We are anonymous, we are legion

New Document on India's Central Monitoring System (CMS) - 2

maria — 2014-01-30T12:40:31Z

For more details visit https://cis-india.org/internet-governance/blog/new-cms-doc-2

New Delhi Expands Curbs on Web Content

praskrishna — 2012-08-24T13:16:22Z

India on Thursday broadened recent efforts to regulate the Internet with moves to block Twitter accounts of some prominent journalists and content from mainstream news organizations, sparking a backlash across social media in the country.

This article by R Jai Krishna and Rumman Ahmed was published in the Wall Street Journal on August 23, 2012. Sunil Abraham is quoted.

Since last week, the government has blocked content that it claims has fueled continuing communal violence in the northeast of the country. That fighting, between Muslim settlers and members of an indigenous group in the state of Assam, has left more than 80 people dead and sent ripples of tension across India.

The government confirms it has blocked around 250 Web pages it says were inciting Muslims to attack northeasterners, including sites carrying doctored photos purporting to show Muslim victims of fighting in Assam. Officials say these images on the sites, coupled with mass SMS phone messages threatening reprisals, have caused panicked northeasterners to flee their homes in a number of large Indian cities.

In recent days, though, the government has quietly widened its offensive, drawing up lists of journalists' Twitter accounts and news stories by local and foreign media organizations to be blocked. The lists, some of which were reviewed by The Wall Street Journal and confirmed by two telecom operators, include Twitter handles of journalists who have been critical of the government and some who have parodied Prime Minister Manmohan Singh.

The government didn't respond to requests for comment.

The government's actions caused an uproar on Twitter, where hashtags such as #GOIBlocks and #Emergency2012 were trending Thursday. "The Emergency" refers to a period in the 1970s when Prime Minister Indira Gandhi cracked down on media freedoms and civil liberties.

"The government's move to block several Twitter handles is a clear case of administrative overreach," said Sunil Abraham, executive director at the Bangalore-based Centre for Internet and Society. "This action means citizens are less likely to believe that the government can use its powers responsibly."

Government officials said Internet curbs are necessary to maintain harmony in a multicultural nation of 1.2 billion people.

Pankaj Pachauri, a spokesman for Mr. Singh, acknowledged the government had asked for Twitter's help to block six accounts that impersonate the prime minister. One of those accounts appeared on the government's lists. Twitter, based in San Francisco, has agreed to review the requests, he said. A Twitter spokeswoman declined to comment. Mr. Pachauri said earlier this week that Indian cyber authorities unilaterally blocked those six accounts.

Those six Twitter accounts faced government scrutiny because they made remarks that could have increased tensions, not because they poked fun at the prime minister, Mr. Pachauri said. "We're all for media freedom and encourage criticism by the media," he added. "But when it comes to inciting trouble between communities then we have to take firm action."

U.S. State Department spokeswoman Victoria Nuland said on Tuesday that "we are always on the side of full freedom of the Internet." She added that "we also always urge the government to maintain its own commitment to human rights, fundamental freedoms, rule of law."

India's Constitution allows restrictions on free speech for a number of reasons, including defense of "the sovereignty and integrity" of the country and in order to maintain "public order, decency or morality." Critics say the government has used the vague framing of the Constitution to clamp down on a widening array of Internet material, threatening India's democratic traditions.

Last year, the government framed new rules that require Internet companies to remove within 36 hours material that falls into a range of subjective categories—for instance, anything "ethnically objectionable," "grossly harmful," "defamatory" or "blasphemous."

India's telecoms minister, Kapil Sibal, in December urged Google Inc., and other Internet companies to screen derogatory material from their sites. The requests came amid anger over content that parodied Mr. Singh and Sonia Gandhi, president of the ruling Congress party, as well as other leading politicians.

"One always wonders if the government is using the garb of hate speech and communalism to…limit political criticism online," said Apar Gupta, a cyberlaw expert at Advani & Co., a Delhi-based law firm.

Google and Facebook executives are facing criminal charges in a New Delhi court for allegedly hosting objectionable material on their sites. If found guilty, the executives could face jail time or fines. The companies have petitioned to have the charges dropped, arguing that they shouldn't be held liable for material posted by users. Both firms have said they will remove material that contravenes their own standards or local laws.

Google, Facebook and Twitter again came under fire from India this week amid violence in Assam. Google and Facebook said Tuesday that they were complying with Indian government requests to remove content. Twitter hasn't commented.

Kanchan Gupta, a columnist who has been a fierce critic of the Congress party-led government, said his Twitter account had been temporarily blocked Wednesday night and Thursday. His name was on the government lists. "They thought they could do this slyly," he said. "They didn't anticipate the backlash on Twitter."

Raghavan Jagannathan, editor in chief of FirstPost.com, an Indian news portal that was on the lists, said some of its stories had been blocked.

"We understand that the government wants to stop the circulation of incendiary material that may inflame passions, but should it be blocking news and opinions on the subject?" he said. "I am not sure the decisions are well-thought-out."

Doha, Qatar-based Al Jazeera, an international cable-news organization, was also on the list. An Al Jazeera spokesman said the company was seeking a response from the government on reports of media restrictions affecting it and other outlets.

The government appeared unmoved. "Every company whether it's a construction company or an entertainment company or a social media company, it has to operate within the laws of the given country," Junior Minister for Communications Sachin Pilot told reporters on Wednesday.

For more details visit https://cis-india.org/news/wsj-com-jai-krishna-and-rumman-ahmed-aug-23-2012-new-delhi-expands-curbs-on-web-content

New Bill to decide on individual’s right to privacy

praskrishna — 2012-02-07T07:19:07Z

A group of experts would identify issues relating to privacy and prepare a report to facilitate authoring the Privacy Bill. Vishwajoy Mukherjee's article was published in Tehelka on 6 February 2012.

American jurist William J Brennan once famously remarked, “If the right to privacy means anything, it is the right of the individual to be free from unwarranted governmental intrusion.” Now the Government of India is on the verge of formulating, for the first time, a Privacy Bill that will lay down a specific framework to adjudicate an individual’s right to privacy.

The Planning Commission has constituted a small group of experts under the chairmanship of Justice A P Shah, former Chief Justice of the Delhi High Court, to identify issues relating to privacy and prepare a paper to facilitate authoring the Privacy Bill. The group will be studying the privacy laws and related bills promulgated by other countries and will also be analysing the impact of various programmes being implemented by the government, from the perspective of their impact on privacy. A detailed report with suggestions and remarks will then be handed to the Planning Commission by 31 March.

In the run-up to the formulation of a new Privacy Bill in India, an All India Privacy Symposium was held on 4 February to discuss aspects of privacy in the context of transparency, national security and internet banking. One of the most vociferous oppositions to the idea of privacy becoming an enshrined right for individuals, has come from those who believe that national security is of paramount importance. “The notion that one has to choose between privacy and national security is a false dichotomy of choice… When the judiciary adjudicates between privacy and surveillance, privacy in almost all cases loses. Especially when the word terrorism is invoked,” said Oxblood Ruffin, a member of the Cult of the Dead Cow, an information security and publishing collective. Speaking at the conference Ruffin stressed on the idea that the State shouldn’t act as a “peeping Tom” but instead respect the “sovereignty of its people.”

One of the more stark examples, in recent years, of the State clamping down on individual rights, such as the right to privacy, on the pretext of national security, is the Patriot Act in America. The Patriot Act was passed in the United States of America in the immediate aftermath of the September 2001 attacks on the twin towers, and allowed the government to scrutinise everything from “suspicious” bank accounts to wire-tapping lines of communication. Menaka Guruswamy, a lawyer at the Supreme Court of India, believes that unlike America, India does not yet have a codified view on privacy. “Privacy is a vast, fragile, and an open space in the Indian justice system,” she told Tehelka.

Though India doesn’t have clearly defined laws dealing with the issue of privacy, it does have certain directives under which surveillance methods such as wire-tapping can be done. Wire-tapping, which is regulated under the Telegraph Act of 1885, saw a major overhaul in a 1996 Supreme Court judgment, which ruled that wire-taps are a "serious invasion of an individual's privacy." The Supreme Court (SC) recognised the fact that the right to privacy is an integral part of the fundamental right to life enshrined under Article 21 of the Constitution, and therefore laid down guidelines defining who can tap phones and under what circumstances. Only the Union Home Secretary, or his counterpart in the states, can issue an order for a tap, and the government is also required to show that the information sought cannot to be obtained through any other means. The SC mandated the development of a high-level committee to review the legality of each wire-tap.

“Interceptions and intrusions by the state have often gone on to help exonerate people who have been falsely accused, so I think it would be unfair to demonise wire-tapping in general. One does have to ensure though, that those who intercept exchanges do not exceed limits,” said a former chief of the Research and Analysis Wing (RAW).

Besides the dimension of privacy versus surveillance, another important aspect which comes under the scanner when privacy laws are discussed is Internet banking. Details of personal bank accounts and other highly sensitive information of individuals have been whizzing around the cyber space with the advent of E-banking. Everything from booking tickets for movies and flights, to transferring money between accounts is happening via computers, and is happening fast. This growing trend has sparked a major debate on how safe is our information on the web, and what can the government do to secure it? In May 2000, the government passed the Information Technology Act, which laid down a set of laws intended to provide a comprehensive regulatory environment for electronic commerce.

The Act also addressed computer crimes such as hacking, damage to computer source code, breach of confidentiality and viewing of pornography and created a Cyber Appellate Tribunal to oversee and adjudicate cyber crimes. However, at the same time, the legislation gave broad discretion to law enforcement authorities through several provisions, such as Section 69, allowing the interception of any information transmitted through a computer resource and mandates that users disclose encryption keys or face a jail sentence up to seven years. Section 80 of the Act allows deputy superintendents of police to conduct searches and seize suspects in public spaces without a warrant.

“Confidentiality between banker and customer is the golden rule of traditional banking, but with the coming of E-banking, banks are using confidentiality as an excuse for not putting out data that shows how vulnerable they are to cyber crimes like hacking,” said N Vijayashankar, an E-business consultant, and a front runner in raising awareness about cyber laws in India. He said, “When framing privacy laws one has to ensure that banks are mandated to disclose data on breach of Internet security. That is the only way to ensure that banks take the necessary steps to secure customer information.” Malavika Jairam, a lawyer who focuses on technology and intellectual property, believes that allowing private participation in what should essentially be a sovereign State function is a dangerous path to tread on. “Tesco, a major retail chain in England, is now into E-banking… There are numerous examples of such private banking entities sharing customer information with insurance policy firms. These details are often used as markers for the kind of premium that will be set for a person,” Jairam said.

With the current pace of technological advancements fast thinning the line between individual privacy and public content, it remains to be seen what kind of privacy laws India will frame to keep up.

The original was published by Tehelka, Malavika Jayaram, a Fellow at CIS is quoted in it.

For more details visit https://cis-india.org/news/new-bill-to-decide-on-individual2019s-right-to-privacy

New Approaches to Information Privacy – Revisiting the Purpose Limitation Principle

amber — 2016-11-09T13:54:28Z

Article on Aadhaar throwing light on privacy and data protection.

This was published in Digital Policy Portal on July 13, 2016.

Introduction

Last year, Mukul Rohatgi, the Attorney General of India, called into question existing jurisprudence of the last 50 years on the constitutional validity of the right to privacy.¹ Mohatgi was rebutting the arguments on privacy made against Aadhaar, the unique identity project initiated and implemented in the country without any legislative mandate.² The question of the right to privacy becomes all the more relevant in the context of events over the last few years—among them, the significant rise in data collection by the state through various e-governance schemes,³ systematic access to personal data by various wings of the state through a host of surveillance and law enforcement initiatives launched in the last decade,⁴ the multifold increase in the number of Indians online, and the ubiquitous collection of personal data by private parties.⁵

These developments have led to a call for a comprehensive privacy legislation in India and the adoption of the National Privacy Principles as laid down by the Expert Committee led by Justice AP Shah.⁶ There are privacy-protection legislation currently in place such as the Information Technology Act, 2000 (IT Act), which was enacted to govern digital content and communication and provide legal recognition to electronic transactions. This legislation has provisions that can safeguard—and dilute—online privacy. At the heart of the data protection provisions in the IT Act lies section 43A and the rules framed under it, i.e., Reasonable security practices and procedures and sensitive personal data information.⁷Section 43A mandates that body corporates who receive, possess, store, deal, or handle any personal data to implement and maintain ‘reasonable security practices’, failing which, they are held liable to compensate those affected. Rules drafted under this provision also mandated a number of data protection obligations on corporations such the need to seek consent before collection, specifying the purposes of data collection, and restricting the use of data to such purposes only. There have been questions raised about the validity of the Section 43A Rules as they seek to do much more than mandate in the parent provisions, Section 43A— requiring entities to maintain reasonable security practices.

Privacy as control?

Even setting aside the issue of legal validity, the kind of data protection framework envisioned by Section 43A rules is proving to be outdated in the context of how data is now being collected and processed. The focus of Section 43 A Rules—as well as that of draft privacy legislations in India⁸—is based on the idea of individual control. Most apt is Alan Westin’s definition of privacy: “the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to other.”⁹ Westin and his followers rely on the normative idea of “informational self- determination”, the notion of a pure, disembodied, and atomistic self, capable of making rational and isolated choices in order to assert complete control over personal information. More and more this has proved to be a fiction especially in a networked society.

Much before the need for governance of information technologies had reached a critical mass in India, Western countries were already dealing with the implications of the use of these technologies on personal data. In 1973, the US Department of Health, Education and Welfare appointed a committee to address this issue, leading to a report called ‘Records, Computers and Rights of Citizens.’¹⁰ The Committee’s mandate was to “explore the impact of computers on record keeping about individuals and, in addition, to inquire into, and make recommendations regarding, the use of the Social Security number.” The Report articulated five principles which were to be the basis of fair information practices: transparency; use limitation; access and correction; data quality; and security. Building upon these principles, the Committee of Ministers of the Organization for Economic Cooperation and Development (OECD) arrived at the Guidelines on the Protection of Privacy and Transborder Flows of Personal Data in 1980.¹¹ These principles— Collection Limitation, Data Quality, Purpose Specification, Use Limitation, Security Safeguards, Openness, Individual Participation and Accountability—are what inform most data protection regulations today including the APEC Framework, the EU Data Protection Directive, and the Section 43A Rules and Justice AP Shah Principles in India.

Fred Cate describes the import of these privacy regimes as such:

“All of these data protection instruments reflect the same approach: tell individuals what data you wish to collect or use, give them a choice, grant them access, secure those data with appropriate technologies and procedures, and be subject to third-party enforcement if you fail to comply with these requirements or individuals’ expressed preferences”¹²

This is in line with Alan Westin’s idea of privacy exercised through individual control. Therefore the focus of these principles is on empowering the individuals to exercise choice, but not on protecting individuals from harmful or unnecessary practices of data collection and processing. The author of this article has earlier written¹³ about the sheer inefficacy of this framework which places the responsibility on individuals. Other scholars like Daniel Solove,¹⁴ Jonathan Obar¹⁵ and Fred Cate¹⁶ have also written about the failure of traditional data protection practices of notice and consent. While these essays dealt with the privacy principles of choice and informed consent, this paper will focus on the principles of purpose limitation.

Purpose Limitation and Impact of Big Data

The principles of purpose limitation or purpose specification seeks to ensure the following four objectives:

Personal information collected and processed should be adequate and relevant to the purposes for which they are processed.
The entities collect, process, disclose, make available, or otherwise use personal information only for the stated purposes.
In case of change in purpose, the data’s subject needs to be informed and their consent has to be obtained.
After personal information has been used in accordance with the identified purpose, it has to be destroyed as per the identified procedures.

The purpose limitation along with the data minimisation principle—which requires that no more data may be processed than is necessary for the stated purpose—aim to limit the use of data to what is agreed to by the data subject. These principles are in direct conflict with new technology which relies on ubiquitous collection and indiscriminate uses of data. The main import of Big Data technologies on the inherent value in data which can be harvested not by the primary purposes of data collection but through various secondary purposes which involve processing of the data repeatedly.¹⁷Further, instead to destroying the data when its purpose has been achieved, the intent is to retain as much data as possible for secondary uses. Importantly, as these secondary uses are of an inherently unanticipated nature, it becomes impossible to account for it at the stage of collection and providing the choice to the data subject.

Followers of the discourse on Big Data would be well aware of its potential impacts on privacy. De-identification techniques to protect the identities of individuals in dataset face a threat from an increase in the amount of data available either publicly or otherwise to a party seeking to reverse-engineer an anonymised dataset to re-identify individuals. ¹⁸ Further, Big Data analytics promise to find patterns and connections that can contribute to the knowledge available to the public to make decisions. What is also likely is that it will lead to revealing insights about people that they would have preferred to keep private.¹⁹In turn, as people become more aware of being constantly profiled by their actions, they will self-regulate and ‘discipline’ their behaviour. This can lead to a chilling effect.²⁰ Meanwhile, Big Data is also fuelling an industry that incentivises businesses to collect more data, as it has a high and growing monetary value. However, Big Data also promises a completely new kind of knowledge that can prove to be revolutionary in fields as diverse as medicine, disaster-management, governance, agriculture, transport, service delivery, and decision-making.²¹ As long as there is a sufficiently large and diverse amount of data, there could be invaluable insights locked in it, accessing which can provide solutions to a number of problems. In light of this, it is important to consider what kind of regulatory framework is most suitable which could facilitate some of the promised benefits of Big Data and at the same time mitigate its potential harm. This, coupled with the fact that the existing data protection principles have, by most accounts, run their course, makes the examination of alternative frameworks even more important. This article will examine some alternate proposals made to the existing framework of purpose limitation below.

Harms-based approach

Some scholars like Fred Cate²² and Daniel Solove²³ have argued that there is a need for the primary focus of data protection law to move from control at the stage of data collection to actual use cases. In his article on the failure of Fair Information Practice Principles,²⁴Cate puts forth a proposal for ‘Consumer Privacy Protection Principles.’ Cate envisions a more interventionist role of the data protection authorities by regulating information flows when required, in order to protect individuals from risky or harmful uses of information. Cate’s attempt is to extend the principles of consumer protection law of prevention and remedy of harms.

In a re-examination of the OECD Privacy Principles, Cate and Viktor Mayer Schöemberger attempt to discard the use of personal data to only purposes specified. They felt that restricting the use of personal to only specified purposes could significantly threaten various research and beneficial uses of Big Data. Instead of articulating a positive obligations of what personal data collected could be used for, they attempt to arrive at a negative obligation of use-cases prevented by law. Their working definition of the Use specification principle broaden the scope of use cases by only preventing use of data “if the use is fraudulent, unlawful, deceptive or discriminatory; society has deemed the use inappropriate through a standard of unfairness; the use is likely to cause unjustified harm to the individual; or the use is over the well-founded objection of the individual, unless necessary to serve an over-riding public interest, or unless required by law.”²⁵

While most standards in the above definition have established understanding in jurisprudence, the concept of unjustifiable harm is what we are interested in. Any theory of harms-based approach goes back to John Stuart Mill’s dictum that the only justifiable purpose to exert power over the will of an individual is to prevent harm to others. Therefore, any regulation that seeks to control or prevent autonomy of individuals (in this case, the ability of individuals to allow data collectors to use their personal data, and the ability of data collectors to do so, without any limitation) must clearly demonstrate the harm to the individuals in question.

Fred Cate articulates the following steps to identify tangible harm and respond to its presence:²⁶

Focus on Use — Actual use of the data should be considered, not mere possession. The assumption is that the collection, possession, or transfer of information do not significantly harm people, rather it is the use of information following such collection, possession, or transfer.
Proportionality — Any regulatory measure must be proportional to the likelihood and severity of the harm identified.
Per se Harmful Uses — Uses which are always harmful must be prohibited by law
Per se not Harmful Uses — If uses can be considered inherently not harmful, they should not be regulated.
Sensitive Uses — In case where the uses are not per se harmful or not harmful, individual consent must be sought for using that data for those purposes.

The proposal by Cate argues for what is called a ‘use based system’, which is extremely popular with American scholars. Under this system, data collection itself is not subject to restrictions; rather, only the use of data is regulated. This argument has great appeal for both businesses who can reduce their overheads significantly if consent obligations are done away with as long as they use the data in ways which are not harmful, as well as critics of the current data protection framework which relies on informed consent. Lokke Moerel explains the philosophy of ‘harms based approach’ or ‘use based system’ in United States by juxtaposing it against the ‘rights based approach’ in Europe.²⁷ In Europe, rights of individuals with regard to processing of their personal data is a fundamental human right and therefore, a precautionary principle is followed with much greater top-down control upon data collection. However, in the United States, there is a far greater reliance on market mechanisms and self-regulating organisations to check inappropriate processing activities, and government intervention is limited to cases where a clear harm is demonstrable.²⁸

Continuing research by the Centre for Information Policy Leadership under its Privacy Risk Framework Project looks at a system of articulating what harms and risks arising from use of collected data. They have arrived a matrix of threats and harms. Threats are categorised as —a) inappropriate use of personal information and b) personal information in the wrong hands. More importantly for our purposes, harms are divided into: a) tangible harms which are physical or economic in nature (bodily harm, loss of liberty, damage to earning power and economic interests); b) intangible harms which can be demonstrated (chilling effects, reputational harm, detriment from surveillance, discrimination and intrusion into private life); and c) societal harm (damage to democratic institutions and loss of social trust).²⁹For any harms-based system, a matrix like above needs to emerge clearly so that regulation can focus on mitigating practices leading to the harms.

Legitimate interests

Lokke Moerel and Corien Prins, in their article “Privacy for Homo Digitalis – Proposal for a new regulatory framework for data protection in the light of Big Data and Internet of Things”³⁰ use the ideal of responsive regulation which considers empirically observable practices and institutions while determining the regulation and enforcement required. They state that current data protection frameworks—which rely on mandating some principles of how data has to be processed—is exercised through merely procedural notification and consent requirements. Further, Moerel and Prins feel that data protection law cannot only involve a consideration of individual interest but also needs to take into account collective interest. Therefore, the test must be a broader assessment than merely the purpose limitation articulating the interests of the parties directly involved, but whether a legitimate interest is achieved.

Legitimate interest has been put forth as an alternative to the purpose limitation. Legitimate is not a new concept and has been a part of the EU Data Protection Directive and also finds a place in the new General Data Protection Regulation. Article 7 (f) of the EU Directive³¹ provided for legitimate interest balanced against the interests or fundamental rights and freedoms of the data subject as the last justifiable reason for use of data. Due to confusion in its interpretation, the Article 29 Working Party, in 2014,³²looked into the role of legitimate interest and arrived at the following factors to determine the presence of a legitimate interest— a) the status of the individual (employee, consumer, patient) and the controller (employer, company in a dominant position, healthcare service); b) the circumstances surrounding the data processing (contract relationship of data subject and processor); c) the legitimate expectations of the individual.

Federico Ferretti has criticised the legitimate interest principle as vague and ambiguous. The balancing of legitimate interest in using the data against fundamental rights and freedoms of the data subject gives the data controllers some degree of flexibility in determining whether data may be processed; however, this also reduces the legal certainty that data subject have of their data not being used for purposes they have not agreed to.³³However, it is this paper’s contention that it is not the intent of the legitimate interest criteria but the lack of consensus on its application which creates an ambiguity. Moerel and Prins articulate a test for using legitimate interest which is cognizant of the need to use data for the purpose of Big Data processing, as well as ensuring that the rights of data subjects are not harmed.

As demonstrated earlier, the processing of data and its underlying purposes have become exceedingly complex and the conventional tool to describe these processes ‘privacy notices’ are too lengthy, too complex and too profuse in numbers to have any meaningful impact.³⁴The idea of information self-determination, as contemplated by Westin in American jurisprudence, is not achieved under the current framework. Moerel and Prins recommend five factors³⁵ as relevant in determining the legitimate interest. Of the five, the following three are relevant to the present discussion:

Collective Interest — A cost-benefit analysis should be conducted, which examines the implications for privacy for the data subjects as well as the society, as a whole.
The nature of the data — Rather than having specific categories of data, the nature of data needs to be assessed contextually to determine legitimate interest.
Contractual relationship and consent not independent grounds — This test has two parts. First, in case of contractual relationship between data subject and data controller: the more specific the contractual relationship, the more restrictions apply to the use of the data. Second, consent does not function as a separate principle which, once satisfied, need not be revisited. The nature of the consent (opportunities made available to data subject, opt in/opt out, and others) will continue to play a role in determining legitimate interest.

Conclusion

Replacing the purpose limitation principles with a use-based system as articulated above poses the danger of allowing governments and the private sector to carry out indiscriminate data collection under the blanket guise that any and all data may be of some use in the future. The harms-based approach has many merits and there is a stark need for more use of risk assessments techniques and privacy impact assessments in data governance. However, it is important that it merely adds to the existing controls imposed at data collection, and not replace them in their entirety. On the other hand, the legitimate interests principle, especially as put forth by Moerel and Prins, is more cognizant of the different factors at play — the inefficacy of existing purpose limitation principles, the need for businesses to use data for purposes unidentified at the stage of collection, and the need to ensure that it is not misused for indiscriminate collection and purposes. However, it also poses a much heavier burden on data controllers to take into account various factors before determining legitimate interest. If legitimate interest has to emerge as a realistic alternative to purpose limitation, there needs to be greater clarity on how data controllers must apply this principle.

Endnotes

Prachi Shrivastava, “Privacy not a fundamental right, argues Mukul Rohatgi for Govt as Govt affidavit says otherwise,” Legally India, Jyly 23, 2015, http://www.legallyindia.com/Constitutional-law/privacy-not-a-fundamental-right-argues-mukul-rohatgi-for-govt-as-govt-affidavit-says-otherwise.
Rebecca Bowe, “Growing Mistrust of India’s Biometric ID Scheme,” Electronic Frontier Foundation, May 4, 2012, https://www.eff.org/deeplinks/2012/05/growing-mistrust-india-biometric-id-scheme.
Lisa Hayes, “Digital India’s Impact on Privacy: Aadhaar numbers, biometrics, and more,” Centre for Democracy and Technology, January 20, 2015, https://cdt.org/blog/digital-indias-impact-on-privacy-aadhaar-numbers-biometrics-and-more/.
“India’s Surveillance State,” Software Freedom Law Centre, http://sflc.in/indias-surveillance-state-our-report-on-communications-surveillance-in-india/.
“Internet Privacy in India,” Centre for Internet and Society, http://cis-india.org/telecom/knowledge-repository-on-internet-access/internet-privacy-in-india.
Vivek Pai, “Indian Government says it is still drafting privacy law, but doesn’t give timelines,” Medianama, May 4, 2016, http://www.medianama.com/2016/05/223-government-privacy-draft-policy/.
Information Technology (Intermediaries Guidelines) Rules, 2011,
http://deity.gov.in/sites/upload_files/dit/files/GSR314E_10511%281%29.pdf.
Discussion Points for the Meeting to be taken by Home Secretary at 2:30 pm on 7-10-11 to discuss the drat Privacy Bill, http://cis-india.org/internet-governance/draft-bill-on-right-to-privacy.
Alan Westin, Privacy and Freedom (New York: Atheneum, 2015).
US Secretary’s Advisory Committee on Automated Personal Data Systems, Records, Computers and the Rights of Citizens, http://www.justice.gov/opcl/docs/rec-com-rights.pdf.
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm
Fred Cate, “The Failure of Information Practice Principles,” in Consumer Protection in the Age of the Information Economy, ed. Jane K. Winn (Burlington: Aldershot, Hants, England, 2006) http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1156972.
Amber Sinha and Scott Mason, “A Critique of Consent in Informational Privacy,” Centre for Internet and Society, January 11, 2016, http://cis-india.org/internet-governance/blog/a-critique-of-consent-in-information-privacy.
Daniel Solove, “Privacy self-management and consent dilemma,” Harvard Law Review 126, (2013): 1880.
Jonathan Obar, “Big Data and the Phantom Public: Walter Lippmann and the fallacy of data privacy self management,” Big Data and Society 2(2), (2015), doi: 10.1177/2053951715608876.
Supra Note 12.
Supra Note 14.
Paul Ohm, “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization” available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006; Arvind Narayanan and Vitaly Shmatikov, “Robust De-anonymization of Large Sparse Datasets” available at https://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf.
D. Hirsch, “That’s Unfair! Or is it? Big Data, Discrimination and the FTC’s Unfairness Authority,” Kentucky Law Journal, Vol. 103, available at: http://www.kentuckylawjournal.org/wp-content/uploads/2015/02/103KyLJ345.pdf
A Marthews and C Tucker, “Government Surveillance and Internet Search Behavior”, available at http://ssrn.com/abstract=2412564; Danah Boyd and Kate Crawford, “Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon”, Information, Communication & Society, Vol. 15, Issue 5, (2012).
Scott Mason, “Benefits and Harms of Big Data”, Centre for Internet and Society, available at http://cis-india.org/internet-governance/blog/benefits-and-harms-of-big-data#_ftn37.
Cate, “The Failure of Information Practice Principles.”
Solove, “Privacy self-management and consent dilemma,” 1882.
Cate, “The Failure of Information Practice Principles.”
Fred Cate and Viktor Schoenberger, “Notice and Consent in a world of Big Data,” International Data Privacy Law 3(2), (2013): 69.
Solove, “Privacy self-management and consent dilemma,” 1883.
Lokke Moerel, “Netherlands: Big Data Protection: How To Make The Draft EU Regulation On Data Protection Future Proof”, Mondaq, March 11. 2014, http://www.mondaq.com/x/298416/data+protection/Big+Data+Protection+How+To+Make+The+Dra%20ft+EU+Regulation+On+Data+Protection+Future+Proof%20al%20Lecture.
Moerel, “Netherlands: Big Data Protection.”
Centre for Information Policy Leadership, “A Risk-based Approach to Privacy: Improving Effectiveness in Practice,” Hunton and Williams LLP, June 19, 2014, https://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/white_paper_1-a_risk_based_approach_to_privacy_improving_effectiveness_in_practice.pdf.
Lokke Moerel and Corien Prins, “Privacy for Homo Digitalis: Proposal for a new regulatory framework for data protection in the light of Big Data and Internet of Things”, Social Science Research Network, May 25, 2016, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2784123.
EU Directive 95/46/EC – The Data Protection Directive, https://www.dataprotection.ie/docs/EU-Directive-95-46-EC-Chapter-2/93.htm.
Article 29 Data Protection Working Party, “Opinion 06/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC,” http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp217_en.pdf.
Frederico Ferretti, “Data protection and the legitimate interest of data controllers: Much ado about nothing or the winter of rights?,” Common Market Law Review 51(2014): 1-26. http://bura.brunel.ac.uk/bitstream/2438/9724/1/Fulltext.pdf.
Sinha and Mason, “A Critique of Consent in Informational Privacy.”
Moerel and Prins, “Privacy for Homo Digitalis.”

For more details visit https://cis-india.org/internet-governance/blog/digital-policy-portal-july-13-2016-new-approaches-to-information-privacy-revisiting-the-purpose-limitation-principle

New $1 Billion RIC Project Casts Doubts on Aadhaar

praskrishna — 2013-04-04T08:28:51Z

The Indian Government is going ahead with a new project dubbed RIC that will effectively undermine the existing UIDAI – Unique Identification Authority of India project and will cost a whopping $1 billion.

This was published in AEG India on March 16, 2013. Sunil Abraham is quoted.

The National Population Register and the Unique Identification Authority of India (UIDAI) are the two organizations which will capture the biometric details of the citizens and will develop the resident identity card (RIC) and create the unique identifier number (UID) popularly known as Aadhar number respectively.

Both the RIC and UID projects are designed to unify the distribution of social and welfare services to the citizens. Sunil Abraham, Executive Director of Centre for Internet and Society India, said that the ID number and the ID smartcard are both different and are not at all complementary as declared by the Indian Government previously.

The ID number and the ID smart card are two completely separate visions. They cannot be mixed up together to make some kind of salad which can be consumed partly, added Abraham.

He said that it was easy for the Indian government to proceed simultaneously with both the projects rather than cancelling the much criticized Aadhaar project.

Minister P. Karunakaran, on March 12 in the Lok Sabha, asked R.P.N. Singh, the Minister of State, to clarify the confusion over the proposed biometric identity card and the UID (Aadhaar number). The government has planned to spend more than US$1 billion to issue the Indian citizens a resident identity card (RIC) which will also feature the Aadhaar number as well.

For more details visit https://cis-india.org/news/aeg-india-march-16-2013-new-dollar-one-billion-ric-project-casts-doubts-on-aadhar

Networks: What You Don’t See is What You (for)Get

nishant — 2014-05-28T09:30:45Z

When I start thinking about DML (digital media and learning) and other such “networks” that I am plugged into, I often get a little confused about what to call them.

The blog entry was originally published in DML Central on April 17, 2014 and mirrored in Hybrid Publishing Lab on May 13, 2014.

Are we an ensemble of actors? A cluster of friends? A conference of scholars? A committee of decision makers? An array of perspectives? A group of associates? A play-list of voices? I do not pose these questions rhetorically, though I do enjoy rhetoric. I want to look at this inability to name collectives and the confusions and ambiguity it produces as central to our conversations around digital thinking. In particular, I want to look at the notion of the network. Because, I am sure, that if we were to go for the most neutralised digital term to characterise this collection that we all weave in and out of, it would have to be the network. We are a network.[1]

But, what does it mean to say that we are a network? The network is a very strange thing. Especially within the realms of the Internet, which, in itself, purports to be a giant network, the network is self-explanatory, self-referential and completely denuded of meaning. A network is benign, and like the digital, that foregrounds the network aesthetic, the network is inscrutable. You cannot really touch a network or name it. You cannot shape it or define it. You can produce momentary snapshots of it, but you can never contain it or limit it. The network cannot be held or materially felt.

And yet, the network touches us. We live within networked societies. We engage in networking – network as a verb. We are a network – network as a noun. We belong to networks – network as a collective. In all these poetic mechanisms of network, there is perhaps the core of what we want to talk about today – the tension between the local and the global and the way in which we will understand the Internet and then the frameworks of governance and policy that surround it.

Let me begin with a genuine question. What predates the network? Because the network is a very new word. The first etymological trace of the network is in 1887, where it was used as a verb, within broadcast and communications models, to talk about an outreach. As in ‘to cover with a network.’ The idea of a network as a noun is older where in the 1550s, the idea of ‘net-like arrangements of threads, wires, etc.’ was first identified as a network. In the second half of the industrial 19th Century, the term network was used for understanding an extended, complex, interlocking system. The idea of network as a set of connected people emerged in the latter half of the 20thCentury. I am pointing at these references to remind us that the ubiquitous presence of the network, as a practice, as a collective, and as a metaphor that seeks to explain the rest of the world around us, is a relatively new phenomenon. And we need to be aware of the fact, that the network, especially as it is understood in computing and digital technologies, is a particular model through which objects, individuals and the transactions between them are imagined.

For anybody who looks at the network itself – especially the digital network that we have accepted as the basis on which everything from social relationships on Facebook to global financial arcs are defined – we know that the network is in a state of crisis.

Networks of crises: The Bangalore North East Exodus

Let me illustrate the multiple ways in which the relationship between networks and crisis has been imagined through a particular story. In August 2012, I woke up one morning to realise that I was living in a city of crisis. Bangalore, which is one of my homes, where the largest preoccupations to date have been about bad roads, stray dogs, and occasionally, the lack of a nightlife, was suddenly a space that people wanted to flee and occupy simultaneously.

Through the technology mediated gossip mill that produced rumours faster than the speed of a digital click, imagination of terror, danger, and material harm found currency. The city suddenly witnessed thousands of people running away from it, heading back to their imagined homelands. It was called the North East exodus, where, following an ethnic-religious clash between two traditionally hostile communities in Assam, there were rumours that the large North East Indian community in Bangalore was going to be attacked by certain Muslim factions at the end of Ramadan.
The media spectacle of the exodus around questions of religion, ethnicity, regionalism and belonging only emphasised the fact that there is a new way of connectedness that we live in – the network society that no longer can be controlled, contained or corrected by official authorities and their voices. Despite a barrage of messages from law enforcement and security authorities, on email, on large screens on the roads, and on our cell phones, there was a growing anxiety and a spiralling information explosion that was producing an imaginary situation of precariousness and bodily harm. For me, this event, was one of the first signalling how to imagine the network society in a crisis, especially when it came to Bangalore, which is supposed to represent the Silicon dreams of an India that is shining brightly. While there is much to be unpacked about the political motivations and the ecologies of fear that our migrant lives in global cities are enshrined in, I want to specifically focus on what the emergence of this network society means.

There is an imagination, especially in cities like Bangalore, of digital technologies as necessarily plugging in larger networks of global information consumption. The idea that technology plugs us into the transnational circuits is so huge that it only tunes us toward an idea of connectedness that is always outward looking, expanding the scope of nation, community and body.

However, the ways in which information was circulating during this phenomenon reminds us that digital networks are also embedded in local practices of living and survival. Most of the time, these networks are so natural and such an integral part of our crucial mechanics of urban life that they appear as habits, without any presence or visibility. In times of crises – perceived or otherwise – these networks make themselves visible, to show that they are also inward looking. But in this production of hyper-visible spectacles, the network works incessantly to make itself invisible.

Which is why, in the case of the North East exodus, the steps leading to the resolution of the crisis, constructed and fuelled by networks is interesting. As government and civil society efforts to control the rumours and panic reached an all-time high and people continued to flee the city, the government eventually went in to regulate the technology itself. There were expert panel discussions about whether the digital technologies are to be blamed for this rumour mill. There was a ban on mass-messaging and there was a cap on the number of messages which could be sent on a day by each mobile phone subscriber. The Information and Broadcast Ministry along with the Information Technologies cell, started monitoring and punishing people for false and inflammatory information.

Network as Crisis: The unexpected visibility of a network

What, then, was the nature of the crisis in this situation? It is a question worth exploring. We would imagine that this crisis was a crisis about the nationwide building of mega-cities filled with immigrant bodies that are not allowed their differences because they all have to be cosmopolitan and mobile bodies. The crisis could have been read as one of neo-liberal flatness in imagining the nation and its fragments, that hides the inherent and historical sites of conflict under the seductive rhetoric of economic development. And yet, when we look at the operationalization of the resolutions, it looked as if the crisis was the appearance and the visibility of the hitherto hidden local networks of information and communication.

In her analysis of networks, Brown University’s Wendy Chun posits that this is why networks are an opaque metaphor. If the function of metaphor is to explain, through familiarity, objects which are new to us, the network as an explanatory paradigm presents a new conundrum. While the network presumes and exteriority that it seeks to present, while the network allows for a subjective interiority of the actor and its decisions, while the network grants visibility and form to the everyday logic of organisation, what the network actually seeks to explain is itself. Or, in less evocative terms, the network is not only the framework through which we analyse, but it is also the object of analyses. Once the network has been deployed as a paradigm through which to understand a crisis, once the network has made itself visible, all our efforts are driven at explaining and strengthening, and almost like digital mothers, comfort the network back into its peaceful existence as infrastructure. We develop better tools to regulate the network. We define new parameters to mine the data more effectively. We develop policies to govern and govern through the network with greater transparency and ease.

Thus, in the case of the North East exodus, instead of addressing the larger issues of conservative parochialism, an increasing backlash by right-wing governments and a growing hostility that emerges from these cities that nobody possesses and nobody belongs to, the efforts were directed at blaming technology as the site where the problem is located and the network as the object that needs to be controlled. What emerged was a series of corrective mechanisms and a set of redundant regulations that controlled the number of text messages that people were able to send per day or policing the Internet for spreading rumours. The entire focus was on information management, as if the reason for the mass exodus of people from the NE Indian states and the sense of fragility that the city had been immersed in, was all due to the pervasive and ubiquitous information gadgets and their ability to proliferate in p2p (peer-to-peer) environments outside of the government’s control. This lack of exteriority to the network is something that very few critical voices have pointed out.

Duncan Watts, the father of network computing, working through the logic of nodes, traffic and edges, has suggested there is a great problem in the ways in which we understand the process of network making. I am paraphrasing his complex mathematical text that explains the production of physical networks – what he calls the small worlds – and pointing out his strong critique about how the social scientists engage with networks. In the social sciences’ imagination of networks, there is a messy exteriority – fuzzy, complex and often not reducible to patterns or basic principles. The network is a distilling of the messy exteriority, a representation of the complex interplay between different objects and actors, and a visual mapping of things as they are. Which is to say, we imagine there is a material reality and the network is a tool by which this reality, or at least parts of this reality, are mapped and represented to us in patterns which can help us understand the true nature of this reality.

Drawing from practices of network modelling and building, Watts proved, that we have the equation wrong. The network is not a representation of reality but the ontology of reality. The network is not about trying to make sense of an exteriority. Instead, the network is an abstract and ideological map that constructs the reality in a particular way. In other words, the network precedes the real, and because of its ability to produce objective, empiricist and reductive principles (constantly filtering out that which is not important to the logic or the logistics of the network design), it then gives us a reality that is produced through the network principles. To make it clear, the network representation is not the derivative of the real but the blue-print of the real. And the real as we access it, through these networked tools, is not the raw and messy real but one that is constructed and shaped by the network in those ways. The network, then, needs to be understood, examined and critiqued, not as something that represents the natural, but something that shapes our understanding of the natural itself.

In the case of the Bangalore North East Exodus, the network and its visibility created a problem for us – and the problem was, that the network, which is supposed to be infrastructure, and hence, by nature invisible, had suddenly become visible. We needed to make sure that it was shamed, blamed, named and tamed so that we can go back to our everyday practices of regulation, governance and policy.

The Intersectional Network

What I want to emphasise, then, is that this binary of local versus the global, or local working in tandem with global, or the quaintly hybridised glocal are not very generative in thinking of policy and politics around the Internet. What we need is to recognise what gets hidden in this debate. What becomes visible when it is not supposed to? What remains invisible beyond all our efforts? And how do we develop a framework that actually moves beyond these binary modes of thinking, where the resolution is either to collapse them or to pretend that they do not exist in the first place? Working with frameworks like the network makes us aware of the ways in which these ideas of the global and the local are constructed and continue to remain the focus of our conversations, making invisible the real questions at hand.

Hence, we need to think of networks, not as spaces of intersection, but in need of intersections. The networks, because of their predatory, expanding nature, and the constant interaction with the edges, often appear as dynamic and inclusive. We need to now think of the networks as in need of intersections – or of intersectional networks. Developing intersections, of temporality, of geography and of contexts are great. But, we need to move one step beyond – and look at the couplings of aspiration, inspiration, autonomy, control, desire, belonging and precariousness that often mark the new digital subjects. And our policies, politics and regulations will have to be tailored to not only stop the person abandoning her life and running to a place of safety, not only stop the rumours within the Information and communication networks, not only create stop-gap measures of curbing the flows of gossip, but to actually account for the human conditions of life and living.

[1]. This post has grown from conversations across three different locations. The first draft of this talk was presented at the Habits of Living Conference, organised by the Centre for Internet & Society and Brown University, in Bangalore. A version of this talk found great inputs from the University of California Humanities Research Institute in Irvine, where I found great ways of sharpening the focus. The responses at the Milton Wolf Seminar at the America Austria Foundation, Austria, to this story, helped in making it more concrete to the challenges that the “network” throws to our digital modes of thinking. I am very glad to be able to put the talk into writing this time, and look forward to more responses.

For more details visit https://cis-india.org/internet-governance/blog/dml-central-april-17-2014-nishant-shah-networks-what-you-dont-see-is-what-you-for-get

Networking? Not working

praskrishna — 2011-04-02T11:12:33Z

Concerns about privacy, wastage of time and trivialized communication are some reasons ‘refuseniks’ are going off sites such as Facebook and MySpace, writes Shreya Ray in Livemint.

Pune-based law student Arjun Khera, 24, broke many a Facebook stalker’s heart in April when he announced his decision to quit the network one fine afternoon on his status message. “Guys, I’m deleting my Facebook account. Please send me all your email and phone details,” he said. Almost immediately, there was an explosion of concern in his notification window. Why was the effervescent and popular part-time actor and full-time Facebook enthusiast committing Facebook suicide? “What happenedddddd?” (sic)
“Everything ok, dude?”

“It was eating into my life,” Khera says. “I was always logged on, always leaving or commenting on status messages, waiting a few minutes to see if there had been any responses to my comments, and comment some more. I didn’t go out for a walk any more, didn’t get photographs developed because I was only too busy seeing them on Facebook.” Khera signed up for his account in July 2007.

Then, it was the one platform through which he could locate and reconnect with all his long-lost friends. He loved the fact that he could have a pictorial chronicle of his life; that he could “compare friends”, find out if indeed he was a glass of wine (and not a pint of beer) and fit a Shakespearean insult to his current mood. “With time, I got tired of those lame quizzes. I got sick of what it was doing to my time. I hated how it trivialized communication,” he says.

Khera is part of a growing cult of social networking “refuseniks”. Although figures for sites such as MySpace, Orkut, Facebook and Twitter show an overall increase, some recent statistics suggest that not everyone wants to socialize this way. According to a study by TechCrunch Europe, the number of visitors to MySpace, UK, halved in just six months, from “just under 10 million at the start of the year to around 5 million as of the end of June 2010”, leading to a round of layoffs at its London office. “It would appear to show a pretty staggering decline,” says the report, released on 6 July.

The privacy factor

Environmental researcher Maddipatla Rajshekhar, 33, alumnus of the University of Sussex, UK, used Facebook to keep in touch with former classmates. On 31 May, however, along with the 30,000-odd people who had had enough of Facebook changing its privacy policies, he quit. “It was getting increasingly intrusive. Its latest feature let me see what some of my friends said on the walls of their friends—(who were) complete strangers to me,” he said.

Although the Quit Facebook group wasn’t a success in numerical terms (30,000 isn’t even close to a drop in the 450-million ocean), it successfully sent a message to Facebook CEO Mark Zuckerberg, who held a press conference in the last week of May on new privacy policies and changes.

A May report brought out by the Pew Centre for Internet and American Life Project (of the Pew Research Centre, Washington, DC) finds that social media plays a “central role” in building one’s online identity. Quite naturally, privacy becomes a big issue. “Many users are learning and refining their approach as they go—changing privacy settings on profiles, customizing who can see certain updates and deleting unwanted information about them that appears online,” says the report. Interestingly, it also finds that young adults are more likely than older users to restrict what information is available and to whom, contrary to popular perception.

The next level

Privacy is not the refuseniks’ only issue, however. What social networking does to actual relationships is another, as Khera notes. Mumbai-based social worker Maya Ganesh, 35, too got tired of the constant blurring between friends and acquaintances, and having to constantly update her “limited” lists. “I regularly ignored friend requests but there were some requests not easy to ignore, especially some work connections. I also wanted a break from all the hectic ‘social activity’ that Facebook is about,” she says of her three-year-old account, which she abandoned in May.

Ganesh had reached what Sunil Abraham, executive director, Center for Internet and Society, Bangalore, refers to as the end of the “hype cycle”. All technology goes through a standard process, says Abraham: People get hooked to it, then get tired of it, and it disappears. “Some tend to be sticky and last longer; the particular advantage of social networking sites like Facebook, Orkut and MySpace is that they bring a critical mass of community to individual users. It’s now difficult for people to get off a network simply because all their friends are on it,” he says.

Conversely, though, he cites Harvard-based social networking researcher Danah Boyd, who says the reducing exclusivity quotient has also put many people off. “Parents getting online also... acts as a self-censorship mechanism,” Abraham adds.

Most of the people who have deleted their accounts are happy with the way their non-virtual life now takes centre stage. Khera enjoys sitting at home and doing nothing; Ganesh says she doesn’t miss being out of the loop. It may take a bit more effort to share holiday photographs or write an email every time you feel the need to connect; but as Rajshekhar says, “Anything for not losing touch, anything for richer conversations.”

Varuni Khosla contributed to this story.

See the original article in livemint.

For more details visit https://cis-india.org/news/networking-not-working

Networking its way to better governance

praskrishna — 2011-04-01T15:13:04Z

New policy to regulate Government presence on social media. This article by Deepa Kurup was published in the Hindu on March 28, 2011.

The official Facebook page of the Karnataka Criminal Investigation Department, “DGPCIDKARNATAKA”, is a string of one-sided comments punctuated with official-ese, or newspaper links of some prominent crime or an article by the officials.

The Twitter account, also started around June 2010, has all of 38 tweets, and barely any interaction with “common” men/women. Started with much fanfare, these are among the very few State Government agencies that took to social media, but haven't taken it beyond mere formalities. On the brighter side, blogs by a few Ministers — most prominently, Higher Education Minister V.S. Acharya and Minister for Law and Parliamentary Affairs S. Suresh Kumar — are lively and even interactive, in spurts. A few government departments too have blogs, but none remarkable.

Though the Indian Government's tryst with social media is fairly new — it took a few Twitter controversies, courtesy former Minister @ShashiTharoor, to make the government sit up and take note — some departments such as IndiaPost, the Delhi Traffic Police, Census India and even the Planning Commission, have been able to take it beyond mere posturing and have interacted with citizens, even tried to solve problems. IndiaPost's Twitter page is a good example of how agencies can engage with stakeholders, at least to an extent.

A draft policy

Twitter recently hit headlines again when foreign secretary Nirupama Sen logged on with an official ID and interacted with Indians stranded in Libya looking to make their way back. All these examples, that have earned these departments accolades, has prompted the Indian Government to come up with a new policy for social media.

The e-governance group of the Department of Information Technology (DIT) held a meeting this week to draw up guidelines to “regulate” Government presence on social media sites.

Speaking to The Hindu, a DIT official said this had been on the Government's agenda because efforts in this direction had been all too scattered, and some of the success stories had convinced them that it could be a good platform for interaction. The official added that the feedback they got on the 12th Planning Commission's Facebook page was seen as a good example of how these tools could be leveraged.

But why regulate at all? Regulating social media use by government officials is imperative mainly to ensure that use of information or data is compliant with existing laws.

Consistency needed

Sunil Abraham, director of the Centre for Internet and Society, a Bangalore-based non-governmental organisation, points out that with no general rules in place, the use of Twitter or Facebook account varies according to the bureaucrats heading the departments. “This cannot be the case as the channel of communication has to be a continuous thing, and the data shared with citizens has to be accurate; which means the same standards need to be applied to online sharing of data as is applied to offline data handling. Departments should also be obliged to back-up online data periodically,” he says.

For instance, a traffic police department announced that citizens could share pictures of traffic rule offenders on Facebook or on its website, to facilitate tracking of offenders. “Such a move could have huge privacy implications, and may also lead to vigilante activism,” warns Mr. Abraham, adding that we need a policy so that all activity, however casual it may seem, is compliant with existing law governing data protection and privacy.

With the Government jumping on to the 2.0 bandwagon (often under pressure like in Mumbai where citizens created a Facebook page for the police forcing them to create a real one), it is time to really make it official. So, while the idea of giving a face to government agencies and pushing for transparency and greater interaction with citizens, standardisation of social media use is indeed the way forward.

Read the original article in the Hindu here

For more details visit https://cis-india.org/news/networking-better-governance

Networked Economies and Gender Action Learning

Admin — 2018-10-02T03:10:02Z

Elonnai Hickok, Sunil Abraham and Ambika Tandon participated in a meeting organized by IDRC for grantees under their networked economies programme to discuss gender-based outputs and development outcomes in their work. The event was held in Ottawa on September 20 - 21, 2018, facilitated by Gender at Work.

Sunil Abraham, Swaraj Paul Barooah and Ambika Tandon also attended a workshop on Gender Action Learning on September 24 - 25, 2018, which discussed strategies to work on gender under a grant for Cyber Policy Centres. Other organizations present at the workshop were Research ICT Africa, Lirne Asia, and Centre Latam Digital at CIDE, Mexico. Gender at Work facilitated this workshop as well, and will be working with all the grantees over a period of 18 months.

For more details visit https://cis-india.org/internet-governance/news/networked-economies-and-gender-action-learning

Network Neutrality Regulation across South Asia: A Roundtable on Aspects of Differential Pricing

praskrishna — 2016-01-17T02:41:13Z

The Centre of Internet and Society (CIS) in association with Observer Research Foundation, and IT For Change in collaboration with the Annenberg School for Communications at the University of Pennsylvania is pleased to announce a roundtable on ‘Network Neutrality Regulation Across South Asia: Aspects of Differential Pricing” that will take place on January 22, 2016 from 11.00 a.m. to 5.00 p.m. at TERI in Bangalore.

Download the Invite

The objective of this roundtable will be to look into the issue of differential pricing in light of TRAI’s recent consultation process, with the specific intention of research building. The network neutrality debate has gained significant momentum in India during the past year, with competing interests of internet service providers, OTTs and the public giving rise to important questions of ICT regulation and policy.

With Facebook looking to expand its zero rated walled garden, Free Basics, into nascent markets, differential pricing is an important point of regulatory policy not just in India, but in jurisdictions across South Asia. These countries have limited connectivity, large consumer potential and low internet penetration which bring to the fore questions of access, diversity, competition and innovation. To this end, the roundtable will seek to address the regulatory and market aspects of differential pricing as well as the impact on rights. Broadly, the roundtable will be forward looking and seek to build future research agendas.

Draft Agenda

11:00 – 11:30	Tea and Registration
11:30 – 12:30	Roundtable 1: Framing the issue: The practice of differential pricing Examples of differential pricing Stakeholder perspectives Competition and market effect of differential pricing Larger social consequences of differential pricing
12:30 – 1:00	Lunch
1:00 – 2:30	Roundtable 2: Regulatory response: Discerning governmental actions Locating public interest Moving from research to action
2:30 – 3:00	Tea
3:00 – 4:30	Roundtable 3: Impact on rights: Access Freedom of expression Privacy Equity and Social Justice
4:30 – 5:00	Discussion and research agenda building

Roundtable Questions:

Roundtable 1: FRAMING THE ISSUE:

What is differential pricing and how does it work? What are the technical components and policy components of differential pricing? What are examples of differential pricing?
What has been the response from different stakeholders to differential pricing schemes? What are the arguments for/against differential pricing?
What could be the market effect of differential pricing?
What are possible larger social impacts of differential pricing?

Roundtable 2: REGULATORY RESPONSE:

How have governments responded to differential pricing? What can these responses tell us about the position of governments?
What are the different components for consideration with developing a regulatory response? What are different forms of regulation for differential pricing?
What type of policy research around differential pricing can drive meaningful action?

Roundtable 3: IMPACT ON RIGHTS:

How does differential pricing impact the right to access, freedom of expression, privacy, and equity and social justice?
Are there ways to mitigate this impact through regulation? Market incentives? Company policy?
What are forms of redress that individuals could seek in the context of differential pricing?

For more details visit https://cis-india.org/internet-governance/events/network-neutrality-regulation-across-south-asia-a-roundtable-on-aspects-of-differential-pricing

Network Disruptions Report by Global Network Initiative

akriti — 2018-06-12T01:31:40Z

Around 70% of all known shutdowns in the world took place in India in 2017. The same year Telecom Authority of India (TRAI) released the “Temporary Suspension of Internet Services” giving State and Central Government officials the power to terminate Internet services as per the guidelines.

The report by Global Network Initiative can be read here.

However S.144 of the Criminal Procedure Code as well Section 5 of the Telegraph Act are still used as legal grounds. The former targets unlawful assembly while the latter gives authorities the right to prevent transmission of messages, applicable to messages sent over the Internet as well. A case in the Gujarat High Court challenging the validity of using S.144 of the CrPC was dismissed essentially stating the Government could use the section to enforce shutdowns to maintain law and order.

The right to Internet has been accepted as a fundamental right by the United Nations and one which, cannot be disassociated from the exercise of freedom of expression and opinion and the right to peaceful assembly. These are rights guaranteed by the Constitution, affirmed in the Universal Declaration of Human Rights and thus should be provided, both, online and offline. Online movements are unpredictable and dynamic making Governments fearful of their lack of control over content hosting websites. Their fear becomes their de facto perception of online services resulting in network shutdowns regardless of the reality on ground.

Given the rising importance of this issue, Global Network Initiative has published a report on such Network Disruptions by Jan Rydzak . A former Google Policy fellow and now a PhD candidate at the University of Arizona, he, conducts research on the nexus between technology and protest. The report, which uses India as a case study calls for more attention on network disruptions, the 'new form of digital repression' and delves into its impact on human rights. Rydzak aims at widening the gambit of affected rights by discussing the civil and political rights of freedom of assembly, right to equality, religious belief and such. These are ramifications not widely discussed so far and helps shine a light on the collateral damage incurred due to these shutdowns. Through a multitude of interviews with various stakeholders, the author brings to forefront the human rights implications of network disruptions on different groups of individuals such as women, immigrants and certain ethnic groups. These dangers are even more when it comes to vulnerable populations and the report does a comprehensive analysis of all of the above.

For more details visit https://cis-india.org/internet-governance/blog/network-disruptions-report-by-global-network-initiative

NETmundial: Tracking Multistakeholder across Contributions

sumandro — 2014-04-25T09:53:37Z

This set of analysis of the contributions submitted to NETmundial 2014 is part of the effort by the Centre for Internet and Society, Bangalore, India, to enable productive discussions of the critical internet governance issues at the meeting and elsewhere.

Created by Sumandro using Google Charts.
Google Terms of Use and Data Policy.
Data compiled by Sumandro and Jyoti.
Download the data .

This scatter plot shows the number of times the word *multistakeholder* (including *multi-stakeholder* and *multistakeholderism*) appears across contributions submitted to NETmundial.

X axis (horizontal) gives the serial number of contributions and Y axis (vertical) gives the number of times the word appears on a contribution.

Click on the types of organisation below the chart to highlight the corresponding organisations on the chart.

The Centre for Internet and Society, Bangalore, India, is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness, and engages in academic research on digital natives and digital humanities.

The visualisations are done by Sumandro Chattapadhyay, based on data compilation and analysis by Jyoti Panday, and with data entry suport from Chandrasekhar.

Built on Bootstrap by Sumandro

All code, content and data is co-owned by the author(s) and Centre for Internet and Society, Bangalore, India, and shared under Creative Commons Attribution-ShareAlike 2.5 India license.

For more details visit https://cis-india.org/internet-governance/blog/net-mundial-tracking-multi-stakeholder-across-contributions

NETmundial Roadmap: Defining the Roles of Stakeholders in Multistakeholderism

jyoti — 2014-04-28T12:51:40Z

NETmundial, one of the most anticipated events in the Internet governance calendar, will see the global community convening at Sao Paolo, with an aim to establish 'strategic guidelines related to the use and development of the Internet in the world.' This post analyses the submissions at NETmundial that focused on Roadmap, towards an understanding of stakeholder roles in relation to specific governance functions and highlighting the political, technical and architectural possibilities that lie ahead.

Introduction

A technically borderless Internet, in a world defined by national boundaries, brings many challenges in its wake. The social, ethical and legal standards of all countries are affected by technical standards and procedures, created by a few global players. This disparity in capacity and opportunities to participate and shape Internet policy, fuelled by Edward Snowden's revelations led to the development of the Global Multi-stakeholder Meeting on the Future of Internet Governance or NETmundial. Set against, an urgent need for interdisciplinary knowledge assessment towards establishing global guiding principles with respect to the technological architecture and the legal framework of the Internet–NETmundial is seen as a critical step in moving towards a global policy framework for Internet Governance (IG). As stakeholder groups from across the world come together to discuss future forms of governance, one of the most widely discussed issues will be that of Multistakeholderism (MSism).

Multistakeholderism

The governance structure of the Multistakeholder model is based on the notion, that stakeholders most impacted by decisions should be involved in the process of decision making. The collaborative multistakeholder spirit has been widely adopted within the Internet Governance fora, with proponents spread across regions and communities involved in the running, management and use of the Internet. So far, MSism has worked well in the coordination of technical networking standards and efforts to set norms and best practices in defined areas, in the realm of technical governance of the Internet. However, the extension of MSism beyond truly voluntary, decentralized and targeted contexts and expanding its applicability, to other substantive areas of Internet Governance is proving a challenge. Beyond defining how the process of policymaking should be undertaken, MSism does not provide any guidance on substantive policy issues of Internet governance. With the increasing impact of Internet technology on human lives and framed against the complexity of issues such as security, access and privacy, the consensus on MSism is further rendered unattainable.

The need for contextualizing the model aside, as with most policy negotiations certain open concepts and words have also prevented agreement and adoption of MSism as the best way forward for IG. One such open and perhaps, the most contentious issue with respect to the legitimacy of MSism in managing Internet functions is the role of stakeholders. A key element of MSism is that decisions will be made by and including all relevant stakeholders. Stakeholder groups are broadly classified to include governments, technical community and academia, private sector and civil society. With each stakeholder representing diverse and often conflicting interests, creating a consensus process that goes beyond a set of rules and practices promising a seat at the negotiation table and is supportive of broad public interest is a challenging task that needs urgent addressing.

This post aims to add to the discourse on defining the role and scope of stakeholders' decision-making powers, towards a better understanding of the term "in their respective role". Addressing the complexity of functions in managing and running the Internet and the diversity of stakeholders that are affected and hence should be included in decision making, I have limited the scope of my analysis to cover three broad internet management functions:

Technical: Issues related to infrastructure and the management of critical Internet resources
Policy: Issues relating to the developmental aspects, capacity building, bridging digital divide, human rights
Implementation: Issues relating to the use of the Internet including jurisdictional law, legislation spam, network security and cybercrime

While this may be an oversimplification of complex and interconnected layers of management and coordination, in my opinion, broad categorisation of issues is necessary, if not an ideal starting point for the purpose of this analysis. I have considered only the submissions categorised under the theme of Roadmap, seeking commonalities across stakeholder groups and regions on the role of stakeholders and their participation in the three broad functions of technology, policy and implementation.

Towards a definition of respective roles: Analysis NETmundial submissions on Roadmap

There were a total of 44 submissions specific to Roadmap with civil society (20) contributing more than any other group including academia (7), government (4), technical community (5), private sector (3) and other (5). MSism sees support across most stakeholder groups and many submissions highlight or agree on participation and inclusion in decision making processes.

Regionally, submissions from North (24) were dominated by USA (10) with contributions cutting across academia (4), civil society (2), technical community (2) and other (2). Brazil (5) contributed the most to submissions from South (15), followed by Argentina (3). The submissions were consistent with the gender disparity prevalent in the larger technology community with only 12 females contributing submissions. An overwhelming number of submissions (38), thought that the multistakeholder (MS) model needs further definition or improvements, however, suggestions on how best to achieve this varied widely across stakeholders and regional boundaries. Only 16 submissions referenced or suggested Internet Governance Forum (IGF) in its present capacity or with an expanded policy role as a mechanism of implementing MSism on the Internet.

Many submissions referred to issues related to the management of critical internet resources (CIRs), the role of ICANN and US oversight of IANA functions. A total of 11 submissions referred to or specified governance processes with respect to technical functions and issues related to critical resources with civil society (5) and academia (3) contributing the most. In an area that perhaps has the most direct relevance to their work, the technical community was conspicuous with just two submissions making any concrete recommendations. The European Commission was the only governmental organisation that addressed this issue, recommending an expansion of the role of IGF. There were no specific recommendations from the private sector.

The suggestions on oversight and decision making mechanism were most conflicted for this category of Internet functions and included:

setting up a technical advisory group, positioned within a new intergovernmental body World Internet Organization (WIO) framework;
splitting IANA functions into protocol parameters, that Internet Engineering Task Force (IETF) will be responsible for and IP address-related functions retained by ICANN
expanding the role of IGF, possibly creating an IGF Secretariat
expanding the role of Government Advisory Committee (GAC) to mainstream government representatives participation within supporting organisations, in particular the Generic Name Supporting Organisation (GNRO)
expanding the role of private sector
expanding the role of ICANN with multistakeholder values
expanding the role of all stakeholders
implementing changes that do not necessarily require legislative acts or similar hard law approaches and implementation does not necessitate international treaties or intergovernmental structures
establishing a new non-profit corporation DNS Authority (DNSA) combining the IANA Functions and the Root Zone Maintainer roles in
improving transparency and accountability of current bodies managing CIRs

16 submissions referred to issues related to policy development and implementation including developmental aspects, capacity building, bridging digital divide and human rights. All submissions called for a reform or further definition of MSism and included recommendations from civil society (5), academia (4), technical community (2), governments (2), private sector (1) and Other (2). All stakeholder groups across regions, unanimously agreed that all stakeholders within their respective role should have a role in decision making and within public policy functions. There was however, no broad consensus on the best way to achieve this.

Specific recommendations and views captured on who should be involved in policy related decision making and what possible frameworks could be developed included:

improving existing intergovernmental organizations
creating Internet Ad Hoc Group
modularization of ICANN’s functions
creating a stewardship group IETF, ICANN and the RIRs
creating an independent IANA as an International NGO with host country agreements governed by its MOUs-defined by the IANA Stewardship Group prior to the signing of MOUs with IANA Partners
creating a 'new body' to develop international level public policies in concerned areas; seek appropriate harmonization of national level policies; and facilitate required treaties, conventions and agreements
responsibility of the definition of these policies rests within the States as an inalienable right
continuity of bottom-up oversight enables a better view of an organization and thus better accountability as government oversight will destroy multistakeholder character
evolving global governance norms that separate DNS maintenance from policies on TLDs, as well as public policies that intersect with nations’ rights to make them
policy makers incrementally develop formal and informal relationships
dealing with conflict of interest and ensuring pluralism
full multi-stakeholder framework including possible establishment of Working Groups where all parties concerned are represented

18 submissions referred to issues related to the implementation of standards including issues relating to the use of the Internet including jurisdiction, law, legislation, spam, network security and cybercrime. All submissions called for a reform or further definition of MSism values and included recommendations from civil society (8), academia (3), technical community (3), governments (2), private sector (1) and other (1). Stakeholders from academia (5), civil society (3) and government (1) collectively called for the reform of ICANN guided by multistakeholder values, but did not specify how this reform would be achieved.

Specific recommendations on the improvements of institutional frameworks and arrangements for issues related to implementation of standards included:

establishment of double system of arbitrage/settlement placed under World Internet Forum (WIF) scrutiny and under the neutral oversight and arbitrage of the UN general secretariat
new legal instruments in establishing MS model need to be adopted
establishment of the Internet Technical Oversight and Advisory Board (ITOAB) replace the US government's current oversight role
multilateral frameworks with oversight role of governments

In summation, the classification of Internet functions discussed above, presents a very broad view of complex, dynamic and often, interrelated relationships amongst stakeholder groups. However, even within these very broad categories there are various interpretations of how MSism should evolve.

To come back to the very beginning of this post, NETmundial is an important step towards a global policy framework for Internet governance. This is the first meeting outside formal processes and it is difficult to know what to expect, partly as the expectations are not clear and range widely across stakeholders. Whatever the outcome, NETmundial's real contribution to Internet Governance has been sparking anew, the discourse on multistakeholderism and its application on the Internet through the creation of a spontaneous order amongst diverse actors and providing a common platform for divergent views to come together.

For more details visit https://cis-india.org/internet-governance/blog/net-mundial-roadmap-defining-roles-of-stakeholders-in-multistakeholderism

NETmundial Day 2

achal — 2014-04-25T04:58:26Z

Fadi Chehade, the ICANN boss, closed NETmundial 2014 with these words "In Africa we say if you want to go first, go alone, but if you want to go far, go together." He should have added: And if you want to go nowhere, go multi-stakeholder.

For all the talk of an inclusive global meeting, there was exactly one governmental submission from the African continent, and it was from Tunisia; and the overall rate of submissions from Africa and West Asia were generally very low.

The outcome document perfectly reflects the gloss that the "multi-stakeholder" model was designed to achieve: an outcome that is celebrated by businesses (and by all embedded institutions like ICANN) for being harmless, met with relief by governments for not upsetting the status quo, all of it lit up in the holy glow of "consensus" from civil society.

Of course there was no consensus. Civil society groups who organised on Day 0 put up their position: the shocking omission of a strong case for net neutrality, ambiguous language on surveillance, weak defences of free expression and privacy. All valid points. But it's striking that civil society takes such a pliant position towards authority: other than exactly two spirited protests (one against the data retention in Marco Civil, and the other against the NSA's mass surveillance program) there was no confrontation, no provocation, no passionate action that would give civil society the force it needs to win. If we were to compare this to other international struggles, the gay rights battle, or its successor, the AIDS medicines movement, for instance - what a difference there is. People fought to crush with powerful, forceful action. Only after huge victories with public and media sympathy, and only after turning themselves into equals of the corporations and governments they were fighting, did they allow themselves to sit down at the table and negotiate nicely. Internet governance fora are marked by politeness and passivity, and perhaps - however sad - it's no wonder that the least powerful groups in these fora always come away disappointed.

It's also surprising that there is no language in the outcome document that explicitly addresses the censorious threat posed by the global expansion of a sovereign application of copyright, as seen most vividly in the proposed SOPA/PIPA legislation in the United States. The outcome document has language that seems to more or less reflect the civil society proposal, and it's possible that a generous interpretation of the language could mean that it opposes the selective, restrictive and damaging application of what the intellectual property industries want to accomplish on the Internet. But it's puzzling that the language isn't stronger or more explicit, and even more puzzling that civil society doesn't seem to want to fight for such language.

This seems like an appropriate time to end the multi-stakeholder diaries. Hasn't the word been used enough? Here is one last instalment. We thank the kind folks who gave us their time.

Q: What does "multi-stakeholder" mean? What is "multi-stakeholderism"?

A large part of the discourse prior to the NETmundial conference has been centered around the issue of what is the best structural system to regulate a global network – this has commonly been portrayed as a choice between a multistakeholder system – which broadly speaking, aims to place ‘all stakeholders’ on equal footing – against multilateralism – a recognized concept in International law / the Comity of Nation States, where a nation state is recognized as the representative of its citizens, making decisions on their behalf and in their interests.

In our opinion, the issue is not about the dichotomy between multilateralism and multistakeholderism; it is about what functions or issues can legitimately be dealt with through each of the processes in terms of adequately protecting civil liberties and other public interest principles – including the appropriate enforcement of norms. For instance, how do you deal with something like cyber warfare without the consent of states? Similarly, how do we address regulatory issues such as determining (and possibly subsidizing) costs of access, or indeed to protect a right of a country against unilateral disconnection?

.....The crux of the matter rests in deciding which is the best governance ‘basket’ to include a particular issue within – taken from both a substantive and enforcement perspective. The challenge is trying to demarcate issues to ensure that each is dealt with effectively by placing it in an appropriate bucket. (The full post can be accessed here).
Rishab Bailey from the Society for Knowledge Commons (India)

If I would have signed the campaign http://wepromise.eu as a candidate to the European Parliament I would have made it an election promise to defend "the principle of multistakeholderism".

That means that I "support free, open, bottom-up, and multi-stakeholder models of coordinating the Internet resources and standards - names, numbers, addresses etc" and that I "support measures which seek to ensure the capacity of representative civil society to participate in multi-stakeholder forums." Further, I "oppose any attempts by corporate, governmental or intergovernmental agencies to take control of Internet governance."

My very rudimentary personal view is basically that it's a bad idea to institutionalise conflicting competences.
Erik Josefsson, Adviser on Internet policies for the Greens/EFA group in the European Parliament

And so it ends.

For more details visit https://cis-india.org/internet-governance/blog/net-mundial-day-2

NETmundial Day 1

achal — 2014-04-24T09:02:49Z

Brazilian President Dilma Rousseff's speech at the opening of NETmundial in São Paulo was refreshingly free of the UN-speak that characterised virtually every single other presentation this morning. The experience of sitting for five hours in a room where the word "multi-stakeholder" is repeated at the rate of five mentions per minute is not for the faint-hearted; it almost makes you wish for more of the straight-talking tough-love of people like Swedish Foreign Minister Carl Bildt.

Surveillance was mentioned by a few brave souls. Two peaceful, silent - and rather effective - protests broke out during the opening speeches; one, against the data retention clause in Brazil's otherwise path-breaking and brand-new law for civil rights on the Internet, Marco Civil, and another for honouring US NSA whistleblower Edward Snowden and urging action against surveillance. Sadly for Brazilian civil society, the Marco Civil protestations went unheard, and Rousseff signed the bill into law in full.

There were lots of speeches. Lots. If you missed them, here's a handy visualisation you can use to catch up quickly: just add some prepositions and conjunctions, and you'll have a perfectly anodyne and universally acceptable bureaucrat/politician keynote address.

The afternoon was given over to assimilating previously received comments on the outcome document and adding new ones from people in the room. Much contention, much continuity, lots of hard work, lots of nitpicking (some of it even useful) and lots of ambiguity; after more consultation - the slog goes on until tomorrow afternoon - the outcome document will be laid to rest. Lunch was excellent: there's a reason the Grand Hyatt São Paulo costs as much as it does.

Our quest to plumb the depths of multi-stakeholderism continued: we thank the kind folks who gave us their time and allowed us to record them.

Q: What does "multi-stakeholder" mean? What is "multi-stakeholderism"?

Multi-stakeholderism to me is the ability to engage with every stakeholder and have them in the room, and have them understand that it is not an equal opportunity for all. I also understand that civil society and academia will never be at the same place as business, which has far more resources, or governments, which have the sovereign right to make laws, or even the technical community, which is often missing from the policy dialogue. There are three things which are important to me: (1) Will I be able to make interventions not just in the dialogue but in the decision making process? For me, that is key. (2) Do I have recourse in a process which might be multilateral or inter-governmental - do I have recourse when international treaties are ratified or signed, because they become binding national laws? and (3) What is it that happens to dissent in a process that is not multi-stakeholder? I think even the ITU (the International Telecommunications Union) has taken cognizance of multi-stakeholderism. So it's not new, but it's also not old or accepted, which is why we contest it. We will never have equal stakeholders. And who gets to represent the stakeholder communities? I don't think power imbalances get resolved, and I think it's a deeply flawed process. It's not perfect. But what worries me is the alternative. So give me a better alternative.
Subi Chaturvedi, Media for Change/ Lady Shriram College (India)

Simply put, multi means many components, and stakeholders are people who have the stakes. So multi-stakeholder means many people who are informed to take the process forward. The process is still on: it's evolving. The idea is that everyone who has an interest should bring it forward, and the dialogue must be balanced. Proof of concept is important - it's not about taking a dogmatic position but a scientific position. Business is concerned about the justification around return on investment.
Jimson Olufuye, Africa ICT Alliance (Nigeria)

Everyone who has a stake in the use and operation of the Internet should have a stake in the way it is managed. I think we shouldn't be considering this as a power game - it's not winner takes all. Decision making should be as much as possible consensual, where no one has a veto power.
Getachew Engida, Deputy Director-General, UNESCO (France)

It is very simple. I think people are complicating matters. It's not a power game. The Internet is fundamentally a global network of interconnected computers. People have become not only consumers of information but providers of information, so the stakes in the media/ICT world are massive. Unprecedented. Therefore, around major issues confronting the Internet, decision making should be as participatory as possible.
Indrajit Banerjee, Director, UNESCO (France)

Additional Links

Watch Brazilian President Dilma Rousseff's speech at the opening of NETmundial
Follow Swedish foreign minister Carl Bildt on Twitter

For more details visit https://cis-india.org/internet-governance/blog/net-mundial-day-1

We are anonymous, we are legion

New Document on India's Central Monitoring System (CMS) - 2

New Delhi Expands Curbs on Web Content

New Bill to decide on individual’s right to privacy

New Approaches to Information Privacy – Revisiting the Purpose Limitation Principle

Introduction

Privacy as control?

Purpose Limitation and Impact of Big Data

Harms-based approach

Legitimate interests

Conclusion

Endnotes

New $1 Billion RIC Project Casts Doubts on Aadhaar

Networks: What You Don’t See is What You (for)Get

Networks of crises: The Bangalore North East Exodus

Network as Crisis: The unexpected visibility of a network

The Intersectional Network

Networking? Not working

The privacy factor

The next level

Networking its way to better governance

Networked Economies and Gender Action Learning

Network Neutrality Regulation across South Asia: A Roundtable on Aspects of Differential Pricing

Draft Agenda

Roundtable Questions:

Network Disruptions Report by Global Network Initiative

NETmundial: Tracking *Multistakeholder* across Contributions

NETmundial Roadmap: Defining the Roles of Stakeholders in Multistakeholderism

Introduction

Multistakeholderism

Towards a definition of respective roles: Analysis NETmundial submissions on Roadmap

NETmundial Day 2

NETmundial Day 1

NETmundial: Tracking Multistakeholder across Contributions