We are anonymous, we are legion

FOSS & a Free, Open Internet: Synergies for Development

praskrishna — 2016-06-18T17:57:53Z

Internet Governance Forum (IGF) 2015 will be held at Jao Pessoa in Brazil from November 10 to 13, 2015. The theme of IGF 2015 is Evolution of Internet Governance: Empowering Sustainable Development. Civil Society is organizing a workshop on FOSS and a Free, Open Internet. The workshop will be held on November 13, 2015 from 2.00 p.m. to 3.30 p.m. Sunil Abraham and Pranesh Prakash will be speaking at this event.

This was published on the IGF website.

The workshop will explore links between the Free and Open nature of the Internet and the Free and Open Source Software through a series of experience sharing among the speakers as well as audiences. The speakers have been selected on the basis of their wide exposure and geographical and occupational diversity.

As ICTs permeate lives of people around the world, code is fast emerging as an instrument that can change lives. In many parts of the world, the 4Rs of primary education are Reading, wRiting, aRithmetic and pRogramming, indicative of the role that ICTs will play in the future.

Free and Open Source Software (FOSS) is, inter alia, a mechanism whereby code, and consequently the ability to code, is being democratized. In contrast with centralized proprietary models, FOSS allows decentralized creation, distribution and maintenance of code. Such democratization enables grassroots level application of code to solve local problems, leading to more empowered communities. Free flow of code is therefore important to ensure that communities to stay 'plugged in' and current. Code also enables communities to side-step practices such as surveillance, censorship.

A Free, Open, Unfragmented Internet is of critical importance to FOSS--without a free Internet, the FOSS-based peer-production methodologies for code would be infeasible. Interestingly, the Internet also needs the innovations of FOSS to remain free & open, thus forming a positive mutual dependency.

Both FOSS and the Internet are at risk from forces that are seeking increasing control over content and fragmentation, challenging its openness. This would be inimical to the rights of present & future generations to use technology to improve their lives.

The Round-table seeks to highlight perspectives from the participants about the future co-developemnt of FOSS and a free, open Internet; the threats that are emerging; and ways for communities to surmount these.

Name, stakeholder group, and organizational affiliation of workshop proposal co-organizer(s)

Civil Society
Technical Community
Private Sector

Has the proposer, or any of the co-organizers, organized an IGF workshop before?

yes

The link to the workshop report

http://wsms1.intgovforum.org/content/no80-steady-stepsfoss-and-mdgs

Subject matter #tags that describe the workshop

#openInternet #foss #codefordev

Description of the plan to facilitate discussion amongst speakers, audience members and remote participants

Besides specially identified resource persons, the Roundtable will invite IGF participants who are part of FOSS communities around the world (particularly Brazil, which has a vibrant FOSS community). Participation will include real-time remote participation from FOSS communities around the world, as well as Twitter and email-based submission of ideas and thoughts.

The Round-table format has been chosen for many-to-many interactions so as to generate a wealth of ideas. No speaker shall speak for more than 5 minutes. Two moderators will guide discussions, and a rapporteur will ensure that ideas are captured. The report of the Roundtable would be posted to all participating communities so as to stimulate grassroots-level action.

Names and affiliations (stakeholder group, organization) of the participants in the proposed workshop

Mr.Satish Babu, Technical Community, Director, International Centre for FOSS, Trivandrum, India, who shall provide technical inputs of FOSS and its relevance, particularly to emerging economies, Confirmed

Ms. Judy Okite, Civil Society, FOSS Foundation for Africa, is an experienced activist who has been promoting the use of FOSS in Africa. Seeking funding at present.

Ms. Mishi Choudhary, Private Sector, Software Freedom Law Centre, New York, is a lawyer working with FOSS and its legal implications for over two decades. Confirmed

Mr. Fernando Botelho, Private Sector, heads F123 Systems, Brazil, a FOSS-centric company that provides accessibility solutions to visually impaired people. Confirmed

Mr. Sunil Abraham, Centre for Internet and Society (CIS), Bangalore, a civil society organization working on Internet and public policy. Confirmed

Mr. Pranesh Prakash, Centre for Internet and Society (CIS), Bangalore, a civil society organization working on Internet and public policy. Confirmed

Ms. Nnenna Nwakanma- WWW.Foundation, a Civil Society organization working in Africa on a broad range of areas including FOSS. Confirmed

Mr. Yves MIEZAN EZO, Open Source strategy consultant, Private Sector. Seeking funding for participation.

Mr. Harish Pillay, Private Sector, RedHat Asia-Pacific. Seeking funding for participation.

Corinto Meffe, Advisor to the President and Directors, SERPRO, Brazil. Confirmed

Frank Coelho de Alcantara, Professor, Universidade Positivo, Brazil, Confirmed

Ms. Caroline Burle, Institutional and International Relations, W3C Brazil Office and Center of Studies on Web Technologies - CeWeb.br (a CGI.br/NIC.br initiative). Confirmed

Name of in-person Moderator(s)

Satish Babu, Mishi Choudhary

Name of Remote Moderator(s)

Judy Okite

Name of Rapporteur(s)

Pranesh Prakash

Description of the proposer's plans for remote participation

Besides around 30 persons at the IGF, we will be providing wide publicity for the workshop through FOSS communities and networks. Besides live audio/video participation, Twitter shall be a key resource for real-time participation. There shall be a Twitter co-ordinator identified whose role will be to tweet the salient points at the Roundtable periodically for the benefit of documenting and informing interested communities.

For those that have either technical difficulties or time-zone problems, ideas and comments can be submitted by email before the workshop to the moderators.

For more details visit https://cis-india.org/internet-governance/news/foss-a-free-open-internet-synergies-for-development

Sustainable Development Goals (SDGs) and Internet Economy

praskrishna — 2015-10-16T15:40:15Z

Internet Governance Forum (IGF) 2015 will be held at Jao Pessoa in Brazil from November 10 to 13, 2015. The theme of IGF 2015 is Evolution of Internet Governance: Empowering Sustainable Development. Multistakeholder Advisory Group (MAG) is organizing a session on “Sustainable Development Goals (SDGs) and Internet Economy” on November 11, 2015 from 9.30 a.m. to 12.30 p.m. Sunil Abraham is participating in this session as a speaker.

The discussions at the IGF session aim to reflect the importance of Internet Economy and Internet Enablement for the fulfillment of different SDGs and also identify some best practices to inform policy makers on the ways in which Internet can serve broader and more strategic developmental objectives.

The session will include discussions on the following :

The Vision toward 2030: Sustainable Development long term opportunities and challenges
Internet Economy & Internet Role in Delivering the SDGs (Key opportunities & key Success Factors): Human Capital (a) Internet Entrepreneurship (b) Equality (c) ICT Capacity building: Applications (d) Right to Health, Education, timely Justice, environment protection, society engagement (e) Access to Information (f) Availability of Local Content Online (g) Intellectual Property Right: Access and Infrastructure - Internet Availability and Affordability: Policy and Regulatory Support and Business eco-system: To enable Access, Applications and Content development and usage, Entrepreneurship and Capacity building.
Aligning the next phase of IGF with the SDGs /Post 2015 UN Develpment Agenda: Optimizing Eco System and Multistakeholder approach

About IGF 2015

Internet Governance Forum (IGF) is a multistakeholder, democratic and transparent forum which facilitates discussions on public policy issues related to key elements of Internet governance. IGF provides enabling platform for discussions among all stakeholders in the Internet governance ecosystem, including all entities accredited by the World Summit on the Information Society (WSIS), as well as other institutions and individuals with proven expertise and experience in all matters related to Internet governance.

After consulting the wider Internet community and discussing the overarching theme of the 2015 IGF meeting, the Multistakeholder Advisory Group decided to retain the title “Evolution of Internet Governance: Empowering Sustainable Development”. This theme will be supported by eight sub-themes that will frame the discussions at the João Pessoa meeting

For more details visit https://cis-india.org/internet-governance/news/sustainable-development-goals-sdgs-and-internet-economy

Cyfy 2015: The India Conference on Cyber Security and Internet Governance

praskrishna — 2015-10-17T14:44:42Z

In its third year, Cyfy; South Asia’s biggest internet policy conference is being held in New Delhi, from 14-16 October, 2015. The event is organized by Observer Research Foundation at Hotel Taj Mansingh. Sunil Abraham is a panelist in the session "Protection of Intellectual Property and Business Secrets in the Knowledge Economy".

Building on its scope and scale of the previous year — over 55 speakers, from 12 countries, with 350 attendees — the conference discusses issues that affect the emerging world and developed world alike. The conversations will further and widen the debate around internet governance, security, surveillance, freedom of expression, norms of state behaviour, technology and specific societal challenges that emerging and developing countries seek to address by the effective design and deployment on these technologies. In 2015, Cyfy will bring together more experts from South Asia, in order to present new thought on the specific challenges of internet access, policy and regulation, e-governance, financial inclusion, and bottom of the pyramid solutions.

Along with its growing network of both Indian and international partners, ORF looking forward to hosting another thought-provoking and productive few days, and bridging some digital divides in contemporary internet cyber policy debates.

Protection of Intellectual Property and Business Secrets in the Knowledge Economy

Over the past decade, there has been an exponential rise in cyber-enabled theft of intellectual property, and it has been recognized as an unfair predatory practice. With the rise of the globalized knowledge economy, the stability of open trading systems increasingly depends on cross-border IP protection. What is the relevance of the protection of intellectual property and business secrets for economic development and stability of the international trading system?

Download the agenda For more info visit here.

For more details visit https://cis-india.org/internet-governance/news/cyfy-2015-india-conference-on-cyber-security-and-internet-governance

Comments on the Zero Draft of the UN General Assembly’s Overall Review of the Implementation of WSIS Outcomes (WSIS+10)

geetha — 2015-10-16T02:44:16Z

On 9 October 2015, the Zero Draft of the UN General Assembly's Overall Review of implementation of WSIS Outcomes was released. Comments were sought on the Zero Draft from diverse stakeholders. The Centre for Internet & Society's response to the call for comments is below.

These comments were prepared by Geetha Hariharan with inputs from Sumandro Chattapadhyay, Pranesh Prakash, Sunil Abraham, Japreet Grewal and Nehaa Chaudhari. Download the comments here.

The Zero Draft of the UN General Assembly’s Overall Review of the Implementation of WSIS Outcomes (“Zero Draft”) is divided into three sections: (A) ICT for Development; (B) Internet Governance; (C) Implementation and Follow-up. CIS’ comments follow the same structure.
The Zero Draft is a commendable document, covering crucial areas of growth and challenges surrounding the WSIS. The Zero Draft makes detailed references to development-related challenges, noting the persistent digital divide, the importance of universal access, innovation and investment, and of enabling legal and regulatory environments conducive to the same. It also takes note of financial mechanisms, without which principles would remain toothless. Issues surrounding Internet governance, particularly net neutrality, privacy and the continuation of the IGF are included in the Zero Draft.
However, we believe that references to these issues are inadequate to make progress on existing challenges. Issues surrounding ICT for Development and Internet Governance have scarcely changed in the past ten years. Though we may laud the progress so far achieved, universal access and connectivity, the digital divide, insufficient funding, diverse and conflicting legal systems surrounding the Internet, the gender divide and online harassment persist. Moreover, the working of the IGF and the process of Enhanced Cooperation, both laid down with great anticipation in the Tunis Agenda, have been found wanting.
These need to be addressed more clearly and strongly in the Zero Draft. In light of these shortcomings, we suggest the following changes to the Zero Draft, in the hope that they are accepted.
A. ICT for Development
Paragraphs 16-21 elaborate upon the digital divide – both the progresses made and challenges. While the Zero Draft recognizes the disparities in access to the Internet among countries, between men and women, and of the languages of Internet content, it fails to attend to two issues.
First, accessibility for persons with disabilities continues to be an immense challenge. Since the mandate of the WSIS involves universal access and the bridging of the digital divide, it is necessary that the Zero Draft take note of this continuing challenge.
We suggest the insertion of Para 20A after Para 20:
“20A. We draw attention also to the digital divide adversely affecting the accessibility of persons with disabilities. We call on all stakeholders to take immediate measures to ensure accessibility for persons with disabilities by 2020, and to enhance their capacity and access to ICTs.”
Second, while the digital divide among the consumers of ICTs has decreased since 2003-2005, the digital production divide goes unmentioned. The developing world continues to have fewer producers of technology compared to their sheer concentration in the developed world – so much so that countries like India are currently pushing for foreign investment through missions like ‘Digital India’. Of course, the Zero Draft refers to the importance of private sector investment (Para 31). But it fails to point out that currently, such investment originates from corporations in the developed world. For this digital production divide to disappear, restrictions on innovation – restrictive patent or copyright regimes, for instance – should be removed, among other measures. Equitable development is the key.
Ongoing negotiations of plurilateral agreements such as the Trans-Pacific Partnership (TPP) go unmentioned in the Zero Draft. This is shocking. The TPP has been criticized for its excessive leeway and support for IP rightsholders, while incorporating non-binding commitments involving the rights of users (see Clause QQ.G.17 on copyright exceptions and limitations, QQ.H.4 on damages and QQ.C. 12 on ccTLD WHOIS, https://wikileaks.org/tpp-ip3/WikiLeaks-TPP-IP-Chapter/WikiLeaks-TPP-IP-Chapter-051015.pdf). Plaudits for progress make on the digital divide would be lip service if such agreements were not denounced.
Therefore, we propose the addition of Para 20B after Para 20:
“20B. We draw attention also to the digital production divide among countries, recognizing that domestic innovation and production are instrumental in achieving universal connectivity. Taking note of recent negotiations surrounding restrictive and unbalanced plurilateral trade agreements, we call on stakeholders to adopt policies to ensure globally equitable development, removing restrictions on innovation and conducive to fostering domestic and local production.”
Paragraph 22 of the Zero Draft acknowledges that “school curriculum requirements for ICT, open access to data and free flow of information, fostering of competition, access to finance”, etc. have “in many countries, facilitated significant gains in connectivity and sustainable development”.
This is, of course, true. However, as Para 23 also recognises, access to knowledge, data and innovation have come with large costs, particularly for developing countries like India. These costs are heightened by a lack of promotion and adoption of open standards, open access, open educational resources, open data (including open government data), and other free and open source practices. These can help alleviate costs, reduce duplication of efforts, and provide an impetus to innovation and connectivity globally.
Not only this, but the implications of open access to data and knowledge (including open government data), and responsible collection and dissemination of data are much larger in light of the importance of ICTs in today’s world. As Para 7 of the Zero Draft indicates, ICTs are now becoming an indicator of development itself, as well as being a key facilitator for achieving other developmental goals. As Para 56 of the Zero Draft recognizes, in order to measure the impact of ICTs on the ground – undoubtedly within the mandate of WSIS – it is necessary that there be an enabling environment to collect and analyse reliable data. Efforts towards the same have already been undertaken by the United Nations in the form of “Data Revolution for Sustainable Development”. In this light, the Zero Draft rightly calls for enhancement of regional, national and local capacity to collect and conduct analyses of development and ICT statistics (Para 56). Achieving the central goals of the WSIS process requires that such data is collected and disseminated under open standards and open licenses, leading to creation of global open data on the ICT indicators concerned.
As such, we suggest that following clause be inserted as Para 23A to the Zero Draft:

“23A. We recognize the importance of access to open, affordable, and reliable technologies and services, open access to knowledge, and open data, including open government data, and encourage all stakeholders to explore concrete options to facilitate the same.”

15. Paragraph 30 of the Zero Draft laments “the lack of progress on the Digital Solidarity Fund”, and calls “for a review of options for its future”.

16. The Digital Solidarity Fund was established with the objective of “transforming the digital divide into digital opportunities for the developing world” through voluntary contributions [Para 28, Tunis Agenda]. It was an innovative financial mechanism to help bridge the digital divide between developed and developing countries. This divide continues to exist, as the Zero Draft itself recognizes in Paragraphs 16-21.

17. Given the persistent digital divide, a “call for review of options” as to the future of the Digital Solidarity Fund is inadequate to enable developing countries to achieve parity with developed countries. A stronger and more definite commitment is required.

18. As such, we suggest the following language in place of the current Para 30:

“30. We express concern at the lack of progress on the Digital Solidarity Fund, welcomed in Tunis as an innovative financial mechanism of a voluntary nature, and we call for voluntary commitments from States to revive and sustain the Digital Solidarity Fund.”

19. Paragraph 31 of the Zero Draft recognizes the importance of “legal and regulatory frameworks conducive to investment and innovation”. This is eminently laudable. However, a broader vision is more compatible with paving the way for affordable and widespread access to devices and technology necessary for universal connectivity.

20. We suggest the following additions to Para 31:

“31. We recognise the critical importance of private sector investment in ICT access, content and services, and of legal and regulatory frameworks conducive to local investment and expansive, permissionless innovation.”

B. Internet Governance

21. Paragraph 32 of the Zero Draft recognizes the “general agreement that the governance of the Internet should be open, inclusive, and transparent”. Para 37 takes into account “the report of the CSTD Working Group on improvements to the IGF”. Para 37 also affirms the intention of the General Assembly to extend the life of the IGF by (at least) another 5 years, and acknowledges the “unique role of the IGF”.

22. The IGF is, of course, unique and crucial to global Internet governance. In the last 10 years, major strides have been made among diverse stakeholders in beginning and sustaining conversations on issues critical to Internet governance. These include issues such as human rights, inclusiveness and diversity, universal access to connectivity, emerging issues such as net neutrality, the right to be forgotten, and several others. Through its many arms like the Dynamic Coalitions, the Best Practices Forums, Birds-of-a-Feather meetings and Workshops, the IGF has made it possible for stakeholders to connect.

23. However, the constitution and functioning of the IGF have not been without lament and controversy. Foremost among the laments was the IGF’s evident lack of outcome-orientation; this continues to be debatable. Second, the composition and functioning of the MAG, particularly its transparency, have come under the microscope several times. One of the suggestions of the CSTD Working Group on Improvements to the IGF concerned the structure and working methods of the Multistakeholder Advisory Group (MAG). The Working Group recommended that the “process of selection of MAG members should be inclusive, predictable, transparent and fully documented” (Section II.2, Clause 21(a), Page 5 of the Report).

24. Transparency in the structure and working methods of the MAG are critical to the credibility and impact of the IGF. The functioning of the IGF depends, in a large part, on the MAG. The UN Secretary General established the MAG, and it advises the Secretary General on the programme and schedule of the IGF meetings each year (see <http://www.intgovforum.org/cms/mag/44-about-the-mag>). Under its Terms of Reference, the MAG decides the main themes and sub-themes for each IGF, sets or modifies the rules of engagement, organizes the main plenary sessions, coordinates workshop panels and speakers, and crucially, evaluates the many submissions it receives to choose from amongst them the workshops for each IGF meeting. The content of each IGF, then, is in the hands of the MAG.

25. But the MAG is not inclusive or transparent. The MAG itself has lamented its opaque ‘black box approach’ to nomination and selection. Also, CIS’ research has shown that the process of nomination and selection of the MAG continues to be opaque. When CIS sought information on the nominators of the MAG, the IGF Secretariat responded that this information would not be made public (see <http://cis-india.org/internet-governance/blog/mag-analysis>).

26. Further, our analysis of MAG membership shows that since 2006, 26 persons have served for 6 years or more on the MAG. This is astounding, since under the MAG Terms of Reference, MAG members are nominated for a term of 1 year. This 1-year-term is “automatically renewable for 2 more consecutive years”, but such renewal is contingent on an evaluation of the engagement of MAG members in their activities (see <http://www.intgovforum.org/cms/175-igf-2015/2041-mag-terms-of-reference>). MAG members ought not serve for over 3 consecutive years, in accordance with their Terms of Reference. But out of 182 MAG members, around 62 members have served more than the 3-year terms designated by their Terms of Reference (see <http://cis-india.org/internet-governance/blog/mag-analysis>).

27. Not only this, but our research showed 36% of all MAG members since 2006 have hailed from the Western European and Others Group (see <http://cis-india.org/internet-governance/blog/mag-analysis>). This indicates a lack of inclusiveness, though the MAG is certainly more inclusive than the composition and functioning of other I-Star organisations such as ICANN.

28. Tackling these infirmities within the MAG would go a long way in ensuring that the IGF lives up to its purpose. Therefore, we suggest the following additions to Para 37:

“37. We acknowledge the unique role of the Internet Governance Forum (IGF) as a multistakeholder platform for discussion of Internet governance issues, and take note of the report and recommendations of the CSTD Working Group on improvements to the IGF, which was approved by the General Assembly in its resolution, and ongoing work to implement the findings of that report. We reaffirm the principles of openness, inclusiveness and transparency in the constitution, organisation and functioning of the IGF, and in particular, in the nomination and selection of the Multistakeholder Advisory Group (MAG). We extend the IGF mandate for another five years with its current mandate as set out in paragraph 72 of the Tunis Agenda for the Information Society. We recognize that, at the end of this period, progress must be made on Forum outcomes and participation of relevant stakeholders from developing countries.”

29. Paragraphs 32-37 of the Zero Draft make mention of “open, inclusive, and transparent” governance of the Internet. It fails to take note of the lack of inclusiveness and diversity in Internet governance organisations – extending across representation, participation and operations of these organisations. In many cases, mention of inclusiveness and diversity becomes tokenism or formal (but not operational) principle. In substantive terms, the developing world is pitifully represented in standards organisations and in ICANN, and policy discussions in organisations like ISOC occur largely in cities like Geneva and New York. For example, the ‘diversity’ mailing list of IETF has very low traffic. Within ICANN, 307 out of 672 registries listed in ICANN’s registry directory are based in the United States, while 624 of the 1010 ICANN-accredited registrars are US-based. Not only this, but 80% of the responses received by ICANN during the ICG’s call for proposals were male. A truly global and open, inclusive and transparent governance of the Internet must not be so skewed.

30. We propose, therefore, the addition of a Para 37A after Para 37:

“37A. We draw attention to the challenges surrounding diversity and inclusiveness in organisations involved in Internet governance, and call upon these organisations to take immediate measures to ensure diversity and inclusiveness in a substantive manner.”

31. Paragraphs 36 of the Zero Draft notes that “a number of member states have called for an international legal framework for Internet governance.” But it makes no reference to ICANN or the importance of the ongoing IANA transition to global Internet governance. ICANN and its monopoly over several critical Internet resources was one of the key drivers of the WSIS in 2003-2005. Unfortunately, this focus seems to have shifted entirely. Open, inclusive, transparent and global Internet are misnomer-principles when ICANN – and in effect, the United States – continues to have monopoly over critical Internet resources. The allocation and administration of these resources should be decentralized and distributed, and should not be within the disproportionate control of any one jurisdiction.

32. Therefore, we suggest the following Para 37A after Para 37:

“37A. We affirm that the allocation, administration and policy involving critical Internet resources must be inclusive and decentralized, and call upon all stakeholders and in particular, states and organizations responsible for essential tasks associated with the Internet, to take immediate measures to create an environment that facilitates this development.”

33. Paragraph 43 of the Zero Draft encourages “all stakeholders to ensure respect for privacy and the protection of personal information and data”. But the Zero Draft inadvertently leaves out the report of the Office of the UN High Commissioner for Human Rights on digital privacy, ‘The right to privacy in the digital age’ (A/HRC/27/37). This report, adopted by the Human Rights Council in June 2014, affirms the importance of the right to privacy in our increasingly digital age, and offers crucial insight into recent erosions of privacy. It is both fitting and necessary that the General Assembly take note of and affirm the said report in the context of digital privacy.

34. We offer the following suggestion as an addition to Para 43:

“43. We emphasise that no person shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home, or correspondence, consistent with countries’ applicable obligations under international human rights law. In this regard, we acknowledge the report of the Office of the UN High Commissioner for Human Rights, ‘The right to privacy in the digital age’ (A/HRC/27/37, 30 June 2014), and take note of its findings. We encourage all stakeholders to ensure respect for privacy and the protection of personal information and data.”

35. Paragraphs 40-44 of the Zero Draft state that communication is a fundamental human need, reaffirming Article 19 of the Covenant on Civil and Political Rights, with its attendant narrow limitations. The Zero Draft also underscores the need to respect the independence of the press. Particularly, it reaffirms the principle that the same rights that people enjoy offline must also be protected online.

36. Further, in Para 31, the Zero Draft recognizes the “critical importance of private sector investment in ICT access, content, and services”. This is true, of course, but corporations also play a crucial role in facilitating the freedom of speech and expression (and all other related rights) on the Internet. As the Internet is led largely by the private sector in the development and distribution of devices, protocols and content-platforms, corporations play a major role in facilitating – and sometimes, in restricting – human rights online. They are, in sum, intermediaries without whom the Internet cannot function.

37. Given this, it is essential that the outcome document of the WSIS+10 Overall Review recognize and affirm the role of the private sector, and crucially, its responsibilities to respect and protect human rights online.

38. We suggest, therefore, the insertion of the following paragraph Para 42A, after Para 42:

“42A. We recognize the critical role played by corporations and the private sector in facilitating human rights online. We affirm, in this regard, the responsibilities of the private sector set out in the Report of the Special Representative of the Secretary General on the issue of human rights and transnational corporations and other business enterprises, A/HRC/17/31 (21 March 2011), and encourage policies and commitments towards respect and remedies for human rights.”

C. Implementation and Follow-up

39. Para 57 of the Zero Draft calls for a review of the WSIS Outcomes, and leaves a black space inviting suggestions for the year of the review. How often, then, should the review of implementation of WSIS+10 Outcomes take place?

40. It is true, of course, that reviews of the implementation of WSIS Outcomes are necessary to take stock of progress and challenges. However, we caution against annual, biennal or other such closely-spaced reviews due to concerns surrounding budgetary allocations.

41. Reviews of implementation of outcomes (typically followed by an Outcome Document) come at considerable cost, which are budgeted and achieved through contributions (sometimes voluntary) from states. Were Reviews to be too closely spaced, budgets that ideally ought to be utilized to bridge digital divides and ensure universal connectivity, particularly for developing states, would be misspent in reviews. Moreover, closely-spaced reviews would only provide superficial quantitative assessments of progress, but would not throw light on longer term or qualitative impacts.

For more details visit https://cis-india.org/internet-governance/blog/comments-on-the-zero-draft-of-the-un-general-assembly2019s-overall-review-of-the-implementation-of-wsis-outcomes-wsis-10

Peering behind the veil of ICANN's DIDP (II)

Padmini Baruah — 2015-10-15T03:14:18Z

In a previous blog post, I had introduced the concept of ICANN’s Documentary Information Disclosure Policy (“DIDP”) and their extremely vast grounds for non-disclosure. In this short post, I have made an analysis of every DIDP request that ICANN has ever responded to, to point out the flaws in their policy that need to be urgently remedied.

Read the previous blog post here. Every DIDP request that ICANN has ever responded to can be accessed here.

The table here is a comprehensive breakdown of all the different DIDP requests that ICANN has responded to. This table is to be read with this document, which has a numbered list of the different non-disclosure exceptions outlined in ICANN’s policy. What I sought to scrutinize was the number of times ICANN has provided satisfactory information, the number of times it has denied information, and the grounds for the same. What we found was alarming:

Of a total of 91 requests (as of 13/10/2015), ICANN has fully and positively responded to only 11.
It has responded partially to 47 of 91 requests, with some amount of information (usually that which is available as public records).
It has not responded at all to 33 of 91 requests.
The Non-Disclosure Clause (1)^{^[1]} has been invoked 17 times.
The Non-Disclosure Clause (2)^{^[2]} has been invoked 39 times.
The Non-Disclosure Clause (3)^{^[3]} has been invoked 31 times.
The Non-Disclosure Clause (4)^{^[4]} has been invoked 5 times.
The Non-Disclosure Clause (5)^{^[5]} has been invoked 34 times.
The Non-Disclosure Clause (6)^{^[6]} has been invoked 35 times.
The Non-Disclosure Clause (7)^{^[7]} has been invoked once.
The Non-Disclosure Clause (8)^{^[8]} has been invoked 22 times.
The Non-Disclosure Clause (9)^{^[9]} has been invoked 30 times.
The Non-Disclosure Clause (10)^{^[10]} has been invoked 10 times.
The Non-Disclosure Clause (11)^{^[11]} has been invoked 12 times.
The Non-Disclosure Clause (12)^{^[12]} has been invoked 18 times.

This data is disturbing because it reveals that ICANN has in practice been able to deflect most requests for information. It regularly utilised its internal processes and discussions with stakeholders clauses, as well as clauses on protecting financial interests of third parties (over 50% of the total non-disclosure clauses ever invoked - see chart below) to do away with having to provide information on pertinent matters such as its compliance audits and reports of abuse to registrars. We believe that even if ICANN is a private entity legally, and not at the same level as a state, it nonetheless plays the role of regulating an enormous public good, namely the Internet. Therefore, there is a great onus on ICANN to be far more open about the information that they provide.

Finally, it is extremely disturbing that they have extended full disclosure to only 12% of the requests that they receive. An astonishing 88% of the requests have been denied, partly or otherwise. Therefore, it is clear that there is a failure on part of ICANN to uphold the transparency it claims to stand for, and this needs to be remedied at the earliest.

^{^[1]} “Information provided by or to a government or international organization, or any form of recitation of such information, in the expectation that the information will be kept confidential and/or would or likely would materially prejudice ICANN's relationship with that party”

^{^[2]} “Internal information that, if disclosed, would or would be likely to compromise the integrity of ICANN's deliberative and decision-making process by inhibiting the candid exchange of ideas and communications, including internal documents, memoranda, and other similar communications to or from ICANN Directors, ICANN Directors' Advisors, ICANN staff, ICANN consultants, ICANN contractors, and ICANN agents”

^{^[3]} “Information exchanged, prepared for, or derived from the deliberative and decision-making process between ICANN, its constituents, and/or other entities with which ICANN cooperates that, if disclosed, would or would be likely to compromise the integrity of the deliberative and decision-making process between and among ICANN, its constituents, and/or other entities with which ICANN cooperates by inhibiting the candid exchange of ideas and communications”

^{^[4]} “Personnel, medical, contractual, remuneration, and similar records relating to an individual's personal information, when the disclosure of such information would or likely would constitute an invasion of personal privacy, as well as proceedings of internal appeal mechanisms and investigations”

^{^[5]} “Information provided to ICANN by a party that, if disclosed, would or would be likely to materially prejudice the commercial interests, financial interests, and/or competitive position of such party or was provided to ICANN pursuant to a nondisclosure agreement or nondisclosure provision within an agreement”

^{^[6]} “Confidential business information and/or internal policies and procedures”

^{^[7]} “Information that, if disclosed, would or would be likely to endanger the life, health, or safety of any individual or materially prejudice the administration of justice”

^{^[8]} “Information subject to the attorney– client, attorney work product privilege, or any other applicable privilege, or disclosure of which might prejudice any internal, governmental, or legal investigation”

^{^[9]} “Drafts of all correspondence, reports, documents, agreements, contracts, emails, or any other forms of communication”

^{^[10]} “Information that relates in any way to the security and stability of the Internet, including the operation of the L Root or any changes, modifications, or additions to the root zone”

^{^[11]} “Trade secrets and commercial and financial information not publicly disclosed by ICANN”

^{^[12]} “Information requests: (i) which are not reasonable; (ii) which are excessive or overly burdensome; (iii) complying with which is not feasible; or (iv) are made with an abusive or vexatious purpose or by a vexatious or querulous individual”

For more details visit https://cis-india.org/internet-governance/blog/peering-behind-the-veil-of-icanns-didp-ii

Contestations of Data, ECJ Safe Harbor Ruling and Lessons for India

jyoti — 2015-10-14T14:40:08Z

The European Court of Justice has invalidated a European Commission decision, which had previously concluded that the 'Safe Harbour Privacy Principles' provide adequate protections for European citizens’ privacy rights for the transfer of personal data between European Union and United States. The inadequacies of the framework is not news for the European Commission and action by ECJ has been a long time coming. The ruling raises important questions about how the claims of citizenship are being negotiated in the context of the internet, and how increasingly the contestations of personal data are being employed in the discourse.

The European Court of Justice (ECJ) has invalidated a European Commission (EC) decision¹ which had previously concluded that the 'Safe Harbor Privacy Principles'² provide adequate protections for European citizens’ privacy rights³ for the transfer of personal data between European Union and United States. This challenge stems from the claim that public law enforcement authorities in America obtain personal data from organisations in safe harbour for incompatible and disproportionate purposes in violation of the Safe Harbour Privacy Principles. The court's judgment follows the advice of the Advocate General of the Court of Justice of the European Union (CJEU) who recently opined⁴ that US practices allow for large-scale collection and transfer of personal data belonging to EU citizens without them benefiting from or having access to judicial protection under US privacy laws. The inadequacies of the framework is not news for the Commission and action by ECJ has been a long time coming. The ruling raises important questions about how increasingly the contestations of personal data are being employed in asserting claims of citizenship in context of the internet.

As the highest court in Europe, the ECJ's decisions are binding on all member states. With this ruling the ECJ has effectively restrained US firms from indiscriminate collection and sharing of European citizens’ data on American soil. The implications of the decision are significant, because it shifts the onus of evaluating protections of personal data for EU citizens from the 4,400 companies⁵ subscribing to the system onto EU privacy watchdogs. Most significantly, in addressing the rights of a citizen against an established global brand, the judgement goes beyond political and legal opinion to challenge the power imbalance that exists with reference to US based firms.

Today, the free movement of data across borders is a critical factor in facilitating trade, financial services, governance, manufacturing, health and development. However, to consider the ruling as merely a clarification of transatlantic mechanisms for data flows misstates the real issue. At the heart of the judgment is the assessment whether US firms apply the tests of ‘necessity and proportionality’ in the collection and surveillance of data for national security purposes. Application of necessity and proportionality test to national security exceptions under safe harbor has been a sticking point that has stalled the renegotiation of the agreement that has been underway between the Commission and the American data protection authorities.⁶

For EU citizens the stake in the case are even higher, as while their right to privacy is enshrined under EU law, they have no administrative or judicial means of redress, if their data is used for reasons they did not intend. In the EU, citizens accessing and agreeing to use of US based firms are presented with a false choice between accessing benefits and giving up on their fundamental right to privacy. In other words, by seeking that governments and private companies provide better data protection for the EU citizens and in restricting collection of personal data on a generalised basis without objective criteria, the ruling is effectively an assertion of ‘data sovereignty’. The term ‘data sovereignty’, while lacking a firm definition, refers to a spectrum of approaches adopted by different states to control data generated in or passing through national internet infrastructure.⁷ Underlying the ruling is the growing policy divide between the US and EU privacy and data protection standards, which may lead to what is referred to as the balkanization⁸ of the internet in the future.

US-EU Data Protection Regime

The safe harbor pact between the EU and US was negotiated in the late 1990s as an attempt to bridge the different approaches to online privacy. Privacy is addressed in the EU as a fundamental human right while in the US it is defined under terms of consumer protection, which allow trade-offs and exceptions when national security seems to be under threat. In order to address the lower standards of data protection prevalent in the US, the pact facilitates data transfers from EU to US by establishing certain safeguards equivalent to the requirements of the EU data protection directive. The safe harbor provisions include firms undertaking not to pass personal information to third parties if the EU data protection standards are not met and giving users right to opt out of data collection.⁹

The agreement was due to be renewed by May 2015¹⁰ and while negotiations have been ongoing for two years, EU discontent on safe harbour came to the fore following the Edward Snowden revelations of collection and monitoring facilitated by large private companies for the PRISM program and after the announcement of the TransAtlantic Trade and Investment Partnership (TTIP).¹¹ EU member states have mostly stayed silent as they run their own surveillance programs often times, in cooperation with the NSA. EU institutions cannot intervene in matters of national security however, they do have authority on data protection matters. European Union officials and Members of Parliament have expressed shock and outrage at the surveillance programs unveiled by Snowden's 2013 revelations. Most recently, following the CJEU Advocate General’s opinion, 50 Members of European Parliament (MEP) sent a strongly worded letter the US Congress hitting back on claims of ‘digital protectionism’ emanating from the US¹². In no uncertain terms the letter clarified that the EU has different ideas on privacy, platforms, net neutrality, encryption, Bitcoin, zero-days, or copyright and will seek to improve and change any proposal from the EC in the interest of our citizens and of all people.

Towards Harmonization

In November 2013, as an attempt to minimize the loss of trust following the Snowden revelations, the European Commission (EC) published recommendations in its report on 'Rebuilding Trust is EU-US Data Flows'.¹³ The recommendations revealed two critical initiatives at the EU level—first was the revision of the EU-US safe harbor agreement¹⁴ and second the adoption of the 'EU-US Umbrella Agreement¹⁵'—a framework for data transfer for the purpose of investigating, detecting, or prosecuting a crime, including terrorism. The Umbrella Agreement was recently initialed by EU and US negotiators and it only addresses the exchange of personal data between law enforcement agencies.¹⁶ The Agreement has gained momentum in the wake of recent cases around issues of territorial duties of providers, enforcement jurisdictions and data localisation.¹⁷ However, the adoption of the Umbrella Act depends on US Congress adoption of the Judicial Redress Act (JRA) as law.¹⁸

Judicial Redress Act

The JRA is a key reform that the EC is pushing for in an attempt to address the gap between privacy rights and remedies available to US citizens and those extended to EU citizens, including allowing EU citizens to sue in American courts. The JRA seeks to extend certain protections under the Privacy Act to records shared by EU and other designated countries with US law enforcement agencies for the purpose of investigating, detecting, or prosecuting criminal offenses. The JRA protections would extend to records shared under the Umbrella Agreement and while it does include civil remedies for violation of data protection, as noted by the Center for Democracy and Technology, the present framework does not provide citizens of EU countries with redress that is at par with that which US persons enjoy under the Privacy Act.¹⁹

For example, the measures outlined under the JRA would only be applicable to countries that have outlined appropriate privacy protections agreements for data sharing for investigations and ‘efficiently share’ such information with the US. Countries that do not have agreements with US cannot seek these protections leaving the personal data of their citizens open for collection and misuse by US agencies. Further, the arrangement leaves determination of 'efficiently sharing' in the hands of US authorities and countries could lose protection if they do not comply with information sharing requests promptly. Finally, JRA protections do not apply to non-US persons nor to records shared for purposes other than law enforcement such as intelligence gathering. JRA is also weakened by allowing heads of agencies to exercise their discretion to seek exemption from the Act and opt out of compliance.

Taken together the JRA, the Umbrella Act and the renegotiation of the Safe Harbor Agreement need considerable improvements. It is worth noting that EU’s acceptance of the redundancy of existing agreements and in establishing the independence of national data protection authorities in investigating and enforcing national laws as demonstrated in the Schrems and in the Weltimmo²⁰ case point to accelerated developments in the broader EU privacy landscape.

Consequences

The ECJ Safe Harbor ruling will have far-reaching consequences for the online industry. Often, costly government rulings solidify the market dominance of big companies. As high regulatory costs restrict the entrance of small and medium businesses the market, competition is gradually wiped out. Further, complying with high standards of data protection means that US firms handling European data will need to consider alternative legal means of transfer of personal data. This could include evolving 'model contracts' binding them to EU data protection standards. As Schrems points out, “Big companies don’t only rely on safe harbour: they also rely on binding corporate rules and standard contractual clauses.”²¹

The ruling is good news for European consumers, who can now approach a national regulator to investigate suspicions of data mishandling. EU data protection regulators may be be inundated with requests from companies seeking authorization of new contracts and with consumer complaints. Some are concerned that the ruling puts a dent in the globalized flow of data²², effectively requiring data localization in Europe.²³ Others have pointed out that it is unclear how this decision sits with other trade treaties such as the TPP that ban data localisation.²⁴ While the implications of the decision will take some time in playing out, what is certain is that US companies will be have to restructure management, storage and use of data. The ruling has created the impetus for India to push for reforms to protect its citizens from harms by US firms and improve trade relations with EU.

The Opportunity for India

Multiple data flows taking place over the internet simultaneously and that has led to ubiquity of data transfers o ver the Internet, exposing individuals to privacy risks. There has also been an enhanced economic importance of data processing as businesses collect and correlate data using analytic tools to create new demands, establish relationships and generate revenue for their services. The primary concern of the Schrems case may be the protection of the rights of EU citizens but by seeking to extend these rights and ensure compliance in other jurisdictions, the case touches upon many underlying contestations around data and sovereignty.

Last year, Mr Ram Narain, India Head of Delegation to the Working Group Plenary at ITU had stressed, “respecting the principle of sovereignty of information through network functionality and global norms will go a long way in increasing the trust and confidence in use of ICT.”²⁵ In the absence of the recognition of privacy as a right and empowering citizens through measures or avenues to seek redressal against misuse of data, the demand of data sovereignty rings empty. The kind of framework which empowered an ordinary citizen in the EU to approach the highest court seeking redressal based on presumed overreach of a foreign government and from harms abetted by private corporations simply does not exist in India. Securing citizen’s data in other jurisdictions and from other governments begins with establishing protection regimes within the country.

The Indian government has also stepped up efforts to restrict transfer of data from India including pushing for private companies to open data centers in India.²⁶ Negotiating data localisation does not restrict the power of private corporations from using data in a broad ways including tailoring ads and promoting products. Also, data transfers impact any organisation with international operations for example, global multinationals who need to coordinate employee data and information. Companies like Facebook, Google and Microsoft transfer and store data belonging to Indian citizens and it is worth remembering that the National Security Agency (NSA) would have access to this data through servers of such private companies. With no existing measures to restrict such indiscriminate access, the ruling purports to the need for India to evolve strong protection mechanisms. Finally, the lack of such measures also have an economic impact, as reported in a recent Nasscom-Data Security Council of India (DSCI) survey²⁷ that pegs revenue losses incurred by the Indian IT-BPO industry at $2-2.5 billion for a sample size of 15 companies. DSCI has further estimated that outsourcing business can further grow by $50 billion per annum once India is granted a “data secure” status by the EU.²⁸ EU’s refusal to grant such a status is understandable given the high standard of privacy as incorporated under the European Union Data Protection Directive a standard to which India does not match up, yet. The lack of this status prevents the flow of data which is vital for Digital India vision and also affects the service industry by restricting the flow of sensitive information to India such as information about patient records.

Data and information structures are controlled and owned by private corporations and networks transcend national borders, therefore the foremost emphasis needs to be on improving national frameworks. While, enforcement mechanisms such as the Mutual Legal Assistance Treaty (MLAT) process or other methods of international cooperation may seem respectful of international borders and principles of sovereignty,²⁹ for users that live in undemocratic or oppressive regimes such agreements are a considerable risk. Data is also increasingly being stored across multiple jurisdictions and therefore merely applying data location lens to protection measures may be too narrow. Further it should be noted that when companies begin taking data storage decisions based on legal considerations it will impact the speed and reliability of services.³⁰ Any future regime must reflect the challenges of data transfers taking place in legal and economic spaces that are not identical and may be in opposition. Fundamentally, the protection of privacy will always act as a barrier to the free flow of information even so, as the Schrems case ruling points out not having adequate privacy protections could also restrict flow of data, as has been the case for India.

The time is right for India to appoint a data controller and put in place national frameworks, based on nuanced understanding of issues of applying jurisdiction to govern users and their data. Establishing better protection measures will not only establish trust and enhance the ability of users to control data about themselves it is also essential for sustaining economic and social value generated from data generation and collection. Suggestions for such frameworks have been considered previously by the Group of Experts on Privacy constituted by the Planning Commission.³¹ By incorporating transparency in mechanisms for data and access requests and premising requests on established necessity and proportionality Indian government can lead the way in data protection standards. This will give the Indian government more teeth to challenge and address both the dangers of theft of data stored on servers located outside of India and restrain indiscriminate access arising from terms and conditions of businesses that grant such rights to third parties.

1 Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (notified under document number C(2000) 2441) (Text with EEA relevance.) Official Journal L 215 , 25/08/2000 P. 0007 -0047 2000/520/EC: http ://eur -lex .europa .eu /LexUriServ /LexUriServ .do ?uri =CELEX :32000 D 0520:EN :HTML

2 Safe Harbour Privacy Principles Issued by the U.S. Department of Commerce on July 21, 2000 http ://www .export .gov /safeharbor /eu /eg _main _018475.asp

3 Megan Graham, Adding Some Nuance on the European Court ’s Safe Harbor Decision , Just security

https ://www .justsecurity .org /26651/adding -nuance -ecj -safe -harbor -decision /

4 Advocate General’s Opinion in Case C-362/14 Maximillian Schrems v Data Protection Commissioner Court of Justice of the European Union, Press Release, No 106/15 Luxembourg, 23 September 2015 http ://curia .europa .eu /jcms /upload /docs /application /pdf /2015-09/cp 150106 en .pdf

5 Jennifer Baker, ‘EU desperately pushes just-as-dodgy safe harbour alternatives’, The Register, October 7, 2015 http ://www .theregister .co .uk /2015/10/07/eu _pushes _safe _harbour _alternatives /

6 Draft Report, General Data Protection Regulation, Committee on Civil Liberties, Justice and Home Affairs, European Parliament, 2009-2014 http ://www .europarl .europa .eu /meetdocs /2009_2014/documents /libe /pr /922/922387/922387 en .pdf

7 Dana Polatin-Reuben, Joss Wright, ‘An Internet with BRICS Characteristics: Data Sovereignty and the Balkanisation of the Internet’, University of Oxford, July 7, 2014 https ://www .usenix .org /system /files /conference /foci 14/foci 14-polatin -reuben .pdf

8 Sasha Meinrath, The Future of the Internet: Balkanization and Borders, Time, October 2013 http ://ideas .time .com /2013/10/11/the -future -of -the -internet -balkanization -and -borders /

9 Safe Harbour Privacy Principles, Issued by the U.S. Department of Commerce, July 2001 http ://www .export .gov /safeharbor /eu /eg _main _018475.asp

10 Facebook case may force European firms to change data storage practices, The Guardian, September 23, 2015 http ://www .theguardian .com /us -news /2015/sep /23/us -intelligence -services -surveillance -privacy

11 Privacy Tracker, US-EU Safe Harbor Under Pressure, August 2, 2013 https ://iapp .org /news /a /us -eu -safe -harbor -under -pressure

12 Kieren McCarthy, Privacy, net neutrality, security, encryption ... Europe tells Obama, US Congress to back off, The Register, 23 September, 2015 http ://www .theregister .co .uk /2015/09/23/european _politicians _to _congress _back _off /

13 Communication from the Commission to the European Parliament and the Council, Rebuilding Trust in EU-US Data Flows, European Commission, November 2013 http ://ec .europa .eu /justice /data -protection /files /com _2013_846_en .pdf

14 Safe Harbor on trial in the European Union, Access Blog, September 2014 https ://www .accessnow .org /blog /2014/11/13/safe -harbor -on -trial -in -the -european -union

15 European Commission - Fact Sheet Questions and Answers on the EU-US data protection "Umbrella agreement", September 8, 2015 http ://europa .eu /rapid /press -release _MEMO -15-5612_en .htm

16 McGuire Woods, ‘EU and U.S. reach “Umbrella Agreement” on data transfers’, Lexology, September 14, 2015 http ://www .lexology .com /library /detail .aspx ?g =422 bca 41-2 d 54-4648-ae 57-00 d 678515 e 1 f

17 Andrew Woods, Lowering the Temperature on the Microsoft-Ireland Case, Lawfare September, 2015 https ://www .lawfareblog .com /lowering -temperature -microsoft -ireland -case

18 Jens-Henrik Jeppesen, Greg Nojeim, ‘The EU-US Umbrella Agreement and the Judicial Redress Act: Small Steps Forward for EU Citizens’ Privacy Rights’, October 5, 2015 https ://cdt .org /blog /the -eu -us -umbrella -agreement -and -the -judicial -redress -act -small -steps -forward -for -eu -citizens -privacy -rights /

19 Ibid 18.

20 Landmark ECJ data protection ruling could impact Facebook and Google, The Guardian, 2 October, 2015 http ://www .theguardian .com /technology /2015/oct /02/landmark -ecj -data -protection -ruling -facebook -google -weltimmo

21 Julia Powles, Tech companies like Facebook not above the law, says Max Schrems, The Guardian, Octover 9, 2015 http ://www .theguardian .com /technology /2015/oct /09/facebook -data -privacy -max -schrems -european -court -of -justice

22 Adam Thierer, Unintended Consequences of the EU Safe Harbor Ruling, The Technology Liberation Front, October 6, 2015 http ://techliberation .com /2015/10/06/unintended -consequenses -of -the -eu -safe -harbor -ruling /#more -75831

23 Anupam Chander, Tweeted ECJ #schrems ruling may effectively require data localization within Europe, https ://twitter .com /AnupamChander /status /651369730754801665

24 Lokman Tsui, Tweeted, “If the TPP bans data localization, but the ECJ ruling effectively mandates it, what does that mean for the internet?” https ://twitter .com /lokmantsui /status /651393867376275456

25 Statement from Indian Head of Delegation, Mr Ram Narain for WGPL, Indian statement on ITU and Internet at the Working Group Plenary November 4, 2014 https ://ccgnludelhi .wordpress .com /author /asukum 87/page /2/

26 Sounak Mitra, Xiaomi bets big on India despite problems, Business Standard, December 2014 http ://www .business -standard .com /article /companies /xiaomi -bets -big -on -india -despite -problems -114122201023_1.html

27 Neha Alawadi, Ruling on data flow between EU & US may impact India’s IT sector, Economic Times,October 7, 2015 http ://economictimes .indiatimes .com /articleshow /49250738.cms ?utm _source =contentofinterest &utm _medium =text &utm _campaign =cppst

28 Pranav Menon, Data Protection Laws in India and Data Security- Impact on India and Data Security-Impact on India - EU Free Trade Agreement, CIS Access to Knowledge, 2011 http ://cis -india .org /a 2 k /blogs /data -security -laws -india .pdf

29 Surendra Kumar Sinha, India wants Mutual Legal Assistance treaty with Bangladesh, Economic Times, October 7, 2015 http ://economictimes .indiatimes .com /articleshow /49262294.cms ?utm _source =contentofinterest &utm _medium =text &utm _campaign =cppst

30 Pablo Chavez, Director, Public Policy and Government Affairs, Testifying before the U.S. Senate on transparency legislation, November 3, 2013 http ://googlepublicpolicy .blogspot .in /2013/11/testifying -before -us -senate -on .htm

31 Report of the Group of Experts on Privacy (Chaired by Justice A P Shah, Former Chief Justice, Delhi High Court), Planning Commission, October 2012 http ://planningcommission .nic .in /reports /genrep /rep _privacy .pdf

For more details visit https://cis-india.org/internet-governance/blog/contestations-of-data-ecj-safe-harbor-ruling-and-lessons-for-india

Enabling Multi-stakeholder Cooperation - Towards a Transnational Framework for Due Process

praskrishna — 2015-10-14T02:53:07Z

Internet & Jurisdiction Project organized a multi-stakeholder meeting of the global multi-stakeholder dialogue process in 2015 on October 8-9 in Berlin, Germany. Sunil Abraham participated in this meeting.

Since 2012, the Internet & Jurisdiction Project has facilitated a global multi-stakeholder dialogue process to address the tension between the cross-border nature of the Internet and geographically defined national jurisdictions. It provides a neutral platform for states, business, civil society and international organizations to discuss the elaboration of a transnational due process framework to handle the digital coexistence of diverse national laws in shared cross-border online spaces. This pioneering multi-stakeholder cooperation effort seeks to develop a “policy standard” for transnational requests for domain seizures, content takedowns and access to subscriber information.

2015 is an important moment that determines the future of the multi-stakeholder model in global Internet Governance. The Internet & Jurisdiction Project hopes it can provide an opportunity to demonstrate that multi-stakeholder cooperation can produce operational solutions to concrete policy challenges that no stakeholder group can solve on its own.

The meeting will gather key actors from states, Internet companies, technical operators, civil society, academia and international organizations.

This was published on the website of Internet & Jurisdiction Project

For more details visit https://cis-india.org/internet-governance/news/enabling-multi-stakeholder-cooperation-towards-a-transnational-framework-for-due-process

CIS in Top 50 Tech Blogs of India

praskrishna — 2015-10-14T06:24:44Z

The Centre for Internet and Society is on the 30th position among the top technology blogs in India.

This was published by rebateszone on October 7, 2015.

Infographic courtesy: Renuka Thakur

The world of tech blogs is getting bigger and bigger, by time people are getting more and more interested in tech related items, it’s the only reason why we have seen such significant surge in tech blogs during the past few years. So the query that becomes difficult with every minute passing is that which of the tech blogs are worth your time? To help you on this we have created a list of top 50 tech bloggers in India, These weblogs are written by pros in the field, you might find numerous lists on the internet on this particular topic but you won’t be able to find more thorough and handy list that this as we have handpicked each and every blog in this list, we have organized these blogs according to the quality of posts. The other lists that you can find on the internet are sorted according to Alexa rank or number of incoming links, they have just produced those listed for the purpose of forming a new post but this list is produced according to the quality. If you want to stay updated with technology related news, developments etc., then we would recommend you to follow the following 50 tech blogs regularly:

Sr No.	Website/Blog	Facebook	Twitter
1	fonearena.com	165,050	34,583
2	alltechbuzz.net	262,568	3,706
3	bgr.in	143,145	190,922
4	telecomtalk.info	41,205	21,080
5	medianama.com	11,238	241,121
6	techulator.com	9,703	238
7	infosys.com	696,536	164,452
8	9lessons.info	23,945	7,499
9	phoneradar.com	14,898	8,381
10	indianweb2.com	7,738	2,427
11	techpp.com	10,221	17,661
12	techlomedia.in	16,578	6,452
13	techlila.com	20,252	2,904
14	techtricksworld.com	5,331	1,726
15	makingdifferent.com	7,424	—–
16	tipsclear.com	687	15,007
17	hackpundit.com	40	315
18	ampercent.com	2,056	413
19	nirmaltv.com	26,261	6,293
20	pitechnologies.org	7,965	49
21	seotechyworld.com	9,335	4,977
22	igt.in	12,997	666
23	hacktrix.com	9,374	196
24	technodify.com	26,318	3,958
25	webtrickz.com	3,906	907
26	wpxbox.com	16,938	1,242
27	itechcode.com	2,666	4,749
28	techfishy.com	4,791	114
29	zensar.com	7,269	2,778
30	cis-india.org	—–	3,795
31	robosoftin.com	664	1,892
32	digitaldimensions4u.com	3,079	583
33	campustimespune.com	3,121	278
34	msystechnologies.com	325	455
35	techsplurge.com	3,797	1,140
36	zensoftservices.com	203	1,499
37	iltb.net	4,994	1,675
38	savedelete.com	19,978	10,728
39	minterest.org	1,033	12,867
40	thepockettech.com	22,346	12,375
41	thetechbulletin.com	2,522	1,292
42	mobientech.com	525	1,359
43	directingit.com	98	27
44	itpreneurpune.com	1,356	76
45	codemink.com	5,021	196
46	udayarumilli.blogspot.com	103	63
47	saadhvi.com	56	44
48	taraspan.com	8	310
49	cloudnowtech.com	145	55
50	keshavatech.com	2,953	18,139

Here is the Infographic for top 50 tech blogs in India:

For more details visit https://cis-india.org/internet-governance/news/rebateszone-october-7-2015-top-50-technology-blogs-in-india

Communication Rights in the Age of Digital Technology

rakesh — 2015-10-24T07:45:26Z

The Centre for Internet & Society (CIS) invites you to a conference to discuss the evolution of privacy and surveillance in India on Friday, October 30, 2015 at Deck Suite Hall, 5th Floor, Habitat Centre, Lodhi Road, Near Air Force Bal Bharti School, New Delhi - 110003, from 11 a.m. to 5 p.m.

The conference will be conducted in a round-table format. Topics to be discussed shall include, among others, the Human DNA Profiling Bill, 2012, the PIL questioning the data collection under the UID scheme, the draft National Encryption Policy and the Supreme Court judgement in Shreya Singhal v. Union of India, in the context of privacy and surveillance in India. The conference will be a forum for discussion, knowledge exchange and agenda building.

Background Note

In India, the Right to Privacy has been interpreted to mean an individuals’ right to be left alone. In the age of massive use of Information and Communications Technology, it has become imperative to have this right protected. The Supreme Court has held in a number of its decisions that the right to privacy is implicit in the fundamental right to life and personal liberty under Article 21 of the Indian Constitution, though Part III does not explicitly mention this right. Since the 1960s, the Apex Court has been dealing with this issue, primarily with respect to privacy being recognised as a fundamental or common law right and the standards that need to be satisfied in order to impose any restrictions on it.

In the year 2012, the Planning Commission constituted a Group of Experts under the chairmanship of Justice AP Shah, Former Chief Justice of the Delhi High Court to recommend a potential privacy framework for privacy in India. Previously in 2011 the Department of Personnel and Training had prepared a draft Bill on Right to Privacy which has yet to materialize into a comprehensive legislation on privacy. In 2014, a version of the revised Right to Privacy Bill was leaked. Amendments to the Bill aim to protect individuals against misuse of their data by the government or private agencies, and is in the process of being finalized by the Indian Government .

Of late, privacy concerns have gained importance in India due to the initiation of national programmes like the UID Scheme, DNA Profiling, the National Encryption Policy, etc. attracting criticism for their impact on the right to privacy. For example, DeitY introduced a draft National Encryption Policy in September this year to prescribe methods for encryption. However, the policy would have posed significant restriction on the ability of citizens to encrypt online communication. Backlash from the citizens, industry, social media and privacy experts led the Government to withdraw the policy as the measures included made the information system vulnerable in every sense.

Earlier this year, the Apex Court gave a historical judgement by striking down section 66A of the IT (Amendment) Act 2008. The Court upheld section 69A and the Information Technology (Procedure & Safeguards for Blocking for Access of Information by Public) Rules 2009 to be constitutionally valid, which accords the government with the authority to block transmission of information and websites when it deems it as necessary for reasons like sovereignty and integrity of India, public order, etc.

Another government initiative which has generated considerable controversy for its threat to privacy is the UID project which aims to issue a unique identification number to all citizens by the Unique Identification Authority of India, which can be authenticated and verified online. In August this year, the Supreme Court, vide an interim order, restricted the use of Aadhaar by declaring it to be optional for availing government benefits and services. Though the Government contended the right to privacy as a fundamental right in India, the Court deferred this issue to a larger Constitutional Bench, and the Supreme Court upheld its decision yet again in the month of October.

Similarly, the d raft Human DNA P rofiling B ill 2015 is being questioned on grounds of privacy invasion on a massive scale as it aims to collect and store the DNA samples of criminals, suspects, volunteers, and victims and regulate DNA laboratories and DNA sampling for use by law enforcement agencies. The Bill also fails to include comprehensive privacy safeguards and provisions regarding collection of DNA samples with or without the consent of an individual, making individual privacy an important concern.

Going by these ongoing debates, one can say that Privacy as a right has primarily evolved by way of judicial interpretation and continues to evolve in light of several controversial Government policies, projects and schemes. However its development is often undermined by tension between several competing national interests which calls for clear guidelines to protect this inviolable right of the citizens.

Download the Invite

For more details visit https://cis-india.org/internet-governance/events/communication-rights-in-the-age-of-digital-technology

Dadri reopens debate on online hate speech

praskrishna — 2015-10-11T05:42:02Z

The friction between free speech and hate speech has become newly intense because of social media. Twitter reflected the turmoil after the lynching of Mohammed Akhlaq in Dadri, Uttar Pradesh, when some tweets justified the murder as a legitimate reaction against cow-slaughter, trending the hashtag #cowmurderers.

The article by Amulya Gopalakrishnan was published in the Times of India on October 9, 2015. Pranesh Prakash gave inputs.

"Jo bhi gau ka mans khaye, use aur uske parivar ko turant maar do (those who eat beef should be killed along with their families)" is just one example of the kind of tweets that got an FIR filed against the handle. The UP police also booked a person for spreading inflammatory rumours about cow-smugglers killing a police officer.

Their comrades immediately alleged censorship, and various profiles with pictures of weapon-brandishing deities rallied under hashtags of support. Taslima Nasreen summed up their grievance, claiming that "free speech allows hate tweets".

There are, of course reasonable restrictions to free speech when it looks likely to spiral into violence, what a 1989 Supreme Court judgment called a "spark in a powder keg" situation. The IPC has Section 153A, 153B, 295 and 505 and more, which curb speech that promotes enmity between groups on the basis of religion, race, place, birth or language, defiles places of worship, insults religious sentiments, creates public mischief and so on. But social media presents an almost daily dilemma, and makes it clear that it is time for more discriminating decisions on what kinds of extreme speech can be gagged. As the SC judgment knocking down the over-broad Section 66A of the IT Act noted, discussion and advocacy , however, hateful or prejudiced, are not incitement.

All hate speech seeks to sharpen tensions, but not all such speech is equally damaging. As Pranesh Prakash, policy director of the Centre for Internet and Society , Bangalore, puts it, "freedom of speech operates within fields of power".Hate speech either aims to taunt and diminish a minority, or tell others in an in-group that their feelings are shared.Different countries make their own judgment calls as they balance these two values, both fundamental to a democracy: free expression and the defence of human dignity and inclusion.

Internet intermediaries, ISPs or powerful private corporations like Twitter and Facebook, have to comply with court orders and official government requests, but they are not always on the same page about unacceptable content. For a company like Twitter, for instance, the need to preserve individual voices, however discordant, is more valuable than the need to create a more perfect public sphere. It advised offended users to simply block controversial content, though recently , it has begun to consider "direct, repeated attacks on an individual" a potential violation too.

Susan Benesch, of Harvard University's Berkman Center, has suggested a framework to identify a dangerous speech act, which factors in the profile of the speaker, the emotional state of the audience, the content of the speech itself as a call to action, the social context in which it occurs, and the means used to spread it.

The UP police has a social media lab to track and scotch rumours. "That's how we recently busted a false story about a khap panchayat ordering gangrapes," says a UP police official who did not wish to be named. Rather than appealing to the social media company for takedowns -an onerous process, and one where provocations are often difficult to explain -it is easier to find and deal with the source of the content, he says. One can identify problematic material either by location or keywords, says Ponnurangam K, assistant professor at IIIT, Delhi, who has developed the social network analytics tool used by UP police. Given the speed and scale of the internet and the volume of user-generated content, legal curbs cannot be invoked for every instance of hate speech. "It is far more feasible to monitor these rumours and take preventive action on the ground, where the harm is likely to be felt, and to use the same medium to counter the rumours with truth," says Prakash. Social media was assumed to have responsible for spreading the 2011 riots in the UK, but it turned out to be even more effective in stemming the contagion, righting rumours and helping law enforcers.

During the 2013 general election in Kenya, the Umati project trawled social media for trending hate content and tried to counter its effects by exposing and shunning those advocating violence. A repository called Hatebase tries to identify local words and phrases that indicate brewing trouble, to make it easier to find the active signals of threat from the low-level hum -repeated references to cow meat in India, or "sakkiliya", a Sinhala word to disparage Tamils in Sri Lanka.

"The government should work with platforms to find the nodes of dangerous speech, to counter them, and support campaigns for those victimised," says Chinmayi Arun, research director of the Centre for Communication Governance at the National Law University, Delhi, who is leading a three-year project on online hate speech, in collaboration with the Berkman Center.

It is far more effective to boost media literacy, help people sniff out bias and propaganda, understand how photos can be morphed and fake videos passed off as real. "Law enforcers need the imagination and patience to develop these strategies, rather than try to censor controversial speech wherever possible," she says.

Of course, when IT cells of political parties are the fount of the most of these excitable handles, that's easier said than done.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-amulya-gopalakrishnan-october-9-2015-dadri-reopens-debate-on-online-hate-speech

Modi's Valley hug sparks swadeshi talk

praskrishna — 2015-10-11T05:33:55Z

His warm hug of Facebook's Mark Zuckerberg will perhaps be the most abiding image of Narendra Modi's visit to the Silicon Valley.

But that embrace, and what it conveyed, is now becoming the subject for an intense debate among techies here. Is Modi giving in too much to the Googles and Facebooks of the world, when there is so much technology talent within India? Is he taking the easy way out by handing out critical pieces of his Digital India vision to global incumbents rather than build domestic capabilities?

"When the government wanted to build a citizen engagement platform earlier this year, they depended on Google. Now when they want Wi-Fi in railway stations, it's again Google. These are things that can be done by our companies, otherwise we will not be able to create our own digital industry. Remember, we are the people who built Aadhaar," said an industry veteran who did not want to be named.

Nitin Pai, co-founder of Takshashila, an independent policy research and advocacy body that provides services for government agencies, NGOs and corporations, said Modi's team should make a careful distinction between national interest and MNCs' commercial interest. "Many MNCs have come forward to participate in Digital India initiatives. The government will have to look at offering sufficient incentives for innovation to domestic tech companies, many of whom are coming with innovative business models," he said.

Speaking to a cross-section of tech companies here, two sets of concerns emerge. One relates to the concessions that will work in favour of global incumbents and against newcomers - the latter is likely to add more value in the long term. This includes the issue of net neutrality , on which the government is seen to be waffling, and the guidelines issued by the Indian Patent Office declaring that software is patentable in India.

The new guidelines will make it easier for companies to file for software patents in India. But software patenting has become hugely controversial globally , because innova tions in the area are often just incremental, and come on top of other software programs.Besides, patenting is expensive and is often the subject of litigation, both of which work against small ventures with little resources. Companies like Google have spent billions of dollars to buy patents.

Venkatesh Hariharan, member of software product think-tank iSpirt, said the new guidelines would make it easier for bigger companies to file software patents, but for smaller firms and startups, the move could be detrimental."They could end up fighting patent litigations. In the US, 37% of patent litigation is around software and business patents," he said.

Sunil Abraham, executive director in research organization Centre for Internet and Society , fears litigation could kill local innovation. He cited a recent example where a Delhi high court order asked Indian handset manufacturer Micromax to pay 1.25%-2% of the selling price of its devices to Ericsson that had claimed infringement of patents.

The other set of issues relates to certain rules and regulations in India that place significant obstacles before small technology ventures. This is resulting in many ventures shifting their registered offices to Singapore or the US.

Albinder Dindsa's on-demand delivery service Gro fers is among the latest to create a holding company in Singapore. "It is challenging to do business in India. Even opening a bank account took time. We thought it would be easier to do an IPO if we are in Singapore," he said.

A senior industry analyst who did not want to be named said that till last year, two out of four ventures were moving out of India, but now that figure is three out of four. "I would expect the government to do something about it. In fact, the finance minister did say in June that the issues would be addressed within 30 days. But nothing has happened."

Also, it is expensive for angel investors overseas to invest in Indian startups.

India disallows startups from offering stock options to foreign nationals, which makes it difficult for them to access seasoned mentors.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-sujit-john-and-shilpa-phadnis-october-6-2015-modi-valley-hug-sparks-swadeshi-talk

Access at the cost of Net neutrality?

praskrishna — 2015-10-09T01:18:31Z

In the Net neutrality debate, there is a conflict between two core values: ease of access and neutrality. The ease of access promised by applications like Free Basics compromises neutrality and may later morph into a method of predatory pricingIf programs that bring access to a part of the Internet in the immediate future were to entrench themselves, it could eventually lead to telecom companies abusing their dominant positionsIn the absence of a specific law mandating a neutral Internet, telecom companies enjoy a virtual carte blanche to discriminate between different applications. Though they have not yet exploited this autonomy fully, they are certainly moving towards that.

The article by Suhrith Parthasarathy was published in the Hindu on October 8, 2015. Pranesh Prakash gave inputs.

Earlier this year, the social media giant, Facebook, formalised a partnership with Reliance Communications that enabled the Indian company to provide access to over 30 different websites, without any charge on mobile data accruing to the ultimate user. The platform, originally known as “Internet.org,” has now been rebranded as “Free Basics,” Facebook announced last month. Its fundamental ethos, though, remains unchanged. It allows Reliance’s subscribers to surf completely free of cost a bouquet of websites covered within the scheme, which includes, quite naturally, facebook.com. Mark Zuckerberg, Facebook’s founder, views this supposed initiative as a philanthropic gesture, as part of a purported, larger aim to bring access to the Internet to those people who find the costs of using generally available mobile data prohibitive.

Neutrality, an interpretive concept
On the face of it, this supposed act of altruism appears to be commendable. But, there are many critics — some of whom have come together to launch a website “savetheinternet.in” with a view to defending Internet freedom — who argue that Free Basics violates what has come to be known as the principle of network (or Net) neutrality.

While it is clear to all of us that a notion of Net neutrality involves some regulation of the Internet, it is less clear what the term actually means. Like any phrase that involves either a moral or a legal obligation, Net neutrality is also an interpretive concept. People who employ the term to denote some sort of binding commitment, or at the least an aspirational norm, often tend to disagree over precisely how the idea ought to be accomplished. Tim Wu — an American lawyer and presently a professor at the Columbia University — who coined the term, views the notion of Net neutrality as signifying an Internet that does not favour any one application over another. In other words, the idea is to ensure that Internet service providers do not discriminate content by either charging a fee for acting as its carrier or by incorporating any technical qualifications.

In India, there is no law that expressly mandates the maintenance of a neutral Internet. This March, the Telecom Regulatory Authority of India (TRAI) released a draft consultation paper seeking the public’s views on whether the Internet needed regulation. Unfortunately, much of its attention was focussed on the supposedly pernicious impact of applications such as WhatsApp and Viber. “In a multi-ethnic society there is a vital need,” wrote TRAI, “to ensure that the social equilibrium is not impacted adversely by communications that inflame passions, disturb law and order and lead to sectarian disputes.” The questions, therefore, in its view were these: should at least some Internet applications be amenable to a greater regulation, and should they compensate the telecom service providers in addition to the data charges that the consumers pay directly for the use of mobile Internet?

If the government eventually answers these questions in the affirmative, the consequences could be drastic. It could lead to a classification of Internet applications based on arbitrary grounds, by bringing some of them, whom the government views as harmful to society in some manner or another, within its regulatory net. Through such a move, the state, contrary to helping establish principles of Net neutrality as a rule of law, would be actively promoting an unequal Internet.

In any event, as things stand, in the absence of a specific law mandating a neutral Internet, telecom companies enjoy a virtual carte blanche to discriminate between different applications. Though these companies have not yet completely exploited this autonomy, they are certainly proceeding towards such an exercise. In April this year, Airtel announced Airtel Zero, an initiative that would allow applications to purchase data from Airtel in exchange for the telecom company offering them to consumers free of cost.

On the face of it, this programme appears opposed to Net neutrality. But what is even more alarming is that mobile Internet service providers could, in the future, plausibly also control the speeds at which different applications are delivered to consumers. For example, if WhatsApp were to subscribe to Airtel Zero by paying the fee demanded by the company, Airtel might accede to offering WhatsApp to consumers at a pace superior to that at which other applications are run. This kind of discrimination, as Nikhil Pahwa, one of the pioneers of the Save The Internet campaign, has argued, is prototypically opposed to Net neutrality. It tends to breed an unequal playing field, and, if allowed to subsist, it could create a deep division in the online world. Ultimately, we must view Net neutrality as a concept that stands for the values that we want to build as a society; it pertains to concerns about ensuring freedom of expression and about creating an open space for ideas where democracy can thrive. There is a tendency, though, to view those who support Net neutrality as representing a supercilious position. Such criticism is unquestionably blinkered, but it also highlights certain telling concerns.

Telecom companies that wish to discriminate between applications argue that in the absence of an Internet that has completely permeated all strata of society, an obligation to maintain neutrality is not only unreasonable on the companies, but also unfair on the consumer. After all, if nothing else, Airtel Zero and Free Basics bring, at the least, some portions of the Internet to people who otherwise have no means to access the web. What we have, therefore, at some level, is a clash of values: between access to the Internet (in a limited form) and the maintenance of neutrality in an atmosphere that is inherently unequal. This makes tailoring a solution to the problem a particularly arduous process.

The Internet, in its purest form, is a veritable fountain of information. At its core lies a commitment to both openness and a level playing field, where an ability to innovate is perennially maintained. It is difficult to argue against Facebook when it says that some access is better than no access at all. But one of the problems with Free Basics, and indeed with Airtel Zero too, is that the consumer has no choice in which websites he or she might want to access free of cost. If this decision is made only by Facebook, which might argue that it gives every developer an equal chance to be a part of its project as long as it meets a certain criteria, what we have is almost a paternalistic web. In such a situation, information, far from being free, is shackled by constraints imposed by the service provider.

Laudable end, unethical means
This is precisely one of the concerns raised by those arguing in favour of Net neutrality, who, it is worth bearing in mind, aren’t resistant to the idea of a greater penetration of the Internet. Their apprehensions lie in companies resorting to what they believe is an unethical means to achieving, at least in theory, a laudable end. According to them, negating Net neutrality, in a bid to purportedly achieve greater access to the Internet in the immediate future, could prove profoundly injurious in the long run. Yes, Airtel Zero and Free Basics would bring to the less-privileged amongst us some access to the Internet, but the question is this: at what cost?

The worry is that if the programs that bring access to a part of the Internet in the immediate future were to entrench themselves, it could eventually lead to these telecom companies abusing their dominant positions. No doubt, as Pranesh Prakash, policy director at the Centre for Internet and Society, has argued, it might require a deeper analysis to argue convincingly that packages such as Free Basics and Airtel Zero require immediate invalidation in their present forms; significantly, the former does not demand payments from the applications while the latter is premised on such consideration. But, viewed holistically, the companies’ actions could potentially be characterised as a form of predatory pricing, where consumers might benefit in the short run, only for serious damage to ensue to competition in the long run.

It is, therefore, necessary that any debate on the issue must address the tension between the two apparently conflicting goals — the importance of maintaining a neutral Internet and the need to ensure a greater access to the web across the country. Mr. Zuckerberg argues that these two values are not fundamentally opposed to each other, but can — and must — coexist. He is possibly correct at a theoretical level.

But the history of markets tells us that we have to be very careful in allowing predatory practices, devised to achieve short-term goals, to go unbridled. As citizens, each of us has a fundamental right to freedom of speech and expression. If we were to get the balance between these two values wrong, if we were to allow the domination, by a few parties, of appliances that facilitate a free exchange of ideas, in a manner that impinges on the Internet’s neutrality, our most cherished civil liberties could well be put to grave danger.

(Suhrith Parthasarathy is an advocate in the Madras High Court.)

For more details visit https://cis-india.org/internet-governance/news/the-hindu-october-8-2015-suhrith-parthasarathy-access-at-the-cost-of-net-neutrality

Do you agree with our fee hike? Press 1 to answer Yes; or 2 for Yes

praskrishna — 2015-10-01T15:28:37Z

It has long been a concern that domain-name overseer ICANN is largely funded by companies reliant on the organization to make money.

The article by Kieren McCarthy was published in the Register on September 29, 2015.

Every biz that wishes to sell domain names – called a registrar – has to pay the organization $4,000 a year, plus 18 cents on every domain they sell.

In addition, they have to pay a variable fee that comprises the money ICANN says it spends on registrar-related activities divided by the number of companies that are accredited. This year that cost was $3.8m and with roughly 1,150 companies, that's $3,300 a head.

The pricing structure provides California-based ICANN with just under $40m a year, more than a third of its total budget. But in order to make sure the non-profit organization doesn't abuse its market control to hike up its fees, each year the registrars have to formally approve the fee structure that the ICANN Board has adopted. And they do that through an online vote.

This year, some registrars are wondering whether the $3.8m spent by ICANN is a good deal for them.

"What do your ICANN fees get you?" ICANN asks itself in an email sent to all registrars. "In addition to helping cover the expenses associated with ICANN meetings and ICANN's day-to-day operations, your fees have allowed us to conduct regular outreach with registrars through 'roadshow' type training seminars, webinars, in-person events, and site visits."

Don't ask, don't tell

It's not clear how that money is spent nor on what, since ICANN continues to provide only the vaguest details over its budget, providing annual sums for "travel" and for "meetings" across the entire organization.

ICANN is also actively refusing to hand that information over, telling one outfit that formally asked for additional financial data that for it to do so would be "extremely time consuming and overly burdensome." That organization – the Centre for Internet and Society – is appealing that decision [PDF] to ICANN's Board with a decision made two days ago but still unpublished.

ICANN expenditure is increasing: in 2014 alone, its "travel" costs jumped by 85 per cent to $17m; its meetings budget nearly doubled from an average of $3.2m per public meeting in 2013 to $6m in 2014. But there is almost no information on where this money has been spent, and so far no explanation for why it spent $113m in 2014 with an income of just $84m.

What else is ICANN spending registrars' fees on? "We've recruited Registrar Services staff dedicated to serving Europe, the Middle East/Africa, and Asia and have already begun a series of (low-cost) micro-regional events in China, Japan, Singapore, and South Korea, with plans taking shape for events in Europe, Africa, the Middle East, and the Americas in the near future," we're told.

But existing registrars are wondering whether all these new staff and events are needed. Are there hundreds of new registrars entering the market? Are they in Asia?

Unfortunately, ICANN has stopped providing that kind of information. In 2009, under pressure to be more open about what was going on, the organization made big play of the fact it was going to produce statistics showing how many registrars there were, how big they were, and where they were based in a new "dashboard."

But those stats stopped being produced two years ago and the most recent data provided is from 2012.

Software and security

Where else do the millions of dollars from the companies that support ICANN go? "We're building up the 'GDD Portal'," says a note from ICANN's staff, "which will become a one-stop destination for all registrar resources at ICANN, and transitioning our customer relationship management software from RADAR to salesforce.com."

This is the same GDD Portal that ICANN had to shut down earlier this year because of a security breach. It had misconfigured out-the-box software and exposed every user's information, including financial projections, launch plans, and confidential exchanges, to every other user. Having at first claimed there was "no indication" that confidential information was exposed, it later admitted that it had in fact happened 330 times.

As for RADAR, it was specifically named in a report by Verisign as a security risk; this is one of the things on a "growing list of examples where ICANN's operational track record leaves much to be desired."

We're listening...

Finally, in explaining why the registrar fees are a good deal for the companies, ICANN's staff note: "Most importantly, we're doing our best to listen to you to ensure that our work is of real value to you."

Unfortunately that listening does not extend to hearing any complaints about the fees, or what they are spent on.

All registrars receive an email during the annual approval of the fees levied against them with a link to an online survey. Incredibly enough, however, they are only allowed to agree to the fees – there is no option to disagree. Or in fact do anything other than sign up for another year.

And what is ICANN's explanation for why the companies that provide it with over a third of its budget are not allowed to express anything but approval of the fees ICANN sets? Problems with the voting software:

The system is only able to accept affirmative expressions of approval. (A technical limitation in the voting software prevents us from knowing when we've reached the level of approval required if we offer both a 'yes, I approve,' and a 'no, I don't approve' option.) But if you have reservations about approving the budget or concerns you'd like addressed first, please let me know and I'll be happy to try to address those directly with you.

So despite charging the companies $3,500 each a year to run the systems that they use, ICANN has been unable to find voting software that is capable of accepting more than one answer. Money well spent.

For more details visit https://cis-india.org/internet-governance/news/the-register-september-29-2015-kieren-mccurthy-do-you-agree-with-our-fee-hike

Online outcry forces government to withdraw draft encryption policy

praskrishna — 2015-10-01T02:05:01Z

The article by Naina Khedekar discussing encryption policy was published in First Post on September 23, 2015. Pranesh Prakash has been quoted.

Read the original published by First Post here.

Yesterday, the government released a draft encryption policy aimed at keeping a tab on the use of technology by specifying algorithms and length of encryption keys used by ‘all’. It wanted businesses, telcos and Internet companies to store all encrypted data for 90 days in plain text which should be presented before the law enforcement agencies whenever asked to. Moreover, failing to do so would mean legal action as per the laws of the country.

After a huge outcry, most of us woke up to the new proposed addendum this morning wherein the government has clarified to exempt products such as social media sites including WhatsApp, Facebook and Twitter; payment gateways; e-commerce and password based transactions and more from the draft policy.

Finally, the government has decided to withdraw the draft encryption policy.

I have written for that draft to be withdrawn, made changes to and then re-released: RS Prasad : ANI pic.twitter.com/W2IP4meEGb

— Firstpost (@firstpost) September 22, 2015

Some sort of encryption policy is there all over the world: Ravishankar Prasad pic.twitter.com/cDvsOWtjcM

— Firstpost (@firstpost) September 22, 2015

What’s fascinating is how the whole process felt like déjà vu. Haven’t we seen the drama unfold before. While the dust on the net neutrality sage has barely settled, we’re already facing newer issues related to encryption and privacy. We never learn from our mistakes, do we? A new draft policy, public outcry, and then comes the much-needed changes.

The Indian government hasn’t just caused anxiety and chaos among the netizens, but the initial draft completely misguided people. According to TheNextWeb, “The Indian government has made a fool of itself and caused anxiety among citizens with a woefully misguided proposal for a national encryption policy that it’s just released to the public for feedback.”

While we sit back and talk about Digital India, smarter cities and so on, the makers of the law seem to be clueless about some major by-products concerning these initiatives such as security, privacy and likewise. Each time the government talks about a new initiative meant to bring in some law and order pertaining to digital rights, it somehow manages to come up with implications that could affect us far worse.

In this case, the Indian government is trying to ensure that its law enforcement agencies have easy access to encrypted information whenever required, but this could easily compromise security and privacy in the process.

Moreover, each time the government releases a proposal for our digital lives, it’s people who remind the government about the adverse implications it could have. Does the expert panel writing these reports know nothing about privacy and how it possibly works? Or is the government simply looking at a trial balloon policy to gauge reactions by people. So, next time we don’t react, a draconian rule might just be governing our digital lives.

The whole net neutrality saga continued for months with assurance from the government on how it supports free and equal Internet, and eventually made ‘certain changes’. This seems headed on a similar path. Though the new addendum comes with changes, it still leaves us as muddled as before.

Pranesh Prakash of the CIS has tweeted out how the new clarification clarifies nothing.

This clarification by the govt does not clarify anything, but further muddles the encryption policy. pic.twitter.com/1KK8AFRp6Q

— Pranesh Prakash (@pranesh_prakash) September 22, 2015

All OSes will be illegal in India (IV.6 + V.3 of draft encryption policy) unless Microsoft, Apple, Red Hat, etc, sign agreement w/ govt.

— Pranesh Prakash (@pranesh_prakash) September 21, 2015

If India enacts that National Encryption Policy, their global back-end and support business will be drastically reduced. If it survives.

— Lin S (@Just_this_time) September 21, 2015

A new Medianama report also points out loopholes in the changes announced. The report adds how any encrypted service would have to sign an agreement with the government. With the heavy mobile penetration and increasing number of encrypted mobile services that people use, it is really feasible for the government to ink an agreement with all the services that are based outside the country.

Problems with the update to India's draft anti-privacy policy http://t.co/gKus1o3uaC pic.twitter.com/adqVJTedFI

— Nikhil Pahwa (@nixxin) September 22, 2015

In the past, we’ve seen the blame game around the laws, usually the ‘hurriedly’ changed laws passed (after the inability to monitor encrypted messages during the Mumbai terrorist attacks) in the winter session of 2008 without any debate or discussion by bears the brunt. Earlier this year, we saw the government crack down the Section 66A of the 2008 Information Technology Act describing it “unconstitutional” and “hit at the root of liberty and freedom of expression, the two cardinal pillars of democracy.”

Why can’t all the thinking be done before drafts are penned down for public review. A well thought out report would help avoid retractions later.

For more details visit https://cis-india.org/internet-governance/news/first-post-naina-khedekar-september-23-2015-online-outcry-forces-government-to-withdraw-draft-encryption-policy

Understanding and Mitigating Online Hate Speech and Youth Radicalisation

praskrishna — 2015-10-01T01:59:24Z

The tenth annual IGF meeting will be held in João Pessoa, Brazil, on November 10 - 13, 2015. IGF's MAG has decided to retain the title “Evolution of Internet Governance: Empowering Sustainable Development” as the overarching theme. UNESCO as part of the IGF event is organizing a workshop on hate speech and youth radicalisation. Sunil Abraham will be a panelist for this workshop.

Co-organizers: Council of Europe, Oxford University; OHCHR, Google, ISOC

From socializing and entertainment to homework, the Internet is an essential part of life for young people today, opening vast new opportunities for connecting and learning. At the same time, the Internet provides violent extremists with powerful tools to propagate hatred and violence and to identify and groom potential recruits, creating global online communities that promote radicalization.

The emergence and diffusion of hate speech online is a new and fast evolving phenomenon and collective efforts are needed to understand its significance and consequences, as well as to develop effective responses.

UNESCO takes this session to share the initial outcome from its commissioned research on online hate speech including practical recommendations on combating against online hate speech through understanding the challenges, mobilizing civil society, lobbying private sectors and intermediaries and educating individuals with Media and Information Literacy. In related to this, the workshop would also discuss how to help empower youth to address online radicalization and extremism, and realize their aspirations to contribute to a more peaceful and sustainable world.

Chaired by Ms Lidia Brito, Director for UNESCO Office in Montevideo
Frank La Rue, Former Special Rapporteur on Freedom of Expression
Lillian Nalwoga, President ISOC Uganda and rep CIPESA, Technical community
Bridget O’Loughlin, CoE, IGO
Gabrielle Guillemin, Article 19
Iyad Kallas, Radio Souriali
Sunil Abraham executive director of Center for Internet and Society, Bangalore, India
Eve Salomon, global Chairman of the Regulatory Board of RICS (the self-regulatory body for surveyors)
Javier Lesaca Esquiroz, University of Navarra
Representative GNI
Remote Moderator: Xianhong Hu, UNESCO
Rapporteur: Guilherme Canela De Souza Godoi, UNESCO

For more details visit https://cis-india.org/internet-governance/news/understanding-and-mitigating-online-hate-speech-and-youth-radicalisation