We are anonymous, we are legion

Transparency in Surveillance

vipul — 2016-01-23T15:11:18Z

Transparency is an essential need for any democracy to function effectively. It may not be the only requirement for the effective functioning of a democracy, but it is one of the most important principles which need to be adhered to in a democratic state.

Introduction

A democracy involves the state machinery being accountable to the citizens that it is supposed to serve, and for the citizens to be able to hold their state machinery accountable, they need accurate and adequate information regarding the activities of those that seek to govern them. However, in modern democracies it is often seen that those in governance often try to circumvent legal requirements of transparency and only pay lip service to this principle, while keeping their own functioning as opaque as possible.

This tendency to not give adequate information is very evident in the departments of the government which are concerned with surveillance, and merit can be found in the argument that all of the government's clandestine surveillance activities cannot be transparent otherwise they will cease to be "clandestine" and hence will be rendered ineffective. However, this argument is often misused as a shield by the government agencies to block the disclosure of all types of information about their activities, some of which may be essential to determine whether the current surveillance regime is working in an effective, ethical, and legal manner or not. It is this exploitation of the argument, which is often couched in the language of or coupled with concerns of national security, that this paper seeks to address while voicing the need for greater transparency in surveillance activities and structures.

In the first section the paper examines the need for transparency, and specifically deals with the requirement for transparency in surveillance. In the next part, the paper discusses the regulations governing telecom surveillance in India. The final part of the paper discusses possible steps that may be taken by the government in order to increase transparency in telecom surveillance while keeping in mind that the disclosure of such information should not make future surveillance ineffective.

Need for Transparency

In today's age where technology is all pervasive, the term "surveillance" has developed slightly sinister overtones, especially in the backdrop of the Edward Snowden fiasco. Indeed, there have been several independent scandals involving mass surveillance of people in general as well as illegal surveillance of specific individuals. The fear that the term surveillance now invokes, especially amongst those social and political activists who seek to challenge the status quo, is in part due to the secrecy surrounding the entire surveillance regime. Leaving aside what surveillance is carried out, upon whom, and when - the state actors are seldom willing and open to talk about how surveillance is carried out, how decisions regarding who and how to target, are reached, how agency budgets are allocated and spent, how effective surveillance actions were, etc. While there may be justified security based arguments to not disclose the full extent of the state's surveillance activities, however this cloak of secrecy may be used illegally and in an unauthorized manner to achieve ends more harmful to citizen rights than the maintenance of security and order in the society.

Surveillance and interception/collection of communications data can take place under different legal processes in different countries, ranging from court-ordered requests of specified data from telecommunications companies to broad executive requests sent under regimes or regulatory frameworks requiring the disclosure of information by telecom companies on a pro-active basis. However, it is an open secret that data collection often takes place without due process or under non-legal circumstances.

It is widely believed that transparency is a critical step towards the creation of mechanisms for increased accountability through which law enforcement and government agencies access communications data. It is the first step in the process of starting discussions and an informed public debate regarding how the state undertakes activities of surveillance, monitoring and interception of communications and data. Since 2010, a large number of ICT companies have begun to publish transparency reports on the extent that governments request their user data as well as requirements to remove content. However, governments themselves have not been very forthcoming in providing such detailed information on surveillance programs which is necessary for an informed debate on this issue.[1] Although some countries currently report limited information on their surveillance activities, e.g. the U.S. Department of Justice publishes an annual Wiretap Report (U.S. Courts, 2013a), and the United Kingdom publishes the Interception of Communications Commissioner Annual Report (May, 2013), which themselves do not present a complete picture, however even such limited measures are unheard of in a country such as India.

It is obvious that Governments can provide a greater level of transparency regarding the limits in place on the freedom of expression and privacy than transparency reports by individual companies. Company transparency reports can only illuminate the extent to which any one company receives requests and how that company responds to them. By contrast, government transparency reports can provide a much greater perspective on laws that can potentially restrict the freedom of expression or impact privacy by illustrating the full extent to which requests are made across the ICT industry. [2]

In India, the courts and the laws have traditionally recognized the need for transparency and derive it from the fundamental right to freedom of speech and expression guaranteed in our Constitution. This need coupled with a sustained campaign by various organizations finally fructified into the passage of the Right to Information Act, 2005, (RTI Act) which amongst other things also places an obligation on the sate to place its documents and records online so that the same may be freely available to the public. In light of this law guaranteeing the right to information, the citizens of India have the fundamental right to know what the Government is doing in their name. The free flow of information and ideas informs political growth and the freedom of speech and expression is the lifeblood of a healthy democracy, it acts as a safety valve. People are more ready to accept the decisions that go against them if they can in principle seem to influence them. The Supreme Court of India is of the view that the imparting of information about the working of the government on the one hand and its decision affecting the domestic and international trade and other activities on the other is necessary, and has imposed an obligation upon the authorities to disclose information.[3]

The Supreme Court, in Namit Sharma v. Union of India,[4] while discussing the importance of transparency and the right to information has held:

"The Right to Information was harnessed as a tool for promoting development; strengthening the democratic governance and effective delivery of socio-economic services. Acquisition of information and knowledge and its application have intense and pervasive impact on the process of taking informed decision, resulting in overall productivity gains .

……..

Government procedures and regulations shrouded in the veil of secrecy do not allow the litigants to know how their cases are being handled. They shy away from questioning the officers handling their cases because of the latters snobbish attitude. Right to information should be guaranteed and needs to be given real substance. In this regard, the Government must assume a major responsibility and mobilize skills to ensure flow of information to citizens. The traditional insistence on secrecy should be discarded."

Although these statements were made in the context of the RTI Act the principle which they try to illustrate can be understood as equally applicable to the field of state sponsored surveillance. Though Indian intelligence agencies are exempt from the RTI Act, it can be used to provide limited insight into the scope of governmental surveillance. This was demonstrated by the Software Freedom Law Centre, who discovered via RTI requests that approximately 7,500 - 9,000 interception orders are sent on a monthly basis.[5]

While it is true that transparency alone will not be able to eliminate the barriers to freedom of expression or harm to privacy resulting from overly broad surveillance,, transparency provides a window into the scope of current practices and additional measures are needed such as oversight and mechanisms for redress in cases of unlawful surveillance. Transparency offers a necessary first step, a foundation on which to examine current practices and contribute to a debate on human security and freedom.[6]

It is no secret that the current framework of surveillance in India is rife with malpractices of mass surveillance and instances of illegal surveillance. There have been a number of instances of illegal and/or unathorised surveillance in the past, the most scandalous and thus most well known is the incident where a woman IAS officer was placed under surveillance at the behest of Mr. Amit Shah who is currently the president of the ruling party in India purportedly on the instructions of the current prime minister Mr. Narendra Modi.[7] There are also a number of instances of private individuals indulging in illegal interception and surveillance; in the year 2005, it was reported that Anurag Singh, a private detective, along with some associates, intercepted the telephonic conversations of former Samajwadi Party leader Amar Singh. They allegedly contacted political leaders and media houses for selling the tapped telephonic conversation records. The interception was allegedly carried out by stealing the genuine government letters and forging and fabricating them to obtain permission to tap Amar Singh's telephonic conversations. [8] The same individual was also implicated for tapping the telephone of the current finance minister Mr. Arun Jaitely.[9]

It is therefore obvious that the status quo with regard to the surveillance mechanism in India needs to change, but this change has to be brought about in a manner so as to make state surveillance more accountable without compromising its effectiveness and addressing legitimate security concerns. Such changes cannot be brought about without an informed debate involving all stakeholders and actors associated with surveillance, however the basic minimum requirement for an "informed" debate is accurate and sufficient information about the subject matter of the debate. This information is severely lacking in the public domain when it comes to state surveillance activities - with most data points about state surveillance coming from news items or leaked information. Unless the state becomes more transparent and gives information about its surveillance activities and processes, an informed debate to challenge and strengthen the status quo for the betterment of all parties cannot be started.

Current State of Affairs

Surveillance laws in India are extremely varied and have been in existence since the colonial times, remnants of which are still being utilized by the various State Police forces. However in this age of technology the most important tools for surveillance exist in the digital space and it is for this reason that this paper shall focus on an analysis of surveillance through interception of telecommunications traffic, whether by tracking voice calls or data. The interception of telecommunications actually takes place under two different statutes, the Telegraph Act, 1885 (which deals with interception of calls) as well as the Information Technology Act, 2000 (which deals with interception of data).

Currently, the telecom surveillance is done as per the procedure prescribed in the Rules under the relevant sections of the two statutes mentioned above, viz. Rule 419A of the Telegraph Rules, 1951 for surveillance under the Telegraph Act, 1885 and the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 for surveillance under the Information Technology Act, 2000. These Rules put in place various checks and balances and try to ensure that there is a paper trail for every interception request. [10] The assumption is that the generation of a paper trail would reduce the number of unauthorized interception orders thus ensuring that the powers of interception are not misused. However, even though these checks and balances exist on paper as provided in the laws, there is not enough information in the public domain regarding the entire mechanism of interception for anyone to make a judgment on whether the system is working or not.

As mentioned earlier, currently the only sources of information on interception that are available in the public domain are through news reports and a handful of RTI requests which have been filed by various activists.[11] The only other institutionalized source of information on surveillance in India is the various transparency reports brought out by companies such as Google, Yahoo, Facebook, etc.

Indeed, Google was the first major corporation to publish a transparency report in 2010 and has been updating its report ever since. The latest data that is available for Google is for the period between January, 2015 to June, 2015 and in that period Google and Youtube together received 3,087 requests for data which asked for information on 4,829 user accounts from the Indian Government. Out of these requests Google only supplied information for 44% of the requests.[12] Although Google claims that they "review each request to make sure that it complies with both the spirit and the letter of the law, and we may refuse to produce information or try to narrow the request in some cases", it is not clear why Google rejected 56% of the requests. It may also be noted that the number of requests for information that Google received from India were the fifth highest amongst all the other countries on which information was given in the Transparency Report, after USA, Germany, France and the U.K.

Facebook's transparency report for the period between January, 2015 to June, 2015 reveals that Facebook received 5,115 requests from the Indian Government for 6,268 user accounts, out of which Facebook produced data in 45.32% of the cases.[13] Facebook's transparency report claims that they respond to requests relating to criminal cases and "Each and every request we receive is checked for legal sufficiency and we reject or require greater specificity on requests that are overly broad or vague." However, even in Facebook's transparency report it is unclear why 55.68% of the requests were rejected.

The Yahoo transparency report also gives data from the period between January 1, 2015 to June 30, 2015 and reveals that Yahoo received 831 requests for data, which related to 1,184 user accounts from the Indian Government. The Yahoo report is a little more detailed and also reveals that 360 of the 831 requests were rejected by Yahoo, however no details are given as to why the requests were rejected. The report also specifies that in 63 cases, no data was found by Yahoo, in 249 cases only non content data[14] was disclosed while in 159 cases content [15] was disclosed. The Yahoo report also claims that "We carefully scrutinize each request to make sure that it complies with the law, and we push back on those requests that don't satisfy our rigorous standards."

While the Vodafone Transparency Report gives information regarding government requests for data in other jurisdictions, [16] it does not give any information on government requests in India. This is because Vodafone interprets the provisions contained in Rule 25(4) of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 (Interception Rules) and Rule 11 of the IT (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009 as well as Rule 419A(19) of the Indian Telegraph Rules, 1954 which require service providers to maintain confidentiality/secrecy in matters relating to interception, as being a legal prohibition on Vodafone to reveal such information.

Apart from the four major companies discussed above, there are a large number of private corporations which have published transparency reports in order to acquire a sense of trustworthiness amongst their customers. Infact, the Ranking Digital Rights Project has been involved in ranking some of the biggest companies in the world on their commitment to accountability and has brought out the Ranking Digital Rights 2015 Corporate Accountability Index that has analysed a representative group of 16 companies "that collectively hold the power to shape the digital lives of billions of people across the globe".

Suggestions on Transparency

It is clear from the discussions above, as well as a general overview of various news reports on the subject, that telecom surveillance in India is shrouded in secrecy and it appears that a large amount of illegal and unauthorized surveillance is taking place behind the protection of this veil of secrecy. If the status quo continues, then it is unlikely that any meaningful reforms would take place to bring about greater accountability in the area of telecom surveillance. It is imperative, for any sort of changes towards greater accountability to take place, that we have enough information about what exactly is happening and for that we need greater transparency since transparency is the first step towards greater accountability.

Transparency Reports

In very simplistic terms transparency, in anything, can best be achieved by providing as much information about that thing as possible so that there are no secrets left. However, it would be naïve to say that all information about interception activities can be made public on the altar of the principle of transparency, but that does not mean that there should be no information at all on interception. One of the internationally accepted methods of bringing about transparency in interception mechanisms, which is increasingly being adopted by both the private sector as well as governments, is to publish Transparency Reports giving various details of interception while keeping security concerns in mind. The two types of transparency reports that we require in India and what that would entail is briefly discussed below:

By the Government

The problem with India's current regime for interception is that the entire mechanism appears more or less adequate on paper with enough checks and balances involved in it to prevent misuse of the allotted powers. However, because the entire process is veiled in secrecy, nobody knows exactly how good or how rotten the system has become and whether it is working to achieve its intended purposes. It is clear that the current system of interception and surveillance being followed by the government has some flaws, as can be gathered from the frequent news articles which talk about incidents of illegal surveillance. However, without any other official or more reliable sources of information regarding surveillance activities these anecdotal pieces of evidence are all we have to shape the debate regarding surveillance in India. It is only logical then that the debate around surveillance, which is informed by such sketchy and unreliable news reports will automatically be biased against the current mechanism since the newspapers would also only be interested in reporting the scandalous and the extraordinary incidents. For example, some argue that the government undertakes mass surveillance, while others argue that India only carries out targeted surveillance, but there is not enough information publicly available for a third party to support or argue against either claim. It is therefore necessary and highly recommended that the government start releasing a transparency report such as the one's brought out by the United States and the UK as mentioned above.

There is no need for a separate department or authority just to make the transparency report and this task could probably be performed in-house by any department, but considering the sector involved, it would perhaps be best if the Department of Telecommunications is given the responsibility to bring out a transparency report. These transparency reports should contain certain minimum amount of data for them to be an effective tool in informing the public discourse and debate regarding surveillance and interception. The report needs to strike a balance between providing enough information so that an informed analysis can be made of the effectiveness of the surveillance regime without providing so much information so as to make the surveillance activities ineffective. Below is a list of suggestions as to what kind of data/information such reports should contain:

Reports should contain data regarding the number of interception orders that have been passed. This statistic would be extremely useful in determining how elaborate and how frequently the state indulges in interception activities. This information would be easily available since all interception orders have to be sent to the Review Committee set up under Rule 419A of the Telegraph Rules, 1954.
The Report should contain information on the procedural aspects of surveillance including the delegation of powers to different authorities and individuals, information on new surveillance schemes, etc. This information would also be available with the Ministry of Home Affairs since it is a Secretary or Joint Secretary level officer in the said Ministry which is supposed to authorize every order for interception.
The report should contain an aggregated list of reasons given by the authorities for ordering interception. This information would reveal whether the authorities are actually ensuring legal justification before issuing interception or are they just paying lip service to the rules to ensure a proper paper trail. Since every order of interception has to be in writing, the main reasons for interception can easily be gleaned from a perusal of the orders.
It should also reveal the percentage of cases where interception has actually found evidence of culpability or been successful in prevention of criminal activities. This one statistic would itself give a very good review of the effectiveness of the interception regime. Granted that this information may not be very easily obtainable, but it can be obtained with proper coordination with the police and other law enforcement agencies.
The report should also reveal the percentage of order that have been struck down by the Review Committee as not following the process envisaged under the various Rules. This would give a sense of how often the Rules are being flouted while issuing interception orders. This information can easily be obtained from the papers and minutes of the meetings of the Review Committee.
The report should also state the number of times the Review Committee has met in the period being reported upon. The Review Committee is an important check on the misuse of powers by the authorities and therefore it is important that the Review Committee carries out its activities in a diligent manner.

It may be noted here that some provisions of the Telegraph Rules, 1954 especially sub-Rules 17 and 18 of Rule 419A as well as Rules 22, 23(1) and 25 of the Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009 may need to be amended so as to make them compliant with the reporting mechanism proposed above.

By the Private Sector

We have already discussed above the transparency reports published by certain private companies. Suffice it to say that reports from private companies should give as much of the information discussed under government reports as possible and/or applicable, since they may not have a large amount of the information that is sought to be published in the government reports such as whether the interception was successful, the reasons for interception, etc. It is important to have ISPs provide such transparency reports as this will provide two different data points for information on interception and the very existence of these private reports may act as a check to ensure the veracity of the government transparency reports.

As in the case of government reports, for the transparency reports of the private sector to be effective, certain provisions of the Telegraph Rules, 1954 and the Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009, viz. sub-Rules 14, 15 and 19 of Rule 419A of the Telegraph Rules, 1954 and Rules 20, 21, 23(1) and 25 of the Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009.

Overhaul of the Review Committee

The Review Committee which acts as a check on the misuse of powers by the competent authorities is a very important cog in the entire process. However, it is staffed entirely by the executive and does not have any members of any other background. Whilst it is probably impractical to have civilian members in the Review Committee which has access to potentially sensitive information, it is extremely essential that the Committee has wider representation from other sectors specially the judiciary. One or two members from the judiciary on the Review Committee would provide a greater check on the workings of the Committee as this would bring in representation from the judicial arm of the State so that the Review Committee does not remain a body manned purely by the executive branch. This could go some ways to ensure that the Committee does not just "rubber stamp" the orders of interception issued by the various competent authorities.

Conclusion

It is not in dispute that there is a need for greater transparency in the government's surveillance activities in order to address the problems associated with illegal and unauthorised interceptions. This paper is not making the case that greater transparency in and by itself will be able to solve the problems that may be associated with the government's currency interception and surveillance regime, however it is not possible to address any problem unless we know the real extent of it. It is essential for an informed debate and discussion that the people participating in the discussion are "informed", i.e. they should have accurate and adequate information regarding the issues which are being discussed. The current state of the debate on interception is rife with individuals using illustrative and anecdotal evidence which, in the absence of any other evidence, they assume to be the norm.

A more transparent and forthcoming state machinery which regularly keeps its citizens abreast of the state of its surveillance regime would be likely to get better suggestions and perhaps less criticisms if it does come out that the checks and balances imposed in the regulations are actually making a difference to check unauthorized interceptions, and if not, then it is the right of the citizens to know about this and ask for reforms.

[1] James Losey, "Surveillance of Communications: A Legitimization Crisis and the Need for Transparency", International Journal of Communication 9(2015), Feature 3450-3459, 2015.

[2] Id.

[3] Namit Sharma v. Union of India, http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=39566.

[4] http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=39566 . Although the judgment was overturned on review, however this observation quoted above would still hold as it has not been specifically overturned.

[5] http://sflc.in/wp-content/uploads/2014/09/SFLC-FINAL-SURVEILLANCE-REPORT.pdf .

[6] James Losey, "Surveillance of Communications: A Legitimization Crisis and the Need for Transparency", International Journal of Communication 9 (2015), Feature 3450-3459, 2015.

[7] http://gulail.com/the-stalkers/ .

[8] http://timesofindia.indiatimes.com/india/Amar-Singh-phone-tap-accused-tracked-Arun-Jaitleys-mobile/articleshow/18582508.cms .

[9] http://ibnlive.in.com/news/arun-jaitley-phonetapping-case-all-accused-get-bail/394997-37-64.html .

[10] For a detailed discussion of the Rules of interception please see Policy Paper on Surveillance in India, by Vipul Kharbanda, http://cis-india.org/internet-governance/blog/policy-paper-on-surveillance-in-india .

[11] As an example please see http://cis-india.org/internet-governance/resources/rti-on-officials-and-agencies-authorized-to-intercept-telephone-messages-in-india .

[12] https://www.google.com/transparencyreport/userdatarequests/countries/ .

[13] https://govtrequests.facebook.com/country/India/2015-H1/ .

[14] Non-content data (NCD) such as basic subscriber information including the information captured at the time of registration such as an alternate e-mail address, name, location, and IP address, login details, billing information, and other transactional information (e.g., "to," "from," and "date" fields from email headers).

[15] Data that users create, communicate, and store on or through Yahoo. This could include words in a communication (e.g., Mail or Messenger), photos on Flickr, files uploaded, Yahoo Address Book entries, Yahoo Calendar event details, thoughts recorded in Yahoo Notepad or comments or posts on Yahoo Answers or any other Yahoo property.

[16] https://www.vodafone.com/content/sustainabilityreport/2014/index/operating_responsibly/privacy_and_security/law_enforcement/country_by_country.html .

For more details visit https://cis-india.org/internet-governance/blog/transparency-in-surveillance

Transparency and Privacy

praskrishna — 2014-02-28T04:54:08Z

The two concepts, transparency and privacy, can be both opposing and inter related. On one level the protection of individual privacy is achieved through institutional and governmental transparency, as transparency of actions taken by the government or private sector, concerning the individuals works to inspire trust. On another level situations of privacy and transparency bring out the question of how the public good should be balanced against public and private interests.

For more details visit https://cis-india.org/internet-governance/blog/transparency-and-privacy.pdf

Transparency and MDGs: the Role of the Media and Technology

praskrishna — 2011-04-02T10:16:21Z

Key quotes from sixth panel

“We are thinking globally, acting locally. We take the bottom-up approach with radio for people in the community to tell their government what they need and to partake in decision making process.”
— Lucy Maathai, Slums Information Development and Resource Centers, Kenya

“For HIV/AIDS in Botswana during the 1990s, we tried creating big billboards saying ‘get tested’, we tried working through NGOs, but it was not until we also got local churches and local tribal leaders together, that things changed. We had to focus on getting buy-in from the political leadership and every local leader. UNDEF was set up to fill the gaps between UN agencies like UNICEF, UNDP, etc. What I have seen in botswana and 30 years of experience, is that if we always add information and communication at the end, we will fail. Rather we need to make sure that it is integrated all along. Furthermore, people in Botswana are aware of technologies, but they do not feel that they can use it or are supported to use it. Instead they use traditional methods, such as churches, in bars, and with local tribal leaders. The UN are mostly used to dealing with formal institutions, but in order to help the bottom billion in the world, we need to engage with the informal institutions, sometimes even with the ‘bad guys’”.
— Bjoern Ferde, UNDP Oslo Center, Norway

“If a transparency system is based on suspicion rather than trust, it breeds corruption. If your demand for transparency and accountability undermines social safety nets, you will undermine your entire argument. Transparency may seem to add to accountability, but we must understand that it oftens undermines privacy (in the Gujarat genocide, muslims were found and killed by rioters using tax and electoral records). In addition, in india, a name alone reveals a lot of information on caste, area and religion, so what is normal in the west – disclosing names – is not always a good idea. Finally, in many places, particularly those in conflict, disclosing your income may lead to groups turning up at your door and demanding a share.”

— Sunil Abraham, Centre for Internet and Society, India

“It’s great what ARTICLE 19 is doing. There’s often a lot of discussion within communities, but not so often discussions between communities. I want to connect the media too. So little has been done at the international level on how information and communication help development. We do need to acknowledge that the media has massive advantages as an information and transparency mechanism. If you ask politicians what they are worried about in regards to transparency, they are worried about the media. In peru, a report states that Fujimori bribed media executives 100x the amount that he bribed a judge. Indeed, there are so few people paid within UN organisations to focus on understanding and using communication to effect people’s lives. We are operating in a strategic vaccum. It’s hugely exciting to work out where we can go in the future. This event takes us a long way forward.”
— James Deane, BBC World Trust, UK

“There are simple and creative ways to demonstrate information, such as the ‘stone’ test. In Botswana, each person in a village was asked to place a stone in the middle of the group for every person that died due to HIV/AIDS. It created an immediate and devastating effect when people suddenly visualised the effect on their community and then collectively began to think about what that meant in regards to families and society.”
— Bjoern Ferde, UNDP Oslo Center, Norway

“In the south we call the media the fourth estate – a moral and ethical force to protect democracy and the constitution of our country. In the north however, we have a business model which completely removes any sense of ethics. The Indian Express, for example, will only talk about markets, not about people and their lives in poverty. Furthermore, whilst we want information shared, we do not want the information collected by the state to destroy the people.
— Aruna Roy, MKSS

Read the original

For more details visit https://cis-india.org/news/transparency-mdgs-key-quotes

Transnational Due Process: A Case Study in Multi-stakeholder Cooperation

praskrishna — 2015-11-07T15:47:41Z

The Internet & Jurisdiction Project is organizing the workshop “Transnational due process: A case study in multi-stakeholder cooperation” at the Internet Governance Forum convened by the United Nations on November 10-13, 2015. Sunil Abraham will be a speaker in this event.

Multi-stakeholder cooperation is necessary to develop and implement operational solutions to Internet Governance challenges. One such challenge is the tension between the cross-border nature of the Internet and diverse national jurisdictions. As a result, direct requests are increasingly addressed by public authorities and courts in one country to Internet platforms and DNS operators in other jurisdictions for domain seizures, content takedowns and user identification.

The roundtable at the Internet Governance Forum 20125 will gather participants in the I&J Project from different stakeholder groups to report on the progress of the Internet & Jurisdiction process and talk about:

the method employed to develop this framework, challenges encountered and solutions found
the potential distribution of roles among the respective stakeholders in the operation of the diverse framework components

Participants

ANNE CARBLANC, Head of Division, Directorate for Science, Technology and Industry, OECD
EILEEN DONAHUE, Director Global Affairs, Human Rights Watch
BYRON HOLLAND, President and CEO, CIRA (Canadian ccTLD)
CHRISTOPHER PAINTER, Coordinator for Cyber Issues, US Department of State
SUNIL ABRAHAM, Executive Director, CIS India
ALICE MUNYUA, Lead dotAfrica Initiative and GAC representative, African Union Commission
Speaker tbc, Google
FRANK LaRUE, Former UN Special Rapporteur for Freedom of Expression
Speaker tbc, German Federal Foreign Office
HARTMUT GLASER, Executive Secretary, Brazilian Internet Steering Committee
MATT PERAULT, Head of Policy Development, Facebook

This was published on the website of Internet & Jurisdiction Also see this on IGF website.

For more details visit https://cis-india.org/internet-governance/news/transnational-due-process-a-case-study-in-multi-stakeholder-cooperation

Transnational Due Process: A Case Study in MS Cooperation

praskrishna — 2015-11-08T03:27:02Z

nternet Governance Forum (IGF) 2015 will be held at Jao Pessoa in Brazil from November 10 to 13, 2015. The theme of IGF 2015 is Evolution of Internet Governance: Empowering Sustainable Development. Internet & Jurisdiction Project is organizing a workshop on Transnational Due Process on November 13, 2015. Sunil Abraham is a panelist.

Since 2012, the Internet & Jurisdiction Project facilitates a multi-stakeholder dialogue process on this issue. More than 80 entities have collaboratively produced a draft transnational due process framework. Here, the concept of multi-stakeholder cooperation is therefore relevant both as method (the dialogue process) and as outcome (the collaborative framework).

The roundtable will gather participants in the I&J Project from different stakeholder groups to describe:

the method employed to develop this framework, challenges encountered and solutions found
the potential distribution of roles among the respective stakeholders in the operation of the diverse framework components

The expected benefit is to share concrete experiences around innovative approaches for multi-stakeholder cooperation such as issue-based networks, inter-sessional work methods and transnational policy standards.

This session will also present the proposed framework to the IGF community to solicit feedback, reach out to new actors and discuss the way forward. The roundtable will be prepared in 2015 by two dedicated meetings in Germany and Brazil, as well as by a number of other sessions with stakeholders around the world organized by the Internet & Jurisdiction Project.

Click to read the details on IGF website.

For more details visit https://cis-india.org/internet-governance/news/transnational-due-process-a-case-study-in-ms-cooperation

Transference: Reimagining Data Systems: Beyond the Gender Binary

torsha — 2021-12-15T12:58:31Z

The Centre for Internet and Society (CIS) invites you to participate in a day-long convening on the rights of transgender persons, specifically right to privacy and digital rights. Through this convening, we hope to highlight the concerns of transgender persons in accessing digital data systems and the privacy challenges faced by the community. These challenges include access to their rights — their right to self-identify their gender and welfare services offered by the State and the privacy challenges faced by transgender and intersex persons in revealing their identity.

As the meaning of the word ‘Transference’ goes, through this convening, as a learning, we hope to capture and transfer the realities of transgender persons with engaging and being a part of digital data systems in India. Given the rapid digitisation of different public and private data systems in India, we hope to initiate a conversation that understands their struggles and challenges to realistically initiate the re-imagination of data systems — digital and otherwise — one that is mindful about their everyday struggles with privacy and access.

Owing to the history of systemic exclusions faced by transgender persons, it is important to highlight their difficulties in accessing technological systems and the impact on their privacy, as central issues that require serious consideration. Presently, their realities seem to be ignored by the State while designing most technology laws and policies governing digital systems.

Background

In the landmark verdict in 2014, NALSA Vs Union of India, the Supreme Court of India for the first time recognised the right of an individual to self-identify their gender as male, female or transgender. This verdict detailed nine directives to be implemented by the central and state governments in India for the inclusion of transgender persons.

Similarly, 2017 was a watershed moment in India’s constitutional history when the Supreme Court held the right to privacy to be a fundamental right. More importantly, the Court expounded on this right and held that the protection of an individual’s gender identity is an essential component of the right to privacy and that privacy at its core includes the preservation of personal intimacies, autonomy, the sanctity of family life, marriage, procreation, the home and sexual orientation.

The 2017 privacy judgement led to the Supreme Court pronouncing the Navtej Johar v Union of India in 2018, striking down the Koushal judgement and decriminalising acts of consensual non-hetrosexual acts of intimacy. In 2019, the Personal Data Protection Bill, 2019 was introduced in Parliament for the regulation and protection of personal data. The PDP Bill classifies data into two categories as (i) personal data; and (ii) sensitive personal data. As per the PDP Bill, data identifying the transgender status and intersex status falls within the ambit of sensitive personal data. Around the time of the PDP Bill being tabled in Parliament, the Transgender Persons (Protection of Rights) Act 2019 was passed by the Parliament despite severe opposition to the Bill from civil society members as well as members of Parliament.

There is a lack of clarity on the interplay between the PDP Bill and the Transgender Act and the challenges the PDP Bill may pose to the transgender community. Moving beyond mere mentions in the definition of the law through a cisgendered heteronormative lens, it is important for the discourse on data and privacy to broaden its scope to realistically include people of different sexual orientations, gender and sexual identities, gender expressions and sex characteristics.

About the Event

Through these panel discussions, we propose to highlight the concerns of transgender persons with accessing digital data systems and the privacy challenges faced by them . These challenges include access to their rights — their right to self-identify their gender and access welfare services offered by the State and the privacy challenges faced by transgender persons in revealing their identity.

The objective of these discussions is to initiate more conversations about the technological and data exclusions faced by this historically marginalised community in India. The intent is to better understand the realities of transgender persons and contribute to the larger advocacy on privacy, intersectionality and (digital) systems design.

Click to register for the event here

For more details visit https://cis-india.org/internet-governance/events/transference-reimagining-data-systems-beyond-the-gender-binary

Transcripts from WCIT-12

snehashish — 2012-12-03T14:00:21Z

We are archiving copies of the live-transcripts from the World Conference on International Telecommunications, 2012 (WCIT-12) which is being held in Dubai from 3–14 December, 2012.

This is an unedited rough transcript of the discussions/sessions at the WCIT,2012 which is live-streamed and made available by the ITU. We are hosting the live-streamed text for archival purposes:

Day 1 - WCIT-2012: Opening Ceremony (December 3, 2012)

Day 1 - WCIT-2012: Plenary 1 (December 3, 2012)

For more details visit https://cis-india.org/internet-governance/blog/transcripts-of-wcit-2012

Trans Pacific Partnership and Digital 2 Dozen: Implications for Data Protection and Digital Privacy

Shubhangi Heda — 2016-07-12T07:56:24Z

In this essay, Shubhangi Heda explores the concerns related to data protection and digital privacy under the Trans Pacific Partnership (TPP) agreement signed recently between United States of America and eleven countries located around the pacific ocean region, across South America, Australia, and Asia. TPP is a free trade agreement (FTA) that emphasises, among other things, the need for liberalising global digital economy. The essay also analyses the critical document titled ‘Digital 2 Dozen’ (D2D), which compiles the key action items within TPP addressing liberalisation of digital economy, and sets up the relevant goals for the member nations.

1. Introduction

2. Analysis of TPP and D2D

2.1. Trans Pacific Partnership (TPP)

2.2. Digital 2 Dozen (D2D)

3. Major Criticisms of the Digital Agenda of TPP

3.1. Data Protection

3.2. Digital Privacy

4. Implications of TPP for RCEP

5. Implications of TPP in the Context of EU Safe Harbour Judgement

6. Implications of TPP for India after US-India Cyber Relationship Agreement

7. Conclusion

8. Endnotes

9. Author Profile

1. Introduction

This essay explores the concerns related to data protection and digital privacy under the Trans Pacific Partnership (TPP) agreement signed recently between United States of America and eleven countries located around the pacific ocean region, across South America, Australia, and Asia [1]. TPP is a free trade agreement (FTA) that emphasises, among other things, the need for liberalising global digital economy. The essay also analyses the critical document titled ‘Digital 2 Dozen’ (D2D), which compiles the key action items within TPP addressing liberalisation of digital economy, and sets up the relevant goals for the member nations. TPP requires the member countries to facilitate unhindered digital data flow across nations, for commercial and governmental purposes, which evidently have major implications for national and regional data protection and privacy regimes. These implications must also be seen in the context the recent judgement by the EU Court of Justice against the validity of the EU-USA data transfer agreement of 2000. Further, the essay discusses the potential impacts that TPP/D2D might have on India, in the context of the ongoing USA-India Cyber Relationship dialogue. If the privacy concerns are not raised right now TPP might act as a model framework for future FTAs which will fail to encompass proper data protection and digital privacy regime within it.

2. Analysis of TPP and D2D

2.1. Trans Pacific Partnership (TPP)

Trans Pacific Partnership (TPP) is a large multi-partner free trade agreement amongst twelve Asia-Pacific countries, which is closely led by geo-political and economic strategies of the USA. Countries started the negotiation of TPP in 2008 when USA joined Pacific Four (P-4) negotiations and in 2015 negotiations of TPP was concluded and text was released. Ministers from the member countries signed the agreement on February 4, 2016 [2]. The main aim of TPP is to liberalise trade and investment beyond what is provided for within the WTO. It is also considered to be a strategic move by the US to counter the trade linkages that are being established in the Asian region. TPP largely covers topics of market access, and rules on various related issues such as intellectual property rights, labour laws, and environment standards [3].

Between 1992 -2012 there has been an upsurge in bilateral trade agreements being signed in Asia from 25 to 103 and the effect of these FTAs is called the ‘noodle bowl effect’. TPP is seen as framework which will replace these FTAs which are causing the ‘noodle bowl effect’.While these FTAs are being replaced but with TPP being signed there are various bilateral arrangements signed along with TPP. USA has also stated that TPP will not affect the already existing NAFTA [4]. While TPP is being concluded there is another free trade agreement being negotiated between USA and EU , which is Trans Trade and Investment Partnership (TTIP). Both TPP and TTIP and are considered to be serving similar objective which is to deal with new and modern trade issues. Also both the agreements are US led and since negotiation for TPP are now finalised it may have a significant impact on TTIP [5].

TPP is one of the first document which deals specifically with digital economy and applies across borders. The main aims of TPP are to promote free flow of data across borders without data localisation. It aims to remove national clouts and regional internets. It also includes provisions to combat theft of trade secrets. It allows you to create transparent regulatory process with inputs from various stakeholders. It also aims to provide access to tools and procedures for conduct of e-commerce [6].

Some of the major criticism to TPP were regarding the issues related to [7]:

environment, wherein it does not address the issue of climate change and the language used in the agreement is very weak;
labour rights provision mandates parties to adhere to the ILO provision but it does not seem to provide for effective framework and might not bring the desired change;
investment chapter is seen to be controversial because of the investor state dispute settlement clause which will allow foreign investor to sue government over policies that might cause harm to them;
e-commerce and telecommunication chapter raises major privacy concerns;
intellectual property chapter wherein it includes controversial rules regarding pharmaceutical companies and data exclusivity apart from the privacy concerns.

2.2 Digital 2 Dozen (D2D)

D2D is set of rules and aims which is specifically drafted to be followed for the trade agreements related to open internet and digital economy. More specific aims of TPP as provided within the ‘Digital 2 Dozen,’ aiming for more liberalised trade in digital goods and services, are [8]:

promoting free and open internet,
prohibiting digital custom duties,
securing basic non-discrimination principles,
enabling cross-border data flows,
preventing localization barriers,
barring forced technology transfers,
advancing innovative authentication methods,
delivering enforceable consumer protections,
safeguarding network competition,
fostering innovative encryption products, and
building an adaptable framework.

Strategic goal of the US in introducing D2D as goals of TPP has been to set up a trend within Asian region for all the trade agreements. It is expected to ensure that if TPP is a success, similar goals and policy frameworks will be followed for other trade agreements as we. For example, the USA-India partnership also enshrines similar aims and so does the USA-Korea partnership. Hence while India is not part of TPP, USA is nonetheless trying to get India into a partnership which is similar to the TPP. The language proposed by the USA in TPP negotiations has always been supportive for cross border data flows as it claims that companies have mechanism to keep a privacy check and privacy would not be undermined, but countries like New Zealand and Australia which have strong privacy protection laws nationally have raised concerns which will be discussed in further sections [9]. Also not only in privacy rights but Digital Dozen initiative also affects other digital rights related to - excessive copyright terms TPP proposed to extend the term of copyright to hundred years which deprive access to knowledge; as in the U.S motive to give more power to private entities , the ISP obligations enumerated within TPP which puts freedom of expression and privacy at risk as ISPs are allowed to check for copyright infringement and TPP does not put any privacy restriction in this regard; introduction of new fair use rules; ban on circumvention of digital locks or DRMs; no compulsory limitation for persons with disabilities; lack of fair use for journalistic right; while net neutrality is major issue is many developing nations in Asia no effective provision for net neutrality is aimed at in the D2D initiative; prohibits open source mandates which puts barrier for countries which want to release any software as open source as a policy decision [10].

3. Major Issues Related to Data Protection and Privacy in the TPP

3.1. Data Protection

One of the major concern raised against TPP is regarding data protection provisions that have been integrated within the E- Commerce chapter of the agreement. Article 14.11 and Article 14 .13 are the ones that deal with data flow related to consumer information.Article 14.11 in the agreement puts a requirement on the member states to allow transfer of data across border and Article 14.13 does not allow the companies to host data on local servers. Concerns were raised in few member states for instance, Australian Privacy Foundation raised concerns over Article 14.11 which requires transfers to be allowed in context of business activities of service suppliers. It claimed that exception to this provision is very narrow and the repercussion for not following the exception is that investor state dispute settlement proceedings can be initiated, which is not sufficient to protect privacy. Also, it highlighted the issue that with the narrow exception provided under Article 14.13 which relates to prohibition on data localisation, it might have adverse effect on the implementation of national privacy laws within Australia [11].

Another provision which is of major concern is Article 14.13 which prohibit data localisation. It will raise problems for countries like Indonesia and China which will have to change their local laws to implement the provision [12]. Since there already has been a major concern with regard to USA- EU Safe Harbour Agreement which was later made subject to the ECJ’s ruling on data protection, which invalidated any arrangement which provides voluntary enterprises responsibility to enforce privacy. But both the USA and EU are in process of renegotiating the agreement.The major concern was that in EU data protection is a fundamental right while in USA data protection is more consumer centric. When similar concerns were raised in TPP negotiations, they were rebutted as USA claimed that FTA does not concern itself with data protection [13].

In 2012 Australia proposed an alternative language to TPP which allowed countries to place restriction on data flow as long as it was not a barrier to trade. U.S responded to concerns raised by the Australia through a side letter which ensured Australia that U.S and Australia have a mutual understanding in relation to privacy and U.S will ensure the privacy of data with regards to Australia. While Australia’s concern was given acknowledgement other countries which raised similar issues were not given any assurances [14]. US instead proposed ad- hoc strategy that gave private companies power to form privacy policy with implementation through state machinery [15].

3.2. Digital Privacy

Article 14.8 in the E- Commerce chapter of the agreement states that countries can form legal framework for the protection of rights but the kind of ‘legal framework’ is not defined. Also, nowhere it states that the privacy protection or data protection laws are expressly exempted, rather it states that any such policy implemented by member states will be put under review of TPP standards. The standards which TPP proposes to follow are based on the underlying idea that any such policy should not hinder free trade in any way. This test will be applied by tribunals which are experts in trade and investment and not on data protection or human rights [16]. While Article 14.8 provides for protection of private information of consumers but the footnote to the provision renders it ineffective. The footnote states that member countries can adopt legal framework for the protection of data which can be done by self-regulation by industry and does not provide for any comprehensive data protection obligation upon the member states [17]. Similar to this Article 13.4 of the telecommunications chapter under TPP also states that the countries can apply regulation regarding confidentiality of the messages as long as it is not “a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade in services" [18].

Another chapter which raises major concerns about the privacy rights is intellectual property. It affects privacy through the provisions related to technological protective measures and the provision that regulate ISP’s liability. Regarding the TPM provision, the TPP follows the DMCA model whereby the exception to anti- circumvention provision is very narrow and does not apply to anti- trafficking provision. The exception allows user to circumvent TPM if it affect the user's privacy in any way, although this provision does not apply to ant- trafficking of TPM. The provision regarding ISP’s liability states that there should be cooperation between ISPs and rights holders and it does not prohibit ISPs to monitor its users. Also TPP proposes the notice for takedown and identification of the infringer by the ISP but this provision is not in consonance with laws of member states, like that of Peru which does not have any copyright law on ISP . Also many countries have tried to introduce proper privacy laws along with implementation of ISP liability but that is not done within the TPP [19]. TPP as whole aims to give greater power to private regulators without providing for minimum standard for protection of privacy.

Although TPP is not a data protection agreement but it consequently deals with various aspects of data protection, hence it is prospective model for privacy and data protection practices in future trade agreements. If positive obligations are included within the free trade agreements it will have an advancing impact on the data protection regime.

4.Implications of TPP for RCEP

While TPP has such lacunas similar provision are proposed in RCEP to which India is a party and which will have serious implication as many of the countries have inadequate data protection laws nationally and with the introduction of such an FTA the exploitation of privacy rights will be rampant [20]. To avoid this EU directive on data protection should be taken into consideration in the negotiations of such FTAs. But for the RCEP negotiations are still going on and in India many companies like Flipkart, Snapdeal etc. have started preparing for the changing norms. The government claims that it is going to accept best practices in the region which indicates that it is going to have same policies as that of TPP. Although people from industry have raised concerns that while there are national laws but it is difficult to check third party involvement within the business and it is becoming increasingly difficult to keep the consumer data confidential [21].

5. Implications of TPP in the Context of EU Safe-Harbour Judgement

Mr. Maximillian Schrems, an Austrian National residing in Austria, has been a user of the Facebook social network since 2008. Any person residing in EU who wishes to use Facebook is required to conclude, at the time of his registration, a contract with Facebook Ireland (a subsidiary of Facebook Inc. which itself is established in Unites States). Some or all of the personal data of the Facebook Ireland’s users who residing in EU is transferred to servers belonging to Facebook Inc. that are located in United States, where it undergoes processing. On 25 June 2013 Mr Schrems made a complaint to the commissioner by which he in essence asked the latter to exercise his statutory powers by prohibiting Facebook Ireland from transferring his personal data to Unites States, and this led to the Maximillian Schrems v Data Protection Commissioner case [22]. He contended that in his complaint that the law and practice in force in that country did not ensure adequate protection of the personal data held in its territory against the surveillance activities that were engaged in thereby by the public authorities. Mr Schrems referred in this regard to the revelations made by Edward Snowden concerning the activities of the United States intelligence services, in particular those of the NSA.(para 26, 27, 28). The case came in the court ruled that “that a third country which ensures an adequate level of protection, does not prevent a supervisory authority of a Member State, within the meaning of Article 28 of the EU 94/46 directive as amended, from examining the claim of a person concerning the protection of his rights and freedoms in regard to the processing of personal data relating to him which has been transferred from a Member State to that third country when that person contends that the law and practices in force in the third country do not ensure an adequate level of protection. The ruling implies that personal data cannot be transferred to third country which does not provide adequate level of protection.

EU safe harbour judgment and EU directive on privacy provide contrasting rules related to privacy. While TPP gives power to private entities to formulate rules regarding privacy while the recent ECJ judgment invalidated giving such power to private entities under EU-US Safe Harbour Agreement. Also in context of the same judgment Hamburg’s Commissioner for Data Privacy And Freedom of Information announced an investigation into the data transfer taking place through Facebook and Google to U.S. Hence in the light of the recent judgment member states within EU are not allowed to permit cross border data flow, in contrast to this one of the main goals of TPP is to maintain free flow of data across border [23]. EU is this regard has also set forth the proposal to introduce General Data Protection Regulation. (GDPR). Although U.S and EU are trying to renegotiate the agreement but the privacy concerns raised cannot be ignored. Hence following the same model as was invalidate under the ECJ judgment lets US exploit privacy of member states under TPP. Similar concerns as raised within the judgment are also raised in India as it also following the same model within U.S-India Cyber Relationship Agreement and in RCEP negotiations.

6. Implications of TPP in the context of USA-India Cyber Relationship

While India is not part of TPP but it might have an effect on the U.S India Cyber Relationship Agreement. In August 2015 there was re- initiation of the India-U.S cyber dialogue to address common concerns related to cybersecurity and to develop better partnerships between public and private sector for betterment of digital economy [24]. One of the key aim of this agreement is free flow of information between two nations, which suffers from similar problem that it will put privacy of the citizens at risk. Also India does not have any bilateral treaty which ensures cyber data protection in such a scenario the only solution is data localisation, but this agreement will put data at risk [25]. Hence while the TPP negotiations were going on and also RCEP is being discussed the concerns about privacy and data protection need to be raised as mention in earlier section regarding implications of TPP on RCEP, the USA-India Cyber Relationship also faces the same implications..Although the aim of USA-India Cyber Relationship is to ensure cybersecurity. After the cases of Muzaffarnagar riots, upheaval in North -Eastern states and Gujarat riots, India has realised it is important to ensure compliance from the social media companies. India sees the USA-India Cyber Relationship as an opportunity to achieve this goal. The Google Transparency Report states that that India made around three thousand requests to Google for user data [26], which indicate at the country's interest in having a common data understanding with the major social media companies (almost all of which are located in USA) about requesting and sharing of user activity data. While this concern is being addressed through the agreement, it is difficult to ignore the clause related to free flow of information, and if the meaning of the term is extended and adopted from TPP itself will put digital privacy of Indian citizens at risk [27].

7. Conclusion

Even though TPP negotiation are completed but the ratification of the agreement is still underway. TPP is being seen as one of a kind trade agreement because it is the first time that countries across the globe have come together as a whole to address concerns of modern trade. Although it fails to address some of the key concerns related to privacy and data protection which are becoming increasingly important. Data protection and privacy issues cannot be seen in isolation and needs to merged within the modern day trade agreements. The D2D component by the USA is strategic move to have trade dominance in Asia and to compete with China’s growth . TPP has privacy and data protection lacunae within the e- commerce , telecommunications and intellectual property discussion.Although it might have serious implications on RCEP negotiation and USA- India Cyber Relationship Dialogue. Similar concern regarding data protection has already been addressed by ECJ judgment invalidating USA-EU Safe Harbour Agreement but the similar ad - hoc strategy has been incorporated within TPP. Since TPP might be considered as best practice model for future FTAs in the Asian region it is important to raise and address these privacy concerns now.

8. Endnotes

[1] The signatory countries include Australia, Canada, Japan, Malaysia, Mexico, Peru, United States of America, Vietnam, Chile, Brunei, Singapore, New Zealand. "The Trans-Pacific Partnership," http://www.ustr.gov/tpp (last visited Jul 7, 2016).

[2] "The Origins and Evolution of the Trans-Pacific Partnership (TPP)," Global Research, http://www.globalresearch.ca/the-origins-and-evolution-of-the-trans-pacific-partnership-tpp/5357495 (last visited Jul 7, 2016).

[3] Fergusson, Ian F., Mark A. McMinimy & Brock R. Williams, "The Trans-Pacific Partnership (TPP): In Brief," (2015), http://digitalcommons.ilr.cornell.edu/key_workplace/1477/ (last visited Jul 1, 2016).

[4] Gajdos, Lukas, The Trans-Pacific Partnership and its impact on EU trade, Policy Department, Directorate-General for External Policies, Policy Briefing (2013), http://www.europarl.europa.eu/RegData/etudes/briefing_note/join/2013/491479/EXPO-INTA_SP(2013)491479_EN.pdf.

[5] Twining, Daniel, Hans Kundnani & Peter Sparding, Trans-Pacific Partnership: geopolitical implications for EU-US relations, Policy Department, Directorate-General for External Policies, June 24 (2016), http://www.europarl.europa.eu/RegData/etudes/STUD/2016/535008/EXPO_STU(2016)535008_EN.pdf.

[6] USTR, "Remarks by Deputy U.S. Trade Representative Robert Holleyman to the New Democrat Network," https://ustr.gov/about-us/policy-offices/press-office/speechestranscripts/2015/may/remarks-deputy-us-trade (last visited Jul 4, 2016).

[7] Murphy, Katharine, "Trans-Pacific Partnership: four key issues to watch out for," The Guardian, November 6, 2015, https://www.theguardian.com/business/2015/nov/06/trans-pacific-partnership-four-key-issues-to-watch-out-for (last visited Jul 7, 2016).

[8] USTR, "The Digital 2 Dozen" (2016), https://ustr.gov/sites/default/files/Digital-2-Dozen-Final.pdf (last visited Jul 1, 2016).

[9] Fergusson, Ian F.m Mark A. McMinimy & Brock R. Williams, "The Trans-Pacific Partnership (TPP) negotiations and issues for congress," (2015), http://digitalcommons.ilr.cornell.edu/key_workplace/1412/ (last visited Jul 8, 2016).

[10] "How the TPP Will Affect You and Your Digital Rights," Electronic Frontier Foundation (2015), https://www.eff.org/deeplinks/2015/12/how-tpp-will-affect-you-and-your-digital-rights (last visited Jul 7, 2016).

[11] Australian Privacy Foundation (APF), Trans Pacific Partnership Agreement (2016), https://www.privacy.org.au/Papers/Parlt-TPP-160310.pdf.

[12] Greenleaf, Graham, "The TPP & Other Free Trade Agreements: Faustian Bargains for Privacy?," SSRN (2016), http://papers.ssrn.com/sol3/Papers.cfm?abstract_id=2732386 (last visited Jul 1, 2016).

[13] "GED-Project: Transatlantic Data Flows and Data Protection," GED Blog (2015), https://ged-project.de/topics/competitiveness/transatlantic-data-flows-and-data-protection-the-state-of-the-debate/ (last visited Jul 1, 2016).

[14] Geist, Michael, "The Trouble with the TPP, Day 14: No U.S. Assurances for Canada on Privacy," (2016), http://www.michaelgeist.ca/2016/01/the-trouble-with-the-tpp-day-14-no-u-s-assurances-for-canada-on-privacy/ (last visited Jul 4, 2016).

[15] Aaronson, Susan Ariel, "What does TPP mean for the Open Internet?" From Policy Brief on Trade Agreements and Internet Governance Prepared for the Global Commission on Internet Governance (2015), https://www.gwu.edu/~iiep/events/DigitalTrade2016/TPPPolicyBrief.pdf (last visited Jul 5, 2016).

[16] Lomas, Natasha, "TPP Trade Agreement Slammed For Eroding Online Rights," TechCrunch, http://social.techcrunch.com/2015/11/05/tpp-vs-privacy/ (last visited Jun 30, 2016).

[17] "Q&A: The Trans-Pacific Partnership," Human Rights Watch (2016), https://www.hrw.org/news/2016/01/12/qa-trans-pacific-partnership (last visited Jul 1, 2016).

[18] "TPP Full Text Released," People Over Politics (2015), http://peopleoverpolitics.org/2015/11/07/tpp-just-as-bad-as-you-thought/ (last visited Jul 7, 2016).

[19] "Right to Privacy in Trans-Pacific Partnership (TPP ) Negotiations," Knowledge Ecology International, http://keionline.org/node/1164 (last visited Jul 1, 2016).

[20] Asian Trade Centre, "E-Commerce and Digital Trade Proposals for RCEP (2016)," http://static1.squarespace.com/static/5393d501e4b0643446abd228/t/575a654c86db438e86009fa1/1465541967821/RCEP+E-commerce+June+2016.pdf (last visited Jul 1, 2016).

[21] "E-commerce companies like Flipkart, Snapdeal to beef up data security to meet RCEP norms," The Economic Times, http://economictimes.indiatimes.com//articleshow/49068419.cms (last visited Jul 1, 2016).

[22] ECLI:EU:C:2015:650 (C -362/14)

[23] King et al., "Privacy law, cross-border data flows, and the Trans Pacific Partnership Agreement: what counsel need to know," Lexology, http://www.lexology.com/library/detail.aspx?g=b5c0b400-8161-4439-a4b7-131552ad5209 (last visited Jul 4, 2016).

[24] "U.S.-India Business Council Applauds Resumption of Cybersecurity Dialogue," U.S.-India Business Council (2015), http://www.usibc.com/press-release/us-india-business-council-applauds-resumption-cybersecurity-dialogue (last visited Jul 5, 2016).

[25] Sukumar, Arun Mohan, "India Is Coming up Against the Limits of Its Strategic Partnership With the United States," The Wire (2016), http://thewire.in/40403/india-is-coming-up-against-the-limits-of-its-strategic-partnership-with-the-united-states/ (last visited Jul 4, 2016).

[26] Countries – Google Transparency Report, https://www.google.com/transparencyreport/userdatarequests/countries/ (last visited Jul 8, 2016).

[27] Sukumar, Arun Mohan, "A case for the Net’s Ctrl+Alt+Del," The Hindu, September 5, 2015, http://www.thehindu.com/opinion/op-ed/a-case-for-the-nets-ctrlaltdel/article7616355.ece (last visited Jul 5, 2016).

9. Author Profile

Shubhangi Heda is a Student of Jindal Global Law School, O.P Jindal Global University. She has completed her fourth year. She gives due importance to popular culture in her life and loves to read fiction and like to watch TV-shows, her favorite being 'White Collar'.

For more details visit https://cis-india.org/internet-governance/blog/tpp-and-d2-implications-for-data-protection-and-digital-privacy

Training programme for Chairs, Convenor and Experts for International Standardization Work

praskrishna — 2017-01-20T17:06:09Z

Udbhav Tiwari attended this programme organized by National Institute of Training for Standardization, under the Bureau of India Standards on the 19 and 20 of January, 2017 in Nodia, New Delhi.

Udbhav was invited due to CIS's membership at the LITD 17 at BIS and WG5 under ISO JTC 1 SC 27. For full schedule of the training programme click here.

For more details visit https://cis-india.org/internet-governance/news/training-programme-for-chairs-convenor-and-experts-for-international-standardization-work

Training for Internet Governance Activists

praskrishna — 2014-11-07T00:38:55Z

Geetha Hariharan attended a training session for Internet rights activists in Cambridge, organised by Global Partners Digital, UK on September 23 and 24, 2014.

Day 1. Final session was on privacy, surveillance and data protection by Mike Rispoli and Alexandrine Pirlot de Corbion from PI. Got caught up in the discussion, so no notes from that. Of interest is session on communication by Mike - a nine-step process he's outlined (in bold at the very end), and the problem tree and stakeholder mapping approach that Alex spoke of.

Day 2. Great session on the ITU and on lobbying by lobbyist Matthew McDermott of Access Partners. The ITU is a complex beast with activity at multiple levels and different levels of effectiveness at different levels. From conversations, I gathered that any effective strategy for any policy change in Internet governance at the ITU will involve lobbying national governments, and then at sub-regional, regional and global levels.

Day 3. Tim Maurer's session on cyber security. Issues of terminology and politicisation discussed. Also info on in what forums cyber security debate is taking place. The Netherlands is hosting the Global Conference on Cyber Space in April 2015.

Resources

Unedited notes from the meeting can be downloaded here (Zip File, 739 Kb)

For more details visit https://cis-india.org/internet-governance/news/training-for-internet-governance-activists

Trail of the Trolls

praskrishna — 2012-01-04T07:55:05Z

Bullying and abuse on the Internet is on the rise. Smitha Verma finds out why most offenders are going scot-free in this article published in the Telegraph on 4 January 2012.

When Shahana Nair Joshi, a young professional from Delhi, wrote a blog post titled ‘An Open Letter to a Delhi Boy’ last year, she was not prepared for the repercussions that followed. The post went viral overnight and received as many as 7,000 comments. Her blog post, which was a rant against the stereotypical Delhi man, became a topic of discussion on social networking sites, inviting with it a flurry of praise. But the fan following also brought with it an equal number of trolls (those who post inflammatory messages in an online community).

“Soon sexual insults, derogatory messages and inflammatory content became the norm,” says Joshi. “Then I started moderating the comments on my blog and went on to block trolls on Twitter,” says Joshi whose Twitter follower list jumped from 100 to 1,000 within a week. “One person even went to the extent of issuing a death threat to me over the phone,” she adds. “I decided to ignore the trolls as that is the best possible solution.”

Cases similar to Joshi’s are on the rise in cyber world. At a time when social networking sites are being asked to monitor and censor their content, bullying on the Internet is at an all time high. Trolls hide behind the anonymity that a social networking site provides to post derogatory comments and obscene remarks.

According to Supreme Court lawyer Pavan Duggal, harassment on social networking sites is emerging as one of the biggest problems in the online world. “Six out of 10 people aren’t aware of what constitutes a cyber crime. As a result they aren’t reported. Neither the victims nor the abusers know what is an offence,” says Duggal.

But even if a case of bullying on the Internet is reported, the law is somewhat fuzzy when it comes to bringing the offender to book. In India, social media come under a variety of civil and criminal laws. The Information Technology Act, 2000, tackles most cases related to cyber crimes. “However, we take recourse to not just the IT Act, 2000, and its amendments thereunder, but also to other legislation, such as the Indian Penal Code (IPC), the Trade Marks Act, the Copyright Act, etc., to tackle cyber crimes in India,” says Gurpreet Singh, Internet law head, Amarjit & Associates, Delhi.

Bullying on the Internet consists of abuses that may have emotional and physical repercussions. “Trolling provokes a non-productive argument and as of now it is not considered a criminal offence anywhere in the world,” says Sunil Abraham, executive director, Centre for Internet and Society, Bangalore. However, most Internet users point out that trolling is out and out harassment that often verges on sexual harassment as well.

“I am routinely harassed by trolls. Even if I block them, they create a new twitter handle, start following me and post abusive comments,” says Joy Das, an advertising professional from Mumbai. His strong stand on several issues makes him a favourite among the trolls. Once Das had gone to the extent of filing a case and shared the details of the troll with the cyber crime cell department of the state police. He withdrew the case when the abuser retreated.

One of the main problems in taking action against a troll is that no legal definition of bullying is provided in Indian laws. As Karnika Seth, a Delhi-based cyber law expert, points out, “Even though the laws are in place, there is a clear lack of definition of offensive terms.”

Still, the laws do provide some relief in cases of harassment by Internet trolls. Usually, Section 509 of the IPC comes into effect when there is an intention to insult the modesty of a woman. “The offence also extends to an online medium,” says Singh of Amarjeet & Associates. “Besides Section 509, various other sections such as Section 503 and Section 504 of the IPC can also be invoked based upon the particular facts of a case,” adds Singh.

The networking sites on their part aren’t proactive when it comes to keeping a check on trolls. Twitter maintains that it is a communications platform, not a content mediator. “Removal of content does not in and of itself resolve the issue that led to the content being posted in the first place,” blogs the head of Twitter’s safety centre.

If you want to know the IP address and other details about the bully, you will have to file a police complaint and the copy should be sent to Twitter, informs Nabeel Ziyaan, a Bangalore-based entrepreneur and a contributor to Twitter’s ‘#140help’ section which deals with user queries. “In such cases, Twitter will work with the law enforcement agency,” says Ziyaan.

An accused can be booked for mental cruelty and sexual harassment under the provisions of the IPC as well as under Sections 67(a) & 67(b) of the IT Amendment Act, 2008, depending upon the facts and circumstances of the case. Section 66(a) lays down, for example, that any person who sends, by means of a computer resource or a communication device, any information that is grossly offensive or has menacing character or any information which he knows to be false, but for the purpose of causing annoyance, shall be punishable with imprisonment for a term which may extend to three years or with a fine which may extend to Rs 5 lakh or with both.

According to Section 67(a), whoever publishes or transmits in the electronic form any material which contains a sexually explicit act or conduct shall be punished with up to five years’ imprisonment and with a fine which may extend to Rs 10 lakh. And Section 67(b) hands out punishment for publishing or transmitting material depicting children in a sexually explicit act in an electronic form.

But law enforcement agencies are not always able to work out a way to track the trolls. “IP addresses can be spoofed using different software. In fact, innocent people can get punished if a troll hides under a proxy server,” says Seth.

Experts say that cyber laws need clarification and appropriate interpretation. The public should also be made aware of what constitutes a cyber offence. Until that happens, the trolls will, in all probability, trawl the Internet and maul Netizens at will.

Trail of the Trolls was published in the Telegraph on 4 January 2012

For more details visit https://cis-india.org/news/trail-of-trolls

TRAI urged to take action against P2P throttling and DNS hijacking

Anand Priya Singh — 2012-03-27T06:07:30Z

On 4 November 2010, Anand had sent a complaint letter to the Telecom Regulatory Authority of India (TRAI) regarding unethical practices adopted by Internet Service Providers (ISPs), particularly Airtel. The letter was sent by post and through an e-mail. It was addressed to the Advisor, CN & IT, TRAI. Anand got no help from the ISP and the reply from TRAI (No. 340-1\2010-CA/VOLv) stated that he contact the nodal officer. We have reproduced below the complaint letter that Anand sent to TRAI.

The Advisor,
CN & IT, TRAI
New Delhi

Respected Sir,

I wanted to bring to your notice some unethical marketing practices being adopted by Airtel in their broadband market.

ISPs in India, especially Airtel and Tata have recently started to use Domain Name System (DNS) hijacking where they redirect a misspelled or a non-existent website to their own site — where they serve advertisements to make money and these get redirected to Airtel or Tata whenever you connect to the Internet. The reply from the Internet Corporation for Assigned Names and Numbers (ICANN) was: "DNS hijacking practice violates the RFC standard for DNS (NXDOMAIN) responses, and can potentially open users to cross-scripting attacks. According to ICANN, the international body responsible for administering top level domain names has published a memorandum highlighting its concerns, affirming that ICANN strongly discourages the use of DNS redirection, wildcards, synthesized responses and any other form of NXDOMAIN substitution in existing Generic Top Level Domains (GTLDs), Country-Code Top Level Domains (CCTLDs) and any other level in the DNS tree for registry-class domain names." See for example, http://goo.gl/lZ2r6 or http://goo.gl/fDLNC

Our ISPs are violating international regulations and exposing the customer to phishing and hacking. Here are their rules: RFC 2308 - Negative Caching of DNS Queries (DNS NCACHE) (rfc2308). See http://goo.gl/QrKLs

I hope TRAI fines Airtel for their unethical practices. Now even toll free customer complaint numbers are no longer toll free. They charge 50 paise per call.

One of the most dangerous things that Airtel and Tata have done is to secretly throttle internet traffic particularly of peer-to-peer (P2P) protocol and not telling the customers, thereby violating the Consumer Protection Act, 1986. In October 2010, Airtel and Tata began using Elitecore's networking bandwidth tool NetVertex to throttle net traffic.

This violates net neutrality principle and could make the internet a cable television system where for different protocols different tariffs would be charged. Please watch this clip on net neutrality.

Since January 2011 Airtel is throttling P2P speeds to 256k from 10 a.m. to 11 p.m. If a user has 1\2\4 mbps connection, his\her speeds are being throttled to 256 k. The only legal proof that customers have is the results from this site which tells if your connection is being throttled for specific protocols (for example, http, ftp, torrent, video streaming, email, etc) known as glasnost test.

This forum has many Airtel users complaining about this. For example: http://goo.gl/Utd72, http://goo.gl/uLZdg, http://goo.gl/bfgaE and http://goo.gl/S7lIQ

Sir P2P is controversial as it used to download copyright works but P2P is also used for legitimate files like Linux OS or Legit P2P streaming. Some torrent sites only provide legit torrents, for example,mininova.

In 2006 TRAI had a consultation paper on network neutrality para 3.6.2. In the reply, organisations like Google, Skype and Microsoft recommended that network neutrality be made a law. See the Google letter for network neutrality of August 2010.

In 2011 the TRAI-NGN said that they have not found any ISP violating this but I have been writing to TRAI since October 2010 to warn them about the impending 2 tier internet which is coming to India, page 91.

Like the Federal Communications Commission (FCC) which fined Comcast ISP in USA $ 16 million for secretly blocking P2P, TRAI should at least codify network neutrality as a simple sentence stating "All internet traffic irrespective of protocols and carrier shall be treated as neutral" and fine Airtel via Telecom Disputes Settlement Appellate Tribunal for violating Consumer Protection Act, 1986.

FCC passed diluted rules and TRAI should not copy FCC. I hope TRAI takes action against illegal secret P2P throttling and DNS hijacking.

Yours respectfully,

Anand

For more details visit https://cis-india.org/internet-governance/p2p-throttling-and-dns-hijacking

Trai upholds Net Neutrality in setback to Facebook’s Free Basics

praskrishna — 2016-02-15T02:01:37Z

Trai says Internet service providers will not be allowed to discriminate on pricing of data access for different web services.

The article by Moulishree Srivastava and Shauvik Ghosh was published in Livemint on February 9, 2016. Sunil Abraham was quoted.

India’s telecom regulator has barred Internet service providers from offering customers preferential tariffs to access certain content over concerns that it will violate Net neutrality norms, dealing a blow to Facebook Inc.’s free data service plan.

Internet service providers, including telecom operators, are prohibited from offering discriminatory tariffs for data services based on content, the Telecom Regulatory Authority of India (Trai) said on Monday. Service providers that violate these rules will be fined Rs.50,000 per day to a maximum of Rs.50 lakh. Trai said it may review the rules after two years.

The decision ends a long battle between Facebook and the country’s telecom operators, including Bharti Airtel Ltd, on one side and Net neutrality activists on the other. Facebook had launched an intense lobbying effort that included full-page advertisements in newspapers and an Internet campaign to assure people that its Free Basics plan, which allows access to its social network and some other websites without a data plan, would benefit millions of poor Indians.

“BJP wholeheartedly welcomes the Trai decision on differential pricing. The decision is a clear expression of popular will,” said telecom minister Ravi Shankar Prasad on Monday. “The government made sure proper processes were followed at all levels which eventually led to the victory of an open and equal Internet... It is gladdening to see that the NDA government ensured unparalleled transparency in the entire issue of net neutrality,” he added.

Net neutrality requires Internet service providers not to discriminate on online data by user, content, site, platform, application, mode of communication or price.

“The net neutrality activists... have got exactly what they wanted—the complete prohibition of the differential pricing,” said Sunil Abraham, executive director of the Bengaluru-based research organization Centre for Internet and Society. “Before Facebook started with its aggressive and outrageous campaign to promote Free Basics, the Net neutrality debate was a peaceful discussion. The way it has behaved must have led the regulator to lose trust that big companies can self-regulate.”

It, however, remains to be seen whether telcos challenge the regulation in court, he added.

“This has been a litigious issue and a lot of money is at stake so quite likely, I think, they will go to court,” said Apar Gupta, a lawyer and part of Save The Internet campaign.

The basic rationale behind the regulation is that the network that carries the data should be agnostic to data packets, R.S. Sharma, chairman of Trai, told reporters.

“Anything on the Internet cannot be priced discriminately based on source, destination, content and applications,” he said.

A spokesperson for Facebook said the company will carefully study what the regulator has said and comment accordingly.

Bharti Airtel and Reliance Communications Ltd (Facebook partnered with R-Com in India) declined to comment.

Differential pricing based on the network speed, Sharma said, is a larger issue and so is Net neutrality.

“We have used the term discriminatory pricing in place of differential pricing, because differential pricing in the consultation paper had a particular context. Differential word was quite contextual in the regulation, but it was misunderstood in a very larger context. Therefore, to differentiate, we are calling it discriminatory,” he said.

However, Sharma said that the Net neutrality debate is not over.

“Net neutrality is a larger question, and we have not gone into that question, though, I must admit, differential pricing is looking at Net neutrality from a tariff perspective. Net neutrality has a number of other components which is fast lane, throttling and differentially treating the packet in terms of speed etc. So this is not a part of this regulation,” Sharma said.

Amresh Nandan, research director at Gartner in India, said the Trai order favouring Net neutrality is in line with rules in the US. “The European Union has also ruled in favour of treating all Internet traffic equally,” Nandan said.

Nandan said the proponents of Net neutrality all over the world have been highlighting the importance of democratic values of the Internet and even a marginal attempt to curb it can possibly trigger all kinds of differentiation.

All the major telcos in India have, however, been lobbying the regulator to allow differential-pricing plans for data services. The telcos said such tariffs will increase Internet penetration in the country, benefiting consumers in the long run. They further argued that the existing legal framework is sufficient for regulating and monitoring differential pricing measures provided by the service providers and that Trai can deal with any issue regarding anti-competitive practices on a case-by-case basis as and when they arise.

Activists say such a practice will undermine competition and create monopolies. Differential pricing, they said, will allow big companies to buy favoured treatment from carriers.

Telecom operators said they were disappointed with the ruling. “Differential pricing could be useful in connecting the unconnected in India. This is an upfront disbarment,” said Rajan Mathews, director general of the Cellular Operators Association of India, the lobby group that represent some of the major telcos. “We believe that it was an appropriate tool to allow consumers who have never been on the Internet, to enjoy getting accustomed to it without getting sticker shock.”

Hemant Joshi, a partner at Deloitte Haskins and Sells Llp, said differential pricing was a well-accepted principle across industries.

“The concept inherently recognizes the economic principle of paying differently for different levels of service and experience. In telecom, there are virtual highways that need to follow the same principle. More awareness and education is needed around the economics of differential pricing and its long-term implications on the Industry and the consumer,” he added.

Trai, which put up the consultation paper on differential pricing on 9 December, asked four specific questions, broadly on whether telecom operators should be allowed to offer different services at different price points and models that can be implemented to achieve this.

Trai extended the deadline for comments and counter-comments on its consultation paper to 7 January and 14 January from 31 December and 7 January, respectively. For the consultation process, Trai said that majority of the individual comments received did not address the specific questions that were raised in the consultation paper.

P.R. Sanjai and Ashish K. Mishra in Mumbai contributed to this story.

For more details visit https://cis-india.org/internet-governance/news/livemint-february-9-2016-shauvik-ghosh-moulishree-srivastava-trai-upholds-net-neutrality-in-setback-to-facebooks-free-basics

TRAI recommendations on data privacy raises eyebrows

Admin — 2018-07-19T13:33:44Z

The telecom regulator’s recommendations on data privacy have raised eyebrows over jurisdiction and timing, with IT ministry officials as well as companies questioning the need for it at a time when the government appointed Justice BN Srikrishna committee is in the final stages of drafting the data protection law.

The article by Surabhi Agarwal and Gulveen Aulakh was published in Economic Times on July 18, 2018. Swaraj Paul Barooah was quoted.

Telecom Regulatory Authority of India (TRAI) Chairman RS Sharma though countered that the sectoral watchdog has the jurisdiction to protect consumer interest in the sector, and those who feed off the industry - content providers, or apps, browsers, operating systems, and devices - need to be accountable as far as data protection is concerned.

TRAI Monday released its recommendations on the subject titled ‘Privacy, Security and Ownership of Data in the Telecom Sector’ which are applicable for apps, browsers, operating systems and handset makers.

An official of the Ministry of electronics and IT, which is tasked with drafting the data protection law, said that the Act will “prevail” over everything else. “Like any other sector, the data protection Act will be the final thing. In respect of telecom matters, there will be a role for TRAI as sectoral regulator but the basics of privacy will be governed by the data protection Act.”

The official also added that TRAI saying that their recommendations will be applicable till the data protection law comes into force "doesn't make sense since it won't have a legal mandate."

Industry bodies such as Internet and Mobile Association of India (IAMAI) and the Indian Cellular Association (ICA) have also criticised TRAI, saying the recommendations were “illegal” and akin to “jumping the gun” ahead of the release of the Srikrishna committee report.

Some of the clauses such as no use of metadata to identify individuals coupled with data minimisation will be detrimental to building the data business in the country, they said.

But Sharma was argued Trai was well within its rights to protect telecom consumers.

"Do I not have the jurisdiction to protect the interest of consumers in the telecom sector? I have that. And data protection of consumers in the telecom sector is an issue which is certainly related to the interest of consumers. I have deliberated on that issue, and I’m not saying that bring all those entities under my jurisdiction,” Sharma said.

He added that there is a regulatory imbalance because entities such as devices, OS, browsers and apps are not following any law. “So, the government can come up with a broad framework but till that time let the telecom rules apply on them too."

In its recommendations, TRAI said that individual users owned their data, or personal information, and entities such as devices were "mere custodians” and do not have primary rights over that information. It also said that the current framework for protection of personal information is “not sufficient” and suggested expanding the ambit of licence conditions governing telcos to all entities handling customer information.

In its statement, IAMAI, which represents companies such as Facebook and Google, called TRAI’s assertion that the existing framework is not sufficient to protect telecom consumers “contradictory.”

“The TRAI recommendations on privacy are premised on a voice and SMS regime. It is not meant for data driven business, which the app companies are. App companies use pseudo anonymous data and app companies do not give Call Detail Records. Incidentally, the Sri Krishna Committee under the Ministry of IT, which is the nodal body for apps as well as for handset manufacturers, is deeply, looking into this issue of consent, which is a fair thing to do.”

Voicing similar concerns, the ICA, which represents most of India’s top handset makers, said that the telecom watchdog has absolutely no powers to begin regulating on issues of privacy and ownership of data, leave alone having jurisdiction over devices, operating systems, browsers and applications.

“The industry rejects TRAI's attempts to expand its powers and usurp government's jurisdiction.” It added that TRAI “jumped the gun” by seeking to regulate the digital ecosystem without waiting for the data protection law under consideration by the Justice Srikrishna Committee. “This piecemeal approach is dangerous and unproductive.”

Handset makers such as Intex and Karbonn added they should be kept out of the ambit of the proposed regulations because they don't use customer data or monetise from it, which is mostly what apps do. Any additional pressure on indirect costs will lead to wafer-thin margins getting eroded further and consumers will have to bear the brunt, as it will lead to increase in prices of mobile phones.

Trai’s recommendations have been sent to the Department of Telecommunications (DoT) which has to take a final call on whether they will be adopted.

An official spokesperson for Zomato said that they have not been contacted by any of the regulatory bodies on this, as of now. “Our country is still undergoing the process of setting up a regulatory framework, and what happens between the TRAI recommendations and the B N Srikrishna's committee's draft for Data Protection bill will eventually help set up a much required benchmark.

In its suggestions, Trai said that as with telcos, all user data flows through smart devices, putting the device manufacturers, browsers, operating systems, and applications etc. in a prime position to collect and process the personal information of users. Since all user data passes through telcos and devices, appropriate steps must be taken to protect user privacy vis-a-vis these entities. “This will ensure, in prevailing circumstances, that the privacy of users is protected and maintained”.

Swaraj Paul Barooah, policy director at Center for Internet and Society, said that the recommendations is worrying at one level since “There is nothing in the telecom sector that requires interim urgent intervention and it may mean that the privacy framework maybe further delayed.”

For more details visit https://cis-india.org/internet-governance/news/economic-times-july-18-2018-surabhi-agarwal-and-gulveen-aulakh-trai-recommendations-on-data-privacy-raises-eyebrows

TRAI Consultation on Differential Pricing for Data Services - Post-Open House Discussion Submission

sumandro — 2016-03-30T13:13:30Z

The Centre for Internet and Society sent this submission to the Telecom Regulatory Authority of India (TRAI) following the Open House Discussion on Differential Pricing of Data Services, held in Delhi on February 21, 2016.

Download the submission document: PDF.

Post-Open House Discussion Submission to TRAI

Dear Ms. Kotwal,

This is to heartily congratulate TRAI once again for taking several steps, including the Open House Discussion, to ensure that various opinions about the topic of ‘differential pricing for data services’ are presented and are responded to - and are all in full public view.

This brief note is to a) add to the positions and arguments submitted previously by the Centre for Internet and Society (CIS), India, b) put in writing our comments during the Open House Discussion (January 21, 2016), and c) respond to other comments shared at the same event. We have six points to share in this note:

Forbearance is not an option: We are of the opinion that though the data services market has thus far been kept un-monitored and unregulated, and there are several reasons why this situation should not continue any more. Although the reality of differential pricing (that is data packets originating from different sources being priced differently by ISPs) was highlighted with the recent offering of zero rated packs, it is a general practice in the sector, as illustrated by widely available special/curated content packs for the user to consume data from a specified web-based source. It is not surprising that most such special/curated content packs involve an arrangement between the ISP and a prominent leader in the web-content/platform sector, such as Facebook and Twitter. Serious market distorting impacts of such arrangements are imminent if they are allowed to continue without any monitoring, enforced public disclosure, and regulatory actions by a public authority.
Address differential treatment of data, and not only differential pricing: Pricing is only of the three ways in which data services can be treated differently by the ISPs depending upon the source of the data packets concerned. The other two ways are: a) differential speed, or throttling of some data packets and prioritisation of the others, and b) differential treatment of data protocols, for example, the blocking of peer-to-peer or voice-over-IP traffic by an ISP. If the public authority decides to only regulate differential pricing of data service, it is highly probable that ISPs may shift to other forms of discrimination between data packets - either in terms of prioritising some data packets over others based upon their origin, or blocking of specific protocols such as voice-over-IP to prevent the functioning of certain web-based services - and continue the market distorting impacts through these other means.
Allow and define reasonable network management practices: Reasonable network management has to be allowed to enable the ISPs to manage performance on their network. However, ISPs may not indulge in acts that are harmful to users in the name of reasonable network management. Below is a set of potential guidelines to identify cases when discrimination against classes of data traffic in the name of reasonable network management can be considered justified and permissible:
- there is an intelligible differentia between the classes which are to be treated differently,
- there is a rational nexus between the differential treatment and the aim of such differentiation,
- the aim sought to be furthered is legitimate, and is related to the security, stability, or efficient functioning of the network, or is a technical limitation outside the control of the ISP, and
- the network management practice is the least harmful technical means that is reasonably available to achieve the aim.
Establish an effective enforcement mechanism: TRAI must establish an enforcement mechanism that is open to users [and groups of users] and private sector actors as current forums are insufficient. Clear and simple rules must be established ex-ante, if they are violated - ex-post regulation must be undertaken on the basis of principles listed in the TRAI consultation paper, that is “non-discrimination, transparency, affordable internet access, competition and market entry, and innovation” [1]
Take regulatory decisions now, but also conduct and commission further research to review and refine the decisions over a defined period of time
Need for better collection and proactive disclosure of statistics: TRAI publishes quarterly performance indicators statistics collected from the telecom companies about telephone, mobile, and internet sectors in India [2]. It will be very useful for researchers and analysts, and allow for a much more informed public debate on the matter, if the content and form of such data are improved in the following ways:

Content:
- Please start collection (unless already done) and publication of not only data of average incoming and outgoing MOUs, average of total outgoing SMSs, Average Revenue Per User, and average data usage per GSM and CDMA subscriber, but distributions of the same in terms of user deciles (that is in terms of representative figures for each 10% section of users in ascending order of usage),
- Provide granular data about data usage across service areas and service providers (the numbers on ‘average data usage’ and total ‘revenue from data usage’ provided at present are very insufficient for the state of public debate),
- Provide data about internet subscriber base according to network technologies (for both wired and wireless) and the service providers concerned,
- Provide data about IP-based telephony across service areas and service providers,
- Provide data separately for the North Eastern states, and
- Provide granular data (separated from the corresponding state data) for all tier-1 cities.
Form:
- Please do not publish the data only as part of the quarterly reports available in PDF format, but also as independent machine-readable spreadsheet file (preferably in CSV format),
- Do not only publish quarterly data in separate files, but also provide a combined (all quarters together) dataset that would make it much easier for researchers and analysts to use the data,
- In some exceptional cases, the data is not provided in the report directly but a diagram containing the data is published [3], which should be kindly avoided, and
- Please publish these statistics as open data, that is in open standards and under open licenses.

Further, we request TRAI to explore possibilities of distributed sourcing of data, perhaps from the users themselves, about the actual network usage experiences, including but not limited to signal strength, data transfer speed (incoming and outgoing), frequency of switches between mobile (GSM and CDMA) and wi-fi connectivity, etc.

References

[1]. http://trai.gov.in/WriteReaddata/ConsultationPaper/Document/CP-Differential-Pricing-09122015.pdf.

[2]. http://www.trai.gov.in/Content/PerformanceIndicatorsReports/1_1_PerformanceIndicatorsReports.aspx.

[3]. http://www.trai.gov.in/WriteReadData/PIRReport/Documents/Performance_Indicator_Report_Jun_2015.pdf , sections 1.43 and 1.44 (pp. 31-32).

For more details visit https://cis-india.org/telecom/blog/trai-consultation-on-differential-pricing-for-data-services