We are anonymous, we are legion

Best Practices Meet

praskrishna — 2014-08-06T06:25:20Z

The Best Practices Meet 2014 is being organized by DSCI at Hotel Leela Palace on July 9, 2014. Sunil Abraham will participate as a panelist at the event.

SMAC: new paradigm for Security?

Convergence of Social, Mobile, Analytics, and Cloud, is collectively referred as SMAC technologies. The success of social media products and sites such as Facebook, Twitter, Linkedin many more has been driving organizations’ investment in social computing. Mobile is another example of how technologies invented initially for personal use, entrenched itself into the enterprise ecosystem. Social computing and mobile blurs the boundaries between personal, social and business transactions. They lead to the explosion of information, which provides interesting insights, critical for business benefits. This reflects in huge impetus that has been seen in analytics, widely known as Big Data analytics. On the other hand, cloud brings completely new paradigm of organizing entperise IT, developing new products and services and delivering consumer experiences.

Increasing adoption of SMAC stack by enterprises breaks the existing paradigm of security. The data explosion on mobile devices exposes organizations’ information to inadvertent loss of revenue and brand value. Malicious applications may steal vital information stored on an employee’s mobile device and pave the way for a major data breach. Web application attacks remain the most significant threat for environments of cloud-hosting providers, amongst other apprehensions about data security. Data sovereignty also continue to pose serious concerns, which organizations need to tackle while moving their data to the cloud. Big data facilitates advanced analytics; however, requires protection from intrusion, corruption and securing its access. Furthermore, social media platforms are continuously exploited to launch malicious content and stealthy payload on devices. Social technologies are also plagued by the use of malicious techniques to mine confidential personal information under the guise of innocuous looking web pages via social engineering techniques.

Apart from security concerns, privacy supposed to be a big causality, as each component of the SMAC stack is considered intrusive enough to compromise the personal rights. Convergence and nexus of them add to the woes.

The collaborative and cumulative effect of all of these technologies working in unison essentially magnifies the efforts of the organizations that are able to wield them effectively. This evolution is challenging the ability of current security capabilities to address business critical risks. The way forward for organizations would be to understand the perspective of end users and IT infrastructure in terms of its integration with any or all the elements of SMAC. The organizations will have to deal with the new paradigm of security that will take them to more scalable, granualar, complex, independent and diverse challenges.

The DSCI Best Practices Meet, 2014 brings the security community and other stakeholders together, to deliberate and ponder over these diverse set of issues and challenges. It is aimed at deliberating on the new security paradigm from the perspectives of public policy, enterprise strategies, technology and practices.

Click to download the agenda and other details here.

For more details visit https://cis-india.org/news/best-practices-meet-2014

Delhi High Court Orders Blocking of Websites after Sony Complains Infringement of 2014 FIFA World Cup Telecast Rights

sinha — 2014-07-08T07:02:16Z

Of late the Indian judiciary has been issuing John Doe orders to block websites, most recently in Multi Screen Media v. Sunit Singh and Others. The order mandated blocking of 472 websites, out of which approximately 267 websites were blocked as on July 7, 2014. This trend is an extremely dangerous one because it encourages flagrant censorship by intermediaries based on a judicial order which does not provide for specific blocking of a URL, instead provides for blocking of the entire website.

The High Court of Delhi on June 23, 2014 issued a John Doe injunction restraining more than 400 websites from broadcasting 2014 FIFA world cup matches. News reports indicate that the Single judge bench of Justice V. Kameswar Rao directed the Department of Telecom to issue appropriate directions to ISPs to block the websites that Multi Screen Media provided, as well as “any other website identified by the plaintiff” in the future. On July 4, Justice G. S. Sistani permitted reducing the list to 219 websites.

Background

Multi Screen Media (MSM) is the official broadcaster for the ongoing 2014 FIFA World Cup tournament. FIFA (the Governing body) had exclusively licensed rights to MSM which included live, delayed, highlights, on demand, and repeat broadcast of the FIFA matches. MSM complained that the defendants indulged in hosting, streaming, providing access to, etc, thereby infringing the exclusive rights and broadcast and reproduction rights of MSM.

The court in the instant order held that the defendants had prima facie infringed MSM’s broadcasting rights, which are guaranteed by section 37 of the Copyright Act, 1957. In an over-zealous attempt to pre-empt infringement the court called for a blanket ban on all websites identified by MSM. Further, the court directed the concerned authorities to ensure ISPs complied with this order and block the websites mentioned by MSM presently, and other websites which may be subsequently be notified by MSM.

Where the Court went Wrong

The court stated that MSM successfully established a prima facie case, and on its basis granted a sweeping injunction to MSM ordering blocking 471 second level domains. I’d like to point out numerous flaws with the order-

Dissatisfactory "Prima facie case"

In my opinion the court could have scrutinised the list of websites provided by MSM more carefully. There is nothing in the order to suggest that evidence was proffered by MSM in support of the list. The order reveals that the list was prepared by MarkScan, a “consulting boutique dedicated to (the client’s) IP requirements in the cyberspace and the Indian sub-continent.” The list throws up names such as docs.google.com, goo.gl & ad.ly (provide URL shortening service only), torrent indexing websites, IP addresses, online file streaming websites, etc., at a cursory glance. Evidently, perfectly legitimate websites have been targeted by an ill conducted search and shoddily prepared list which may lead to blocking of legitimate content on account of no verification by the court. 471 websites out of 472 mentioned in the first list are second level domains and 23 websites have been listed twice.

2. Generic order which abysmally fails to identify specific infringing URLS

Out of the 472 websites (list provided in the order by MarkScan)-

471 are file streaming websites, video sharing websites, file lockers, URL shorteners, file storage websites; only one is a specific URL [http://www.24livestreamtv.com/brazil-2014-fifa-world-cup-football-%20%C2%A0%C2%A0live-streaming-online-t ].

The order calls for blocking of complete websites. This is in complete contradiction to the 2012 Madras High Court’s order in R K Productions v BSNL which held that only a particular URL where the infringing content is kept should be blocked, rather than the entire website. The Madras High Court order had also made it mandatory for the complainants to provide exact URLs where they find illegal content, such that ISPs could block only that content and not the entire site. MSM did not adhere to this and I have serious doubts if the defendants brought the distinguishing Madras High Court judgment to the attention of the bench. The entire situation is akin to MarkScan scamming MSM by providing their clients a dodgy list, and MSM scamming the court and the public at large.

3. Lack of Transparency – Different blocking messages on different ISPs

The message displayed uniformly on blocked websites was:

"This website/URL has been blocked until further notice either pursuant to court orders or on the directions issued by the Department of Telecommunications."

I observed that a few websites showed the message “Error 404 – File or Directory not found” without the blocking message (above) on the network provider Reliance, and same Error 404 with the blocking message on the network provider Airtel highlighting the non-transparent manner of adherence to the order. Further, both the messages do not indicate the end period of the block.

Legality of John Doe orders in Website Blocking

It is pertinent to reiterate the ‘misuse’ of John Doe orders to block websites in India. The judiciary has erred in applying the John Doe order to protect copyrightable content on the internet. While the R K Productions v BSNL case appears reasonable in terms of permitting blocking of only URL specific content, the application of John Doe order to block websites remains unfounded in law. Ananth Padmanabhan in a three part study (Part I, II and III) had earlier analysed the improper use of John Doe injunctions to block websites in India. The John Doe order was conceived by US courts to pre-emptively remedy the irreparable damages suffered by copyright holders on account of unidentified/unnamed infringers. The interim injunction allowed collection of evidence from infringers, who were identified later as certain defendants and the final relief was accordingly granted. The courts routinely advocated judicious use of the order, and ensured that the identified defendants were provided and informed of their right to apply to the court within twenty four hours for a review of the order and a right to claim damages in an appropriate case. Therefore, the John Doe order applied against primary infringers per se.

On the other hand, whilst extending this remedy in India the courts have unfortunately placed onus on the conduit i.e. the ISP to block websites. This is tantamount to providing final relief at the interim stage, since all content definitely gets blocked; however, this hardly helps in identifying the actual infringer on the internet. The court is prematurely doling out blocking remedies to the complaining party, which, legally speaking should be meted out only during the final disposition of the case after careful examination of the evidence available. Thus, the intent of a John Doe order is miserably lost in such an application. Moreover, this lends an arbitrary amount of power in the hands of intermediaries since ISPs may or may not choose to approach the court for directions to specifically block URLs which provide access to infringing content only.

For more details visit https://cis-india.org/internet-governance/blog/delhi-high-court-orders-blocking-of-websites-after-sony-complains-infringement-of-2014-fifa-world-cup-telecast-rights

COAI, Centre for Internet & Society to hold pan-India meetings on privacy issues

praskrishna — 2014-07-07T07:37:34Z

In order to discuss possible legal frameworks to enable surveillance of voice and data communications in India, the Cellular Operators' Association of India (COAI) along with the Centre for Internet and Society (CIS) will hold seven roundtable meetings across the country in the coming weeks on privacy and surveillance issues.

Originally published by IANS on July 4, 2014 the news was mirrored in the Times of India, NDTV, Business Standard, Economic Times, and World News on the same day. Bhairav Acharya gave his inputs.

The recommendations and dialogues from each of these roundtables will be compiled and submitted to the relevant ministries of the government, a statement issued by COAI said here on Friday.

The roundtable meetings will take place in Mumbai, Ahmedabad, Hyderabad, Bangalore, Chennai and twice in New Delhi.

These roundtables are closed-door meetings involving multiple stakeholders such as the industry leaders, policy makers, and experts from the legal fraternity and civil society.

In the era of freedom, when data connectivity via the internet, has emerged as one of the most powerful tools for communications, infringement of customer privacy by government agencies through telecom networks have forced the industry to initiate discussions on the international best practices on communications privacy and surveillance, and the relevant Indian jurisprudence.

"COAI, with the Centre for Internet and Society has taken this initiative by bringing the relevant stakeholders on a common platform to discuss the matter to arrive at an acceptable conclusion," COAI Director General Rajan S Mathews said.

According to Bhairav Acharya, who advises the CIS: "Legal reform is necessary to identify the limits of permissible surveillance, the protection of privacy, the procedure of intercepting communications, the expectations of service providers, and freedom of all Indians. The law must keep up with technological advancements to create a balanced, proportionate and fair mechanism to enable and regulate surveillance. This will serve India’s national interest."

For more details visit https://cis-india.org/news/ians-july-4-2014-coai-cis-to-hold-pan-india-meetings-on-privacy-issues

The Constitutionality of Indian Surveillance Law: Public Emergency as a Condition Precedent for Intercepting Communications

bedaavyasa — 2014-08-04T04:52:42Z

Bedavyasa Mohanty analyses the nuances of interception of communications under the Indian Telegraph Act and the Indian Post Office Act. In this post he explores the historical bases of surveillance law in India and examines whether the administrative powers of intercepting communications are Constitutionally compatible.

Introduction

State authorised surveillance in India derives its basis from two colonial legislations; §26 of the Indian Post Office Act, 1898 and §5 of the Telegraph Act, 1885 (hereinafter the Act) provide for the interception of postal articles[1] and messages transmitted via telegraph[2] respectively. Both of these sections, which are analogous, provide that the powers laid down therein can only be invoked on the occurrence of a public emergency or in the interest of public safety. The task of issuing orders for interception of communications is vested in an officer authorised by the Central or the State government. This blog examines whether the preconditions set by the legislature for allowing interception act as adequate safeguards. The second part of the blog analyses the limits of discretionary power given to such authorised officers to intercept and detain communications.

Surveillance by law enforcement agencies constitutes a breach of a citizen’s Fundamental Rights of privacy and the Freedom of Speech and Expression. It must therefore be justified against compelling arguments against violations of civil rights. Right to privacy in India has long been considered too ‘broad and moralistic’[3] to be defined judicially. The judiciary, though, has been careful enough to not assign an unbound interpretation to it. It has recognised that the breach of privacy has to be balanced against a compelling public interest [4] and has to be decided on a careful examination of the facts of a certain case. In the same breath, Indian courts have also legitimised surveillance by the state as long as such surveillance is not illegal or unobtrusive and is within bounds [5]. While determining what constitutes legal surveillance, courts have rejected “prior judicial scrutiny” as a mandatory requirement and have held that administrative safeguards are sufficient to legitimise an act of surveillance. [6]

Conditions Precedent for Ordering Interception

§§5(2) of the Telegraph Act and 26(2) of the Indian Post Office Act outline a two tiered test to be satisfied before the interception of telegraphs or postal articles. The first tier consists of sine qua nons in the form of an “occurrence of public emergency” or “in the interests of public safety.” The second set of requirements under the provisions is “the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of an offence.” While vesting the power of interception in administrative officials, the sections contemplate a legal fiction where a public emergency exists and it is in the interest of sovereignty, integrity, security of the state or for the maintenance of public order/ friendly relations with foreign states. The term “public emergency,” however, has not been clearly defined by the legislature or by the courts. It thus vests arbitrary powers in a delegated official to order the interception of communication violating one’s Fundamental Rights.

Tracing the History of the Expression “Public Emergency”

The origins of the laws governing interception can be traced back to English laws of the late 19th Century; specifically one that imposed a penalty on a postal officer who delayed or intercepted a postal article.[7] This law guided the drafting of the Indian Telegraph Act in 1885 that legitimised interception of communications by the state. The expression “public emergency” appeared in the original Telegraph Act of 1885 and has been adopted in that form in all subsequent renderings of provisions relating to interception. Despite the contentious and vague nature of the expression, no consensus regarding its interpretation seems to have been arrived at. One of the first post-independence analyses of this provision was undertaken by the Law Commission in 1968. The 38th Law Commission in its report on the Indian Post Office Act, raised concerns about the constitutionality of the expression. The Law Commission was of the opinion that the term not having been defined in the constitution cannot serve as a reasonable ground for suspension of Fundamental Rights.[8] It further urged that a state of public emergency must be of such a nature that it is not secretive and is apparent to a reasonable man.[9] It thus challenged the operation of the act in its then current form where the determination of public emergency is the discretion of a delegated administrative official. The Commission, in conclusion, implored the legislature to amend the laws relating to interception to bring them in line with the Constitution. This led to the Telegraph (Amendment) Act of 1981. Questions regarding the true meaning of the expression and its potential misuse were brought up in both houses of the Parliament during passing of the amendment. The Law Ministry, however, did not issue any additional clarifications regarding the terms used in the Act. Instead, the Government claimed that the expressions used in the Act are “exactly those that are used in the Constitution.” [10] It may be of interest to note here that the Constitution of India, neither uses nor defines the term “public emergency.” Naturally, it is not contemplated as a ground for reasonably restricting Fundamental Rights provided under Article 19(1). [11] Similarly, concerns regarding the potential misuse of the powers were defended with the logically incompatible and factually inaccurate position that the law had not been misused in the past.[12]

Locating “Public Emergency” within a Proclamation of Emergency under the Constitution (?)

Public emergency in not equivalent to a proclamation of emergency under Article 352 of the Constitution simply because it was first used in legislations over six decades before the drafting of the Indian Constitution began. Besides, orders for interception of communications have also been passed when the state was not under a proclamation of emergency. Moreover, public emergency is not the only prerequisite prescribed under the Act. §5(2) states that an order for interception can be passed either on the occurrence of public emergency or in the interest of public safety. Therefore, the thresholds for the satisfaction of both have to be similar or comparable. If the threshold for the satisfaction of public emergency is understood to be as high as a proclamation of emergency then any order for interception can be passed easily under the guise of public safety. The public emergency condition will then be rendered redundant. Public emergency is therefore a condition that is separate from a proclamation of emergency.

In a similar vein the Supreme Court has also clarified[13] that terms like “public emergency” and “any emergency,” when used as statutory prerequisites, refer to the occurrence of different kinds of events. These terms cannot be equated with one another merely on the basis of the commonality of one word.

The Supreme Court in Hukam Chand v. Union of India,[14] correctly stated that the terms public emergency and public safety must “take colour from each other.” However, the court erred in defining public emergency as a situation that “raises problems concerning the interest of the public safety, the sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order or the prevention of incitement to the commission of an offence.” This cyclic definition does not lend any clarity to the interpretive murk surrounding the term. The Act envisages public emergency as a sine qua non that must exist prior to a determination that there is a threat to public order and sovereignty and integrity of the state. The court’s interpretation on the other hand would suggest that a state of public emergency can be said to exist only when public order, sovereignty and integrity of the state are already threatened. Therefore, while conditions precedent exist for the exercise of powers under §5(2) of the Act, there are no objective standards against which they are to be tested.

Interpretation of Threshold Requirements

A similar question arose before the House of Lords in Liversidge v. Anderson.[15] The case examined the vires of an Act that vested an administrative authority with the conditional power to detain a person if there was reasonable cause to believe that the person was of hostile origin. Therein, Lord Atkin dissenting with the majority opinion stated in no unclear terms that power vested in the secretary of state was conditional and not absolute. When a conditional authority is vested in an administrative official but there aren’t any prescriptive guidelines for the determination of the preconditions, then the statute has the effect of vesting an absolute power in a delegated official. This view was also upheld by the Supreme Court in State of Madhya Pradesh v. Baldeo Prasad.[16] The court was of the opinion that a statute must not only provide adequate safeguards for the protection of innocent citizens but also require the administrative authority to be satisfied as to the existence of the conditions precedent laid down in the statute before making an order. If the statute failed to do so in respect of any condition precedent then the law suffered from an infirmity and was liable to be struck down as invalid.[17] The question of the existence of public emergency, therefore being left to the sole determination of an administrative official is an absolute and arbitrary power and is ultra vires the Constitution

Interestingly, in its original unamended form, §5 contained a provisio stating that a determination of public emergency was the sole authority of the secretary of state and such a finding could not be challenged before a court of law. It is this provision that the government repealed through the Telegraph (Amendment) Act of 1981 to bring it in line with Constitutional principles. The preceding discussion shows that the amendment did not have the effect of rectifying the law’s constitutional infirmities. Nonetheless, the original Telegraph Act and its subsequent amendment are vital for understanding the compatibility of surveillance standards with the Constitutional principles. The draconian provisio in the original act vesting absolute powers in an administrative official illustrates that the legislative intent behind the drafting of a 130 year law cannot be relied on in today’s context. Vague terms like public emergency that have been thoughtlessly adopted from a draconian law find no place in a state that seeks to guarantee to its citizens rights of free speech and expression.

Conclusion

Interception of communications under the Telegraph Act and the Indian Post office act violate not only one’s privacy but also one’s freedom of speech and expression. Besides, orders for the tapping of telephones violate not only the privacy of the individual in question but also that of the person he/she is communicating with. Considering the serious nature of this breach it is absolutely necessary that the powers enabling such interception are not only constitutionally authorised but also adequately safeguarded. The Fundamental Rights declared by Article 19(1) cannot be curtailed on any ground outside the relevant provisions of Cls. 2-6.[18] The restrictive clauses in Cls. (2)-(6) of Article 19 are exhaustive and are to be strictly construed.[19] Public emergency is not one of the conditions enumerated under Article 19 for curtailing fundamental freedoms. Moreover, it lacks adequate safeguards by vesting absolute discretionary power in a non-judicial administrative authority. Even if one were to ignore the massive potential for misuse of these powers, it is difficult to conceive that the interception provisions would stand a scrutiny of constitutionality.

Over the course of the last few years, India has been dangerously toeing the line that keeps it from turning into a totalitarian surveillance state. [20] In 2011, India was the third most intrusive state[21] with 1,699 requests for removal made to Google; in 2012 that number increased to 2529[22]. The media is abuzz with reports about the Intelligence Bureau wanting Internet Service Providers to log all customer details [23] and random citizens being videotaped by the Delhi Police for “looking suspicious.” It becomes essential under these circumstances to question where the state’s power ends and a citizens’ privacy begins. Most of the information regarding projects like the CMS and the CCTNS is murky and unconfirmed. But under the pretext of national security, government officials have refused to divulge any information regarding the kind of information included within these systems and whether any accountability measures exist. For instance, there have been conflicting opinions from various ministers regarding whether the internet would also be under the supervision of the CMS [24]. Even more importantly, citizens are unaware of what rights and remedies are available to them in instances of violation of their privacy.

The intelligence agencies that have been tasked with handling information collected under these systems have not been created under any legislation and therefore not subject to any parliamentary oversight. Attempts like the Intelligence Services (Powers and Regulation) Bill, 2011 have been shelved and not revisited since their introduction. The intelligence agencies that have been created through executive orders enjoy vast and unbridled powers that make them accountable to no one[25]. Before, vesting the Indian law enforcement agencies with sensitive information that can be so readily misused it is essential to ensure that a mechanism to check the use and misuse of that power exists. A three judge bench of the Supreme Court has recently decided to entertain a Public Interest Litigation aimed at subjecting the intelligence agencies to auditing by the Comptroller and Auditor General of India. But the PIL even if successful will still only manage to scratch the surface of all the wide and unbridled powers enjoyed by the Indian intelligence agencies. The question of the constitutionality of interception powers, however, has not been subjected to as much scrutiny as is necessary. Especially at a time when the government has been rumoured to have already obtained the capability for mass dragnet surveillance such a determination by the Indian courts cannot come soon enough.

[1] Indian Post Office Act, 1898, § 26

[2] Indian Telegraph Act, 1885 § 5(2)

[3] PUCL v. Union of India, AIR 1997 SC 568

[4] Govind vs. State of Madhya Pradesh, (1975) 2 SCC 148

[5] Malak Singh vs. State Of Punjab & Haryana, AIR 1981 SC 760

[6] Supra note 3

[7] Law Commission, Indian Post Office Act, 1898 (38^th Law Commission Report) para 84

[8] ibid

[9] id

[10] Lok Sabha Debates , Minister of Communications, Shri H.N. Bahuguna, August 9, 1972

[11] The Constitution of India, Article 358- Suspension of provisions of Article 19 during emergencies

[12] Lok Sabha Debates , Minister of Communications, Shri H.N. Bahuguna, August 9, 1972

[13] Hukam Chand v. Union of India, AIR 1976 SC 789

[14] ibid

[15] Liversidge v. Anderson [1942] A.C. 206

[16] State of M.P. v. Baldeo Prasad, AIR 1961 (SC) 293 (296)

[17] ibid

[18] Ghosh O.K. v. Joseph E.X. Air 1963 SC 812; 1963 Supp. (1) SCR 789

[19] Sakal Papers (P) Ltd. v. Union of India, AIR 1962 SC 305 (315); 1962 (3) SCR 842

[20] See Notable Observations- July to December 2012, Google Transparency Report, available at http://www.google.com/transparencyreport/removals/government/ (last visited on July 2, 2014) (a 90% increase in Content removal requests by the Indian Government in the last year)

[21] Willis Wee, Google Transparency Report: India Ranks as Third ‘Snoopiest’ Country, July 6, 2011 available at http://www.techinasia.com/google-transparency-report-india/ (last visited on July 2, 2014)

[22] See Notable Observations- July to December 2012, Google Transparency Report, available at http://www.google.com/transparencyreport/removals/government/ (last visited on July 2, 2014) (a 90% increase in Content removal requests by the Indian Government in the last year)

[23] Joji Thomas Philip, Intelligence Bureau wants ISPs to log all customer details, December 30, 2010 http://articles.economictimes.indiatimes.com/2010-12-30/news/27621627_1_online-privacy-internet-protocol-isps (last visited on July 2, 2014)

[24] Deepa Kurup, In the dark about ‘India’s Prism’ June 16, 2013 available at http://www.thehindu.com/sci-tech/technology/in-the-dark-about-indias-prism/article4817903.ece

[25] Saikat Dutta, We, The Eavesdropped May 3, 2010 available at http://www.outlookindia.com/article.aspx?265191 (last visited on July 2, 2014)

For more details visit https://cis-india.org/internet-governance/blog/the-constitutionality-of-indian-surveillance-law

Cyber crimes shoot up 52% in India over last year

praskrishna — 2014-07-03T10:14:26Z

There has been a sharp increase in the incidence of cyber crime in the country. The number of cases registered in 2013 under the IT Act has gone up by 52 per cent to 4,192 as against 2,761 in the previous year.

The article by K.V.Kurmanath was published in the Hindu Businessline on July 2, 2014. Bhairav Acharya gave his inputs.

If you add the cases registered under the IPC, the total number of cyber crime cases crosses the 5,500-mark. Police across the country arrested 3,301 persons in connection with these cases.

Maharashtra and Andhra Pradesh (undivided) have topped the list with 681 and 635 cases respectively under the IT Act, both showing an almost 50 per cent growth in cyber crimes over the previous year. In the previous year, Maharashtra had registered 471 and Andhra Pradesh 429.

Cyber security experts have been cautioning people to be careful while using the Internet. Besides increasing the security of the networks they are using, users must be careful while engaging with strangers.

A recent Microsoft report said many customer infections involve users tricked to install secondary offers, indicating a shift in malware proliferation. According to the latest data provided by the National Crime Records Bureau, the official chronicler of crime in the country, cyber crime registered under the Indian Penal Code (IPC) has shown a much higher growth rate of 122 per cent in 2013 over the previous year’s figure. IPC cases went up to 1,316 in 2013 from 595 in the previous year. Maharashtra topped the list here too with the cops booking 226 cases in this category.

Wrong nomenclature?

Bhairav Acharya of the Centre for Internet and Society feels that the term cyber crime has not been defined well. “It is time we do away with the practice of calling any crime a ‘cyber crime’ just because the person who does it uses a computer,” he said.

“Instead, I think the term ‘cyber crime’ should only be used in relation to offences that can only be committed by using information and communications technology (ICT) such as the internet (which is comprised of the world wide web, email protocols, file transfer protocols, and more) as well as network infrastructure that is not the internet,” he said.

Hence, only if there is a direct causal link between the crime and ICT and network technology should a crime be called a cyber crime, Acharya says.

Other States with a high number of cases booked under the IT Act include Karnataka (513), Kerala (349), Madhya Pradesh (282) and Rajasthan (239). Gujarat showed a decline with the number coming down to 61 from 68 in the previous year.

For more details visit https://cis-india.org/news/the-hindu-business-line-july-2-2014-kv-kurmanath-cyber-crimes-shoot-up-in-india-over-last-year

Implications of post-Snowden Internet localization proposals

praskrishna — 2014-07-03T07:09:25Z

The Ninth Annual Internet Governance Forum (IGF) Meeting will be held in Istanbul, Turkey on 2-5 September 2014. The venue of the meeting is Lütfi Kirdar International Convention and Exhibition Center (ICEC).

Sunil Abraham will be speaking in this workshop organized by Internet Society and Center for Democracy and Technology at the IGF.

Following the 2013-2014 disclosures of large-scale pervasive surveillance of Internet traffic, various proposals to "localize" Internet users' data and change the path that Internet traffic would take have started to emerge.

Examples include mandatory storage of citizens' data within country, mandatory location of servers within country (e.g. Google, Facebook), launching state-run services (e.g. email services), restricted transborder Internet traffic routes, investment in alternate backbone infrastructure (e.g. submarine cables, IXPs), etc.

Localization of data and traffic routing strategies can be powerful tools for improving Internet experience for end-users, especially when done in response to Internet development needs. On the other hand, done uniquely in response to external factors (e.g. foreign surveillance), less optimal choices may be made in reactive moves.

How can we judge between Internet-useful versus Internet-harmful localisation and traffic routing approaches? What are the promises of data localization from the personal, community and business perspectives? What are the potential drawbacks? What are implications for innovation, user choice and the availability of online services in the global economy? What impact might they have on a global and interoperable Internet? What impact (if any) might these proposals have on user trust and expectations of privacy?

The objective of the session is to gather diverse perspectives and experiences to better understand the technical, social and economic implications of these proposals.

Name(s) and stakeholder and organizational affiliation(s) of institutional co-organizer(s)

Organizer:
Nicolas Seidler, Policy advisor
Technical community
Internet Society
Co-organizer:
Matthew Shears
Civil society
Center for Democracy and Technology

Names and affiliations (stakeholder group, organization) of speakers the proposer is planning to invite

Mr. Chris Riley, Senior Policy Engineer, Mozilla Corporation, Private sector (CONFIRMED)
Mr. Jari Arkko, Chair of the Internet Engineering Task Force, Technical community (CONFIRMED)
Mr. Christian Kaufmann, Director Network Architecture at Akamai Technologies, Private sector (CONFIRMED)
Ms. Emma Llanso, Director of Free Expression Project, Center for Democracy and Technology, Civil Society (CONFIRMED)
Mr. Sunil Abraham, Executive Director, Center for Internet and Society, India, Civil Society (CONFIRMED)
Mr. Thomas Schneider, Deputy head of international affairs, Swiss Federal Office of Communication (OFCOM), Government (CONFIRMED)

Name of Moderator(s)

Nicolas Seidler, Policy advisor, Internet Society

Name of Remote Moderator(s)

Konstantinos Komaitis

For more details visit https://cis-india.org/news/igf-2014-session-post-snowden-localisation

Models for Surveillance and Interception of Communications Worldwide

bedaavyasa — 2014-07-10T07:50:08Z

This is an evaluation of laws and practices governing surveillance and interception of communications in 9 countries. The countries evaluated represent a diverse spectrum not only in terms of their global economic standing but also their intrusive surveillance capabilities. The analysis is limited to the procedural standards followed by these countries for authorising surveillance and provisions for resolving interception related disputes.

Sl. No.	Country	Legislation	Model
1.	Australia	Telecommunications (Interceptions and Access) Act, 1979 Governs interception of communications Relevant provisions: S. 3, 7, 6A, 34, 46 Surveillance Devices Act, 2004 Establishes procedure for obtaining warrants and for use of surveillance devices Relevant Provisions: S.13, 14	Authorisation for surveillance is granted in the form of a warrant from a Judge or a nominated member of the Administrative Appeals Tribunal The warrant issuing authority must be satisfied that information obtained through interception shall assist in the investigation of a serious crime The Acts provide a list of prescribed offences for which interception of communication may be authorized The Acts also specify certain federal and state law enforcement agencies that may undertake surveillance
2.	Brazil	Federal Law No. 9,296, 1996: Regulates wiretapping	Authorisation for interception is granted on a Judge’s order for a period of 15 days at a time Interception is only allowed for investigations into serious offences like drug smuggling, corruption murder and kidnapping
3.	Canada	Criminal Code, 1985 Governs general rules of criminal procedure including search and seizure protocols Relevant Provision: §§ 184.2, 184.4	Grants power to intercept communication by obtaining authorisation from a provincial court judge or a judge of the superior court Before granting his authorisation, the judge must be satisfied that either the originator of the communication or the recipient thereof has given his/her consent to the interception Under exceptional circumstances, however, a police officer owing to the exigency of the situation may intercept communication without prior authorisation
4.	France	*Loi d'orientation et de programmation pour la performance de la sécurité intérieure* (LOPPSI 2), 2011: Authorises use of video surveillance and interception of communications Relevant Provisions: Article 36 *Loi de Programmation Militaire* (LPM), 2013: Authorises surveillance for protection of national security and prevention of terrorism	Interception of communication under LOPPSI 2 requires previous authorization from an investigating Judge after consultation with the Public Prosecutor Such authorization is granted for a period of 4 months which is further extendable by another 4 months Interception of communication under LPM does not require prior sanction from an investigating judge and is instead provided by the Prime Minister’s office Information that can be intercepted under LPM includes not only metadata but also content and geolocation services
5.	Germany	Gesetz zur Beschränkung des Brief-, Post und Fernmeldegeheimnisses (G10 Act), 2001 Imposes restrictions on the right to privacy and authorizes surveillance for protecting freedom and democratic order, preventing terrorism and illegal drug trade Relevant Provisions: §3 The German Code of Criminal Procedure (StPO), 2002 Lays down search and seizure protocol and authorizes interception of telecommunications for criminal prosecutions Relevant Provisions: §§ 97, 100a	Authorises warrantless surveillance by specific German agencies like the Bundesnachrichtendienst (Federal Intelligence Service) Lays down procedure that must be followed while undertaking surveillance and intercepting communications Authorises sharing of intercepted intelligence for criminal prosecutions Mandates ex post notification to persons whose privacy has been violated but no judicial remedies are available to such persons The Code of Criminal Procedure authorises interception of communication of a person suspected of being involved in a serious offence only on the order of a court upon application by the public prosecution office
6.	Pakistan	Pakistan Telecommunications Reorganisation Act, 1996: Controls the flow of false and fabricated information and protects national security Relevant Provisions: § 54 Investigation for Fair Trial Act, 2013: Regulates the powers of law enforcement and intelligence agencies regarding covert surveillance and interception of communications Relevant Provisions: §§ 6,7, 8, 9	Authorisation for interception is provided by the federal government. No formal legal structure to monitor surveillance exists Interception can be authorized in the interest of national security and on the apprehension of any offence Requests for filtering and blocking of content are routed through the Inter-Ministerial Committee for the Evaluation of Websites, a confidential regulatory body Under the Fair Trial Act, interception can only be authorised on application to the Fedral Minister for Interior who shall then permit the application to be placed before a High Court Judge The warrant shall be issued by a judge only on his satisfaction that interception will aid in the collection of evidence and that a reasonable threat of the commission of a scheduled offence exists
7.	South Africa	The Regulation of Interception of Communications and Provision of Communication-related Information Act, 2002 Regulates and authorizes monitoring and interception of telecommunications services Relevant Provisions: §§ 16, 22	Warrant for intercepting communications and installing surveillance devices is granted by a designated judge The warrant is issued on satisfaction of the judge that the investigation relates to a serious offence or that the information gathering is vital to public health or safety, national security or compelling national economic interests
8.	United Kingdom	Regulation of Investigatory Powers Act, 2000: Authorises interception of communications and surveillance Relevant Provisions: §§ 5, 6, 65	Authorisation for interception is granted in the form of a warrant by the Secretary of State or in certain special cases by a ‘senior officer’ Communications can be intercepted only it is necessary to do so in the interest of national security or for the purpose of preventing and detecting serious crimes Complaints of alleged illegal surveillance are heard by the Investigatory Powers Tribunal
9.	United States	Electronic Communications Privacy Act, 1986 (Title III, Omnibus Crime Control and Safe Streets Act) Governs authorisation for wiretapping and interception Relevant Provisions: §18	Authorisation for interception can be granted by a district court or federal appeals court on application by a law enforcement officer duly signed by the attorney general Application mandates obtaining the information through a service provider before invading upon individual’s privacy

For more details visit https://cis-india.org/internet-governance/blog/models-for-surveillance-and-interception-of-communications-worldwide

Consultation to Frame Rules under the Whistle Blowers Protection Act, 2011

praskrishna — 2014-07-02T08:03:55Z

The National Campaign for People's Right to Information (NCPRI) and Centre for Communication Governance at National Law University, Delhi (CCG at NLUD) invite you to a consultation to draft rules under the Whistle Blowers Protection Act, 2011.

The consultation will bring together various stakeholders to discuss the initial stages of framing the draft rules for the legislation. It will take place from 10:00 a.m. to 5:00 p.m. on July 5, 2014 at National Law University, Delhi. Bhairav Acharya will be participating in this event.

Click to download:

For more details visit https://cis-india.org/news/consultation-to-frame-rules-under-whistle-blowers-protection-act-2011

ICANN’s Documentary Information Disclosure Policy – I: DIDP Basics

Vinayak Mithal — 2014-07-01T13:01:34Z

In a series of blogposts, Vinayak Mithal analyses ICANN's reactive transparency mechanism, comparing it with freedom of information best practices. In this post, he describes the DIDP and its relevance for the Internet community.

The Internet Corporation for Assigned Names and Numbers (“ICANN”) is a non-profit corporation incorporated in the state of California and vested with the responsibility of managing the DNS root, generic and country-code Top Level Domain name system, allocation of IP addresses and assignment of protocol identifiers. As an internationally organized corporation with its own multi-stakeholder community of Advisory Groups and Supporting Organisations, ICANN is a large and intricately woven governance structure. Necessarily, ICANN undertakes through its Bye-laws that “in performing its functions ICANN shall remain accountable to the Internet community through mechanisms that enhance ICANN’s effectiveness”. While many of its documents, such as its Annual Reports, financial statements and minutes of Board meetings, are public, ICANN has instituted the Documentary Information Disclosure Policy (“DIDP”), which like the RTI in India, is a mechanism through which public is granted access to documents with ICANN which are not otherwise available publicly. It is this policy – the DIDP – that I propose to study.

In a series of blogposts, I propose to introduce the DIDP to unfamiliar ears, and to analyse it against certain freedom of information best practices. Further, I will analyse ICANN’s responsiveness to DIDP requests to test the effectiveness of the policy. However, before I undertake such analysis, it is first good to know what the DIDP is, and how it is crucial to ICANN’s present and future accountability.

What is the DIDP?

One of the core values of the organization as enshrined under Article I Section 4.10 of the Bye-laws note that “in performing its functions ICANN shall remain accountable to the Internet community through mechanisms that enhance ICANN’s effectiveness”. Further, Article III of the ICANN Bye-laws, which sets out the transparency standard required to be maintained by the organization in the preliminary, states - “ICANN and its constituent bodies shall operate to the maximum extent feasible in an open and transparent manner and consistent with procedures designed to ensure fairness”.

Accordingly, ICANN is under an obligation to maintain a publicly accessible website with information relating to its Board meetings, pending policy matters, agendas, budget, annual audit report and other related matters. It is also required to maintain on its website, information about the availability of accountability mechanisms, including reconsideration, independent review, and Ombudsman activities, as well as information about the outcome of specific requests and complaints invoking these mechanisms.

Pursuant to Article III of the ICANN Bye-laws for Transparency, ICANN also adopted the DIDP for disclosure of publicly unavailable documents and publish them over the Internet. This becomes essential in order to safeguard the effectiveness of its international multi-stakeholder operating model and its accountability towards the Internet community. Thereby, upon request made by members of the public, ICANN undertakes to furnish documents that are in possession, custody or control of ICANN and which are not otherwise publicly available, provided it does not fall under any of the defined conditions for non-disclosure. Such information can be requested via an email to didp@icann.org.

Procedure

Upon the receipt of a DIDP request, it is reviewed by the ICANN staff.
Relevant documents are identified and interview of the appropriate staff members is conducted.
The documents so identified are then assessed whether they come under the ambit of the conditions for non-disclosure.
- Yes - A review is conducted as to whether, under the particular circumstances, the public interest in disclosing the documentary information outweighs the harm that may be caused by such disclosure.
- Documents which are considered as responsive and appropriate for public disclosure are posted on the ICANN website.
- In case of request of documents whose publication is appropriate but premature at the time of response then the same is indicated in the response and upon publication thereafter, is notified to the requester.

Time Period and Publication

The response to the DIDP request is prepared by the staff and is made available to the requestor within a period of 30 days of receipt of request via email. The Request and the Response is also posted on the DIDP page http://www.icann.org/en/about/transparency in accordance with the posting guidelines set forth at http://www.icann.org/en/about/transparency/didp.

Conditions for Non-Disclosure

There are certain circumstances under which ICANN may refuse to provide the documents requested by the public. The conditions so identified by ICANN have been categorized under 12 heads and includes internal information, third-party contracts, non-disclosure agreements, drafts of all reports, documents, etc., confidential business information, trade secrets, information protected under attorney-client privilege or any other such privilege, information which relates to the security and stability of the internet, etc.

Moreover, ICANN may refuse to provide information which is not designated under the specified conditions for non-disclosure if in its opinion the harm in disclosing the information outweighs the public interest in disclosing the information. Further, requests for information already available publicly and to create or compile summaries of any documented information may be declined by ICANN.

Grievance Redressal Mechanism

In certain circumstances the requestor might be aggrieved by the response received and so he has a right to appeal any decision of denial of information by ICANN through the Reconsideration Request procedure or the Independent Review procedure established under Section 2 and 3 of Article IV of the ICANN Bye-laws respectively. The application for review is made to the Board which has designated a Board Governance Committee for such reconsideration. The Independent Review is done by an independent third-party of Board actions, which are allegedly inconsistent with the Articles of Incorporation or Bye-laws of ICANN.

Why does the DIDP matter?

The breadth of ICANN’s work and its intimate relationship to the continued functioning of the Internet must be appreciated before our analysis of the DIDP can be of help. ICANN manages registration and operations of generic and country-code Top Level Domains (TLD) in the world. This is a TLD:

(Source: here)

Operation of many gTLDs, such as .com, .biz or .info, is under contract with ICANN and an entity to which such operation is delegated. For instance, Verisign operates the .com Registry. Any organization that wishes to allow others to register new domain names under a gTLD (sub-domains such as ‘benefithealth’ in the above example) must apply to ICANN to be an ICANN-accredited Registrar. GoDaddy, for instance, is one such ICANN-accredited Registrar. Someone like you or me, who wants to get our own website – say, vinayak.com – buys from GoDaddy, which has a contract with ICANN under which it pays periodic sums for registration and renewal of individual domain names. When I buy from an ICANN-accredited Registrar, the Registrar informs the Registry Operator (say, Verisign), who then adds the new domain name (vinayak.com) to its registry list, and then it can be accessed on the Internet.

ICANN’s reach doesn’t stop here, technically. To add a new gTLD, an entity has to apply to ICANN, after which the gTLD has to be added to the root file of the Internet. The root file, which has the list of all TLDs (or all ‘legitimate’ TLDs, some would say), is amended by Verisign under its tripartite contract with the US Government and ICANN, after which Verisign updates the file in its ‘A’ root server. The other 12 root servers use the same root file as the Verisign root server. Effectively, this means that only ICANN-approved TLDs (and all sub-domains such as ‘benefithealth’ or ‘vinayak’) are available across the Internet, on a global scale. Or at least, ICANN-approved TLDs have the most and widest reach. ICANN similarly manages country-code TLDs, such as .in for India, .pk for Pakistan or .uk for the United Kingdom.

All of this leads us to wonder whether the extent of ICANN’s voluntary and reactive transparency is sufficient for an organization of such scale and impact on the Internet, perhaps as much impact as the governments do. In the next post, I will analyse the DIDP’s conditions for non-disclosure of information with certain freedom of information best practices.

Vinayak Mithal is a final year student at the Rajiv Gandhi National University of Law, Punjab. His interests lie in Internet governance and other aspects of tech law, which he hopes to explore during his internship at CIS and beyond. He may be reached at vinayakmithal@gmail.com.

For more details visit https://cis-india.org/internet-governance/blog/icann2019s-documentary-information-disclosure-policy-2013-i-didp-basics

June 2014 Bulletin

praskrishna — 2014-07-14T10:05:11Z

Our newsletter for month of June is below:

Highlights

Nehaa Chaudhari participated in a Stakeholders Consultation organized by the Planning Commission and the Ministry of Human Resource Development in New Delhi, February 21, 2014, on Mapping Institutions of Intellectual Property. She blogged about the outcome in a two-part series. The first part discusses establishment of a National Institute of Intellectual Property Rights and the second part deals with the documents introduced at the Stakeholders’ Consultation for India’s National Programme on Intellectual Property.
For the first time in the history of Indian books, 10 Telugu books by a single author were released under Creative Commons license (CC-BY-SA 3.0). These books will be uploaded on Telugu Wikisource and converted into Unicode (searchable) text. This will ensure that these books are freely read, both online and offline in various formats like PDF, epub, mobi, text, etc. This is a major milestone initiative by CIS-A2K to make the sum of all knowledge in Telugu freely available to all Telugus over the internet.
ICANN published a call for public comments on "Enhancing ICANN Accountability" in the wake of the IANA stewardship transition spearheaded by ICANN and related concerns of ICANN's external and internal accountability mechanisms. CIS submitted its comments.
ICANN sought comments on the existing barriers to Registrar Accreditation and operation and suggestions on how these challenges might be mitigated. CIS sent its comments.
Vodafone, the world’s second largest mobile carrier released a report disclosing to what extent governments can request their customers’ data. Joe Sheehan analyses the report to tell us that if more companies were transparent about the level of government surveillance their customers were being subjected to then the public would press the government for stronger privacy safeguards and protections.

Accessibility and Inclusion

Under a grant from the Hans Foundation we are doing two projects. The first project is on creating a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India. We compiled the National Compendium of Policies, Programmes and Schemes for Persons with Disabilities (29 states and 6 union territories). We will be publishing this soon. The draft chapters along with the quarterly reports can be accessed on the project page. The second project is on developing text-to-speech software for 15 Indian languages. The progress made so far in the project can be accessed here.

NVDA and eSpeak

►Monthly Update

Work Report for June (by Suman Dogra, June 30, 2014).

►Other

Blog Entry

For a Truly Inclusive Consultative Process (by Amba Salelkar, June 25, 2014).

Media Coverage

NISH Website to Help the Disabled (The New Indian Express, June 26, 2014).

Access to Knowledge

As part of the Access to Knowledge programme we are doing two projects. The first one (Pervasive Technologies) under a grant from the International Development Research Centre (IDRC) is for research on the complex interplay between pervasive technologies and intellectual property to support intellectual property norms that encourage the proliferation and development of such technologies as a social good. The second one (Wikipedia) under a grant from the Wikimedia Foundation is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Analysis

Mapping Institutions of Intellectual Property (Part A): India's National Programme on Intellectual Property Management (by Nehaa Chaudhari, June 10, 2014). This discusses establishment of a National Institute of Intellectual Property Rights.
Mapping Institutions of Intellectual Property: Part B — India's National Program on Intellectual Property Management (by Nehaa Chaudhari, June 26, 2014). This deals with the documents introduced at the Stakeholders’ Consultation for India’s National Program on Intellectual Property

►Participation in Event

Yogyakarta Meeting on Open Culture and Critical Making (organized by organized by HONF Foundation, Catec, and r0g, June 12 – 15, 2014). Sharath Chandra Ram was a panelist.

Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

The following were done this month:

►Articles / Blog Entries

Twitter weekly Curation WeAreWikipedia brings one Wikipedian Every Week (by Diptiman Panigrahi, June 16, 2014).
This Twitter Account Puts a Face to the Unsung Volunteer Editors Behind Wikipedia (by Subhashish Panigrahi, Global Voices, June 18, 2014).
Odia Language gets a new Unicode Font Converter (by Subhashish Panigrahi, June 20, 2014).
Ten Telugu Books Re-released Under CC-BY-SA 3.0 License (by Rahmanuddin Shaik, June 22, 2014).

►Events Organized

Kannada Wikipedia Workshop for Kannada Book Lovers (co-organized by Navakarnataka Publications, Bangalore, June 4, 2014). Dr. U.B.Pavanaja conducted the workshop.
Knowledge and Openness in the Digital Era (co-organized by Andhra Loyola College and CIS, Vijaywada, June 24-25, 2014).

►News and Media Coverage
CIS gave its inputs to the following media coverage:

Knowledge and Openness in the Digital Era: Coverage in Sakshi (Sakshi, June 25, 2014).
Knowledge and Openness in the Digital Era: Coverage in Enadu (Enadu, June 25, 2014).
Loyola Faculty Enlightened About Open Edn Resources (The New Indian Express, June 25, 2014).

Internet Governance

Freedom of Expression

As part of our project on Freedom of Expression (funded through a grant from the MacArthur Foundation) to study the restrictions placed on freedom of expression online by the Indian government and contribute to the debates around Internet governance and freedom of expression at forums like ICANN, ITU, IGF, WSIS, etc., we bring you the following outputs:

►Submissions

CIS Comments: Enhancing ICANN Accountability (by Geetha Hariharan, June 10, 2014).
Comments to ICANN Supporting the DNS Industry in Underserved Regions (by Jyoti Panday, June 13, 2014).

►Blog Entries

Free Speech and Contempt of Court: Overview (by Gautam Bhatia, June 8, 2014).
Multi-stakeholder Models of Internet Governance within States: Why, Who & How? (by Geetha Hariharan, June 16, 2014).
UN Human Rights Council Urged to Protect Human Rights Online (by Geetha Hariharan, June 19, 2014).
Free Speech and Source Protection for Journalists (by Gautam Bhatia, June 19, 2014).
WSIS+10 High Level Event: A Bird's Eye Report (by Geetha Hariharan, June 20, 2014).
Understanding IANA Stewardship Transition (by Smarika Kumar, June 22, 2014).
IANA Transition: Suggestions for Process Design (by Smarika Kumar, June 22, 2014).
Free Speech and Civil Defamation (by Gautam Bhatia, June 25, 2014).
CIS Policy Brief: IANA Transition Fundamentals & Suggestions for Process Design (by Geetha Hariharan and Smarika Kumar, June 22, 2014).
An Evidence based Intermediary Liability Policy Framework: Workshop at IGF (by Jyoti Panday, June 30, 2014).

►FOEX Live
We are also posting a selection of news from across India implicating online freedom of expression and use of digital technology: June 8 – 15, 2014 and June 16 – 23, 2014.

Privacy

As part of our Surveillance and Freedom: Global Understandings and Rights Development (SAFEGUARD) project with Privacy International we are engaged in enhancing respect for the right to privacy in developing countries. We have produced the following outputs during the month:

►Blog Entries

A Review of the Functioning of the Cyber Appellate Tribunal and Adjudicatory Officers under the IT Act (by Divij Joshi, June 16, 2014).
Content Removal on Facebook — A Case of Privatised Censorship? (by Jessamine Mathew, June 16, 2014).
Vodafone Report Explains Government Access to Customer Data (by Joe Sheehan, June 16, 2014).

►Event Organized

Privacy and Surveillance Roundtable (co-organized with the Cellular Operators Association of India and the Council for Fair Business Practices, June 28, 2014, IMC Building, Churchgate, Mumbai).

►Participation in Events

Commonwealth Domain Name System Forum 2014 (organized by the CTO, hosted by ICANN, and supported by Nominet and the Public Interest Registry, London, June 19, 2014). Pranesh Prakash was a panelist. Jyoti Panday participated in the event.
Research Advisory Network Meeting (organized by the Global Commission on Internet Governance’s Research Advisory Network, OECD Headquarters, Paris, June 26-27, 2014). Sunil Abraham was a panelist.

►News & Media Coverage

CIS gave its inputs to the following media coverage:

Right to be forgotten poses a legal dilemma in India (by Leslie D' Monte, Livemint, June 5, 2014).
Stay connected even when you go underground (by Sunita Sekhar, The Hindu, June 12, 2014).

Digital Humanities

CIS is building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia:

►Blog Entries

Not a Goodbye; More a ‘Come Again’: Thoughts on being Research Director at a moment of transition (by Nishant Shah, June 15, 2014).
Living in the Archival Moment (by P.P. Sneha, June 19, 2014).

Telecom

CIS is involved in promoting access and accessibility to telecommunications services and resources and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

►Newspaper Column

A Great Start (for the Modi government) (by Shyam Ponappa, Business Standard and Organizing India Blogspot, June 5, 2014).

About CIS

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

► Follow us elsewhere

Twitter: https://twitter.com/CISA2K
Facebook group: https://www.facebook.com/cisa2k
Visit us at: https://meta.wikimedia.org/wiki/India_Access_To_Knowledge
E-mail: a2k@cis-india.org

► Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71

► Request for Collaboration:

We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org. To discuss collaborations on Indic language Wikipedia, write to T. Vishnu Vardhan, Programme Director, A2K, at vishnu@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/june-2014-bulletin

Privacy and Surveillance Roundtable

praskrishna — 2014-06-29T14:50:20Z

The Centre for Internet and Society and the Cellular Operators Association of India invite you to a roundtable at the India International Centre, New Delhi on July 4, 2014.

Background and Context to the Roundtables

In India, lawful interception of communications may be conducted by the state in three ways: firstly, intercepting telephone calls and other telecommunications may take place under powers listed in the Telegraph Act, 1885 and procedure set out in the Telegraph Rules, 1951; secondly, intercepting written communications transmitted through the postal service or by private couriers may occur under the Post Office Act, 1898; and, thirdly, intercepting, de-crypting, and monitoring email messages and other electronic communications may take place under the Information Technology Act, 1950 and two sets of Rules issued in 2008.

The government’s intention to create a Central Monitoring System to automate the existing process of telephone tapping is significant for a number of reasons. It will bypass private telephone service providers; currently the active cooperation of TSPs is required and compelled in order to intercept and monitor a telephone conversation. This creates an extra layer of compliance activity for TSPs which is cumbersome and expensive. Interception orders from the state often do not comply with the procedure required by law. This uncertainty is compounded by the lack of an indemnity for TSPs.

However, while the CMS will release TSPs from legal liability, it will leave the government free to conduct telephone interceptions in absolute secrecy and without a credible system of oversight and checks and balances. Amongst the world’s major democratic countries, India is alone in refusing to overhaul its telephone tapping regime. The legal requirements of probable cause, judicial sanction, and warrant-based interception – which are followed with exceptions in democracies around the world – are not adequately protected in India. The same principles also apply to the interception of postal and electronic communications.

There are several intelligence and police agencies in India that conduct interceptions of communications without central coordination. Previous cases in the Supreme Court of India and a few Indian High Courts reveal many cases of improper and even illegal surveillance. The sheer number of interested state agencies, the concerns of inadequate oversight, the lack of a credible legal regime, the constant leaks of private communications, and the poor legal protection given to TSPs and ISPs must be legally addressed.

Information about the Roundtables

The Privacy and Surveillance Roundtables are a CIS initiative, in partnership with the Cellular Operators Association of India (COAI). From June 2014 – November 2014, CIS and COAI will host seven Privacy and Surveillance Roundtable discussions across multiple cities in India. The Roundtables will be closed-door deliberations involving multiple stakeholders. Through the course of these discussions we aim to deliberate upon the current legal framework for surveillance in India, and discuss possible frameworks for surveillance in India. The provisions of the draft CIS Privacy Bill 2013, the International Principles on the Application of Human Rights to Communication Surveillance, and the Report of the Group of Experts on Privacy will be used as background material and entry points into the discussion. The recommendations and dialogue from each roundtable will be compiled and submitted to the Department of Personnel and training.

The Report of the Group of Experts on Privacy

In January 2012 Justice A.P. Shah formed a committee to create a report of recommendations for privacy legislation in India. The committee met seven times from January 2012 to September 2012. The Report is made up of six chapters and begins by reviewing the international best practices around privacy and the relevant Indian jurisprudence. The Report then recommends nine National Privacy Principles to be adopted by each sector in India. The Nine National Privacy Principles reflect international standards, as well as taking into consideration the Indian context. Along with the National Privacy Principles, the Report lays out a regulatory framework for privacy including privacy commissioners at the regional and national level, self regulating organizations at the industry level, and a system of complaints. Finally the report demonstrates how the National Privacy Principles could be used to harmonize existing legislation and practices.

The Draft CIS Citizens Privacy (Protection) Bill 2013

The Centre for Internet and Society has been researching privacy in India since 2010 with the objective of raising public awareness, completing in depth research, and driving a privacy legislation in India. As part of this work, the Centre for Internet and Society has drafted the Privacy (Protection) Bill 2013. The Citizens Privacy Protection Bill contains provisions that speak to data protection, interception, and surveillance. The Bill also establishes the powers and functions of the privacy commissioner, and lays out offenses and penalties for contravention of the Act. The Bill represents a citizens’ version of a privacy legislation, and will be shared with civil society, industry, and government. It is hoped that the review and revision of the Bill will be a participatory process, and thus comments and feedback to it’s’ provisions will be included as annex’s to the Bill.

The International Principles on the Application of Human Rights to Communication Surveillance

These principles were defined in 2013 in response to rapidly changing technologies and surveillance practices. The principles are the outcome of a global consultation with civil society groups, industry and international experts in communications surveillance law, policy and technology, spearheaded by the Electronic Frontier Foundation US and Privacy International UK. As technologies that facilitate State surveillance of communications advance, States are failing to ensure that laws and regulations related to communications surveillance adhere to international human rights and adequately protect the rights to privacy and freedom of expression. These principles attempt to explain how international human rights law applies in the current digital environment, particularly in light of the increase in and changes to communications surveillance technologies and techniques. These principles can provide civil society groups, industry, States and others with a framework to evaluate whether current or proposed surveillance laws and practices are consistent with human rights.

Tentative Agenda

Time	Detail
10.00 11.00	Introduction
11.00 11.30	Tea
11.30 13.00	Discussion
13.00 14.00	Lunch
14.00 16.00	Discussion
16.00 16.15	Tea

Resources

For more details visit https://cis-india.org/internet-governance/events/privacy-and-surveillance-roundtable-new-delhi

Report on ICANN 50

jyoti — 2014-10-12T05:42:04Z

Jyoti Panday attended ICANN 50 in London from 22-26 June. Below are some of the highlights from the meeting.

From 22- 26 June, ICANN hosted its 50^th meeting in London, the largest congregation of participants, so far. In the wake of the IANA transition announcement, Internet governance was the flavor of the week. ICANN’s transparency and accountability measures emerged as much contested notions as did references to NETmundial. This ICANN meeting clearly demonstrated that questions as to the role of ICANN in internet governance need to be settled.

ATLAS II

Coinciding with ICANN meeting was the 2^nd At-Large Summit, or ATLAS II, bringing together a network of regionally self organized and self supporting At-Large structures, representing individual Internet users throughout the world. The goal of the meeting was to discuss, reach consensus and draft reports around five issues organized around five issues organized around thematic groups of issues of concerns to the At-Large Community.

The subjects for the thematic groups were selected by the representatives of ALSes, each summit participant was allocated to thematic groups according to his/her preferences. The groups included were:

Future of Multistakeholder models
The Globalization of ICANN
Global Internet: The User perspective
ICANN Transparency and Accountability
At-Large Community Engagement in ICANN

Fahad Chehade Five Point Agenda

ICANN President, Mr Chehade in his address to the ICANN community covered five points which he felt were important for ICANN in planning its future role. The first topic was the IANA Stewardship and transition, and he stated that ICANN is committed to being a transparent organization and seeks to be more accountable to the community as the contract with the US government ends. Regarding the IANA transition, he remarked that ICANN had received thousands of comments and proposals regarding the transition of IANA stewardship and understood there would be much more discussion on this subject, and that a coordination group has been proposed of 27 members representing all different stakeholders in order to plot the course forward for IANA transition.

His second topic was about ICANN globalization and hardening of operations. He said that ICANN has about 2-3 years to go before he is comfortable that ICANN operations are where they need to be. He applauded the new service channels which allows customer support in many different languages and time zones, and mentioned local language support that would add to the languages in which ICANN content is currently available. Chehade spent a few minutes discussing the future of WHOIS "Directory" technology and highlighted the initial report that a working group had put together, led by Jean-Francois Poussard.

Next he covered the GDD, the Global Domains Division of ICANN and an update from that division on the New gTLD program. He mentioned the ICANN Auction, the contracts that had been signed, and the number of New gTLDs that had already been delegated to the Root. Internet Governance was Chehade's 4th topic of discussion, he applauded the NETmundial efforts, though he stressed that internet governance is one of the things that ICANN does and it will not be a high priority. He ended his speech with his last point, calling for more harmony within the ICANN community.

High Level Government Meeting

During ICANN London, UK government hosted a high-level meeting, bringing together representatives from governments of the world to discuss Internet Governance and specifically the NTIA transition of the IANA contract. Government representatives recognized that the stewardship of IANA should be a shared responsibility between governments and private sector groups, while other representatives stressed giving governments a stronger voice than other stakeholders. The consensus at the meeting held that the transition should not leave specific governments or interest groups with more control over the Internet, but that governments should have a voice in political issues in Internet Governance.

GAC Communiqué

GAC Communique, is a report drafted by the Governmental Advisory Committee, advising the ICANN board on decisions involving policy and implementation. Highlights from the communiqué include:

The GAC advises the Board regarding the .africa string, saying it would like to see an expedited process, especially once the Independent Review Panel comes to a decision regarding the two applicants for the string. They reaffirm their decision that DotConnectAfrica's application should not proceed.
The GAC mentioned the controversy surrounding .wine and .vin, where some European GAC representatives strongly felt that the applications for these strings should not proceed without proper safeguards for geographic names at the second level. However, the GAC was unable to reach consensus advice regarding this issue and thus did not relay any formal advice to the Board.
The GAC requested safeguards in the New gTLDs for IGO (Inter-Governmental Organization) names at the second level, and specifically related such advice for names relating to Red Cross and Red Crescent.

Civil Society in ICANN and Internet Governance

NCUC, or the Noncommercial Users Constituency www.ncuc.org, voice of civil society in ICANN’s policy processes on generic top level domain names and related matters, as well as other civil society actors from the ICANN community organized a workshop to provide an opportunity for open and vigorous dialogue between public interest advocates who are active both within and outside the ICANN community.

For more details visit https://cis-india.org/internet-governance/blog/report-on-icann-50

PMA Policy and COAI Recommendations

dipankar — 2014-07-02T06:45:22Z

Introduction

The Ministry of Communications and Information Technology on the 10th of February, 2012 released a notification [1] in the Official Gazette outlining the Preferential Market Access [2] Policy for Domestically Manufactured Electronic Goods 2012. The Policy is applicable to procurement of telecom products by Government Ministries/Departments and to such electronics that had been deemed to having security concerns, thus making the policy applicable to private bodies in the latter half. The Notification reasoned that preferential access was to be given to domestically manufactured electronic goods predominantly for security reasons. Each Ministry or Department was to notify the products that had security implications, with reasons, after which the notified agencies would be required to procure the same from domestic manufacturers. This policy was also meant to be applicable to even procurement of electronic goods by Government Ministries/Agencies for Governmental purposes except Defence. Each Ministry would be required to notify its own percentage of such procurement, though it could not be less than 30%, and also had to specify the Value Addition that had to be made to a particular product to qualify it as a domestically manufactured product, with the policy again specifying the minimum standards. The policy was also meant for procurement of electronic hardware as a service from Managed Service Providers (MSPs).

The procurement was to be done as according to the policies of the each procuring agency. The tender was to be apportioned according to the procurement percentage notified and the preference part was to be allotted to the domestic manufacturer at the lowest bid price. If there were no bidders who were domestic manufacturers or if the tender was not severable, then it was to be awarded to the Foreign Manufacturer and the percentage adjusted as against other electronic procurement for that period.

Telecom equipment that qualifies as domestically manufactured telecom products for preferential market access include: encryption and UTM platforms, Core/Edge/Enterprise routers, Managed leased line network equipment, Ethernet Switches, IP based Soft Switches, Media gateways, Wireless/Wireline PABXs, CPE, 2G/3G Modems, Leased-line Modems, Set Top Boxes, SDH/Carrier Ethernet/Packet Optical Transport Eqiupments, DWDN systems, GPON equipments, Digital Cross connects, small size 2G/3G GSM based Base Station Systems, LTE based broadband wireless access systems, Wi-Fi based broadband wireless access systems, microwave radio systems, software defined radio cognitive radio systems, repeaters, IBS, and distributed antenna system, satellite based systems, copper access systems, network management systems, security and surveillance communication systems (video and sensors based), optical fiber cable.

The Policy also mentioned the creation of a self-certification system to declare domestic value addition to the vendor. The checks would be done by the laboratories accredited by the Department of Information Technology. The policy was to be in force for a period of 10 years and any dispute concerning the nature of product was to be referred to the Department of Information Technology.

International and Domestic Response to the Policy

There was a large scale opposition, usually from international sectors, towards the mooting of this policy. Besides business houses, even organizations like those of the United States Trades Representatives criticized the policy as being harmful to the global market and in violation of the World Trade Organization Guidelines.[3] Criticism also poured in from domestic bodies in terms of recommendations towards modification of the policy largely on three grounds: (i) the high domestic value addition requirement and the method of calculation of the same, (ii) the lack of a link between manufacturing and security and (iii) application of the policy to the private sector.

The Cellular Operations Association of India (COAI) in a letter dated March 15, 2012 to the Secretary of the Department Technology and Chairman of the Telecom Commission expressed its views on the telecom manufacturing in the country.[4]The COAI stated that such a development had to be done realistically and holistically so that the whole eco-system was developed as a comprehensive whole. In that regard it also forwarded a study that had been commissioned by COAI and conducted by M/s. Booz and Company titled “Telecom Manufacturing Policy – Developing an Actionable Roadmap”. The report was a comprehensive study of the telecom industry and outlined the challenges and opportunities that lay on its development trajectory. It also talked about Government involvement in the development process. The Report while citing the market share of Indian Telecom Industry which would be around 3% [5] of the Global Market highlighted the fact that no country could be self-sufficient in technology. It further talked about the development of local clusters in order to cut costs and encourage manufacturing, while ensuring that the PMA Policy was consistent with the WTO Guidelines. It further recommended opening up of foreign investments and making capital available to ensure growth of innovation. Finally it highlighted the lack of a connection between manufacturing and security and instead stressed upon proper certification, checks and development of a comprehensive CIIP framework across all sensitive networks for security purposes.

In a further letter to the Joint Secretary of the Department of Information and Technology dated April 25, 2012 the COAI expressed some reservations concerning the draft guidelines that had been published along with the notification.[6] While stressing upon the fact that a higher value addition would be impossible with the lack of basic manufacturing capabilities for the development of technological units, it also highlighted the need to redefine Bill of Materials which had been left ambiguous and subject to exploitation. It further highlighted the fact that allowing every Ministry to make its own specifications would lead to inconsistent definitions and an administrative challenge and hence such matters should be handled by a Central Body. Furthermore it opined that the calculation of BOMs and the Value Additions should be done using the concept of substantial transformation as has been given in the Booz Study. Furthermore, while discouraging the use of disincentives, it stated that one individual Ministry should be in charge of specifying such incentives to avoid confusion and for the sake of ease of business.

In another letter to a Member of the Department of Telecommunications dated July 12, 2012 the COAI stressed upon the futility of having high value additions as the same was impossible under the present scenario.[7] There was a lack of manufacturing sector which had to be comprehensively developed backed by fiscal incentives and comprehensive policies. In spite of that, it stressed that no country could become self-reliant and that such policies, like the PMA, were reminiscent of the “license and permit raj” era. It further said that such policies should be consistent with WTO Guidelines and should not give undue preference to domestic manufacturers to the detriment of other manufacturers. Countering the security aspect, it said that the same had been addressed by the DoT License Amendment of May 31, 2011 whereby all equipments on the network would have to comply with the “Safe to Connect” standard, and stressed upon the lack of any link between manufacturing and security. Furthermore for calculation of Value Addition it suggested an alternative to the method proposed by the Government as the same would lead to disclosures of sensitive commercial information which were contained in the BOMs. The COAI said that the three stages as laid out in the Substantial Transformation (as mentioned in the Booz Study) should be used for calculating the VA. It made several proposals to develop the telecom manufacturing industry in India including provision of fiscal incentives, development of telecom clusters and comprehensive policies which led to harmonization with laws and creation of SEZs among other such benefits.

In October 2012 the Government released a draft notification notifying products due to security consideration in furtherance of the PMA Policy.[8] The document outlined the minimum PMA and VA specification for a range of products. It also stated several security reasons for pursuing such a policy and stated that India had to be completely self-reliant for its active telecom products. It also contained data on the predicted growth of the telecom market in India. The COAI thereafter released a document commenting upon the draft notification of the Government.[9]

Besides highlighting the fact that the COAI still had not received a response to its former comments, it again stressed upon the lack of a link between security and manufacturing. It reiterated its point on the impossibility of a complete self-reliance on any nation’s part, and stressed upon the need of involving other stakeholders in the promulgation of such policies. It also made changes to the notified list of equipments, reclassifying it according to technology and only listing equipments which had volumes. Furthermore it also suggested changes towards the calculation of value addition to include materials sourced from local suppliers, in-house assemblage to be considered local material and the calculation to be done for complete order and not for each item in the order. It further recommended a study be conducted and the industry be involved while predicting demands as such were dated and needed revision. The Government thereafter released a revised notification[10] on October 5, 2012 but it did not contain much of the commented changes that the COAI had proposed.

Thereafter in April 2013, the DeitY released draft guidelines[11] for providing preference to domestically manufactured electronic products in Government Procurement in further of the second part of the PMA Policy. The guidelines besides containing definitions to several terms such as BOM also prescribed a minimum of 20% domestic procurement while leaving the specifications onto individual Ministries. It recommended the establishment of a technical committee by the concerned Ministry or Department that would recommend value addition to products. It followed a BOM based calculation of Value Addition while leaving the matter of certification to be dealt by DeitY certified laboratories that are notified for such purposes by the concerned Ministry/Department. DeitY was the nodal ministry for monitoring the implementation of the policy while particular monitoring was left to each Ministry or Department concerned. Among the annexures were indicative lists of generic and telecom products and a format for Self Certification regarding Domestic Value Addition in an Electronic Product.

The COAI thereafter released a revised draft containing its own comments on April 15, 2013.[12] The COAI pointed out faults in the definition of BOM. It highlighted the difficulty in splitting R&D according to countries, and also stressed upon the impractical usage of BOM in calculation of value addition as the same was confidential business information. As it had already suggested earlier, it reiterated the usage of the Substantial Transformation process for the calculation of Value Addition. While removing the lists of equipments mentioned, it further pointed out that the disqualification in the format for self-certification would be a very harsh disincentive and would result in driving away manufacturers. It suggested that there should be incentives for compliance instead.

The COAI along with the Association of Unified Telecom Service Providers of India sent a letter dated January 24, 2013 to the Secretary, DoT containing their inputs on Draft List of Security Sensitive Telecom Products for Preferential Market Access (PMA).[13] It again stressed upon the fact that security and manufacturing were not related and that the security aspect had been dealt by the “Safe to Connect” requirement mandated by the DoT License Amendment. It talked of the impossibility of arriving at VA figures until the same is defined to internationally accepted norms. Further it opined that if the Government had security concerns it should consider VA at a network level in the configurations as would be deployed in the network or its segments rather at element or subsystem levels as the latter would leave too many calculations open and the procurement entities will find it very difficult to ensure if they meet the PMA requirement or not. It further stressed upon the need to comply with WTO Guidelines while stressing upon the need to pay heed to certification standards than pursue the unavailable link between manufacturing and security through a PMA Policy. Finally it suggested a grouping of telecom products for the policy based on technology rather than individual products.

Pursuant to a Round Table Conference Organized by the Department of Information and Technology, AUSPI and COAI sent another letter dated April 15, 2013 to the Secretary, Department of Information and Technology.[14] It reiterated several points that both the AUSPI and COAI had been suggesting to the Government on the Telecom Manufacturing Policy. It cited the examples of other manufacturing nations to reiterate the fact that no country could be completely self-reliant in manufacturing electronics and such positions would only lead to creation of an environment that would not be conducive to global business. It further stressed upon the need to change the manner of calculation of VA while highlighting the fact that every Department should notify its list of products having security implications and the list of telecom equipment should be deleted from the draft guidelines being issued by DeitY to ensure better implementation.

A major change came in on July 8, 2013 when the Prime Minister’s Office made a press release withdrawing the PMA policy for review and withholding all the notifications that had been issued in that regard.[15] It said that he revised proposal will incorporate a detailed provision for project / product / sector specific security standards, alternative modes of security certification, and a roadmap for buildup of domestic testing capacity. It further noted that the revised proposal on PMA in the private sector for security related products will not have domestic manufacturing requirements, percentage based or otherwise and that the revised proposal will incorporate a mechanism for a centralised clearing house mechanism for all notifications under the PMA Policy.

The COAI thereafter on November 7, 2013 sent a letter to the DoT containing feedback on the list of items slated for Government procurement.[16] It noted that there were 23 products on which PMA was applicable. It pointed out that there were no local manufacturers for many of the products notified. It also asked the Government to take steps to ensure that fiscal incentives were given to encourage manufacturing sector which was beset by several costs such as landing costs which acted as impediments to its development. It stressed upon the tiered development of the industry needed to ensure that a holistic and comprehensive growth is attained which would result in manufacturing of local products. It requested that the Government "focus on right enablers (incentives, ecosystem, infrastructure, taxation) as the outcome materializes once all of these converge."

The COAI sent a further letter dated November 13, 2013 to the DoT concerning the investment required in the telecom manufacturing industry.[17] It noted the projected required investment of 152bn USD in the telecom sector and that the Government had projected that 92% of the investment would have to come from the Private Sector. COAI, while stressing upon the need of the Government and the Private Industry to work in tandem with each other, suggested that the Government devise methods to attract investments in the telecom sectors from international telecom players and that the Telecom Equipment Manufacturing Council meet to review and revise methods for attracting such investments.

Pursuant to the PMO directive, DeitY released a revised PMA Policy on the 23rd of December, 2014.[18] While there have been a few major changes, not all of recommendations by various bodies have been adhered to.[19] The major changes in the revised policy included the exemption of the private sector from the policy and the removal of PMA Policy to equipments notified for security reasons. The manner of calculation of the domestic value addition has not been changed though there has been a reduction in the percentage of value addition needed to qualify a product as domestic product. Another addition has been of a two-tiered implementation mechanism for the Policy. Tier-I includes a National Planning and Monitoring Council for Electronic Products which would design a 10-year roadmap for the implementation of the policy including notification of the products and subsequent procurement. Under Tier-II, the Ministries and Departments will be issuing notifications specifying products and the technical qualifications of the same, after approval by the Council. The former notifications under the 2012 Policy, including the notification of 23 telecom products by Department of Telecom,[20] are still valid until revised further.[21]

[1]. No. 8(78)/2010-IPHW. Available at http://www.dot.gov.in/sites/default/files/5-10-12.PDF (accessed 03 June, 2014).

[2]. Preferential Market Access

[3]. See The PMA Debate, DataQuest at http://www.dqindia.com/dataquest/feature/191001/the-pma-debate/page/1 (accessed June 2014).

[4]. The letter is available at http://www.coai.com/Uploads/MediaTypes/Documents/letter-to-dit-on-pma-notification.pdf (accessed June, 2014).

[5]. Around $17bn.

[6]. The letter is available at http://www.coai.com/Uploads/MediaTypes/Documents/letter-to-dit-on-pma-notification.pdf (accessed June, 2014).

[7]. The letter is available at http://www.coai.com/Uploads/MediaTypes/Documents/coai-to-dot-on-enhancing-domestic-manufacturing-of-telecom-equipment-bas.pdf (accessed June, 2014).

[8]. The notification no. 18-07/2010-IP can be found at http://www.coai.com/Uploads/MediaTypes/Documents/DoT-draft-notification-on-Policy-for-preference-to-domestically-manufactured-telecom-products-in-procurement-October-2012.pdf (accessed June, 2014).

[9]. The commented COAI draft can be found at http://www.coai.com/Uploads/MediaTypes/Documents/Annexure-1-Comments-on-draft-notification-by-DoT.pdf (accessed June, 2014).

[10]. Available at http://www.coai.com/Uploads/MediaTypes/Documents/dots-notification-on-telecom-equipment-oct-5,-2012.pdf (accessed June, 2014).

[11]. The draft guidelines can be found at http://www.coai.com/Uploads/MediaTypes/Documents/pma_draft-govt-procurement-guidelines-april-2013.pdf (accessed June, 2014).

[12]. The COAI commented draft can be found at http://www.coai.com/Uploads/MediaTypes/Documents/pma-draft-security-guidelines-15-april-2013.pdf (accessed June, 2014).

[13]. The letter can be found at http://www.coai.com/Uploads/MediaTypes/Documents/jac-007-to-dot-on-Januarys-list-of-telecom-products-final.pdf (accessed June, 2014).

[14]. The letter can be found at http://www.coai.com/Uploads/MediaTypes/Documents/jac-to-moc-on-pma.pdf (accessed June, 2014).

[15]. The press release can be found at http://www.coai.com/Uploads/MediaTypes/Documents/pmo-on-pma.pdfhttp://www.coai.com/Uploads/MediaTypes/Documents/pmo-on-pma.pdf (accessed June, 2014).

[16]. The letter can be found at http://www.coai.com/Uploads/MediaTypes/Documents/COAI-letter-to-DoT-on-Feedback-on-List-of-Items-for-Govt-Procurement.pdf (accessed June, 2014).

[17]. The letter can be found at http://www.coai.com/Uploads/MediaTypes/Documents/COAI-letter-to-DoT-on-Investments-Required-(TEMC)-Nov%2013-2013.pdf (accessed June, 2014).

[18]. The Notification No. 33(3)/2013-IPHW can be found at http://deity.gov.in/sites/upload_files/dit/files/Notification_Preference_DMEPs_Govt_%20Proc_23_12_2013.pdf (accessed June, 2014).

[19]. For more information, see http://electronicsb2b.com/policy-corner/revised-preferential-market-access-policy/# (accessed June, 2014).

[20]. The notification has been mentioned and discussed above.

[21]. A list of notifications dealing with electronic products except telecom products can be found on the website of DeitY at http://deity.gov.in/esdm/pma (accessed June, 2014).

For more details visit https://cis-india.org/internet-governance/blog/pma-policy-and-coai-recommendations

IANA Transition: Suggestions for Process Design

Smarika Kumar — 2014-06-22T09:15:21Z

With analysis of community-input and ICANN processes, Smarika Kumar offers concrete suggestions for process design. She urges the Indian government to take a stronger position in matters of IANA transition.

Introduction:

On 14 March 2014, the NTIA of the US Government announced its intention to transition key internet domain name functions to the global multistakeholder community. These key internet domain name functions comprise functions executed by Internet Assigned Numbers Authority (IANA), which is currently contracted to ICANN by the US government. The US Government delineated that the IANA transition proposal must have broad community support and should address the following four principles:

Support and enhance the multistakeholder model;
Maintain the security, stability, and resiliency of the Internet DNS;
Meet the needs and expectation of the global customers and partners of the IANA services; and
Maintain the openness of the Internet.

Additionally, the US Government asked ICANN to convene a multistakeholder process to develop the transition plan for IANA. In April 2014, ICANN issued a Scoping Document for this process which outlined the scope of the process, as well as, what ICANN thinks, should not be a part of the process. In the spirit of ensuring broad community consensus, ICANN issued a Call for Public Input on the Draft Proposal of the Principles, Mechanisms and Process to Develop a Proposal to Transition NTIA’s Stewardship of IANA Functions on 8 April 2014, upon which the Government of India made its submission.

ICANN is currently deliberating the process for the development of a proposal for transition of IANA functions from the US Government to the global multistakeholder community, a step which would have implications for internet users all over the world, including India. The outcome of this process will be a proposal for IANA transition. The Scoping Document and process for development of the proposal are extremely limited and exclusionary, hurried, and works in ways which could potentially further ICANN’s own interests instead of global public interests. Accordingly, the Government of India is recommended take a stand on the following key points concerning the suggested process.

Submissions by the Government of India thus far, have however, failed to comment on the process being initiated by ICANN to develop a proposal for IANA transition. While the actual outcome of the process in form of a proposal for transition is an important issue for deliberation, we hold that it is of immediate importance that the Government of India, along with all governments of the world, pay particular attention to the way ICANN is conducting the process itself to develop the IANA transition proposal. The scrutiny of this process is of immense significance in order to ensure that democratic and representative principles sought by the GoI in internet governance are being upheld within the process of developing the IANA transition proposal. How the governance of the IANA functions will be structured will be an outcome of this process. Therefore if one expects a democratic, representative and transparent governance of IANA functions as the outcome, it is absolutely essential to ensure that the process itself is democratic, representative and transparent.

Issues and Recommendations:

Ensuring adequate representation and democracy of all stakeholders in the process for developing the proposal for IANA transition is essential to ensuring representative and democratic outcomes. Accordingly, one must take note of the following issues and recommendations concerning the process.

Open, inclusive deliberation by global stakeholders must define the Scope of the Process for developing proposal for IANA transition:

The current Scoping Document was issued by ICANN to outline the scope of the process by which the proposal for IANA transition would be deliberated. The Scoping Document was framed unilaterally by ICANN, without involvement of the global stakeholder community, and excluding all governments of the world including USA. Although this concern was voiced by a number of submissions to the Public Call by ICANN on the Draft Proposal, such concern was not reflected in ICANN’s Revised Proposal of 6 June 2014. It merely states that the Scoping Document outlines the “focus of this process.” Such a statement is not enough because the focus as well as the scope of the process needs to be decided in a democratic, unrepresentative and transparent manner by the global stakeholder community, including all governments.

This unilateral approach to outline which aspects of IANA transition should be allowed for discussion, and which aspects should not, itself defeats the multistakeholder principle which ICANN and the US government claim the process is based on. Additionally, global community consensus which the US Govt. hopes for the outcome of such process, cannot be conceivable when the scope of such process is decided in a unilateral and undemocratic manner. Accordingly, the current Scoping Document should be treated only as a draft, and should be made open to public comment and discussion by the global stakeholder community in order that the scope of the process reflects concerns of global stakeholders, and not just of the ICANN or the US Government.

Accountability of ICANN must be linked to IANA Transition within Scope of the Process:

ICANN Accountability must not run merely as a parallel process, since ICANN accountability has direct impact on IANA transition. The current Scoping Document states, “NTIA exercises no operational role in the performance of the IANA functions. Therefore, ICANN’s role as the operator of the IANA functions is not the focus of the transition: it is paramount to maintain the security, stability, and resiliency of the DNS, and uninterrupted service to the affected parties.” However this rationale to exclude ICANN’s role as operator of IANA from the scope of the process is not sound because NTIA does choose to appoint ICANN as the operator of IANA functions, thereby playing a vicarious operational role in the performance of IANA functions.

The explicit exclusion of ICANN’s role as operator of IANA functions from the scope of the process works to serve ICANN’s own interests by preventing discussions on those alternate models where ICANN does not play the operator role. Basically, this presumes that in absence of NTIA stewardship ICANN will control the IANA functions. Such presumption raises disturbing questions regarding ICANN’s accountability as the IANA functions operator. If discussions on ICANN’s role as operator of IANA functions is to be excluded from the process of developing the proposal for IANA transition, it also implies exclusion of discussions regarding ICANN’s accountability as operator of these functions.

Although ICANN announced a process to enhance its accountability on 6 May 2014, this was designed as a separate, parallel process and de-linked from the IANA transition process. As shown, ICANN’s accountability, its role as convenor of IANA transition process, and its role as current and/or potential future operator of IANA functions are intrinsically linked, and must not be discussed in separate, but parallel process. It is recommended that ICANN accountability in the absence of NTIA stewardship, and ICANN’s role as the operator of IANA functions must be included within the Scoping Document as part of the scope of the IANA transition process. This is to ensure that no kind of IANA transition is executed without ensuring ICANN’s accountability as and if as the operator of IANA functions so that democracy and transparency is brought to the governance of IANA functions.

Misuse or appearance of misuse of its convenor role by ICANN to influence outcome of the Process must not be allowed:

ICANN has been designated the convenor role by the US Govt. on basis of its unique position as the current IANA functions contractor and the global co-ordinator for the DNS. However it is this unique position itself which creates a potential for abuse of the process by ICANN. As the current contractor of IANA functions, ICANN has an interest in the outcome of the process being conducive to ICANN. In other words, ICANN prima facie is an interested party in the IANA transition process, which may tend to steer the process towards an outcome favourable to itself. ICANN has already been attempting to set the scope of the process to develop the proposal for IANA transition unilaterally, thus abusing its position as convenor. ICANN has also been trying to separate the discussions on IANA transition and its own accountability by running them as parallel processes, as well as attempting to prevent questions on ICANN’s role as operator of IANA functions by excluding it from the Scoping Document. Such instances provide a strong rationale for defining the limitations of the role of ICANN as convenor.

Although ICANN’s Revised Proposal of 6 June 2014 stating that ICANN will have a neutral role, and the Secretariat will be independent of ICANN staff is welcome, additional safeguards need to be put in place to avoid conflicts of interest or appearance of conflicts of interest. The Revised Proposal itself was unilaterally issued, whereby ICANN incorporated some of the comments made on its Proposed Draft, in the revised Draft, but excluded some others without providing rationale for the same. For instance, comments regarding inclusion of ICANN’s role as the operator of IANA functions within the Scoping Document, were ignored by ICANN in its Revised Proposal.

It is accordingly suggested that ICANN should limit its role to merely facilitating discussions and not extend it to reviewing or commenting on emerging proposals from the process. ICANN should further not compile comments on drafts to create a revised draft at any stage of the process. Additionally, ICANN staff must not be allowed to be a part of any group or committee which facilitates or co-ordinates the discussion regarding IANA transition.

Components of Diversity Principle should be clearly enunciated in the Draft Proposal:

The Diversity Principle was included by ICANN in the Revised Proposal of 6 June 2014 subsequent to submissions by various stakeholders who raised concerns regarding developing world participation, representation and lack of multilingualism in the process. This is laudable. However, past experience with ICANN processes has shown that many representatives from developing countries as well as from stakeholder communities outside of the ICANN community are unable to productively involve themselves in such processes because of lack of multilingualism or unfamiliarity with its way of functioning. This often results in undemocratic, unrepresentative and non-transparent decision-making in such processes.

In such a scenario, merely mentioning diversity as a principle is not adequate to ensure abundant participation by developing countries and non-ICANN community stakeholders in the process. Concrete mechanisms need to be devised to include adequate and fair geographical, gender, multilingual and developing countries’ participation and representation on all levels so that the process is not relegated merely to domination by North American or European entities. Accordingly, all the discussions in the process should be translated into multiple native languages of participants in situ, so that everyone participating in the process can understand what is going on. Adequate time must be given for the discussion issues to be translated and circulated widely amongst all stakeholders of the world, before a decision is taken or a proposal is framed. To concretise its diversity principle, ICANN should also set aside funds and develop a programme with community support for capacity building for stakeholders in developing nations to ensure their fruitful involvement in the process.

The Co-ordination Group must be made representative of the global multistakeholder community:

Currently, the Co-ordination Group includes representatives from ALAC, ASO, ccNSO, GNSO, gTLD registries, GAC, ICC/BASIS, IAB, IETF, ISOC, NRO, RSSAC and SSAC. Most of these representatives belong to the ICANN community, and is not representative of the global multistakeholder community including governments. This is not representative of even a multistakeholder model which the US Govt. has announced for the transition; nor in the multistakeholder participation spirit of NETmundial.

It is recommended that the Co-ordination Group then must be made democratic and representative to include larger global stakeholder community, including Governments, Civil Society, and Academia, with suitably diverse representation across geography, gender and developing nations. Adequate number of seats on the Committee must be granted to each stakeholder so that they can each co-ordinate discussions within their own communities and ensure wider and more inclusive participation.

Framing of the Proposal must allow adequate time:

All stakeholder communities must be permitted adequate time to discuss and develop consensus. Different stakeholder communities have different processes of engagement within their communities, and may take longer to reach a consensus than others. If democracy and inclusiveness are to be respected, then each stakeholder must be allowed enough time to reach a consensus within its own community, unlike the short time given to comment on the Draft Proposal. The process must not be rushed to benefit a few.

Smarika Kumar is a graduate of the National Law Institute University, Bhopal, and a member of the Alternative Law Forum, a collective of lawyers aiming to integrate alternative lawyering with critical research, alternative dispute resolution, pedagogic interventions and sustained legal interventions in social issues. Her areas of interest include interdisciplinary research on the Internet, issues affecting indigenous peoples, eminent domain, traditional knowledge and pedagogy.

For more details visit https://cis-india.org/internet-governance/blog/iana-transition-suggestions-for-process-design

CIS Policy Brief: IANA Transition Fundamentals & Suggestions for Process Design

geetha — 2014-07-08T08:39:41Z

In March 2014, the US government announced that it would transfer oversight of IANA functions to an as-yet-indeterminate global multi-stakeholder body. This policy brief, written by Smarika Kumar and Geetha Hariharan, explains the process concisely.

Short Introduction:

In March 2014, the National Telecommunications and Information Administration (NTIA) announced its intention to transition key Internet domain name functions to the global multi-stakeholder community. Currently, the NTIA oversees coordination and implementation of IANA functions through contractual arrangements with ICANN and Verisign, Inc.

The NTIA will not accept a government-led or inter-governmental organization to steward IANA functions. It requires the IANA transition proposal to have broad community support, and to be in line with the following principles: (1) support and enhance the multi-stakeholder model; (2) maintain the security, stability, and resiliency of the Internet DNS; (3) meet the needs and expectation of the global customers & partners of IANA services; (4) maintain the openness of the Internet.

ICANN was charged with developing a proposal for IANA transition. It initiated a call for public input in April 2014. Lamentably, the scoping document for the transition did not include questions of ICANN’s own accountability and interests in IANA stewardship, including whether it should continue to coordinate the IANA functions. Public Input received in May 2014 revolved around the composition of a Coordination Group, which would oversee IANA transition. Now, ICANN will hold an open session on June 26, 2014 at ICANN-50 to gather community feedback on issues relating to IANA transition, including composition of the Coordination Group.

CIS Policy Brief:

CIS' Brief on IANA Transition Fundamentals explains the process further, and throws light on the Indian government's views. To read the brief, please go here.

Suggestions for Process Design

As convenor of the IANA stewardship transition, ICANN has sought public comments on issues relating to the transition process. We suggest certain principles for open, inclusive and transparent process-design:

Short Introduction:

In March 2014, the US government through National Telecommunications and Information Administration (NTIA) announced its intention to transition key Internet domain name functions (IANA) to the global multi-stakeholder community. The NTIA announcement states that it will not accept a government-led or intergovernmental organization solution to replace its own oversight of IANA functions. The Internet Corporation for Assigned Names and Numbers (ICANN) was charged with developing a Proposal for the transition.

At ICANN-49 in Singapore (March 2014), ICANN rapidly gathered inputs from its community to develop a draft proposal for IANA transition. It then issued a call for public input on the Draft Proposal in April 2014. Some responses were incorporated to create a Revised Proposal, published on June 6, 2014.

Responses had called for transparent composition of an IANA transition Coordination Group, a group comprising representatives of ICANN’s Advisory Committees and Supporting Organizations, as well as Internet governance organizations such as the IAB, IETF and ISOC. Also, ICANN was asked to have a neutral, facilitative role in IANA transition. This is because, as the current IANA functions operator, it has a vested interest in the transition. Tellingly, ICANN’s scoping document for IANA transition did not include questions of its own role as IANA functions operator.

ICANN is currently deliberating the process to develop a Proposal for IANA transition. At ICANN-50, ICANN will hold a governmental high-level meeting and a public discussion on IANA transition, where comments and concerns can be voiced. In addition, discussion in other Internet governance fora is encouraged.

CIS Policy Brief:

CIS' Brief on IANA Transition Principles explains our recommendations for transition process-design. To read the brief, please go here.

For more details visit https://cis-india.org/internet-governance/blog/cis-policy-brief-iana-transition-fundamentals-and-suggestions-for-process-design