Will Aadhaar Act Address India’s Dire Need For a Privacy Law?

nehaa — 2016-04-05T16:01:06Z

The article was published by Quint on March 31, 2016.

The passage of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (will hereby be referred to as “the Act”) has led to flak for the government from privacy advocates, academia and civil society, to name a few.

To my mind, the opposition deserves its fair share of criticism (lacking so far), for its absolute failure to engage with and act as a check on the government in the passage of the Act, and the events leading up to it.

The government’s introduction of the Act as a ‘money bill’ under Article 110 of the Constitution of India (“this/the Article”) is a mockery of the constitutional process. It renders redundant, the role of the Rajya Sabha as a check on the functioning of the Lower House.

Article 110 limits a ‘money bill’ only to six specific instances: covering tax, the government’s financial obligations and, receipts and payments to and from the Consolidated Fund of India, and, connected matters.

The Act lies well outside the confines of the Article; the government’s action may attract the attention of the courts.

Political One-Upmanship


Finance Minister Arun Jaitley (left) listens to Reserve Bank of India (RBI) Governor Raghuram Rajan. (Photo: Reuters)

In the past, the Supreme Court (“the Court”) has stepped into the domain of the Parliament or the Executive when there was a complete and utter disregard for India’s constitutional scheme. In recent constitutional history, this is perhaps most noticeable in the anti-defection cases, (beginning with Kihoto Hollohan in 1992); and, in the SR Bommai case in 1994, on the imposition of the President’s rule in states.

In hindsight, although India has benefited from the Court’s action in the Bommai and Hollohan cases, it is unlikely that the passage of the Aadhaar Act as a ‘money bill’, reprehensible as it is, meets the threshold required for the Court’s intervention in Parliamentary procedure.

Besides, the manner of its passage, the Act warrants

Censure for its process
Its (in)compatibility with fundamental rights
The failure to incorporate the suggestions of the Yashwant Sinha-led Standing Committee to UPA’s NIDAI Bill
The possibility of surveillance that it presents
The lack of measures to protect personal information
Its inadequate privacy safeguards
The questions around the realisation of its stated purpose.

Instead, a part of the Aadhaar debate has involved political one-upmanship between the Congress and the BJP, pitting the former’s NIDAI Bill against the latter’s Aadhaar Act.

While an academic comparison between the two is welcome, its use as a tool for political supremacy would be laughable, were it not deeply problematic, given the many serious concerns highlighted above.

Better Than UPA Bill?


The Act may have more privacy safeguards than the earlier UPA Bill. (Photo: iStockphoto)

And while the Act may have more privacy safeguards than the earlier UPA Bill, critics have argued that they not up to the international standard, and instead, that they are plagued by opacity.

Additionally, despite claims that the Act is a significant improvement over the UPA Bill, it fails to address concerns, including around the centralised storage of information, that were raised by civil society members and others.

Perhaps most problematically, however, the Act takes away an individual’s control of her own information. Subsidies, government benefits and services are linked to the mandatory possession of an Aadhar number (Section 7 of the Act), effectively negating the ‘freedom’ of voluntary enrollment (Section 3 of the Act). This directly contradicts the recommendations of the Justice AP Shah Committee, before whom the Unique Identification Authority of India had earlier stated that enrollment in Aadhaar was voluntary.

To make matters worse, the individual does not have the authority to correct, modify or alter her information; this lies, instead, with the UIDAI alone (Section 31 of the Act). And the sharing of such personal information does not require a court order in all cases.


Kanhaiya Kumar speaking in JNU on 3 March 2016. (Photo: PTI)

It may be authorised by Executive authorities under the vague, ill-understood concept of ‘national security’, (Section 33(2) of the Act) which the Act does not define. We would do well to learn the dangers of leaving ‘national security’ open to interpretation, in the aftermath of the recent events at JNU.

These recent events around Aadhaar have only underscored the dire urgency for comprehensive privacy legislation in India and, the need to overhaul our data protection laws to meet our constitutional commitments along with international standards.

Meanwhile, constitutional challenges to the Aadhaar scheme are currently pending in the Supreme Court. The Court’s verdict may well decide the future of the Aadhaar Act, with the stage already set for a constitutional challenge to the legislation. The BJP’s victory in this case may be short-lived.

For more details visit https://cis-india.org/internet-governance/blog/the-quint-march-31-2016-nehaa-chaudhari-will-aadhaar-act-address-indias-dire-need-for-a-privacy-law

Woman Alleges Harassment at Major International Conference

praskrishna — 2016-03-30T17:06:10Z

A prospective lawyer's name tag was flipped, and she was asked rude questions by a CEO at a conference, where, ironically enough, she was invited to devise sexual harassment policies.

The article by Kavita Patil was published in Bangalore Mirror on March 30, 2016.

Padmini Baruah, 22, a National Law School of India University (NLSIU) student representing Centre for Internet and Society (CIS), at the ICANN55 (Internet Corporation for Assigned Names and Numbers) held at Marrakech, alleged that she was sexually harassed by Khaled Fattal, the chairman and CEO of The Multilingual Internet Group.

On March 2, Baruah had reached out to the conference ombudsman and expressed her concerns about the lack of a specific sexual harassment policy. She was directed to the ICANN55's Standards of Behavior, who invited her for a discussion at the conference in Marrakech.

About three hours before her meeting with the ombudsman on March 6, she had a shock. "I was, unfortunately, subjected to sexual harassment in the nature of verbal remarks and infringement of my personal space by the perpetrator in question, a man I eventually came to know was called Khaled Fattal," she recalled. "Fattal approached me, pulled at my name tag, examined it and dropped it. A little later, he lifted my name tag and flipped it back and forth asking me, "Where are you from?"

He then leaned in, lecherously looked at me and asked, "Do you know how to make a cheese sandwich?" I was taken aback and responded angrily saying, "Yes, that is why I came here, to make you cheese sandwiches." He went on to throw another lecherous look my way and said, "Well, I love veg sandwiches."

Sunil Abraham, executive director of the CIS, said, "ICANN doesn't have a special cell where complaints can be raised but they have an ombudsman. The ombudsman is investigating the case and is in touch with both Baruah and also the perpetrator." He said after she raised the sexual harassment complaint, he received many mails from women who had faced harassment at the event but never made an attempt to raise their voice. "Through CIS we have issued a public statement of support for Baruah and we are waiting for the result of the investigation," he said.

Fattal and the ombudsman were not available for comment despite repeated attempts made by BM to get a response. Baruah, meanwhile, was informed by the ombudsman that her's was the first harassment case reported in the history of ICANN.

For more details visit https://cis-india.org/internet-governance/news/bangalore-mirror-march-30-2016-kavita-patil-woman-alleges-harassment-at-major-international-conference

ICANN 55

praskrishna — 2016-03-30T14:41:34Z

Internet Corporation for Assigned Names and Numbers (ICANN) held its 55th meeting in Marrakech, Morocco from March 5 to 10, 2016. Padmini Baruah and Vidushi Marda attended the event organized by Moroccan Ministry of Foreign Affairs and Cooperation, Consular and Social Affairs.

The Centre for Internet & Society's (CIS) work during this meeting revolved mainly around ICANN's accountability (DIDP and Reconsideration requests), transparency, its commitment to human rights, diversity, and questions surrounding the IANA transition. CIS research was circulated via a submission booklet to different people that we met through the course of the conference. A session-wise account of our work at ICANN55 can be accessed here.

For more details visit https://cis-india.org/internet-governance/news/icann-55

TRAI Consultation on Differential Pricing for Data Services - Post-Open House Discussion Submission

sumandro — 2016-03-30T13:13:30Z

The Centre for Internet and Society sent this submission to the Telecom Regulatory Authority of India (TRAI) following the Open House Discussion on Differential Pricing of Data Services, held in Delhi on February 21, 2016.

Download the submission document: PDF.

Post-Open House Discussion Submission to TRAI

Dear Ms. Kotwal,

This is to heartily congratulate TRAI once again for taking several steps, including the Open House Discussion, to ensure that various opinions about the topic of ‘differential pricing for data services’ are presented and are responded to - and are all in full public view.

This brief note is to a) add to the positions and arguments submitted previously by the Centre for Internet and Society (CIS), India, b) put in writing our comments during the Open House Discussion (January 21, 2016), and c) respond to other comments shared at the same event. We have six points to share in this note:

Forbearance is not an option: We are of the opinion that though the data services market has thus far been kept un-monitored and unregulated, and there are several reasons why this situation should not continue any more. Although the reality of differential pricing (that is data packets originating from different sources being priced differently by ISPs) was highlighted with the recent offering of zero rated packs, it is a general practice in the sector, as illustrated by widely available special/curated content packs for the user to consume data from a specified web-based source. It is not surprising that most such special/curated content packs involve an arrangement between the ISP and a prominent leader in the web-content/platform sector, such as Facebook and Twitter. Serious market distorting impacts of such arrangements are imminent if they are allowed to continue without any monitoring, enforced public disclosure, and regulatory actions by a public authority.
Address differential treatment of data, and not only differential pricing: Pricing is only of the three ways in which data services can be treated differently by the ISPs depending upon the source of the data packets concerned. The other two ways are: a) differential speed, or throttling of some data packets and prioritisation of the others, and b) differential treatment of data protocols, for example, the blocking of peer-to-peer or voice-over-IP traffic by an ISP. If the public authority decides to only regulate differential pricing of data service, it is highly probable that ISPs may shift to other forms of discrimination between data packets - either in terms of prioritising some data packets over others based upon their origin, or blocking of specific protocols such as voice-over-IP to prevent the functioning of certain web-based services - and continue the market distorting impacts through these other means.
Allow and define reasonable network management practices: Reasonable network management has to be allowed to enable the ISPs to manage performance on their network. However, ISPs may not indulge in acts that are harmful to users in the name of reasonable network management. Below is a set of potential guidelines to identify cases when discrimination against classes of data traffic in the name of reasonable network management can be considered justified and permissible:
- there is an intelligible differentia between the classes which are to be treated differently,
- there is a rational nexus between the differential treatment and the aim of such differentiation,
- the aim sought to be furthered is legitimate, and is related to the security, stability, or efficient functioning of the network, or is a technical limitation outside the control of the ISP, and
- the network management practice is the least harmful technical means that is reasonably available to achieve the aim.
Establish an effective enforcement mechanism: TRAI must establish an enforcement mechanism that is open to users [and groups of users] and private sector actors as current forums are insufficient. Clear and simple rules must be established ex-ante, if they are violated - ex-post regulation must be undertaken on the basis of principles listed in the TRAI consultation paper, that is “non-discrimination, transparency, affordable internet access, competition and market entry, and innovation” [1]
Take regulatory decisions now, but also conduct and commission further research to review and refine the decisions over a defined period of time
Need for better collection and proactive disclosure of statistics: TRAI publishes quarterly performance indicators statistics collected from the telecom companies about telephone, mobile, and internet sectors in India [2]. It will be very useful for researchers and analysts, and allow for a much more informed public debate on the matter, if the content and form of such data are improved in the following ways:

Content:
- Please start collection (unless already done) and publication of not only data of average incoming and outgoing MOUs, average of total outgoing SMSs, Average Revenue Per User, and average data usage per GSM and CDMA subscriber, but distributions of the same in terms of user deciles (that is in terms of representative figures for each 10% section of users in ascending order of usage),
- Provide granular data about data usage across service areas and service providers (the numbers on ‘average data usage’ and total ‘revenue from data usage’ provided at present are very insufficient for the state of public debate),
- Provide data about internet subscriber base according to network technologies (for both wired and wireless) and the service providers concerned,
- Provide data about IP-based telephony across service areas and service providers,
- Provide data separately for the North Eastern states, and
- Provide granular data (separated from the corresponding state data) for all tier-1 cities.
Form:
- Please do not publish the data only as part of the quarterly reports available in PDF format, but also as independent machine-readable spreadsheet file (preferably in CSV format),
- Do not only publish quarterly data in separate files, but also provide a combined (all quarters together) dataset that would make it much easier for researchers and analysts to use the data,
- In some exceptional cases, the data is not provided in the report directly but a diagram containing the data is published [3], which should be kindly avoided, and
- Please publish these statistics as open data, that is in open standards and under open licenses.

Further, we request TRAI to explore possibilities of distributed sourcing of data, perhaps from the users themselves, about the actual network usage experiences, including but not limited to signal strength, data transfer speed (incoming and outgoing), frequency of switches between mobile (GSM and CDMA) and wi-fi connectivity, etc.

References

[1]. http://trai.gov.in/WriteReaddata/ConsultationPaper/Document/CP-Differential-Pricing-09122015.pdf.

[2]. http://www.trai.gov.in/Content/PerformanceIndicatorsReports/1_1_PerformanceIndicatorsReports.aspx.

[3]. http://www.trai.gov.in/WriteReadData/PIRReport/Documents/Performance_Indicator_Report_Jun_2015.pdf , sections 1.43 and 1.44 (pp. 31-32).

For more details visit https://cis-india.org/telecom/blog/trai-consultation-on-differential-pricing-for-data-services

On Google Maps, JNU top result in search for 'anti-national'

praskrishna — 2016-03-29T01:37:17Z

"Anti-national" is not a location. But Google Maps seems to have an address for it - Jawaharlal Nehru University in the capital. On Friday, Google Maps pinned other such "locations" in the same place. It yielded the same result for other search terms such as "sedition," "freedom of expression," and "patriotism."

The article by Kim Arora was published in the Times of India on March 25, 2016. Rohini Lakshane was quoted.

The university, that recently became a hotbed of national politics following the arrest of the JNUSU president, also showed up in Google Maps search for other terms like "intolerance", "Kanhaiya Kumar", and "Smriti Irani". Google reviews for the central university suggest that this has been happening since last week.

JNU, it appears, is a victim of Google Map's word association. "This is a bug. Google Maps results take signals from many points on the web, including news outlets. The terms "Anti National," "Kanhaiya Kumar" and JNU have been in the news so much recently that they became associated in Maps which is why this result is triggered. This is a bug and we're working to fix this as quickly as possible," a Google spokesperson told TOI over email.

Google reviews of the university showed a barrage of one-star reviews uploaded in the last couple of weeks, reacting to the events and political demonstrations on the campus. "Ashamed to note that such a popular university houses anti nationals," said one such review. By Friday afternoon, Google Maps was among the top ten India trends on Twitter.

Rohini Lakshane, a researcher with the Center for Internet and Society in Bengaluru, ran a search for "antinational" on Google Maps from an Indian IP, and then again from those outside the country. She found that the JNU result only showed up for searches carried out from an Indian IP, and for those on Google India if used from an IP outside the country.

"Google's search engine seems to be correlating the keyword "JNU" with these terms owing to their extremely large concentration in the Google Maps reviews as well as associated metadata from other content on the web. This is quite common for topics that are widely written about on the internet and discussed on social networking sites. If the heavy concentration only exists within a certain country or region, then the results may only correlate for searches done from IP addresses there," says Lakshane.

Google search algorithms are known to take into account terms that are frequently used together to display results. In July 2015, for example, controversy broke after Google images started showing Prime Minister Narendra Modi's image if one searched for "Top 10 Criminals in the World". Google had then issued an apology for the faux pas, and said, "Sometimes, the way images are described on the internet can yield surprising results to specific queries. We apologise for any confusion or misunderstanding this has caused. We're continually working to improve our algorithms to prevent unexpected results like this."

Google Maps has earlier been subjected to pranks. In May 2015, Google had to temporarily suspend its Map Maker function after an image of an Android bot urinating on an Apple logo appeared on a map. Map Maker is an application where lay users can mark new places, routes, or institutions in areas they are familiar with.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-march-25-2016-kim-arora-on-google-maps-jnu-top-result-in-search-for-anti-national

Securing the internet’s future

praskrishna — 2016-03-28T02:24:35Z

Mike Godwin, who proposed the eponymous law about online discussion threads, speaks about net neutrality, differential pricing and why no government is likely to oppose stricter surveillance measures.

The article by Bhavya Dore was published in Hindu Businessline on March 25, 2016.

For gravity, there’s Newton’s law, for internet discussion threads, there’s Godwin’s law. Twenty-five years ago, a law student trawling through cyberspace noticed a recurring pattern: at some point in an online discussion, someone would invariably invoke Hitler or the Nazis. The observation led to an act of ‘mimetic engineering’ — rifling through discussion boards, pointing this out, and promptly naming the law after him.

Godwin’s law states: As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one — that is, the likelier this becomes.

Mike Godwin, 59, a portly, white-haired gent in Harry Potter glasses is best known for this aphoristic piece of wisdom. “The purpose,” he says, “was to make the people who engaged in frivolous comparisons of atrocities seem like they weren’t thinking.”

It is generally understood that when one of the arguers is falling back on the Nazis as rhetorical shorthand, that person is starting to lose the argument.

“It certainly means one of the arguers has gone to a higher or lower level,” he said.

Godwin was in India in February as part of a series of talks organised through the Centre for Internet and Society on net neutrality.

In early February, at the Mumbai University’s civics and politics department, he was on a panel with three others at a discussion that occasionally took an agitated tone.

“[The debate] hasn’t become heated in every country to the same degree,” he said. “In India it has.” The public discussion has been polarised, with activists vehemently opposing, among other things, ‘Free Basics’ — a Facebook offering. On February 8, the telecom regulator ruled against differential pricing, debarring telecom operators from offering slices of the internet at different prices.

Godwin doesn’t see net neutrality and differential pricing as mutually exclusive. “I think some forms [of differential pricing] are potentially good and some forms are potentially bad,” he said. “And the regulator has to look closely and make a determination about the harms or benefits.”

Godwin has worked with the Wikimedia Foundation, which offered Wikipedia Zero for free in some countries through specific providers, as a gateway to Wikipedia. But he isn’t trying to convince you one way or the other.

“[There is] an idea that there was something valuable about carriers [service providers] being neutral,” he said. “And I still think that that’s true… But the thing that changed was this: with Wikipedia, I realised it doesn’t matter if you have neutrality if nobody can afford it. Neutrality hasn’t served the people who can’t afford to pay to have the wires built up to their provinces.”

This then boils down to the fundamental question: how do we create a world that gets people connected? “It may involve cross-subsidies of various sorts, and all of these things historically have invited some degree of government regulation,” said Godwin. “The question is less ‘do you regulate or not regulate’, the question is ‘do you do it right’.”

But does Free Basics mean anything to a developing country which needs real basics first: water, sanitation, shelter? Godwin doesn’t buy into the premise that the internet is a luxury that comes after all these things.

“I think that [idea] is wrong,” he said. “Because when people can share information or resources about where the water is or what good health practices are or how to properly cultivate a crop, they help everyone else. And the impulse to help and share what they know is strong.”

Godwin’s first law has now been well entrenched in popular culture. But wait, he has a second one. This one goes: Surveillance is the crack cocaine of governments.

“Almost all governments want to engage in surveillance,” he said. “Some governments have disagreements with other governments over their surveillance but rarely will we see them categorically refuse to surveil.”

And yet, he says, our outrage over this is driven by an “antiquated notion of privacy” that the content of our emails or conversations should be free from prying eyes. “In the rest of the century and future centuries people will look back at this idea and laugh: that people thought that content was the important thing,” he said. Someone reading your mail isn’t the only possible violation, but whether they are accessing the whole ecosystem of your communication. “The metadata can give away the whole store,” he said. “The metadata can be more revealing. Who are you talking to, at what time of day, for how long, how big is the message? These are all things that can matter.”

That’s not the only thing that’s changed. The internet has, since its early days, become a more charged, more violent place, where poison, bile and abuse fly thick and fast.

“The level of hatefulness directed towards women online is particularly bad,” he continued, “It is a huge cross-cultural problem.”

The other enduring problem is how do you balance free speech rights while curtailing hate speech? “If there were an easy answer I’d tell you what it is,” said Godwin.

Still, banning or blocking sites, as the Indian government has been in the past eager to do, is hardly a solution. “I won’t say there is never an argument for it,” said Godwin, pausing a beat, “I will say that I have never heard one that was any good.”

For more details visit https://cis-india.org/internet-governance/news/the-hindu-business-line-march-25-2016-bhavya-dore-securing-internets-future

ICANN Sexual Harassment Case Highlights Lack of Procedure at Global Internet Body

praskrishna — 2016-04-01T15:42:49Z

Alleged perpetrator files counter-complaint with ombudsman’s office after being publicly identified.

The article was published in the Wire on March 24, 2016.

A female researcher associated with the Bangalore-based Centre for Internet and Society has alleged that she was sexually harassed at an ICANN (Internet Corporation for Assigned Names and Numbers) public meeting held in Morocco earlier this month, in an incident that highlights a lack of established procedure at the global body responsible for maintaining the technical backbone of the Internet.

According to the woman, who is currently a law student but was representing CIS at the meeting, she was sexually harassed by a participant from the private sector constituency on March 6th at a working session.

“I felt like my space and safety as a young woman in the ICANN community was at stake,” she said.

ICANN-organised events currently do not have a formal redressal system for these type of complaints nor does it have a specific anti-sexual harassment committee to which community members can file an official complaint.

The CIS representative, therefore, has taken up her case with ICANN’s ombudsman office, an office that does not have an explicit mandate to deal with incidents of sexual harassment.

“I currently am unclear as to the exact status of my complaint. The ombudsman office does not have a clear sexual harassment procedure, it has only a standards of behaviour. When I first went to them, they told me nobody has officially complained of sexual harassment since 1998,” she told The Wire.

“I understand the evidential burden that needs to be fulfilled for this [allegation] to be proven. I know it’s difficult to prove this. I just want an enquiry conducted properly and impartially.”

The Centre for Internet and Society released a sharp statement on Monday, pointing out that since the woman was “given no immediate remedy or formal recourse”, she had no choice but to make “the incident publicly known in the interim.”

CIS Executive Director Sunil Abraham pointed out that while the ombudsman office has been in touch with the organisation’s representative, “this administrative process is simply inadequate for rights-violation”.

To that end, CIS has called upon ICANN to “institute a formal redressal system with regard to sexual harassment and institute an anti-sexual harassment committee that is neutral and approachable”.

“Merely having an ombudsman who is a white male, however well intentioned, is inadequate and completely unhelpful to the complainant. The present situation is one where the ombudsman has no effective power and only advises the board ,” the CIS’s statement reads.

ICANN perspective

When asked for a comment, ICANN media representatives pointed The Wire to the written transcript of a public session in which this particular issue of sexual harassment was raised. In that meeting, ICANN board member Markus Kummer specifically condemns “improper conduct of any kind such as harassment” while calling for zero tolerance on such issues within the larger ICANN community.

On the issue of whether ICANN could adopt a broader policy on sexual harassment, Kummer acknowledges that while the organisation’s expected standards of behaviour “could be a bit more specific as regards harassment”, the standards are applicable to “staff and board members and we have to undergo training”.

“Now, we could also make this also available to the community but the board thought it might not be the appropriate way to go about and impose something on the community. It might be more appropriate for the community to come up with these standards…Let me once again assure the community that the board is fully cognizant of the importance of this issue and supports the community in developing standards that may be more explicit in regard of these issues,” Kummer is quoted as saying in the transcript.

Complaint, Counter-Complaint

The incident, however, took a different turn on Tuesday after the ICANN ombudsman wrote to the CIS representative informing her that the investigation had become “very difficult” because she had identified and named the alleged perpetrator in a public social media posting.

“By naming [the alleged perpetrator] before the process was completed, this has meant that the confidentiality of my office has been compromised and his privacy has been compromised. Leaving aside the issue of whether he actually made the comments and behaved as you describe [sic], he is entitled to a fair and impartial investigation,” the ombudsman office’s letter says.

The alleged perpetrator now, according to the letter, has filed a counter-complaint with the ombudsman and has asked the office to undertake an investigation into the female student’s actions in this regard.

“I remind you that his [the perpetrator] initial response on the initial discussion was that he could not recall making the remark. So I sought your comments. I would have liked to take your comments back to him and had some form of conversation. This may still be possible but the force of your complaint is diluted by the problem of procedural fairness by the premature publication of his name,” the letter adds.

Cleaning up

While the CIS representative’s complaint may be the first officially recorded incident at an ICANN meeting, sexual harassment and inappropriate gender bias at numerous technical conferences across the world (ICANN or not) has been a well-documented phenomenon.

In 2012, ICANN ombudsman Chris LaHette was forced to step in after a complaint was lodged regarding the insensitive advertising and promotion surrounding the ICANN 44 meeting in Prague.

While ICANN’s “expected standards of behaviour” – basically a code of conduct – explicitly states that all “members of the ICANN community be treated equally irrespective of nationality or gender..”, there is no official policy that states what aggrieved parties should do after an incident occurs.

Such a policy must be created, CIS points out, and must be “displayed on the ICANN website, at the venue of meetings, and made available in delegate kits”.

For more details visit https://cis-india.org/internet-governance/news/the-wire-march-24-2016-icann-sexual-harassment-case-highlights-lack-of-procedure-at-global-internet-body

Making Aadhaar Mandatory: Gamechanger For Governance?

praskrishna — 2016-03-24T06:50:10Z

Why a programme that both the Congress and the BJP have hailed as transformational has divided Parliament this week? The Aadhaar Bill which was passed this week aims at facilitating government benefits and subsidies to citizens said Finance Minister Arun Jaitley.

Yet it became a reason for the Rajya Sabha to raise key questions. On the panel - Chandan Mitra, Rajya Sabha MP, BJP; Ajoy Kumar, Spokesperson, Congress; Tathagat Sathapathy, Lok Sabha MP, Biju Janata Dal; Rajeev Chandrashekhar, Rajya Sabha MP; Sunil Abraham, Executive Director, Centre for Internet & Society; and Shekhar Gupta, Senior Journalist.

Video

Link to NDTV website

For more details visit https://cis-india.org/internet-governance/news/ndtv-march-20-2016-making-aadhaar-mandatory-gamechanger-for-governance

How the government gains when private companies use Aadhaar

praskrishna — 2016-04-01T15:58:38Z

This blog post by M. Rajshekhar and Anumeha Yadav was published in Scroll.in on March 24, 2016. Sunil Abraham was quoted.

Last week, Rajya Sabha made a last-ditch attempt to modify the contentious Aadhaar legislation introduced by the Modi government. Since the legislation was introduced as a Money Bill, the Upper House had no powers to amend it. It could only send back the bill with recommended amendments.

One of the clauses which Rajya Sabha wished to amend related to the use of the Aadhaar number, the 12-digit unique identification number assigned after the collection of an individual’s biometrics in the form of fingerprints and iris scans.

Clause 57 said that anyone, whether an individual or a public or private organisation, could use the Aadhaar number. Rajya Sabha voted to restrict the use of the number to the government. After all, the government had justified introducing Aadhaar legislation as a Money Bill by stating that it would be used for delivering government subsidies and benefits funded out of the Consolidated Fund of India. If the delivery of government welfare is the aim of Aadhaar, why should private companies be allowed to use it?

The Rajya Sabha recommended dropping clause 57 to limit the use of Aadhaar to government agencies. But the Lok Sabha rejected its recommendation, and cleared the Bill in its original form, paving the way for private companies to use Aadhaar.

Strikingly, however, well before the Bill was cleared, a private company started advertising its services as “India’s 1st Aadhaar based mobile app to verify your maid, driver, electrician, tutor, tenant and everyone else instantly”. In an article for Scroll.in, legal researcher Usha Ramanathan said, “A private company is advertising that it can use Aadhaar to collate information about citizens at a price. It says this openly, even as a case about the privacy of the information collected for the biometrics-linked government database is still pending in the Supreme Court.”

LinkedIn for plumbers

The company that owns the mobile app called TrustID believes it is not doing anything wrong.

Monika Chowdhry, who heads the marketing division of Swabhimaan Distribution Services, the company that created TrustID, defended the app, saying it offers the valuable service of verifying people's identities. “In our day to day life, we do a lot of transactions with people – like maids or plumbers. Till now, you would have to trust them on what they said about themselves and what others said about the quality of their work.” The company is solving that problem, she said. “We are saying ask the person for their Aadhaar number and name and we will immediately tell you if they are telling the truth or not,” Chowdhry said.

Chowdhry said that over time, the Aadhaar number of individuals will be used to create a private verified database of TrustIDs. “Our plan is to create a rating mechanism,” she said. Referring to the option for maid, plumbers and other service providers on the app, she added: “People like you and me, we have Linkedin and Naukri. What do these people have?”

How does the company use Aadhaar for verification and is there a reason to be concerned?

Aadhaar authentication

After you have logged into the TrustID app, you can choose from a dropdown menu of categories. You can send anyone's Aadhaar number, gender and name – or even biometrics – and the app claims it can verify their identity.

The app performs Aadhaar authentication – which means it matches an Aadhaar number with the information stored against that number in the servers of the Unique Identification Authority of India. At the time an individual enrols for an Aadhaar number, they disclose their name, gender, address and give biometric scans. This information is held in a database maintained by the UID authority.

One of the criticisms of Aadhaar has been that the database of millions of people could be misused in the absence of a privacy law in India. First, there is the question about whether the biometrics are secure. Second, there are risks that accompany the uncontrolled use of unique numbers.

In response, the proponents of Aadhaar have said that the data is encrypted and secure, and can be accessed only by the authority. Those wanting to authenticate – or match – the Aadhaar number cannot directly access the database. They can simply make requests to the authority which authenticates the number for them.

So far, it appeared that the authority was taking Aadhaar authentication requests solely from government agencies. For instance, to pay wages to workers of the rural employment guarantee programme.

But TrustID’s example showed that private companies too have been sending authentication requests to the authority. This is not entirely surprising for those who have followed the blueprint for Aadhaar as envisioned by Nandan Nilekani, its founder. In an interview in 2012, Nilekani spoke about creating a "thriving application system" using Aadhaar for both the public and private sector.

Chowdhary said Swabhimaan Distribution Services registered as an Aadhaar authentication agency in November 2015, and the app was launched in January 2016.

TrustID, or Swabhimaan, is not the only private company that has signed up as an authentication agency for Aadhaar. A quick Google search throws up the name of Alankit, which wants to “provide Aadhaar Enabled Services to its beneficiaries, clients and customers and can further verify the correctness of the Aadhaar numbers provided ” .

This shows the authority entered into agreements with private companies well before the Aadhaar law was passed in Parliament. The companies were running ahead of legislation in a space unbounded by law, and the UIDAI supported them in this.

It is unclear how many private companies were sending requests for Aadhaar authentication. Scroll's questions to Harish Agrawal, the deputy director general of Aadhaar's Authentication and Application Division, remained unanswered.

In an interview to Business Standard, ABP Pandey, the director general of the UIDAI, said, "Usually what happens is that first a law is passed and thereafter the institutions are built and operations start. Here it has happened the other way around. The operations – the enrolment – is almost complete. The organisation is also there and has been working under executive orders. Now everything has to be kind of retrofitted in to the acts and the regulations."

Why is this problematic?

For one, allowing private companies to use the Aadhaar number shows that the government’s stated aims of Aadhaar are misleading.

Both in the Supreme Court and in Parliament, the government has pushed for the use of Aadhaar as an instrument of welfare delivery. It justified passing Aadhaar legislation as a Money Bill by emphasising its importance to its welfare schemes. But as the case of Swabhimaan shows, Aadhaar's uses clearly go well beyond what the Bill's preamble describes as the “targeted delivery of subsidies, benefits and services, the expenditure for which is incurred from the Consolidated Fund of India.”

Two, biometrics and unique identification numbers are a qualitatively new form of private information. As such, they bring unknown risks. India does not have a privacy law, and a law defining the use of biometrics and unique numbers is yet to be created. Delhi-based lawyer Apar Gupta said, “Even the Aadhaar Bill is yet to be approved by the president. Its rules are yet to be drafted. There is not enough legal guidance on its use.”

Three, companies like Swabhimaan would be in a position to construct databases of their own. Take TrustID. When it starts retaining Aadhaar numbers, and adds ratings to them, it creates a database of its own, which amounts to creating profiles of people.

Here, as Ramanathan said, the analogy with the networking site LinkedIn doesn't work. “When I have an account on LinkedIn, I update my data,” she said. But the TrustID app generates profiles out of the ratings that others give. Even if a prospective employee shares his/her Aadhaar number, it does not amount to free consent since getting a job hinges on giving that number.

In the future, companies could use Aadhaar numbers in unknown ways, for instance, to combine multiple databases – banks, telecom companies, hospitals – to create detailed profiles of you and me that they can monetise. In effect, Aadhaar becomes a commercial instrument for private companies, and not just a mechanism for the delivery of government welfare.

Gains for the government

Sunil Abraham, the executive director of the Centre for Internet and Society, further explained the risks that arise when databases are combined. He cited the example of OCEAN, the system created by researchers at the Indraprastha Institute of Information Technology to raise privacy awareness. OCEAN used publicly available information held by the government (voter identity card, PAN card, driving licence) to access details about citizens in Delhi. This public data was combined with people's Facebook and Twitter accounts, and the aggregated results were visualised as a family tree which showed information extending to a person’s parents, siblings and spouse.

"If a company like TrustID tied up with OCEAN, it can create a very detailed profile of an individual," said Abraham. "To continue with the example of a job-seeker, if a employer uses TrustID to verify applicants' identity or profiles, the App may combine a database like OCEAN to track that you logged into Twitter at, say 2 am on most nights. It can profile you as someone who might not turn up at work on time in the morning."

Abraham pointed out that the government too stands to gain by allowing private companies to use Aadhaar for authentication. "Use of authentication by private companies will mean UIDAI can have information on authentications performed on you, or by you, over time in the private sphere as well, say during such a job search," he said. For instance, when TrustID runs a search for your prospective employers using your Aadhaar number, the government knows you have applied for a job at certain companies. "This is unnecessary involvement of the government, giving it access to information in an area that it should not have access to."

Over time, such Aadhaar authentication for private services in companies, hospitals, or hotels will "help the government gain granular data on citizens", he said.

Perhaps that explains why the government rushed the Aadhaar Bill through Parliament, allowing little time and room for public debate.

For more details visit https://cis-india.org/internet-governance/news/scroll.in-march-24-2016-rajshekhar-anumeha-yadav-how-the-govt-gains-when-private-companies-use-aadhaar

Seven reasons why Parliament should debate the Aadhaar bill (and not pass it in a rush)

praskrishna — 2016-03-24T02:25:24Z

Critics say the Aadhaar Bill does not address concerns over privacy, even as government is rushing the Bill without adequate parliamentary scrutiny.

The blog post by Anumeha Yadav was published in Scroll.in on March 11, 2016. Pranesh Prakash was quoted.

Since it was launched by the United Progressive Alliance government in 2009, the Unique Identification project called Aadhaar has functioned without a legal framework. The project, which aims to assign a biometric-based number to every Indian resident, has been run under an executive order, which means Parliament has no oversight over it.

An Aadhaar Bill was introduced in 2010 but it was rejected by a parliamentary committee over legislative, security, and privacy concerns.

For long, critics have expressed concerns over collecting and centralising citizens' biometric data ‒ such as fingerprints and retina scans ‒ on a mass scale in the absence of a privacy law. The Supreme Court in several orders in 2014 and 2015 affirmed that the government cannot require people to register for an Aadhaar number and no one can be deprived of a government service for not having an Aadhaar number. The Supreme Court is now set to form a constitution bench to examine the contours of the right to privacy flowing from the government's arguments in the Aadhaar case.

Before the bench begins its work, however, the Modi government has introduced a new Bill on Aadhaar, which could override the court's orders.

The Aadhaar (Target Delivery of Financial and Other Subsidies, Benefits and Services) Bill was introduced on March 3 in Lok Sabha. Finance minister Arun Jaitley said the new Bill addresses concerns over privacy and the security and confidentiality of information.

But a close examination of the Bill shows several questions remain.

1. Does the Bill make it mandatory for you to get an Aadhaar number?
Yes, you may have to compulsorily enrol under Aadhaar, despite the privacy concerns explained in the sections below.

Four-time member of the Lok Sabha, Bhartruhari Mahtab of the Biju Janata Dal, was on the parliamentary committee on finance that examined the previous Aadhaar Bill introduced in 2010. He said the new Aadhaar Bill does not specify that it will not be made mandatory.

“There is duplicity over this issue,” said Mahtab. “Nandan Nilekani [the former chairperson of the Unique Identification Authority of India] repeatedly told us in the parliamentary committee that Aadhaar is not mandatory. The Supreme Court also said, 'You cannot make it mandatory.'”

But if a service agent asks for Aadhaar mandatorily, then as a beneficiary, citizens have no option but to get an Aadhaar number, Mahtab explained. “The government, or a private company, cannot force me to get an Aadhaar number," he said. "The government should bring a law that clearly says Aadhaar is not mandatory.”

A committee of experts on privacy, chaired by Justice AP Shah, had recommended in 2012 that the Bill should specify that individuals have the choice to opt-in or out-of providing their Aadhaar number, and a service should not be denied to individuals who do not provide their number. The Unique Identification Authority of India had then stated to the committee that the enrolment in Aadhaar is voluntary.

But the new Aadhaar Bill does not incorporate a categorical clause on opt-in and opt-out. Instead, it broadens the scope of Aadhaar. Jaitley said the Bill will allow the government to ask a citizen to produce an Aadhaar number to avail of any government subsidy. But section 7 of the Bill is phrased more broadly, and refers to not just subsidies but any “subsidy, benefit or service” for which expense is incurred on the Consolidated Fund of India, or the government treasury.

7. The Central Government or, as the case may be, the State Government may, for the purpose of establishing identity of an individual as a condition for receipt of a subsidy, benefit or service for which the expenditure is incurred from, or the receipt therefrom forms part of, the Consolidated Fund of India, require that such individual undergo authentication, or furnish proof of possession of Aadhaar number or in the case of an individual to whom no Aadhaar number has been assigned, such individual makes an application for enrolment: Provided that if an Aadhaar number is not assigned to an individual, the individual shall be offered alternate and viable means of identification for delivery of the subsidy, benefit or service.

As noted above, the proviso in section 7 is premised on the phrase: “if an Aadhaar number is not assigned”. This, along with language preceding in the section, indicates that a citizen may be compulsorily required to apply for enrolment.

Section 8 permits a “requesting entity” to utilise identity information for authentication with the Central Identities Data Repository. A “requesting entity” is defined under Section 2(u), and will include private entities.

2. Does the Bill allow Aadhaar authorities to share your personal data?
Yes, in the "interest of national security", a term that remains undefined.

Both legal experts and members of Parliament have flagged the provisions in the Bill on the circumstances in which users' data, including core biometrics information, can be shared.

The debate centres over the interception provisions in section 33.

In a piece in The Indian Express, Nandan Nilekani, the former chairperson of the issuing authority, stated that the Aadhaar Bill provides that no core biometric information can be shared, a principle without exception. “...Clause 29(1) is not overridden by Clause 33(2),” he noted.

However, a closer reading of the Bill shows this is not the case. Clause 33(2), in fact, does provide an exception to clause 29(1)(b):

33(2) Nothing contained in sub-section (2) or sub-section (5) of section 28 and clause (b) of sub-section (1), sub-section (2) or sub-section (3) of section 29 shall apply in respect of any disclosure of information, including identity information or authentication records, made in the interest of national security in pursuance of a direction of an officer not below the rank of Joint Secretary to the Government of India specially authorised in this behalf by an order of the Central Government

where, Section 29(1)(b) states:

29. (1) No core biometric information, collected or created under this Act, shall be — (b) used for any purpose other than generation of Aadhaar numbers and authentication under this Act.

Pranesh Prakash, a lawyer and policy director of the Centre for Internet and Society said: “This implies that the core biometric information, collected or created under the Aadhaar Act, may be used for purposes other than the generation of Aadhaar numbers and authentication 'in the interest of national security.'"

Legal experts point out that the phrase “national security” is undefined in the present bill, as well as the General Clauses Act, and thus the circumstances in which an individual's information may be disclosed remains open to interpretation.

Section 33(1) permits the disclosure of an individual's demographic information (but not biometrics) following an order by a district judge. It says that no such order shall be made without giving an opportunity of hearing to the UIDAI , but not to the person whose data is being disclosed.

3. Does the Bill protect you from interception and surveillance?
No, the Bill does not provide for transparency concerning covert surveillance.

Section 33(2), which permits disclosure of demographic and biometric pursuant to directions of the joint secretary in interest of national security, says such disclosures will be for three months initially, and a fresh renewal can be granted for another three months, without a limitation on the number of such renewals.

This can lead to a user being under continuous surveillance, and without any notification to the user even after the surveillance ceases, violating one of necessary and proportionate principles on communications surveillance related to user notification and right to effective remedy. In some countries, this principle has been incorporated in law. For example, in Canada, the law limits the time of wiretapping surveillance, and imposes an obligation to notify the person under surveillance within 90 days of the end of the surveillance, extendable to a maximum of three years at a time.

“The interception provisions are severely problematic," said Apar Gupta, a technology lawyer. "They are not open to independent scrutiny and even derogate from the already deficient practices which relate to phone tapping (Rule 419-A of the Telegraph Rules) and interception of data (Interception Rules, 2011).”

Legal scholar Usha Ramanathan pointed out that the Bill lacks provisions on giving notice to a person in case of breach of information, in case of third party use of data, or change in purpose of use of data – which were among provisions recommended by the Justice Shah Committee on Privacy in 2012.

4. Does the Bill allow you to seek redress in case of breach of information?
Yes, but the provisions are weak.

Government officials overseeing the project said that the 2016 Bill is an improvement over the 2010 Bill as it safeguards the information of those enrolled as per sections of the Information Technology Act, 2000.

But technology law experts say the adjudicatory system for disclosure of sensitive personal data under the IT Act has structural flaws and is not functional.

“Initial complaints against the disclosure of sensitive personal data go to an adjudicating officer who is usually the IT Secretary of the state government and may not be trained in law,” said Gupta, the technology lawyer. “There is no court infrastructure and no permanent seat for such cases. The appellate body, the Cyber Appellate Tribunal, has not been made operational in the last three years. Hence, the civil remedies offered [in the Aadhaar Bill] are at best illusionary and unenforceable.”

5. Does the Bill give you the right to alter your information?
No, it leaves you to the mercy of the Unique Identification Authority of India.

Imagine a situation where a user simply wants to change their first or last name, or say, not use their caste name. Under Section 31 of the Bill, individuals can only request the UID authority, which may do so “if it is satisfied”. There is no penalty on the authority if it fails to respond. The Bill does not provide for a user to even be able to approach a court to ask for their information relating to Aadhaar to be corrected.

International norms for data protection give individuals the right to correct and alter information, if their demographic data changes. They provide for individuals to have a copy of their information, and to approach courts for an order to rectify, block, erase inaccurate information.

In an interview to Mint, Sunil Abraham, director of the Centre for Internet and Society, compared the rights of Aadhaar users to the rights we now take for granted as internet users. “Authentication factors [biometrics in the case of Aadhaar], commonly known as passwords, should always be revocable,” noted Abraham. “That means if the password is compromised, you should be able to change the password or at least say that this password is no longer valid.” In its current form, the Aadhaar Bill gives users no such rights.

6. Is the current Bill an improvement over the previous one?
Not really.

The Aadhaar Bill 2016 provides that the renewals of requests for disclosure of data will be reviewed by an oversight committee consisting of the cabinet secretary and the secretaries in the department of legal affairs and the department of electronics and information technology.

This is a watered down version of the provisions in the previous Unique Identification Authority of India 2010 Bill, said Chinmayi Arun, executive director, Centre for Communication Governance at the National Law University Delhi.

“The previous version or the 2010 Bill provided for a three-member review committee, consisting of the nominees of the prime minister, the leader of the opposition, and a third nominee of a union cabinet minister, with the restriction that these nominees could not be a member of parliament or a member of a political party,” Arun said. “This would be a more independent committee than the one proposed now, wherein there will be executive oversight for executive orders."

Regarding penalties, the previous 2010 Bill made copying, deleting, stealing, or altering information in the Central Identities Data Repository, punishable with a jail term of upto three years and a fine not less than Rs 1 crore.

Section 38 of the new Aadhaar Bill now makes the same offence punishable with a jail term of upto three years and reduces the upper limit of the fine to “not less than ten lakh rupees”.

7. Finally, does the Aadhaar Bill have enough parliamentary scrutiny?
The government has introduced the legislation on Aadhaar in the form of a Money Bill, which means the power of the Rajya Sabha to review and amend the Bill is curtailed ‒ if the Speaker Sumitra Mahajan certifies that this is a Money Bill.

The parliamentary committee on finance under Bharatiya Janata Party MP Yashwant Sinha had rejected the previous Bill in December 2011 citing legislative, security, and privacy concerns. Despite this, two successive Prime Ministers – Manmohan Singh and Narendra Modi – have pushed ahead with Aadhaar project.

A common refrain has been that the unique biometric identity will resolve the problem of the poor in India to prove identity and overcome "one of the biggest barriers preventing the poor from accessing benefits and subsidies." But last April, the UIDAI in response to an RTI application revealed that of 83.5 crore Aadhaar numbers issued till then, 99.97% were issued to people who already had at least two existing identification documents, only 0.21 million (0.03%) used the "introducer system" that provides an exception to those lacking identity proof.

More recently, there has been no public consultation by the government over the latest Bill.

For more details visit https://cis-india.org/internet-governance/news/scroll.in-anumeha-yadav-march-24-2016-seven-reasons-why-parliament-should-debate-the-aadhaar-bill-and-not-pass-it-in-a-rush

Debate: Five Aadhaar Myths that Don’t Stand Up to Scrutiny

praskrishna — 2016-04-01T15:48:17Z

We need to reboot the Aadhaar debate by asking why we want to create a centralised biometric database of Indian residents in the first place.

The article by Reetika Khera was published in the Wire on March 23, 2016.

A recent article, ‘Identification simplified, myths busted’, by Piyush Peshwani and Bhuwan Joshi (hereafter, Peshwani & Joshi) makes some questionable claims about the UID project. Peshwani & Joshi’s strategy appears to be to ignore those questions to which they do not have an answer (e.g., that Aadhaar is mostly redundant as far as NREGA, PDS, etc., are concerned). For others, they cherry-pick ‘facts’ without acknowledging the debates surrounding those facts. Here is a selection.

#1: To get Aadhaar, you need a Proof of ID (PoID) and Proof of address (PoA)

Peshwani & Joshi: “For many, Aadhaar is perhaps the first document of their existence – a robust proof of their identity and address that can be verified online. No more closed doors for them!”

Peshwani & Joshi: “The Demographic Data Standards and Verification Procedures committee prescribes a list of valid 18 proof of identity and 33 valid proof of address documents for getting an Aadhaar.”

Fact: In fact, 99.97% of those who have Aadhaar, used PoID and PoA to get it. For those who have neither, there is an “introducer system”, but according to a reply to an RTI request, only 0.03% of those who have the Aadhaar number used this route.

As far as closed doors are concerned, Aadhaar does not guarantee any benefits: work through NREGA, widow or old-age pensions or PDS rations. There are separate eligibility conditions for those programmes which continue to apply.

#2 On costs

Peshwani & Joshi: “Does it justify the cost? Yes, absolutely, according to the World Bank, which said the initiative is estimated to be saving the Indian government about $1 billion annually by thwarting corruption, even as it underlined that digital technologies promote inclusion, efficiency and innovation.”

Fact: Savings due to the use of Aadhaar have been disputed. The government has claimed it has saved Rs. 14,672 crore on LPG subsidies due to Aadhaar while they are likely lower – by a factor of 100 (see Business Standard or Wall Street Journal).

Peshwani & Joshi: “Even before the World Bank’s endorsement of Aadhaar, the Delhi-based National Institute of Public Finance and Policy (NIPFP) conducted a detailed cost-analysis study on Aadhaar in 2012… the study found that the Aadhaar project would yield an internal rate of return in real terms of 52.85% to the government.”

Fact: The NIPFP cost-benefit was based on unrealistic assumptions – e.g., estimates of leakages that Aadhaar could plug were available for only two out of seven schemes; for the rest, they assumed leakage rates which are termed ‘conservative’, but are actually not.

In their response, the NIPFP team admitted that “a full-fledged cost benefit analysis of Aadhaar is difficult” because “many gains from Aadhaar are difficult to quantify because they are intangible” and, “even if in specific schemes there may be tangible benefits, the information available on those schemes does not permit a precise quantification of those benefits.”

They went on to say that “The study has steered away from relying exclusively on analyses of isolated and small sample sets”. What evidence did the NIPFP study rely on? “For ASHAs, Janani Suraksha Yojana and scholarships, no analysis, large or small has been used. For the Indira Awaas Yojana, the three analyses relied on exclusively are a Times of India news report, a press release based on a discussion in Parliament and a “Scheme Brief” by the Institute for Financial Management and Research (IFMR). Interestingly, the corruption estimate in the IFMR brief cross-refers to the Times of India article (apart from a CAG report)!” (Khera, 2013)

#3 De-duplication

Peshwani & Joshi: “Aadhaar means no fake, ghost or duplicate beneficiaries. Double-dipping will become more and more difficult with Aadhaar, a number that is well de-duplicated with the use of biometrics.”

Fact: De-duplication is one possible contribution of Aadhaar – but that needs biometrics, not a centralised biometric database. Local biometrics (used extensively in Andhra Pradesh before UID) mean that biometric data is stored by the concerned government department or on the local e-POS machine’s memory chip. It has the advantage that connectivity is not required (you are authenticated by the machine), errors and corrections can be correctly locally, making it more practical. The distinction between a local and centralised database is important (see #5 below).

Further, no one has a reliable estimate of the duplication problem. Two government estimates of duplicates exist: the Dhande committee for LPG (2%) and in NREGA job cards from the Government of Andhra Pradesh (also 2%).

#4 Exclusion

Peshwani & Joshi: “As far as exclusion in delivery of other services due to biometric authentication accuracy is concerned, it is important to go beyond scratching the surface.”

Fact: When the PDS was integrated with Aadhaar: “The Andhra Pradesh Food and Civil Supplies Corporation found that…nearly one-fifth ration card holders did not buy their ration.” Further, “When the government delved deeper in the issue, it was found that out of the 790 cases interviewed for the study, 400 reported exclusion. Out of the excluded cases, 290 were due to fingerprint mismatch and 93 were because of Aadhaar card mismatch. The remaining 17 cases were due to failure of E-PoS.” More here.

Moreover, Peshwani & Joshi pick one definition of ‘exclusion’ (due to biometric failure) when in fact, exclusion has a broader meaning. For instance, “In Chitradurga (Karnataka), Rs.100-150 million in wages from 2014-15 were held up for a year. When payments were being processed, their job cards could not be traced in NREGAsoft. Upon enquiry, the district administration learnt field staff had deleted them to achieve ‘100% Aadhaar-seeding’.”

#5 Profiling and privacy violations

Peshwani & Joshi: “A prominent criticism of Aadhaar is that it ‘profiles’ people.” …“Most of us have one or more identity/address documents, such as a passport, ration card, PAN card, driving licence, vehicle registration documents or a voter ID card. The government departments managing these already have our data. Aadhaar is no different. We give our data to banks, to insurance companies and to telecom companies for accounts, policies and mobile connections.”

Fact: That’s like saying BJP can be more corrupt because the Congress was corrupt. Instead we need to engage more seriously with the work of Sunil Abraham, Amber Sinha and others at the Centre of Internet and Society. There are crucial differences between Aadhaar and Social Security Number in the US, see this. Malavika Jayaram listed the UID project among a slew of “big brother” projects facilitating mass surveillance in India.

Conclusion

The debate on UID tends to begin with the premise that Aadhaar is necessary for ‘good governance’. Those claims of the UIDAI have long been demolished. In a nutshell, Aadhaar cannot help identify the poor, its possession does not guarantee inclusion into government social welfare (go to #1). It cannot reduce PDS or NREGA corruption as claimed in their early documents. Thankfully, PDS–NREGA corruption has been on the decline without Aadhaar – more needs to be done. (More details? Try this and this.)

Bihar shows how much corruption in the PDS can be reduced without Aadhaar. Credit: Reetika Khera

Aadhaar is not required for portability of benefits or for cash transfers. Cash transfers need bank accounts. To get a bank account, you need a proof of ID and a proof of address (go to #1). Aadhaar can help de-duplicate, but so can local biometrics (go to #3). We need to “reboot” the Aadhaar debate, starting on the right terms – why exactly do we need to create a centralised biometric database of Indian residents?

For more details visit https://cis-india.org/internet-governance/news/the-wire-march-23-2016-reetika-khera-debate-five-aadhaar-myths-that-dont-stand-up-to-scrutiny

In India, Biometric Data Storage Sparks Demands for Privacy Laws

praskrishna — 2016-03-23T02:27:05Z

In India, calls for strict privacy laws are growing after this week's passage of a measure that allows federal agencies access to biometric data of the nation's citizens, the world's largest such repository.

The article by Anjana Pasricha was published in Voice of America on March 18, 2016. Pranesh Prakash gave inputs.

The government says the use of biometrics will help cut rampant graft in the distribution of subsidies, but activists and opposition lawmakers warn it could usher in an era of increased state surveillance.

Raghubir Gaur, who works as an electrician in the capital, New Delhi, says he has never collected subsidized rations such as wheat and rice, because “somebody else has been taking the rations I should have gotten.” Now, with a national proof of identity, or "Aadhaar" card in his hands, Gaur says he is confident he will be able to access his designated subsidies.

The Aadhaar card is being used to give welfare benefits to the poor, who often cannot provide any proof identity, allowing corrupt officials to siphon entitlements.

The government says it has saved nearly $2 billion by preventing misuse of the subsidies in the last fiscal year alone.

Critics fear ‘police state’

Civil activists and research groups, however, have dubbed the Aadhaar program “surveillance technology” that constitutes a serious breach of privacy. They point to identity-verification systems in other countries, where cards or identification numbers are used for verification without creating a gigantic central database that documents every last transaction.

Indeed, the Aadhaar database also stores fingerprints and iris scans of every account holder, labeling each with a 12-digit identification number.

Concerns that this could lead to a massive invasion of privacy have been heightened because the new law allows the data to be used “in the interest of national security.”

“From verifying yourself to the ticket conductor on a train to someone who is delivering something at your house, all the way to opening a new bank account, all these transactions get logged against the centralized data base," says Pranesh Prakash of the Center for Internet and Society in Bangalore. "So this invades your life completely and thoroughly.”

Some lawyers and privacy advocates say this has made it even more important to support a strong privacy law to ensure the huge government database isn't misused.

Finance Minister Arun Jaitley has defended the biometrics legislation, saying the data will be accessed only in rare cases that require authorization by a senior official.

“You mark my words, you are midwifing a police state,” said lawmaker Asaduddin Owaisi, just one parliamentarian opposed passage of the legislation and found no comfort in Jaitley's assurances.

Fraud concerns

Despite objections, the bill was passed by legislators who argued that such a move is critical to ensuring subsidies reach intended beneficiaries in a country where millions are poor and illiterate.

Attempts to draft a right to privacy bill to protect individuals against misuse of data by government or private agencies date back to 2010, but have made little headway. The latest push started in 2014.

Citing a cyberattack targeting the U.S. government, in which a hacker gained access to the information of millions of people, research groups have also flagged security concerns around India’s ambitious Aadhaar program.

“If this database gets leaked, the entire identification system collapses because people will be able to authenticate themselves as anyone else. So identity fraud is a great concern,” said Prakash of the Center for Internet and Society.

Nearly one billion biometric identity cards have been issued in India in the last six years.

For more details visit https://cis-india.org/internet-governance/news/voice-of-america-anjana-pasricha-march-18-2016-in-india-biometric-data-storage-sparks-demands-for-privacy-laws