We are anonymous, we are legion

FAQ on the Aadhaar Project and the Bill

Elonnai Hickok, Vanya Rakesh, and Vipul Kharbanda — 2016-04-13T14:06:43Z

This FAQ attempts to address the key questions regarding the Aadhaar/UIDAI project and the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016 (henceforth, Bill). This is neither a comprehensive list of questions, nor does it contain fully developed answers. We will continue to add questions to this list, and edit/expand the answers, based on our ongoing research. We will be grateful to receive your comments, criticisms, evidences, edits, suggestions for new answers, and any other responses. These can either be shared as comments in the document hosted on Google Drive, or via tweets sent to the information policy team at @CIS_InfoPolicy.

To comment on and/or download the file, click here.

For more details visit https://cis-india.org/internet-governance/blog/aadhaar-project-and-bill-faq

Daunting task ahead for investigative agencies with WhatsApp's end-to-end encryption

praskrishna — 2016-04-09T09:45:12Z

Messaging service WhatsApp's decision to roll out end-to-end encryption for over 1 billion subscribers has been hailed as a positive step by users across the world, although things are set to get tougher for law enforcement and investigative agencies in India seeking to track terrorists.

The article by Neha Alawadhi was published in Economic Times on April 8, 2016. Sunil Abraham was quoted.

"It was anyway difficult to get any kind of data from WhatsApp and now it is going to be even more difficult," said a person familiar with the working of these agencies who did not wish to be identified.

Encryption scrambles data such as text messages, photos and documents and makes them unintelligible for unintended recipients. A service that is encrypted end-to-end cannot be monitored or intercepted. No one, except the people or group communicating with each other, can access the data. If telecom companies, Internet providers or even companies that run messaging services try to intercept the message, all they would get is garbled data.

While chats will not be accessible, associated information known as metadata will be available, such as when the conversations took place, the identities of senders and recipients, their locations, mobile numbers, profile photos and address books, which may be useful for security agencies.

"Definitely for law enforcement it means a big headache, but the metadata is there and with metadata, if you have a couple of other bits of information, you can piece it together," said Sunil Abraham, executive director at Bengaluru-based research organisation Centre for Internet and Society. "Agencies can get the metadata, but they won't get the payload unless they're able to compromise the device. And that intelligence agencies like NSA (National Security Agency of the US) have been able to do in the past."

While encryption offers privacy and security to users, it is the bane of law enforcement agencies globally, as exemplified most recently and notably by the Apple-FBI dispute in the US. The Federal Bureau of Investigation FBI asked Apple to weaken its encryption to access a dead terrorist's iPhone data and after the company refused, hacked into the device with help from a third party.

In India, it is difficult to bring US-based companies to the negotiating table. "We have had minimum cooperation from WhatsApp. All the data is controlled in the US and they rarely hand over the data that we request. We don't ask them for content. We only ask for metadata," said another person familiar with the process who declined to be identified.

While the Indian IT Act gives wide-ranging powers to the government to ask for access to encrypted information, very few requests for information, very few requests for information take the legal route. One reason is the long time that it takes to process such requests - on average, over three years - and the other, especially in the case of WhatsApp, is little or no cooperation, according to government officials.

WhatsApp, based in Mountain View, California, did not respond to an email request for comment. The messaging company was acquired by Facebook in 2014.

How security and investigative agencies in India use the data they access is also a grey area. "We do not have a privacy legislation here which will take care of the concerns that people have with respect to use of data. If the government needs to have access to communications, they also need to ensure there are adequate safeguards in place," said Prasanth Sugathan, counsel at Software Freedom Law Centre.

"In practice, end-to-end encryption will bring the end user and the device into focus, rather than WhatsApp or any particular messaging service. This should be a trigger for greater clarity on India's data protection policy," said Arun Mohan Sukumar, who heads the cyber security and internet governance initiative at think tank Observer Research Foundation.

In India, requests for information from companies such as WhatsApp and Google are handled by the Ministry of Home Affairs or the Indian Computer Emergency Response Team. Emails to both were unanswered at the time of going to print.

The Indian government was involved in a long-standing dispute with BlackBerry over access to encrypted data on its messenger and corporate email service. BlackBerry set up servers in Mumbai to comply with local regulations, but said it could not access encrypted data on its enterprise servers.

For more details visit https://cis-india.org/internet-governance/news/economic-times-april-8-2016-neha-alawadhi-daunting-task-ahead-for-investigative-agencies-with-whatsapp-end-to-end-encryption

India's biometric database crosses billion-member mark

praskrishna — 2016-04-07T02:54:08Z

India's biometric database notched up one billion members on Monday, as the government sought to allay concerns about privacy breaches in the world's biggest such scheme.

The news by AFP was published by Daily Mail, UK on April 4, 2016. Sunil Abraham gave inputs.

The database was set up seven years ago to streamline benefit payments to millions of poor people as well as to cut fraud and wastage. Under the scheme, called Aadhaar, almost 93 percent of India's adult population have now registered their fingerprints and iris signatures and been given a biometric ID, according to the government.

IT minister Ravi Shankar Prasad hailed it as "an instrument of good governance" at a ceremony in New Delhi marking the crossing of the one-billion member mark.

Prasad said the initiative, inherited from the previous left-leaning Congress government, had enabled millions to receive cash benefits directly rather than dealing with middlemen.

He said the government had saved 150 billion rupees ($2.27 billion) on its gas subsidy scheme alone -- by paying cash directly to biometric card holders instead of providing cylinders at subsidised rates.

He also said all adequate safeguards were in place to ensure the personal details of card holders could not be stolen or misused by authorities given access to the database.

"We have taken all measures to ensure privacy. The data will not be shared with anyone except in cases of national security," Prasad said.

His comments come after parliament passed legislation last month giving government agencies access to the database in the interests of national security.

It was passed using a loophole to circumvent the opposition in parliament, where the ruling Bharatiya Janata Party (BJP) lacks a majority in the upper house.

The way it was passed, as well as the legislation itself, raised concerns about government agencies accessing private citizens' details.

Internet experts have also raised fears about the safety of such a massive database, including hacking and theft of details.

"It was as if Indian lawmakers wrote an open letter to criminals and foreign states saying, 'we are going to collect data to non-consensually identify all Indians and we are going to store it in a central repository. Come and get it!'," Sunil Abraham, executive director of the Centre for Internet and Society, wrote in India's Frontline news magazine.

For more details visit https://cis-india.org/internet-governance/news/daily-mail-april-4-2016-afp-india-biometric-database-crosses-billion-member-mark

The Panama Papers and the question of privacy

praskrishna — 2016-04-24T14:03:35Z

This statement was originally published on privacyinternational.org on 4 April 2016.

Read the entry by Claire Lauterbach published in Big News Network on April 6, 2016. Sunil Abraham was quoted.

We do agree with Ramon Fonseca about one thing: that "Each person has a right to privacy, whether they are a king or a beggar."

But that's where our commonality with co-founder of disgraced Panama law firm Mossack Fonseca ends.

Last year, a whistleblower leaked 11.5 million documents about the firm's business brokering offshore companies, details of which were published yesterday. Reportedly the largest leak in journalistic history, the cache reveals hidden assets by a dozen current and former world leaders, and scores of celebrities and tycoons, some of which are linked to high level corruption scandals.

This scandal isn't about privacy, though. If anything, it's about the need for transparency about how the powerful wield their power. We need transparency - and good solid investigation - to understand where and how our right to privacy is eroded.

Privacy and transparency are not opposites. They are two sides of the same coin. As privacy advocates, we use transparency capabilities to investigate surveillance. Meanwhile, privacy as a right requires transparency from the institutions that gather and use our data.

Privacy International, like other human rights groups, conducts investigations in the public interest. That allows us to understand, for example, how Colombia built a shadow surveillance system despite evidence of illegal interceptions, or how UK police appear to be collecting private communications data at protests, according to a Vice News investigation.

Many of the Panama Papers' revelations are in the public interest insofar as they concern the transformation of public assets - like taxpayers' money and state funds - into private gains, and allow the powerful to avoid scrutiny. Privacy and transparency are not opposites. They are two sides of the same coin.

Fonseca called journalism around the leaked files an "international campaign against privacy".

But what Fonseca is really doing is advocating a status quo of 'privacy for the kings, and transparency for the beggars'. Or rather, privacy for the business moguls, politicians, corporations and government agencies, and transparency for the citizens, consumers, activists and journalists.

For the public, our financial systems are now surveiled by design. Our transactions are labelled as suspicious and sent for mining by intelligence agencies. We need IDs to open accounts, and our records are profiled by credit agencies who facilitate key decisions about us and our families. Secretive institutions collate this information to decide whether or not we are terrorists. While a certain degree of this is necessary for public order, what's clear is that we are watched while the 'kings' are able to circumvent many of these measures and escape scrutiny. We should never make the mistake of conflating the right to privacy for the individual with the desire to hide shadowy, ethically dubious, borderline-or-actual illegal activity for the immensely wealthy and powerful.

The real issues around privacy include: the spreading of draconian laws, from the UK, to Pakistan, to Kenya, that sanction warrantless surveillance and online monitoring, with insufficient protection for the public. It's the intrusive biometric registration of some of the most desperate people, like refugees from Dadaab to Calais, desperate for food and medical care. It's the instrumentalisation of consumer data to draw conclusions about us, with or without our consent. It's also the parallel trend of rolling back Freedom of Information laws (see: UK and United States). And, as the Panama Papers show, it is allowing transfers of public funds for private gain to be obscured.

That is the real "campaign against privacy" - not public interest journalism.

As our friend and partner Sunil Abraham, Executive Director of the Centre for Internet and Society in India states succinctly, the right to privacy should "be inversely proportionate to power and almost conversely the requirement of transparency to be directly proportionate to power."

For more details visit https://cis-india.org/internet-governance/news/big-news-network-april-6-2016-claire-lauterbach-panama-papers-and-question-of-privacy

Surveillance Project

sunil — 2016-04-05T15:21:27Z

The Aadhaar project’s technological design and architecture is an unmitigated disaster and no amount of legal fixes in the Act will make it any better.

The article will be published in Frontline, April 15, 2016 print edition.

Zero. The probability of some evil actor breaking into the central store of authentication factors (such as keys and passwords) for the Internet. Why? That is because no such store exists. And, what is the probability of someone evil breaking into the Central Identities Data Repository (CIDR) of the Unique Identification Authority of India (UIDAI)? Greater than zero. How do we know this? One, the central store exists and two, the Aadhaar Bill lists breaking into this central store as an offence. Needless to say, it would be redundant to have a law that criminalises a technological impossibility. What is the consequence of someone breaking into the central store? Remember, biometrics is just a fancy word for non-consensual and covert identification technology. High-resolution cameras can capture fingerprints and iris information from a distance.

In other words, on March 16, when Parliament passed the Bill, it was as if Indian lawmakers wrote an open letter to criminals and foreign states saying, “We are going to collect data to non-consensually identify all Indians and we are going to store it in a central repository. Come and get it!” Once again, how do I know that the CIDR will be compromised at some date in the future? How can I make that policy prediction with no evidence to back it up? To quote Sherlock Holmes, “Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth.” If a back door to the CIDR exists for the government, then the very same back door can be used by an enemy within or from outside. In other words, the principle of decentralisation in cybersecurity does not require repeated experimental confirmation across markets and technologies.

Zero. The chances that you can fix with the law what you have broken with poor technological choices and architecture. And, to a large extent vice versa. Aadhaar is a surveillance project masquerading as a development intervention because it uses biometrics. There is a big difference between the government identifying you and you identifying yourself to the government. Before UID, it was much more difficult for the government to identify you without your knowledge and conscious cooperation. Tomorrow, using high-resolution cameras and the power of big data, the government will be able to remotely identify those participating in a public protest. There will be no more anonymity in the crowd. I am not saying that law-enforcement agencies and intelligence agencies should not use these powerful technologies to ensure national security, uphold the rule of law and protect individual rights. I am only saying that this type of surveillance technology is inappropriate for everyday interactions between the citizen and the state.

Some software engineers believe that there are technical fixes for these concerns; they point to the consent layer in the India stack developed through a public-private partnership with the UIDAI. But this is exactly what Evgeny Morozov has dubbed “technological solutionism”—fundamental flaws like this cannot be fixed by legal or technical band-aid. If you were to ask the UIDAI how do you ensure that the data do not get stolen between the enrolment machine and the CIDR, the response would be, we use state-of-the-art cryptography. If cryptography is good enough for the UIDAI why is it not good enough for citizens? That is because if citizens use cryptography [on smart cards] to identify themselves to the state, the state will need their conscious cooperation each time. That provides the feature that is required for better governance without the surveillance bonus. If you really must use biometrics, it could be stored on the smart card after being digitally signed by the enrolment officer. If there is ever a doubt whether the person has stolen the smart card, a special machine can be used to read the biometrics off the card and check that against the person. This way the power of biometrics would be leveraged without any of the accompanying harms.

Zero. This time, for the utility of biometrics as a password or authentication factor. There are two principal reasons for which the Act should have prohibited the use of biometrics for authentication. First, biometric authentication factors are irrevocable unlike passwords, PINs, digital signatures, etc. Once a biometric authentication factor has been compromised, there is no way to change it. The security of a system secured by biometrics is permanently compromised. Second, our biometrics is so easy to steal; we leave our fingerprints everywhere.

Also, if I upload my biometric data onto the Internet, I can then plausibly deny all transactions against my name in the CIDR. In order to prevent me from doing that, the government will have to invest in CCTV cameras [with large storage] as they do for passport-control borders and as banks do at ATMs. If you anyway have to invest in CCTV cameras, then you might as well stick with digital signatures on smart cards as the previous National Democratic Alliance (NDA) government proposed the SCOSTA (Smart Card Operating System Standard for Transport Application) standard for the MNIC (Multipurpose National ID Card). Leveraging smart card standards like EMV will ensure harnessing greater network effects thanks to the global financial infrastructure of banks. These network effects will drive down the cost of equipment and afford Indians greater global mobility. And most importantly when a digital signature is compromised the user can be issued a new smart card. As Rufo Guerreschi, executive director of Open Media Cluster, puts it, “World leaders and IT experts should realise that citizen freedoms and states’ ability to pursue suspects are not an ‘either or’ but a ‘both or neither’.”

Near zero. We now move biometrics as the identification factor. The rate of potential duplicates or “False Positive Identification Rate” which according to the UIDAI is only 0.057 per cent. Which according to them will result in only “570 resident enrolments will be falsely identified as duplicate for every one million enrolments.” However, according to an article published in Economic & Political Weekly by my colleague at the Centre for Internet and Society, Hans Verghese Mathews, this will result in one out of every 146 people being rejected during enrolment when total enrolment reaches one billion people. In its rebuttal, the UIDAI disputes the conclusion but offers no alternative extrapolation or mathematical assumptions. “Without getting too deep into the mathematics” it offers an account of “a manual adjudication process to rectify the biometric identification errors”.

This manual adjudication determines whether you exist and has none of the elements of natural justice such as notice to the affected party and opportunity to be heard. Elimination of ghosts is impossible if only machines and unaccountable humans perform this adjudication. This is because there is zero skin in the game. There are free tools available on the Internet such as SFinGe (Synthetic Fingerprint Generator) which allow you to create fake biometrics. The USB cables on the UIDAI-approved enrolment setup can be intercepted using generic hardware that can be bought online. With a little bit of clever programming, countless number of ghosts can be created which will easily clear the manual adjudication process that the UIDAI claims will ensure that “no one is denied an Aadhaar number because of a biometric false positive”.

Near zero. This time for surveillance, which I believe should be used like salt in cooking. Essential in small quantities but counterproductive even if slightly in excess. There is a popular misconception that privacy researchers such as myself are opposed to surveillance. In reality, I am all for surveillance. I am totally convinced that surveillance is good anti-corruption technology.

But I also want good returns on investment for my surveillance tax rupee. According to Julian Assange, transparency requirements should be directly proportionate to power; in other words, the powerful should be subject to more surveillance. And conversely, I add, privacy protections must be inversely proportionate to power—or again, in other words, the poor should be spared from intrusions that do not serve the public interest. The UIDAI makes the exact opposite design assumption; it assumes that the poor are responsible for corruption and that technology will eliminate small-ticket or retail corruption. But we all know that politicians and bureaucrats are responsible for most of large-ticket corruption.

Why does not the UIDAI first assign UID numbers to all politicians and bureaucrats? Then using digital signatures why do not we ensure that we have a public non-repudiable audit trail wherein everyone can track the flow of benefits, subsidies and services from New Delhi to the panchayat office or local corporation office? That will eliminate big-ticket or wholesale corruption. In other words, since most of Aadhaar’s surveillance is targeted at the bottom of the pyramid, there will be limited bang for the buck. Surveillance is the need of the hour; we need more CCTVs with microphones turned on in government offices than biometric devices in slums.

Instantiation technology

One. And zero. In the contemporary binary and digital age, we have lost faith in the old gods. Science and its instantiation technology have become the new gods. The cult of technology is intolerant to blasphemy. For example, Shekhar Gupta recently tweeted saying that part of the opposition to Aadhaar was because “left-libs detest science/tech”. Technology as ideology is based on some fundamental articles of faith: one, new technology is better than old technology; two, expensive technology is better than cheap technology; three, complex technology is better than simple technology; and four, all technology is empowering or at the very least neutral. Unfortunately, there is no basis in science for any of these articles of faith.

Let me use a simple story to illustrate this. I was fortunate to serve as a member of a committee that the Department of Biotechnology established to finalise the Human DNA Profiling Bill, 2015, which was to be introduced in Parliament in the last monsoon session. Aside: the language of the Act also has room for the database to expand into a national DNA database circumventing 10 years of debate around the controversial DNA Profiling Bill, 2015. The first version of this Bill that I read in January 2013 said that DNA profiling was a “powerful technology that makes it possible to determine whether the source of origin of one body substance is identical to that of another … without any doubt”. In other words, to quote K.P.C. Gandhi, a scientist from Truth Labs, “I can vouch for the scientific infallibility of using DNA profiling for carrying out justice.”

Unfortunately, though, the infallible science is conducted by fallible humans. During one of the meetings, a scientist described the process of generating a biometric profile. The first step after the laboratory technician generated the profile was to compare the generated profile with her or his own profile because during the process of loading the machine with the DNA sample, some of the laboratory technician’s DNA could have contaminated the sample. This error would not be a possibility in much older, cheaper and rudimentary biometric technology for example, photography. A photographer developing a photograph in a darkroom does not have to ensure that his or her own image has not accidentally ended up on the negative. But the UIDAI is filled with die-hard techno-utopians; if you tell them that fingerprints will not work for those who are engaged in manual labour, they will say then we will use iris-based biometrics. But again, complex technologies are more fragile and often come with increased risks. They may provide greater performance and features, but sometimes they are easier to circumvent. A gummy finger to fool a biometric scanner can be produced using glue and a candle, but to fake a passport takes a lot of sophisticated technology. Therefore, it is important for us as a nation to give up our unquestioning faith in technology and start to debate the exact technological configurations of surveillance technology for different contexts and purposes.

One. This time representing a monopoly. Prior to the UID project, nobody got paid when citizens identified themselves to the state. While the Act says that the UIDAI will get paid, it does not specify how much. Sooner or later, this cost of identification will be passed on to the citizens and residents. There will be a consumer-service provider relationship established between the citizen and the state when it comes to identification. The UIDAI will become the monopoly provider of identification and authentication services in India which is trusted by the government. That sounds like a centrally planned communist state to me. Should not the right-wing oppose the Act because it prevents the free market from working? Should not the free market pick the best technology and business model for identification and authentication? Will not that drive the cost of identification and authentication down and ensure higher quality of service for citizens and residents?

Competing providers

Competing providers can also publish transparency reports regarding their compliance with data requests from law-enforcement and intelligence agencies, and if this is important to consumers they will be punished by the market. The government can use mechanisms such as permanent and temporary bans and price regulation as disincentives for the creation of ghosts. There will be a clear financial incentive to keep the database clean. Just like the government established a regulatory framework for digital certificates in the Information Technology Act allowing for e-commerce and e-governance. Ideally, the Aadhaar Bill should have done something similar and established an ecosystem for multiple actors to provide services in this two-sided market. For it is impossible for a “small government” to have the expertise and experience to run one of the world’s largest database of biometric and transaction records securely for perpetuity.

To conclude, I support the use of biometrics. I support government use of identification and authentication technology. I support the use of ID numbers in government databases. I support targeted surveillance to reduce corruption and protect national security. But I believe all these must be put in place with care and thought so that we do not end up sacrificing our constitutional rights or compromising the security of our nation state. Unfortunately, the Aadhaar project’s technological design and architecture is an unmitigated disaster and no amount of legal fixes in the Act will make it any better. Our children will pay a heavy price for our folly in the years to come. To quote the security guru Bruce Schneier, “Data is a toxic asset. We need to start thinking about it as such, and treat it as we would any other source of toxicity. To do anything else is to risk our security and privacy.”

For more details visit https://cis-india.org/internet-governance/blog/frontline-april-15-2016-sunil-abraham-surveillance-project

A Large Byte of Your Life

nishant — 2016-06-05T03:35:34Z

With the digital, memory becomes equated with storage. We commit to storage to free ourselves from remembering.

The article was published in Indian Express on April 3, 2016.

This is the story of a broken Kindle. A friend sent a message to a WhatsApp group that I belong to that she is mourning the loss of her second-generation Kindle, that she bought in 2012, and since then had been her regular companion. It is not the story of hardware malfunction or a device just giving up. Instead, it is a story of how quickly we forget the old technologies which were once new. The friend, on her Easter holiday, was visiting her sister, who has a six-year-old daughter.

This young one, a true digital native, living her life surrounded by smart screens, tablets, phones, and laptops, instinctively loves all digital devices and plays with them. In her wanderings through her aunt’s things, she came across the old Kindle — unsmart, without a touch interface, studded with keys, not connected to any WiFi, and rendered in greyscale. It was an unfamiliar device. But with all the assurance of somebody who can deal with digital devices, she took it in her hands to play with it.

Much to her dismay, none of the regular modes of operation worked. The old Kindle did not have a touch screen operated lock. It wasn’t responding to scroll, swipe and pinch. It had no voice command functions. As she continued to cajole it to come to life, it only stared at her, a lock on the digital interface, refusing to budge to the learned demands and commands of the new user. After about 20 minutes of trying to wake the Kindle up, she became frustrated with it and banged it harshly on the table, where it cracked, the screen blanked out and that was the end of the story.

Or rather, it is the beginning of one. As my friend registered the loss of her clunky, clumsy, heavy, non-intuitive Kindle, and messages of grief poured in, with the condolence that the new ones are so much better and the assurances that at least all her books are safe on the Amazon cloud, I see in this tale, the quest of newness that the digital always has to offer.

If it has missed your attention, the digital is always new. Our phones get discarded every few seasons, even as phone companies release new models every few months. Our operating systems are constantly sending us notifications that they need to be updated. Our apps operate in stealth mode, continuingly adding updates where bugs are fixed and features are added. Most of us wouldn’t know what to do if we were faced with a computer that doesn’t “heal”, “backup” or “restore” itself. If our lives were to be transferred back to dumb phones, or if we had to deal with devices that do not strive to learn and read us, it might lead to some severe anxiety.

The newness that the digital offers is also found in our socially mediated lives. Our digital memories are short-lived — relationships rise and fall in the span of days as location-based dating apps offer an infinite range of options to choose your customised partner; celebrities are made and unmade overnight as clicks lead to viral growth and then disappear to be replaced by the next new thing; communities find droves of subscribers, only to become a den of lurkers where nothing happens; must-have apps find themselves discarded as trends shift and new must-haves crop up overnight. Breathless, bountiful and boundless, the digital keeps us constantly running, just to be in the same place, always the same and yet, always new.

We would be hard pressed to remember that magical moment when we first discovered a digital object. For millennials, the digital is such a natural part of their native learning environments that they do not even register the first encounter or the subsequent shifts as they navigate across the connected world. Increasingly, we tune ourselves to the temporality and the acceleration of the digital, tailoring our memories to what is important, what is now, and what is immediately of use, excluding everything else and dropping it into digital storage, assured in our godlike capacities to archive everything.

This affordance of short digital memories is enabled partly by the fact that we are subject to information overload, but partly also to the fact that our machines can now remember, more accurately and more robustly than the paltry human, prone to error and forgetfulness. With the digital, memory becomes equated with storage, and the more we commit to storage, the more we free ourselves from the task of remembering.

The broken Kindle is a testimony not only to the ways in which we discard old devices but also our older forms of individual and collective memory — quickly doing away with information that is not of the now, that is not urgent, and that does not have immediate use value. My friend’s Kindle got replaced in two days. All her books were re-loaded and she was set to go. However, as she told me in a chat, she is not going to throw away her old broken Kindle. Because she wants to remember it — remember the joy of reading her favourite books on it. She is scared that if she throws it away, she might forget.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-april-3-2016-nishant-shah-a-large-byte-of-your-life

Mapping MAG: A study in Institutional Isomorphism

jyoti — 2017-03-03T00:59:48Z

The paper is an update to a shorter piece of MAG analysis that had been conducted in July 2015. At that time our analysis was limited by the MAG membership data that was made available by the Secretariat. Subsequently we wrote to the Secretariat and this paper is based on the data shared by them including for the years for which membership details were previously not available.

This paper that delves into the history of the formation of the Multi-Stakeholder Advisory Group (MAG) and the Internet Governance Forum (IGF) including the lessons from the past that should be applied in strengthening its present structure. The paper covers three broad areas:

History of the formation of the MAG, its role within the IGF structure, influences that have impinged on its scope of work, manner in which its evolution has deviated from conceptualization
Analysis of MAG membership (2006-2015): Trends in the selection and rotation of the MAG membership
Recommendations to reform MAG/IGF

Jyoti Panday^[1]

The recent renewal of the Internet Governance Forum^[2] (IGF) mandate at the World Summit on the Information Society (WSIS)+10 High-Level Meeting^[3] was something of a missed opportunity. The discussions unerringly focused on the periphery of the problem - the renewal of the mandate, leaving aside questions of vital importance such as strengthening and improving the structures and processes associated with the IGF. The creation of the IGF as a forum for governments and other stakeholders to discuss policy and governance issues related to Internet was a watershed moment in the history of the Internet.

In the first decade of its existence the IGF has proven to be a valuable platform for policy debates, a space that fosters cooperation by allowing stakeholders to self-organise to address common areas of concern. But the IGF rests at being a platform for multistakeholder dialogue and is yet to realise its potential as per its mandate to “find solutions to the issues arising from the use and misuse of the Internet” as well as “identify emerging issues […] and, where appropriate, make recommendations”.^[4]

From the information available in the public domain, it is evident that the IGF is not crafting solutions and recommendations or setting the agenda on emerging issues. Even if unintended, this raises the disturbing possibility that alternative processes and forums are filling the vacuum created by the unrealised IGF mandate and helming policy development and agenda setting on Internet use and access worldwide. This sits uneasily with the fact that currently there is no global arrangement that serves or could be developed as an institutional home for global internet governance issues.

Moreover, the economic importance of the internet as well as its impact on national security, human rights and global politics has created a wide range of actors who seek to exert their influence over its governance. Given the lack of a global centralized body with authority to enforce norms and standards across political and functional boundaries, control of internet is an important challenge for both developed and emerging economies. As the infrastructure over which the internet runs is governed by nation states and their laws, national governments continue to seek to exert their influence on global issues.

Divergence of approaches to regulation and differences in capacity to engage in processes, has led to fragmentation of approaches to common challenges.^[5] Importantly, not all governments are democratic and may exert restrictions on content and access that conflict with the open and global nature of the internet. Alongside national governments, transnational private corporations play a critical role in security and stability of the internet. Much like the state, they too raise the niggling question of how to guard against the guardians.

Corporations control of sensitive information, their institutional identity, secrecy of operations: all are essential to their functioning but could also erode the practice of democratic governance, and the rights and liberties of users online. Additionally, as issues of human rights, access and local content have become interlinked with public policy issues civil society and academia have become relevant to traditionally closed policy spaces. Considering the variety of stakeholders and their competing interests, concerns about ensuring stability and security of the Internet have led the international community to pursue a range of governance initiatives.

Implementing a Multistakeholder Approach

At the broadest level debates about the appropriate way forward has evolved as a contestation between the choice of two models. On the one hand is the state-centric ‘multilateral’ model of participation, and on the other a ‘multistakeholder’ approach that aims for bottom up participation by all affected stakeholders. The multistakeholder approach sees resonance across several quarters^[6] including a high level endorsement from the Indian government last year.^[7] An innovative concept, a multistakeholder approach fits well within the wider debate about rethinking governance in a globalized world.

Proponents of the multistakeholder approach see it as a democratic process that allows for a variety of views to be included in decision making.^[8] Nevertheless, the intertwining of the Internet and society pitches actors and interests at opposing ends. While a multistakeholder approach broadens the scope for participation, it also raises serious issues of representation and accountability. Since multistakeholder processes fall outside the traditional paradigm of governance, establishing legitimacy of processes and structures becomes all the more important.

The multistakeholder concept is only beginning to be critically studied or evaluated. There have been growing concerns, particularly, from emerging economies^[9] of a lack of representation in policy development bodies and that issues affecting marginalised communities being overlooked in policy development process. From this view, the multistakeholder model has created ‘transnational and semi privatized’ structures and ‘transnational elites’.^[10] Such critics define emerging and existing platforms derived from the multistakeholder concept as ‘an embryonic form of transnational democracy’ that are occupied by elite actors.^[11]

Elite actors may include the state, private and civil society organisations, technical and academic communities and intergovernmental institutions. In the context thus sketched out, the key question that the WSIS+10 Review should have addressed is whether the IGF provides the space for the development of institutions and solutions that are capable of responding to the challenges of applying the multistakeholder concept to internet governance. The existing body of work on the role of the IGF has yet to identify, let alone come to terms with, this problem.

Applying critical perspectives examining essential structures and processes associated with the IGF becomes even more relevant given its recently renewed mandate. However, already the forum’s first planning meeting scheduled to take place in Geneva this week is already mired in controversy^[12] after a new Chair was named by the UN Secretary General.

The decision for appointing a new Chair was made without any form of public process, or any indication on the selection criteria. Moreover, the "multistakeholder advisory group" (MAG), which decides the content and substance of the forum, membership was also renewed recently. Problematically most of the nominations put forth by different constituent groups to represent them were rejected and individuals were appointed through a parallel top-down and secretive UN process. Of the 55 MAG members, 21 are new but only eight were officially selected by their respective groups.^[13]

This paper focuses on the role of the MAG structure and functioning and highlights issues and challenges in its working so as to pave the way for strategic thinking on its improvement. A tentative beginning towards identifying what the levers for change can be made by sifting through the eddies of history to uncover how the MAG has evolved and become politicised.

The paper makes two separate, but interrelated claims: first, it argues that as the de-facto bureau essential to the functioning of the IGF, there is an urgent need to introduce transparency and accountability in the selection procedure of the MAG members. Striking an optimum balance between expertise and legitimacy in the MAG composition is essential to ensure that workshops and sessions are not dominated by certain groups or interests and that the IGF remains an open, well-functioning circuit of information and robust debate.

Second, it argues for immediate evaluation of MAG’s operations given the calls for the production of tangible outcomes. There has been on-going discussion within the broader community about the role of the IGF with divisions between those who prefer a narrow interpretation of its mandate, while others who want to broaden its scope to provide policy recommendations and solutions.^[14]

The interpretation of the IGF mandate and whether the IGF should make recommendations has been a sticking point and is closely linked to the question of IGF’s legitimacy and relevance. Be that as it may, the intersessional work, best practices forum and dynamic coalitions over the last ten years have led to the creation of a vast repository of information that should feed into the pursuit of policy options and identification of best practices.

The true test of the multistakeholder model is not only to bring together wide range of views but to also ensure that accumulated knowledge is applied to address common problems. Implementing a multistakeholder approach and developing solutions necessitates enhanced coordination amongst stakeholder groups and in the context of the IGF, is contingent on the strength and stability of the MAG to be able to facilitate such cooperation.

The paper is organised in three parts: in the first section I delve into the history of the formation of the MAG. To understand the MAG’s role within the IGF structure it is essential to revisit the influences that shaped its conceptualisation and subsequent evolution over the decade. A critical historical perspective provides the context of the multiple considerations that have impinged on MAG’s scope of work, of the manner in which MAG’s evolution has deviated from intentions, and the lessons from the past that should be applied in strengthening its present structure.

The second section analyses trends in the selection and rotation of the MAG membership and traces out the elite elements in the composition of the MAG. The analysis reveals two distinct stages in the evolution of the MAG membership which has remained significantly homogeneous across stakeholder representation. The final section of the paper focuses on a set of recommendations to ensure that the MAG is strengthened, becomes sustainable and provides the impetus for IGF reform in the future.

Origins of the IGF

The WSIS process was divided in two phases, the Geneva phase focused on principles of internet governance. The outcome documents of the first phase included a Declaration of Principles and a Plan of Action being adopted by 175 countries. Throughout the process, developing countries such as China, Brazil and Pakistan opposed the prevailing regime that allowed US dominance and control of ‘critical infrastructure’. As the first phase of the WSIS could not resolve these differences the Working Group on Internet Governance (WGIG) was set up by the UN Secretary General to deliberate and report on the issues.

The establishment of the WGIG is an important development in the WSIS process not only because of the recommendations it developed to feed into the second phase of the negotiations, but also because of the procedural legitimacy the WGIG established through its working. The WGIG embodied the multistakeholder principle in its membership and open consultation processes. WGIG members were selected and appointed in their personal capacity through an open and consultative process. As a result the membership demonstrated diversity in the geography, stakeholder groups represented and gender demographics.

The consultations were open, transparent and allowed for a diverse range of views in the form of oral and written submissions from the public to feed into the policy process. At its final meeting the WGIG membership divided into smaller working groups to focus on specific issues, and reassembled at the plenary to review, discuss and consolidate sections which were then approved in a public forum. As the WGIG background paper notes “The WGIG agreed that transparency was another key ingredient to ensure ownership of the process among all stakeholders.”^[15]

The WGIG final report^[16] identified a vacuum within the context of existing structures and called for the establishment of a forum linked to the UN. The forum was to be modelled on the best practices and open format of the WGIG consultative processes allowing for the participation of diverse stakeholders to engage on an equal footing. It was in this context that the IGF was first conceptualised as a space for global multistakeholder ‘dialogue’ which would interface with intergovernmental bodies and other institutions on matters relevant to Internet governance.

The forum was conceived as a body that would connect different stakeholders involved in the management of the internet, as well as contribute to capacity-building for governance for developing countries drawing on local sources of knowledge and expertise. Importantly, the forum was to promote and assess on an ongoing basis the embodiment of WSIS principles in Internet governance processes and make recommendations’ and ‘proposals for action’ addressing emerging and existing issues not being dealt with elsewhere. However, as things turned out the exercises of power between states and institutional arrangements ultimately led to the development of a subtly altered version of the original IGF mandate.

Aftermath of the WGIG Report

The WGIG report garnered much attention and was welcomed by most stakeholders with the exception of the US government which along with private sector representatives such as Coordinating Committee of Business Interlocutors (CCBI) disagreed with the recommendations.^[17] Pre-empting the publication of the report, the National Telecommunications and Information Administration (NTIA) issued a statement in June 2005 affirming its resolve to “maintain its historic role in authorizing changes or modifications to the authoritative root zone file.”^[18]

The statement reiterated US government’s intention to fight for the preservation of the status quo, effectively ruling out the four alternative models for internet governance put forward in the WGIG report. The statement even referenced the WGIG report stating, “Dialogue related to Internet governance should continue in relevant multiple fora. Given the breadth of topics potentially encompassed under the rubric of Internet governance there is no one venue to appropriately address the subject in its entirety.”^[19]

The final report was presented to PrepCom 3 of the second phase in July 2005 and the subsequent negotiations were by far, the most significant in the context of the role and structure that the IGF would take in the future. US stance on its role with regard to the root zone garnered pushback from both civil society and other governments including Russia, Brazil, Iran and China. However the most significant reaction to US stance came from the European Union issuing a statement after the commencement of PrepCom 3 in September.

EU’s position recognised that adjustments were needed in institutional arrangements for internet governance and called for a new model for international cooperation which would include “the development and application of globally applicable public policy principles.”^[20] the US had not preempted this “shocking and profound change” and now isolated in its position on international governance of the internet, and it sent forth a strongly worded letter^[21] invoking its long-standing relationship and urging the EU to reconsider its stance.

The pressure worked since the US was in a strong position to stymie the achievement of a resolution from WSIS process. Moreover, introducing reforms to the internet naming and numbering arrangements was not possible without US cooperation. The letter resulted in EU going back on its aggressive stance and with it, the push for the establishment of global policy oversight over the domain names and numbers lost its momentum.

The letter significantly impacted the WSIS negotiations and shaped the role of the IGF. By creating a deadlock and by applying pressure US was able to negotiate a favourable outcomes for itself. The last minute negotiations led to the status quo continuing and in exchange the US provided an undertaking that it would not interfere with other countries’ ccTLDs. The weakened mandate meant that even though creation of the IGF under the WSIS process moved forward the direction changed from its conceptualisation and origins from the WGIG report.

Institutionalizing the IGF

In 2006, the UN Secretary General appointed Markus Kummer to assist with the establishment of the IGF. The newly formed IGF Secretariat initiated an open consultation to be held in Geneva in and issued an open call to stakeholders seeking written submissions as inputs into the consultation.^[22] Notably neither the US government nor the EU sent in a response to the consultation and submissions made by other stakeholders were largely a repetition of the views expressed at WSIS.

The division on the mandate of IGF was evident in this very first consultation. Private sector representatives such as the CCBI and ICC-Basis, government representatives from OECD countries like Canada and the technical community represented by likes of Nominet and ISOC^[23] opposed the development of the IGF as platform for policy development. On the other hand, civil society representatives such as APC called for the IGF to produce specific recommendations on issues where there is sufficient consensus.^[24]

With reference to the MAG structure, again there was division on whether the “effective and cost-efficient bureau” referred to in the Tunis Agenda should have a narrow mandate limited to setting the agenda for plenary meetings or if it should have a more substantial role. Civil society stakeholders envisioned assigning the bureau a more substantial role and notably the Internet Governance Project (IGP) discussion paper released in advance of the February 2006 Geneva consultations.^[25]

The paper offered design criteria for the Forum including specific organizational structures and processes proposing “a small, quasi-representational decision making structure” for the IGF Bureau.^[26] The paper recommended formation of twelve member bureau with five representatives from governments (from each UN geographic region) and two each from private sector civil society academic and technical communities. The bureau would set the agenda for the plenary meeting not arbitrarily through private discussions, but driven by working group proposals and it would also have the power to approve or reject applications for forming working groups.

The proposed structure in the IGP paper had it been implemented would have developed the bureau along the lines of the IETF where the working groups would develop recommendations which would feed into the deliberation process. However, there was a clear divide on the proposed structure with many stakeholders opposing the establishment of sub-groups or committees under the IGF.^[27]

Following the written submissions the first open consultations on the establishment of the IGF were held in Geneva on 16 and 17 February 2006, and were chaired by Nitin Desai.^[28] The consultation was well attended with more than 300 participants including 40 representatives from governments and the proceedings were webcast. Further, the two-day consultation was structured as a moderated roundtable event at which most interventions were read from prepared statements, many of which were also tabled as documents and later made available from the IGF Web site. This ofcourse meant that there was a repetition of the views expressed in response to the questionnaire or the WGIG report and as a consequence, there was little opportunity for consensus-building.

Once again there was conflict on whether the IGF should be conceptualised as annual ‘event’ that would provide space for policy dialogue or a ‘process’ of engaging with policy issues which would culminate in an annual event. The CCBI reiterated that “[t]he Tunis Agenda is clear that the IGF does not have decision-making or policy-making authority,” and the NRO emphasised that the “IGF must be a multi-stakeholder forum without decision-making attributions.”^[29]

William Drake argued for the IGF “as a process, not as a series of one-off meetings, but as a process that would promote collective dialogue, learning, and mutual understanding on an ongoing basis.”^[30] Government representatives were split for example see El Salvador statement “that the Internet Governance Forum will come up with recommendations built on consensus on specific issues,” and Brazil even characterised the first meeting as “an excellent opportunity to initiate negotiations on a framework treaty to deal with international Internet public policy issues.”^[31]

Although a broad consensus was declared on need for a lightweight multi-stakeholder bureau there was no consensus on its size, composition and the mandate of this bureau. Nitin Desai held the issue for further written input and the subsequent consultation received twelve submissions with most respondents recommended a body of ten and twenty five members. The notable exceptions were submissions from the Group of 77 and China that sought a combined total of forty members half of which would be governmental representatives.

The discussions during the February consultations and the input received from the written submissions paved the way for what eventually became the MAG. The IGF Secretariat announced the formation of a bureau with forty members and while not expressly stated, half of these would be governmental representatives. It has been speculated that the large membership decision was a result of political wrangling among governments, especially the G77 governments insisting on large group that would accommodate all the political and regional differences among its members.^[32]

IGF Secretariat - Set to Fail?

The unwieldy size of the MAG meant that it would have to rely on the newly constituted Secretariat for organization, agenda-setting, and results. This structure empowered the Secretariat while limiting the scope of the MAG, a group that was already divided in its interests and agenda. However, the Secretariat was restrained in its services to stakeholders as it had limited resources since it was not funded by the United Nations and relied upon voluntary donations to a trust fund.^[33]

Early donors included the Swiss Agency for Development and Cooperation (SWADC), ICANN and Nominet.^[34] Due to disjointed sources of funding, the Secretariat was vulnerable to the influence of its donors. For example, the decision to to base the Secretariat in Geneva was to meet the condition set by SWADC contribution. Distressingly, of the 20 non-governmental positions in the MAG, most were directly associated with the ICANN regime.

The over-representation of ICANN representatives in MAG selection was problematic since the IGF was conceptualised to address the lack of acceptance of ICANN’s legitimacy in the WSIS process. The lack of independent funding led to a deficit of accountability demonstrated in instances where it was possible for one of the MAG members to quietly insinuate that private sector support for the IGF and its Secretariat would be withdrawn if reforms unacceptable to that stakeholder group went ahead.^[35]

As might perhaps be expected from a Secretariat with such limited resources, its services to stakeholders were confined to maintaining a rudimentary website and responding to queries and requests. The transparency of the Secretariat’s activities was also very limited, most clearly exemplified by the process by which the Advisory Group was appointed.

Constituting the MAG

Following the announcement of the establishment of the MAG, a call for membership to the advisory group was made in March 2006. From the beginning the nomination process was riddled with lack of transparency and the nominations received from stakeholders were not acknowledged by the IGF Secretariat, nor was the selection criteria of made available. The legitimacy of the exercise was also marred by a top-down approach where first that nominees heard of the outcomes was the Secretariat's announcement of selected nominees. Lack of transparency and accountability resulted in the selection and appointment procedure being driven by patronage and lobbying.

The political wrangling was evident in the composition of the first MAG which was expanded to accommodate six regional coordinators personally appointed by Chair Nitin Desai to the Special Advisory Group (SAG). Of the twenty non-governmental positions, most were associated with the naming and numbering regime including sitting and former Board members and ICANN staff.^[36] Participation from civil society was limited as the composition did not recognise^[37] technical community as a distinct group, including it along with academic community and as part of civil society.

The political struggles at play was visible in the appointment of Michael D. Gallagher, the former head of the US Commerce Department's NTIA. This appointment was all the more relevant since it was Gallagher who had had only a few months back stated that the US government owns the DNS root and has no intention of giving it up. His presence signalled that the US government took the forum seriously enough to ensure its interests were voiced and received attention on the MAG.

Beyond issues of representation the working of the MAG suffered from a serious lack of transparency as meetings of the Advisory Group were closed, and no reports or minutes were released. The Advisory Group met in May and September in Geneva before the inaugural IGF meeting in Athens. Coordination between members for the preparations for Athens was done utilising a closed mailing list that was not publicly archived. Consequently, the detail of the operations of the Advisory Group ahead of the first IGF meeting were known only to its members.

Whatever little has been reported suggests that the Advisory Group possessed little formal authority, operating like a forum where members expressed views and debated issues without the object of taking formal decisions. Decisions were settled upon by rough consensus as declared by the Chair, and on all matters where there was no agreement the issues were summarised by the Chair in a report to the UN Secretary-General. The Secretary-General would take the report summary in consideration however retained the ultimate authority to make a formal decision.^[38]

The UN’s clear deciding role was not so obvious in the early years of the MAG’s existence because of the relatively novel nature of the IGF. Moreover Nitin Desai Chair, MAG and Markus Kummer, IGF Secretariat were appointed by the UN Secretary General and were on good terms with the then-Secretary General Kofi Annan and working together they acted as de facto selectors of the members of the MAG. Most of the MAG’s core membership in the first five years of its existence was made up of leaders from across the different stakeholder groups and self-selection within those groups was encouraged to lend broader stability.

Over the last decade, changes in institutional arrangements led the IGF to be moved as a ‘project’ under the UNDESA umbrella, where it is not a core mission, but simply one of many conferences that it handles across the world every year. The core personnel that shepherded the MAG and the IGF from its early days retired allowing for the creation a new core membership. The new group of leaders in the MAG membership have emerged partly as the result of selection and rotation process instituted by the UNDESA in appointing a ‘program committee’.

The history presented above is to help understand how the MAG was established under the UN umbrella and to highlight the key developments that shaped its scope and working. Importantly the weakened IGF mandate created divergences on the scope of the MAG to function as a ‘program committee’ limited to selecting proposals and planning the IGF or as an ‘advisory committee’ with a more substantial role in developing the forum as an innovative governance mechanism. In its conception the IGF was a novel idea and by empowering MAG and introducing transparency in the selection procedures of members and their workings could have perhaps led to a more democratic and accountable IGF. However, the possibility of this was stemmed early on.

The opacity in the appointment processes meant that patronage and lobbying became key to being selected as a member of the MAG. It established the worrying trend of ensuring diversity and representation taking precedent over the necessity of ensuring that representatives were appointed through a bottom-up multistakeholder process. Further, distributing the composition to ensure geographic representation severely limited participation of technical, academic and civil society. In the next section, I focus on the rotation of members of the MAG over the last ten years to identify and highlight trends that have emerged in its composition.

Analysis of MAG Composition (2006 - 2015)

This primary data for the analysis of the MAG membership has been collected from the membership list from 2010-2015 available on the I website. The membership list for 2005, 2006, 2007 and 2008 have been provided by the UN IGF Secretariat during the course of this research. To the best of my knowledge, this data is yet to be made publicly available and may be accessed here.^[39] The Secretariat notes that the MAG membership did not change in 2008 and 2009 and the confirmation is the only account of the list of members for both years, as the records were poorly maintained and are therefore unavailable in the public domain.

It is also worth noting that to the best of my knowledge, no data has been made available by the IGF Secretariat regarding the nomination process and the criteria on which a particular member has been re-elected to the MAG. The stakeholder groups identified for this analysis include government, civil society, industry, technical community and academia. Any overlap between two or more of these groups or movements of individuals between stakeholder groups and affiliations has been taken into account.

Over the decade of its existence, the MAG has had 196 unique members from various stakeholder groups. As per the Terms of Reference^[40] (ToR) of the MAG, it is the prerogative of the UN Secretary General to select MAG members. There also exists a policy of rotating one-third members of MAG every year for diversity and taking new viewpoints in consideration. Diversity within the UN is an ingrained process where every group is expected to be evenly balanced in geographic and gender representation. However, ensuring a diverse membership often comes at the cost of legitimate expertise. Further it may often lead to top-down decision making where individuals are appointed based on their characteristics rather than qualifications.

The complexity of the selection process is further compounded by the fact that the IGF Secretariat provides an initial set of recommendations identifying which members should be appointed to the MAG, but the selection and appointment is undertaken by UNDESA civil servants based in New York. Notably, while the IGF Secretariat staff is familiar with and interacts with stakeholder representatives at internet governance meetings and forums that are regularly held in Geneva, the New York UN based officials do not share such relationships with constituent groups.

Consequently, they end up selecting members who meet all their diversity requirements and have put themselves forward through the standard UN open nomination process. The practice of ensuring that UN diversity criteria is met, creates tension within the MAG membership as representatives nominated by different stakeholder and who have more legitimacy within their respective constituencies are not appointed to the MAG.

The stress on maintaining diversity is evident in the MAG membership’s gradual expansion from an initial group of 46 members in 2006 to include a total of 56 members as of 2015. However the increase in membership has not impacted representation of the technical, academic and civil society constituencies with only 56 members having been appointed from the three groups over the last decade.

This is problematic considering that at the time of its constitution of the MAG the composition did not recognise^[41] technical community as a distinct group, including it along with academic community as part of civil society. Consequently the three stakeholder groups have been represented collectively in the MAG and yet account for only 24.77% of the total membership compared to the government’s share of 39.3% and industry’s share of 35.7% respectively. At the regional level too membership across the three groups has ranged between 20-25% of the total membership.

The technical community is the least represented constituency accounting for only 5% of the total membership with only 10 members having been appointed over ten years. Of the 10, 6 were appointed from the WEOG region and there were no representatives appointed from the GRULAC region. Representatives from academia accounted for only 6% of the total membership with 13 representatives from the group having been appointed on the MAG. The technical community representation too was low from the US with only two members being appointed to the MAG and with each serving for a period of three years.

Civil society accounted for only 17% of the total membership with a total of 33 members and representation from the constituency was abysmally low across all regions. Civil society representation from the US included a total of five members, of which one served for one year, three served for two years each and only one representative continued for more than three years. Notably, there have been no academics from the US which is surprising given that most of the scholarship on internet governance is dominated by US scholars.

Industry was second largest represented group with a total of 64 members appointed to the MAG of which a whopping 30 members were appointed from the WEOG region. Representation was the highest across WEOG countries with 39.47% of the total membership and the group accounted for 32.4% and 32.5% of the total members from Africa and Asia Pacific respectively. Across Eastern European and GRULAC countries industry representation was very low accounting for merely 11.53% and 18.18% of the total membership respectively. Industry representative from the US Included two members serving one year each, five members who served two years each, two members who continued for three years each, one member was appointed for five years, one member who completed the maximum MAG term of eight years.

It is also interesting to note that the industry membership base expanded steadily, spiking in 2012 with a total of 40 representatives from the industry on the MAG. When assessed against the trend of the core leadership trickling out in 2012, the sudden increase in industry representation may point to attempts at capture from the stakeholder group in 2012. Industry representation from US in the MAG was by far the most consistent over the years and had the most evenly distributed appointment terms for members within a group.

Government has been the most dominant group within the MAG averaging a consistent 40% of the total membership over the last 10 years. At a regional level representation on the MAG was highest from Eastern Europe with more than 61% of its total membership comprising of individuals from the government constituency. GRULAC countries appointments to the MAG also demonstrate a preference for government representation with almost 58% of the total members appointed from within this group. The share of government representation in the total membership from Asia Pacific was 47.5% and 32.43% across Africa.

Another general policy followed in the selection procedure is that members are appointed for a period of one year, which is automatically extendable for two more years consecutively depending on their engagement in MAG activities. Members serving for one year term is inevitable due to the rotation policy, as new members replace existing members and often it may be the case of filling slots to ensure stakeholder group, geographic and gender diversity. Due to the limited resources made available for coordination between MAG members, one year appointments may not allow sufficient time for integrating new members into the procedures and workings of UN institutions.

Over the last decade 24.36% of the total appointed MAG members have been limited to serving a term of one year. Of the total 55 one year appointments 26 individuals served their first term in 2015 alone. This includes all nine representatives of civil society and it could be argued that for a stakeholder group with only 11% of the total membership share, such a rehaul weakens the ability of members to develop linkages severely limiting their ability to exert influence on decision making within the MAG.

Interestingly, the analysis reveals that one year term was a trend in the early years of the MAG where a core group took on the leadership role and continued guiding activities for newcomers including negotiating often conflicting agendas. The pattern of one year appointments was hardly visible from 2008-2012 but picked up again in 2013 and has continued ever since. The trend is perhaps indicative of the movement in the core MAG leadership as many of the original members retired or moved on to other engagements from 2010.

Importantly, the MAG ToR note that in case there is a lack of candidates fitting the desired area or under exceptional circumstances a member may continue beyond three years. However in the formative years the MAG this exception was the norm with most members continuing for more than three years. An analysis of the membership reveals that between 2006-2012 an elite core emerges which guided and was responsible for shaping the MAG and the IGF in its present day format. No doubt some of these members were exceptional talents and difficult to replace, however the lack of transparency in the nomination system makes it difficult to determine the basis on which these people continued beyond the stipulated one year term.

The analysis also suggests a shift in the leadership core over the last three years and points that a new leadership group is emerging which is distinguishable in that most members have served on the MAG for three or four years. Members serving for one, two or three years makes up more than 75% of the total membership and 111 individual members have served more than 2 years on the MAG. This could be the result of the depletion in membership of those familiar with internal workings and power structures within the UN, and the selection and rotation criteria and procedures that have weakened the original composition over the last decade.

Rotating membership might be necessary to prevent capture from any particular constituency or group, on the other hand more than half of the total members have spent less than three years on the MAG which makes the composition a shifting structure that limits long term engagement. Regular rotation of members can also lead to power struggles as continuing members exercise their influence to ensure that more members from within their constituency groups are appointed. Only seven individuals have completed the maximum term of eight years on the MAG while 23 individuals have completed five years or more on the MAG.

Finally, in terms of gender diversity, the ratio of male to female members is approximately 13:7 in the total membership with the approximate value in percentage being 65% and 35% respectively. Female representatives from WEOG countries dominate with a total of 29 women having been appointed from the region. Participation of women was the lowest across Asia Pacific and Eastern Europe with only nine and five representatives having been appointed respectively. There was a better balance of gender ratios across countries from Africa and GRULAC with 12 and 14 females having been appointed from the region.

Further analysis and visualisations derived from the MAG composition and identifying trends in appointment of individual members are available on the CIS website. The visualizations include MAG membership distribution across region^[42] and stakeholder groups^[43], evolution of stakeholder groups over the years^[44], stakeholder group distribution across countries^[45] and the timeline of total number of years served by individual members^[46]. The valuation also include a comparison of stakeholder group representatives appointed across India and the USA.^[47]

Recommendations: Reforming MAG & the IGF

Between April 4-6, 2016 the MAG convened in Geneva towards the IGF’s first planning meeting for the year^[48]. The meeting marks the beginning of MAG’s work in planning and delivering the forum, the first in its recently renewed and now extended mandate. This report is a much needed documentation of its working and processes and has been undertaken as an attempt to scrutinize if the MAG is truly a multi-stakeholder institution or if it is has evolved as a closed group of elite members cloaked in a multi-stakeholder name.

There is very little literature on the evolution of, or critiquing the MAG structure partly due to it being a relatively new structure and partly due its workings being shrouded in secrecy. The above analysis has been conducted with the aim of trying to understand MAG’s functioning of the selection of its membership. The paper explores the history of the formation of IGF and the MAG to identify the geo-political influences that have contributed to the MAG’s evolution and role in shaping the IGF over the last decade.

In this section I apply the theory of institutional isomorphism developed by DiMaggio and Powell in their seminal paper^[49] on organizational theory and social change. The paper posits that as organisations emerge as a field, a paradox arises where rational actors make their organizations increasingly similar as they try to change them. A focus on institutional isomorphism can add a much needed perspective on the political struggle for organizational power and survival that is missing from much of discourse and literature around the IGF and the MAG.

A consideration of isomorphic processes also leads to a bifocal view of power and its application in modern politics. I believe that there is much to be gained by attending to similarity as well as to variation between organisations within the same field and, in particular, to change in the degree of homogeneity or variation over time. In this paper I have attempted to study the incremental change in the IGF mandate as well as in the selection of the MAG members.

Applying the theoretical framework proposed by DiMaggio and Powell I identify possible areas of concern and offer recommendations for improvement of the IGF and reform of the MAG. I detail these recommendations through the impact of resource centralization and dependency, goal ambiguity, professionalization and structuration on isomorphic change. There is variability in the extent to and rate at which organizations in a field change to become more like their peers. Some organizations respond to external pressures quickly; others change only after a long period of resistance.

DiMaggio and Powell hypothesize that the greater the extent to which an organizational field is dependent upon a single (or several similar) source of support for vital resources, the higher the level of isomorphism. Their organisational theory also posits that the greater the extent to which the organizations in a field transact with agencies of the state, the greater the extent of isomorphism in the field as a whole. As my analysis reveals both hypotheses hold true for the IGF which is currently defined as a ‘project’ of the UNDESA. Since the IGF and the MAG are dependent on the UN for their existence, it is not surprising that both structures emulate the UN principles for diversity and governmental representation.

It is also worth noting that UN projects are normally not permanent and require regular renewal of mandate, reallocation of resources and budgets. When budget cuts take place as was the case during the global economic crisis, project funding is jeopardized as was the case when the IGF was left without an executive coordinator or a secretariat due to UN budget cuts.

This led to constituent groups coming together to directly fund the IGF secretariat through a special IGF Trust Fund created under an an agreement with the United Nations and to be administered by the UNDESA.^[50] The fund was drawn up to expire on 31 December 2015 and efforts to renew contribution to the fund for 2016 is being opposed and questions on the legality of the arrangement are being raised.^[51]

It is widely rumoured that the third party opposing the contribution is UNDESA itself. Securing guaranteed, stable and predictable funding for the IGF, including through a broadened donor base, is essential for the forum’s long term stability and ability to realize its underutilized potential. There have been several suggestions from the community in this regard including IT for Change’s suggestion that part of domain names tax collected by ICANN should to be dedicated to IGF funding through statutory/ constitutional arrangements. Centralisation of resources may lead to power structures being created and therefore any attempts at IGF and MAG reform in the future must consider the choice between incorporating the IGF as a permanent body with institutional funding under the UN and the implications of that on the forum’s structure.

There are four other hypotheses in DiMaggio and Powell’s framework that may be helpful in identifying levers for improvement of the IGF and the MAG. The first states that, the greater the extent to which goals are ambiguous within afield, the greater the rate of isomorphic change. As my analysis suggests, there is an urgent need to address the decade long debate on the MAG’s scope as a programme committee limited to planning an annual forum.

The question is linked to the broader need to clarify if the IGF will continue to evolve as an annual policy-dialogue forum or if it can take on a more substantive role that includes offering recommendations and assisting with development of policy on critical issues related to internet governance. Even the MAG is divided in its interpretation of its roles and responsibilities. A resurgence of the IGF necessitates that the global community reassess the need of the forum not only on the mandate assigned to it at the time of its conceptualisation but also in light of the newer and more complex challenges that have emerged over the decade.

The second hypothesis holds that the greater the extent of professionalization in a field greater the amount of institutional isomorphic change. DiMaggio and Powell measure professionalization by the universality of credential requirements, the robustness of training programs, or the vitality of professional associations. As the MAG composition analysis reveals the structure has evolved in a manner that gives preference to participation from the government and industry over participation from civil society, technical and academic communities.

Since the effect of institutional isomorphism is homogenization, the best indicator of isomorphic change is a decrease in variation and diversity, which could be measured by lower standard deviations of the values of selected indicators in a set of organizations. Such professionalization is evident in the functioning of the MAG that has taken on bureaucratic structure akin to other UN bodies where governmental approval weighs down an otherwise light-weight structure. Further the high level of industry representation creates distrust amongst other stakeholders and may be a reason the forum lacks legitimacy as a mechanism for governance as it could be perceived as being susceptible to capture.

The third hypothesis states that fewer the number of visible alternative organizational models in a field, the faster the rate of isomorphism in that field. The IGF occupies a special place in the UN pantheon of semi-autonomous groups and is often held up as a shining example of the ‘multistakeholder model’, where all groups have an equal say in decisions. Currently, there is no global definition of the multistakeholder model which at best remains a consensus framework for legitimizing Internet institutions.

It is worth noting that the system of sovereignty where authority is imposed is at odds with the earned authority within Internet institutions. Given the various interpretations of the approach, if multistakeholderism is to survive as a concept then it needs to be understood as a legitimizing principle that is strictly at odds with state sovereignty-based conceptions of legitimacy.^[52] Under a true multistakeholder system, states can have roles in Internet governance but they cannot unilaterally declare authority, or collectively assert it without the consent of the rest of the Internet.

Unfortunately as the MAG membership reveals the composition is dominated by governmental representatives who seek to enforce territorial authority over issues of global significance. Further, while alternative approaches to its application exist within the ecosystem they are context specific and have evolved within unique environments.^[53] As critics note emerging and existing platforms derived from the multistakeholder concept create ‘an embryonic form of transnational democracy’. Therefore it is important to recognise that the IGF is a physical manifestation of a much larger ideal, one where individuals and organizations have the ability to help shape the Internet and the information society to which it is intrinsically connected. This points to the need to study and develop alternative models to multistakeholder governance while continuing to strengthen existing practices and platforms.

As such, the IGF and its related local, national and regional initiatives represent a critical channel for expression especially for countries where such conversation is not pursued adequately and keeps discussions of the internet in the public space as opposed to building from regional/national initiatives. However, interaction between the global IGF and national IGFs is yet to be established. The MAG can play a critical role in developing and establishing mechanism to improve the national IGFs coordination with regional and national initiatives. A strengthened IGF could better serve national initiatives by providing formal backing and support to develop as platforms for engaging with long standing and emerging issues and identifying possible ways to address them.

DiMaggio and Powell’s final hypothesis holds that the greater the extent of structuration of a field, the greater the degree of isomorphism. As calls for creating structures to govern cyberspace pick up pace and given the extension of the IGF mandate its structure and working are in need of a rehaul. More research and analysis is needed to understand if there is a preferred approach for multistakeholder participation and engagement is emerging within both the IGF and MAG.

For example, if a portion or category of stakeholder group, countries and regions are not engaging in common dialogue, does the MAG have the mandate to promote and encourage participation? Has a process been established for ensuring a right balance when engaging different stakeholders and if yes, how is such a process initiated and promoted? The data shared by the IGF Secretariat confirmed that there were no records of the nomination procedure, that the membership list was missing for a year and that there was confusion in some cases who the nominees were are actually representing.

This opens up glaring questions on the legitimacy of the MAG such as on what criteria were MAG members selected and rotated? Was this evaluation undertaken by objective criteria or were representative handpicked by the UN? Moreover, it is important to asses of selection took place following an open call for nominations; or if members were handpicked by UN. Such analysis will help determine if there is scope within the current selection procedure to reach out to the wider multistakeholder community or if all MAG activities and discussions are restricted to its constituent membership. Clarifying the role of the IGF in the internet governance and policy space is inextricably linked to reforms in the MAG structure and processes and the questions raised above need urgent attention.

While these issues have been well known and documented for a number of years, yet there has been no progress on resolving them. Currently there is no website or document that lists the activities conducted by MAG in furtherance of ToR, nor does it produce annual report or maintain a publicly archived mailing list. Important recommendations for strengthening the IGF were made by the UN CSTD working group on IGF improvements.

The group took two years to produce its report identifying problems and offering recommendations that were to be implemented by end of 2015 and yet many of the problems identified within it have yet to be addressed. Worryingly, an internal MAG proposal to set up a working group to dig into the delays is being bogged down with discussions over scope and membership and a similar effort six months ago was also shot down.^[54]

The ineffectiveness of the MAG to institute reform have led to calls for a new oversight body with established bylaws as the MAG in its present form does not seem up to the task. Further the opaque decision making process and lack of clarity on the scope of the MAG means that each time it undertakes efforts for improvements these are thwarted as being outside of its mandate. There remains a lot of work to be done in strengthening the MAG structure as the group that undertakes the day-to-day work of the IGF and the many issues that plague the role and function of the IGF. A tentative beginning can be made by introducing transparency and accountability in MAG member selection.

^[1] This paper has been authored as part of a series on internet governance and has been made possible through a grant from the MacArthur Foundation.

^[2] The Internet Governance Forum See: http://www.intgovforum.org/cms/

^[3] World Summit on the Information Society (WSIS)+10 High-Level Meeting See: https://publicadministration.un.org/wsis10/

^[4]The mandate and terms of reference of the IGF are set out in paragraphs 72 to 80 of the Tunis Agenda for the Information Society (the Tunis Agenda). See: http://www.itu.int/net/wsis/docs2/tunis/off/6rev1.html

^[5] Samantha Bradshaw, Laura DeNardis, Fen Osler Hampson, Eric Jardine and Mark Raymond ‘The Emergence of Contention in Global Internet Governance’, the Centre for International Governance Innovation and Chatham House, 2015 See: https://www.cigionline.org/sites/default/files/no17.pdf

^[6] Mikael Wigell, ‘Multi-Stakeholder Cooperation in Global Governance’, The Finnish Institute of International Affairs. June 2008, See: https://www.ciaonet.org/attachments/6827/uploads

^[7] Arun Mohan Sukumar, India’s New ‘Multistakeholder’ Line Could Be a Game Changer in Global Cyberpolitics,The Wire, 22 June 2015 See:http://thewire.in/2015/06/22/indias-new-multistakeholder-line-could-be-a-gamechanger-in-global-cyberpolitics-4585/

^[8] Background Note on Sub-Theme Principles of Multistakeholder/Enhanced Cooperation, IGF Bali 2013 See: https://www.intgovforum.org/cmsold/2013/2013%20Press%20Releases%20and%20Articles/Principles%20of%20Multistakeholder-Enhanced%20Cooperation%20-%20Background%20Note%20on%20Sub%20Theme%20-%20IGF%202013-1.pdf

^[9] Statement by Mr. Santosh Jha, Director General, Ministry of External Affairs, at the First Session of the Review by the UN General Assembly on the implementation of the outcomes of the World Summit on Information Society in New York on July 1, 2015 See: https://www.pminewyork.org/adminpart/uploadpdf/74416WSIS%20stmnt%20on%20July%201,%202015.pdf

^[10] Jean-Marie Chenou, Is Internet governance a democratic process ? Multistakeholderism and transnational elites, IEPI – CRII Université de Lausanne, ECPR General Conference 2011,Section 35 Panel 4 See: http://ecpr.eu/filestore/paperproposal/1526f449-d7a7-4bed-b09a-31957971ef6b.pdf

^[11] Ibid. 9

^[12] Kieren McCarthy, ‘Critics hit out at 'black box' UN internet body’, The Register 31 March 2016 See: http://www.theregister.co.uk/2016/03/31/black_box_un_internet_body/?page=3

^[13] Ibid.

^[14] Malcolm Jeremy, ‘Multistakeholder governance and the Internet Governance Forum, Terminus Press 2008

^[15] Background Report of the Working Group on Internet Governance June 2005 See: https://www.itu.int/net/wsis/wgig/docs/wgig-background-report.pdf

^[16] Report of the Working Group on Internet Governance, Château de Bossey June 2005 http://www.wgig.org/docs/WGIGREPORT.pdf

^[17] Compilation of Comments received on the Report of the WGIG, PrepCom-3 (Geneva, 19-30 September 2005) See: http://www.itu.int/net/wsis/documents/doc_multi.asp?lang=en&id=1818%7C2008

^[18] U.S. Principles on the Internet's Domain Name and Addressing System June 30, 2005 See: https://www.ntia.doc.gov/other-publication/2005/us-principles-internets-domain-name-and-addressing-system

^[19] Ibid. 16.

^[20] Tom Wright, ‘EU Tries to Unblock Internet Impasse’, International Herald Tribune

Published: September 30, 2005 See: http://www.nytimes.com/iht/2005/09/30/business/IHT-30net.html

^[21] Kieren McCarthy, Read the letter that won the internet governance battle’, The Register, 2 Dec 2005 See: http://www.theregister.co.uk/2005/12/02/rice_eu_letter/

^[22] United Nations Press Release, 2 March, 2006 Preparations begin for Internet Governance Forum,

http://www.un.org/press/en/2006/sgsm10366.doc.htm

^[23] The Internet Society’s contribution on the formation of the Internet Governance Forum, February 2006 See: http://www.internetsociety.org/sites/default/files/pdf/ISOC_IGF_CONTRIBUTION.pdf

^[24] APC, Questionnaire on the Convening the Internet Governance Forum (IGF) See:http://igf.wgig.org/contributions/apc-questionnaire.pdf

^[25] Milton Mueller, John Mathiason, Building an Internet Governance Forum, 2 Febryary 2006, See: http://www.internetgovernance.org/wordpress/wp-content/uploads/igp-forum.pdf

^[26] Ibid.

^[27] Supra note 11.

^[28] Supra note 20.

^[29] Consultations on the convening of the Internet Governance Forum, Transcript of Morning Session 16 February 2006. See: http://unpan1.un.org/intradoc/groups/public/documents/igf/unpan038960.pdf

^[30] Ibid.

^[31] Ibid.

^[32]Milton Mueller, ICANN Watch, ‘The Forum MAG: Who Are These People?’ May 2006 See: http://www.icannwatch.org/article.pl?sid=06/05/18/226205&mode=thread

^[33] IGF Funding, See: https://intgovforum.org/cmsold/funding

^[34] Supra note 12.

^[35] Ibid.

^[36] ICANN’s infiltration of the MAG was evident in the composition of the first advisory group which included Alejandro Pisanty and Veni Markovski who were sitting ICANN Board members, one staff member (Theresa Swineheart), two former ICANN Board members (Nii Quaynor and Masanobu Katoh); two representatives of ccTLD operators (Chris Disspain and Emily Taylor); two representatives of the Regional Internet Address Registries (RIRs) (Raul Echeberria and Adiel Akplogan). Even the "civil society" representatives appointed were all associated with either ICANN's At Large Advisory Committee or its Noncommercial Users Constituency (or both) Adam Peake of Glocom, Robin Gross of IP Justice, Jeanette Hofmann of WZ Berlin, and Erick Iriarte of Alfa-Redi.

^[37] United Nations Press Release, Secretary General establishes Advisory Group to assist him in convening Internet Governance Forum, 17 May 2006 See: http://www.un.org/press/en/2006/sga1006.doc.htm

^[38] Jeremy Malcolm, Multi-Stakeholder Public Policy Governance and its Application to the Internet Governance Forum See: https://www.malcolm.id.au/thesis/x31762.html

^[39] MAG Spreadsheet CIS Website https://docs.google.com/spreadsheets/d/1uZzfBz9ihj1M0QSvlnORE0nRD62TCRxhA5d1E_RKfhc/edit#gid=1912343648

^[40] Terms of Reference for the Internet Governance Forum (IGF) Multistakeholder Advisory Group (MAG) Individual Member Responsibilities and Group Procedures See: http://www.intgovforum.org/cms/175-igf-2015/2041-mag-terms-of-reference

^[41] United Nations Press Release, Secretary General establishes Advisory Group to assist him in convening Internet Governance Forum, 17 May 2006 See: http://www.un.org/press/en/2006/sga1006.doc.htm

^[42] IGF MAG Membership Analysis, 2006-2015 http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_Treemap.html

^[43] IGF MAG Membership - Stakeholder Types and Regions - 2006-2015 See: http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_StakeholderTypes-Regions.html

^[44] IGF MAG Membership - Stakeholder Types across Years - 2006-2015 See: http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_StakeholderTypes-Years.html

^[45] IGF MAG Membership - Stakeholder Types and Countries - 2006-2015 See: http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_StakeholderTypes-Country.html

^[46] IGF MAG Membership Timeline, 2006-2015 See: http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_Member-Timeline.html

^[47] MAG Membership - India and USA - 2006-2015

See: http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_StakeholderTypes-India-USA.html

^[48] MAG Meetings in 2016

http://www.intgovforum.org/cms/open-consultations-and-mag-meeting

^[49] Paul J. DiMaggio and Walter W. Powell, ‘The Iron Cage Revisited: Institutional Isomorphism and Collective Rationality in Organizational Fields’, Yale University, American Sociological Review 1983, Vol. 48 (April: 147-160)

^[50] United Nations Funds-In-Trust Project Document Project number: GLO/11/X01 Project title: Internet Governance Forum Country/area: Global Start date: 1 April 2011 End date: 31 December 2015 Executing agency: UNDESA Funding: Multi-donor – extrabudgetary Budget: Long-term project framework – budget “A” See: http://www.intgovforum.org/cms/2013/TrustFund/Project%20document%20IGF.pdf

^[51] Kieren McCarthy, Critics hit out at 'black box' UN internet body, The Register 31 March 2016 See: http://www.theregister.co.uk/2016/03/31/black_box_un_internet_body/?page=2

^[52] Eli Dourado, Too Many Stakeholders Spoil the Soup, Foreign Policy, 15 May 2013 See:http://foreignpolicy.com/2013/05/15/too-many-stakeholders-spoil-the-soup/

^[53] IANA Transition, NetMundial are some of the other examples of multi-stakeholder engagement.

^[54] Ibid.

For more details visit https://cis-india.org/internet-governance/blog/mapping-mag-a-study-in-institutional-isomorphism

RightsCon Silicon Valley 2016

praskrishna — 2016-04-06T15:10:21Z

RightsCon is the world’s leading event convened around the issues of the internet and human rights. The annual conference convenes business leaders, visionaries, technologists, legal experts, civil society members, activists, and government representatives from across the globe on issues at the intersection of tech and human rights. The event was organized by RightsCon.

Program

This year, we had three days ofprogrammingplus a day of satellite events (Day Zero satellite events + three full days of main programming), tackling some of today’s most challenging business and policy issues: freedom of expression, online harassment and countering violent extremism, privacy and digital security, encryption, network discrimination and connectivity, human rights, trade and business, transparency reporting, digital inclusion, internet governance, and much more. Click here to see our program schedule.

With 250+ sessions and over 1,000 registered participants, RightsCon 2016 provided unparalleled opportunities to engage with leading speakers and organizations, both in sessions and through private meetings and discussions. It was also home to an array of parties, movie screenings, and social events throughout the week to help participants meet others in the space.

Elonnai Hickok participated in the following panels and meetings at RightsCon held at Mission Bay Conference Center in San Francisco, California from March 30 to April 1, 2016:

1. Beyond CSR: Promoting Strong Human Rights Performance - Centre for Law and Democracy
2. Ranking ICT Companies on Digital Rights; A How to Guide - Ranking Digital Rights
3. Who is an Intermediary? Harmonizing Definitions? - CIS
4. Manila Principles: One Year Later - CIS and EFF
5. Cross Border Data Requests - American University Washington College of Law, University of Kentucky College of Law.
6. Closed door meeting for Ranking Digital Rights
7. GNI meeting on Mutual Legal Assistance

More info on the RightsCon website

For more details visit https://cis-india.org/internet-governance/news/rightscon-silicon-valley-2016

Will Aadhaar Act Address India’s Dire Need For a Privacy Law?

nehaa — 2016-04-05T16:01:06Z

The article was published by Quint on March 31, 2016.

The passage of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (will hereby be referred to as “the Act”) has led to flak for the government from privacy advocates, academia and civil society, to name a few.

To my mind, the opposition deserves its fair share of criticism (lacking so far), for its absolute failure to engage with and act as a check on the government in the passage of the Act, and the events leading up to it.

The government’s introduction of the Act as a ‘money bill’ under Article 110 of the Constitution of India (“this/the Article”) is a mockery of the constitutional process. It renders redundant, the role of the Rajya Sabha as a check on the functioning of the Lower House.

Article 110 limits a ‘money bill’ only to six specific instances: covering tax, the government’s financial obligations and, receipts and payments to and from the Consolidated Fund of India, and, connected matters.

The Act lies well outside the confines of the Article; the government’s action may attract the attention of the courts.

Political One-Upmanship


Finance Minister Arun Jaitley (left) listens to Reserve Bank of India (RBI) Governor Raghuram Rajan. (Photo: Reuters)

In the past, the Supreme Court (“the Court”) has stepped into the domain of the Parliament or the Executive when there was a complete and utter disregard for India’s constitutional scheme. In recent constitutional history, this is perhaps most noticeable in the anti-defection cases, (beginning with Kihoto Hollohan in 1992); and, in the SR Bommai case in 1994, on the imposition of the President’s rule in states.

In hindsight, although India has benefited from the Court’s action in the Bommai and Hollohan cases, it is unlikely that the passage of the Aadhaar Act as a ‘money bill’, reprehensible as it is, meets the threshold required for the Court’s intervention in Parliamentary procedure.

Besides, the manner of its passage, the Act warrants

Censure for its process
Its (in)compatibility with fundamental rights
The failure to incorporate the suggestions of the Yashwant Sinha-led Standing Committee to UPA’s NIDAI Bill
The possibility of surveillance that it presents
The lack of measures to protect personal information
Its inadequate privacy safeguards
The questions around the realisation of its stated purpose.

Instead, a part of the Aadhaar debate has involved political one-upmanship between the Congress and the BJP, pitting the former’s NIDAI Bill against the latter’s Aadhaar Act.

While an academic comparison between the two is welcome, its use as a tool for political supremacy would be laughable, were it not deeply problematic, given the many serious concerns highlighted above.

Better Than UPA Bill?


The Act may have more privacy safeguards than the earlier UPA Bill. (Photo: iStockphoto)

And while the Act may have more privacy safeguards than the earlier UPA Bill, critics have argued that they not up to the international standard, and instead, that they are plagued by opacity.

Additionally, despite claims that the Act is a significant improvement over the UPA Bill, it fails to address concerns, including around the centralised storage of information, that were raised by civil society members and others.

Perhaps most problematically, however, the Act takes away an individual’s control of her own information. Subsidies, government benefits and services are linked to the mandatory possession of an Aadhar number (Section 7 of the Act), effectively negating the ‘freedom’ of voluntary enrollment (Section 3 of the Act). This directly contradicts the recommendations of the Justice AP Shah Committee, before whom the Unique Identification Authority of India had earlier stated that enrollment in Aadhaar was voluntary.

To make matters worse, the individual does not have the authority to correct, modify or alter her information; this lies, instead, with the UIDAI alone (Section 31 of the Act). And the sharing of such personal information does not require a court order in all cases.


Kanhaiya Kumar speaking in JNU on 3 March 2016. (Photo: PTI)

It may be authorised by Executive authorities under the vague, ill-understood concept of ‘national security’, (Section 33(2) of the Act) which the Act does not define. We would do well to learn the dangers of leaving ‘national security’ open to interpretation, in the aftermath of the recent events at JNU.

These recent events around Aadhaar have only underscored the dire urgency for comprehensive privacy legislation in India and, the need to overhaul our data protection laws to meet our constitutional commitments along with international standards.

Meanwhile, constitutional challenges to the Aadhaar scheme are currently pending in the Supreme Court. The Court’s verdict may well decide the future of the Aadhaar Act, with the stage already set for a constitutional challenge to the legislation. The BJP’s victory in this case may be short-lived.

For more details visit https://cis-india.org/internet-governance/blog/the-quint-march-31-2016-nehaa-chaudhari-will-aadhaar-act-address-indias-dire-need-for-a-privacy-law

Woman Alleges Harassment at Major International Conference

praskrishna — 2016-03-30T17:06:10Z

A prospective lawyer's name tag was flipped, and she was asked rude questions by a CEO at a conference, where, ironically enough, she was invited to devise sexual harassment policies.

The article by Kavita Patil was published in Bangalore Mirror on March 30, 2016.

Padmini Baruah, 22, a National Law School of India University (NLSIU) student representing Centre for Internet and Society (CIS), at the ICANN55 (Internet Corporation for Assigned Names and Numbers) held at Marrakech, alleged that she was sexually harassed by Khaled Fattal, the chairman and CEO of The Multilingual Internet Group.

On March 2, Baruah had reached out to the conference ombudsman and expressed her concerns about the lack of a specific sexual harassment policy. She was directed to the ICANN55's Standards of Behavior, who invited her for a discussion at the conference in Marrakech.

About three hours before her meeting with the ombudsman on March 6, she had a shock. "I was, unfortunately, subjected to sexual harassment in the nature of verbal remarks and infringement of my personal space by the perpetrator in question, a man I eventually came to know was called Khaled Fattal," she recalled. "Fattal approached me, pulled at my name tag, examined it and dropped it. A little later, he lifted my name tag and flipped it back and forth asking me, "Where are you from?"

He then leaned in, lecherously looked at me and asked, "Do you know how to make a cheese sandwich?" I was taken aback and responded angrily saying, "Yes, that is why I came here, to make you cheese sandwiches." He went on to throw another lecherous look my way and said, "Well, I love veg sandwiches."

Sunil Abraham, executive director of the CIS, said, "ICANN doesn't have a special cell where complaints can be raised but they have an ombudsman. The ombudsman is investigating the case and is in touch with both Baruah and also the perpetrator." He said after she raised the sexual harassment complaint, he received many mails from women who had faced harassment at the event but never made an attempt to raise their voice. "Through CIS we have issued a public statement of support for Baruah and we are waiting for the result of the investigation," he said.

Fattal and the ombudsman were not available for comment despite repeated attempts made by BM to get a response. Baruah, meanwhile, was informed by the ombudsman that her's was the first harassment case reported in the history of ICANN.

For more details visit https://cis-india.org/internet-governance/news/bangalore-mirror-march-30-2016-kavita-patil-woman-alleges-harassment-at-major-international-conference

ICANN 55

praskrishna — 2016-03-30T14:41:34Z

Internet Corporation for Assigned Names and Numbers (ICANN) held its 55th meeting in Marrakech, Morocco from March 5 to 10, 2016. Padmini Baruah and Vidushi Marda attended the event organized by Moroccan Ministry of Foreign Affairs and Cooperation, Consular and Social Affairs.

The Centre for Internet & Society's (CIS) work during this meeting revolved mainly around ICANN's accountability (DIDP and Reconsideration requests), transparency, its commitment to human rights, diversity, and questions surrounding the IANA transition. CIS research was circulated via a submission booklet to different people that we met through the course of the conference. A session-wise account of our work at ICANN55 can be accessed here.

For more details visit https://cis-india.org/internet-governance/news/icann-55

TRAI Consultation on Differential Pricing for Data Services - Post-Open House Discussion Submission

sumandro — 2016-03-30T13:13:30Z

The Centre for Internet and Society sent this submission to the Telecom Regulatory Authority of India (TRAI) following the Open House Discussion on Differential Pricing of Data Services, held in Delhi on February 21, 2016.

Download the submission document: PDF.

Post-Open House Discussion Submission to TRAI

Dear Ms. Kotwal,

This is to heartily congratulate TRAI once again for taking several steps, including the Open House Discussion, to ensure that various opinions about the topic of ‘differential pricing for data services’ are presented and are responded to - and are all in full public view.

This brief note is to a) add to the positions and arguments submitted previously by the Centre for Internet and Society (CIS), India, b) put in writing our comments during the Open House Discussion (January 21, 2016), and c) respond to other comments shared at the same event. We have six points to share in this note:

Forbearance is not an option: We are of the opinion that though the data services market has thus far been kept un-monitored and unregulated, and there are several reasons why this situation should not continue any more. Although the reality of differential pricing (that is data packets originating from different sources being priced differently by ISPs) was highlighted with the recent offering of zero rated packs, it is a general practice in the sector, as illustrated by widely available special/curated content packs for the user to consume data from a specified web-based source. It is not surprising that most such special/curated content packs involve an arrangement between the ISP and a prominent leader in the web-content/platform sector, such as Facebook and Twitter. Serious market distorting impacts of such arrangements are imminent if they are allowed to continue without any monitoring, enforced public disclosure, and regulatory actions by a public authority.
Address differential treatment of data, and not only differential pricing: Pricing is only of the three ways in which data services can be treated differently by the ISPs depending upon the source of the data packets concerned. The other two ways are: a) differential speed, or throttling of some data packets and prioritisation of the others, and b) differential treatment of data protocols, for example, the blocking of peer-to-peer or voice-over-IP traffic by an ISP. If the public authority decides to only regulate differential pricing of data service, it is highly probable that ISPs may shift to other forms of discrimination between data packets - either in terms of prioritising some data packets over others based upon their origin, or blocking of specific protocols such as voice-over-IP to prevent the functioning of certain web-based services - and continue the market distorting impacts through these other means.
Allow and define reasonable network management practices: Reasonable network management has to be allowed to enable the ISPs to manage performance on their network. However, ISPs may not indulge in acts that are harmful to users in the name of reasonable network management. Below is a set of potential guidelines to identify cases when discrimination against classes of data traffic in the name of reasonable network management can be considered justified and permissible:
- there is an intelligible differentia between the classes which are to be treated differently,
- there is a rational nexus between the differential treatment and the aim of such differentiation,
- the aim sought to be furthered is legitimate, and is related to the security, stability, or efficient functioning of the network, or is a technical limitation outside the control of the ISP, and
- the network management practice is the least harmful technical means that is reasonably available to achieve the aim.
Establish an effective enforcement mechanism: TRAI must establish an enforcement mechanism that is open to users [and groups of users] and private sector actors as current forums are insufficient. Clear and simple rules must be established ex-ante, if they are violated - ex-post regulation must be undertaken on the basis of principles listed in the TRAI consultation paper, that is “non-discrimination, transparency, affordable internet access, competition and market entry, and innovation” [1]
Take regulatory decisions now, but also conduct and commission further research to review and refine the decisions over a defined period of time
Need for better collection and proactive disclosure of statistics: TRAI publishes quarterly performance indicators statistics collected from the telecom companies about telephone, mobile, and internet sectors in India [2]. It will be very useful for researchers and analysts, and allow for a much more informed public debate on the matter, if the content and form of such data are improved in the following ways:

Content:
- Please start collection (unless already done) and publication of not only data of average incoming and outgoing MOUs, average of total outgoing SMSs, Average Revenue Per User, and average data usage per GSM and CDMA subscriber, but distributions of the same in terms of user deciles (that is in terms of representative figures for each 10% section of users in ascending order of usage),
- Provide granular data about data usage across service areas and service providers (the numbers on ‘average data usage’ and total ‘revenue from data usage’ provided at present are very insufficient for the state of public debate),
- Provide data about internet subscriber base according to network technologies (for both wired and wireless) and the service providers concerned,
- Provide data about IP-based telephony across service areas and service providers,
- Provide data separately for the North Eastern states, and
- Provide granular data (separated from the corresponding state data) for all tier-1 cities.
Form:
- Please do not publish the data only as part of the quarterly reports available in PDF format, but also as independent machine-readable spreadsheet file (preferably in CSV format),
- Do not only publish quarterly data in separate files, but also provide a combined (all quarters together) dataset that would make it much easier for researchers and analysts to use the data,
- In some exceptional cases, the data is not provided in the report directly but a diagram containing the data is published [3], which should be kindly avoided, and
- Please publish these statistics as open data, that is in open standards and under open licenses.

Further, we request TRAI to explore possibilities of distributed sourcing of data, perhaps from the users themselves, about the actual network usage experiences, including but not limited to signal strength, data transfer speed (incoming and outgoing), frequency of switches between mobile (GSM and CDMA) and wi-fi connectivity, etc.

References

[1]. http://trai.gov.in/WriteReaddata/ConsultationPaper/Document/CP-Differential-Pricing-09122015.pdf.

[2]. http://www.trai.gov.in/Content/PerformanceIndicatorsReports/1_1_PerformanceIndicatorsReports.aspx.

[3]. http://www.trai.gov.in/WriteReadData/PIRReport/Documents/Performance_Indicator_Report_Jun_2015.pdf , sections 1.43 and 1.44 (pp. 31-32).

For more details visit https://cis-india.org/telecom/blog/trai-consultation-on-differential-pricing-for-data-services

On Google Maps, JNU top result in search for 'anti-national'

praskrishna — 2016-03-29T01:37:17Z

"Anti-national" is not a location. But Google Maps seems to have an address for it - Jawaharlal Nehru University in the capital. On Friday, Google Maps pinned other such "locations" in the same place. It yielded the same result for other search terms such as "sedition," "freedom of expression," and "patriotism."

The article by Kim Arora was published in the Times of India on March 25, 2016. Rohini Lakshane was quoted.

The university, that recently became a hotbed of national politics following the arrest of the JNUSU president, also showed up in Google Maps search for other terms like "intolerance", "Kanhaiya Kumar", and "Smriti Irani". Google reviews for the central university suggest that this has been happening since last week.

JNU, it appears, is a victim of Google Map's word association. "This is a bug. Google Maps results take signals from many points on the web, including news outlets. The terms "Anti National," "Kanhaiya Kumar" and JNU have been in the news so much recently that they became associated in Maps which is why this result is triggered. This is a bug and we're working to fix this as quickly as possible," a Google spokesperson told TOI over email.

Google reviews of the university showed a barrage of one-star reviews uploaded in the last couple of weeks, reacting to the events and political demonstrations on the campus. "Ashamed to note that such a popular university houses anti nationals," said one such review. By Friday afternoon, Google Maps was among the top ten India trends on Twitter.

Rohini Lakshane, a researcher with the Center for Internet and Society in Bengaluru, ran a search for "antinational" on Google Maps from an Indian IP, and then again from those outside the country. She found that the JNU result only showed up for searches carried out from an Indian IP, and for those on Google India if used from an IP outside the country.

"Google's search engine seems to be correlating the keyword "JNU" with these terms owing to their extremely large concentration in the Google Maps reviews as well as associated metadata from other content on the web. This is quite common for topics that are widely written about on the internet and discussed on social networking sites. If the heavy concentration only exists within a certain country or region, then the results may only correlate for searches done from IP addresses there," says Lakshane.

Google search algorithms are known to take into account terms that are frequently used together to display results. In July 2015, for example, controversy broke after Google images started showing Prime Minister Narendra Modi's image if one searched for "Top 10 Criminals in the World". Google had then issued an apology for the faux pas, and said, "Sometimes, the way images are described on the internet can yield surprising results to specific queries. We apologise for any confusion or misunderstanding this has caused. We're continually working to improve our algorithms to prevent unexpected results like this."

Google Maps has earlier been subjected to pranks. In May 2015, Google had to temporarily suspend its Map Maker function after an image of an Android bot urinating on an Apple logo appeared on a map. Map Maker is an application where lay users can mark new places, routes, or institutions in areas they are familiar with.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-march-25-2016-kim-arora-on-google-maps-jnu-top-result-in-search-for-anti-national

Securing the internet’s future

praskrishna — 2016-03-28T02:24:35Z

Mike Godwin, who proposed the eponymous law about online discussion threads, speaks about net neutrality, differential pricing and why no government is likely to oppose stricter surveillance measures.

The article by Bhavya Dore was published in Hindu Businessline on March 25, 2016.

For gravity, there’s Newton’s law, for internet discussion threads, there’s Godwin’s law. Twenty-five years ago, a law student trawling through cyberspace noticed a recurring pattern: at some point in an online discussion, someone would invariably invoke Hitler or the Nazis. The observation led to an act of ‘mimetic engineering’ — rifling through discussion boards, pointing this out, and promptly naming the law after him.

Godwin’s law states: As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one — that is, the likelier this becomes.

Mike Godwin, 59, a portly, white-haired gent in Harry Potter glasses is best known for this aphoristic piece of wisdom. “The purpose,” he says, “was to make the people who engaged in frivolous comparisons of atrocities seem like they weren’t thinking.”

It is generally understood that when one of the arguers is falling back on the Nazis as rhetorical shorthand, that person is starting to lose the argument.

“It certainly means one of the arguers has gone to a higher or lower level,” he said.

Godwin was in India in February as part of a series of talks organised through the Centre for Internet and Society on net neutrality.

In early February, at the Mumbai University’s civics and politics department, he was on a panel with three others at a discussion that occasionally took an agitated tone.

“[The debate] hasn’t become heated in every country to the same degree,” he said. “In India it has.” The public discussion has been polarised, with activists vehemently opposing, among other things, ‘Free Basics’ — a Facebook offering. On February 8, the telecom regulator ruled against differential pricing, debarring telecom operators from offering slices of the internet at different prices.

Godwin doesn’t see net neutrality and differential pricing as mutually exclusive. “I think some forms [of differential pricing] are potentially good and some forms are potentially bad,” he said. “And the regulator has to look closely and make a determination about the harms or benefits.”

Godwin has worked with the Wikimedia Foundation, which offered Wikipedia Zero for free in some countries through specific providers, as a gateway to Wikipedia. But he isn’t trying to convince you one way or the other.

“[There is] an idea that there was something valuable about carriers [service providers] being neutral,” he said. “And I still think that that’s true… But the thing that changed was this: with Wikipedia, I realised it doesn’t matter if you have neutrality if nobody can afford it. Neutrality hasn’t served the people who can’t afford to pay to have the wires built up to their provinces.”

This then boils down to the fundamental question: how do we create a world that gets people connected? “It may involve cross-subsidies of various sorts, and all of these things historically have invited some degree of government regulation,” said Godwin. “The question is less ‘do you regulate or not regulate’, the question is ‘do you do it right’.”

But does Free Basics mean anything to a developing country which needs real basics first: water, sanitation, shelter? Godwin doesn’t buy into the premise that the internet is a luxury that comes after all these things.

“I think that [idea] is wrong,” he said. “Because when people can share information or resources about where the water is or what good health practices are or how to properly cultivate a crop, they help everyone else. And the impulse to help and share what they know is strong.”

Godwin’s first law has now been well entrenched in popular culture. But wait, he has a second one. This one goes: Surveillance is the crack cocaine of governments.

“Almost all governments want to engage in surveillance,” he said. “Some governments have disagreements with other governments over their surveillance but rarely will we see them categorically refuse to surveil.”

And yet, he says, our outrage over this is driven by an “antiquated notion of privacy” that the content of our emails or conversations should be free from prying eyes. “In the rest of the century and future centuries people will look back at this idea and laugh: that people thought that content was the important thing,” he said. Someone reading your mail isn’t the only possible violation, but whether they are accessing the whole ecosystem of your communication. “The metadata can give away the whole store,” he said. “The metadata can be more revealing. Who are you talking to, at what time of day, for how long, how big is the message? These are all things that can matter.”

That’s not the only thing that’s changed. The internet has, since its early days, become a more charged, more violent place, where poison, bile and abuse fly thick and fast.

“The level of hatefulness directed towards women online is particularly bad,” he continued, “It is a huge cross-cultural problem.”

The other enduring problem is how do you balance free speech rights while curtailing hate speech? “If there were an easy answer I’d tell you what it is,” said Godwin.

Still, banning or blocking sites, as the Indian government has been in the past eager to do, is hardly a solution. “I won’t say there is never an argument for it,” said Godwin, pausing a beat, “I will say that I have never heard one that was any good.”

For more details visit https://cis-india.org/internet-governance/news/the-hindu-business-line-march-25-2016-bhavya-dore-securing-internets-future

ICANN Sexual Harassment Case Highlights Lack of Procedure at Global Internet Body

praskrishna — 2016-04-01T15:42:49Z

Alleged perpetrator files counter-complaint with ombudsman’s office after being publicly identified.

The article was published in the Wire on March 24, 2016.

A female researcher associated with the Bangalore-based Centre for Internet and Society has alleged that she was sexually harassed at an ICANN (Internet Corporation for Assigned Names and Numbers) public meeting held in Morocco earlier this month, in an incident that highlights a lack of established procedure at the global body responsible for maintaining the technical backbone of the Internet.

According to the woman, who is currently a law student but was representing CIS at the meeting, she was sexually harassed by a participant from the private sector constituency on March 6th at a working session.

“I felt like my space and safety as a young woman in the ICANN community was at stake,” she said.

ICANN-organised events currently do not have a formal redressal system for these type of complaints nor does it have a specific anti-sexual harassment committee to which community members can file an official complaint.

The CIS representative, therefore, has taken up her case with ICANN’s ombudsman office, an office that does not have an explicit mandate to deal with incidents of sexual harassment.

“I currently am unclear as to the exact status of my complaint. The ombudsman office does not have a clear sexual harassment procedure, it has only a standards of behaviour. When I first went to them, they told me nobody has officially complained of sexual harassment since 1998,” she told The Wire.

“I understand the evidential burden that needs to be fulfilled for this [allegation] to be proven. I know it’s difficult to prove this. I just want an enquiry conducted properly and impartially.”

The Centre for Internet and Society released a sharp statement on Monday, pointing out that since the woman was “given no immediate remedy or formal recourse”, she had no choice but to make “the incident publicly known in the interim.”

CIS Executive Director Sunil Abraham pointed out that while the ombudsman office has been in touch with the organisation’s representative, “this administrative process is simply inadequate for rights-violation”.

To that end, CIS has called upon ICANN to “institute a formal redressal system with regard to sexual harassment and institute an anti-sexual harassment committee that is neutral and approachable”.

“Merely having an ombudsman who is a white male, however well intentioned, is inadequate and completely unhelpful to the complainant. The present situation is one where the ombudsman has no effective power and only advises the board ,” the CIS’s statement reads.

ICANN perspective

When asked for a comment, ICANN media representatives pointed The Wire to the written transcript of a public session in which this particular issue of sexual harassment was raised. In that meeting, ICANN board member Markus Kummer specifically condemns “improper conduct of any kind such as harassment” while calling for zero tolerance on such issues within the larger ICANN community.

On the issue of whether ICANN could adopt a broader policy on sexual harassment, Kummer acknowledges that while the organisation’s expected standards of behaviour “could be a bit more specific as regards harassment”, the standards are applicable to “staff and board members and we have to undergo training”.

“Now, we could also make this also available to the community but the board thought it might not be the appropriate way to go about and impose something on the community. It might be more appropriate for the community to come up with these standards…Let me once again assure the community that the board is fully cognizant of the importance of this issue and supports the community in developing standards that may be more explicit in regard of these issues,” Kummer is quoted as saying in the transcript.

Complaint, Counter-Complaint

The incident, however, took a different turn on Tuesday after the ICANN ombudsman wrote to the CIS representative informing her that the investigation had become “very difficult” because she had identified and named the alleged perpetrator in a public social media posting.

“By naming [the alleged perpetrator] before the process was completed, this has meant that the confidentiality of my office has been compromised and his privacy has been compromised. Leaving aside the issue of whether he actually made the comments and behaved as you describe [sic], he is entitled to a fair and impartial investigation,” the ombudsman office’s letter says.

The alleged perpetrator now, according to the letter, has filed a counter-complaint with the ombudsman and has asked the office to undertake an investigation into the female student’s actions in this regard.

“I remind you that his [the perpetrator] initial response on the initial discussion was that he could not recall making the remark. So I sought your comments. I would have liked to take your comments back to him and had some form of conversation. This may still be possible but the force of your complaint is diluted by the problem of procedural fairness by the premature publication of his name,” the letter adds.

Cleaning up

While the CIS representative’s complaint may be the first officially recorded incident at an ICANN meeting, sexual harassment and inappropriate gender bias at numerous technical conferences across the world (ICANN or not) has been a well-documented phenomenon.

In 2012, ICANN ombudsman Chris LaHette was forced to step in after a complaint was lodged regarding the insensitive advertising and promotion surrounding the ICANN 44 meeting in Prague.

While ICANN’s “expected standards of behaviour” – basically a code of conduct – explicitly states that all “members of the ICANN community be treated equally irrespective of nationality or gender..”, there is no official policy that states what aggrieved parties should do after an incident occurs.

Such a policy must be created, CIS points out, and must be “displayed on the ICANN website, at the venue of meetings, and made available in delegate kits”.

For more details visit https://cis-india.org/internet-governance/news/the-wire-march-24-2016-icann-sexual-harassment-case-highlights-lack-of-procedure-at-global-internet-body