We are anonymous, we are legion

The 'Global Multistakholder Community' is Neither Global Nor Multistakeholder

pranesh — 2016-11-03T10:42:53Z

CIS research shows how Western, male, and industry-driven the IANA transition process actually is.

In March 2014, the US government announced that they were going to end the contract they have with ICANN to run something called the Internet Assigned Numbers Authority (IANA), and hand over control to the “global multistakeholder community”. They insisted that the plan for transition had to come through a multistakeholder process and have stakeholders “across the global Internet community”.

Analysis of the process since then shows how flawed the “global multistakeholder community” that converges at ICANN has not actually represented the disparate interests and concerns of different stakeholders. CIS research has found that the discussions around IANA transition have not been driven by the “global multistakeholder community”, but mostly by males from industry in North America and Western Europe.

CIS analysed the five main mailing lists where the IANA transition plan was formulated: ICANN’s ICG Stewardship and CCWG Accountability lists; IETF’s IANAPLAN list; and the NRO’s IANAXFER list and CRISP lists. What we found was quite disheartening.

A total of 239 individuals participated cumulatively, across all five lists.
Only 98 substantively contributed to the final shape of the ICG proposal, if one takes a count of 20 mails (admittedly, an arbitrary cut-off) as a substantive contribution, with 12 of these 98 being ICANN staff some of whom were largely performing an administrative function.

We decided to look at the diversity within these substantive contributors using gender, stakeholder grouping, and region. We relied on public records, including GNSO SOI statements, and extensive searches on the Web. Given that, there may be inadvertent errors, but the findings are so stark that even a few errors wouldn’t affect them much.

2 in 5 (39 of 98, or 40%) were from a single country: the United States of America.
4 in 5 (77 of 98) were from countries which are part of the WEOG UN grouping (which includes Western Europe, US, Canada, Israel, Australia, and New Zealand), which only has developed countries.
None were from the EEC (Eastern European and Russia) group, and only 5 of 98 from all of GRULAC (Latin American and Caribbean Group).
4 in 5 (77 of 98) were male and 21 were female.
4 in 5 (76 of 98) were from industry or the technical community, and only 4 (or 1 in 25) were identifiable as primarily speaking on behalf of governments.

This shows also that the process has utterly failed in achieving the recommendation of Paragraph 6 of the 3 in 5 registrars are from the United States of America (624 out of 1010, as of March 2014, according to ICANN's accredited registrars list), with only 0.6% being from the 54 countries in Africa (7 out of 1010).

45% of all the registries are from the United States of America! (307 out of 672 registries listed in ICANN’s registry directory in August 2015.)

66% (34 of 51) of the Business Constituency at ICANN are from a single country: the United States of America. (N.B.: This page doesn’t seem to be up-to-date.)

This shows that businesses from the United States of America continues to dominate ICANN to a very significant degree, and this is also reflected in the nature of the dialogue within ICANN, including the fact that the proposal that came out of the ICANN ‘global multistakeholder community’ on IANA transition proposes a clause that requires the ‘IANA Functions Operator’ to be a US-based entity. For more on that issue, see this post on the jurisdiction issue at ICANN (or rather, on the lack of a jurisdiction issue at ICANN).

For more details visit https://cis-india.org/internet-governance/blog/global-multistakeholder-community-neither-global-nor-multistakeholder

How To Win Friends, FB Style

praskrishna — 2015-10-18T12:02:10Z

True to form—and Facebook—there was a warm, friendly and familial feel to Prime Minister Narendra Modi’s townhall meeting at Melon, California, with Mark Zuckerberg on September 27. Modi got emotional (yet again) while talking about his mother. Zuckerberg, the youngish founder of the world’s largest social networking site, got his parents to meet and pose with Modi.

The article by Arindam Mukherjee was published in Outlook on October 12, 2015. Sunil Abraham was quoted.

“The most amazing moment was when I talked about our families,” Zuckerberg wrote in a post, “and he (Modi) shared stories of his childhood....” That’s just the kind of stuff we would see and post on Facebook—the benign visage of a profitable, all-pervasive US-based corporation. (Needless to say, everyone who has worked on this story is a registered user).

Of course, we know Modi too is on Facebook. No other Indian politician has so effectively utilised the power of ‘likes’: and he has got 30 million. The problem with this chummy approach is that one could almost forget that the PM is also the supreme leader of a country that is Facebook’s second-largest market in the world with 125 million users. A few days earlier, Zuckerberg flew to Seattle to meet Chinese President Xi Jinping. Facebook is not present in China. “On a personal note, this was the first time I’ve ever spoken with a world leader entirely in a foreign language,” wrote Zuckerberg in another post.

In contrast, Modi and Zuckerberg were speaking the same language. In fact, they even jointly updated their profile picture on Facebook—wrapped in the shades of the Indian tricolour—to support the Modi government’s Digital India initiative. Millions of Indians followed suit. And that’s when the shit hit the internet—it was discovered that people supporting the Digital India campaign were also putting in a ‘yes’ vote for Facebook’s contentious initiative internet.org (free but restricted net access; see accompanying faqs for all the details). Immediately, Modi became a party to the raging debate in India over net neutrality. This is unfortunate as the Modi government is yet to put on paper its stand on net neutrality. The nervous reaction to this engagement is also a function of the new truism of our times—“with this government, you never know”.

What we do know is that the internet.org class name was built into the code for support for Digital India. Many experts feel this is not a coincidence; rather a clever ploy by Facebook to get the support of Indians and promote its internet.org initiative. This upset a vocal community of activists who see internet.org on the opposite camp. This led to the charge that Facebook was trying to influence the debate. Says Sunil Abraham, executive director with the Bangalore-based Centre for Internet and Society (CIS), “The moves by Facebook are quite juvenile as it is trying to use the Modi visit to further muddy the net neutrality debate. We should be concerned about Facebook trying to damage the debate in India to spin the PM’s participation in its own favour.” Of course, there are two sides to this debate. There are many people within the government who feel net neutrality is an elitist concern—increasing internet penetration, which Facebook and other such initiatives promise, is the way forward in a poor, unconnected country like India. “Today to talk about net neutrality is to talk about the 20 per cent who have access to the internet,” says telecom expert Mahesh Uppal. “It is unreasonable to dismiss out of hand anybody who offers free service to a subset of websites or services. Eventually, access to internet must come first before we talk about net neutrality.”

Facebook promoted internet.org along with Samsung, Nokia, Qualcomm, Ericsson, MediaTek and Opera Software, the aim being to provide free internet service to developing nations. India, obviously, is a hot target for Facebook. Facebook has a partnership with Reliance in the country; the free internet service will be available only to Reliance users and the free access will be limited to Facebook’s partner sites. The debate over internet.org too has picked up steam in India—big media companies like NDTV and Times of India have pulled out of it on these issues. While Facebook has stressed that internet.org will ensure that the internet reaches people who do not have access to it, there have been concerns that it will restrict internet access only to sites that are internet.org’s partners.

On its part, Facebook has been quick to refute the charge. A spokesperson in the US said, “There is absolutely no connection between updating your profile picture for Digital India and internet.org. An engineer mistakenly used the words ‘internet.org profile picture’ as a shorthand name he chose for part of the code.” The code was changed soon after. Despite repeated requests, representatives from Facebook India were unavailable for comment.

But the damage has been done. Many now openly question Facebook’s motives in India and whether they have been truthful or not. Given all this brouhaha, questions will naturally be raised about Modi’s alignment with Facebook. Digital India is many things—but obviously increasing net penetration is one its goals. “Now whatever he does on net neutrality, it will be seen in terms of whether it will benefit Google or Facebook. That is the risk he took. I would like to know why the diplomatic advisors took the risk of putting the PM in a bargaining position instead of a bonus at the end of a deal,” says Prof Narendar Pani, who teaches at the National Institute of Advanced Studies, Bangalore.

All this matters because the Modi government positions itself as digital-friendly, even though its moves on this front have been invasive (the push for Aadhar despite a legal sanction and increasing reports of monitoring digital conversations), and contradictory (the abortive porn and WhatsApp bans, among others). “The PM is going way beyond the e-governance plan to a stage where the government will just sit and watch people speaking. It is scary,” says internet activist Usha Ramanathan. She feels it doesn’t make sense to have companies like Google sharing ideas with the government while Indian people are being kept out of the loop. “And now Facebook will be joining that gang, it doesn’t make sense. What has Facebook done to get that privilege?” she asks.

Here again there is a carefully worded counter-argument. Former telecom entrepreneur and Rajya Sabha MP Rajeev Chandrashekhar says, “Net neutrality is a definition that would be made in the public domain. It will not be influenced by the PM’s engagement with Facebook and Mark Zuckerberg. Anyone who tries to mess with the definition of net neutrality will be met with a public outcry and judicial intervention.” The substance of this view is that Modi was within his rights to speak to corporations to further Digital India, or Make in India for that matter, and that there should be an open debate on the future direction of net neutrality.

Clearly, the political knives are out. “Either the prime minister is not being briefed properly or he does not read his brief properly,” says former UPA minister Manish Tewari. Arguing that governments should be discussing rules of engagement in cyberspace, and not stakeholders, he asks, “Is India comfortable with that construct especially when the bulk of the technology companies, the root servers which form the underlying hardware of the internet, are all based in the US, and one being in Europe?”

Although the government is yet to firm up its decision on net neutrality and a policy on it is yet to be announced, the debate has already acquired political colour in India, with the Congress and Aam Aadmi Party putting their weight behind the people’s voice. This is the first time that there has been a nation-wide upsurge of such an unprecedented size and magnitude on an internet policy. Says AAP’s Adarsh Shastri, “Facebook, Google etc are just tools. People can use them at will. To make them the mainstay of your programme for digital empowerment is to step on the civil rights and liberties of citizens. Doing this is a complete no-no. Let people access internet as they want is the way to go.”

A consultation paper floated by telecom regulator Telecom Regulatory Authority of India (TRAI) got almost 15 lakh responses from the Indian public in support of net neutrality. There was also strong opposition to zero rating platforms announced by telecom companies like Airtel which sought to provide free access to some websites on their platform in much the same way that internet.org proposes. And the reactions to the Facebook coding error are a pointer to what people in India think. Says Nikhil Pahwa, editor of Medianama and a leading net neutrality activist, “The reactions of the people to the Facebook event were heartening and showed that people are emotive and there is still mass support for net neutrality. The reaction to the TRAI paper was not a flash in the pan.”

Interestingly, a couple of months ago, a department of telecommunications committee had said that internet.org was a violation of net neutrality and should not be allowed. It will be difficult for Modi and the government to overrule that and give it full and free access in India. Internet experts feel that the engagement with India and Modi was a desperate move by Facebook to get numbers from India. Says internet expert Mahesh Murthy, “Facebook is pulling out all stops to get favour for internet.org and is desperate about it. If India says yes, many others will say yes, but if India says no, other countries will follow.”

Murthy says Facebook’s real problem is that it is finding it difficult to justify its price to earnings ratio as against its user numbers vis-a-vis Google which is much better in this respect. For this, it is desperately trying to get numbers, and with China banning Facebook, the only country left to get numbers is India. The massive electronic and print campaign at the cost of Rs 40-50 crore is a pointer towards this. He says everything about internet.org is about hooking Indians to it.

No wonder, Facebook has been cultivating Indian media. The Modi visit has also been tarnished by the news that Facebook paid for the travel and accommodation of journalists from three Indian newspapers and one magazine to go and cover the Facebook-Modi meeting and get favourable coverage. Says writer-activist Arundhati Roy, “Many journalists covering the event for the Indian media were flown in from India by Facebook. So were some who asked pre-assigned questions at the event. I don’t know who sponsored the crocodile tears and the clothes.” It is also quite strange that the entire display picture and source code controversy got almost no play in the national media which chose instead to talk about Modi’s speech and his tears.

All said and done, it is obvious that Facebook may be seeing India as an easy and vulnerable target which can be manipulated for its own advantage. Says Parminder Jeet Singh, executive director with IT for Change, an NGO working on information society, “India has low internet penetration and lots of people want to get on to the internet. There is low purchasing power but lots of aspiration. So the moment a free service is offered, a whole lot of people are likely to jump on it.” And that is something Facebook may be looking and aiming at.

Currently, three processes are on that will determine how India will look at net neutrality—one at the DoT, one at TRAI and a third one at a parliamentary standing committee. But given the massive people’s response net neutrality has got vis-a-vis TRAI’s paper and also during the present Facebook issue, the outcome is predictable. Or so it seems. There’s a lot of money power at stake. For now, millions of internet Indians have already voted with that dislike button. And then, governments move in mysterious ways.

For more details visit https://cis-india.org/internet-governance/news/outlook-india-october-12-2015-arindam-mukherjee-how-to-win-friends-fb-style

Supreme Court provides partial relief for Aadhaar

praskrishna — 2015-10-18T05:01:49Z

In a small but significant win for the government, the Supreme Court on Thursday allowed the use of the Aadhaar number for the Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS), the Pradhan Mantri Jan Dhan Yojana, pensions by central and state governments, and the Employees’ Provident Fund Scheme, in addition to its current use in the public distribution system (PDS) and the distribution of cooking gas and kerosene.

The article by Apurva Vishwanath and Saurabh Kumar was published in Livemint on October 15, 2015. Sunil Abraham was quoted.

In an interim order on 11 August, the apex court had restricted the use of Aadhaar, the unique identity number, to the PDS and the distribution of cooking gas and kerosene.

Subsequently, several state governments, government departments and regulatory agencies put up a joint defence seeking a modification of the interim order. They included the Reserve Bank of India (RBI), the Securities and Exchange Board of India and the Telecom Regulatory Authority of India, the governments of Jharkhand, Maharashtra, Uttarakhand, Himachal Pradesh, Gujarat and Rajasthan, and industry body Indian Banks’ Association, along with the Unique Identification Authority of India (UIDAI), the issuer of Aadhaar.

A five-judge constitutional bench comprising Chief Justice H.L Dattu and justices M.Y Eqbal, C. Nagappan, Arun Mishra and Amitava Roy said in an order on Thursday: “We are of the opinion that in para 3 of the interim order, we can include schemes like MGNREGS, pensions by state and central government, Jan Dhan Yojana and Employees’ Provident Fund Scheme along with PDS and LPG (liquefied petroleum gas).”

Para 3 of the 11 August interim order had allowed the voluntary use of Aadhaar only for direct benefit transfer in foodgrain, kerosene and cooking gas schemes.

The court’s interim order threw an element of uncertainty around flagship government programmes such as biometric attendance for government employees; the Jan Dhan Yojana, the Prime Minister’s ambitious financial inclusion initiative; digital certificates, and pension payments.

It also threatened to derail India’s progress towards a cashless economy where payments banks are expected to play an important role.

All of these depend on linking accounts to individuals electronically, and are dependent on the Aadhaar number.

“The government was able to convince the court on the utility of Aadhaar which is critical to provide services to the most vulnerable section of the society,” said a government official who spoke on condition of anonymity.

The apex court, however, did not allow the use of Aadhaar for the e-know-your-customer (e-KYC) specifically, which would have helped banks, including payments banks, to enrol new customers and telecom operators for issuing SIM cards. However, it is noteworthy that while obtaining bank accounts under the Jan Dhan scheme, banks use e-KYC. The clarification that RBI sought from the court, on whether the Aadhaar number can be used as proof of identification to open a bank account, still remains uncertain.

This will affect banks, mutual funds and companies that have won in-principle payments bank licences such as Airtel M Commerce Services Ltd (from the stable of Bharti Airtel Ltd, which had a customer base of 231.6 million as of July) and Vodafone m-pesa Ltd (a part of Vodafone India Ltd, which had a customer base of 185.4 million as of July).

The licensees also include the department of posts, which has 155,015 post offices across the country, of which 139,144 are in rural areas. The sheer reach of these entities is unrivalled. These entities hope to ride on the technology platform to reach customers, and e-KYC is critical to the process.

“The reason why the court has allowed use of Aadhaar for Jan Dhan Yojana and not other banking services is perhaps because the government made a humanitarian argument that the poorest will be able to avail banking services. It is, however, a technologically flawed argument, deeply so,” said Sunil Abraham, executive director of Bengaluru-based research organization Centre for Internet and Society.

The bench ordered the Union government to follow all earlier interim orders issued by the Supreme Court starting September 2013. Some of these orders include restrain on sharing of biometrics and keeping Aadhaar voluntary.

As of now, 920 million Indian citizens have been allotted Aadhaar numbers. The interim stay was affecting beneficiaries of the MGNREGS (91.7 million), pensioners (27.1 million) and recipients of scholarships (25.7 million), among others, according to data from the Unique Identification Authority of India (UIDAI). Till now, 187 million bank accounts have been opened under the Pradhan Mantri Jan Dhan Yojana.

The apex court made the interim ruling in an ongoing hearing where several pleas related to Aadhaar were clubbed together. Some relate to Aadhaar numbers being made mandatory to enable people to avail of certain government benefits and services. Others deal with the number being a violation of privacy, especially in the absence of any backing regulation or oversight, and yet others deal with possible misuse of the information.

However, the constitution bench had clarified on Wednesday that only pleas seeking clarification and modification of the interim order will be decided, and the issue concerning the right to privacy will be heard subsequently by another constitution bench.

“I am very disappointed with the court’s order. The government claims that Aadhaar is voluntary, but actually it will not be till it is delinked from all government schemes. This way, people who do have Aadhaar are excluded and will have to run from pillar to post to receive benefits if they do not have the number,” said Kamayani Bali Mahabal, a Mumbai-based lawyer, human rights activist and a petitioner in the UIDAI case. She added that the order may increase the incidents of fake Aadhaar numbers as ineligible people choose to gain from all schemes, depriving the poor and aged of real benefits.

The attorney general, Mukul Rohatgi, on Wednesday assured the court that the government has issued advertisements in over 20 languages that Aadhaar is a voluntary scheme.

On 14 Wednesday, PTI reported that a Right to Information application has showed that the UIDAI has identified more than 25,000 duplicate Aadhaar numbers till August.

Mathew Thomas, one of the petitioners challenging the use and validity of the Aadhaar scheme, also expressed disappointment at the court’s ruling today. “Aadhaar is a case of great importance to the billion citizens of India. It is unfortunate that the constitution bench spent only a few hours in hearing the issues,” he said.

The Supreme Court will appoint a larger bench of at least nine judges to hear the privacy issue. The court in 1954, in the case of M.P. Sharma vs Satish Chandra, ruled that the right to privacy was not a fundamental right recognized by the Constitution. This case was decided by an eight-judge bench of the apex court, and only a bench of equal or larger strength will be able to override that decision.

The Chief Justice in the order on Thursday said that the larger bench, with nine or 11 judges, will be constituted at the earliest to hear the matter on Aadhaar potentially violating privacy and other intervening applications.

The petitioners have argued that UIDAI was approved only by an empowered group of ministers during the United Progressive Alliance tenure and has no statutory authority to collect biometrics of residents. Senior counsel for the petitioners, Shyam Divan, said: “The only law in India which allows the government to collect fingerprints is the Prisoner’s Act of 1920, which is a colonial enactment.”

The UIDAI does not have any legislative backing and was constituted by notification in 2009 by the erstwhile Planning Commission. Divan, however, said that the Planning Commission notification has no effect since the body itself has ceased to exist, and added that the centre is not introducing a legislation empowering the Aadhaar scheme as it realizes the vulnerability of the entire exercise.

The National Identification Authority of India Bill was introduced in the Rajya Sabha in 2010.

In 2012, the centre was mulling a privacy law that could be enacted to support the UIDAI scheme and, in connection, the Planning Commission then formed an expert committee on privacy under A.P Shah, a former chairperson of the Law Commission.

For more details visit https://cis-india.org/internet-governance/news/livemint-october-15-2015-apurva-vishwanath-saurabh-kumar-supreme-court-provides-partial-relief-for-aadhaar

Digital India: Did Modi get it wrong in Silicon Valley?

praskrishna — 2015-10-18T04:44:52Z

A bear hug, a photo filter and a new debate on net neutrality - Ayeshea Perera examines the domestic fallout of Indian Prime Minister Narendra Modi's Facebook townhall in US.

This was published by BBC News on October 16, 2015. Sunil Abraham was quoted.

It was supposed to be a moment that rocked the virtual world. Mr Modi, widely acknowledged as one of the world's most influential politicians on social media, enveloped a slightly stunned Mark Zuckerberg in a bear hug.

But what was it that really happened in Menlo Park? Why did some people think Mr Modi wasn't acting in India's best digital interests when he hugged Mr Zuckerberg?

India with an internet population of 354 million - which has already grown by 17% in the first six months of 2015 - is an obvious target for not only Facebook, but other Silicon Valley giants. And they have all been more than happy to pledge their support for digital India - a recently launched government initiative aimed at reinvigorating an $18bn (£11.6bn) campaign to strengthen India's digital infrastructure.

Google offered to provide 500 railway stations with free WiFi and Microsoft pledged to connect 500,000 Indian villages with cheap broadband access.

Digitally colonised?

But this huge show of support and the increased interest in India has caused some concern within the country.

"Is Digital India going to only make India a consumer of services offered by global tech companies in lieu of data? Personal data is the currency of the digital world. Are we going to give that away simply to become a giant market for a Facebook or a Google? Look at the way the tech world is skewed. Only China has been able to come up with companies that can take on these MNCs" Prabir Purkayasta, chairman of the Society for Knowledge Commons in India, told the BBC.

"The British ruled the world because they controlled the seas," he said. "Is India going to be content to just be a digital consumer? To being colonised once again?"

And in the aftermath of the Facebook townhall in particular, some talk has begun to surface about what Mr Zuckerberg's real India ambitions are.

Soon after the townhall ended, both Mr Modi and Mr Zuckerberg declared their support for digital India by using a special Facebook filter to tint their profile pictures in the tri-colour of the Indian flag.

Multitudes of Indians followed suit and timelines were awash with snazzy tinted profile pictures, all in support of "Digital India".

'Innocent mistake'

But then a tech website released what it claimed to be a portion of Facebook's source code, which allegedly "proved" that the "Support Digital India" filter was actually a "Support Internet.Org" filter.

Facebook quickly issued a denial, blaming the text in the code on an "engineer mistake" in choosing a shorthand name he used for part of the code.

But the "mistake" which has been coupled with a huge advertising blitz for Internet.Org across television channels and newspapers has raised suspicion about Facebook's motives. A Facebook poll on Internet.Org that frequently appears on Indian user timelines has also been ridiculed for not giving users an option to say no.

Instead the answer options to the poll question "Do you want India to have free basic services?" are "Yes" and "Not now".

Internet.org (now called free basics), aims to extend internet services to the developing world by offering a selection of apps and websites free to consumers.

Facebook's vice-president of infrastructure engineering, Jay Parikh has described the initiative as an "attempt to connect the two-thirds of the world who do not have access to the Internet" by trying to solve issues pertaining to affordability, infrastructure and access.

When Facebook launched the initiative in India in February, it was criticised by Indian activists who expressed concerns that the project threatened freedom of expression, privacy and the principle of net neutrality.

On the other end of the debate, Indian columnist Manu Joseph wrote in the Hindustan Times newspaper, hitting out at the "selfish" stand on net neutrality. He said concerns over the issue should be "subordinate to the fact that the poor have a right to some Internet".

Wrong signal

A massive campaign by India's Save the Internet Coalition exhorting Indians to speak out against initiatives threatening net neutrality caught public imagination and saw more than a million emails to India's regulator, the Telecom Regulatory Authority of India (TRAI), demanding a free and fair internet in the country. Internet.Org was one of the initiatives immediately affected.

TRAI since released a draft policy on net neutrality, but a question that has been asked is whether it was appropriate for Mr Modi to visit Facebook given that the policy was still under consideration.

Mr Purkayasta is of the opinion that it could have been avoided. "It was not the time or the place to go. Even if it was simply a publicity gimmick, it still sends a signal to officials involved in drafting the policy," he said.

However, Sunil Abraham from the Centre for Internet and Society told the BBC he believed that while Facebook's intentions were suspect, Mr Modi's visit had the potential to safeguard net neutrality in India.

"India is a hugely important market for Facebook, and the prime minister has the power to force positive changes to its policies," he said. "We gain nothing by shutting them out."

For more details visit https://cis-india.org/internet-governance/news/bbc-october-16-2015-digital-india-did-modi-get-it-wrong-in-silicon-valley

Cyber Security Policy Research

praskrishna — 2015-10-16T16:47:12Z

Tim Maurer will give a presentation on cybersecurity policy research at the Centre for Internet & Society's New Delhi office on October 18, 2015, from 2 p.m. to 5 p.m. Geetha Hariharan and Sunil Abraham will participate in this event.

Tim Maurer's talk will give an outline of the definitional issues involved, the various threats to the confidentiality, integrity, and availability of information and underlying infrastructure, the actors involved and international efforts to address cybersecurity. The talk will also provide an overview of existing and ongoing cyber security policy research.

Tim Maurer

Tim Maurer is an associate at the Carnegie Endowment for International Peace. His work focuses on cyberspace and international affairs, with a concentration on global cybersecurity norms, human rights online, Internet governance, and their interlinkages. He is writing a book on cybersecurity and proxy actors.

Maurer serves as a member of the Research Advisory Network of the Global Commission on Internet Governance, the Freedom Online Coalition’s cybersecurity working group “An Internet Free and Secure,” and co-chaired the Civil Society Advisory Board of the Global Conference on CyberSpace. In 2014, he developed the Global Cyber Definitions Database for the chair of the OSCE to support the implementation of the OSCE’s cyber confidence-building measures. In 2013 and 2014, Maurer spoke about cybersecurity at the United Nations in New York and Geneva and co-authored “Tipping the Scale: An Analysis of Global Swing States in the Internet Governance Debate,” published by the Global Commission on Internet Governance. His work has also been published by Jane’s Intelligence Review, TIME, Foreign Policy, CNN, Slate, and other academic and media venues.

Prior to joining Carnegie, Maurer was the director of the Global Cybersecurity Norms and Resilience Project at New America and head of research of New America’s Cybersecurity Initiative. He also gained experience with the United Nations in Rwanda, Geneva, and New York focusing on humanitarian assistance and the coordination of the UN system.

For more details visit https://cis-india.org/internet-governance/events/cyber-security-policy-research

FOSS & a Free, Open Internet: Synergies for Development

praskrishna — 2016-06-18T17:57:53Z

Internet Governance Forum (IGF) 2015 will be held at Jao Pessoa in Brazil from November 10 to 13, 2015. The theme of IGF 2015 is Evolution of Internet Governance: Empowering Sustainable Development. Civil Society is organizing a workshop on FOSS and a Free, Open Internet. The workshop will be held on November 13, 2015 from 2.00 p.m. to 3.30 p.m. Sunil Abraham and Pranesh Prakash will be speaking at this event.

This was published on the IGF website.

The workshop will explore links between the Free and Open nature of the Internet and the Free and Open Source Software through a series of experience sharing among the speakers as well as audiences. The speakers have been selected on the basis of their wide exposure and geographical and occupational diversity.

As ICTs permeate lives of people around the world, code is fast emerging as an instrument that can change lives. In many parts of the world, the 4Rs of primary education are Reading, wRiting, aRithmetic and pRogramming, indicative of the role that ICTs will play in the future.

Free and Open Source Software (FOSS) is, inter alia, a mechanism whereby code, and consequently the ability to code, is being democratized. In contrast with centralized proprietary models, FOSS allows decentralized creation, distribution and maintenance of code. Such democratization enables grassroots level application of code to solve local problems, leading to more empowered communities. Free flow of code is therefore important to ensure that communities to stay 'plugged in' and current. Code also enables communities to side-step practices such as surveillance, censorship.

A Free, Open, Unfragmented Internet is of critical importance to FOSS--without a free Internet, the FOSS-based peer-production methodologies for code would be infeasible. Interestingly, the Internet also needs the innovations of FOSS to remain free & open, thus forming a positive mutual dependency.

Both FOSS and the Internet are at risk from forces that are seeking increasing control over content and fragmentation, challenging its openness. This would be inimical to the rights of present & future generations to use technology to improve their lives.

The Round-table seeks to highlight perspectives from the participants about the future co-developemnt of FOSS and a free, open Internet; the threats that are emerging; and ways for communities to surmount these.

Name, stakeholder group, and organizational affiliation of workshop proposal co-organizer(s)

Civil Society
Technical Community
Private Sector

Has the proposer, or any of the co-organizers, organized an IGF workshop before?

yes

The link to the workshop report

http://wsms1.intgovforum.org/content/no80-steady-stepsfoss-and-mdgs

Subject matter #tags that describe the workshop

#openInternet #foss #codefordev

Description of the plan to facilitate discussion amongst speakers, audience members and remote participants

Besides specially identified resource persons, the Roundtable will invite IGF participants who are part of FOSS communities around the world (particularly Brazil, which has a vibrant FOSS community). Participation will include real-time remote participation from FOSS communities around the world, as well as Twitter and email-based submission of ideas and thoughts.

The Round-table format has been chosen for many-to-many interactions so as to generate a wealth of ideas. No speaker shall speak for more than 5 minutes. Two moderators will guide discussions, and a rapporteur will ensure that ideas are captured. The report of the Roundtable would be posted to all participating communities so as to stimulate grassroots-level action.

Names and affiliations (stakeholder group, organization) of the participants in the proposed workshop

Mr.Satish Babu, Technical Community, Director, International Centre for FOSS, Trivandrum, India, who shall provide technical inputs of FOSS and its relevance, particularly to emerging economies, Confirmed

Ms. Judy Okite, Civil Society, FOSS Foundation for Africa, is an experienced activist who has been promoting the use of FOSS in Africa. Seeking funding at present.

Ms. Mishi Choudhary, Private Sector, Software Freedom Law Centre, New York, is a lawyer working with FOSS and its legal implications for over two decades. Confirmed

Mr. Fernando Botelho, Private Sector, heads F123 Systems, Brazil, a FOSS-centric company that provides accessibility solutions to visually impaired people. Confirmed

Mr. Sunil Abraham, Centre for Internet and Society (CIS), Bangalore, a civil society organization working on Internet and public policy. Confirmed

Mr. Pranesh Prakash, Centre for Internet and Society (CIS), Bangalore, a civil society organization working on Internet and public policy. Confirmed

Ms. Nnenna Nwakanma- WWW.Foundation, a Civil Society organization working in Africa on a broad range of areas including FOSS. Confirmed

Mr. Yves MIEZAN EZO, Open Source strategy consultant, Private Sector. Seeking funding for participation.

Mr. Harish Pillay, Private Sector, RedHat Asia-Pacific. Seeking funding for participation.

Corinto Meffe, Advisor to the President and Directors, SERPRO, Brazil. Confirmed

Frank Coelho de Alcantara, Professor, Universidade Positivo, Brazil, Confirmed

Ms. Caroline Burle, Institutional and International Relations, W3C Brazil Office and Center of Studies on Web Technologies - CeWeb.br (a CGI.br/NIC.br initiative). Confirmed

Name of in-person Moderator(s)

Satish Babu, Mishi Choudhary

Name of Remote Moderator(s)

Judy Okite

Name of Rapporteur(s)

Pranesh Prakash

Description of the proposer's plans for remote participation

Besides around 30 persons at the IGF, we will be providing wide publicity for the workshop through FOSS communities and networks. Besides live audio/video participation, Twitter shall be a key resource for real-time participation. There shall be a Twitter co-ordinator identified whose role will be to tweet the salient points at the Roundtable periodically for the benefit of documenting and informing interested communities.

For those that have either technical difficulties or time-zone problems, ideas and comments can be submitted by email before the workshop to the moderators.

For more details visit https://cis-india.org/internet-governance/news/foss-a-free-open-internet-synergies-for-development

Sustainable Development Goals (SDGs) and Internet Economy

praskrishna — 2015-10-16T15:40:15Z

Internet Governance Forum (IGF) 2015 will be held at Jao Pessoa in Brazil from November 10 to 13, 2015. The theme of IGF 2015 is Evolution of Internet Governance: Empowering Sustainable Development. Multistakeholder Advisory Group (MAG) is organizing a session on “Sustainable Development Goals (SDGs) and Internet Economy” on November 11, 2015 from 9.30 a.m. to 12.30 p.m. Sunil Abraham is participating in this session as a speaker.

The discussions at the IGF session aim to reflect the importance of Internet Economy and Internet Enablement for the fulfillment of different SDGs and also identify some best practices to inform policy makers on the ways in which Internet can serve broader and more strategic developmental objectives.

The session will include discussions on the following :

The Vision toward 2030: Sustainable Development long term opportunities and challenges
Internet Economy & Internet Role in Delivering the SDGs (Key opportunities & key Success Factors): Human Capital (a) Internet Entrepreneurship (b) Equality (c) ICT Capacity building: Applications (d) Right to Health, Education, timely Justice, environment protection, society engagement (e) Access to Information (f) Availability of Local Content Online (g) Intellectual Property Right: Access and Infrastructure - Internet Availability and Affordability: Policy and Regulatory Support and Business eco-system: To enable Access, Applications and Content development and usage, Entrepreneurship and Capacity building.
Aligning the next phase of IGF with the SDGs /Post 2015 UN Develpment Agenda: Optimizing Eco System and Multistakeholder approach

About IGF 2015

Internet Governance Forum (IGF) is a multistakeholder, democratic and transparent forum which facilitates discussions on public policy issues related to key elements of Internet governance. IGF provides enabling platform for discussions among all stakeholders in the Internet governance ecosystem, including all entities accredited by the World Summit on the Information Society (WSIS), as well as other institutions and individuals with proven expertise and experience in all matters related to Internet governance.

After consulting the wider Internet community and discussing the overarching theme of the 2015 IGF meeting, the Multistakeholder Advisory Group decided to retain the title “Evolution of Internet Governance: Empowering Sustainable Development”. This theme will be supported by eight sub-themes that will frame the discussions at the João Pessoa meeting

For more details visit https://cis-india.org/internet-governance/news/sustainable-development-goals-sdgs-and-internet-economy

Cyfy 2015: The India Conference on Cyber Security and Internet Governance

praskrishna — 2015-10-17T14:44:42Z

In its third year, Cyfy; South Asia’s biggest internet policy conference is being held in New Delhi, from 14-16 October, 2015. The event is organized by Observer Research Foundation at Hotel Taj Mansingh. Sunil Abraham is a panelist in the session "Protection of Intellectual Property and Business Secrets in the Knowledge Economy".

Building on its scope and scale of the previous year — over 55 speakers, from 12 countries, with 350 attendees — the conference discusses issues that affect the emerging world and developed world alike. The conversations will further and widen the debate around internet governance, security, surveillance, freedom of expression, norms of state behaviour, technology and specific societal challenges that emerging and developing countries seek to address by the effective design and deployment on these technologies. In 2015, Cyfy will bring together more experts from South Asia, in order to present new thought on the specific challenges of internet access, policy and regulation, e-governance, financial inclusion, and bottom of the pyramid solutions.

Along with its growing network of both Indian and international partners, ORF looking forward to hosting another thought-provoking and productive few days, and bridging some digital divides in contemporary internet cyber policy debates.

Protection of Intellectual Property and Business Secrets in the Knowledge Economy

Over the past decade, there has been an exponential rise in cyber-enabled theft of intellectual property, and it has been recognized as an unfair predatory practice. With the rise of the globalized knowledge economy, the stability of open trading systems increasingly depends on cross-border IP protection. What is the relevance of the protection of intellectual property and business secrets for economic development and stability of the international trading system?

Download the agenda For more info visit here.

For more details visit https://cis-india.org/internet-governance/news/cyfy-2015-india-conference-on-cyber-security-and-internet-governance

Comments on the Zero Draft of the UN General Assembly’s Overall Review of the Implementation of WSIS Outcomes (WSIS+10)

geetha — 2015-10-16T02:44:16Z

On 9 October 2015, the Zero Draft of the UN General Assembly's Overall Review of implementation of WSIS Outcomes was released. Comments were sought on the Zero Draft from diverse stakeholders. The Centre for Internet & Society's response to the call for comments is below.

These comments were prepared by Geetha Hariharan with inputs from Sumandro Chattapadhyay, Pranesh Prakash, Sunil Abraham, Japreet Grewal and Nehaa Chaudhari. Download the comments here.

The Zero Draft of the UN General Assembly’s Overall Review of the Implementation of WSIS Outcomes (“Zero Draft”) is divided into three sections: (A) ICT for Development; (B) Internet Governance; (C) Implementation and Follow-up. CIS’ comments follow the same structure.
The Zero Draft is a commendable document, covering crucial areas of growth and challenges surrounding the WSIS. The Zero Draft makes detailed references to development-related challenges, noting the persistent digital divide, the importance of universal access, innovation and investment, and of enabling legal and regulatory environments conducive to the same. It also takes note of financial mechanisms, without which principles would remain toothless. Issues surrounding Internet governance, particularly net neutrality, privacy and the continuation of the IGF are included in the Zero Draft.
However, we believe that references to these issues are inadequate to make progress on existing challenges. Issues surrounding ICT for Development and Internet Governance have scarcely changed in the past ten years. Though we may laud the progress so far achieved, universal access and connectivity, the digital divide, insufficient funding, diverse and conflicting legal systems surrounding the Internet, the gender divide and online harassment persist. Moreover, the working of the IGF and the process of Enhanced Cooperation, both laid down with great anticipation in the Tunis Agenda, have been found wanting.
These need to be addressed more clearly and strongly in the Zero Draft. In light of these shortcomings, we suggest the following changes to the Zero Draft, in the hope that they are accepted.
A. ICT for Development
Paragraphs 16-21 elaborate upon the digital divide – both the progresses made and challenges. While the Zero Draft recognizes the disparities in access to the Internet among countries, between men and women, and of the languages of Internet content, it fails to attend to two issues.
First, accessibility for persons with disabilities continues to be an immense challenge. Since the mandate of the WSIS involves universal access and the bridging of the digital divide, it is necessary that the Zero Draft take note of this continuing challenge.
We suggest the insertion of Para 20A after Para 20:
“20A. We draw attention also to the digital divide adversely affecting the accessibility of persons with disabilities. We call on all stakeholders to take immediate measures to ensure accessibility for persons with disabilities by 2020, and to enhance their capacity and access to ICTs.”
Second, while the digital divide among the consumers of ICTs has decreased since 2003-2005, the digital production divide goes unmentioned. The developing world continues to have fewer producers of technology compared to their sheer concentration in the developed world – so much so that countries like India are currently pushing for foreign investment through missions like ‘Digital India’. Of course, the Zero Draft refers to the importance of private sector investment (Para 31). But it fails to point out that currently, such investment originates from corporations in the developed world. For this digital production divide to disappear, restrictions on innovation – restrictive patent or copyright regimes, for instance – should be removed, among other measures. Equitable development is the key.
Ongoing negotiations of plurilateral agreements such as the Trans-Pacific Partnership (TPP) go unmentioned in the Zero Draft. This is shocking. The TPP has been criticized for its excessive leeway and support for IP rightsholders, while incorporating non-binding commitments involving the rights of users (see Clause QQ.G.17 on copyright exceptions and limitations, QQ.H.4 on damages and QQ.C. 12 on ccTLD WHOIS, https://wikileaks.org/tpp-ip3/WikiLeaks-TPP-IP-Chapter/WikiLeaks-TPP-IP-Chapter-051015.pdf). Plaudits for progress make on the digital divide would be lip service if such agreements were not denounced.
Therefore, we propose the addition of Para 20B after Para 20:
“20B. We draw attention also to the digital production divide among countries, recognizing that domestic innovation and production are instrumental in achieving universal connectivity. Taking note of recent negotiations surrounding restrictive and unbalanced plurilateral trade agreements, we call on stakeholders to adopt policies to ensure globally equitable development, removing restrictions on innovation and conducive to fostering domestic and local production.”
Paragraph 22 of the Zero Draft acknowledges that “school curriculum requirements for ICT, open access to data and free flow of information, fostering of competition, access to finance”, etc. have “in many countries, facilitated significant gains in connectivity and sustainable development”.
This is, of course, true. However, as Para 23 also recognises, access to knowledge, data and innovation have come with large costs, particularly for developing countries like India. These costs are heightened by a lack of promotion and adoption of open standards, open access, open educational resources, open data (including open government data), and other free and open source practices. These can help alleviate costs, reduce duplication of efforts, and provide an impetus to innovation and connectivity globally.
Not only this, but the implications of open access to data and knowledge (including open government data), and responsible collection and dissemination of data are much larger in light of the importance of ICTs in today’s world. As Para 7 of the Zero Draft indicates, ICTs are now becoming an indicator of development itself, as well as being a key facilitator for achieving other developmental goals. As Para 56 of the Zero Draft recognizes, in order to measure the impact of ICTs on the ground – undoubtedly within the mandate of WSIS – it is necessary that there be an enabling environment to collect and analyse reliable data. Efforts towards the same have already been undertaken by the United Nations in the form of “Data Revolution for Sustainable Development”. In this light, the Zero Draft rightly calls for enhancement of regional, national and local capacity to collect and conduct analyses of development and ICT statistics (Para 56). Achieving the central goals of the WSIS process requires that such data is collected and disseminated under open standards and open licenses, leading to creation of global open data on the ICT indicators concerned.
As such, we suggest that following clause be inserted as Para 23A to the Zero Draft:

“23A. We recognize the importance of access to open, affordable, and reliable technologies and services, open access to knowledge, and open data, including open government data, and encourage all stakeholders to explore concrete options to facilitate the same.”

15. Paragraph 30 of the Zero Draft laments “the lack of progress on the Digital Solidarity Fund”, and calls “for a review of options for its future”.

16. The Digital Solidarity Fund was established with the objective of “transforming the digital divide into digital opportunities for the developing world” through voluntary contributions [Para 28, Tunis Agenda]. It was an innovative financial mechanism to help bridge the digital divide between developed and developing countries. This divide continues to exist, as the Zero Draft itself recognizes in Paragraphs 16-21.

17. Given the persistent digital divide, a “call for review of options” as to the future of the Digital Solidarity Fund is inadequate to enable developing countries to achieve parity with developed countries. A stronger and more definite commitment is required.

18. As such, we suggest the following language in place of the current Para 30:

“30. We express concern at the lack of progress on the Digital Solidarity Fund, welcomed in Tunis as an innovative financial mechanism of a voluntary nature, and we call for voluntary commitments from States to revive and sustain the Digital Solidarity Fund.”

19. Paragraph 31 of the Zero Draft recognizes the importance of “legal and regulatory frameworks conducive to investment and innovation”. This is eminently laudable. However, a broader vision is more compatible with paving the way for affordable and widespread access to devices and technology necessary for universal connectivity.

20. We suggest the following additions to Para 31:

“31. We recognise the critical importance of private sector investment in ICT access, content and services, and of legal and regulatory frameworks conducive to local investment and expansive, permissionless innovation.”

B. Internet Governance

21. Paragraph 32 of the Zero Draft recognizes the “general agreement that the governance of the Internet should be open, inclusive, and transparent”. Para 37 takes into account “the report of the CSTD Working Group on improvements to the IGF”. Para 37 also affirms the intention of the General Assembly to extend the life of the IGF by (at least) another 5 years, and acknowledges the “unique role of the IGF”.

22. The IGF is, of course, unique and crucial to global Internet governance. In the last 10 years, major strides have been made among diverse stakeholders in beginning and sustaining conversations on issues critical to Internet governance. These include issues such as human rights, inclusiveness and diversity, universal access to connectivity, emerging issues such as net neutrality, the right to be forgotten, and several others. Through its many arms like the Dynamic Coalitions, the Best Practices Forums, Birds-of-a-Feather meetings and Workshops, the IGF has made it possible for stakeholders to connect.

23. However, the constitution and functioning of the IGF have not been without lament and controversy. Foremost among the laments was the IGF’s evident lack of outcome-orientation; this continues to be debatable. Second, the composition and functioning of the MAG, particularly its transparency, have come under the microscope several times. One of the suggestions of the CSTD Working Group on Improvements to the IGF concerned the structure and working methods of the Multistakeholder Advisory Group (MAG). The Working Group recommended that the “process of selection of MAG members should be inclusive, predictable, transparent and fully documented” (Section II.2, Clause 21(a), Page 5 of the Report).

24. Transparency in the structure and working methods of the MAG are critical to the credibility and impact of the IGF. The functioning of the IGF depends, in a large part, on the MAG. The UN Secretary General established the MAG, and it advises the Secretary General on the programme and schedule of the IGF meetings each year (see <http://www.intgovforum.org/cms/mag/44-about-the-mag>). Under its Terms of Reference, the MAG decides the main themes and sub-themes for each IGF, sets or modifies the rules of engagement, organizes the main plenary sessions, coordinates workshop panels and speakers, and crucially, evaluates the many submissions it receives to choose from amongst them the workshops for each IGF meeting. The content of each IGF, then, is in the hands of the MAG.

25. But the MAG is not inclusive or transparent. The MAG itself has lamented its opaque ‘black box approach’ to nomination and selection. Also, CIS’ research has shown that the process of nomination and selection of the MAG continues to be opaque. When CIS sought information on the nominators of the MAG, the IGF Secretariat responded that this information would not be made public (see <http://cis-india.org/internet-governance/blog/mag-analysis>).

26. Further, our analysis of MAG membership shows that since 2006, 26 persons have served for 6 years or more on the MAG. This is astounding, since under the MAG Terms of Reference, MAG members are nominated for a term of 1 year. This 1-year-term is “automatically renewable for 2 more consecutive years”, but such renewal is contingent on an evaluation of the engagement of MAG members in their activities (see <http://www.intgovforum.org/cms/175-igf-2015/2041-mag-terms-of-reference>). MAG members ought not serve for over 3 consecutive years, in accordance with their Terms of Reference. But out of 182 MAG members, around 62 members have served more than the 3-year terms designated by their Terms of Reference (see <http://cis-india.org/internet-governance/blog/mag-analysis>).

27. Not only this, but our research showed 36% of all MAG members since 2006 have hailed from the Western European and Others Group (see <http://cis-india.org/internet-governance/blog/mag-analysis>). This indicates a lack of inclusiveness, though the MAG is certainly more inclusive than the composition and functioning of other I-Star organisations such as ICANN.

28. Tackling these infirmities within the MAG would go a long way in ensuring that the IGF lives up to its purpose. Therefore, we suggest the following additions to Para 37:

“37. We acknowledge the unique role of the Internet Governance Forum (IGF) as a multistakeholder platform for discussion of Internet governance issues, and take note of the report and recommendations of the CSTD Working Group on improvements to the IGF, which was approved by the General Assembly in its resolution, and ongoing work to implement the findings of that report. We reaffirm the principles of openness, inclusiveness and transparency in the constitution, organisation and functioning of the IGF, and in particular, in the nomination and selection of the Multistakeholder Advisory Group (MAG). We extend the IGF mandate for another five years with its current mandate as set out in paragraph 72 of the Tunis Agenda for the Information Society. We recognize that, at the end of this period, progress must be made on Forum outcomes and participation of relevant stakeholders from developing countries.”

29. Paragraphs 32-37 of the Zero Draft make mention of “open, inclusive, and transparent” governance of the Internet. It fails to take note of the lack of inclusiveness and diversity in Internet governance organisations – extending across representation, participation and operations of these organisations. In many cases, mention of inclusiveness and diversity becomes tokenism or formal (but not operational) principle. In substantive terms, the developing world is pitifully represented in standards organisations and in ICANN, and policy discussions in organisations like ISOC occur largely in cities like Geneva and New York. For example, the ‘diversity’ mailing list of IETF has very low traffic. Within ICANN, 307 out of 672 registries listed in ICANN’s registry directory are based in the United States, while 624 of the 1010 ICANN-accredited registrars are US-based. Not only this, but 80% of the responses received by ICANN during the ICG’s call for proposals were male. A truly global and open, inclusive and transparent governance of the Internet must not be so skewed.

30. We propose, therefore, the addition of a Para 37A after Para 37:

“37A. We draw attention to the challenges surrounding diversity and inclusiveness in organisations involved in Internet governance, and call upon these organisations to take immediate measures to ensure diversity and inclusiveness in a substantive manner.”

31. Paragraphs 36 of the Zero Draft notes that “a number of member states have called for an international legal framework for Internet governance.” But it makes no reference to ICANN or the importance of the ongoing IANA transition to global Internet governance. ICANN and its monopoly over several critical Internet resources was one of the key drivers of the WSIS in 2003-2005. Unfortunately, this focus seems to have shifted entirely. Open, inclusive, transparent and global Internet are misnomer-principles when ICANN – and in effect, the United States – continues to have monopoly over critical Internet resources. The allocation and administration of these resources should be decentralized and distributed, and should not be within the disproportionate control of any one jurisdiction.

32. Therefore, we suggest the following Para 37A after Para 37:

“37A. We affirm that the allocation, administration and policy involving critical Internet resources must be inclusive and decentralized, and call upon all stakeholders and in particular, states and organizations responsible for essential tasks associated with the Internet, to take immediate measures to create an environment that facilitates this development.”

33. Paragraph 43 of the Zero Draft encourages “all stakeholders to ensure respect for privacy and the protection of personal information and data”. But the Zero Draft inadvertently leaves out the report of the Office of the UN High Commissioner for Human Rights on digital privacy, ‘The right to privacy in the digital age’ (A/HRC/27/37). This report, adopted by the Human Rights Council in June 2014, affirms the importance of the right to privacy in our increasingly digital age, and offers crucial insight into recent erosions of privacy. It is both fitting and necessary that the General Assembly take note of and affirm the said report in the context of digital privacy.

34. We offer the following suggestion as an addition to Para 43:

“43. We emphasise that no person shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home, or correspondence, consistent with countries’ applicable obligations under international human rights law. In this regard, we acknowledge the report of the Office of the UN High Commissioner for Human Rights, ‘The right to privacy in the digital age’ (A/HRC/27/37, 30 June 2014), and take note of its findings. We encourage all stakeholders to ensure respect for privacy and the protection of personal information and data.”

35. Paragraphs 40-44 of the Zero Draft state that communication is a fundamental human need, reaffirming Article 19 of the Covenant on Civil and Political Rights, with its attendant narrow limitations. The Zero Draft also underscores the need to respect the independence of the press. Particularly, it reaffirms the principle that the same rights that people enjoy offline must also be protected online.

36. Further, in Para 31, the Zero Draft recognizes the “critical importance of private sector investment in ICT access, content, and services”. This is true, of course, but corporations also play a crucial role in facilitating the freedom of speech and expression (and all other related rights) on the Internet. As the Internet is led largely by the private sector in the development and distribution of devices, protocols and content-platforms, corporations play a major role in facilitating – and sometimes, in restricting – human rights online. They are, in sum, intermediaries without whom the Internet cannot function.

37. Given this, it is essential that the outcome document of the WSIS+10 Overall Review recognize and affirm the role of the private sector, and crucially, its responsibilities to respect and protect human rights online.

38. We suggest, therefore, the insertion of the following paragraph Para 42A, after Para 42:

“42A. We recognize the critical role played by corporations and the private sector in facilitating human rights online. We affirm, in this regard, the responsibilities of the private sector set out in the Report of the Special Representative of the Secretary General on the issue of human rights and transnational corporations and other business enterprises, A/HRC/17/31 (21 March 2011), and encourage policies and commitments towards respect and remedies for human rights.”

C. Implementation and Follow-up

39. Para 57 of the Zero Draft calls for a review of the WSIS Outcomes, and leaves a black space inviting suggestions for the year of the review. How often, then, should the review of implementation of WSIS+10 Outcomes take place?

40. It is true, of course, that reviews of the implementation of WSIS Outcomes are necessary to take stock of progress and challenges. However, we caution against annual, biennal or other such closely-spaced reviews due to concerns surrounding budgetary allocations.

41. Reviews of implementation of outcomes (typically followed by an Outcome Document) come at considerable cost, which are budgeted and achieved through contributions (sometimes voluntary) from states. Were Reviews to be too closely spaced, budgets that ideally ought to be utilized to bridge digital divides and ensure universal connectivity, particularly for developing states, would be misspent in reviews. Moreover, closely-spaced reviews would only provide superficial quantitative assessments of progress, but would not throw light on longer term or qualitative impacts.

For more details visit https://cis-india.org/internet-governance/blog/comments-on-the-zero-draft-of-the-un-general-assembly2019s-overall-review-of-the-implementation-of-wsis-outcomes-wsis-10

Peering behind the veil of ICANN's DIDP (II)

Padmini Baruah — 2015-10-15T03:14:18Z

In a previous blog post, I had introduced the concept of ICANN’s Documentary Information Disclosure Policy (“DIDP”) and their extremely vast grounds for non-disclosure. In this short post, I have made an analysis of every DIDP request that ICANN has ever responded to, to point out the flaws in their policy that need to be urgently remedied.

Read the previous blog post here. Every DIDP request that ICANN has ever responded to can be accessed here.

The table here is a comprehensive breakdown of all the different DIDP requests that ICANN has responded to. This table is to be read with this document, which has a numbered list of the different non-disclosure exceptions outlined in ICANN’s policy. What I sought to scrutinize was the number of times ICANN has provided satisfactory information, the number of times it has denied information, and the grounds for the same. What we found was alarming:

Of a total of 91 requests (as of 13/10/2015), ICANN has fully and positively responded to only 11.
It has responded partially to 47 of 91 requests, with some amount of information (usually that which is available as public records).
It has not responded at all to 33 of 91 requests.
The Non-Disclosure Clause (1)^{^[1]} has been invoked 17 times.
The Non-Disclosure Clause (2)^{^[2]} has been invoked 39 times.
The Non-Disclosure Clause (3)^{^[3]} has been invoked 31 times.
The Non-Disclosure Clause (4)^{^[4]} has been invoked 5 times.
The Non-Disclosure Clause (5)^{^[5]} has been invoked 34 times.
The Non-Disclosure Clause (6)^{^[6]} has been invoked 35 times.
The Non-Disclosure Clause (7)^{^[7]} has been invoked once.
The Non-Disclosure Clause (8)^{^[8]} has been invoked 22 times.
The Non-Disclosure Clause (9)^{^[9]} has been invoked 30 times.
The Non-Disclosure Clause (10)^{^[10]} has been invoked 10 times.
The Non-Disclosure Clause (11)^{^[11]} has been invoked 12 times.
The Non-Disclosure Clause (12)^{^[12]} has been invoked 18 times.

This data is disturbing because it reveals that ICANN has in practice been able to deflect most requests for information. It regularly utilised its internal processes and discussions with stakeholders clauses, as well as clauses on protecting financial interests of third parties (over 50% of the total non-disclosure clauses ever invoked - see chart below) to do away with having to provide information on pertinent matters such as its compliance audits and reports of abuse to registrars. We believe that even if ICANN is a private entity legally, and not at the same level as a state, it nonetheless plays the role of regulating an enormous public good, namely the Internet. Therefore, there is a great onus on ICANN to be far more open about the information that they provide.

Finally, it is extremely disturbing that they have extended full disclosure to only 12% of the requests that they receive. An astonishing 88% of the requests have been denied, partly or otherwise. Therefore, it is clear that there is a failure on part of ICANN to uphold the transparency it claims to stand for, and this needs to be remedied at the earliest.

^{^[1]} “Information provided by or to a government or international organization, or any form of recitation of such information, in the expectation that the information will be kept confidential and/or would or likely would materially prejudice ICANN's relationship with that party”

^{^[2]} “Internal information that, if disclosed, would or would be likely to compromise the integrity of ICANN's deliberative and decision-making process by inhibiting the candid exchange of ideas and communications, including internal documents, memoranda, and other similar communications to or from ICANN Directors, ICANN Directors' Advisors, ICANN staff, ICANN consultants, ICANN contractors, and ICANN agents”

^{^[3]} “Information exchanged, prepared for, or derived from the deliberative and decision-making process between ICANN, its constituents, and/or other entities with which ICANN cooperates that, if disclosed, would or would be likely to compromise the integrity of the deliberative and decision-making process between and among ICANN, its constituents, and/or other entities with which ICANN cooperates by inhibiting the candid exchange of ideas and communications”

^{^[4]} “Personnel, medical, contractual, remuneration, and similar records relating to an individual's personal information, when the disclosure of such information would or likely would constitute an invasion of personal privacy, as well as proceedings of internal appeal mechanisms and investigations”

^{^[5]} “Information provided to ICANN by a party that, if disclosed, would or would be likely to materially prejudice the commercial interests, financial interests, and/or competitive position of such party or was provided to ICANN pursuant to a nondisclosure agreement or nondisclosure provision within an agreement”

^{^[6]} “Confidential business information and/or internal policies and procedures”

^{^[7]} “Information that, if disclosed, would or would be likely to endanger the life, health, or safety of any individual or materially prejudice the administration of justice”

^{^[8]} “Information subject to the attorney– client, attorney work product privilege, or any other applicable privilege, or disclosure of which might prejudice any internal, governmental, or legal investigation”

^{^[9]} “Drafts of all correspondence, reports, documents, agreements, contracts, emails, or any other forms of communication”

^{^[10]} “Information that relates in any way to the security and stability of the Internet, including the operation of the L Root or any changes, modifications, or additions to the root zone”

^{^[11]} “Trade secrets and commercial and financial information not publicly disclosed by ICANN”

^{^[12]} “Information requests: (i) which are not reasonable; (ii) which are excessive or overly burdensome; (iii) complying with which is not feasible; or (iv) are made with an abusive or vexatious purpose or by a vexatious or querulous individual”

For more details visit https://cis-india.org/internet-governance/blog/peering-behind-the-veil-of-icanns-didp-ii

Contestations of Data, ECJ Safe Harbor Ruling and Lessons for India

jyoti — 2015-10-14T14:40:08Z

The European Court of Justice has invalidated a European Commission decision, which had previously concluded that the 'Safe Harbour Privacy Principles' provide adequate protections for European citizens’ privacy rights for the transfer of personal data between European Union and United States. The inadequacies of the framework is not news for the European Commission and action by ECJ has been a long time coming. The ruling raises important questions about how the claims of citizenship are being negotiated in the context of the internet, and how increasingly the contestations of personal data are being employed in the discourse.

The European Court of Justice (ECJ) has invalidated a European Commission (EC) decision¹ which had previously concluded that the 'Safe Harbor Privacy Principles'² provide adequate protections for European citizens’ privacy rights³ for the transfer of personal data between European Union and United States. This challenge stems from the claim that public law enforcement authorities in America obtain personal data from organisations in safe harbour for incompatible and disproportionate purposes in violation of the Safe Harbour Privacy Principles. The court's judgment follows the advice of the Advocate General of the Court of Justice of the European Union (CJEU) who recently opined⁴ that US practices allow for large-scale collection and transfer of personal data belonging to EU citizens without them benefiting from or having access to judicial protection under US privacy laws. The inadequacies of the framework is not news for the Commission and action by ECJ has been a long time coming. The ruling raises important questions about how increasingly the contestations of personal data are being employed in asserting claims of citizenship in context of the internet.

As the highest court in Europe, the ECJ's decisions are binding on all member states. With this ruling the ECJ has effectively restrained US firms from indiscriminate collection and sharing of European citizens’ data on American soil. The implications of the decision are significant, because it shifts the onus of evaluating protections of personal data for EU citizens from the 4,400 companies⁵ subscribing to the system onto EU privacy watchdogs. Most significantly, in addressing the rights of a citizen against an established global brand, the judgement goes beyond political and legal opinion to challenge the power imbalance that exists with reference to US based firms.

Today, the free movement of data across borders is a critical factor in facilitating trade, financial services, governance, manufacturing, health and development. However, to consider the ruling as merely a clarification of transatlantic mechanisms for data flows misstates the real issue. At the heart of the judgment is the assessment whether US firms apply the tests of ‘necessity and proportionality’ in the collection and surveillance of data for national security purposes. Application of necessity and proportionality test to national security exceptions under safe harbor has been a sticking point that has stalled the renegotiation of the agreement that has been underway between the Commission and the American data protection authorities.⁶

For EU citizens the stake in the case are even higher, as while their right to privacy is enshrined under EU law, they have no administrative or judicial means of redress, if their data is used for reasons they did not intend. In the EU, citizens accessing and agreeing to use of US based firms are presented with a false choice between accessing benefits and giving up on their fundamental right to privacy. In other words, by seeking that governments and private companies provide better data protection for the EU citizens and in restricting collection of personal data on a generalised basis without objective criteria, the ruling is effectively an assertion of ‘data sovereignty’. The term ‘data sovereignty’, while lacking a firm definition, refers to a spectrum of approaches adopted by different states to control data generated in or passing through national internet infrastructure.⁷ Underlying the ruling is the growing policy divide between the US and EU privacy and data protection standards, which may lead to what is referred to as the balkanization⁸ of the internet in the future.

US-EU Data Protection Regime

The safe harbor pact between the EU and US was negotiated in the late 1990s as an attempt to bridge the different approaches to online privacy. Privacy is addressed in the EU as a fundamental human right while in the US it is defined under terms of consumer protection, which allow trade-offs and exceptions when national security seems to be under threat. In order to address the lower standards of data protection prevalent in the US, the pact facilitates data transfers from EU to US by establishing certain safeguards equivalent to the requirements of the EU data protection directive. The safe harbor provisions include firms undertaking not to pass personal information to third parties if the EU data protection standards are not met and giving users right to opt out of data collection.⁹

The agreement was due to be renewed by May 2015¹⁰ and while negotiations have been ongoing for two years, EU discontent on safe harbour came to the fore following the Edward Snowden revelations of collection and monitoring facilitated by large private companies for the PRISM program and after the announcement of the TransAtlantic Trade and Investment Partnership (TTIP).¹¹ EU member states have mostly stayed silent as they run their own surveillance programs often times, in cooperation with the NSA. EU institutions cannot intervene in matters of national security however, they do have authority on data protection matters. European Union officials and Members of Parliament have expressed shock and outrage at the surveillance programs unveiled by Snowden's 2013 revelations. Most recently, following the CJEU Advocate General’s opinion, 50 Members of European Parliament (MEP) sent a strongly worded letter the US Congress hitting back on claims of ‘digital protectionism’ emanating from the US¹². In no uncertain terms the letter clarified that the EU has different ideas on privacy, platforms, net neutrality, encryption, Bitcoin, zero-days, or copyright and will seek to improve and change any proposal from the EC in the interest of our citizens and of all people.

Towards Harmonization

In November 2013, as an attempt to minimize the loss of trust following the Snowden revelations, the European Commission (EC) published recommendations in its report on 'Rebuilding Trust is EU-US Data Flows'.¹³ The recommendations revealed two critical initiatives at the EU level—first was the revision of the EU-US safe harbor agreement¹⁴ and second the adoption of the 'EU-US Umbrella Agreement¹⁵'—a framework for data transfer for the purpose of investigating, detecting, or prosecuting a crime, including terrorism. The Umbrella Agreement was recently initialed by EU and US negotiators and it only addresses the exchange of personal data between law enforcement agencies.¹⁶ The Agreement has gained momentum in the wake of recent cases around issues of territorial duties of providers, enforcement jurisdictions and data localisation.¹⁷ However, the adoption of the Umbrella Act depends on US Congress adoption of the Judicial Redress Act (JRA) as law.¹⁸

Judicial Redress Act

The JRA is a key reform that the EC is pushing for in an attempt to address the gap between privacy rights and remedies available to US citizens and those extended to EU citizens, including allowing EU citizens to sue in American courts. The JRA seeks to extend certain protections under the Privacy Act to records shared by EU and other designated countries with US law enforcement agencies for the purpose of investigating, detecting, or prosecuting criminal offenses. The JRA protections would extend to records shared under the Umbrella Agreement and while it does include civil remedies for violation of data protection, as noted by the Center for Democracy and Technology, the present framework does not provide citizens of EU countries with redress that is at par with that which US persons enjoy under the Privacy Act.¹⁹

For example, the measures outlined under the JRA would only be applicable to countries that have outlined appropriate privacy protections agreements for data sharing for investigations and ‘efficiently share’ such information with the US. Countries that do not have agreements with US cannot seek these protections leaving the personal data of their citizens open for collection and misuse by US agencies. Further, the arrangement leaves determination of 'efficiently sharing' in the hands of US authorities and countries could lose protection if they do not comply with information sharing requests promptly. Finally, JRA protections do not apply to non-US persons nor to records shared for purposes other than law enforcement such as intelligence gathering. JRA is also weakened by allowing heads of agencies to exercise their discretion to seek exemption from the Act and opt out of compliance.

Taken together the JRA, the Umbrella Act and the renegotiation of the Safe Harbor Agreement need considerable improvements. It is worth noting that EU’s acceptance of the redundancy of existing agreements and in establishing the independence of national data protection authorities in investigating and enforcing national laws as demonstrated in the Schrems and in the Weltimmo²⁰ case point to accelerated developments in the broader EU privacy landscape.

Consequences

The ECJ Safe Harbor ruling will have far-reaching consequences for the online industry. Often, costly government rulings solidify the market dominance of big companies. As high regulatory costs restrict the entrance of small and medium businesses the market, competition is gradually wiped out. Further, complying with high standards of data protection means that US firms handling European data will need to consider alternative legal means of transfer of personal data. This could include evolving 'model contracts' binding them to EU data protection standards. As Schrems points out, “Big companies don’t only rely on safe harbour: they also rely on binding corporate rules and standard contractual clauses.”²¹

The ruling is good news for European consumers, who can now approach a national regulator to investigate suspicions of data mishandling. EU data protection regulators may be be inundated with requests from companies seeking authorization of new contracts and with consumer complaints. Some are concerned that the ruling puts a dent in the globalized flow of data²², effectively requiring data localization in Europe.²³ Others have pointed out that it is unclear how this decision sits with other trade treaties such as the TPP that ban data localisation.²⁴ While the implications of the decision will take some time in playing out, what is certain is that US companies will be have to restructure management, storage and use of data. The ruling has created the impetus for India to push for reforms to protect its citizens from harms by US firms and improve trade relations with EU.

The Opportunity for India

Multiple data flows taking place over the internet simultaneously and that has led to ubiquity of data transfers o ver the Internet, exposing individuals to privacy risks. There has also been an enhanced economic importance of data processing as businesses collect and correlate data using analytic tools to create new demands, establish relationships and generate revenue for their services. The primary concern of the Schrems case may be the protection of the rights of EU citizens but by seeking to extend these rights and ensure compliance in other jurisdictions, the case touches upon many underlying contestations around data and sovereignty.

Last year, Mr Ram Narain, India Head of Delegation to the Working Group Plenary at ITU had stressed, “respecting the principle of sovereignty of information through network functionality and global norms will go a long way in increasing the trust and confidence in use of ICT.”²⁵ In the absence of the recognition of privacy as a right and empowering citizens through measures or avenues to seek redressal against misuse of data, the demand of data sovereignty rings empty. The kind of framework which empowered an ordinary citizen in the EU to approach the highest court seeking redressal based on presumed overreach of a foreign government and from harms abetted by private corporations simply does not exist in India. Securing citizen’s data in other jurisdictions and from other governments begins with establishing protection regimes within the country.

The Indian government has also stepped up efforts to restrict transfer of data from India including pushing for private companies to open data centers in India.²⁶ Negotiating data localisation does not restrict the power of private corporations from using data in a broad ways including tailoring ads and promoting products. Also, data transfers impact any organisation with international operations for example, global multinationals who need to coordinate employee data and information. Companies like Facebook, Google and Microsoft transfer and store data belonging to Indian citizens and it is worth remembering that the National Security Agency (NSA) would have access to this data through servers of such private companies. With no existing measures to restrict such indiscriminate access, the ruling purports to the need for India to evolve strong protection mechanisms. Finally, the lack of such measures also have an economic impact, as reported in a recent Nasscom-Data Security Council of India (DSCI) survey²⁷ that pegs revenue losses incurred by the Indian IT-BPO industry at $2-2.5 billion for a sample size of 15 companies. DSCI has further estimated that outsourcing business can further grow by $50 billion per annum once India is granted a “data secure” status by the EU.²⁸ EU’s refusal to grant such a status is understandable given the high standard of privacy as incorporated under the European Union Data Protection Directive a standard to which India does not match up, yet. The lack of this status prevents the flow of data which is vital for Digital India vision and also affects the service industry by restricting the flow of sensitive information to India such as information about patient records.

Data and information structures are controlled and owned by private corporations and networks transcend national borders, therefore the foremost emphasis needs to be on improving national frameworks. While, enforcement mechanisms such as the Mutual Legal Assistance Treaty (MLAT) process or other methods of international cooperation may seem respectful of international borders and principles of sovereignty,²⁹ for users that live in undemocratic or oppressive regimes such agreements are a considerable risk. Data is also increasingly being stored across multiple jurisdictions and therefore merely applying data location lens to protection measures may be too narrow. Further it should be noted that when companies begin taking data storage decisions based on legal considerations it will impact the speed and reliability of services.³⁰ Any future regime must reflect the challenges of data transfers taking place in legal and economic spaces that are not identical and may be in opposition. Fundamentally, the protection of privacy will always act as a barrier to the free flow of information even so, as the Schrems case ruling points out not having adequate privacy protections could also restrict flow of data, as has been the case for India.

The time is right for India to appoint a data controller and put in place national frameworks, based on nuanced understanding of issues of applying jurisdiction to govern users and their data. Establishing better protection measures will not only establish trust and enhance the ability of users to control data about themselves it is also essential for sustaining economic and social value generated from data generation and collection. Suggestions for such frameworks have been considered previously by the Group of Experts on Privacy constituted by the Planning Commission.³¹ By incorporating transparency in mechanisms for data and access requests and premising requests on established necessity and proportionality Indian government can lead the way in data protection standards. This will give the Indian government more teeth to challenge and address both the dangers of theft of data stored on servers located outside of India and restrain indiscriminate access arising from terms and conditions of businesses that grant such rights to third parties.

1 Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (notified under document number C(2000) 2441) (Text with EEA relevance.) Official Journal L 215 , 25/08/2000 P. 0007 -0047 2000/520/EC: http ://eur -lex .europa .eu /LexUriServ /LexUriServ .do ?uri =CELEX :32000 D 0520:EN :HTML

2 Safe Harbour Privacy Principles Issued by the U.S. Department of Commerce on July 21, 2000 http ://www .export .gov /safeharbor /eu /eg _main _018475.asp

3 Megan Graham, Adding Some Nuance on the European Court ’s Safe Harbor Decision , Just security

https ://www .justsecurity .org /26651/adding -nuance -ecj -safe -harbor -decision /

4 Advocate General’s Opinion in Case C-362/14 Maximillian Schrems v Data Protection Commissioner Court of Justice of the European Union, Press Release, No 106/15 Luxembourg, 23 September 2015 http ://curia .europa .eu /jcms /upload /docs /application /pdf /2015-09/cp 150106 en .pdf

5 Jennifer Baker, ‘EU desperately pushes just-as-dodgy safe harbour alternatives’, The Register, October 7, 2015 http ://www .theregister .co .uk /2015/10/07/eu _pushes _safe _harbour _alternatives /

6 Draft Report, General Data Protection Regulation, Committee on Civil Liberties, Justice and Home Affairs, European Parliament, 2009-2014 http ://www .europarl .europa .eu /meetdocs /2009_2014/documents /libe /pr /922/922387/922387 en .pdf

7 Dana Polatin-Reuben, Joss Wright, ‘An Internet with BRICS Characteristics: Data Sovereignty and the Balkanisation of the Internet’, University of Oxford, July 7, 2014 https ://www .usenix .org /system /files /conference /foci 14/foci 14-polatin -reuben .pdf

8 Sasha Meinrath, The Future of the Internet: Balkanization and Borders, Time, October 2013 http ://ideas .time .com /2013/10/11/the -future -of -the -internet -balkanization -and -borders /

9 Safe Harbour Privacy Principles, Issued by the U.S. Department of Commerce, July 2001 http ://www .export .gov /safeharbor /eu /eg _main _018475.asp

10 Facebook case may force European firms to change data storage practices, The Guardian, September 23, 2015 http ://www .theguardian .com /us -news /2015/sep /23/us -intelligence -services -surveillance -privacy

11 Privacy Tracker, US-EU Safe Harbor Under Pressure, August 2, 2013 https ://iapp .org /news /a /us -eu -safe -harbor -under -pressure

12 Kieren McCarthy, Privacy, net neutrality, security, encryption ... Europe tells Obama, US Congress to back off, The Register, 23 September, 2015 http ://www .theregister .co .uk /2015/09/23/european _politicians _to _congress _back _off /

13 Communication from the Commission to the European Parliament and the Council, Rebuilding Trust in EU-US Data Flows, European Commission, November 2013 http ://ec .europa .eu /justice /data -protection /files /com _2013_846_en .pdf

14 Safe Harbor on trial in the European Union, Access Blog, September 2014 https ://www .accessnow .org /blog /2014/11/13/safe -harbor -on -trial -in -the -european -union

15 European Commission - Fact Sheet Questions and Answers on the EU-US data protection "Umbrella agreement", September 8, 2015 http ://europa .eu /rapid /press -release _MEMO -15-5612_en .htm

16 McGuire Woods, ‘EU and U.S. reach “Umbrella Agreement” on data transfers’, Lexology, September 14, 2015 http ://www .lexology .com /library /detail .aspx ?g =422 bca 41-2 d 54-4648-ae 57-00 d 678515 e 1 f

17 Andrew Woods, Lowering the Temperature on the Microsoft-Ireland Case, Lawfare September, 2015 https ://www .lawfareblog .com /lowering -temperature -microsoft -ireland -case

18 Jens-Henrik Jeppesen, Greg Nojeim, ‘The EU-US Umbrella Agreement and the Judicial Redress Act: Small Steps Forward for EU Citizens’ Privacy Rights’, October 5, 2015 https ://cdt .org /blog /the -eu -us -umbrella -agreement -and -the -judicial -redress -act -small -steps -forward -for -eu -citizens -privacy -rights /

19 Ibid 18.

20 Landmark ECJ data protection ruling could impact Facebook and Google, The Guardian, 2 October, 2015 http ://www .theguardian .com /technology /2015/oct /02/landmark -ecj -data -protection -ruling -facebook -google -weltimmo

21 Julia Powles, Tech companies like Facebook not above the law, says Max Schrems, The Guardian, Octover 9, 2015 http ://www .theguardian .com /technology /2015/oct /09/facebook -data -privacy -max -schrems -european -court -of -justice

22 Adam Thierer, Unintended Consequences of the EU Safe Harbor Ruling, The Technology Liberation Front, October 6, 2015 http ://techliberation .com /2015/10/06/unintended -consequenses -of -the -eu -safe -harbor -ruling /#more -75831

23 Anupam Chander, Tweeted ECJ #schrems ruling may effectively require data localization within Europe, https ://twitter .com /AnupamChander /status /651369730754801665

24 Lokman Tsui, Tweeted, “If the TPP bans data localization, but the ECJ ruling effectively mandates it, what does that mean for the internet?” https ://twitter .com /lokmantsui /status /651393867376275456

25 Statement from Indian Head of Delegation, Mr Ram Narain for WGPL, Indian statement on ITU and Internet at the Working Group Plenary November 4, 2014 https ://ccgnludelhi .wordpress .com /author /asukum 87/page /2/

26 Sounak Mitra, Xiaomi bets big on India despite problems, Business Standard, December 2014 http ://www .business -standard .com /article /companies /xiaomi -bets -big -on -india -despite -problems -114122201023_1.html

27 Neha Alawadi, Ruling on data flow between EU & US may impact India’s IT sector, Economic Times,October 7, 2015 http ://economictimes .indiatimes .com /articleshow /49250738.cms ?utm _source =contentofinterest &utm _medium =text &utm _campaign =cppst

28 Pranav Menon, Data Protection Laws in India and Data Security- Impact on India and Data Security-Impact on India - EU Free Trade Agreement, CIS Access to Knowledge, 2011 http ://cis -india .org /a 2 k /blogs /data -security -laws -india .pdf

29 Surendra Kumar Sinha, India wants Mutual Legal Assistance treaty with Bangladesh, Economic Times, October 7, 2015 http ://economictimes .indiatimes .com /articleshow /49262294.cms ?utm _source =contentofinterest &utm _medium =text &utm _campaign =cppst

30 Pablo Chavez, Director, Public Policy and Government Affairs, Testifying before the U.S. Senate on transparency legislation, November 3, 2013 http ://googlepublicpolicy .blogspot .in /2013/11/testifying -before -us -senate -on .htm

31 Report of the Group of Experts on Privacy (Chaired by Justice A P Shah, Former Chief Justice, Delhi High Court), Planning Commission, October 2012 http ://planningcommission .nic .in /reports /genrep /rep _privacy .pdf

For more details visit https://cis-india.org/internet-governance/blog/contestations-of-data-ecj-safe-harbor-ruling-and-lessons-for-india

Enabling Multi-stakeholder Cooperation - Towards a Transnational Framework for Due Process

praskrishna — 2015-10-14T02:53:07Z

Internet & Jurisdiction Project organized a multi-stakeholder meeting of the global multi-stakeholder dialogue process in 2015 on October 8-9 in Berlin, Germany. Sunil Abraham participated in this meeting.

Since 2012, the Internet & Jurisdiction Project has facilitated a global multi-stakeholder dialogue process to address the tension between the cross-border nature of the Internet and geographically defined national jurisdictions. It provides a neutral platform for states, business, civil society and international organizations to discuss the elaboration of a transnational due process framework to handle the digital coexistence of diverse national laws in shared cross-border online spaces. This pioneering multi-stakeholder cooperation effort seeks to develop a “policy standard” for transnational requests for domain seizures, content takedowns and access to subscriber information.

2015 is an important moment that determines the future of the multi-stakeholder model in global Internet Governance. The Internet & Jurisdiction Project hopes it can provide an opportunity to demonstrate that multi-stakeholder cooperation can produce operational solutions to concrete policy challenges that no stakeholder group can solve on its own.

The meeting will gather key actors from states, Internet companies, technical operators, civil society, academia and international organizations.

This was published on the website of Internet & Jurisdiction Project

For more details visit https://cis-india.org/internet-governance/news/enabling-multi-stakeholder-cooperation-towards-a-transnational-framework-for-due-process

CIS in Top 50 Tech Blogs of India

praskrishna — 2015-10-14T06:24:44Z

The Centre for Internet and Society is on the 30th position among the top technology blogs in India.

This was published by rebateszone on October 7, 2015.

Infographic courtesy: Renuka Thakur

The world of tech blogs is getting bigger and bigger, by time people are getting more and more interested in tech related items, it’s the only reason why we have seen such significant surge in tech blogs during the past few years. So the query that becomes difficult with every minute passing is that which of the tech blogs are worth your time? To help you on this we have created a list of top 50 tech bloggers in India, These weblogs are written by pros in the field, you might find numerous lists on the internet on this particular topic but you won’t be able to find more thorough and handy list that this as we have handpicked each and every blog in this list, we have organized these blogs according to the quality of posts. The other lists that you can find on the internet are sorted according to Alexa rank or number of incoming links, they have just produced those listed for the purpose of forming a new post but this list is produced according to the quality. If you want to stay updated with technology related news, developments etc., then we would recommend you to follow the following 50 tech blogs regularly:

Sr No.	Website/Blog	Facebook	Twitter
1	fonearena.com	165,050	34,583
2	alltechbuzz.net	262,568	3,706
3	bgr.in	143,145	190,922
4	telecomtalk.info	41,205	21,080
5	medianama.com	11,238	241,121
6	techulator.com	9,703	238
7	infosys.com	696,536	164,452
8	9lessons.info	23,945	7,499
9	phoneradar.com	14,898	8,381
10	indianweb2.com	7,738	2,427
11	techpp.com	10,221	17,661
12	techlomedia.in	16,578	6,452
13	techlila.com	20,252	2,904
14	techtricksworld.com	5,331	1,726
15	makingdifferent.com	7,424	—–
16	tipsclear.com	687	15,007
17	hackpundit.com	40	315
18	ampercent.com	2,056	413
19	nirmaltv.com	26,261	6,293
20	pitechnologies.org	7,965	49
21	seotechyworld.com	9,335	4,977
22	igt.in	12,997	666
23	hacktrix.com	9,374	196
24	technodify.com	26,318	3,958
25	webtrickz.com	3,906	907
26	wpxbox.com	16,938	1,242
27	itechcode.com	2,666	4,749
28	techfishy.com	4,791	114
29	zensar.com	7,269	2,778
30	cis-india.org	—–	3,795
31	robosoftin.com	664	1,892
32	digitaldimensions4u.com	3,079	583
33	campustimespune.com	3,121	278
34	msystechnologies.com	325	455
35	techsplurge.com	3,797	1,140
36	zensoftservices.com	203	1,499
37	iltb.net	4,994	1,675
38	savedelete.com	19,978	10,728
39	minterest.org	1,033	12,867
40	thepockettech.com	22,346	12,375
41	thetechbulletin.com	2,522	1,292
42	mobientech.com	525	1,359
43	directingit.com	98	27
44	itpreneurpune.com	1,356	76
45	codemink.com	5,021	196
46	udayarumilli.blogspot.com	103	63
47	saadhvi.com	56	44
48	taraspan.com	8	310
49	cloudnowtech.com	145	55
50	keshavatech.com	2,953	18,139

Here is the Infographic for top 50 tech blogs in India:

For more details visit https://cis-india.org/internet-governance/news/rebateszone-october-7-2015-top-50-technology-blogs-in-india

Communication Rights in the Age of Digital Technology

rakesh — 2015-10-24T07:45:26Z

The Centre for Internet & Society (CIS) invites you to a conference to discuss the evolution of privacy and surveillance in India on Friday, October 30, 2015 at Deck Suite Hall, 5th Floor, Habitat Centre, Lodhi Road, Near Air Force Bal Bharti School, New Delhi - 110003, from 11 a.m. to 5 p.m.

The conference will be conducted in a round-table format. Topics to be discussed shall include, among others, the Human DNA Profiling Bill, 2012, the PIL questioning the data collection under the UID scheme, the draft National Encryption Policy and the Supreme Court judgement in Shreya Singhal v. Union of India, in the context of privacy and surveillance in India. The conference will be a forum for discussion, knowledge exchange and agenda building.

Background Note

In India, the Right to Privacy has been interpreted to mean an individuals’ right to be left alone. In the age of massive use of Information and Communications Technology, it has become imperative to have this right protected. The Supreme Court has held in a number of its decisions that the right to privacy is implicit in the fundamental right to life and personal liberty under Article 21 of the Indian Constitution, though Part III does not explicitly mention this right. Since the 1960s, the Apex Court has been dealing with this issue, primarily with respect to privacy being recognised as a fundamental or common law right and the standards that need to be satisfied in order to impose any restrictions on it.

In the year 2012, the Planning Commission constituted a Group of Experts under the chairmanship of Justice AP Shah, Former Chief Justice of the Delhi High Court to recommend a potential privacy framework for privacy in India. Previously in 2011 the Department of Personnel and Training had prepared a draft Bill on Right to Privacy which has yet to materialize into a comprehensive legislation on privacy. In 2014, a version of the revised Right to Privacy Bill was leaked. Amendments to the Bill aim to protect individuals against misuse of their data by the government or private agencies, and is in the process of being finalized by the Indian Government .

Of late, privacy concerns have gained importance in India due to the initiation of national programmes like the UID Scheme, DNA Profiling, the National Encryption Policy, etc. attracting criticism for their impact on the right to privacy. For example, DeitY introduced a draft National Encryption Policy in September this year to prescribe methods for encryption. However, the policy would have posed significant restriction on the ability of citizens to encrypt online communication. Backlash from the citizens, industry, social media and privacy experts led the Government to withdraw the policy as the measures included made the information system vulnerable in every sense.

Earlier this year, the Apex Court gave a historical judgement by striking down section 66A of the IT (Amendment) Act 2008. The Court upheld section 69A and the Information Technology (Procedure & Safeguards for Blocking for Access of Information by Public) Rules 2009 to be constitutionally valid, which accords the government with the authority to block transmission of information and websites when it deems it as necessary for reasons like sovereignty and integrity of India, public order, etc.

Another government initiative which has generated considerable controversy for its threat to privacy is the UID project which aims to issue a unique identification number to all citizens by the Unique Identification Authority of India, which can be authenticated and verified online. In August this year, the Supreme Court, vide an interim order, restricted the use of Aadhaar by declaring it to be optional for availing government benefits and services. Though the Government contended the right to privacy as a fundamental right in India, the Court deferred this issue to a larger Constitutional Bench, and the Supreme Court upheld its decision yet again in the month of October.

Similarly, the d raft Human DNA P rofiling B ill 2015 is being questioned on grounds of privacy invasion on a massive scale as it aims to collect and store the DNA samples of criminals, suspects, volunteers, and victims and regulate DNA laboratories and DNA sampling for use by law enforcement agencies. The Bill also fails to include comprehensive privacy safeguards and provisions regarding collection of DNA samples with or without the consent of an individual, making individual privacy an important concern.

Going by these ongoing debates, one can say that Privacy as a right has primarily evolved by way of judicial interpretation and continues to evolve in light of several controversial Government policies, projects and schemes. However its development is often undermined by tension between several competing national interests which calls for clear guidelines to protect this inviolable right of the citizens.

Download the Invite

For more details visit https://cis-india.org/internet-governance/events/communication-rights-in-the-age-of-digital-technology

Dadri reopens debate on online hate speech

praskrishna — 2015-10-11T05:42:02Z

The friction between free speech and hate speech has become newly intense because of social media. Twitter reflected the turmoil after the lynching of Mohammed Akhlaq in Dadri, Uttar Pradesh, when some tweets justified the murder as a legitimate reaction against cow-slaughter, trending the hashtag #cowmurderers.

The article by Amulya Gopalakrishnan was published in the Times of India on October 9, 2015. Pranesh Prakash gave inputs.

"Jo bhi gau ka mans khaye, use aur uske parivar ko turant maar do (those who eat beef should be killed along with their families)" is just one example of the kind of tweets that got an FIR filed against the handle. The UP police also booked a person for spreading inflammatory rumours about cow-smugglers killing a police officer.

Their comrades immediately alleged censorship, and various profiles with pictures of weapon-brandishing deities rallied under hashtags of support. Taslima Nasreen summed up their grievance, claiming that "free speech allows hate tweets".

There are, of course reasonable restrictions to free speech when it looks likely to spiral into violence, what a 1989 Supreme Court judgment called a "spark in a powder keg" situation. The IPC has Section 153A, 153B, 295 and 505 and more, which curb speech that promotes enmity between groups on the basis of religion, race, place, birth or language, defiles places of worship, insults religious sentiments, creates public mischief and so on. But social media presents an almost daily dilemma, and makes it clear that it is time for more discriminating decisions on what kinds of extreme speech can be gagged. As the SC judgment knocking down the over-broad Section 66A of the IT Act noted, discussion and advocacy , however, hateful or prejudiced, are not incitement.

All hate speech seeks to sharpen tensions, but not all such speech is equally damaging. As Pranesh Prakash, policy director of the Centre for Internet and Society , Bangalore, puts it, "freedom of speech operates within fields of power".Hate speech either aims to taunt and diminish a minority, or tell others in an in-group that their feelings are shared.Different countries make their own judgment calls as they balance these two values, both fundamental to a democracy: free expression and the defence of human dignity and inclusion.

Internet intermediaries, ISPs or powerful private corporations like Twitter and Facebook, have to comply with court orders and official government requests, but they are not always on the same page about unacceptable content. For a company like Twitter, for instance, the need to preserve individual voices, however discordant, is more valuable than the need to create a more perfect public sphere. It advised offended users to simply block controversial content, though recently , it has begun to consider "direct, repeated attacks on an individual" a potential violation too.

Susan Benesch, of Harvard University's Berkman Center, has suggested a framework to identify a dangerous speech act, which factors in the profile of the speaker, the emotional state of the audience, the content of the speech itself as a call to action, the social context in which it occurs, and the means used to spread it.

The UP police has a social media lab to track and scotch rumours. "That's how we recently busted a false story about a khap panchayat ordering gangrapes," says a UP police official who did not wish to be named. Rather than appealing to the social media company for takedowns -an onerous process, and one where provocations are often difficult to explain -it is easier to find and deal with the source of the content, he says. One can identify problematic material either by location or keywords, says Ponnurangam K, assistant professor at IIIT, Delhi, who has developed the social network analytics tool used by UP police. Given the speed and scale of the internet and the volume of user-generated content, legal curbs cannot be invoked for every instance of hate speech. "It is far more feasible to monitor these rumours and take preventive action on the ground, where the harm is likely to be felt, and to use the same medium to counter the rumours with truth," says Prakash. Social media was assumed to have responsible for spreading the 2011 riots in the UK, but it turned out to be even more effective in stemming the contagion, righting rumours and helping law enforcers.

During the 2013 general election in Kenya, the Umati project trawled social media for trending hate content and tried to counter its effects by exposing and shunning those advocating violence. A repository called Hatebase tries to identify local words and phrases that indicate brewing trouble, to make it easier to find the active signals of threat from the low-level hum -repeated references to cow meat in India, or "sakkiliya", a Sinhala word to disparage Tamils in Sri Lanka.

"The government should work with platforms to find the nodes of dangerous speech, to counter them, and support campaigns for those victimised," says Chinmayi Arun, research director of the Centre for Communication Governance at the National Law University, Delhi, who is leading a three-year project on online hate speech, in collaboration with the Berkman Center.

It is far more effective to boost media literacy, help people sniff out bias and propaganda, understand how photos can be morphed and fake videos passed off as real. "Law enforcers need the imagination and patience to develop these strategies, rather than try to censor controversial speech wherever possible," she says.

Of course, when IT cells of political parties are the fount of the most of these excitable handles, that's easier said than done.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-amulya-gopalakrishnan-october-9-2015-dadri-reopens-debate-on-online-hate-speech