We are anonymous, we are legion

Transference: Reimagining Data Systems: Beyond the Gender Binary

torsha — 2021-12-15T12:58:31Z

The Centre for Internet and Society (CIS) invites you to participate in a day-long convening on the rights of transgender persons, specifically right to privacy and digital rights. Through this convening, we hope to highlight the concerns of transgender persons in accessing digital data systems and the privacy challenges faced by the community. These challenges include access to their rights — their right to self-identify their gender and welfare services offered by the State and the privacy challenges faced by transgender and intersex persons in revealing their identity.

As the meaning of the word ‘Transference’ goes, through this convening, as a learning, we hope to capture and transfer the realities of transgender persons with engaging and being a part of digital data systems in India. Given the rapid digitisation of different public and private data systems in India, we hope to initiate a conversation that understands their struggles and challenges to realistically initiate the re-imagination of data systems — digital and otherwise — one that is mindful about their everyday struggles with privacy and access.

Owing to the history of systemic exclusions faced by transgender persons, it is important to highlight their difficulties in accessing technological systems and the impact on their privacy, as central issues that require serious consideration. Presently, their realities seem to be ignored by the State while designing most technology laws and policies governing digital systems.

Background

In the landmark verdict in 2014, NALSA Vs Union of India, the Supreme Court of India for the first time recognised the right of an individual to self-identify their gender as male, female or transgender. This verdict detailed nine directives to be implemented by the central and state governments in India for the inclusion of transgender persons.

Similarly, 2017 was a watershed moment in India’s constitutional history when the Supreme Court held the right to privacy to be a fundamental right. More importantly, the Court expounded on this right and held that the protection of an individual’s gender identity is an essential component of the right to privacy and that privacy at its core includes the preservation of personal intimacies, autonomy, the sanctity of family life, marriage, procreation, the home and sexual orientation.

The 2017 privacy judgement led to the Supreme Court pronouncing the Navtej Johar v Union of India in 2018, striking down the Koushal judgement and decriminalising acts of consensual non-hetrosexual acts of intimacy. In 2019, the Personal Data Protection Bill, 2019 was introduced in Parliament for the regulation and protection of personal data. The PDP Bill classifies data into two categories as (i) personal data; and (ii) sensitive personal data. As per the PDP Bill, data identifying the transgender status and intersex status falls within the ambit of sensitive personal data. Around the time of the PDP Bill being tabled in Parliament, the Transgender Persons (Protection of Rights) Act 2019 was passed by the Parliament despite severe opposition to the Bill from civil society members as well as members of Parliament.

There is a lack of clarity on the interplay between the PDP Bill and the Transgender Act and the challenges the PDP Bill may pose to the transgender community. Moving beyond mere mentions in the definition of the law through a cisgendered heteronormative lens, it is important for the discourse on data and privacy to broaden its scope to realistically include people of different sexual orientations, gender and sexual identities, gender expressions and sex characteristics.

About the Event

Through these panel discussions, we propose to highlight the concerns of transgender persons with accessing digital data systems and the privacy challenges faced by them . These challenges include access to their rights — their right to self-identify their gender and access welfare services offered by the State and the privacy challenges faced by transgender persons in revealing their identity.

The objective of these discussions is to initiate more conversations about the technological and data exclusions faced by this historically marginalised community in India. The intent is to better understand the realities of transgender persons and contribute to the larger advocacy on privacy, intersectionality and (digital) systems design.

Click to register for the event here

For more details visit https://cis-india.org/internet-governance/events/transference-reimagining-data-systems-beyond-the-gender-binary

Transcripts from WCIT-12

snehashish — 2012-12-03T14:00:21Z

We are archiving copies of the live-transcripts from the World Conference on International Telecommunications, 2012 (WCIT-12) which is being held in Dubai from 3–14 December, 2012.

This is an unedited rough transcript of the discussions/sessions at the WCIT,2012 which is live-streamed and made available by the ITU. We are hosting the live-streamed text for archival purposes:

Day 1 - WCIT-2012: Opening Ceremony (December 3, 2012)

Day 1 - WCIT-2012: Plenary 1 (December 3, 2012)

For more details visit https://cis-india.org/internet-governance/blog/transcripts-of-wcit-2012

Trans Pacific Partnership and Digital 2 Dozen: Implications for Data Protection and Digital Privacy

Shubhangi Heda — 2016-07-12T07:56:24Z

In this essay, Shubhangi Heda explores the concerns related to data protection and digital privacy under the Trans Pacific Partnership (TPP) agreement signed recently between United States of America and eleven countries located around the pacific ocean region, across South America, Australia, and Asia. TPP is a free trade agreement (FTA) that emphasises, among other things, the need for liberalising global digital economy. The essay also analyses the critical document titled ‘Digital 2 Dozen’ (D2D), which compiles the key action items within TPP addressing liberalisation of digital economy, and sets up the relevant goals for the member nations.

1. Introduction

2. Analysis of TPP and D2D

2.1. Trans Pacific Partnership (TPP)

2.2. Digital 2 Dozen (D2D)

3. Major Criticisms of the Digital Agenda of TPP

3.1. Data Protection

3.2. Digital Privacy

4. Implications of TPP for RCEP

5. Implications of TPP in the Context of EU Safe Harbour Judgement

6. Implications of TPP for India after US-India Cyber Relationship Agreement

7. Conclusion

8. Endnotes

9. Author Profile

1. Introduction

This essay explores the concerns related to data protection and digital privacy under the Trans Pacific Partnership (TPP) agreement signed recently between United States of America and eleven countries located around the pacific ocean region, across South America, Australia, and Asia [1]. TPP is a free trade agreement (FTA) that emphasises, among other things, the need for liberalising global digital economy. The essay also analyses the critical document titled ‘Digital 2 Dozen’ (D2D), which compiles the key action items within TPP addressing liberalisation of digital economy, and sets up the relevant goals for the member nations. TPP requires the member countries to facilitate unhindered digital data flow across nations, for commercial and governmental purposes, which evidently have major implications for national and regional data protection and privacy regimes. These implications must also be seen in the context the recent judgement by the EU Court of Justice against the validity of the EU-USA data transfer agreement of 2000. Further, the essay discusses the potential impacts that TPP/D2D might have on India, in the context of the ongoing USA-India Cyber Relationship dialogue. If the privacy concerns are not raised right now TPP might act as a model framework for future FTAs which will fail to encompass proper data protection and digital privacy regime within it.

2. Analysis of TPP and D2D

2.1. Trans Pacific Partnership (TPP)

Trans Pacific Partnership (TPP) is a large multi-partner free trade agreement amongst twelve Asia-Pacific countries, which is closely led by geo-political and economic strategies of the USA. Countries started the negotiation of TPP in 2008 when USA joined Pacific Four (P-4) negotiations and in 2015 negotiations of TPP was concluded and text was released. Ministers from the member countries signed the agreement on February 4, 2016 [2]. The main aim of TPP is to liberalise trade and investment beyond what is provided for within the WTO. It is also considered to be a strategic move by the US to counter the trade linkages that are being established in the Asian region. TPP largely covers topics of market access, and rules on various related issues such as intellectual property rights, labour laws, and environment standards [3].

Between 1992 -2012 there has been an upsurge in bilateral trade agreements being signed in Asia from 25 to 103 and the effect of these FTAs is called the ‘noodle bowl effect’. TPP is seen as framework which will replace these FTAs which are causing the ‘noodle bowl effect’.While these FTAs are being replaced but with TPP being signed there are various bilateral arrangements signed along with TPP. USA has also stated that TPP will not affect the already existing NAFTA [4]. While TPP is being concluded there is another free trade agreement being negotiated between USA and EU , which is Trans Trade and Investment Partnership (TTIP). Both TPP and TTIP and are considered to be serving similar objective which is to deal with new and modern trade issues. Also both the agreements are US led and since negotiation for TPP are now finalised it may have a significant impact on TTIP [5].

TPP is one of the first document which deals specifically with digital economy and applies across borders. The main aims of TPP are to promote free flow of data across borders without data localisation. It aims to remove national clouts and regional internets. It also includes provisions to combat theft of trade secrets. It allows you to create transparent regulatory process with inputs from various stakeholders. It also aims to provide access to tools and procedures for conduct of e-commerce [6].

Some of the major criticism to TPP were regarding the issues related to [7]:

environment, wherein it does not address the issue of climate change and the language used in the agreement is very weak;
labour rights provision mandates parties to adhere to the ILO provision but it does not seem to provide for effective framework and might not bring the desired change;
investment chapter is seen to be controversial because of the investor state dispute settlement clause which will allow foreign investor to sue government over policies that might cause harm to them;
e-commerce and telecommunication chapter raises major privacy concerns;
intellectual property chapter wherein it includes controversial rules regarding pharmaceutical companies and data exclusivity apart from the privacy concerns.

2.2 Digital 2 Dozen (D2D)

D2D is set of rules and aims which is specifically drafted to be followed for the trade agreements related to open internet and digital economy. More specific aims of TPP as provided within the ‘Digital 2 Dozen,’ aiming for more liberalised trade in digital goods and services, are [8]:

promoting free and open internet,
prohibiting digital custom duties,
securing basic non-discrimination principles,
enabling cross-border data flows,
preventing localization barriers,
barring forced technology transfers,
advancing innovative authentication methods,
delivering enforceable consumer protections,
safeguarding network competition,
fostering innovative encryption products, and
building an adaptable framework.

Strategic goal of the US in introducing D2D as goals of TPP has been to set up a trend within Asian region for all the trade agreements. It is expected to ensure that if TPP is a success, similar goals and policy frameworks will be followed for other trade agreements as we. For example, the USA-India partnership also enshrines similar aims and so does the USA-Korea partnership. Hence while India is not part of TPP, USA is nonetheless trying to get India into a partnership which is similar to the TPP. The language proposed by the USA in TPP negotiations has always been supportive for cross border data flows as it claims that companies have mechanism to keep a privacy check and privacy would not be undermined, but countries like New Zealand and Australia which have strong privacy protection laws nationally have raised concerns which will be discussed in further sections [9]. Also not only in privacy rights but Digital Dozen initiative also affects other digital rights related to - excessive copyright terms TPP proposed to extend the term of copyright to hundred years which deprive access to knowledge; as in the U.S motive to give more power to private entities , the ISP obligations enumerated within TPP which puts freedom of expression and privacy at risk as ISPs are allowed to check for copyright infringement and TPP does not put any privacy restriction in this regard; introduction of new fair use rules; ban on circumvention of digital locks or DRMs; no compulsory limitation for persons with disabilities; lack of fair use for journalistic right; while net neutrality is major issue is many developing nations in Asia no effective provision for net neutrality is aimed at in the D2D initiative; prohibits open source mandates which puts barrier for countries which want to release any software as open source as a policy decision [10].

3. Major Issues Related to Data Protection and Privacy in the TPP

3.1. Data Protection

One of the major concern raised against TPP is regarding data protection provisions that have been integrated within the E- Commerce chapter of the agreement. Article 14.11 and Article 14 .13 are the ones that deal with data flow related to consumer information.Article 14.11 in the agreement puts a requirement on the member states to allow transfer of data across border and Article 14.13 does not allow the companies to host data on local servers. Concerns were raised in few member states for instance, Australian Privacy Foundation raised concerns over Article 14.11 which requires transfers to be allowed in context of business activities of service suppliers. It claimed that exception to this provision is very narrow and the repercussion for not following the exception is that investor state dispute settlement proceedings can be initiated, which is not sufficient to protect privacy. Also, it highlighted the issue that with the narrow exception provided under Article 14.13 which relates to prohibition on data localisation, it might have adverse effect on the implementation of national privacy laws within Australia [11].

Another provision which is of major concern is Article 14.13 which prohibit data localisation. It will raise problems for countries like Indonesia and China which will have to change their local laws to implement the provision [12]. Since there already has been a major concern with regard to USA- EU Safe Harbour Agreement which was later made subject to the ECJ’s ruling on data protection, which invalidated any arrangement which provides voluntary enterprises responsibility to enforce privacy. But both the USA and EU are in process of renegotiating the agreement.The major concern was that in EU data protection is a fundamental right while in USA data protection is more consumer centric. When similar concerns were raised in TPP negotiations, they were rebutted as USA claimed that FTA does not concern itself with data protection [13].

In 2012 Australia proposed an alternative language to TPP which allowed countries to place restriction on data flow as long as it was not a barrier to trade. U.S responded to concerns raised by the Australia through a side letter which ensured Australia that U.S and Australia have a mutual understanding in relation to privacy and U.S will ensure the privacy of data with regards to Australia. While Australia’s concern was given acknowledgement other countries which raised similar issues were not given any assurances [14]. US instead proposed ad- hoc strategy that gave private companies power to form privacy policy with implementation through state machinery [15].

3.2. Digital Privacy

Article 14.8 in the E- Commerce chapter of the agreement states that countries can form legal framework for the protection of rights but the kind of ‘legal framework’ is not defined. Also, nowhere it states that the privacy protection or data protection laws are expressly exempted, rather it states that any such policy implemented by member states will be put under review of TPP standards. The standards which TPP proposes to follow are based on the underlying idea that any such policy should not hinder free trade in any way. This test will be applied by tribunals which are experts in trade and investment and not on data protection or human rights [16]. While Article 14.8 provides for protection of private information of consumers but the footnote to the provision renders it ineffective. The footnote states that member countries can adopt legal framework for the protection of data which can be done by self-regulation by industry and does not provide for any comprehensive data protection obligation upon the member states [17]. Similar to this Article 13.4 of the telecommunications chapter under TPP also states that the countries can apply regulation regarding confidentiality of the messages as long as it is not “a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade in services" [18].

Another chapter which raises major concerns about the privacy rights is intellectual property. It affects privacy through the provisions related to technological protective measures and the provision that regulate ISP’s liability. Regarding the TPM provision, the TPP follows the DMCA model whereby the exception to anti- circumvention provision is very narrow and does not apply to anti- trafficking provision. The exception allows user to circumvent TPM if it affect the user's privacy in any way, although this provision does not apply to ant- trafficking of TPM. The provision regarding ISP’s liability states that there should be cooperation between ISPs and rights holders and it does not prohibit ISPs to monitor its users. Also TPP proposes the notice for takedown and identification of the infringer by the ISP but this provision is not in consonance with laws of member states, like that of Peru which does not have any copyright law on ISP . Also many countries have tried to introduce proper privacy laws along with implementation of ISP liability but that is not done within the TPP [19]. TPP as whole aims to give greater power to private regulators without providing for minimum standard for protection of privacy.

Although TPP is not a data protection agreement but it consequently deals with various aspects of data protection, hence it is prospective model for privacy and data protection practices in future trade agreements. If positive obligations are included within the free trade agreements it will have an advancing impact on the data protection regime.

4.Implications of TPP for RCEP

While TPP has such lacunas similar provision are proposed in RCEP to which India is a party and which will have serious implication as many of the countries have inadequate data protection laws nationally and with the introduction of such an FTA the exploitation of privacy rights will be rampant [20]. To avoid this EU directive on data protection should be taken into consideration in the negotiations of such FTAs. But for the RCEP negotiations are still going on and in India many companies like Flipkart, Snapdeal etc. have started preparing for the changing norms. The government claims that it is going to accept best practices in the region which indicates that it is going to have same policies as that of TPP. Although people from industry have raised concerns that while there are national laws but it is difficult to check third party involvement within the business and it is becoming increasingly difficult to keep the consumer data confidential [21].

5. Implications of TPP in the Context of EU Safe-Harbour Judgement

Mr. Maximillian Schrems, an Austrian National residing in Austria, has been a user of the Facebook social network since 2008. Any person residing in EU who wishes to use Facebook is required to conclude, at the time of his registration, a contract with Facebook Ireland (a subsidiary of Facebook Inc. which itself is established in Unites States). Some or all of the personal data of the Facebook Ireland’s users who residing in EU is transferred to servers belonging to Facebook Inc. that are located in United States, where it undergoes processing. On 25 June 2013 Mr Schrems made a complaint to the commissioner by which he in essence asked the latter to exercise his statutory powers by prohibiting Facebook Ireland from transferring his personal data to Unites States, and this led to the Maximillian Schrems v Data Protection Commissioner case [22]. He contended that in his complaint that the law and practice in force in that country did not ensure adequate protection of the personal data held in its territory against the surveillance activities that were engaged in thereby by the public authorities. Mr Schrems referred in this regard to the revelations made by Edward Snowden concerning the activities of the United States intelligence services, in particular those of the NSA.(para 26, 27, 28). The case came in the court ruled that “that a third country which ensures an adequate level of protection, does not prevent a supervisory authority of a Member State, within the meaning of Article 28 of the EU 94/46 directive as amended, from examining the claim of a person concerning the protection of his rights and freedoms in regard to the processing of personal data relating to him which has been transferred from a Member State to that third country when that person contends that the law and practices in force in the third country do not ensure an adequate level of protection. The ruling implies that personal data cannot be transferred to third country which does not provide adequate level of protection.

EU safe harbour judgment and EU directive on privacy provide contrasting rules related to privacy. While TPP gives power to private entities to formulate rules regarding privacy while the recent ECJ judgment invalidated giving such power to private entities under EU-US Safe Harbour Agreement. Also in context of the same judgment Hamburg’s Commissioner for Data Privacy And Freedom of Information announced an investigation into the data transfer taking place through Facebook and Google to U.S. Hence in the light of the recent judgment member states within EU are not allowed to permit cross border data flow, in contrast to this one of the main goals of TPP is to maintain free flow of data across border [23]. EU is this regard has also set forth the proposal to introduce General Data Protection Regulation. (GDPR). Although U.S and EU are trying to renegotiate the agreement but the privacy concerns raised cannot be ignored. Hence following the same model as was invalidate under the ECJ judgment lets US exploit privacy of member states under TPP. Similar concerns as raised within the judgment are also raised in India as it also following the same model within U.S-India Cyber Relationship Agreement and in RCEP negotiations.

6. Implications of TPP in the context of USA-India Cyber Relationship

While India is not part of TPP but it might have an effect on the U.S India Cyber Relationship Agreement. In August 2015 there was re- initiation of the India-U.S cyber dialogue to address common concerns related to cybersecurity and to develop better partnerships between public and private sector for betterment of digital economy [24]. One of the key aim of this agreement is free flow of information between two nations, which suffers from similar problem that it will put privacy of the citizens at risk. Also India does not have any bilateral treaty which ensures cyber data protection in such a scenario the only solution is data localisation, but this agreement will put data at risk [25]. Hence while the TPP negotiations were going on and also RCEP is being discussed the concerns about privacy and data protection need to be raised as mention in earlier section regarding implications of TPP on RCEP, the USA-India Cyber Relationship also faces the same implications..Although the aim of USA-India Cyber Relationship is to ensure cybersecurity. After the cases of Muzaffarnagar riots, upheaval in North -Eastern states and Gujarat riots, India has realised it is important to ensure compliance from the social media companies. India sees the USA-India Cyber Relationship as an opportunity to achieve this goal. The Google Transparency Report states that that India made around three thousand requests to Google for user data [26], which indicate at the country's interest in having a common data understanding with the major social media companies (almost all of which are located in USA) about requesting and sharing of user activity data. While this concern is being addressed through the agreement, it is difficult to ignore the clause related to free flow of information, and if the meaning of the term is extended and adopted from TPP itself will put digital privacy of Indian citizens at risk [27].

7. Conclusion

Even though TPP negotiation are completed but the ratification of the agreement is still underway. TPP is being seen as one of a kind trade agreement because it is the first time that countries across the globe have come together as a whole to address concerns of modern trade. Although it fails to address some of the key concerns related to privacy and data protection which are becoming increasingly important. Data protection and privacy issues cannot be seen in isolation and needs to merged within the modern day trade agreements. The D2D component by the USA is strategic move to have trade dominance in Asia and to compete with China’s growth . TPP has privacy and data protection lacunae within the e- commerce , telecommunications and intellectual property discussion.Although it might have serious implications on RCEP negotiation and USA- India Cyber Relationship Dialogue. Similar concern regarding data protection has already been addressed by ECJ judgment invalidating USA-EU Safe Harbour Agreement but the similar ad - hoc strategy has been incorporated within TPP. Since TPP might be considered as best practice model for future FTAs in the Asian region it is important to raise and address these privacy concerns now.

8. Endnotes

[1] The signatory countries include Australia, Canada, Japan, Malaysia, Mexico, Peru, United States of America, Vietnam, Chile, Brunei, Singapore, New Zealand. "The Trans-Pacific Partnership," http://www.ustr.gov/tpp (last visited Jul 7, 2016).

[2] "The Origins and Evolution of the Trans-Pacific Partnership (TPP)," Global Research, http://www.globalresearch.ca/the-origins-and-evolution-of-the-trans-pacific-partnership-tpp/5357495 (last visited Jul 7, 2016).

[3] Fergusson, Ian F., Mark A. McMinimy & Brock R. Williams, "The Trans-Pacific Partnership (TPP): In Brief," (2015), http://digitalcommons.ilr.cornell.edu/key_workplace/1477/ (last visited Jul 1, 2016).

[4] Gajdos, Lukas, The Trans-Pacific Partnership and its impact on EU trade, Policy Department, Directorate-General for External Policies, Policy Briefing (2013), http://www.europarl.europa.eu/RegData/etudes/briefing_note/join/2013/491479/EXPO-INTA_SP(2013)491479_EN.pdf.

[5] Twining, Daniel, Hans Kundnani & Peter Sparding, Trans-Pacific Partnership: geopolitical implications for EU-US relations, Policy Department, Directorate-General for External Policies, June 24 (2016), http://www.europarl.europa.eu/RegData/etudes/STUD/2016/535008/EXPO_STU(2016)535008_EN.pdf.

[6] USTR, "Remarks by Deputy U.S. Trade Representative Robert Holleyman to the New Democrat Network," https://ustr.gov/about-us/policy-offices/press-office/speechestranscripts/2015/may/remarks-deputy-us-trade (last visited Jul 4, 2016).

[7] Murphy, Katharine, "Trans-Pacific Partnership: four key issues to watch out for," The Guardian, November 6, 2015, https://www.theguardian.com/business/2015/nov/06/trans-pacific-partnership-four-key-issues-to-watch-out-for (last visited Jul 7, 2016).

[8] USTR, "The Digital 2 Dozen" (2016), https://ustr.gov/sites/default/files/Digital-2-Dozen-Final.pdf (last visited Jul 1, 2016).

[9] Fergusson, Ian F.m Mark A. McMinimy & Brock R. Williams, "The Trans-Pacific Partnership (TPP) negotiations and issues for congress," (2015), http://digitalcommons.ilr.cornell.edu/key_workplace/1412/ (last visited Jul 8, 2016).

[10] "How the TPP Will Affect You and Your Digital Rights," Electronic Frontier Foundation (2015), https://www.eff.org/deeplinks/2015/12/how-tpp-will-affect-you-and-your-digital-rights (last visited Jul 7, 2016).

[11] Australian Privacy Foundation (APF), Trans Pacific Partnership Agreement (2016), https://www.privacy.org.au/Papers/Parlt-TPP-160310.pdf.

[12] Greenleaf, Graham, "The TPP & Other Free Trade Agreements: Faustian Bargains for Privacy?," SSRN (2016), http://papers.ssrn.com/sol3/Papers.cfm?abstract_id=2732386 (last visited Jul 1, 2016).

[13] "GED-Project: Transatlantic Data Flows and Data Protection," GED Blog (2015), https://ged-project.de/topics/competitiveness/transatlantic-data-flows-and-data-protection-the-state-of-the-debate/ (last visited Jul 1, 2016).

[14] Geist, Michael, "The Trouble with the TPP, Day 14: No U.S. Assurances for Canada on Privacy," (2016), http://www.michaelgeist.ca/2016/01/the-trouble-with-the-tpp-day-14-no-u-s-assurances-for-canada-on-privacy/ (last visited Jul 4, 2016).

[15] Aaronson, Susan Ariel, "What does TPP mean for the Open Internet?" From Policy Brief on Trade Agreements and Internet Governance Prepared for the Global Commission on Internet Governance (2015), https://www.gwu.edu/~iiep/events/DigitalTrade2016/TPPPolicyBrief.pdf (last visited Jul 5, 2016).

[16] Lomas, Natasha, "TPP Trade Agreement Slammed For Eroding Online Rights," TechCrunch, http://social.techcrunch.com/2015/11/05/tpp-vs-privacy/ (last visited Jun 30, 2016).

[17] "Q&A: The Trans-Pacific Partnership," Human Rights Watch (2016), https://www.hrw.org/news/2016/01/12/qa-trans-pacific-partnership (last visited Jul 1, 2016).

[18] "TPP Full Text Released," People Over Politics (2015), http://peopleoverpolitics.org/2015/11/07/tpp-just-as-bad-as-you-thought/ (last visited Jul 7, 2016).

[19] "Right to Privacy in Trans-Pacific Partnership (TPP ) Negotiations," Knowledge Ecology International, http://keionline.org/node/1164 (last visited Jul 1, 2016).

[20] Asian Trade Centre, "E-Commerce and Digital Trade Proposals for RCEP (2016)," http://static1.squarespace.com/static/5393d501e4b0643446abd228/t/575a654c86db438e86009fa1/1465541967821/RCEP+E-commerce+June+2016.pdf (last visited Jul 1, 2016).

[21] "E-commerce companies like Flipkart, Snapdeal to beef up data security to meet RCEP norms," The Economic Times, http://economictimes.indiatimes.com//articleshow/49068419.cms (last visited Jul 1, 2016).

[22] ECLI:EU:C:2015:650 (C -362/14)

[23] King et al., "Privacy law, cross-border data flows, and the Trans Pacific Partnership Agreement: what counsel need to know," Lexology, http://www.lexology.com/library/detail.aspx?g=b5c0b400-8161-4439-a4b7-131552ad5209 (last visited Jul 4, 2016).

[24] "U.S.-India Business Council Applauds Resumption of Cybersecurity Dialogue," U.S.-India Business Council (2015), http://www.usibc.com/press-release/us-india-business-council-applauds-resumption-cybersecurity-dialogue (last visited Jul 5, 2016).

[25] Sukumar, Arun Mohan, "India Is Coming up Against the Limits of Its Strategic Partnership With the United States," The Wire (2016), http://thewire.in/40403/india-is-coming-up-against-the-limits-of-its-strategic-partnership-with-the-united-states/ (last visited Jul 4, 2016).

[26] Countries – Google Transparency Report, https://www.google.com/transparencyreport/userdatarequests/countries/ (last visited Jul 8, 2016).

[27] Sukumar, Arun Mohan, "A case for the Net’s Ctrl+Alt+Del," The Hindu, September 5, 2015, http://www.thehindu.com/opinion/op-ed/a-case-for-the-nets-ctrlaltdel/article7616355.ece (last visited Jul 5, 2016).

9. Author Profile

Shubhangi Heda is a Student of Jindal Global Law School, O.P Jindal Global University. She has completed her fourth year. She gives due importance to popular culture in her life and loves to read fiction and like to watch TV-shows, her favorite being 'White Collar'.

For more details visit https://cis-india.org/internet-governance/blog/tpp-and-d2-implications-for-data-protection-and-digital-privacy

Training programme for Chairs, Convenor and Experts for International Standardization Work

praskrishna — 2017-01-20T17:06:09Z

Udbhav Tiwari attended this programme organized by National Institute of Training for Standardization, under the Bureau of India Standards on the 19 and 20 of January, 2017 in Nodia, New Delhi.

Udbhav was invited due to CIS's membership at the LITD 17 at BIS and WG5 under ISO JTC 1 SC 27. For full schedule of the training programme click here.

For more details visit https://cis-india.org/internet-governance/news/training-programme-for-chairs-convenor-and-experts-for-international-standardization-work

Training for Internet Governance Activists

praskrishna — 2014-11-07T00:38:55Z

Geetha Hariharan attended a training session for Internet rights activists in Cambridge, organised by Global Partners Digital, UK on September 23 and 24, 2014.

Day 1. Final session was on privacy, surveillance and data protection by Mike Rispoli and Alexandrine Pirlot de Corbion from PI. Got caught up in the discussion, so no notes from that. Of interest is session on communication by Mike - a nine-step process he's outlined (in bold at the very end), and the problem tree and stakeholder mapping approach that Alex spoke of.

Day 2. Great session on the ITU and on lobbying by lobbyist Matthew McDermott of Access Partners. The ITU is a complex beast with activity at multiple levels and different levels of effectiveness at different levels. From conversations, I gathered that any effective strategy for any policy change in Internet governance at the ITU will involve lobbying national governments, and then at sub-regional, regional and global levels.

Day 3. Tim Maurer's session on cyber security. Issues of terminology and politicisation discussed. Also info on in what forums cyber security debate is taking place. The Netherlands is hosting the Global Conference on Cyber Space in April 2015.

Resources

Unedited notes from the meeting can be downloaded here (Zip File, 739 Kb)

For more details visit https://cis-india.org/internet-governance/news/training-for-internet-governance-activists

Trail of the Trolls

praskrishna — 2012-01-04T07:55:05Z

Bullying and abuse on the Internet is on the rise. Smitha Verma finds out why most offenders are going scot-free in this article published in the Telegraph on 4 January 2012.

When Shahana Nair Joshi, a young professional from Delhi, wrote a blog post titled ‘An Open Letter to a Delhi Boy’ last year, she was not prepared for the repercussions that followed. The post went viral overnight and received as many as 7,000 comments. Her blog post, which was a rant against the stereotypical Delhi man, became a topic of discussion on social networking sites, inviting with it a flurry of praise. But the fan following also brought with it an equal number of trolls (those who post inflammatory messages in an online community).

“Soon sexual insults, derogatory messages and inflammatory content became the norm,” says Joshi. “Then I started moderating the comments on my blog and went on to block trolls on Twitter,” says Joshi whose Twitter follower list jumped from 100 to 1,000 within a week. “One person even went to the extent of issuing a death threat to me over the phone,” she adds. “I decided to ignore the trolls as that is the best possible solution.”

Cases similar to Joshi’s are on the rise in cyber world. At a time when social networking sites are being asked to monitor and censor their content, bullying on the Internet is at an all time high. Trolls hide behind the anonymity that a social networking site provides to post derogatory comments and obscene remarks.

According to Supreme Court lawyer Pavan Duggal, harassment on social networking sites is emerging as one of the biggest problems in the online world. “Six out of 10 people aren’t aware of what constitutes a cyber crime. As a result they aren’t reported. Neither the victims nor the abusers know what is an offence,” says Duggal.

But even if a case of bullying on the Internet is reported, the law is somewhat fuzzy when it comes to bringing the offender to book. In India, social media come under a variety of civil and criminal laws. The Information Technology Act, 2000, tackles most cases related to cyber crimes. “However, we take recourse to not just the IT Act, 2000, and its amendments thereunder, but also to other legislation, such as the Indian Penal Code (IPC), the Trade Marks Act, the Copyright Act, etc., to tackle cyber crimes in India,” says Gurpreet Singh, Internet law head, Amarjit & Associates, Delhi.

Bullying on the Internet consists of abuses that may have emotional and physical repercussions. “Trolling provokes a non-productive argument and as of now it is not considered a criminal offence anywhere in the world,” says Sunil Abraham, executive director, Centre for Internet and Society, Bangalore. However, most Internet users point out that trolling is out and out harassment that often verges on sexual harassment as well.

“I am routinely harassed by trolls. Even if I block them, they create a new twitter handle, start following me and post abusive comments,” says Joy Das, an advertising professional from Mumbai. His strong stand on several issues makes him a favourite among the trolls. Once Das had gone to the extent of filing a case and shared the details of the troll with the cyber crime cell department of the state police. He withdrew the case when the abuser retreated.

One of the main problems in taking action against a troll is that no legal definition of bullying is provided in Indian laws. As Karnika Seth, a Delhi-based cyber law expert, points out, “Even though the laws are in place, there is a clear lack of definition of offensive terms.”

Still, the laws do provide some relief in cases of harassment by Internet trolls. Usually, Section 509 of the IPC comes into effect when there is an intention to insult the modesty of a woman. “The offence also extends to an online medium,” says Singh of Amarjeet & Associates. “Besides Section 509, various other sections such as Section 503 and Section 504 of the IPC can also be invoked based upon the particular facts of a case,” adds Singh.

The networking sites on their part aren’t proactive when it comes to keeping a check on trolls. Twitter maintains that it is a communications platform, not a content mediator. “Removal of content does not in and of itself resolve the issue that led to the content being posted in the first place,” blogs the head of Twitter’s safety centre.

If you want to know the IP address and other details about the bully, you will have to file a police complaint and the copy should be sent to Twitter, informs Nabeel Ziyaan, a Bangalore-based entrepreneur and a contributor to Twitter’s ‘#140help’ section which deals with user queries. “In such cases, Twitter will work with the law enforcement agency,” says Ziyaan.

An accused can be booked for mental cruelty and sexual harassment under the provisions of the IPC as well as under Sections 67(a) & 67(b) of the IT Amendment Act, 2008, depending upon the facts and circumstances of the case. Section 66(a) lays down, for example, that any person who sends, by means of a computer resource or a communication device, any information that is grossly offensive or has menacing character or any information which he knows to be false, but for the purpose of causing annoyance, shall be punishable with imprisonment for a term which may extend to three years or with a fine which may extend to Rs 5 lakh or with both.

According to Section 67(a), whoever publishes or transmits in the electronic form any material which contains a sexually explicit act or conduct shall be punished with up to five years’ imprisonment and with a fine which may extend to Rs 10 lakh. And Section 67(b) hands out punishment for publishing or transmitting material depicting children in a sexually explicit act in an electronic form.

But law enforcement agencies are not always able to work out a way to track the trolls. “IP addresses can be spoofed using different software. In fact, innocent people can get punished if a troll hides under a proxy server,” says Seth.

Experts say that cyber laws need clarification and appropriate interpretation. The public should also be made aware of what constitutes a cyber offence. Until that happens, the trolls will, in all probability, trawl the Internet and maul Netizens at will.

Trail of the Trolls was published in the Telegraph on 4 January 2012

For more details visit https://cis-india.org/news/trail-of-trolls

TRAI urged to take action against P2P throttling and DNS hijacking

Anand Priya Singh — 2012-03-27T06:07:30Z

On 4 November 2010, Anand had sent a complaint letter to the Telecom Regulatory Authority of India (TRAI) regarding unethical practices adopted by Internet Service Providers (ISPs), particularly Airtel. The letter was sent by post and through an e-mail. It was addressed to the Advisor, CN & IT, TRAI. Anand got no help from the ISP and the reply from TRAI (No. 340-1\2010-CA/VOLv) stated that he contact the nodal officer. We have reproduced below the complaint letter that Anand sent to TRAI.

The Advisor,
CN & IT, TRAI
New Delhi

Respected Sir,

I wanted to bring to your notice some unethical marketing practices being adopted by Airtel in their broadband market.

ISPs in India, especially Airtel and Tata have recently started to use Domain Name System (DNS) hijacking where they redirect a misspelled or a non-existent website to their own site — where they serve advertisements to make money and these get redirected to Airtel or Tata whenever you connect to the Internet. The reply from the Internet Corporation for Assigned Names and Numbers (ICANN) was: "DNS hijacking practice violates the RFC standard for DNS (NXDOMAIN) responses, and can potentially open users to cross-scripting attacks. According to ICANN, the international body responsible for administering top level domain names has published a memorandum highlighting its concerns, affirming that ICANN strongly discourages the use of DNS redirection, wildcards, synthesized responses and any other form of NXDOMAIN substitution in existing Generic Top Level Domains (GTLDs), Country-Code Top Level Domains (CCTLDs) and any other level in the DNS tree for registry-class domain names." See for example, http://goo.gl/lZ2r6 or http://goo.gl/fDLNC

Our ISPs are violating international regulations and exposing the customer to phishing and hacking. Here are their rules: RFC 2308 - Negative Caching of DNS Queries (DNS NCACHE) (rfc2308). See http://goo.gl/QrKLs

I hope TRAI fines Airtel for their unethical practices. Now even toll free customer complaint numbers are no longer toll free. They charge 50 paise per call.

One of the most dangerous things that Airtel and Tata have done is to secretly throttle internet traffic particularly of peer-to-peer (P2P) protocol and not telling the customers, thereby violating the Consumer Protection Act, 1986. In October 2010, Airtel and Tata began using Elitecore's networking bandwidth tool NetVertex to throttle net traffic.

This violates net neutrality principle and could make the internet a cable television system where for different protocols different tariffs would be charged. Please watch this clip on net neutrality.

Since January 2011 Airtel is throttling P2P speeds to 256k from 10 a.m. to 11 p.m. If a user has 1\2\4 mbps connection, his\her speeds are being throttled to 256 k. The only legal proof that customers have is the results from this site which tells if your connection is being throttled for specific protocols (for example, http, ftp, torrent, video streaming, email, etc) known as glasnost test.

This forum has many Airtel users complaining about this. For example: http://goo.gl/Utd72, http://goo.gl/uLZdg, http://goo.gl/bfgaE and http://goo.gl/S7lIQ

Sir P2P is controversial as it used to download copyright works but P2P is also used for legitimate files like Linux OS or Legit P2P streaming. Some torrent sites only provide legit torrents, for example,mininova.

In 2006 TRAI had a consultation paper on network neutrality para 3.6.2. In the reply, organisations like Google, Skype and Microsoft recommended that network neutrality be made a law. See the Google letter for network neutrality of August 2010.

In 2011 the TRAI-NGN said that they have not found any ISP violating this but I have been writing to TRAI since October 2010 to warn them about the impending 2 tier internet which is coming to India, page 91.

Like the Federal Communications Commission (FCC) which fined Comcast ISP in USA $ 16 million for secretly blocking P2P, TRAI should at least codify network neutrality as a simple sentence stating "All internet traffic irrespective of protocols and carrier shall be treated as neutral" and fine Airtel via Telecom Disputes Settlement Appellate Tribunal for violating Consumer Protection Act, 1986.

FCC passed diluted rules and TRAI should not copy FCC. I hope TRAI takes action against illegal secret P2P throttling and DNS hijacking.

Yours respectfully,

Anand

For more details visit https://cis-india.org/internet-governance/p2p-throttling-and-dns-hijacking

Trai upholds Net Neutrality in setback to Facebook’s Free Basics

praskrishna — 2016-02-15T02:01:37Z

Trai says Internet service providers will not be allowed to discriminate on pricing of data access for different web services.

The article by Moulishree Srivastava and Shauvik Ghosh was published in Livemint on February 9, 2016. Sunil Abraham was quoted.

India’s telecom regulator has barred Internet service providers from offering customers preferential tariffs to access certain content over concerns that it will violate Net neutrality norms, dealing a blow to Facebook Inc.’s free data service plan.

Internet service providers, including telecom operators, are prohibited from offering discriminatory tariffs for data services based on content, the Telecom Regulatory Authority of India (Trai) said on Monday. Service providers that violate these rules will be fined Rs.50,000 per day to a maximum of Rs.50 lakh. Trai said it may review the rules after two years.

The decision ends a long battle between Facebook and the country’s telecom operators, including Bharti Airtel Ltd, on one side and Net neutrality activists on the other. Facebook had launched an intense lobbying effort that included full-page advertisements in newspapers and an Internet campaign to assure people that its Free Basics plan, which allows access to its social network and some other websites without a data plan, would benefit millions of poor Indians.

“BJP wholeheartedly welcomes the Trai decision on differential pricing. The decision is a clear expression of popular will,” said telecom minister Ravi Shankar Prasad on Monday. “The government made sure proper processes were followed at all levels which eventually led to the victory of an open and equal Internet... It is gladdening to see that the NDA government ensured unparalleled transparency in the entire issue of net neutrality,” he added.

Net neutrality requires Internet service providers not to discriminate on online data by user, content, site, platform, application, mode of communication or price.

“The net neutrality activists... have got exactly what they wanted—the complete prohibition of the differential pricing,” said Sunil Abraham, executive director of the Bengaluru-based research organization Centre for Internet and Society. “Before Facebook started with its aggressive and outrageous campaign to promote Free Basics, the Net neutrality debate was a peaceful discussion. The way it has behaved must have led the regulator to lose trust that big companies can self-regulate.”

It, however, remains to be seen whether telcos challenge the regulation in court, he added.

“This has been a litigious issue and a lot of money is at stake so quite likely, I think, they will go to court,” said Apar Gupta, a lawyer and part of Save The Internet campaign.

The basic rationale behind the regulation is that the network that carries the data should be agnostic to data packets, R.S. Sharma, chairman of Trai, told reporters.

“Anything on the Internet cannot be priced discriminately based on source, destination, content and applications,” he said.

A spokesperson for Facebook said the company will carefully study what the regulator has said and comment accordingly.

Bharti Airtel and Reliance Communications Ltd (Facebook partnered with R-Com in India) declined to comment.

Differential pricing based on the network speed, Sharma said, is a larger issue and so is Net neutrality.

“We have used the term discriminatory pricing in place of differential pricing, because differential pricing in the consultation paper had a particular context. Differential word was quite contextual in the regulation, but it was misunderstood in a very larger context. Therefore, to differentiate, we are calling it discriminatory,” he said.

However, Sharma said that the Net neutrality debate is not over.

“Net neutrality is a larger question, and we have not gone into that question, though, I must admit, differential pricing is looking at Net neutrality from a tariff perspective. Net neutrality has a number of other components which is fast lane, throttling and differentially treating the packet in terms of speed etc. So this is not a part of this regulation,” Sharma said.

Amresh Nandan, research director at Gartner in India, said the Trai order favouring Net neutrality is in line with rules in the US. “The European Union has also ruled in favour of treating all Internet traffic equally,” Nandan said.

Nandan said the proponents of Net neutrality all over the world have been highlighting the importance of democratic values of the Internet and even a marginal attempt to curb it can possibly trigger all kinds of differentiation.

All the major telcos in India have, however, been lobbying the regulator to allow differential-pricing plans for data services. The telcos said such tariffs will increase Internet penetration in the country, benefiting consumers in the long run. They further argued that the existing legal framework is sufficient for regulating and monitoring differential pricing measures provided by the service providers and that Trai can deal with any issue regarding anti-competitive practices on a case-by-case basis as and when they arise.

Activists say such a practice will undermine competition and create monopolies. Differential pricing, they said, will allow big companies to buy favoured treatment from carriers.

Telecom operators said they were disappointed with the ruling. “Differential pricing could be useful in connecting the unconnected in India. This is an upfront disbarment,” said Rajan Mathews, director general of the Cellular Operators Association of India, the lobby group that represent some of the major telcos. “We believe that it was an appropriate tool to allow consumers who have never been on the Internet, to enjoy getting accustomed to it without getting sticker shock.”

Hemant Joshi, a partner at Deloitte Haskins and Sells Llp, said differential pricing was a well-accepted principle across industries.

“The concept inherently recognizes the economic principle of paying differently for different levels of service and experience. In telecom, there are virtual highways that need to follow the same principle. More awareness and education is needed around the economics of differential pricing and its long-term implications on the Industry and the consumer,” he added.

Trai, which put up the consultation paper on differential pricing on 9 December, asked four specific questions, broadly on whether telecom operators should be allowed to offer different services at different price points and models that can be implemented to achieve this.

Trai extended the deadline for comments and counter-comments on its consultation paper to 7 January and 14 January from 31 December and 7 January, respectively. For the consultation process, Trai said that majority of the individual comments received did not address the specific questions that were raised in the consultation paper.

P.R. Sanjai and Ashish K. Mishra in Mumbai contributed to this story.

For more details visit https://cis-india.org/internet-governance/news/livemint-february-9-2016-shauvik-ghosh-moulishree-srivastava-trai-upholds-net-neutrality-in-setback-to-facebooks-free-basics

TRAI recommendations on data privacy raises eyebrows

Admin — 2018-07-19T13:33:44Z

The telecom regulator’s recommendations on data privacy have raised eyebrows over jurisdiction and timing, with IT ministry officials as well as companies questioning the need for it at a time when the government appointed Justice BN Srikrishna committee is in the final stages of drafting the data protection law.

The article by Surabhi Agarwal and Gulveen Aulakh was published in Economic Times on July 18, 2018. Swaraj Paul Barooah was quoted.

Telecom Regulatory Authority of India (TRAI) Chairman RS Sharma though countered that the sectoral watchdog has the jurisdiction to protect consumer interest in the sector, and those who feed off the industry - content providers, or apps, browsers, operating systems, and devices - need to be accountable as far as data protection is concerned.

TRAI Monday released its recommendations on the subject titled ‘Privacy, Security and Ownership of Data in the Telecom Sector’ which are applicable for apps, browsers, operating systems and handset makers.

An official of the Ministry of electronics and IT, which is tasked with drafting the data protection law, said that the Act will “prevail” over everything else. “Like any other sector, the data protection Act will be the final thing. In respect of telecom matters, there will be a role for TRAI as sectoral regulator but the basics of privacy will be governed by the data protection Act.”

The official also added that TRAI saying that their recommendations will be applicable till the data protection law comes into force "doesn't make sense since it won't have a legal mandate."

Industry bodies such as Internet and Mobile Association of India (IAMAI) and the Indian Cellular Association (ICA) have also criticised TRAI, saying the recommendations were “illegal” and akin to “jumping the gun” ahead of the release of the Srikrishna committee report.

Some of the clauses such as no use of metadata to identify individuals coupled with data minimisation will be detrimental to building the data business in the country, they said.

But Sharma was argued Trai was well within its rights to protect telecom consumers.

"Do I not have the jurisdiction to protect the interest of consumers in the telecom sector? I have that. And data protection of consumers in the telecom sector is an issue which is certainly related to the interest of consumers. I have deliberated on that issue, and I’m not saying that bring all those entities under my jurisdiction,” Sharma said.

He added that there is a regulatory imbalance because entities such as devices, OS, browsers and apps are not following any law. “So, the government can come up with a broad framework but till that time let the telecom rules apply on them too."

In its recommendations, TRAI said that individual users owned their data, or personal information, and entities such as devices were "mere custodians” and do not have primary rights over that information. It also said that the current framework for protection of personal information is “not sufficient” and suggested expanding the ambit of licence conditions governing telcos to all entities handling customer information.

In its statement, IAMAI, which represents companies such as Facebook and Google, called TRAI’s assertion that the existing framework is not sufficient to protect telecom consumers “contradictory.”

“The TRAI recommendations on privacy are premised on a voice and SMS regime. It is not meant for data driven business, which the app companies are. App companies use pseudo anonymous data and app companies do not give Call Detail Records. Incidentally, the Sri Krishna Committee under the Ministry of IT, which is the nodal body for apps as well as for handset manufacturers, is deeply, looking into this issue of consent, which is a fair thing to do.”

Voicing similar concerns, the ICA, which represents most of India’s top handset makers, said that the telecom watchdog has absolutely no powers to begin regulating on issues of privacy and ownership of data, leave alone having jurisdiction over devices, operating systems, browsers and applications.

“The industry rejects TRAI's attempts to expand its powers and usurp government's jurisdiction.” It added that TRAI “jumped the gun” by seeking to regulate the digital ecosystem without waiting for the data protection law under consideration by the Justice Srikrishna Committee. “This piecemeal approach is dangerous and unproductive.”

Handset makers such as Intex and Karbonn added they should be kept out of the ambit of the proposed regulations because they don't use customer data or monetise from it, which is mostly what apps do. Any additional pressure on indirect costs will lead to wafer-thin margins getting eroded further and consumers will have to bear the brunt, as it will lead to increase in prices of mobile phones.

Trai’s recommendations have been sent to the Department of Telecommunications (DoT) which has to take a final call on whether they will be adopted.

An official spokesperson for Zomato said that they have not been contacted by any of the regulatory bodies on this, as of now. “Our country is still undergoing the process of setting up a regulatory framework, and what happens between the TRAI recommendations and the B N Srikrishna's committee's draft for Data Protection bill will eventually help set up a much required benchmark.

In its suggestions, Trai said that as with telcos, all user data flows through smart devices, putting the device manufacturers, browsers, operating systems, and applications etc. in a prime position to collect and process the personal information of users. Since all user data passes through telcos and devices, appropriate steps must be taken to protect user privacy vis-a-vis these entities. “This will ensure, in prevailing circumstances, that the privacy of users is protected and maintained”.

Swaraj Paul Barooah, policy director at Center for Internet and Society, said that the recommendations is worrying at one level since “There is nothing in the telecom sector that requires interim urgent intervention and it may mean that the privacy framework maybe further delayed.”

For more details visit https://cis-india.org/internet-governance/news/economic-times-july-18-2018-surabhi-agarwal-and-gulveen-aulakh-trai-recommendations-on-data-privacy-raises-eyebrows

TRAI Consultation on Differential Pricing for Data Services - Post-Open House Discussion Submission

sumandro — 2016-03-30T13:13:30Z

The Centre for Internet and Society sent this submission to the Telecom Regulatory Authority of India (TRAI) following the Open House Discussion on Differential Pricing of Data Services, held in Delhi on February 21, 2016.

Download the submission document: PDF.

Post-Open House Discussion Submission to TRAI

Dear Ms. Kotwal,

This is to heartily congratulate TRAI once again for taking several steps, including the Open House Discussion, to ensure that various opinions about the topic of ‘differential pricing for data services’ are presented and are responded to - and are all in full public view.

This brief note is to a) add to the positions and arguments submitted previously by the Centre for Internet and Society (CIS), India, b) put in writing our comments during the Open House Discussion (January 21, 2016), and c) respond to other comments shared at the same event. We have six points to share in this note:

Forbearance is not an option: We are of the opinion that though the data services market has thus far been kept un-monitored and unregulated, and there are several reasons why this situation should not continue any more. Although the reality of differential pricing (that is data packets originating from different sources being priced differently by ISPs) was highlighted with the recent offering of zero rated packs, it is a general practice in the sector, as illustrated by widely available special/curated content packs for the user to consume data from a specified web-based source. It is not surprising that most such special/curated content packs involve an arrangement between the ISP and a prominent leader in the web-content/platform sector, such as Facebook and Twitter. Serious market distorting impacts of such arrangements are imminent if they are allowed to continue without any monitoring, enforced public disclosure, and regulatory actions by a public authority.
Address differential treatment of data, and not only differential pricing: Pricing is only of the three ways in which data services can be treated differently by the ISPs depending upon the source of the data packets concerned. The other two ways are: a) differential speed, or throttling of some data packets and prioritisation of the others, and b) differential treatment of data protocols, for example, the blocking of peer-to-peer or voice-over-IP traffic by an ISP. If the public authority decides to only regulate differential pricing of data service, it is highly probable that ISPs may shift to other forms of discrimination between data packets - either in terms of prioritising some data packets over others based upon their origin, or blocking of specific protocols such as voice-over-IP to prevent the functioning of certain web-based services - and continue the market distorting impacts through these other means.
Allow and define reasonable network management practices: Reasonable network management has to be allowed to enable the ISPs to manage performance on their network. However, ISPs may not indulge in acts that are harmful to users in the name of reasonable network management. Below is a set of potential guidelines to identify cases when discrimination against classes of data traffic in the name of reasonable network management can be considered justified and permissible:
- there is an intelligible differentia between the classes which are to be treated differently,
- there is a rational nexus between the differential treatment and the aim of such differentiation,
- the aim sought to be furthered is legitimate, and is related to the security, stability, or efficient functioning of the network, or is a technical limitation outside the control of the ISP, and
- the network management practice is the least harmful technical means that is reasonably available to achieve the aim.
Establish an effective enforcement mechanism: TRAI must establish an enforcement mechanism that is open to users [and groups of users] and private sector actors as current forums are insufficient. Clear and simple rules must be established ex-ante, if they are violated - ex-post regulation must be undertaken on the basis of principles listed in the TRAI consultation paper, that is “non-discrimination, transparency, affordable internet access, competition and market entry, and innovation” [1]
Take regulatory decisions now, but also conduct and commission further research to review and refine the decisions over a defined period of time
Need for better collection and proactive disclosure of statistics: TRAI publishes quarterly performance indicators statistics collected from the telecom companies about telephone, mobile, and internet sectors in India [2]. It will be very useful for researchers and analysts, and allow for a much more informed public debate on the matter, if the content and form of such data are improved in the following ways:

Content:
- Please start collection (unless already done) and publication of not only data of average incoming and outgoing MOUs, average of total outgoing SMSs, Average Revenue Per User, and average data usage per GSM and CDMA subscriber, but distributions of the same in terms of user deciles (that is in terms of representative figures for each 10% section of users in ascending order of usage),
- Provide granular data about data usage across service areas and service providers (the numbers on ‘average data usage’ and total ‘revenue from data usage’ provided at present are very insufficient for the state of public debate),
- Provide data about internet subscriber base according to network technologies (for both wired and wireless) and the service providers concerned,
- Provide data about IP-based telephony across service areas and service providers,
- Provide data separately for the North Eastern states, and
- Provide granular data (separated from the corresponding state data) for all tier-1 cities.
Form:
- Please do not publish the data only as part of the quarterly reports available in PDF format, but also as independent machine-readable spreadsheet file (preferably in CSV format),
- Do not only publish quarterly data in separate files, but also provide a combined (all quarters together) dataset that would make it much easier for researchers and analysts to use the data,
- In some exceptional cases, the data is not provided in the report directly but a diagram containing the data is published [3], which should be kindly avoided, and
- Please publish these statistics as open data, that is in open standards and under open licenses.

Further, we request TRAI to explore possibilities of distributed sourcing of data, perhaps from the users themselves, about the actual network usage experiences, including but not limited to signal strength, data transfer speed (incoming and outgoing), frequency of switches between mobile (GSM and CDMA) and wi-fi connectivity, etc.

References

[1]. http://trai.gov.in/WriteReaddata/ConsultationPaper/Document/CP-Differential-Pricing-09122015.pdf.

[2]. http://www.trai.gov.in/Content/PerformanceIndicatorsReports/1_1_PerformanceIndicatorsReports.aspx.

[3]. http://www.trai.gov.in/WriteReadData/PIRReport/Documents/Performance_Indicator_Report_Jun_2015.pdf , sections 1.43 and 1.44 (pp. 31-32).

For more details visit https://cis-india.org/telecom/blog/trai-consultation-on-differential-pricing-for-data-services

TRAI and the Disclosure of Personal Information

Nehaa Chaudhari and Vidushi Marda — 2015-05-10T09:16:28Z

The Telecom Regulatory Authority of India (TRAI), in March 2015 invited comments on its Consultation Paper for the regulation of over-the-top (OTT) services. In an unprecedented wave of public participation, TRAI received over a million e-mails in support of net neutrality.

This note sets out the law in relation to the unauthorized disclosure of personal information. Many thanks to Bhairav Acharya for his inputs on this.

Subsequently, on April 27, 2015, TRAI made all responses received by it public, including personal information like email addresses along with any information contained in email signatures, which invariably include a phone number or address. While disclosure of names was needed to ensure transparency in the consultation process, disclosure of personal information gave rise to criticism and questions around the legality of such disclosure.

This note sets out the law in relation to the unauthorized disclosure of personal information:
Section 43A of the IT Act provides for subordinate legislation to govern the manner in which sensitive personal data is collected and processed. The governance of personal information is dealt with under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (“2011 Rules”). The 2011 Rules are made to give effect to Section 43A of the IT Act.

TRAI is a body corporate as per Section 3(2) of the TRAI Act. Hence, TRAI’s collection, storage, and disclosure of personal information is governed by the 2011 Rules. Rule 5(8) requires personal information collected to be held securely. TRAIs publishing of email addresses is a violation of Rule 5(8).

Rule 4 of the 2011 rules requires a body corporate to have a privacy policy. On its website, TRAI publishes a Privacy Policy. However, the Policy speaks of information gathered from the TRAI- Website. Even the wording on the Home Page of the TRAI website (that links to these policies) says “Website Policies”. It is unclear therefore, whether the Privacy Policy applies ONLY to the collection of information over the TRAI- Website or whether the Privacy Policy applies to TRAI overall.

Either way there is an argument to be made. TRAI has failed to draft and publicize a privacy policy for the personal information it collects directly. Without prejudice to the above, if the privacy policy on the TRAI website governs this collection of email addresses, then its unauthorized disclosure is a contravention of its own Privacy Policy, specifically paragraph 2.

Since the IT Act does not enact a specific penalty for contravention of section 43A in respect of personal information, TRAI’s unauthorized disclosure will be penalized through the residuary penalty contained in section 45 of the IT Act.

Hence TRAI is liable under Section 45 of the IT Act read with Rules 4 and 5(8) of the 2011 Rules. Section 45 provides a “residuary penalty”; for those provisions under the IT Act or Rules for whose contravention no other penalty has been prescribed. For this contravention, TRAI would have to pay a compensation of 25,000/- to the affected persons or a penalty of 25,000/- rupees.

TRAI may argue that it disclosed that personal information would be disclosed/published. However, the Call for Comments Press Release says that Comments will be published. Email addresses are not comments, and therefore TRAI did not issue a prior disclaimer for the publication of this personal information – hence the disclosure of e-mail addresses is still a violation.

The remedy for violation of Section 43A of the IT Act is the Adjudicating Authority appointed under Section 46(1), which requires a person not below the rank of Director in the appropriate government to receive complaints. Since TRAI is a body corporate as per the Act, it is unclear as to who the adjudicating officer in the present case should be; and is the matter of a separate research question.

The Appellate authority is the Cyber Appellate Tribunal constituted under Section 48 of the IT Act . It is not known if the tribunal has been constituted, and if it has; it is unknown whether it is staffed.

In the absence of clarity with regard to statutory authorities, a citizen whose personal information has been disclosed by TRAI without authorization may file a writ petition in the Delhi High Court under Article 226, or in the Supreme Court under Article 32 for issue of a writ of mandamus or prohibition, for appointment of the first adjudicating officer and also for issuance of directions in lieu of such an officer.

For more details visit https://cis-india.org/telecom/blog/trai-and-the-disclosure-of-personal-information

Towards an Equitable and Just Internet

praskrishna — 2014-02-17T11:20:19Z

IT for Change is organizing an international meeting to formulate a progressive response to issues of global governance of the Internet. Bhairav Acharya will be participating in this event to be held in New Delhi on February 14 and 15.

The Internet is emerging as a central feature of contemporary human life. We use it to access and disseminate information, to communicate and build community, to transact business and to practise democracy. Ever increasing dimensions of our social, economic, cultural and political life are tied to the Internet.

However, the benefits of the Internet - knowledge and power, wealth and influence, are distributed unevenly. A technology built on the egalitarian peer-to-peer principle, ironically, is emerging as a key axis of inequality, an instrument perpetuating and reinforcing longstanding social, economic, cultural and political injustices. Snowden's dramatic exposé of a deep nexus between the US government and a few global corporations to enable global surveillance, confirmed just one aspect of the problem. The truth about the Internet and how its socio-technical architecture is being shaped is considerably more complex and insidious. The rapid colonisation of the Internet by a few monopolizing global corporations, and its governance being subject, in a highly disproportionate manner, to the laws and policy priorities of one country, impacts not just privacy, but a huge range of very important social, economic, cultural and political issues. (To a lesser extent, policy frameworks developed by clubs of rich countries like the the OCED also impact the emerging shape of the Internet.)

Questions of democracy, social justice and equity need to become central to how the Internet, and how an Internet-mediated society, are evolving. The smokescreen of technical-neutrality has prevented for too long a critical, political examination of the social underpinnings of the Internet, its normative boundaries and legalinstitutional frames. In addition, self-serving formulations like 'Multistakeholderism' and 'Internet Freedom', are employed by the status quo to maintain a facade of legitimacy. Beyond the rhetoric, it is clear that the Internet – in its dominance by the powerful, is neither genuinely multi-stakeholder nor genuinely free.

There are foundational questions to be pursued, in this regard : How is the Internet redistributing power and resources? How does this impact those at the margins, those on the peripheries of an increasingly globalised world? How is such redistribution connected to the socio-technical architecture of the Internet? What kind of Internet would promote social justice and equity? What needs to be done to make it more just, more egalitarian? Who governs the Internet, and how can its governance be democratized? From the standpoint of global justice, two urgent priorities lie ahead of us.

A progressive conception and vision of the Internet, and
A common global ownership of the Internet that protects and promotes its public-ness, and its evolution as a 'global commons'. The Internet was envisaged as a decentralized network, with control from the peripheries. This characteristic of the network is rapidly eroding, What is urgently needed is a recasting of this technical principle into a socio-political framework for a truly people-owned and people-controlled Internet, and one that works for all. The global governance of the Internet requires a proper institutionalization and legal framework incorporating the true spirit of participatory democracy. It should inter alia serve to insulate the Internet both from corporatist and from statist dominations.

An international meeting, entitled 'Towards a Just and Equitable Internet', is envisaged to address the key issues identified above. It will be held in New Delhi, India, on February 14th and 15th, 2013. The meeting will bring together actors engaged in social justice movements and ICT, communication and media rights advocacy to dialogue with some of those already engaged with Internet governance issues, with a view to chart a progressive response to issues related to global governance of the Internet.

Potential outcomes from the meeting include:

A 'charter for Internet justice and equity';
Specific proposals for democratizing the global governance of the Internet as contributions to the 'Global Multistakeholder Meeting on the Future of Internet Governance' being hosted by Brazilian government in April, 2013, the UN Working Group on Enhanced Cooperation and the WSIS + 10 process.

For more details visit https://cis-india.org/news/towards-an-equitable-and-just-internet

Towards Algorithmic Transparency

Radhika Radhakrishnan, and Amber Sinha — 2020-07-15T13:16:44Z

This policy brief examines the issue of transparency as a key ethical component in the development, deployment, and use of Artificial Intelligence.

This brief proposes a framework that seeks to overcome the challenges in preserving transparency when dealing with machine learning algorithms, and suggests solutions such as the incorporation of audits, and ex ante approaches to building interpretable models right from the design stage. Read the full report here.

The Regulatory Practices Lab at CIS aims to produce regulatory policy suggestions focused on India, but with global application, in an agile and targeted manner and to promote transparency around practices affecting digital rights.
The Regulatory Practices Lab is supported by Google and Facebook.

For more details visit https://cis-india.org/internet-governance/blog/towards-algorithmic-transparency

Towards a Multi-Stakeholder Consultation on ‘Internet Rights, Accessibility, Regulation & Ethics’

praskrishna — 2012-05-31T07:14:42Z

This event was organised by Digital Empowerment Foundation, National Internet Exchange of India and Association for Progressive Communications at Mirza Ghalib Hall, SCOPE Complex, New Delhi from 9.00 a.m. to 2.30 p.m. on May 3, 2012. Pranesh Prakash participated as a speaker in the session on Access to Internet: Right to Information.

9.00 a.m. to 9.30 a.m. (Registration)

9.30 a.m. to 11.00 a.m.

Inauguration & Plenary: Internet Rights, Accessibility, Regulation & Ethics

Introduction: Osama Manzar, Founder & Director, Digital Empowerment Foundation
Chair: Aruna Roy, Head, Mazdoor Kisan Shakti Sangathan (MKSS) & Member, National Advisory Council (NAC), Govt. of India
Co-Chair: Ajay Kumar, Joint Secretary, DIT, Govt. of India
Plenary Speakers:

Honey Tan, Human Rights Lawyer, Malaysia, APC
Venkatesh Nayak, Co-convener, Secretary, National Campaign for Peoples’ Right to Information
Jitendra Kohli, Executive Member, Transparency International India Summary of the Session by the Chair

11.00 to 11.15 a.m. (Tea break)

11.15 a.m. to 12.30 p.m.

Working Session I - Access to Internet: Right to Information

Chairperson: Basheerhamad Shadrach, Development Consultant
Plenary Speakers:

Pranesh Prakash, Programme Manager, Centre for Internet & Society
NA Vijayashankar, E-Business Consultant, Founder Secretary of Cyber Society of India, Founder Trustee of International Institute of Information Technology Law
Pavan Duggal, Advocate, Supreme Court of India
Varsha Iyenger, Member, Centre for Law and Policy Research
Amitabh Singhal, Former CEO, National Internet Exchange of India (NIXI)
Prof Jagdeep Chhokar, Founding Member, Association for Democratic Reforms

12.30 p.m. to 1.30 p.m.
Working Session II - Internet Right as Human Right: Need for a Holistic Framework towards Universal Access in India

Chairperson: Dr. Govind, CEO, National Internet Exchange of India (NIXI), Govt. of India
Co-chair & Moderator: R. Sukumar , Managing Editor, Live Mint Newspaper
Panel Members:

Subho Ray, President, Internet & Mobile Association of India (IMAI)
Deepak Maheshwari, Vice President - Public Policy, South Asia, MasterCard
Ravina Agarwal, Program Officer, Ford Foundation
Honey Tan, Human Rights Lawyer, Malaysia, APC
Suhas Chakma, Director, Asian Centre for Human Rights
Anoop Saha, Co-Founder, CGNet Swara
Shivam Vij, Writer, Kafila.org

Click to see the original

For more details visit https://cis-india.org/news/towards-a-multi-stakeholder-consultation

Towards a Global Network of Internet and Society Centres

praskrishna — 2013-06-05T07:29:43Z

This event was held in Istanbul by Bilgi University as part of the collaboration on Global Network of Interdisciplinary Internet and Society Research Centres.

Chinmayi Arun spoke on the Internet Governance panel at the conference on 'ICT, Law and Innovation: Recent Developments, Challenges, and Lessons Learned'.