We are anonymous, we are legion

CIS Statement on Right to Privacy Judgment

amber — 2017-08-31T18:13:14Z

In an emphatic endorsement of the right to privacy, a nine judge constitutional bench unanimously upheld a fundamental right to privacy. The events leading to this bench began during the hearings in the ongoing Aadhaar case, when in August 2015, Mukul Rohatgi, the then Attorney General stated that there is no constitutionally guaranteed right to privacy.

reliance was on two Supreme Court judgments in MP Sharma v Satish Chandra (1954) and Kharak Singh v State of Uttar Pradesh (1962): both cases, decided by eight- and six-judge benches respectively, denied the existence of a constitutional right to privacy. As the subsequent judgments which upheld the right to privacy were by smaller benches, he claimed that MP Sharma and Kharak Singh still prevailed over them, until they were overruled by a larger bench. This landmark judgment was in response to a referral order to clear the confusion over the status of privacy as a right.

We, at the Centre for Internet and Society (CIS) welcome this judgement and applaud the depth and scope of the Supreme Court’s reasoning. CIS has been producing research on the different aspects of the right to privacy and its implications for the last seven years and had the privilege of serving on the Justice AP Shah Committee and contributing to the Report of the Group of Experts on Privacy.[1] We are honoured that some of our research has also been cited by the judgment.[2] Such judicial recognition is evidence of the impact sound research can have on policymaking.

In the course of a 547 page judgment, the bench affirmed the fundamental nature of the right to privacy reading it into the values of dignity and liberty. The judgment is instructive in its reference to scholarly works and jurisprudence not only in India but other legal systems such as USA, South Africa, EU and UK, while recognising a broad right to privacy with various dimensions across spatial, informational and decisional spheres. We note with special appreciation that women’s bodily integrity and citizens’ sexual orientation are among those aspects of privacy that were clearly recognised in the judgment. For researchers studying privacy and its importance, this judgment is of great value as it provides clear reasoning to reject oft-quoted arguments which are used to deny privacy’s significance. The judgement is also cognizant of the implications of the digital age and emphasise the need for a robust data protection framework.

The right to privacy has been read into into Article 21 (Right to life and liberty), and Part III (Chapter on Fundamental Rights) of the Constitution. This means that any limitation on the right in the form of reasonable restrictions must not only satisfy the tests evolved under Article 21, but where loss of privacy leads to infringement on other rights, such as chilling effects of surveillance on free speech, the tests for constitutionality under those provisions for also be satisfied by the limiting action. This provides a broad protection to citizens’ privacy which may not be easily restricted. We expect that this judgment will have far reaching impacts, not just with respect to the immediate Aadhaar case, but also to in a score of other matters such as protection of sexual choice by decriminalising Section 377 of the Indian Penal Code, oversight of statutory search and seizure provisions such as Section 132 of the Income Tax Act, personal data collection and processing practices by both state and private actors and mass surveillance programmes in the interest of national security.

As this judgment comes in response to a referral order, the judges were not dealing with any questions of fact to ground the legal principles in. Subsequent judgments which deal with privacy will apply these principles and further evolve the contours of this right on a case-by-case basis. For now, we welcome this judgment and look forward to its consistent application in the future.

[1]. http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf

[2]. CIS was quoted in the judgement on footnote 46, page 33 and 34: http://supremecourtofindia.nic.in/pdf/LU/ALL%20WP(C)%20No.494%20of%202012%20Right%20to%20Privacy.pdf The quote is " Illustratively, the Centre for Internet and Society has two interesting articles tracing the origin of privacy within Classical Hindu Law and Islamic Law. See Ashna Ashesh and Bhairav Acharya ,“Locating Constructs of Privacy within Classical Hindu Law”, The Centre for Internet and Society, available at https://cis-india.org/internet-governance/blog/loading-constructs-of-privacy-within-classical-hindu-law. See also Vidushi Marda and Bhairav Acharya, “Identifying Aspects of Privacy in Islamic Law”, The Centre for Internet and Society, available at https://cis-india.org/internet-governance/blog/identifying-aspects-of-privacy-in-islamic-law " Further, research commissioned by CIS cited in the judgment includes a reference in page 201 footnote 319, "Bhairav Acharya, “The Four Parts of Privacy in India”, Economic & Political Weekly (2015), Vol. 50 Issue 22, at page 32."

For more details visit https://cis-india.org/internet-governance/blog/cis-statement-on-right-to-privacy-judgment

CIS Statement at ICANN 49's Public Forum

pranesh — 2014-06-04T05:31:44Z

This was a statement made by Pranesh Prakash at the ICANN 49 meeting (on March 27, 2014), arguing that ICANN's bias towards the North America and Western Europe result in a lack of legitimacy, and hoping that the IANA transition process provides an opportunity to address this.

Good afternoon. My name is Pranesh Prakash, and I'm with the Yale Information Society Project and the Centre for Internet and Society.

I am extremely concerned about the accountability of ICANN to the global community. Due to various decisions made by the US government relating to ICANN's birth, ICANN has had a troubled history with legitimacy. While it has managed to gain and retain the confidence of the technical community, it still lacks political legitimacy due to its history. The NTIA's decision has presented us an opportunity to correct this.

However, ICANN can't hope to do so without going beyond the current ICANN community, which while nominally being 'multistakeholder' and open to all, grossly under-represents those parts of the world that aren't North America and Western Europe.

Of the 1010 ICANN-accredited registrars, 624 are from the United States, and 7 from the 54 countries of Africa. In a session yesterday, a large number of the policies that favour entrenched incumbents from richer countries were discussed. But without adequate representation from poorer countries, and adequate representation from the rest of the world's Internet population, there is no hope of changing these policies.

This is true not just of the business sector, but of all the 'stakeholders' that are part of global Internet policymaking, whether they follow the ICANN multistakeholder model or another. A look at the boardmembers of the Internet Architecture Board, for instance, would reveal how skewed the technical community can be, whether in terms of geographic or gender diversity.

Without greater diversity within the global Internet policymaking communities, there is no hope of equity, respect for human rights -- civil, political, cultural, social and economic --, and democratic funtioning, no matter how 'open' the processes seem to be, and no hope of ICANN accountability either.

For more details visit https://cis-india.org/internet-governance/blog/icann49-public-forum-statement

CIS Seminar Series: Information Disorder

aman — 2021-08-11T11:17:57Z

The Centre for Internet and Society is announcing the launch of a seminar series to showcase research around digital rights and technology policy, with a focus on the Global South.

The CIS seminar series will be a venue for researchers to share works-in-progress, exchange ideas, identify avenues for collaboration, and curate research. We also seek to mitigate the impact of Covid-19 on research exchange, and foster collaborations among researchers and academics from diverse geographies. Every quarter we will be hosting a remote seminar with presentations, discussions and debate on a thematic area.

Seminar format

We are happy to welcome abstracts for one of two tracks:

Working paper presentation

A working paper presentation would ideally involve a working draft that is presented for about 15 minutes followed by feedback from workshop participants. Abstracts for this track should be 600-800 words in length with clear research questions, methodology, and questions for discussion at the seminar. Ideally, for this track, authors should be able to submit a draft paper two weeks before the conference for circulation to participants.

Coffee-shop conversations

In contrast to the formal paper presentation format, the point of the coffee-shop conversations is to enable an informal space for presentation and discussion of ideas. Simply put, it is an opportunity for researchers to “think out loud” and get feedback on future research agendas. Provocations for this should be 100-150 words containing a short description of the idea you want to discuss.

We will try to accommodate as many abstracts as possible given time constraints. We welcome submissions from students and early career researchers, especially those from under-represented communities.

All discussions will be private and conducted under the Chatham House Rule. Drafts will only be circulated among registered participants.

Please send all abstracts to workshops@cis-india.org.

Theme for the first seminar (to be held on an online platform)

The first seminar will be centered around the theme of ‘Information Disorder: Mis-, Dis- and Malinformation.’ While the issue of information disorder, colloquially termed as ‘fake news’, has been in the political forefront for the last five years, the flawed attempts at countering the ‘infodemic’ brought about by the pandemic proves that there still continues to be substantial gaps in the body-of-knowledge on this issue. This includes research that proposes empirical, replicable methods of understanding the types, forms or nature of information disorder or research that attempts to understand regulatory approaches, the layers of production and the roles played by different agents in the spread of ‘fake news’.

Accordingly, we invite submissions that address these gaps in knowledge, including those that examine the relationship between digital technology and information disorder across a spectrum of fields and disciplines. Areas of interest include but are not limited to:

Information disorders during COVID-19
Effects of coordinated campaigns on marginalised communities
Journalism, the State, and the trust in media
Platform responsibility in information disorder
Information disorder in international law/constitutional/human rights law
Information disorder as a geopolitical tool
Sociopolitical and cultural factors in user engagement

Timeline

Abstract Submission Deadline: August 25th
Results of Abstract review: September 8th
Full submissions (of draft papers): September 30th
Seminar date: Tentatively October 7th

Contact details

For any queries please contact us at workshops@cis-india.org.

For more details visit https://cis-india.org/internet-governance/blog/cis-seminar-series-information-disorder

CIS Seminar Series

Cheshta Arora — 2022-04-11T15:19:11Z

The first seminar series was held on 7th and 8th October on the theme of ‘Information Disorder: Mis-, Dis- and Malinformation’,

Theme for the Second Seminar (to be held online)

Moderating Data, Moderating Lives: Debating visions of (automated) content moderation in the contemporary

Artificial Intelligence (AI) and Machine Learning (ML) based approaches have become increasingly popular as “solutions” to curb the extent of mis-, dis- mal-information, hate speech, online violence and harassment on social media. The pandemic and the ensuing work from home policy forced many platforms to shift to automated moderation which further highlighted the inefficacy of existing models (Gillespie, 2020) to deal with the surge in misinformation and harassment. These efforts, however, raise a range of interrelated concerns such as freedom and regulation of speech on the privately public sphere of social media platforms; algorithmic governance, censorship and surveillance; the relation between virality, hate, algorithmic design and profits; and social, political and cultural implications of ordering social relations through computational logics of AI/ML.

On one hand, large-scale content moderation approaches (that include automated AI/ML-based approaches) have been deemed “necessary” given the enormity of data generated (Gillespie, 2020), on the other hand, they have been regarded as “technological fixtures” offered by the Silicon Valley (Morozov, 2013), or “tyrannical” as they erode existing democratic measures (Harari, 2018). Alternatively, decolonial, feminist and postcolonial approaches insist on designing AI/ML models that centre voices of those excluded to sustain and further civic spaces on social media (Siapera, 2022).

From the global south perspective, issues around content moderation foreground the hierarchies inbuilt in the existing knowledge infrastructures. First, platforms remain unwilling to moderate content in under-resourced languages of the global south citing technological difficulties. Second, given the scale and reach of social media platforms and inefficient moderation models, the work is outsourced to workers in the global south who are meant to do the dirty work of scavenging content off these platforms for the global north. Such concerns allow us to interrogate the techno-solutionist approaches as well as their critiques situated in the global north. These realities demand that we articulate a different relationship with AI/ML while also being critical of AI/ML as an instrument of social empowerment for those at the “bottom of the pyramid” (Arora, 2016).

The seminar invites scholars interested in articulating nuanced responses to content moderation that take into account the harms perpetrated by algorithmic governance of social relations and irresponsible intermediaries while being cognizant of the harmful effects of mis-, dis- mal-information, hate speech, online violence and harassment on social media.

We invite abstract submissions that respond to these complexities vis-a-vis content moderation models or propose provocations regarding automated moderation models and their in/efficacy in furthering egalitarian relationships on social media, especially in the global south.

Submissions can reflect on the following themes using legal, policy, social, cultural and political approaches. Also, the list is not exhaustive and abstracts addressing other ancillary concerns are most welcome:

Metaphors of (content) moderation: mediating utopia, dystopia, scepticism surrounding AI/ML approaches to moderation.
From toxic to healthy, from purity to impurity: Interrogating gendered, racist, colonial tropes used to legitimize content moderation
Negotiating the link between content moderation, censorship and surveillance in the global south
Whose values decide what is and is not harmful?
Challenges of building moderation models for under resourced languages.
Content moderation, algorithmic governance and social relations.
Communicating algorithmic governance on social media to the not so “tech-savvy” among us.
Speculative horizons of content moderation and the future of social relations on the internet.
Scavenging abuse on social media: Immaterial/invisible labour for making for-profit platforms safer to use.
Do different platforms moderate differently? Interrogating content moderation on diverse social media platforms, and multimedia content.
What should and should not be automated? Understanding prevalence of irony, sarcasm, humour, explicit language as counterspeech.
Maybe we should not automate: Alternative, bottom-up approaches to content moderation

Seminar Format

We are happy to welcome abstracts for one of two tracks:

Working paper presentation

Coffee-shop conversations

All discussions will be private and conducted under the Chatham House Rule. Drafts will only be circulated among registered participants.

Please send your abstracts to workshops@cis-india.org.

Timeline

Abstract Submission Deadline: 18th April
Results of Abstract review: 25th April
Full submissions (of draft papers): 25th May
Seminar date: Tentative 31st May

References

Arora, P. (2016). Bottom of the Data Pyramid: Big Data and the Global South. International Journal of Communication, 10 (0), 19.

Gillespie, T. (2020). Content moderation, AI, and the question of scale. Big Data & Society, 7 (2), 2053951720943234. https://doi.org/10.1177/2053951720943234

Harari, Y. N. (2018, August 30). Why Technology Favors Tyranny. The Atlantic. https://www.theatlantic.com/magazine/archive/2018/10/yuval-noah-harari-technology-tyranny/568330/

Morozov, E. (2013). To save everything, click here: The folly of technological solutionism (First edition). PublicAffairs.

Siapera, E. (2022). AI Content Moderation, Racism and (de)Coloniality. International Journal of Bullying Prevention, 4 (1), 55–65. https://doi.org/10.1007/s42380-021-00105-7

For more details visit https://cis-india.org/internet-governance/blog/cis-seminar-series

CIS Response to ICANN's proposed renewal of .org Registry

akriti — 2019-04-28T02:16:40Z

We thank ICANN for the opportunity to comment on this issue of its proposed renewal of the .org Registry Agreement with the operator, Public Interest Registry (PIR). Supporting much of the community , we too find severe issues with the proposed agreement. These centre around the removal of price caps and imposing obligations being currently deliberated in an ongoing Policy Development Process (PDP).

Presumption of Renewal

CIS has, in the past, questioned the need for a presumption of renewal in registry contracts and it is important to emphasize this within the context of this comment as well. We had, also, asked ICANN for their rationale on having such a practice with reference to their contract with Verisign to which they responded saying:

“Absent countervailing reasons, there is little public benefit, and some significant potential for disruption, in regular changes of a registry operator. In addition, a significant chance of losing the right to operate the registry after a short period creates adverse incentives to favor short term gain over long term investment.”

This logic can presumably be applied to the .org registry, as well, yet a re-auction of ,even, legacy top-level domains can only serve to further a fair market, promote competition and ensure that existing registries do not become complacent.

These views were supported in the course of the PDP on Contractual Conditions - Existing Registries in 2006 wherein competition was seen useful for better pricing, operational performance and contributions to registry infrastructure. It was also noted that most service industries incorporate a presumption of competition as opposed to one of renewal.

Download the file to access our full response.

For more details visit https://cis-india.org/internet-governance/blog/akriti-bopanna-april-28-2019-cis-response-to-icanns-proposed-renewal-of-org-registry

CIS Response to Draft E-Commerce Policy

amber — 2019-04-26T06:40:34Z

CIS is grateful for the opportunity to submit comments to the Department of Industrial Policy and Promotion on the draft national e-commerce policy. This response was authored by Amber Sinha, Arindrajit Basu, Elonnai Hickok and Vipul Kharbanda.

Access our response to the draft policy here: Download (PDF)

The E-Commerce Policy is a much needed and timely document that seeks to enable the growth of India's digital ecosystem. Crucially, it backs up India's stance at the WTO, which has been a robust pushback against digital trade policies that would benefit the developed world at the cost of emerging economies. However, in order to ensure that the benefits of the digital economy are truly shared, focus must not only be on the sellers but also on the consumers, which automatically brings in individual rights into the question. No right is absolute but there needs to be a fair trade-off between the mercantilist aspirations of a burgeoning digital economy and the civil and political rights of the individuals who are spurring the economy on. We also appreciate the recognition that the regulation of e-commerce must be an inter-disciplinary effort and the assertion of the roles of various other departments and ministries. However, we also caution against over-reach and encroaching into policy domains that fall within the mandate of existing laws.

For more details visit https://cis-india.org/internet-governance/blog/cis-response-to-draft-e-commerce-policy

CIS Response to Call for Stakeholder Comments: Draft E-Commerce Policy

Arindrajit Basu, Vipul Kharbanda, Elonnai Hickok and Amber Sinha — 2019-04-10T12:12:43Z

CIS is grateful for the opportunity to submit to the Department of Industrial Policy and Promotion comments to the draft National e-commerce policy.

The Department of Industrial Policy and Promotion released a draft e-commerce policy in February for which stakeholder comments were sought. CIS responded to the request for comments.

The full text can be accessed here.

For more details visit https://cis-india.org/internet-governance/blog/cis-response-to-call-for-stakeholder-comments-draft-e-commerce-policy

CIS representation at ICANN 58

praskrishna — 2017-03-28T14:22:22Z

The Internet Corporation for Assigned Names and Numbers (ICANN) organized ICANN 58 at Copenhagen from March 9 to March 16, 2017. On behalf of the Centre for Internet & Society (CIS), Vidushi Marda participated in the event and made a presentation.

CIS' focus at ICANN can broadly be divided into four heads: human rights, jurisdiction, transparency and accountability. Since March last year, we have also been pushing for changes in ICANN's expected standards of behavior, along with adoption of an anti harassment policy. After the IANA transition in September last year, the community is now divided into sub groups (SGs) that look into different issues for ICANN post transition, including the 4 that CIS works on. More information on ICANN 58 can be accessed here.

For more details visit https://cis-india.org/internet-governance/news/cis-representation-at-icann-58

CIS ranks amongst top think tanks for public policy in the region

Admin — 2018-03-02T12:56:27Z

Think Tanks and Civil Societies Program features Centre for Internet & Society in its annual report.

The Centre for Internet and Society (CIS) ranks amongst the top public policy think tanks for 2017 in the region, according to an annual report compiled by the Think Tanks and Civil Societies Program (TTCSP). The TTCSP, a think tank at the University of Pennsylvania, maps the role and evolution of public policy think tanks in governments and civil society across the world with the objective to better integrate and create a bridge between academic knowledge and powerful institutions.

Released on 31 January 2018, the report assesses think tanks based on a range of criteria, including outreach, academic rigor, management, and impact on policy and civil society. The rankings are compiled using a participatory approach that calls upon over 6000 think tanks across the world to submit nominations for both participating organizations and the expert panel of judges.

CIS, which undertakes interdisciplinary research on digital spaces and technologies in India, ranks 81st among 90 think tanks for China, India, Korea and Japan, the dominant players in the region. The rankings also include 28 other Indian organizations, including the Observer Research Foundation (ORF), Centre for Civil Society (CCS) and Delhi Policy Group (DPG), from 293 involved in public policy in India. The report, released annually for over a decade, is part of a campaign by the TTCSP to increase the public visibility and performance of public policy think tanks globally and strengthen cross-regional collaboration.

For more details visit https://cis-india.org/internet-governance/news/cis-ranks-amongst-top-think-tanks-for-public-policy-in-the-region

CIS Policy Brief: IANA Transition Fundamentals & Suggestions for Process Design

geetha — 2014-07-08T08:39:41Z

In March 2014, the US government announced that it would transfer oversight of IANA functions to an as-yet-indeterminate global multi-stakeholder body. This policy brief, written by Smarika Kumar and Geetha Hariharan, explains the process concisely.

Short Introduction:

In March 2014, the National Telecommunications and Information Administration (NTIA) announced its intention to transition key Internet domain name functions to the global multi-stakeholder community. Currently, the NTIA oversees coordination and implementation of IANA functions through contractual arrangements with ICANN and Verisign, Inc.

The NTIA will not accept a government-led or inter-governmental organization to steward IANA functions. It requires the IANA transition proposal to have broad community support, and to be in line with the following principles: (1) support and enhance the multi-stakeholder model; (2) maintain the security, stability, and resiliency of the Internet DNS; (3) meet the needs and expectation of the global customers & partners of IANA services; (4) maintain the openness of the Internet.

ICANN was charged with developing a proposal for IANA transition. It initiated a call for public input in April 2014. Lamentably, the scoping document for the transition did not include questions of ICANN’s own accountability and interests in IANA stewardship, including whether it should continue to coordinate the IANA functions. Public Input received in May 2014 revolved around the composition of a Coordination Group, which would oversee IANA transition. Now, ICANN will hold an open session on June 26, 2014 at ICANN-50 to gather community feedback on issues relating to IANA transition, including composition of the Coordination Group.

CIS Policy Brief:

CIS' Brief on IANA Transition Fundamentals explains the process further, and throws light on the Indian government's views. To read the brief, please go here.

Suggestions for Process Design

As convenor of the IANA stewardship transition, ICANN has sought public comments on issues relating to the transition process. We suggest certain principles for open, inclusive and transparent process-design:

Short Introduction:

In March 2014, the US government through National Telecommunications and Information Administration (NTIA) announced its intention to transition key Internet domain name functions (IANA) to the global multi-stakeholder community. The NTIA announcement states that it will not accept a government-led or intergovernmental organization solution to replace its own oversight of IANA functions. The Internet Corporation for Assigned Names and Numbers (ICANN) was charged with developing a Proposal for the transition.

At ICANN-49 in Singapore (March 2014), ICANN rapidly gathered inputs from its community to develop a draft proposal for IANA transition. It then issued a call for public input on the Draft Proposal in April 2014. Some responses were incorporated to create a Revised Proposal, published on June 6, 2014.

Responses had called for transparent composition of an IANA transition Coordination Group, a group comprising representatives of ICANN’s Advisory Committees and Supporting Organizations, as well as Internet governance organizations such as the IAB, IETF and ISOC. Also, ICANN was asked to have a neutral, facilitative role in IANA transition. This is because, as the current IANA functions operator, it has a vested interest in the transition. Tellingly, ICANN’s scoping document for IANA transition did not include questions of its own role as IANA functions operator.

ICANN is currently deliberating the process to develop a Proposal for IANA transition. At ICANN-50, ICANN will hold a governmental high-level meeting and a public discussion on IANA transition, where comments and concerns can be voiced. In addition, discussion in other Internet governance fora is encouraged.

CIS Policy Brief:

CIS' Brief on IANA Transition Principles explains our recommendations for transition process-design. To read the brief, please go here.

For more details visit https://cis-india.org/internet-governance/blog/cis-policy-brief-iana-transition-fundamentals-and-suggestions-for-process-design

CIS Participation at ICANN 54

praskrishna — 2016-01-18T12:47:19Z

Centre for Internet and Society (CIS), India participated in the 54th meeting of the Internet Corporation for Assigned Names and Numbers (ICANN) held at the Convention Center in Dublin from 17 October 2015 to 22 October 2015. Pranesh Prakash, Jyoti Panday and Padmini Baruah attended the meeting.

CIS representation was possible at the meeting due to the generous support of MacArthur grant, NCUC ICANN Travel Grant and financial support from the National Internet Exchange of India (NIXI). The issue-wise detail of CIS engagement is set out below.

At the Public Forum, Jyoti Panday asked the ICANN Board to clarify its role and the role of the community in the development of the proposal with Verisign on its role as the Root Zone Maintainer. ICANN CEO confirmed what many feared, that there will be no community involvement on this proposal as ICANN's relationship with Verisign is an "implementation" detail. He added the assurance that post transition, on the decision of renewal of the contract and whether it will be awarded to Verisign, ICANN will seek inputs from the community. Jyoti's statement is replicated below:

"I want to ask the Board why when asked by the NTIA to develop a draft proposal for the with Verisign on its Root Zone Maintainer role, did you not pass on that mandate to the community, to the CWG which already exists, and ask the community to draft out the proposal with VeriSign? Will the ICANN Board seek public comments on the final proposal before it is approved? After all, ICANN cannot claim that it is an inverted pyramid where all decisions start from the community and flow up to the Board when on a crucial issue like this, the ICANN Board and staff have not taken the community in confidence nor invited its participation."

Padmini Baruah reiterated CIS message at the Public Forum on the lack of diversity observed through the transition and presented new data. Padmini's statement is replicated below:
Today, more than 50% of Internet users are in the Asia-Pacific region, and less than 10% are in North America. Yet, when one studies diversity within the ICANN community and in ICANN processes, one finds that diversity is sorely lacking, and it is dominated by people from the United States of America. Take the IANA transition, for instance. CIS studied participant data from ICANN, NRO, and IETF's lists related to the IANA transition. Of the substantive contributors, of which there were 98, we found:
* 1 in 4 (39 of 98) were from a single country: the United States of America.
* 4 in 5 (77 of 98) were from countries which are part of the WEOG grouping, which only has developed countries.
* None were from readily identifiable as being based in Eastern European and Russia, and only 5 of 98 from all of Latin American and the Caribbean.
* 4 in 5 (77 of 98) were male and 21 were female.
* 4 in 5 (76 of 98) were from industry or the technical community, and only 4 (or 1 in 25) were identifiable as primarily speaking on behalf of governments.
It would be a travesty of language to call this the "global multistakeholder community".
Further this problem is pervasive in the ICANN community:
* 66% (34 of 51) of the Business Constituency at ICANN, as per their own data, are from a single country: the United States of America.
* 3 in 5 registrars are from the United States of America (624 out of 1010, as of March 2014, according to ICANN's accredited registrars list), with only 0.6% being from the 54 countries in Africa (7 out of 1010).
* 45% of all the registries are from the United States of America! (307 out of 672 registries listed in ICANN’s registry directory in August 2015.)
Please take this as your top priority, since ICANN's legitimacy depends on being able to call itself globally representative.

CIS attended also raised a series of concerns at the following sessions:

Enhancing ICANN Accountability Open Engagement: CIS intervened with its stance on jurisdiction and their enforcement models, and our concerns about transparency.
GAC sessions
NCSG meeting
IANA Transition Stewardship Transition Engagement Session
CCWG Accountability Working Session
Illicit Internet Pharmacies
NCUC Meeting+engagement with Larry Strickling: Jyoti Panday asked about the dual role of Verisign as a Root zone maintainer and TLD operator. Padmini Baruah asked him about jurisdiction. He said the US Congress will not support a shift in ICANN's jurisdiction.
NCSG/gNSO (CIS work on DIDP got public mention)
Contractual Compliance Programme Update
CWG Stewardship working session
Role of Voluntary Practices in Combating Abuse and Illegal Activity
Joint meeting of the ICANN Board and NCSG

For more details visit https://cis-india.org/internet-governance/news/icann-54

CIS Para-wise Comments on Draft Reasonable Security Practices Rules, 2011

Prashant Iyengar — 2012-12-14T10:32:06Z

On February 7th 2011, the Department of Information Technology, MCIT published draft rules on its website (The Information Technology (Reasonable security practices and procedures and sensitive personal information) Rules, 2011) in exercise of the powers conferred by Section 87(2)(ob), read with Section 43A of the Information Technology Act, 2000. Comments were invited from the public before February 25th 2011. Accordingly, Privacy India and Centre for Internet and Society, Bangalore have prepared the following para-wise comments for the Ministry’s consideration.

A. Specific Objections

Rule 3

Sensitive personal data or information.— Sensitive personal data or information of a person shall include information collected, received, stored, transmitted or processed by body corporate or intermediary or any person, consisting of :

Password;

...

Call data records;

Comment

We suggest that this list be expanded to include information such as sexual orientation, religion and caste. In addition, “electronic communication records” including emails, chat logs and other communications using a computer should be designated sensitive personal information.

Rule 4

Body Corporate to provide policy for privacy and disclosure of information.— (1) The body corporate or any person who on behalf of body corporate collects, receives, possess, stores, deals or handle shall provide a privacy policy for handling of or dealing in user information including sensitive personal information and ensure that the same are available for view by such providers of information who has provided such information under lawful contract. Such policy shall provide for:

Type of personal or sensitive information collected under sub-rule (ii) of rule 3;

Purpose, means and modes of usage of such information;

Disclosure of information as provided in rule 6

Comment

We recommend that the privacy policy be made available for view to all individuals to whom the information held by the body corporate pertains. Currently the privacy policy will only be disclosed to the “providers of information” who may not be the individual concerned directly.

Rule 5

Collection of information.—

(1) Body corporate or any person on its behalf shall obtain consent of the provider of the information regarding purpose, means and modes of uses before collection of such information.

Comment

We recommend the substitution of the term “individual to whom the data pertains” instead of the phrase “provider of the information”.

(2) Body corporate or any person on its behalf shall not collect sensitive personal information unless—

the information is collected for a lawful purpose connected with a function or activity of the agency; and

the collection of the information is necessary for that purpose.

Comment

We recommend a blanket prohibition of collection of biometric data unless a heightened security interest is demonstrated.

(3) While collecting information directly from the individual concerned, the body corporate or any person on its behalf shall take such steps as are, in the circumstances, reasonable to ensure that the individual concerned is aware of.

Comment

We recommend a simpler phrase like “The body corporate.. shall take reasonable steps to inform the individual concerned” instead of the current complex phrasing. Reasonableness has generally been interpreted by courts contextually. For instance, the Supreme Court has remarked, “`Reasonable’ means prima facie in law reasonable in regard to those circumstances of which the actor, called upon to act reasonably, knows or ought to know. See Gujarat Water Supply and Sewage Board v. Unique Erectors (Guj) AIR 1989 SC 973.

(4) Body corporate or any person on its behalf holding sensitive personal information shall not keep that information for longer than is required for the purposes for which the information may lawfully be used.

Comment

We recommend that this be converted into a mandatory obligation to delete or anonymise the information collected within a stipulated period (say 6 months) after the expiry of use for which it was collected.

(6) Body corporate or any person on its behalf shall permit the users to review the information they had provided and modify the same, wherever necessary.

Comment

Individuals should have the right to review and modify information pertaining to them whether or not they themselves had provided the information to the body corporate. This right should be provided to them wherever the information that pertains to them is incorrect.

(7) Body corporate or any person on its behalf shall provide an option to the provider of the information to opt-in or opt-out.

Comment

We recommend that the wording be changed to “individual to whom the data pertains” instead of “provider of information”.

For more details visit https://cis-india.org/internet-governance/blog/security-practices-rules

CIS Para-wise Comments on Cyber Café Rules, 2011

Prashant Iyengar — 2012-12-14T10:32:02Z

On February 7th 2011, the Department of Information Technology, MCIT published draft rules on its website (The Information Technology (Guidelines for Cyber Cafe) Rules, 2011) in exercise of the powers conferred by Section 87(2) (zg), read with Section 79(2) of the Information Technology Act, 2000. Comments were invited from the public before February 25th 2011. Accordingly, Privacy India and Centre for Internet and Society, Bangalore have prepared the following para wise comments for the Ministry’s consideration.

A. General Objections

These rules have no nexus with their parent provision, namely s.79(2). Section 79(1) provides for exemption from liability for intermediaries. Section 79(2) thereupon states:

79. Intermediaries not to be liable in certain cases—

(2) The provisions of sub-section (1) shall apply if—

(a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hasted; or
(b) the intermediary does not—

(i) initiate the transmission,
(ii) select the receiver of the transmission, and
(iii) select or modify the information contained in the transmission;

(c) the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf.

Therefore, by not observing any of the provisions of the Rules, the intermediary opens itself up for liability for actions of its users. However, the provisions contained in these rules have no rational nexus with due diligence to be observed by the intermediary to absolve itself from liability for third-party actions.

While the government may have authority to regulate cybercafes, that regulation should not be promulgated as rules under s.79(2). Doing so would be ultra vires s.79(2) itself.

Recommendation

These rules should be deleted in toto.

B. Specific Objections

These specific objections are in addition to the above-stated general objection, and do not detract from out recommendation that these rules should be deleted in their entirety.

Rule 2(c)

(c) “Cyber Cafe” means cyber café as defined in clause (na) of sub-section (1) of section 2 of the Act

Comment

The Act defines a cyber cafe as meaning “any facility from where access to the internet is offered by any person in the ordinary course of business to the members of the public”. This would include internet access provided in airports, in restaurants, and in many other places where the provisions of these rules (such as those about height of partitions, etc.) just will not be practicable. Thus, this provision will have unintended consequences.

Rule 3

Agency for issuance of license: Appropriate government will notify an agency to issue license to cyber cafes.

Comment

Rule 3 requires the issuing of a license for the establishment of a cyber café. We believe this is unwarranted since cybercafes, like most commercial establishments are already subject to registration and licensing under the “Shops and Establishments Acts” which have been enacted in all states. These Acts already specify an elaborate procedure for the application, registration and monitoring of all establishments and there is no need to multiply the levels of permission a cyber café must obtain. The current rules do not specify an application procedure, fee, and a maximum or minimum time frame within which such a license must be granted or denied nor does it specify the criterion on which such license applications will be evaluated. We think that in the absence of such legislative guidance, this provision is likely to be abused.

Cyber cafes in India contribute greatly to India’s increasing internet penetration and inserting a licensing regime would greatly impede access to the internet.

We believe that cyber cafes should be allowed to be established in the same manner as other shops and establishments, without the requirement of a special license.

Rule 4(2)

...When an user cannot establish his/her identify to the satisfaction of the Cyber Café as per sub-rule (1), he/she may be photographed by the Cyber Café using a web camera installed on one of the computers in the Cyber Café for establishing the identity of the user.

Comment

Sub-Rule 4 (2) Requires that if an individual is unable to establish identity, their photograph must be taken if they wish to use cyber café facilities. We believe that an individual’s photograph should be taken only as a last resort, where identity has been established.

Rule 4(3)

Children without photo identity card shall be accompanied by an adult with any of the documents as prescribed in sub-rule (1).

Comment

We recommend that children below 18 years should be specifically exempt from proving their identities to cyber café owners. Children are usually the quickest to adopt technology, and the requirement of possessing a valid identity might prove to be a deterrent to their developing computer skills. Likewise, being accompanied by an adult is also an onerous obligation since children’s access to the internet would depend on the availability of an adult/parent who may be too busy to accompany the child on every occasion the child wishes to access the internet or use a computer.

To reiterate, we feel that the current provision specially and adversely targets children from poorer classes (since they are most likely to routinely access internet through cyber cafes) and denies them the opportunity of developing their computer skills which are crucial for the growth of the “knowledge economy” that India is trying to head towards.

In addition, we believe that children are more susceptible to exploitation and consequently have a heightened privacy expectation which must be honoured. We recommend that the current sub-rule be deleted and replaced with a clause which specifically exempts children from proving their identity and forbids taking photographs of them under any circumstance.

Rule 5(1)

... Log Register: After the identity of the user has been established as per sub-rule (1) of rule 4 above, the Cyber Café shall record and maintain the required information of each user in the log register for a minimum period of one year. Also, Cyber Café may maintain an online version of the log register.

Comment

Rule 5(1) Provides a minimum period of one year that Cyber Cafes must retain their log registers. The rule does not specify the details which the log register must provide. In the interests of minimising threats to privacy, we recommend that these details recorded be confined only to the name and duration of use.

In addition, we believe that there should also be a coinciding mandatory deletion clause for the log register requiring details to be purged after the minimum retention period.

Rules 5(3)and 6(2)

5(3): “The cyber café owner shall be responsible for storing and maintaining following backups of logs and computer resource records for at least six months for each access or login by any user :

·    History of websites accessed using computer resource at cyber cafe

·    Logs of proxy server installed at cyber café

·    Mail server logs

·    Logs of network devices such as router, switches, systems etc. installed at cyber café

·    Logs of firewall or Intrusion Prevention/Detection systems, if installed.”

6(2): “The screen of all computers, installed other than in Partitions or Cubicles, shall face ‘outward’, i.e. they shall face the common open space of the Cyber Café.”

Comment

We recommend deletion of this rule since it is an unreasonable intrusion into a person’s privacy and an indirect attempt to censor content which users may wish to access. There are many uses of the internet for which a user may legitimately require privacy: For instance, patients, including HIV patients and those with mental illness, may wish to obtain information about their condition. Similarly sexuality minorities may wish to seek support or reach out to a larger community. Enforcing the architecture stipulated in this rule would discourage their access to such vital information. In addition, this architecture would make it easier for cyber crimes such as identity theft to take place since it would be easier to observe the login details of other users at the cyber café.

Rule 7(1)

Inspection of Cyber Café : “An officer, not below the rank of Police Inspector as authorised by the licensing agency, is authorized to check or inspect cyber café and the computer resource or network established therein at any time for the compliance of these rules. The cyber café owner shall provide every related document, registers and any necessary information to the inspecting officer on demand.

Comment

We recommend this clause be omitted since it confers unfettered and unsupervised powers on any Police Inspector to examine any cyber café premises he may choose without any restriction on time.

Additionally, the provisions of Shops and Establishments Acts of most states already prescribe a procedure for inspection of establishments and examination of records. The current rules merely add another layer of supervision to the existing laws without adequate safeguards.

Comment

Sub-Rule 5(3) holds cyber café owners responsible for the storage and maintenance of back up logs concerning the following information: history of websites, logs of proxy servers, mail server logs, logs of network devices, logs of firewalls installed. We believe that the maximum length for retention of this data should be defined and a mandatory deletion clause should be inserted requiring cyber café owners to delete these logs periodically. We further believe that access to the history of websites and mail server logs is a serious invasion of a person’s privacy, and should be omitted from the back up logs.

This is especially so when currently there is no requirement that cyber café owners maintain their logs under conditions of utmost secrecy and confidence.

For more details visit https://cis-india.org/internet-governance/blog/cyber-cafe-rules

CIS joins the the Global Commission on Internet Governance Research Advisory Network

praskrishna — 2014-03-06T05:20:43Z

The Centre for Internet and Society (CIS) has joined the Research Advisory Committee for the Global Commission on Internet Governance.

Mark Raymond on behalf of Dr. Fen Osler Hampson and Dr. Patricia Lewis, as well as Dr. Laura DeNardis invited Sunil Abraham to join this network.

The Research Advisory Network for the Global Commission on Internet Governance (GCIG) is a joint project of the Centre for International Governance and Chatham House (the Royal Institute of International Affairs).

The GCIG, which is chaired by Swedish Foreign Minister Carl Bildt, is a two-year initiative that will present a comprehensive analysis and recommendations on the future of multi-stakeholder Internet governance. It was announced in conjunction with the World Economic Forum in Davos, Switzerland on 22 January 2014. The press release, list of commission members and Frequently Asked Questions can be found here.

The Research Advisory Network is an indispensable component of the GCIG. It will consist of a group of distinguished scholars and experts who provide input to the Commission in several ways:

Identify and prioritize Internet governance and Internet policy related issues within the GCIG mandate;
Provide expert briefings to the members of the Commission
Conduct research and analysis on a commissioned basis, both for GCIG meeting preparatory materials and for inclusion in the companion research volume that will be issued alongside the formal commission report;
Provide peer review of written materials produced in support of the Commission’s work.

The Research Advisory Network will be led by Dr. Laura DeNardis, who has agreed to serve as the Research Director for the GCIG; will be supported by Dr. Mark Raymond at CIGI and by Ms. Caroline Baylon at Chatham House.

If you would like further information or have any questions, please feel free to contact Mark Raymond at mraymond@cigionline.org

For more details visit https://cis-india.org/news/cis-joins-global-commission-on-internet-governance-research-advisory-network

CIS joins the Christchurch Call Advisory Network

Admin — 2019-09-25T13:57:49Z

Centre for Internet & Society's application for membership of the Christchurch Call Advisory Network has been accepted! As a part of this network, we, along with other civil society groups based out of various jurisdictions, would be providing inputs on making the Call a robust, human rights-centred initiative.

The Christchurch Call Advisory Network membership has been drawn from interested civil society groups, who represent a range of perspectives, including human rights, freedom of expression, digital rights, counter-radicalization, victim support and public policy. Many of the Advisory Network members have been engaged on the Christchurch Call since its launch and are committed to continuing to share their expertise.

The Christchurch Call Advisory Network

Access Now
Africa Digital Policy Project
Annenberg Public Policy Center, University of Pennsylvania
Article 19
Association for Progressive Communications
Brookings Institution
Center for Humane Technology
Centre for Internet and Society, India
Chicago Project on Security and Threats, University of Chicago
Committee to Protect Journalists
Council on American-Islamic Relations (CAIR)
Dangerous Speech Project
Data & Society
Electronic Frontier Foundation
French National Bar Council
Global Disinformation Index
Global Forum for Media Development (GFMD)
Global Partners Digital
Global Network Initiative
Hedayah Center
Human Rights Centre, UC, Berkeley School of Law
ICT for Peace Foundation
Institute for Strategic Dialogue
International Cyber Policy Centre (Australian Strategic Policy Institute)
Internet Governance Project, Georgia Tech
Internet NZ
Internet Sans Frontières
Islamic Women's Council of New Zealand
Life After Hate
Netsafe
New America's Open Technology Institute (New America Foundation)
NZ Council for Civil Liberties
Reporters Without Borders (RSF)
Social Media Governance Initiative, Yale Law School
Syrian Archive
Tech Against Terrorism
The International Muslim Association of New Zealand
The Internet Society
Tony Blair Institute for Global Change
Wellington Abrahamic Council of Jews, Christians, and Muslims (NZ)
WITNESS
Women’s Organisation of the Waikato Muslim Association
Elina Noor (Visiting Fellow, Institute of Strategic and International Studies Malaysia)
Matthew Shears (Internet and telecommunications policy consultant)

For more details visit https://cis-india.org/internet-governance/news/cis-joins-the-christchurch-call-advisory-network