We are anonymous, we are legion

Muzzling the Internet

praskrishna — 2011-04-01T15:14:44Z

It is strange suddenly to be confronted with the provisions of a law passed way back in 2008. But why should the Information Technology Amendment Act, 2008, pushed through in the weeks following the 26/11 attacks in Mumbai be making news now? This news item by Sundeep Dougal was posted in Outlook on March 17, 2011.

The Economic Times, with a report headlined Government can switch off your internet if necessary breathlessly reported yesterday:

The Indian government has armed itself with powers to 'switch off' or kill the internet during times of national emergencies, becoming one of the first few countries to assume such far reaching authority. Even as the US and other western nations debate the judiciousness of giving the government's complete control to shut down cyber traffic, India has moved a step ahead and incorporated a provision under the IT Act of 2008, giving the Central government, or any of its officers specially authorised by it, to block the internet if necessary. The shutdown can happen in the interest of sovereignty and integrity of India, its defense, security of its states, friendly relations with foreign states or for public order. Failure to comply will result in imprisonment of up to seven

But perhaps the report can be excused for the simple reason that because the act was pretty much hustled through Parliament at a time when the national mindspace was preoccupied with other concerns, there was not much analysis or criticism in the mainstream media, though specialised blogs did raise an alarm even then. [See one critique dating back to December 2008 here April 2010 here -- and for the record, the bill was endorsed by the President in Feb 2009, and then only notified in October 2009.]

Read the ET report further and you realise that the reference was perhaps occasioned by the following development that the news report went on to provide:

Not satisfied with this provision, India is now moving ahead to develop alternate plans in case the 'switch' does not work. The draft plan by the Cabinet Committee on Security and Ministry of Home Affairs along with Ministry of IT & Communications to 'choke' the internet at will, which ET reported last year, is also learnt to be in its final stages.

Choking refers to handicapping the servers by subjecting it to multiple requests and attacks and preventing it from functioning effectively

But more dangerous to the issue of freedom of the internet were the recent reports, earlier in the month, of the blocking of Typepad, Mobango, Clickatell by some ISPs, though only one of them provided a message saying, "This site has been blocked as per request from the Department of Telecom". It was 2006 all over again.

As usual, the real problem was the total arbitrariness of the process and the confusion was confounded further when an unnamed Airtel spokesperson told the Hindu that there was no directive from the government, and this was “just a temporary network problem”.

The crux of the matter can be summed up in this one quote from Nikhil Pahwa of Medianama in the Hoot: "what gets me angry is that we wouldn't even have got to know of the blocking. There are never any indications of which websites are blocked and why. We have got to have more transparency on these issues."

Medianama also compiled and reported the following:

Tech2 wrote about a blogspot blackout on Feb 12th.
CuttingtheChai wrote about Kirtu.com, where the not-safe-for-work comic Savita Bhabhi was hosted, Mobango, Typepad and Clickatell being blocked on Feb 22nd.
Kafila reports, and this is something that we’ve also been told about as well, that Zone-H.org has been blocked as well. This is strange, but there is a suggestion that a company called E2 Labs got Zone-H blocked, because they did a post criticizing E2′s proposal to start a cyber security educational institution, alleging that there was falsification of information. A pdf of the post here, via Naavi.org. Again, we need clarity on why these blocks have been ordered. Also read Apar Gupta’s post
the utilitarian critique of E2 Labs v. Zone-H

Medianama further reported that on the sidelines of the Gov 2.0 conference last Friday, Communications & IT Minister Kapil Sibal passed the buck on the issue of lack of transparency in the way the Indian government blocks access to websites. Sibal told MediaNama that we should “Ask the Home Ministry, because this is a security issue.”

As Shivam Vij of Kafila asked:

All I want to ask Kapil Sibal is: How is Savita Bhabhi a threat to India’s national security? Wait, I have another question: why should I ask the Home Ministry when the orders for blocking come from your own Ministry, Mr Sibal, and the committee that decides on blocking has only one Home Ministry representative and two from your Ministry, sir?

In theory a lot of people will say that the internet can not be free of regulation, that the government must block some sites. But this is the problem in practice: the government will block a soft porn comic - only because it was talked about openly, discussed in the papers, and so on. Only because it came in the way of some bureaucrat’s antiquated sense of morality. Why, there are countless hard core Indian porn sites that are not blocked! (Oops, I shouldn’t be giving ideas.)

And when you wonder why the Government of India thinks Savita Bhabhi is too obscene for you, they will say national security!

If you don’t know about the Savita Bhabhi blocking issue, see this Huffington Post article.

All of this of course assumes ominous overtones when one considers the government's attitude on Wikileaks and offers an inkling of the shape of things to come when we look at the recent release of the long awaited draft rules for important sections of the Information Technology Act 2000, objections to which were sought from the public by February 28, 2011.

So far, the following draft rules have been formalised:

The Draft rule under section 43A- Reasonable security practices and procedures and sensitive personal information

Privacy India and Centre for Internet and Society, Bangalore have offered a detailed para-wise commentary here.

The Draft rule under section 79-Due diligence observed by intermediaries guidelines

A detailed, para-wise, criticism is available by the Centre for Internet and Society which pointed out, inter-alia:

they vest an extraordinary power of censorship in the hands of the intermediary, which could easily lead to the stifling of the constitutionally guaranteed freedom of speech online. Analogous restrictions do not exist in other fields, e.g., against the press in India or against courier companies, and there is no justification to impose them on content posted online. Taken together, these provisions make it impossible to publish critical views about anything without the risk of being summarily censored.

The rules are so loosely worded as to cover almost anything. For example, consider Section 3 of the proposed rules, particularly point (g):

"causes annoyance or inconvenience or deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature;"

Imagine the number of sensitive souls out there who could be claiming "inconvenience" because of "annoyance" having been caused.

The Draft rule under section 79-Guidelines for Cyber Cafe

A critique by PRS blog | Medianama | Centre for Internet and Society points out, inter alia, that

if enforced it will end up choking public access Internet in the country, whether through Cybercafes or at Wifi hotspots, which would cover all regular cafes that offer Internet access, the airport, where some telcos allow access, or even on-campus connectivity.

While the comments for the above rules were invited only till 28.02.2011, perhaps it would still be useful to let the authorities know what one thinks about these rules by sending an email to: grai AT mit.gov.in

Read the original post in the Outlook here

For more details visit https://cis-india.org/news/muzzling-internet

Mumbai no longer ‘meri jaan’

radha — 2011-04-04T06:52:29Z

Why online (and offline) activism after 26/11 never took off; what should have been done to mobilize people - an article in the Livemint by Seema Chowdhry and Samanth Subramanian - 20th November, 2009

On “One Million Strong for Bombay” (23,601 members), a 9 October post concerned the activist Hansel D’Souza, chairman of the Juhu Citizens’ Welfare Group, the Citizens’ Consensus candidate for the Andheri (West) assembly constituency; an earlier post involved the schedule of the Jazz Yatra. On “The Black Badge for Bombay” (853 members), the last post, from 31 August, wonders if Pakistan is a pawn being used by China against India.

“The idea behind ‘Black Badge for Bombay’ initially was to keep the pressure on so that the reaction to the attacks in terms of government preparedness results in concrete action,” says Somasekhar Sundaresan, the group’s creator. “The government has now set up a combat force in Mumbai, which was the stated immediate objective of this movement and
pressure group. After that, we needed to move on.”

Sundaresan admits that the posts have not been updated more frequently because he hasn’t worked hard enough to get people interested in newer issues. “Most of my discussions about civil rights movements are restricted to five or six friends who are members of this Facebook group too,” he says. “It is easier to talk to them because I meet them
professionally and personally often.” “The Black Badge for Mumbai” has also been unable to organize offline meetings.

What these groups lacked, according to Sunil Abraham, executive director of the Centre for Internet and Society in Bangalore, was a dedicated team to keep the momentum going. “They don’t have intelligently incremental action points that keep their audiences increasingly engaged,” he says in an email interview. “The creators often underestimate the importance of offline activities that will keep their audiences motivated. Finally, many of them take their membership for
granted and don’t bother sending regular updates or even an occasional thank you.”

It was perhaps the need to sustain momentum that drove some of the offline citizens’ groups into the political sphere. Anil Bahl allied his Let’s Rebuild India with the Professionals Party of India. A group called Jago Mumbai turned into the Jago Party, which fielded a candidate in the Lok Sabha election from north-west Mumbai. (He lost.) “We decided that we couldn’t do anything alone,” says Bhuresh Barot, a working member of the Jago Party. “You need to be in power to do anything.”

As his party’s south Mumbai coordinator, Barot witnessed a rapid dissolution of voter outrage back into voter apathy; in the Lok Sabha election, the turnout stood at 43.3%. “The main reason seemed to be that voters thought they already knew the ideology of every party,” Barot theorizes. “And they decided they simply didn’t have faith in the candidates.”

Link to original article

For more details visit https://cis-india.org/news/mumbai-no-longer-2018meri-jaan2019

Multistakeholders Consultation on International Public Policy Issues

praskrishna — 2014-02-03T10:07:54Z

The Department of Electronics & Information Technology has called for a meeting on January 21 in New Delhi to discuss international public policy issues. Snehashish Ghosh will participate in the meeting.

MAG Meeting Notice issued by the Department of Electronics & Information Technology on January 13 can be accessed here.

For more details visit https://cis-india.org/news/multi-stakeholders-consultation-on-intl-public-policy-issues-january-21-2014

Multistakeholder Consultation on Encryption

praskrishna — 2016-12-17T01:22:35Z

The Centre for Internet & Society (CIS) in collaboration with ORF and Takshashila Institution is organizing a Multi-Stakeholder Consultation on Encryption on December 17, 2016 at TERI in Bengaluru.

The consultation is intended to help shape the discussions around the new draft encryption policy slated to be released sometime early next year. The consultation will be divided into two segments: an open house and a panel discussion with high-level government representatives, including Dr. Gulshan Rai, the National Cyber Security Coordinator. The sessions start at 10.30 a.m. on December 17, 2016 and will go on for until approximately 4.30 p.m.

The discussions themselves will highlight inputs from the three main constituents affected by an encryption policy: civil society and end users, the private sector and government. The range of civil liberties and constitutional rights implicated by encryption, as well as the needs of businesses to secure data flows will be discussed. Government officials too are expected to join the consultation and will provide perspectives on encryption and legitimate access to data for law enforcement purpose.

For more info reach out to Udbhav Tiwari (udbhav@cisindia.org) or Bedavyasa Mohanty (bedavyasam@orfonline.org)

For more details visit https://cis-india.org/internet-governance/events/multistakeholder-consultation-on-encryption

Multiple Aspects Need to be Addressed as the Clamour Grows for Network Neutrality

sunil — 2015-04-16T13:33:03Z

In the global debate there are four violations of Network Neutrality that are considered particularly egregious.

The article was published in DNA on April 16, 2015.

One — blocking of destinations or services in order to force the consumer to pay extra charges for access, two — not charging or zero-rating of certain destinations and services with or without extraction of payment from the sender or destination, and three — throttling or prioritisation of traffic between competing destinations or services and four — specialised services wherein the very same Internet infrastructure is used to provide non-Internet but IP based services such as IP-TV.

The main harms of network neutrality violations are as follows: one, censorship by private parties without legal basis; two, innovation harms because the economic threshold for new entrants is raised significantly; three, competition harms as monopolies become more entrenched and then are able to abuse their dominant position; four, harms to diversity because of the nudge effect that free access to certain services and destinations has on consumers reducing the infinite plurality of the Internet to a set of menu options. The first and fourth harm could result in the Internet being reduced to a walled garden.

It is insufficient to try and address this with networking rules for engineers such as “all packets should be treated equally.” But a set of principles could be developed that can help us grow access without violating network neutrality. Wikimedia Foundation has already developed their principles which they call “Wikipedia Zero Operating Principles”. In India our principles could include the following. One, no blocking without legal basis. Two, transparency — all technical and commercial arrangements are to be disclosed to the public. Three, non-exclusivity — all arrangements should be available to all parties, no special deals for those you favour. Four, non-discrimination between equals — technologies and entities that are alike should be treated alike. Five, necessity — whilst some measure may be required occasionally when there is network congestion they should be rolled back in a time-bound fashion.

Once these principles are enforced through a network neutrality regulation, ISPs and telecom operators will be allowed to innovate with business and payment models. Steve Song, inventor of Village Telco says “My preferred take on zero-rating would be to zero-rate gprs/edge data in general so that there is a minimum basic access for all.” My colleague Pranesh Prakash says “One possibility, of many, is to create a single marketplace or exchange for zero-rating, through which one can zero-rate on all telecom networks for standard tiered rates that they publish, and terms that are known to the regulator. Banning is akin to a brahmastra in a regulator's arsenal: it should not be used lightly” Jochai Ben-Avie of Mozilla told me yesterday of experiments in Bangladesh where consumers watch an advertisement everyday in exchange for 5Mb of data. My own suggestion to address the harms caused by walled gardens would be to make them leak – mandate that unfettered access to the Internet be provided every other hour.

There is many other ways in which the Internet has been transformed in India and other countries but these are not commonly considered network neutrality violations. Here are some examples. One, blocking of port 25 — a port that is commonly used to relay email spam. Two, blocking of port 80 – so that domestic connections cannot be used to host web servers. Three, the use of private IP addresses, ISPs who are delaying migration to IPv6 infrastructure because of cost implications leverage their IPv4 address inventory by using Carrier Grade — Network Address Translators [CG-NATs]. Four, asymmetric connections where download speeds for consumers are faster than upload speeds. With the exception of the first example — all of them affect end users negatively but do not usually impact corporations and therefore have been unfortunately sidelined in the global debate.

The TRAI consultation paper reveals many of the concerns of the telecom operators that go beyond the scope of network neutrality. Many of these concerns are very legitimate. There is a scarcity of spectrum — this could partially be addressed by auctioning more spectrum, scientific management of spectrum, promotion of shared spectrum and unlicensed spectrum. Their profit margins are thinning – this could be addressed by dismantling the Universal Service Obligation Fund, it is after all as Rohan Samarajiva puts it “a tax on the poor.” Internet companies don't pay taxes – this could be addressed by the Indian government, by adopting the best practices from the OECD around preventing tax avoidance. But some of their concerns cannot be addressed because of the technological differences between telecom and Internet networks. While it is relatively easy to require telecom companies to provide personal information and allow for interception of communications, those Internet companies that use end-to-end encryption cannot divulge personal information or facilitate interception because it is technologically impossible. While the first two concerns could be addressed by TRAI, the last two should be addressed by other ministries and departments in the Indian government.

There are other concerns that are much more difficult to address without the deep understanding of latest advancements in radio communication, signal processing and congestion control techniques in packet switched networks. A telecom expert who did not wish to be identified told me that “even 2G TDM voice is 10 to 15 times more efficient when compared to VOIP. IP was developed to carry data, and is therefore not an efficient mode to carry voice as overhead requirement for packets destroys the efficiency on voice. Voice is best carried close to the physical layer where the overheads are lowest.” He claims that since “VOIP calls are spectrally inefficient they should be discouraged” through differential pricing. We need accessible scientific literature and monitoring infrastructure so that an evidence base around concerns like this can be created so as to address them effectively through regulatory interventions.

You know you have reached a policy solution when all concerned stakeholders are equally unhappy. Unfortunately, the TRAI consultation paper assumes that Internet companies operate in a regulatory vacuum and therefore places much unnecessary focus on the licensing of these companies. This is a disastrous proposal since the Internet today is the result of “permission-less innovation”. The real issue is network neutrality and one hopes that after rigorous debate informed by scientific evidence TRAI finds a way to spread unhappiness around equally.

The author works for the Centre for Internet and Society which receives funds from Wikimedia Foundation which has zero-rating alliances with telecom operators in many countries across the world.

For more details visit https://cis-india.org/internet-governance/blog/dna-april-16-2015-sunil-abraham-multiple-aspects-need-to-be-addressed-as-the-clamour-grows-for-network-neutrality

Multinational Cyber Security Forum at University of Haifa

Admin — 2017-11-27T14:34:59Z

Sunil Abraham participated in a meeting in Israel on Multinational Cyber Security Forum hosted by Center for Cyber, Law and Policy and University of Haifa in collaboration with the Hewlett Foundation Cyber Initiative.

The workshop was held from November 5 to 7, 2017. The objective of the workshop was to facilitate a free and open exchange among participants under the Chatham House Rules. The workshop sought to identify areas of agreement and dissent pertaining to cyber security regulation and to explore issues that require further research, clarification and development.

For more details visit https://cis-india.org/internet-governance/news/multinational-cyber-security-forum-at-university-of-haifa

Multi-stakeholder Models of Internet Governance within States: Why, Who & How?

geetha — 2014-06-16T14:27:38Z

Internet governance, for long a global exercise, has found new awareness within national frameworks in recent times. Especially relevant for developing countries, effective national IG mechanisms are important to raise awareness and ensure multi-stakeholder participation at technical, infrastructural and public policy levels.

This post is a surface-level overview of national IG bodies, and is intended to inform introductory thoughts on national IG mechanisms.

A Short Introduction

The previous decade has seen a proliferation of regional, sub-regional and national initiatives for Internet governance (IG). Built primarily on the multi-stakeholder model, these initiatives aim at creating dialogue on issues of regional, local or municipal importance. In Asia, Bangladesh has instituted a national IGF, the Bangladesh IGF, with the stated objective of creating a national multi-stakeholder forum that is specialized in Internet governance issues, and to facilitate informed dialogue on IG policy issues among stakeholders. India, too, is currently in the process of instituting such a forum. At this juncture, it is useful to consider the rationale and modalities of national IG bodies.

The Internet has long been considered a sphere of non-governmental, multi-stakeholder, decentralized, bottom-up governance space. The Declaration of Independence of Cyberspace, John Perry Barlow’s defiant articulation of the Internet’s freedom from governmental control, is a classic instance of this. The Internet is a “vast ocean”, we claimed; “no one owns it”.[1] Even today, members of the technical community insist that everyone ought to “let techies do their job”: a plea, if you will, of the complexity of cyber-walls and –borders (or of their lack).

But as Prof. Milton Mueller argues in Ruling the Root, the Internet has always been a contentious resource: battles over its governance (or specifically, the governance of the DNS root, both the root-zone file and the root servers) have leapt from the naïveté of the Declaration of Independence to a private-sector-led, contract-based exploitation of Internet resources. The creation of ICANN was a crucial step in this direction, following arbitrary policy choices by Verizon and entities managing the naming and numbering resources of the Internet.

The mushrooming of parallel tracks of Internet governance is further evidence of the malleability of the space. As of today, various institutions – inter-governmental and multi-stakeholder – extend their claims of governance. ICANN, the World Summit of Information Society, the World Conference on International Telecommunications, the Internet Governance Forum and the Working Group on Enhanced Cooperation under the ECOSOC Committee for Science, Technology and Development are a few prominent tracks. As of today, the WSIS process has absorbed various UN special bodies (the ITU, UNESCO, UNCTAD, UNDP are but a few), with the UNESCO instituting a separate study on Internet-related issues. A proposal for a multilateral Committee on Internet-Related Policies remains stillborn.

Amongst these, the Internet Governance Forum (IGF) remains a strong contender for a truly multi-stakeholder process facilitating dialogue on IG. The IGF was set up following the recommendation of the Working Group of Internet Governance (WGIG), constituted after the Geneva phase of the WSIS.

Rationale: Why Have National IG bodies?

The issue of national multi-stakeholder cooperation/collaboration in IG is not new; it has been alive since the early 2000s. The Tunis Agenda, in paragraph 80, encourages the “development of multi-stakeholder processes at the national, regional and international levels to discuss and collaborate on the expansion and diffusion of the Internet as a means to support development efforts to achieve internationally agreed development goals and objectives, including the Millennium Development Goals” (emphasis supplied).

In its June 2005 Report, the Working Group on Internet Governance (WGIG) emphasizes that “global Internet governance can only be effective if there is coherence with regional, subregional and national-level policies”. Towards this end it recommends that “coordination be established among all stakeholders at the national level and a multi-stakeholder national Internet governance steering committee or similar body be set up” (emphasis supplied). The IGF, whose creation the WGIG recommended, has since been commended for its impact on the proliferation of national IGFs.

The rationale, then, was that multi-stakeholder steering committees at the national level would help to create a cohesive body to coordinate positions on Internet governance. In Reforming Internet Governance, WGIG member Waudo Siganga writes of the Internet Steering Committee of Brazil as a model, highlighting lessons that states (especially developing countries) may learn from CGI.br.

The Brazilian Internet Steering Committee (CGI.br) was set up in 1995 and is responsible, inter alia, for the management of the .br domain, distribution of Internet addresses and administration of metropolitan Internet exchange points. CERT.br ensures network security and extends support to network administrators. Siganga writes that CGI.br is a “well-structured multistakeholder entity, having representation from government and democratically chosen representatives of the business sector, scientific and technological community and an Internet expert”.

Why is CGI.br a model for other states? First, CGI.br exemplifies how countries can structure in an effective manner, a body that is involved in creating awareness about IG issues at the national level. Moreover, the multi-stakeholder nature of CGI.br shows how participation can be harnessed effectively to build capacity across domestic players. This also reflects the multi-stakeholder aspects of Internet governance at the global level, clarifying and implementing the WSIS standards (for instance). Especially in developing countries, where awareness and coordination for Internet governance is lacking at the national level, national IG committees can bridge the gap between awareness and participation. Such awareness can translate into local solutions for local issues, as well as contributing to an informed, cohesive stance at the global level.

Stakeholders: Populating a national IG body

A national IG body – be in steering committee, IGF or other forum – should ideally involve all relevant stakeholders. As noted before, since inception, the Internet has not been subject to exclusive governmental regulation. The World Summit on Information Society recognized this, but negotiations amongst stakeholders resulted in the delegation of roles and responsibilities: the controversial and much-debated paragraph 35 of the Tunis Agenda reads:

Policy authority for Internet-related public policy issues is the sovereign right of States. They have rights and responsibilities for international Internet-related public policy issues.
The private sector has had, and should continue to have, an important role in the development of the Internet, both in the technical and economic fields.
Civil society has also played an important role on Internet matters, especially at community level, and should continue to play such a role.
Intergovernmental organizations have had, and should continue to have, a facilitating role in the coordination of Internet-related public policy issues.
International organizations have also had and should continue to have an important role in the development of Internet-related technical standards and relevant policies.

This position remains endorsed by the WSIS process; the recent WSIS+10 High Level Event endorsed by acclamation the WSIS+10 Vision for WSIS Beyond 2015, which “respect mandates given by Tunis Agenda and respect for the multi-stakeholder principles”. In addition to government, the private sector and civil society, the technical community is identified as a distinct stakeholder group. Academia has also found a voice, as demonstrated by stakeholder-representation at NETmundial 2014.

A study of the Internet Society (ISOC) on Assessing National Internet Governance Arrangements, authored by David Souter, maps IG stakeholders at the global, regional and national levels. At the global level, primary stakeholders include ICANN (not-for-profit, private sector corporation involved in governance and technical coordination of the DNS), the IETF, IAB and W3C (technical standards), governments and civil society organizations, all of which participate with different levels of involvements at the IGF, ICANN, ITU, etc.

At the national/municipal level, the list of stakeholders is as comprehensive. Governmental stakeholders include: (1) relevant Ministries (in India, these are the Ministry of Information and Broadcasting, and the Ministry of Communications and Information Technology – the Department of Electronics and Information Technology under the MCIT is particularly relevant), and (2) regulators, statutory and independent (the Telecom Regulatory Authority of India, for example). At the national level, these typically seek inputs from other stakeholders while making recommendations to governments, which then enact laws or make policy. In India, for instance, the TRAI conducts consultations prior to making recommendations to the government.

Within the private sector, there may be companies (1) on the supply-side, such as infrastructure networks, telecommunications service companies, Internet Service Providers, search engines, social networks, cybercafés, etc., and (2) on the demand-side, online businesses, advertising/media, financial service providers, etc. who use the Internet. There may also be national registries managing ccTLDs, such as the Registro.br or the National Internet Exchange of India (NIXI). There may also the press and news corporations representing both corporate and public interest under specific circumstances (media ownership and freedom of expression, for distinct examples).

Civil society organisations, including consumer organisations, think-tanks and grassroots organisations, participate at various levels of policy-making in the formal institutional structure, and are crucial in representing users and public interest. The complexity of stakeholders may be seen from Souter’s report, and this enumeration is but a superficial view of the national stakeholder-population.

Processes: Creating effective national IG bodies

National IG bodies – be they steering committees, IGFs, consultative/working groups or other forums – may be limited by formal institutional governmental settings. While limited by the responsibility-gradient in paragraph 35 of the Tunis Agenda, an effective national IG body requires robust multi-stakeholder participation, as Souter notes, in technical governance, infrastructure and public policy issues. Its effectiveness also lies in governmental acquiescence of its expertise and recommendations; in short, in the translation of the IG body’s decisions into policy.

How do these stakeholders interact at the national level? In addition to the Brazilian example (CGI.br), an ISOC study by Souter and Monica Kerretts-Makau, Internet Governance in Kenya: An Assessment, provides a detailed answer. At the technical level, the registry KENIC manages the .ke domain, while the Kenya Computer Incident Response Team Coordination Centre coordinates national responses to incidents and collaborates internationally on cyber-security issues. A specific IPv6 Force to promote Kenya’s transition to IPv6 was also created.

At the infrastructural level, both the government and the private sector play important roles. Directly, ministries and government departments consult with infrastructure providers in creating policy. In India, for instance, the TRAI conducts multi-stakeholder consultations on issues such as telecom tariffs, colocation tariffs for submarine cable stations and mobile towers, etc. The government may also take a lead in creating infrastructure, such as the national optic fibre networks in India and Kenya, as also creating investment opportunities such as liberalizing FDI. At the public policy level, there may exist consultations initiated by government bodies (such as the TRAI or the Law Commission), in which other stakeholders participate.

As one can see, government-initiated consultations by ministries, regulators, law commissions or specially constituted committees. Several countries have also set up national IGFs, which typically involve all major stakeholders in voluntary participation, and form a discussion forum for existing and emerging IG issues. National IGFs have been considered particularly useful to create awareness within the country, and may best address IG issues at the domestic policy level. However, Prof. Mueller writes that what is necessary is a “reliable mechanism reliable mechanisms for consistently feeding the preferences expressed in these forums to actual global policy-making institutions like ICANN, RIRs, WIPO, and WTO which impact distributional outcomes”.

[1] M. Mueller, Ruling the Root: Internet Governance and the Taming of Cyberspace 57 (2002).

For more details visit https://cis-india.org/internet-governance/blog/multi-stakeholder-models-of-internet-governance-within-states-why-who-how

Multi-stakeholder Internet Governance: The Way Ahead

praskrishna — 2014-07-29T07:08:04Z

The Centre for Internet and Society (CIS) in partnership with Software Freedom Law Centre (SFLC.in) is organizing a workshop "Multi-stakeholder Internet Governance: The Way Ahead" on August 6, 2014, 10.30 a.m. to 12.00 p.m., at during the APrIGF event to be held at Crown Plaza, Greater Noida.

Thematic Area of Interest

Enhanced Cooperation & the Multi-stakeholder model

Introduction:
Today, multi-stakeholderism is the catchphrase in Internet governance. With the display of a multi-stakeholder model at NETmundial, controversies and opinions regarding the meaning, substance and benefits of multi-stakeholderism have deepened. As the recent meeting of the Working Group on Enhanced Cooperation of the United Nations Commission on Science, Technology and Development demonstrates, questions and concerns regarding meaning of multi-stakeholderism, the

legitimacy and desirability of its processes, and the successes and disappointments of its outcomes now dominate the discussion. At this juncture, clarity and consensus are imperative to determine the future of multi-stakeholderism in Internet governance.

Roles and responsibilities of stakeholders:
The debates surrounding stakeholder-roles in Internet governance began with ¶ 49 of the Geneva Declaration of Principles and ¶ 35 of the Tunis Agenda, which delineated clear roles and responsibilities. It created a ‘contributory’ multi-stakeholder model, where states held sovereign authority over public policy issues, while business and civil society were contributed to ‘important roles’ at the ‘technical and economic fields’ and the ‘community level’, respectively. At the same time, it set forth an agenda for enhanced cooperation.

As the WGEC meeting (April 30-May 2, 2014) demonstrated, there is as yet no consensus on stakeholder-roles. Certain governments remain strongly opposed to equal roles of other stakeholders, emphasizing their lack of accountability and responsibility. Civil society is similarly splintered, with a majority opposing the Tunis Agenda delineation of stakeholder-roles, while others remain dubious of permitting the private sector an equal footing in public policy-making. Still others question the wisdom of seeking a ‘fix’ when ‘nothing is broken’. In this session, we aim to interrogate the benefits and disadvantages of an ‘equal footing’ model, as opposed to a ‘contributory’ model.

Specific Issues of Discussions & Description

Who are the stakeholders? Should a multi-stakeholder model of Internet governance grant all stakeholders ‘equal footing’? Should such ‘equal footing’ be relegated to issues other than substantive public policy-making? On the other hand, is a ‘contributory’ model safer? Are states better equipped to represent interests inclusively? How can governments and businesses best perform their role as trustees of the public interest of interest users?

In view of the formidable consolidation by the private sector at NETmundial, while civil society splintered on issues of intellectual property and intermediary liability, can a ‘participative model’ better prevent detrimental outcomes?

Multi-stakeholderism beyond NETmundial:
As important as the meaning of multi-stakeholderism is the process of its execution. The need to fashion safe and sustainable processes for multi-stakeholder participation was highlighted by the successes and failures of private sector and civil society at NETmundial. From the ICANN and IGF models to stakeholder coalitions, premeeting coordination and governmental policy participation, this session shall expand on the quest for effective and beneficial stakeholder participation and representation in both the ‘equal footing’ and ‘contributory’ models, with a focus on enhancing developing country participation.

Particularly, lessons that Internet governance may draw from multi-stakeholder governance processes across areas shall be discussed. For instance, deliberative democracy, enterprise associations or unions (such as in the International Labour Organisation) may all be of value. Similarly, multi-stakeholder processes in environmental and corporate governance and the development sector may benefit Internet governance. In determining the value of these processes to Internet governance, public interest of users is an important consideration. The capability and initiative of governments to implement an effective bottom-up model of Internet governance is equally important and will be considered.

We aim to conduct a 90-minute workshop (2 panels of 45 minutes each), inclusive of 15-30 minutes in all for Q&A from audience, panellists and moderators.

For more details visit https://cis-india.org/internet-governance/events/multi-stakeholder-internet-governance-the-way-ahead

Multi-Stakeholder Consultation on ‘Internet Rights, Accessibility, Regulation & Ethics’

praskrishna — 2012-07-25T10:22:48Z

Digital Empowerment Foundation, Association for Progressive Communications, Department of Information Technology and National Internet Exchange of India came together to organize an event on "Internet Rights, Accessibility, Regulation & Ethics". This was held at Mirza Ghalib Hall, SCOPE Complex, New Delhi from 9.00 a.m. to 2.30 p.m. on May 3, 2012. Pranesh Prakash was a speaker.

The core aim of the dedicated half-day consultation programme was to discuss, deliberate and debate over the internet related concerns, covering the larger theme of internet and outlining India’s progress towards ‘Internet Access for All’, and specific areas of concern – right to information, internet & information access, internet governance, Internet regulation, content specifications, cyber law, and appropriate policy framework.

The consultation was an effort to encourage stakeholders to adopt relevant, appropriate and time bound measures to accelerate the availability, affordability and accessibility of the internet and address issues around it.*

Video

External Links

*See the original info published at Digital Empowerment Foundation, Multi-Stakeholder Consultation on ‘Internet Rights, Accessibility, Regulation & Ethics’ : Digital Empowerment Foundation, http://bit.ly/OGyYeg, last accessed on June 29, 2012.
Click here for the Event Agenda
See the video on YouTube

For more details visit https://cis-india.org/internet-governance/internet-rights-accessibility-regulation-ethics

Multi-stakeholder Advisory Group Analysis

jyoti — 2016-04-12T10:02:31Z

This analysis has been done to see the trend in the selection and rotation of the members of the Multistakeholder advisory group (MAG) in the Internet Governance Forum (IGF). The MAG has been functional for nine years from 2006-2015. The analysis is based on data procured, collated and organised by Pranesh Prakash and Jyoti Panday. Shambhavi Singh, Law Student, NLU Delhi who was interning with CIS at the time also assisted with the organisation and analysis of the data.

The researcher has collected the data from the lists of members available in the public domain from 2010-2015. The lists prior to 2010 have been procured by the Centre for Internet and society from the UN Secretariat of the Internet Governance Forum (IGF).

This research is based solely upon the members and the nature of their stake holding has been analysed in the light of MAG terms of reference. No data has been made available regarding the nomination process and the criteria on which a particular member has been re-elected to the MAG (The IGF Secretariat does not share this data).

According to the analysis, in these six years, the MAG has had around 182 members from various stakeholder groups.

We have divided it into five stakeholder groups, Government, Civil Society, Industry, Technical Community and Academia. Any overlap between two or more of these groups has also been taken into account, for example- A member of the Internet Society (ISOC) being both in the Civil Society and Technical Community.

According to the MAG Terms of Reference[1], it is the prerogative of the UN Secretary General to select MAG Members. The general policy is that the MAG members are appointed for a period of one year, which is automatically renewed for 2 more years consecutively depending on their engagement in MAG activities.

There is also a policy of rotating off 1/3^rd members of MAG every year for diversity and taking new viewpoints in consideration. There is also an exceptional circumstance where a person might continue beyond three years in case there is a lack of candidates fitting the desired area.

However, it seems like the exception has become the norm as a whopping number of members have continued beyond 3 years, ranging from 4 years up to as long as 8 years, this figure rounds up to around 49. No doubt some of them are exceptional talents and difficult to replace. However, the lack of transparency in the nomination system makes it difficult to determine the basis on which these people continued beyond the usual term.

S. No.	Stakeholder	Number of years	Total Members continuing beyond 3 years
1	Civil Society	8, 6, 6, 4, 4,	5
2	Government/Industry	4, 5	2
3	Technical community/ Civil society	8, 8, 8, 6, 6, 4, 4, 4, 4,4	10
4	Industry/ Civil society	8, 6,	2
5	Industry	8, 7, 7, 6, 6, 4,	6
6	Industry/Tech Community/ Civil Society	8,	1
7	Government	7, 7, 7, 6, 6, 6, 6, 5, 5, 5, 5, 5, 5, 4, 4, 4, 4, 4, 4,	19
8	Academia	6, 6, 5,	3
9	Industry/ Tech community	6,	1

The stakeholders that have continued beyond 8 years have around 39% members from Government and related agencies. The next being Technical Community/Civil Society with around 20% representation, followed by Industry at 12%, 10% from the Civil Society, 6% from Academia, 4% from Government/Industry, 4% from Industry/Civil Society and 2% each from Industry/Technical Community and Industry/Technical Community/Civil Society respectively.

Table with overlapping interests merged

S. No.	Stakeholder	Total Members continuing beyond 3 years
1	Civil Society	7 + 9 + 1+1 = 18
2	Government	19
3	Tech Community	9 + 1 + 1+1 = 12
4	Industry	6 + 2 + 1 + 1+2 = 13
5	Academia	3

When the overlap is grouped separately, as in if a Technical Community/Civil Society person is placed both in Technical Community and Civil Society groups individually, then the representation of stakeholder representation is as follows(approximate values)-

Government- 29%

Civil Society- 28%

Industry- 20%

Technical Community-17%

Academia-5%

This clearly shows us that stakeholders from academia generally did not stay on MAG beyond 3 years. Even when all members that have ever been on MAG are taken into consideration, only around 8% representation has been from the academic community. This needs to be taken into account when new MAG members are selected in 2016.

The researcher has also looked at the MAG Representation based on gender and UN Regional Groups. The results of the analysis were as follows-

The ratio of male members is to female members is approximately 16:9 in the MAG and the approximate value in percentage being 64% and 36% respectively.

Now coming to the UN Regional Groups, the results that the analysis yielded were as follows-

The Western European and Others Group (WEOG) has the highest representation in MAG, a large number of members being from Switzerland, USA and UK. This is followed by the Asia Pacific Group which has 20% representation. The third largest is the African group with 19% representation followed by Latin American and Caribbean Group (GRULAC) and Eastern European Group with 13% and 12% representation respectively.

The representation of developed, developing and Least Developed Countries is as follows-

Developed countries have approximately 42% representation, developing countries having 53% and LDCs having a mere 5% representation. There should be some effort to strive for better LDC representation as they are the most backward when it comes to Global ICT Penetration. [2]

[1] Intgovforum.org, 'MAG Terms Of Reference' (2015) <http://www.intgovforum.org/cms/175-igf-2015/2041-mag-terms-of-reference> accessed 13 July 2015.

[2] ICT Facts And Figures (1st edn, International Telecommunication Union 2015) <http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2015.pdf> accessed 11 July 2015.

For more details visit https://cis-india.org/internet-governance/blog/mag-analysis

Much at stake for tech sector in UID project

praskrishna — 2011-12-12T13:10:49Z

With the Parliamentary Standing Committee on Finance raising a red flag against the National Identification Authority of India ( NIAI) Bill to grant the UID (or Aadhar) project legal status, the project looks set for a slowdown. That could have broad implications for the tech sector that had laid substantial hope on it, especially when global markets are slowing down.

The UID project is estimated to offer IT companies a Rs 15,000-Rs 20,000-crore opportunity. This includes building an ecosystem around the project, comprising biometrics, databases, smartcards, storage and system integration.

Since the UIDAI implements an open-system, plugand-play approach, entrepreneurs and startups can develop applications in numerous areas. Some of the applications of Aadhar is seen in areas such as food distribution, financial inclusion, and know-your-customer services.

The parliamentary committee has said that the project might be too expensive and duplicates the National Population Register's (NPR) efforts to collect biometric and other data for the national census. Some have also called for a change of collection of data from biometric data, which they consider insecure for smart cards (as fraudsters can take your fingerprints from objects that you touch). The Cabinet need not accept the committee's recommendations.

Thus it is unclear if the UID project will be scrapped, watered down or persisted with in its current form. Some contracts have been granted to tech majors. According to the said current contracts are not significantly large in size and their cancellation will not make a big dent in the companies' books. He added that scrapping of project from a longer term perspective could be a negative.

Government public services initiatives like public distribution system UIDAI website, Wipro in March 2011 won a contract to supply, install, and commission hardware and software for data centres at Bangalore and NCR. MindTree in April 2010 won a contract for application software development, maintenance and support. TCS, Accenture, HP, Satyam, Intelenet Global, HCL Infosystems, Geodesic are some others that have won contracts.

Ankur Rudra, IT sector analyst at Ambit Capital, (PDS) and e-governance schemes are expected to spark off more projects requiring technology enablement.

Sunil Abraham, ED of the Centre for Internet and Society, said if changes are incorporated to the Bill, it would not necessarily be anti-technology. The organization had raised concerns about security issues around biometric data. "There might be a change in the design of the UID project, but technology will remain a critical element," he added. Siddharth Pai, MD of global sourcing advisory firm Technology Partners International (TPI) India, said that the UID project is a very critical infrastructure from a national perspective and chances of the project being scrapped are little.

He added that tech companies might experience delay in government spends and see a delay in project execution. This may lead to delays in revenue yields. IT company officials also acknowledge that there could be delays in projects which could increase costs for them. None wanted to be quoted on this issue.

This article by Pranav Nambiar was published in the Economic Times on 12 December 2011. Sunil Abraham has been quoted in this. Read the original here

For more details visit https://cis-india.org/news/much-at-stake-for-tech-sector

MPs to be taught ‘draconian’ IT Act Rules as India.net support galvanises for annul motion

praskrishna — 2012-04-25T10:39:48Z

The blog post by Prachi Shrivastava was published in Legally India on April 23, 2012.

Rajya Sabha’s member of parliament (MP) from Kerala, P Rajeeve, whose statutory motion to annul the IT (Intermediaries Guidelines) Rules 2011 is slated for discussion in Parliament tomorrow, aims to convene a meeting of MPs, internet societies, and bloggers in the first week of May to create awareness against the draconian effect of the rules.

“Most of the MPs need to know about this,” Rajeeve told Legally India, explaining that statutory motions are generally not easy to pass. “Actually we are trying to create awareness by organizing a session. The issue will be the IT Rules 2011 and how it is against the constitution, how it is against natural justice, how it is against due process of law.”

“The motion has been accepted. The committee has allotted time for discussion on the twenty fourth. Thereafter it will come to the house. In this part of the session I am trying to coordinate other MPs to get support”, he said.

Rajeeve’s motion of 23 March 2012, as first reported by CIS-India, was not his first attempt at bringing the IT rules into the spotlight. When the rules were in draft stage, he had made a zero hour mention against them for being in violation of freedom of speech and expression, by over-scrutinising bloggers, over-authorising intermediaries, and letting the government, individuals and institutions by-pass the due process of law.

Rajeeve was one of the nine panelists in the open discussion on “Resisting Internet Censorship”, organised by the Centre for Internet and Society (CIS) and Foundation for Media Professionals, in Bangalore on Saturday, 21 April. The discussion, addressing an audience of 40, was moderated by veteran journalist Paranjoy Guha Thakurta.

Other panelists included Mahesh Murthy, founder of digital marketing website Pinstorm, Sudhir Krishnaswamy, founding member of Centre for Law and Policy Research, Na Vijayashankar, director of Cyber Law College, and Siddharth Narain from the Alternative Law Forum.

Also on the panel were Rishabh Dara, Google policy fellow who conducted a study last year on intermediary liability in India and its chilling effects on free expression, BG Mahesh, founder of Oneindia.com, Ram Bhat, co-founder of community media collective Maraa, and Pranesh Prakash, programme manager at CIS.

Prakash said that the discussion brought together different perspectives, even those of the entrepreneur, like BG Mahesh and Mahesh Murthy. “Transparency in the terms of censorship is good. We are not saying all censorship is bad, but that it should be transparent.”

Prakash told Legally India about the various experiences shared by panelists, of the lack of transparency in the present system of censorship. While one faced harassment by the police over trivial procedural compliances, there was complaint for defamation against an article syndicated by another from a different publication’s press release. “And we read the article over and over and over again but couldn’t find anything which was remotely defamatory.”

Legal experts on the panel, Kirshnaswamy and Vijayashankar, spoke about the constitutionalism behind free speech provisions. Narain shed light on the fact that while excessive energy has been expended on highlighting which content should not be banned, little has been spent on examining the operative procedures behind censorship.

Dara spoke about his research and how it not only revealed that content was being frivolously removed on complaints to intermediaries, but also that the people whose content was being removed were not being informed of the same. There was no public notice of the removal.

Bhat’s discourse drew attention to the history of censorship in India and elicited the fact that the Indian press has in fact been censored in an upsetting manner even since the revolt of 1857.

Murthy made the observation that statistically speaking, in India the number of internet users exceeds television watchers, which has made social media unfathomably important while the internet is no longer elitist.

A number of related Indian initiatives have been gathering momentum in recent months, such as signature campaigns for internet freedom, and offline protests such as the Free Software Movement in Karnataka and the Save your Voice in Delhi, are the order of the day. Other actions include writing to MPs, asking them to vote in favor of Rajeeve’s statutory motion for annulment of the IT rules.

Kerala-based advocate Shojan Jacob filed the first ever writ challenging the rules in the Kerala High Court last month.

The rules enable any individual or public or private institution to get content removed from websites, in most cases simply by notifying the website owners or intermediaries such as Google, Yahoo and others.

Takedown requests can be based on any of 15 vaguely drafted parameters, without stating any reasons or requiring any judicial or quasi-judicial order in support.

Click to read the original.

For more details visit https://cis-india.org/news/draconian-it-rules

MPs oppose curbs on internet; Sibal promises discussions

praskrishna — 2012-05-24T10:25:35Z

With MPs raising concerns over open-ended interpretations of restrictive terms in the rules seeking to regulate social media and internet, the government promised to evolve a consensus on points of contention.

Pranesh Prakash is quoted in this article published by the Times of India on May 18, 2012

Telecom minister Kapil Sibal's assurance came at the end of an engrossing debate in Rajya Sabha on a motion moved by CPM MP P Rajeeve who said the rules violated freedom of expression and free speech.

He found support from leader of opposition Arun Jaitley who picked several examples to point out that terms or descriptions like "harmful", "blasphemous" and "defamatory" did not lend themselves to precise legal definitions.

Jaitley said what the government may find defamatory may not be seen in similar light by its critics. He also pointed to the difficulties of controlling technology and asked if it was desirable to do so.

Assuring MPs who sought the annulment of 'rules' which are aimed at regulating internet content, Sibal said, "My assurance to the House is that I will request the MPs to write letters to me objecting to any specific words. I will then call a meeting of the members as well as the industry and all stakeholders. We will have a discussion and whatever consensus emerges, we will implement it."

The move to put rules in place flows from the government's annoyance with what it sees as scurrilous and disrespectful comments about senior Congress leaders. It had suggested pre-screening of content which service providers were reluctant to consider.

The motion for annulling the Information Technology (Intermediaries Guidelines) Rules notified in April 2011 was, however, defeated by a voice vote. Justifying the rules, the minister said "these are sensitive issues" as most internet companies were registered abroad and not subjected to Indian laws.

TOI was first to report about the new rules that put a lot of the onus on intermediaries like internet service providers, Facebook and Twitter, to manage and monitor content produced by their users. Web activists believe the IT rules are open to arbitrary interpretation and can be misused to silence freedom of speech.

Google, which participated in the public consultative process before the rules were framed, had told TOI, "If Internet platforms are held liable for third party content, it would lead to self-censorship and reduce the free flow of information."

Moving the motion, Rajeeve said, "I am not against any regulation on internet but I am against any control on internet... In control, there is no freedom... These rules attempt to control internet and curtail the freedom of expression."

Complimenting the CPM member, Jaitley said, "I think he (Rajeeve) deserves a compliment for educating us on this rule that Parliament has a supervisory control as far as subordinate legislations are concerned, and, if need be, we can express our vote of disapproval to the subordinate legislations."

MPs felt the government should consider a regime where offensive content can be removed immediately after being posted rather than trying to sieve it out.

Noting that it is extremely difficult, if not impossible, to defy technology and that the days of withholding information have gone, Jaitley urged the minister to "reconsider the language of restraints" to prevent its misuse. He pointed to certain words - harmful, harassing, blasphemous, defamatory - used in the rules, explaining how these could be interpreted/misinterpreted at any stage.

The MPs did note that the internet had a risk of inciting hate speech and frenzy in society and therefore it needed to be restrained but the device could be swift identification of objectionable content.

Pranesh Prakash of Centre for Internet and Society, an organization that has been advocating withdrawal of the rules, said he was sad with the outcome in Rajya Sabha. "The IT minister has promised to hold consultations but the ideal way to do so would have been to scrap the rules and start from scratch," he said.

"It's not only about language in these rules. There is a problem with provisions like the one that empowers intermediaries to remove content without notifying the user who had uploaded the content or giving users a chance to explain themselves."

For more details visit https://cis-india.org/news/mps-oppose-curbs-on-internet

Moving Towards a Surveillance State

atreya — 2013-07-15T05:57:15Z

The cyberspace is a modern construct of communication and today, a large part of human activity takes place in cyberspace. It has become the universal platform where business is executed, discourse is conducted and personal information is exchanged. However, the underbelly of the internet is also seen to host activities and persons who are motivated by nefarious intent.

Note: The original tender document of the Assam Police dated 28.02.2013 along with other several other tender documents for procurement of Internet and Voice Monitoring Systems is attached as a zip folder.

As highlighted in the International Principles on the Application of Human Rights to Communications Surveillance, logistical barriers to surveillance have decreased in recent decades and the application of legal principles in new technological contexts has become unclear. It is often feared that in light of the explosion of digital communications content and information about communications, or "communications metadata," coupled with the decreasing costs of storing and mining large sets of data and the provision of personal content through third party service providers make State surveillance possible at an unprecedented scale. Communications surveillance in the modern environment encompasses the monitoring, interception, collection, preservation and retention of, interference with, or access to information that includes, reflects, arises from or is about a person's communications in the past, present or future.[*] These fears are now turning into a reality with the introduction of mass surveillance systems which penetrate into the lives of every person who uses any form of communications. There is ample evidence in the form of tenders for Internet Monitoring Systems (IMS) and Telecom Interception Systems (TCIS) put out by the Central government and various state governments that the Indian state is steadily turning into an extensive surveillance state.

While surveillance and intelligence gathering is essential for the maintenance of national security, the creation and working of a mass surveillance system as it is envisioned today may not necessarily be in absolute conformity with the existing law. A mass surveillance system like the Central Monitoring System (CMS) not only threatens to completely eradicate any vestige of the right to privacy but in the absence of a concrete set of procedural guidelines creates a tremendous risk of abuse.

Although information regarding the Central Monitoring System is quite limited on the public forum at the moment it can be gathered that a centralized system for monitoring of all communication was first proposed by the Government of India in 2009 as indicated by the press release of the Ministry of Communications & Information. Implementation of the system started subsequently as indicated by another government press release and the Center for Development of Telematics (C-DOT) was entrusted with the responsibility of implementing the system. As per the C-DOT annual report 2011-12, research, development, trials and progressive scaling up of a Central Monitoring System were conducted by the organization in the past 4 years and the requisite hardware and CMS solutions which support voice and data interception have been installed and commissioned at various Telecom Service Providers (TSP) in Delhi and Haryana as part of the pilot project. Media reports indicate that the project will be fully functional by 2014. While an extensive surveillance system is being stealthily introduced by the state, several concerns with regard to its extent of use, functioning, and real world impact have been raised owing to ambiguities and wide gaps in procedure and law. Moreover, the lack of a concrete privacy legislation coupled with the absence of public discourse indicates the lack of interest of the state over the rights of an ordinary citizen. It is under these circumstances that awareness must first be brought regarding the risks of the mass surveillance on civil liberties which in the absence of established procedures protecting the rights of the citizens of the state can result in the abuse of powers by the state or its agencies and lead to the demise of civil freedoms even in democratic states.

The architecture and working of a proposed Internet Monitoring System must be examined in an attempt to better understand the functioning, capabilities and possible impact of a Central Monitoring System on our society and lives. This can perhaps allow more open discourse and a committed effort to preserve the rights of the citizens especially the right to privacy can be made while allowing for the creation of strong procedural guidelines which will help maintain legitimate intelligence gathering and surveillance.

Internet Monitoring System: Setup and Working
Very broadly, The Internet Monitoring System enables an agency of the state to intercept and monitor all content which passes through the Internet Service Provider’s (ISP) server which includes all electronic correspondence (emails, chats or IM’s, transcribed call logs), web forms, video and audio files, and other forms of internet content. The electronic data is stored and also subject to various types of analysis. While Internet Monitoring Systems are installed locally and their function is limited to specific geographic region, the Central Monitoring System will consolidate the data acquired from the different voice and data interception systems located across the country and create a centralized architecture for interception, monitoring and analysis of communications. Although the exact specifications and functions of the central monitoring system still remain unclear and ambiguous, some parallels regarding the functioning of the CMS can be drawn from the the specifications revealed in the Assam Police tender document for the procurement of an Internet Monitoring System.

Setup
The deployment architecture of an Internet Monitoring System (IMS) contains probe servers which are installed at the Internet Service Provider’s (ISP) premises and the probes are installed at various tapping points within the entire ISP network. A collection server is also installed and hosted at the site of the ISP. The collection server is used to either collect, analyze, filter or simple aggregate the data from the ISP servers and the data is transferred to a master aggregation server located a central data center. The central data center may also contain more servers specifically for analysis and storage. This type of architecture is being referred to as a ‘high availability clustered setup’ which is supposed to provide security in case of a failure or outage.

The Assam Police Internet Monitoring System tender document specifically indicates that the deployment in the state of Assam shall require 8 taps or probes to be installed at different ISPs, out of which 6 taps/probes shall be of 10 GBPS and 2 taps are of 1 GBPS. The document however mentions that the specifications are preliminary and subject to change.

Types of data
The proposed internet monitoring system of the Assam state can provide network traffic interception and a variety of internet protocols including Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP) and Session Initiation Protocol (SIP), Voice over Internet Protocol (VoIP) can be intercepted and monitored. The system can also support monitoring of Internet Relay Chat and various other messaging applications (such as Google Talk, Yahoo Chat, MSN Messenger, ICQ, etc.). The system can be equipped to capture and display multiple file types like text (.doc, .pdf), zipped (.zip) and executable applications (.exe). Further, information regarding login details, login pattern, login location, DNS address, routing address can be acquired along with the IP address and other details of the user.

Web crawling capabilities can be installed on the system which can provide data from various data sources like social networking sites, web based communities, wikis, blogs and other forms of web content. Social media websites (such as Twitter, Facebook, Orkut, MySpace etc.), web pages and data on hosted applications can also be intercepted, monitored and analyzed. The system also allows capture of additional pages if updated; log periodical updates and other changes. This allows the monitoring agencies the capability of gathering internet traffic based on several parameters like Protocols, Keywords, Filters and Watch lists. Keyword matching is achieved by including phonetically similar words in various languages including local languages.

More specific functions of the IMS can include complete email extraction which will disclose the address book, inbox, sent mail folder, drafts folder, personal folders, delete folders, custom folders etc. and can also provide identification of dead drop mails. The system can also be equipped to allow country wise tracking of instant messages, chats and mails.

Regarding retention and storage of data, the tender document specifies that the system shall be technically capable of retaining the metadata of Internet traffic for at least one year and the defined traffic/payload/content is to be retained in the storage server at least for a week. However, the data may be retained for a longer period if required. The metadata and qualified data after analysis are integrated to a designated main intelligence repository for storage.

Types of Analysis
The Internet Monitoring System apart from intercepting all the data generated through the Internet Service Providers is essentially equipped for various types of data analysis. The solutions that are installed in the internet monitoring system provide the capability for real time as well as historical analysis of network traffic, network perimeter devices and internal sniffers. The kinds of analysis based on ‘slicing and dicing of data’ range from text mining, sentiment analysis, link analysis, geo-spatial analysis, statistical analysis, social network analysis, transaction analysis, locational analysis and fusion based analysis, CDR analysis, timeline analysis and histogram based analysis from various sources.

The solutions installed in the IMS can enable monitoring of specific words or phrases (in various languages) in blogs, websites, forums, media reports, social media websites, media reports, chat rooms and messaging applications, collaboration applications and deep web applications. Phone numbers, addresses, names, locations, age, gender and other such information from content including comments and such can also be monitored. Specifically with regard to social media, the user’s profile and information related to it can be extracted and a detailed ontology of all the social media profiles of the user can be created.

Based on the information, the analysis supposed to provide the capability to identify suspicious behavior based on existing and new patterns as they emerge and are continuously applied to combine incoming and existing information on people, profiles, transactions, social network, type of websites visited, time spent on websites, type of content download or view and any other type of gatherable information. The solutions on the system are also supposed to create single or multiple or parallel scenario build-ups that may occur in blogs, social media forums, chat rooms, specific web hosting server locations or URL, packet route that may be defined from time to time and such scenario build-ups can be based on parameters like sentiments, language or expressions purporting hatred or anti-national expressions, and even emotions like expression of joy, compassion and anger, which as may be defined by the agency depending on operational and intelligence requirement. Based on these parameters, automated alerts can be generated relating to structured or unstructured data (including metadata of contents), events, pattern discovery, phonetically similar words or phrases or actions from users.

Based on the data analysis, reports or dossiers can be generated and visual analysis allowing a wide variety of views can be created. Further, real time visualization showing results from real-time data can be generated which allows alerts, alert categories or discoveries to be ranked (high, medium, and low priority, high value asset, low value asset, moderate value asset, verified information, unverified information, primary evidence, secondary evidence, circumstantial evidence, etc.) based on criteria developed by the agency. The IMS solutions can also be capable of offering web-intelligence and open source intelligence and allow capabilities like simultaneous search capabilities which can be automated providing a powerful tool for exploration of the intercepted data.

Another important requirement mentioned in the tender document is the systems capability to integrate with other interception and monitoring systems for 2G, 3G/UMTS and other evolving mobile carrier technologies including fixed line and Blackberry services and encrypted IP services like Skype services.

Conclusion
It is clear that a system like IMS with its extensive interception and analysis capabilities gives complete access to an agency or authority of all information that is accessed or transmitted by a person on the internet including information which is private and confidential such as email and instant messages. Although the state has the power to issue directions for interception or monitoring of information under the Information Technology Act, 2000 and certain rules are prescribed under section 69B, they are wholly inadequate compared to the scope and extent of the Internet Monitoring System and its scale of operations. The interception and monitoring systems that are either proposed or already in place effectively bypass the existing procedures prescribed under the Information Technology Act.

The issues, concerns and risks are only compounded when it comes to the Central Monitoring System. The solutions installed in present day interception and monitoring systems give the state unprecedented powers to intercept, monitor and analyze all the data of any person who access the internet. Tools like deep packet inspection and extensive data mining solutions in the absence of concrete safeguards and when deployed through a centralized system can be misused to censor any content including legitimate discourse. Also, the perception that access to a larger amount of data or all data can help improve intelligence can also be sometimes misleading and it must be asked whether the fundamental rights of the citizens of the state can be traded away under the pretext of national security. Furthermore, it is essential for the state to weigh the costs of such a project both economically and morally and balance it with sufficient internal measures as well as adequate laws so that the democratic values are persevered and not endangered by any act of reckless force.

Reiterating what has been said earlier, while it is important for the state to improve its intelligence gathering tools and mechanisms, it must not be done at the cost of a citizen’s fundamental right. It is the duty of the democratic state to endure and maintain a fine balance between national interest and fundamental rights through timely creation of equitable laws.

[*]. http://necessaryandproportionate.net/#_edn2

For more details visit https://cis-india.org/internet-governance/blog/moving-towards-surveillance-state

Move over Kolaveri di, here comes Gowda

praskrishna — 2011-11-28T06:58:54Z

Transparency is the buzzword in governance and chief minister DV Sadananda Gowda is eager to set a new benchmark. You could soon watch what the chief minister is doing at office, live on YouTube. This article was published in dailybhaskar.com on November 28, 2011.

Cameras are being installed at the chief minister's office in Vidhana Soudha and his home office, Krishna. The live footage will be uploaded to YouTube. "I always wanted to maintain transparency in my functioning. Very soon, I will put it to work, when people can watch me live at what I am doing when inoffice. Let the people see who come to meet me, what I do and how I work. This will set a new example, but there will be no compulsion for my colleagues to emulate me. It is entirely up to them whether to follow me or not," said Gowda on Sunday.

Kerala chief minister Oommen Chandy has already set a precedent by installing cameras in his office. On July 1 this year, the day Chandy's experiment went 'live', one lakh visitors logged in. Talking to The New York Times earlier this year, Sunil Abraham, executive director of the Centre for Internet and Society, Bangalore, said "He applauded Chandy's webcams, even if the effort amounted to no more than tokenism."This type of tokenism is also quite useful," The NYT reported Abraham as saying.

In Karnataka, the much-hyped Citizens' Charter would be implemented after the state legislature, which begins on December 6, ends. The cabinet had already cleared the proposal and the bill on time-bound delivery of public services would be introduced in the session, added Gowda.

The proposed bill will make it mandatory for officials in government offices to deliver public services within stipulated period of time and failure to do so would make them liable for penal action and fine to be computed for every day of delay.

Already, Bescom chief P Manivannan has installed a webcam in his office. The NYT earlier reported Manivannan as saying that "he was installing a 'hemispheric' camera that would capture the goings-on in his entire office rather than just show his visitors."

Read the original published in dailybhaskar.com here

For more details visit https://cis-india.org/news/here-comes-gowda