We are anonymous, we are legion

Regulatory Perspectives on Net Neutrality

pranesh — 2015-07-18T02:46:30Z

In this paper Pranesh Prakash gives an overview on why India needs to put in place net neutrality regulations, and the form that those regulations must take to avoid being over-regulation.

With assistance by Vidushi Marda (Programme Officer, Centre for Internet and Society) and Tarun Krishnakumar (Research Volunteer, Centre for Internet and Society). I would like to specially thank Vishal Misra, Steve Song, Rudolf van der Berg, Helani Galpaya, A.B. Beliappa, Amba Kak, and Sunil Abraham for extended discussions, helpful suggestions and criticisms. However, this paper is not representative of their views, which are varied.

Today, we no longer live in a world of "roti, kapda, makaan", but in the world of "roti, kapda, makaan aur broadband". ^{^[1]} This is recognized by the National Telecom Policy IV.1.2, which states the need to "recognise telecom, including broadband connectivity as a basic necessity like education and health and work towards 'Right to Broadband'."^{^[2]} According to the IAMAI, as of October 2014, India had 278 million internet users. ^{^[3]} Of these, the majority access Internet through their mobile phones, and the WEF estimates only 3 in 100 have broadband on their mobiles.^{^[4]} Thus, the bulk of our population is without broadband. Telecom regulation and net neutrality has a very important role in enabling this vision of Internet as a basic human need that we should aim to fulfil.

1. Why should we regulate the telecom sector?

All ICT regulation should be aimed at achieving five goals: achieving universal, affordable access; ^{^[5]} ensuring and sustaining effective competition in an efficient market and avoiding market failures; protecting against consumer harms; ensuring maximum utility of the network by ensuring interconnection; and addressing state needs (taxation, security, etc.). Generally, all these goals go hand in hand, however some tensions may arise. For instance, universal access may not be provided by the market because the costs of doing so in certain rural or remote areas may outweigh the immediate monetary benefits private corporations could receive in terms of profits from those customers. In such cases, to further the goal of universal access, schemes such as universal service obligation funds are put in place, while ensuring that such schemes either do not impact competition or very minimally impact it.

It is clear that to maximise societal benefit, effective regulation of the ICT sector is a requirement, which otherwise, due to the ability of dominant players to abuse network effect to their advantage, is inherently prone towards monopolies. For instance, in the absence of regulation, a dominant player would charge far less for intra-network calls than inter-network calls, making customers shift to the dominant network. This kind of harm to competition should be regulated by the ICT regulator. However, it is equally true that over-regulation is as undesirable as under-regulation, since over-regulation harms innovation - whether in the form of innovative technologies or innovative business models. The huge spurt of growth globally of the telecom sector since the 1980s has resulted not merely from advancements in technology, but in large part from the de-monopolisation and deregulation of the telecom sector.^{^[6]} Similarly, the Internet has largely flourished under very limited technology-specific regulation. For instance, while interconnection between different telecom networks is heavily regulated in the domestic telecom sector, interconnection between the different autonomous systems (ASes) that make up the Internet is completely unregulated, thereby allowing for non-transparent pricing and opaque transactions. Given this context, we must ensure we do not over-regulate, lest we kill innovation.

2. Why should we regulate Net Neutrality? And whom should we regulate?

We wouldn't need to regulate Net Neutrality if ISPs were not "gatekeepers" for last-mile access. "Gatekeeping" occurs when a single company establishes itself as an exclusive route to reach a large number of people and businesses or, in network terms, nodes. It is not possible for Internet services to reach the customers of the telecom network without passing through the telecom network. The situation is very different in the middle-mile and for backhaul. Even though anti-competitive terms may exist in the middle-mile, especially given the opacity of terms in "transit agreements", a packet is usually able to travel through multiple routes if one route is too expensive (even if that is not the shortest network path, and is thus inefficient in a way). However, this multiplicity of routes is not possible in the last mile.

This leaves last mile telecom operators (ISPs) in a position to unfairly discriminate between different Internet services or destinations or applications, while harming consumer choice. This is why we believe that promoting the five goals mentioned above would require regulation of last-mile telecom operators to prevent unjust discrimination against end-users and content providers.

Thus, net neutrality is the principle that we should regulate gatekeepers to ensure they do not use their power to unjustly discriminate between similarly situated persons, content or traffic.

3. How should we regulate Net Neutrality?

3.1. What concerns does Net Neutrality raise? What harms does it entail?

Discriminatory practices at the level of access to the Internet raises the following set of concerns:

1. Freedom of speech and expression, freedom of association, freedom of assembly, and privacy.

2. Harm to effective competition

a. This includes competition amongst ISPs as well as competition amongst content providers.

b. Under-regulation here may cause harm to innovation at the content provider level, including through erecting barriers to entry.

c. Over-regulation here may cause harm to innovation in terms of ISP business models.

3. Harm to consumers

a. Under-regulation here may harm consumer choice and the right to freedom of speech, expression, and communication.

b. Over-regulation on this ground may cause harm to innovation at the level of networking technologies and be detrimental to consumers in the long run.

4. Harm to "openness" and interconnectedness of the Internet, including diversity (of access, of content, etc.)

a. Exceptions for specialized services should be limited to preserve the open and interconnectedness of the Internet and of the World Wide Web.

It might help to think about Net Neutrality as primarily being about two overlapping sets of regulatory issues: preferential treatment of particular Internet-based services (in essence: content- or source-/destination-based discrimination, i.e., discrimination on basis of 'whose traffic it is'), or discriminatory treatment of applications or protocols (which would include examples like throttling of BitTorrent traffic, high overage fees upon breaching Internet data caps on mobile phones, etc., i.e., discrimination on the basis of 'what kind of traffic it is').

Situations where the negative or positive discrimination happens on the basis of particular content or address should be regulated through the use of competition principles, while negative or positive discrimination at the level of specific class of content, protocols, associated ports, and other such sender-/receiver-agnostic features, should be regulated through regulation of network management techniques . The former deals with instances where the question of "in whose favour is there discrimination" may be asked, while the latter deals with the question "in favour of what is there discrimination".

In order to do this, a regulator like TRAI can use both hard regulation - price ceilings, data cap floors, transparency mandates, preventing specific anti-competitive practices, etc. - as well as soft regulation - incentives and disincentives.

3.1.1 Net Neutrality and human rights

Any discussion on the need for net neutrality impugns the human rights of a number of different stakeholders. Users, subscribers, telecom operators and ISPs all possess distinct and overlapping rights that are to be weighed against each other before the scope, nature and form of regulatory intervention are finalised. The freedom of speech, right to privacy and right to carry on trade raise some of the most pertinent questions in this regard.

For example, to properly consider issues surrounding the practice of paid content-specific zero-rating from a human rights point of view, one must seek to balance the rights of content providers to widely disseminate their 'speech' to the largest audiences against the rights of consumers to have access to a diverse variety of different, conflicting and contrasting ideas.

This commitment to a veritable marketplace or free-market of ideas has formed the touchstone of freedom of speech law in jurisdictions across the world as well as finding mention in pronouncements of the Indian Supreme Court. Particular reference is to be made to the dissent of Mathew, J. inBennett Coleman v. Union of India^{^[7]} and of the majority Sakal Papers v. Union of India^{^[8]} which rejected the approach.

Further, the practice of deep-packet inspection, which is sometimes used in the process of network management, raises privacy concerns as it seeks to go beyond what is "public" information in the header of an IP packet, necessary for routing, to analysing non-public information. ^{^[9]}

3.2 What conditions and factors may change these concerns and the regulatory model we should adopt?

While the principles relating to Net Neutrality remain the same in all countries (i.e., trying to prevent gatekeepers from unjustly exploiting their position), the severity of the problem varies depending on competition in the market, on the technologies, and on many other factors. One way to measure fair or stable allocation of the surplus created by a network - or a network-of-networks like the Internet - is by treating it as a convex cooperation game and thereupon calculating that game's Shapley value:^{^[10]} in the case of the Internet, this would be a game involving content ISPs, transit ISPs, and eyeball (i.e., last-mile) ISPs. The Shapley value changes depending on the number of competitors there are in the market: thus, the fair/stable allocation when there's vibrant competition in the market is different from the fair/stable allocation in a market without such competition. That goes to show that a desirable approach when an ISP tries to unjustly enrich itself by charging other network-participants may well be to increase competition, rather than directly regulating the last-mile ISP. Further, it shows that in a market with vibrant last-mile competition, the capacity of the last-mile ISP to unjustly are far diminished.

In countries which are remote and have little international bandwidth, the need to conserve that bandwidth is high. ISPs can regulate that by either increasing prices of Internet connections for all, or by imposing usage restrictions (such as throttling) on either heavy users or bandwidth-hogging protocols. If the amount of international bandwidth is higher, the need and desire on part of ISPs to indulge in such usage restrictions decreases. Thus, the need to regulate is far higher in the latter case, than in the former case.

The above paragraphs show that both the need for regulation and also the form that the regulation should take depend on a variety of conditions that aren't immediately apparent.

Thus, the framework that the regulator sets out to tackle issues relating to Net Neutrality are most important, whereas the specific rules may need to change depending on changes in conditions. These conditions include:

● last-mile market

○ switching costs between equivalent service providers

○ availability of an open-access last-mile

○ availability of a "public option" neutral ISP

○ increase or decrease in the competition, both in wired and mobile ISPs.

● interconnection market

○ availability of well-functioning peering exchanges

○ availability of low-cost transit

● technology and available bandwidth

○ spectrum efficiency

○ total amount of international bandwidth and local network bandwidth

● conflicting interests of ISPs

○ do the ISPs have other business interests other than providing Internet connectivity? (telephony, entertainment, etc.)

3.3 How should we deal with anti-competitive practices?

Anti-competitive practices in the telecom sector can take many forms: Abuse of dominance, exclusion of access to specific services, customer lock-in, predatory pricing, tying of services, cross-subsidization, etc., are a few of them. In some cases the anti-competitive practice targets other telecom providers, while in others it targets content providers. In the both cases, it is important to ensure that ensure that telecom subscribers have a competitive choice between effectively substitutable telecom providers and an ability to seamlessly switch between providers.

3.3.1 Lowering Switching Costs

TRAI has tackled many of these issues head on, especially in the mobile telephony space, while competitive market pressures have helped too:

● Contractual or transactional lock-in. The easiest way to prevent shifting from one network to another is by contractually mandating a lock-in period, or by requiring special equipment (interoperability) to connect to one's network. In India, this is not practised in the telecom sector, with the exception of competing technologies like CDMA and GSM. Non-contractual lock-ins, for instance by offering discounts for purchasing longer-term packages, are not inherently anti-competitive unless that results in predatory pricing or constitutes an abuse of market dominance. In India, switching from one mobile provider to another, though initiated 15 years into the telecom revolution, is in most cases now almost as easy as buying a new SIM card.^{^[11]} TRAI may consider proactive regulation against contractual lock-in.

● Number of competitors. Even if switching from one network to another is easy, it is not useful unless there are other equivalent options to switch to. In the telecom market, coverage is a very important factor in judging equivalence. Given that last mile connectivity is extremely expensive to provide, the coverage of different networks are very different, and this is even more true when one considers wired connectivity, which is difficult to lay in densely-populated urban and semi-urban areas and unprofitable in sparsely-populated areas. The best way to increase the number of competitors is to make it easier for competitors to exist. Some ways of doing this would be through enabling spectrum-sharing, lowering right-of-way rents, allowing post-auction spectrum trading, and promoting open-access last-mile fibre carriers and to thereby encourage competition on the basis of price and service and not exclusive access to infrastructure.

● Interconnection and mandatory carriage. The biggest advantage a dominant telecom player has is exclusive access to its customer base. Since in the telecom market, no telco wants to not connect to customers of another telco, they do not outright ban other networks. However, dominant players can charge high prices from other networks, thereby discriminating against smaller networks. In the early 2000s, Airtel-to-Airtel calls were much cheaper than Airtel-to-Spice calls. However, things have significantly changed since then. TRAI has, since the 2000s, heavily regulated interconnection and imposed price controls on interconnection ("termination") charges.^{^[12]} Thus, now, generally, inter-network calls are priced similarly to intra-network calls. And if you want cheaper Airtel-to-Airtel calls, you can buy a special (unbundled) pack that enables an Airtel customer to take advantage of the fact that her friends are also on the same network, and benefits Airtel since they do not in such cases have to pay termination charges. Recently, TRAI has even made the interconnection rates zero in three cases: landline-to-landline, landline-to-cellular, and cellular-to-landline, in a bid to decrease landline call rates, and incentivise them, allowing a very low per call interconnection charges of 14 paise for cellular-to-cellular connections. ^{^[13]}

○ With regard to Net Neutrality, we must have a rule that no termination charges or carriage charges may be levied by any ISP upon any Internet service. No Internet service may be discriminated against with regard to carriage conditions or speeds or any other quality of service metric. In essence all negative discrimination should be prohibited. This means that Airtel cannot forcibly charge WhatsApp or any other OTT (which essentially form a different "layer") money for the "privilege" of being able to reach Airtel customers, nor may Airtel slow down WhatsApp traffic and thus try to force WhatsApp to pay. There is a duty on telecom providers to carry any legitimate traffic ("common carriage"), not a privilege. It is important to note that consumer-facing TSPs get paid by other interconnecting Internet networks in the form of transit charges (or the TSP's costs are defrayed through peering). There shouldn't be any separate charge on the basis of content (different layer from the carriage) rather than network (same layer as the carriage). This principle is especially important for startups, and which are often at the receiving end of such discriminatory practices.

● Number Portability. One other factor that prevents users from shifting between one network and another is the fact that they have to change an important aspect of their identity: their phone number (this doesn't apply to Internet over DSL, cable, etc.). At least in the mobile space, TRAI has for several years tried to mandate seamless mobile number portability. The same is being tried by the European Commission in the EU. ^{^[14]} While intra-circle mobile number portability exists in India - and TRAI is pushing for inter-circle mobile number portability as well^{^[15]} - this is nowhere as seamless as it should be.

● Multi-SIM phones. The Indian market is filled with phones that can accommodate multiple SIM cards, enabling customers to shift seamlessly between multiple networks. This is true not just in India, but most developing countries with extremely price-sensitive customers. Theoretically, switching costs would approach zero if in a market with full coverage by n telecom players every subscriber had a phone with n SIM slots with low-cost SIM cards being available.

The situation in the telecom sector with respect to the above provides a stark contrast to the situation in the USA, and to the situation in the DTH market. In the USA, phones get sold at discounts with multi-month or multi-year contracts, and contractual lock-ins are a large problem. Keeping each of the above factors in mind, the Indian mobile telecom space is far more competitive than the US mobile telecom space.

Further, in the Indian DTH market, given that there is transactional lock-in (set-top boxes aren't interoperable in practice, though are mandated to be so by law^{^[16]}), there are fewer choices in the market; further, the equivalent of multi-SIM phones don't exist with respect to set-top boxes. Further, while there are must-carry rules with respect to carriage, they can be of three types: 1) must mandatorily provide access to particular channels^{^[17]} (positive obligation, usually for government channels); 2) prevented from not providing particular channels (negative obligation, to prevent anti-competitive behaviour and political censorship); and 3) must mandatorily offer access to at least a set number of channels (positive obligation for ensuring market diversity). ^{^[18]} Currently, only (1) is in force, since despite attempts by TRAI to ensure (3) as well.^{^[19]}

If the shifting costs are low and transparency in terms of network practice is reported in a standard manner and well-publicised, then that significantly weakens the "gatekeeper effect", which as we saw earlier, is the reason why we wish to introduce Net Neutrality regulation. This consequently means, as explained above in section 3.2, that despite the same Net Neutrality principles applying in all markets and countries, the precise form that the Net Neutrality regulations take in a telecom market with low switching costs would be different from the form that such regulations would take in a market with high switching costs.

3.3.2 Anti-competitive Practices

Some potential anti-competitive practices, which are closely linked, are cross-subsidization, tying (anti-competitive bundling) of multiple services, and vertical price squeeze. All three of these are especial concerns now, with the increased diversification of traditional telecom companies, and with the entry into telecom (like with DTH) of companies that create content. Hence, if Airtel cross-subsidizes the Hike chat application that it recently acquired, ^{^[20]} or if Reliance Infocomm requires customers to buy a subscription to an offering from Reliance Big Entertainment, or if Reliance Infocomm meters traffic from another Reliance Big Entertainment differently from that from Saavn, all those would be violative of the principle of non-discrimination by gatekeepers. This same analysis can be applied to all unpaid deals and non-commercial deals, including schemes such as Internet.org and Wikipedia Zero, which will be covered later in the section on zero-rating.

While we have general rules such as sections 3 and 4 of the Competition Act, we do not currently have specific rules prohibiting these or other anti-competitive practices, and we need Net Neutrality regulation that clearly prohibit such anti-competitive practices so that the telecom regulator can take action for non-compliance . We cannot leave these specific policy prescriptions unstated, even if they are provided for in section 3 of the Competition Act. These concerns are especial concerns in the telecom sector, and the telecom regulator or arbitrator should have the power to directly deal with these, instead of each case going to the Competition Commission of India. This should not affect the jurisdiction of the CCI to investigate and adjudicate such matters, but should ensure that TRAI both has suo motu powers, and that the mechanism to complain is made simple (unlike the current scenario, where some individual complainants may fall in the cracks between TRAI and TDSAT).

3.3.3 Zero-rating

Since a large part of the net neutrality debate in India involves zero-rating practices, we deal with that in some length. Zero-rating is the practice of not counting (aka "zero-rating") certain traffic towards a subscriber's regular Internet usage. The zero-rated traffic could be zero-priced or fixed-price; capped or uncapped; subscriber-paid, Internet service-paid, paid for by both, or unpaid; content- or source/destination-based, or agnostic to content or source/destination; automatically provided by the ISP or chosen by the customer . The motivations for zero-rating may also be varied, as we shall see below. Further, depending on the circumstances, zero-rating could be competitive or anti-competitive. All forms of zero-rating result in some form of discrimination, but not all zero-rating is harmful, nor does all zero-rating need to be prohibited.

While, as explained in the section on interconnection and carriage above, negative discrimination at the network level should be prohibited, that leaves open the question of positive discrimination. It follows from section 3.1 that the right frame of analysis of this question is harm to competition, since the main harm zero-rating is, as we shall see below, about discriminating between different content providers, and not discrimination at the level of protocols, etc.

Whether one should allow for any form of positive discrimination at the network level or not depends on whether positive discrimination of (X) has an automatic and unfair negative impact on all (~X). That, in turn, depends on whether (~X) is being subject to unfair competition. As Wikipedia notes, "unfair competition means that the gains of some participants are conditional on the losses of others, when the gains are made in ways which are illegitimate or unjust." Thus, positive discrimination that has a negative impact on effective competition shall not be permitted, since in such cases it is equivalent to negative discrimination ("zero-sum game") . Positive discrimination that does not have a negative impact on effective competition may be permitted, especially since it results in increased access and increases consumer benefit, as long as the harm to openness and diversity is minimized .

While considering this, one should keep in mind the fact that startups were, 10-15 years ago, at a huge disadvantage with regard to wholesale data purchase. The marketplaces for data centres and for content delivery networks (which speed up delivery of content by being located closer, in network terms, to multiple last-mile ISPs) were nowhere near as mature as they are today, and the prices were high. There was a much higher barrier to startup entry than there is today, due to the prices and due to larger companies being able to rely on economies of scale to get cheaper rates. Was that unfair? No. There is no evidence of anti-competitive practices, nor of startups complaining about such practices. Therefore, that was fair competition, despite specific input costs that were arguably needed (though not essential) for startups to compete being priced far beyond their capacity to pay.

Today the marketplace is very different, with a variety of offerings. CDNs such as Cloudflare, which were once the preserve of rich companies, even have free offerings, thus substantially lowering barriers for startups that want faster access to customers across the globe.

Is a CDN an essential cost for a startup? No. But in an environment where speed matters and customers use or don't use a service depending on speed; and where the startup's larger competitors are all using CDNs, a startup more or less has to. Thankfully, given the cheap access to CDNs these days, that cost is not too high for a startup to bear. If the CDN market was not competitive enough, would a hypothetical global regulator have been justified in outright banning the use of CDNs to 'level' the playing field? No, because the hypothetical global regulator instead had the option to (and would have been justified in) regulating the market to ensure greater competition.

A regulator should not prohibit an act that does not negatively impact access, competition, consumer benefit, nor openness (including diversity), since that would be over-regulation and would harm innovation.

3.3.3.1 Motivations for Zero-Rating

3.3.3.1.1 Corporate Social Responsibility / Incentivizing Customers to Move Up Value Chain

There exist multiple instances where there is no commercial transaction between the OTT involved and the telecom carrier, in which zero-priced zero-rating of specific Internet content happens. We know that there is no commercial transaction either through written policy (Wikipedia Zero) or through public statements (Internet.org, a bouquet of sites). In such cases, the telecom provider would either be providing such services out of a sense of public interest, given the social value of those services, or would be providing such services out of self-interest, to showcase the value of particular Internet set the same time.

The apprehended risk is that of such a scheme creating a "walled garden", where users would be exposed only to those services which are free since the search and discovery costs of non-free Internet (i.e., any site outside the "walled garden") would be rather high. This risk, while real, is rather slim given the fact that the economic incentives for those customers who have the ability to pay for "Internet packs" but currently do not find a compelling reason to do so, or out of both a sense of public interest and self-interest of the telecom providers works against this.

In such non-commercial zero-priced zero-rating, a telecom provider would only make money if and only if subscribers start paying for sites outside of the walled garden. If subscribers are happy in the walled garden, the telecom provider starts losing money, and hence has a strong motivation to stop that scheme. If on the other hand, enough subscribers start becoming paying customers to offset the cost of providing the zero-priced zero-rated service(s) and make it profitable, that shows that despite the availability of zero-priced options a number of customers will opt for paid access to the open Internet and the open Web, and the overall harms of such zero-priced zero-rating would be minimal. Hence, the telecom providers have an incentive to keep the costs of Internet data packs low, thus encouraging customers who otherwise wouldn't pay for the Internet to become paying customers.

There is the potential of consumer harm when users seek to access a site outside of the walled garden, and find to their dismay that they have been charged for the Internet at a hefty rate, and their prepaid balance has greatly decreased. This is an issue that TRAI is currently appraised of, and a suitable solution would need to be found to protect consumers against such harm.

All in all, given that the commercial interests of the telecom providers align with the healthy practice of non-discrimination, this form of limited positive discrimination is not harmful in the long run, particularly because it is not indefinitely sustainable for a large number of sites. Hence, it may not be useful to ban this form of zero-priced zero-rating of services as long as they aren't exclusive, or otherwise anti-competitive (a vertical price-squeeze, for instance), and the harm to consumers is prohibited and the harm to openness/diversity is minimized.

3.3.3.1.2 Passing on ISP Savings / Incentivizing Customers to Lower ISP's Cost

Suppose, for instance, an OTT uses a CDN located, in network distance terms, near an eyeball ISP. In this case, the ISP has to probably pay less than it would have to had the same data been located in a data centre located further away, given that it would have fewer interconnection-related charges.

Hence the monetary costs of providing access to different Web destinations are not equal for the ISP. This cost can be varied either by the OTT (by it locating the data closer to the ISP - through a CDN, by co-locating where the ISP is also present, or by connecting to an Internet Exchange Point which the ISP is also connected to - or by it directly "peering" with the ISP) or by the ISP (by engaging in "transparent proxying" in which case the ISP creates caches at the ISP level of specific content (usually by caching non-encrypted data the ISP's customers request) and serves the cached content when a user requests a site, rather than serving the actual site). None of the practices so far mentioned are discriminatory from the customer's perspective with regard either to price or to prioritization, though all of them enable faster speeds to specific content. Hence none of the above-mentioned practices are considered even by the most ardent Net Neutrality advocates to be violations of that principle. ^{^[21]} However, if an ISP zero-rates the content to either pass on its savings to the customer^{^[22]} or to incentivize the customer to access services that cost the ISP less in terms of interconnection costs, that creates a form of price discrimination for the customer, despite it benefiting the consumer.

The essential economic problem is that the cost to the ISP is variable, but the cost to the customer is fixed. Importantly, this problem is exacerbated in India where web hosting prices are high, transit prices are high, peering levels are low, and Internet Exchange Points (IXPs) are not functioning well. ^{^[23]} These conditions create network inefficiencies in terms of hosting of content further away from Indian networks in terms of network distance, and thus harms consumers as well as local ISPs. In order to set this right, zero-rating of this sort may be permitted as it acts as an incentive towards fixing the market fundamentals. However, once the market fundamentals are fixed, such zero-rating may be prohibited.

This example shows that the desirability or otherwise of discriminatory practices depends fully on the conditions present in the market, including in terms of interconnection costs.

3.3.3.1.3 Unbundling Internet into Services ("Special Packs")

Since at least early 2014, mobile operators have been marketing special zero-rating "packs". These packs, if purchased by the customer, allow capped or in some instances uncapped, zero-rating of a service such as WhatsApp or Facebook, meaning traffic to/from that service will not be counted against their regular Internet usage.

For a rational customer, purchasing such a pack only makes sense in one of two circumstances:

● The person has Internet connectivity on her Internet-capable phone, but has not purchased an "Internet data pack" since she doesn't find the Internet valuable. Instead, she has heard about "WhatsApp", has friends who are on it, and wishes to use that to reduce her SMS costs (and thereby eat into the carriage provider's ability to charge separately for SMSes). She chooses to buy a WhatsApp pack for around ₹25 a month instead of paying ₹95 for an all-inclusive Internet data pack.

● The person has Internet connectivity on her Internet-capable phone, and has purchased an "Internet data pack". However, that data pack is capped and she has to decide between using WhatsApp and surfing web sites. She is on multiple WhatsApp groups and her WhatsApp traffic eats up 65% of her data cap. She thus has to choose between the two, since she doesn't want to buy two Internet data packs (each costing around ₹95 for a month). She chooses to buy a WhatsApp pack for ₹25 a month, paying a cumulative total of ₹120 instead of ₹190 which she would have had to had she bought two Internet data packs. In this situation, "unbundling" is happening, and this benefits the consumer. Such unbundling harms the openness and integrity of the Internet.

If users did not find value in the "special" data packs, and there is no market demand for such products, they will cease to be offered. Thus, assuming a telco's decision to offer such packs is purely customer-demand driven - and not due to deals it has struck with service providers - if Orkut is popular, telcos would be interested in offering Orkut packs and if Facebook is popular, they would be interested in offering a Facebook pack. Thus, clearly, there is nothing anti-competitive about such customer-paid zero-rating packs, whereas they clearly enhance consumer benefit. Would this increase the popularity of Orkut or Facebook? Potentially yes. But to prohibit this would be like prohibiting a supermarket from selectively (and non-collusively) offering discounts on popular products. Would that make already popular products even more popular? Potentially, yes. But that would not be seen as a harm to competition but would be seen as fair competition. This contravenes the "openness" of the Internet (i.e., the integral interconnected diversity that an open network like the Internet embodies) as an independent regulatory goal. The Internet, being a single gateway to a mind-boggling variety of services, allows for a diverse "long tail", which would lose out if the Internet was seen solely as a gateway to popular apps, sites, and content. However, given that this is a choice exercised freely by the consumer, such packs should not be prohibited, as that would be a case of over-regulation.

The one exception to the above analysis of competition, needless to say, is if that these special packs aren't purely customer-demand driven and are the product of special deals between an OTT and the telco. In that case, we need to ensure it isn't anti-competitive by following the prescriptions of the next section.

3.3.3.1.4 Earning Additional Revenues from Content Providers

With offerings like Airtel Zero, we have a situation where OTT companies are offering to pay for wholesale data access used by their customers, and make accessing their specific site or app free for the customer. From the customer's perspective, this is similar to a toll-free number or a pre-paid envelope or free-to-air TV channel being offered on a particular network.

However, from the network perspective, these are very different. Even if a customer-company pays Airtel for the toll-free number, that number is accessible and toll-free across all networks since the call terminates on Airtel networks and Airtel pays the connecting network back the termination charge from the fee they are paid by the customer-company. This cannot happen in case of the Internet, since the "call" terminates outside of the reach of the ISP being paid for zero-rating by the OTT company; hence unless specific measures are taken, zero-rating has to be network-specific.

The comparison to free-to-air channels is also instructive, since in 2010 TRAI made recommendations that consumers should have the choice of accessing free-to-air channels à-la-carte, without being tied up to a bouquet.^{^[24]} This would, in essence, allow a subscriber to purchase a set-top box, and without paying a regular subscription fee watch free-to-air channels. ^{^[25]} However, similar to toll-free numbers, these free-to-air channels are free-to-air on all MSO's set-top boxes, unlike the proposed Airtel Zero scheme under which access to a site like Flipkart would be free for customers on Airtel's network alone.

Hence, these comparisons, while useful in helping think through the regulatory and competition issues, should not be used as instructive exact analogies, since they aren't fully comparable situations.

3.3.3.1.5 Market Options for OTT-Paid Zero-Rating

As noted above, a competitive marketplace already exists for wholesale data purchase at the level of "content ISPs" (including CDNs), which sell wholesale data to content providers (OTTs). This market is at present completely unregulated. The deals that exist are treated as commercial secrets. It is almost certain that large OTTs get better rates than small startups due to economies of scale.

However, at the eyeball ISP level, it is a single-sided market with ISPs competing to gain customers in the form of end-users. With a scheme like "Airtel Zero", this would get converted into a double-sided market, with a gatekeeper without whom neither side can reach the other being in the middle creating a two-sided toll. This situation is ripe for market abuse: this situation allows the gatekeeper to hinder access to those OTTs that don't pay the requisite toll or to provide preferential access to those who pay, apart from providing an ISP the opportunity to "double-dip".

One way to fix this is to prevent ISPs from establishing a double-sided market. The other way would be to create a highly-regulated market where the gatekeeping powers of the ISP are diminished, and the ISP's ability to leverage its exclusive access over its customers are curtailed. A comparison may be drawn here to the rules that are often set by standard-setting bodies where patents are involved: given that these patents are essential inputs, access to them must be allowed through fair, reasonable, and non-discriminatory licences. Access to the Internet and common carriers like telecom networks, being even more important (since alternatives exist to particular standards, but not to the Internet itself), must be placed at an even higher pedestal and thus even stricter regulation to ensure fair competition.

A marketplace of this sort would impose some regulatory burdens on TRAI and place burdens on innovations by the ISPs, but a regulated marketplace harms ISP innovation less than not allowing a market at all.

At a minimum, such a marketplace must ensure non-exclusivity, non-discrimination, and transparency. Thus, at a minimum, a telecom provider cannot discriminate between any OTTs who want similar access to zero-rating. Further, a telecom provider cannot prevent any OTT from zero-rating with any other telecom provider. To ensure that telecom providers are actually following this stipulation, transparency is needed, as a minimum.

Transparency can take one of two forms: transparency to the regulator alone and transparency to the public. Transparency to the regulator alone would enable OTTs and ISPs to keep the terms of their commercial transactions secret from their competitors, but enable the regulator, upon request, to ensure that this doesn't lead to anti-competitive practices. This model would increase the burden on the regulator, but would be more palatable to OTTs and ISPs, and more comparable to the wholesale data market where the terms of such agreements are strictly-guarded commercial secrets. On the other hand, requiring transparency to the public would reduce the burden on the regulator, despite coming at a cost of secrecy of commercial terms, and is far more preferable.

Beyond transparency, a regulation could take the form of insisting on standard rates and terms for all OTT players, with differential usage tiers if need be, to ensure that access is truly non-discriminatory. This is how the market is structured on the retail side.

Since there are transaction costs in individually approaching each telecom provider for such zero-rating, the market would greatly benefit from a single marketplace where OTTs can come and enter into agreements with multiple telecom providers.

Even in this model, telecom networks will be charging based not only on the fact of the number of customers they have, but on the basis of them having exclusive routing to those customers. Further, even under the standard-rates based single-market model, a particular zero-rated site may be accessible for free from one network, but not across all networks: unlike the situation with a toll-free number in which no such distinction exists.

To resolve this, the regulator may propose that if an OTT wishes to engage in paid zero-rating, it will need to do so across all networks, since if it doesn't there is risk of providing an unfair advantage to one network over another and increasing the gatekeeper effect rather than decreasing it.

However, all forms of competitive Internet service-paid zero-priced zero-rating, even when they don't harm competition, innovation amongst content providers, or consumers, will necessarily harm openness and diversity of the Internet. For instance, while richer companies with a strong presence in India may pay to zero-rate traffic for their Indian customers, decentralized technologies such as XMPP and WebRTC, having no central company behind them, would not, leading to customers preferring proprietary networks and solutions to such open technologies, which in turn, thanks to the network effect, leads to a vicious cycle. These harms to openness and diversity have to be weighed against the benefit in terms of increase in access when deciding whether to allow for competitive OTT-paid zero-priced zero-rating, as such competition doesn't exist in a truly level playing field . Further, it must be kept in mind that there are forms of zero-priced zero-rating that decrease the harm to openness / diversity, or completely remove that harm altogether: that there are other options available must be acknowledged by the regulator when considering the benefit to access from competitive OTT-paid zero-priced zero-rating.

3.3.3.1.6 Other options for zero-rating

There are other models of zero-priced zero-rating that either minimize the harm is that of ensuring free Internet access for every person. This can take the form of:^{^[26]}

● A mandatorily "leaky" 'walled garden':

○ The first-degree of all hyperlinks from the zero-rated OTT service are also free.

○ The zero-rated OTT service provider has to mandatorily provide free access to the whole of the World Wide Web to all its customers during specified hours.

○ The zero-rated OTT service provider has to mandatorily provide free access to the whole of the World Wide Web to all its customers based on amount on usage of the OTT service.^{^[27]}

● Zero-rating of all Web traffic

○ In exchange for viewing of advertisements

○ In exchange for using a particular Web browser

○ At low speeds on 3G, or on 2G.

3.3.3.2. What kinds of zero-rating are good

The majority of the forms of zero-rating covered in this section are content or source/destination-based zero-rating. Only some of the options covered in the "other options for zero-rating" section cover content-agnostic zero-rating models. Content-agnostic zero-rating models are not harmful, while content-based zero-rating models always harm, though to varying degrees, the openness of the Internet / diversity of OTTs, and to varying degrees increase access to Internet-based services. Accordingly, here is an hierarchy of desirability of zero-priced zero-rating, from most desirable to most harmful:

1. Content- & source/destination-agnostic zero-priced zero-rating.^{^[28]}

2. Content- & source/destination-based non-zero-priced zero-rating, without any commercial deals, chosen freely & paid for by users. ^{^[29]}

3. Content- & source/destination-based zero-priced zero-rating, without any commercial deals, with full transparency. ^{^[30]}

4. Content- & source/destination-based zero-priced zero-rating, on the basis of commercial deal with partial zero-priced access to all content, with non-discriminatory access to the same deal by all with full transparency.^{^[31]}

5. Content- & source/destination-based zero-priced zero-rating, on the basis of a non-commercial deal, without any benefits monetary or otherwise, flowing directly or indirectly from the provider of the zero-rated content to the ISP, with full transparency. ^{^[32]}

6. Content- & source-destination-based zero-priced zero-rating, across all telecom networks, with standard pricing, non-discriminatory access, and full transparency.

7. Content- & source-destination-based zero-priced zero-rating, with standard pricing, non-discriminatory access, and full transparency.

8. Content- & source-destination-based zero-priced zero-rating, with non-discriminatory access, and full transparency.

9. Content- & source-destination-based zero-priced zero-rating, with non-discriminatory access, and transparency to the regulator.

10. Content- & source-destination-based zero-priced zero-rating, without any regulatory framework in place.

3.3.4 Cartels and Oligopoly

While cartels and oligopolies may have an impact on Net Neutrality, they are not problems that any set of anti-discrimination rules imposed on gatekeepers can fix. Further, cartels and oligopolies don't directly enhance the ability of gatekeepers to unjustly discriminate if there are firm rules against negative discrimination and price ceilings and floors on data caps are present for data plans. Given this, TRAI should recommend that this issue be investigated and the Competition Commission of India should take this issue up.

3.4 Reasonable Network Management Principles

Reasonable network management has to be allowed to enable the ISPs to manage performance and costs on their network. However, ISPs may not indulge in acts that are harmful to consumers in the name of reasonable network management. Below are a set of guidelines for when discrimination against classes of traffic in the name of network management are justified.

● Discrimination between classes of traffic for the sake of network management should only be permissible if:

○ there is an intelligible differentia between the classes which are to be treated differently, and

○ there is a rational nexus between the differential treatment and the aim of such differentiation, and

○ the aim sought to be furthered is legitimate, and is related to the security, stability, or efficient functioning of the network, or is a technical limitation outside the control of the ISP^{^[33]}, and

○ the network management practice is the least harmful manner in which to achieve the aim.

● Provision of specialized services (i.e., "fast lanes") is permitted if and only if it is shown that

○ The service is available to the user only upon request, and not without their active choice, and

○ The service cannot be reasonably provided with "best efforts" delivery guarantee that is available over the Internet, and hence requires discriminatory treatment, or

○ The discriminatory treatment does not unduly harm the provision of the rest of the Internet to other customers.

These principles are only applicable at the level of ISPs, and not on access gateways for institutions that may in some cases be run by ISPs (such as a university network, free municipal WiFi, at a work place, etc.), which are not to be regulated as common carriers.

These principles may be applied on a case-by-case basis by a regulator, either suo motu or upon complaint by customers.

^{^[1]} Report of the Special Rapporteur on the Promotion and Protection of the right to freedom of opinion and expression, (19 May 2011), http://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/A.HRC.17.27_en.pdf.

^{^[2]} Available at http://www.trai.gov.in/WriteReadData/userfiles/file/NTP%202012.pdf.

^{^[3]} IAMAI, India to Cross 300 million internet users by Dec 14, (19 November, 2014), http://www.iamai.in/PRelease_detail.aspx?nid=3498&NMonth=11&NYear=2014.

^{^[4]} World Economic Forum, The Global Information Technology Report 2015, http://www3.weforum.org/docs/WEF_Global_IT_Report_2015.pdf.

^{^[5]} http://www.ictregulationtoolkit.org/4.1#s4.1.1

^{^[6]} See R.U.S. Prasad, The Impact of Policy and Regulatory Decisions on Telecom Growth in India (July 2008), http://web.stanford.edu/group/siepr/cgi-bin/siepr/?q=system/files/shared/pubs/papers/pdf/SCID361.pdf.

^{^[7]} 1973 AIR 106

^{^[8]} 1962 AIR 305

^{^[9]} "When ISPs go beyond their traditional use of IP headers to route packets, privacy risks begin to emerge." Alissa Cooper, How deep must DPI be to incur privacy risk? http://www.alissacooper.com/2010/01/25/how-deep-must-dpi-be-to-incur-privacy-risk/

^{^[10]} Richard T.B. Ma & Vishal Misra, The Public Option: A Non-Regulatory Alternative to Network Neutrality, http://dna-pubs.cs.columbia.edu/citation/paperfile/200/netneutrality.pdf

^{^[11]} Mobile number portability was launched in India on January 20, 2011 in the Haryana circle. See http://indiatoday.intoday.in/story/pm-launches-nationwide-mobile-number-portability/1/127176.html . Accessed on April 24, 2015.

^{^[12]} For a comprehensive list of all TRAI interconnection regulations & subsequent amendments, see http://www.trai.gov.in/Content/Regulation/0_1_REGULATIONS.aspx.

^{^[13]} See Telecommunication Interconnection Usage Charges (Eleventh Amendment) Regulations, 2015 (1 of 2015), available at http://www.trai.gov.in/Content/Regulation/0_1_REGULATIONS.aspx.

^{^[14]} Article 30 of the Universal Service Directive, Directive 2002/22/EC.

^{^[15]} See Telecommunication Mobile Number Portability (Sixth Amendment) Regulations, 2015 (3 of 2015), available at http://www.trai.gov.in/Content/Regulation/0_1_REGULATIONS.aspx.

^{^[16]} The Telecommunication (Broadcasting and Cable) Services (Seventh) (The Direct to Home Services) Tariff Order, 2015 (2 of 2015).

^{^[17]} Section 8, Cable Television Networks Act, 1995.

^{^[18]} TRAI writes new rules for Cable TV, Channels, Consumers, REAL TIME NEWS, (August 11, 2014), http://rtn.asia/rtn/233/1220_trai-writes-new-rules-cable-tv-channels-consumers.

^{^[19]} An initial requirement for all multi system operators to have a minimum capacity of 500 channels was revoked by the TDSAT in 2012. For more details, see http://www.televisionpost.com/cable/msos-not-required-to-have-500-channel-headends-tdsat/.

^{^[20]} Aparna Ghosh, Bharti SoftBank Invests $14 million in Hike, LIVE MINT, (April 2, 2014), http://www.livemint.com/Companies/nI38YwQL2eBgE6j93lRChM/Bharti-SoftBank-invests-14-million-in-mobile-messaging-app.html.

^{^[21]} Mike Masnick, Can We Kill This Ridiculous Shill-Spread Myth That CDNs Violate Net Neutrality? They Don't, https://www.techdirt.com/articles/20140812/04314528184/can-we-kill-this-ridiculous-shill-spread-myth-that-cdns-violate-net-neutrality-they-dont.shtml.

^{^[22]} Mathew Carley, What is Hayai's stance on "Net Neutrality"?, https://www.hayai.in/faq/hayais-stance-net-neutrality?c=mgc20150419

^{^[23]} Helani Galpaya & Shazna Zuhyle, South Asian Broadband Service Quality: Diagnosing the Bottlenecks, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1979928

^{^[24]} DTH players told to offer pay channels on la carte basis, HINDU BUSINESS LINE (July 22, 2010), http://www.thehindubusinessline.com/todays-paper/dth-players-told-to-offer-pay-channels-on-la-carte-basis/article999298.ece.

^{^[25]} The Telecommunication (Broadcasting and Cable) Services (Fourth) (Addressable Systems) Tariff Order, 2010.

^{^[26]} These suggestions were provided by Helani Galpaya and Sunil Abraham, based in some cases on existing practices.

^{^[27]} This is what is being followed by the Jana Loyalty Program: http://www.betaboston.com/news/2015/05/06/with-a-new-loyalty-program-mobile-app-marketplace-jana-pushes-deeper-into-the-developing-world/

^{^[28]} Example: free Internet access at low speeds, with data caps.

^{^[29]} Example: special "packs" for specific services like WhatsApp.

^{^[30]} Example: zero-rating of all locally-peered settlement-free traffic.

^{^[31]} Example: "leaky" walled gardens, such as the Jana Loyalty Program that provide limited access to all of the Web alongside access to the zero-rated content.

^{^[32]} Example: Wikipedia Zero.

^{^[33]} A CGNAT would be an instance of such a technology that poses network limitations.

For more details visit https://cis-india.org/internet-governance/blog/regulatory-perspectives-on-net-neutrality

Regulation, misuse concerns still dog DNA profiling bill

praskrishna — 2015-09-13T08:32:48Z

Experts fear such data could be used for non-forensic purposes and are concerned about the vast powers to be vested in proposed DNA profiling board.

The article by Nikita Mehta was published in Livemint on July 29, 2015. Sunil Abraham gave his inputs.

A bill aimed at creating a DNA database of offenders, slated for introduction in the monsoon session of Parliament, has been criticized by experts who fear that such information could be used for non-forensic purposes and are concerned about the vast powers sought to vested in a proposed DNA profiling board.

Despite changes made by the Department of Biotechnology, the final draft of the Human DNA Profiling Bill 2015 has drawn flak from the Centre for Internet and Society (CIS), a non-profit group that works on policy issues.

The bill seeks Parliament’s approval for plans to create a DNA bank of various offenders in order to prevent repeat offences and to regulate the process by defining infrastructure, training, qualifications, facilities and legalities.

The government says that conducting DNA analysis involves working with sensitive information which, if misused, can cause harm to a person or to society. There is, thus, a need to restrict the use of DNA profiles through an Act of Parliament only for lawful purposes of establishing someone’s identity in a criminal or civil case and for other specified purposes.

The bill seeks to establish standards for laboratories, staff qualifications, training, proficiency testing, collection of body substances, custody trail from collection to reporting and a data bank with policies of use and access to information, its retention and deletion.

The offences for which the database can be maintained range from criminal and civil offences to paternity disputes.

“We need this bill because there are so many unresolved cases. A judge can use this data as material evidence and speedy justice can be served,” said M.K. Bhan, former secretary of the department of biotechnology. “Tremendous amount of effort has been taken to consult all possible parties and the bill has been drafted and redrafted over the years,” Bhan added.

In its note of dissent, CIS raised objections about DNA profiling and DNA samples being used for identifying victims of accidents or disasters, for missing persons and in civil disputes. It also objected to the creation and maintenance of a population statistics databank that is to be used, as prescribed, for the purposes of identification.

“One problem is accuracy. Unlike comparisons between digital signatures which can either have matches or no matches, biometric signatures will have a level of accuracy, so there can be a few false matches. Hence unnecessary widening of the data will reduce the accuracy of this system,” said Sunil Abraham, executive director at CIS.

CIS further noted that a DNA Profiling Board proposed by the bill will have vast powers, including those of authorizing procedures for DNA profiling for civil and criminal investigation, drawing up a list of instances for the application of human DNA profiling and undertaking any other activity which in the opinion of the Board advances the purposes of the Act. The DNA Profiling Board will consist of eminent scientists, administrators and law enforcement officers who will administer and carry out other functions assigned to it under the Act.

“Usually when regulators are created, the mandate is extremely clear. In this bill it is quite vague and there should not be so many things left to the discretionary powers of the board,” said Abraham who was part of the consultation process for the bill. He added that a number of changes have been introduced to the bill, including reduction of powers of the board, tighter definitions and more privacy safeguards.

“Any regulatory system requires external auditing, that should be taken into view. Another issue that was being looked at was that the forensic system should be outside police jurisdiction as they may have vested interests,” Bhan said.

The CIS note pointed out that although the bill refers to security and privacy procedures that labs are to follow, these have been left to be drawn up and implemented by the proposed DNA Board.

“This proposal has been doing the rounds for years and I can vouch for the scientific infallibility of using DNA profiling for carrying out justice. That being said, the bill does not provide verifiable or implementable safeguards for misuse of this data and lack of accountability of public servants can cause serious jeopardy to the privacy of citizens,” said K.P.C. Gandhi, a forensic scientist and founder chairman at Truth Labs, an independent forensic science laboratory.

For more details visit https://cis-india.org/internet-governance/news/livemint-nikita-mehta-july-29-2015-regulation-misuse-concerns-still-dog-dna-profiling-bill

Regulating the Internet: The Government of India & Standards Development at the IETF

Aayush Rathi, Gurshabad Grover and Sunil Abraham — 2019-01-22T07:29:39Z

The institution of open standards has been described as a formidable regulatory regime governing the Internet. Given the regulatory and domestic policy implications that technical standards can have, there is a need for Indian governmental agencies to focus adequate resources geared towards achieving favourable outcomes at standards development fora.

This brief was authored by Aayush Rathi, Gurshabad Grover and Sunil Abraham. Click here to download the policy brief.

Executive Summary

The institution of open standards has been described as a formidable regulatory regime governing the Internet. As the Internet has moved to facilitate commerce and communication, governments and corporations find greater incentives to participate and influence the decisions of independent standards development organisations.

While most such bodies have attempted to systematise fair and transparent processes, this brief highlights how they may still be susceptible to compromise. Documented instances of large private companies like Microsoft, and governmental instrumentalities like the US National Security Agency (NSA) exerting disproportionate influence over certain technical standards further the case for increased Indian participation.

The debate around Transport Layer Security (TLS) 1.3 at the Internet Engineering Task Force (IETF) forms an important case for studying how a standards body responded to political developments, and how the Government of India participated in the ensuing discussions. Lasting four years, the debate ended in favour of greater communications security. One of the security improvements in TLS 1.3 over its predecessor is that is makes less information available to networking middleboxes. Considering that Indian intelligence agencies and government departments have expressed fears of foreign-manufactured networking equipment being used by foreign intelligence to eavesdrop on Indian networks, the development is potentially favourable for the security of Indian communication in general, and the security of military and intelligence systems in particular. India has historically procured most networking equipment from foreign manufacturers. While there have been calls for indigenised production of such equipment, achieving these objectives will necessarily be a gradual process. Participating in technical standards can, then, be an effective interim method for intelligence agencies, defence wings and law enforcement for establishing trust in critical networking infrastructure sourced from foreign enterprises.

Outlining some of the existing measures the Indian government has put in place to build capacity for and participate in standard setting, this brief highlights that while these are useful starting points, they need to be harmonised and strengthened to be more fruitful. Given the regulatory and domestic policy implications that technical standards can have, there is a need for Indian governmental agencies to focus adequate resources geared towards achieving favourable outcomes at standards development fora.

Click here to download the policy brief.

Note: The recommendations in the brief were updated on 17 December 2018 to reflect the relevance of technical standard-setting in the recent discussions around Indian intelligence concerns about foreign-manufactured networking equipment.

For more details visit https://cis-india.org/internet-governance/blog/regulating-the-internet-the-government-of-india-standards-development-at-the-ietf

Regulating the Internet by fiat

praskrishna — 2012-08-26T10:13:03Z

The Union government’s move to ban or block 310 online entities is worrisome.

This article by V Sridhar was published in the Hindu on August 26, 2012. Pranesh Prakash is quoted.

The unprecedented spike in the velocity of hateful, offensive and blatantly communal online content earlier this month, which reinforced rumour mongering on the ground that resulted in the exodus of people from the northeast from several Indian cities has been a classic example of how new technologies can be harnessed for old vices. But just as disturbing has been the manner in which the government yielded to the old itch of censoring, banning or blocking content. Between August 18 and August 21, the Department of Telecommunications (DoT), in four separate directives issued to all Internet service licensees, asked them to “block access” to a total of 310 URLs (Unique Resource Locators).

Directing ISPs

The number of URLs blocked does not quite convey the extent of the banned content because the list includes instances of entire websites, a single Web page in some cases, videos posted on YouTube, Twitter handles, Facebook entries, or even instances of links that would take the browser to an img tag (an individual image that is linked to an HTML page). Although the directives clearly stated that the service providers should block only the specific URLs leading to the main sites such as YouTube, Facebook or Twitter.

Airtel, the leading telecom and Internet service provider, blocked youtu.be, the short URL that Twitter and Facebook users normally use for sharing images and videos. A perusal of the four orders clearly shows that Airtel overreacted. Although the service provider subsequently corrected the error, worries about arbitrary disruptions remain.

Pranesh Prakash, Programme Manager, Centre for Internet and Society (CIS), who did the first analysis of the resources that were pulled out of the Web, said the list was only partial, because they related only to the URLs that ISPs were asked to block, not what action would have been initiated against those offering Web services.

A ragtag list

Net activists, even those who do not have an absolutist notion of the right to free speech, have expressed deep reservations about the manner in which the government has blocked 310 URLs. Although Mr. Prakash, who is also a lawyer, believes that “temporary curbs” of freedom of expression, in situations such as the unprecedented situation earlier this month may be necessary, he argued that the government acted carelessly and in a kneejerk manner. “It is a ragtag list, prepared in a haphazard manner,” he told The Hindu.

Logically, the rules applicable to hate content ought to be the same whether the offence is in print or whether it appears as online content. Mr. Prakash pointed to the fact that official agencies such as the police have not gone after those responsible for the content posted in the blocked URLs, which shows that the government’s approach is not backed by a resolve to bring to book those responsible for spreading hate.

The ban-first, examine-later approach is wrong for three sets of reasons, argued Mr. Prakash. First, because there are what he characterises as “egregious mistakes”. Second, he doubts whether regulations prescribing due process of enforcing and reviewing the ban were indeed followed. Third, the government ought to have acted smarter, by using the same media to debunk the rumours that were swirling in several Indian cities but also in the northeast. Mr. Prakash pointed to the case of a Canadian intern working at the CIS who received an SMS from a Canadian government agency that asked her not to heed the rumours. Although the Bangalore police did issue an SMS asking people not to heed such rumours, it came well after the rumour mongering had passed its peak.

“I generally believe that the government must exercise utmost caution in censoring,” said Mr. Prakash. He pointed out that in the list were sites and people who had done nothing to promote hate. He refered to the case of Amit Paranjpe, whose twitter handles were blocked. “If you go through his timeline, you will not find anything that is communal at all,” Mr. Prakash says. “I do not think the government acted responsibly by going after material that is not directly inflammatory, or contributes to the state of panic,” he argued. “I do not doubt the motives of the government, because I see that the overwhelming majority of the material it has blocked is stuff that has something to do with communalism or rioting, whether it is as reportage or as material that contributes to tension,” he observed. He also did not think the government used the crisis as an excuse to put down politically dissenting voices, which was what happened last October (critical references to Sonia Gandhi were removed then).

Cyber terror?

Significantly, the list of blocked domains did not match the government’s claim that a lot of the hate content were in the form of images with misleading captions, most of which came from Pakistan. Mr. Prakash pointed out that many of these images had “been floating around” in Pakistan for at least a month before the rumours hit their peak in mid-August. He noted that within Pakistan there had been debates about the authenticity of these images. “In fact, the reportage and the countering of the reportage in the Pakistani media has been much more sophisticated than in India,” he observed. Significantly, the debate was not even targeted at the Indian audience, but to Pakistani or a global audience. “This debunks the notion some sections of the media have propagated, that this is about cyber war or cyber terrorism,” he says. “I have not seen evidence that India has been targeted from Pakistan,” he observed.

Lack of transparency

It has also been done without abiding by the procedures that are clearly laid down. Mr. Prakash pointed out, the provisions of the Information Technology Act require that “persons or intermediaries” blocked ought to have been given an opportunity to explain their position within 48 hours. He doubted that this had been followed. Moreover, he argued that the people or companies hosting the offensive content, not the ISPs, ought to have been asked to remove them. After all, most of the large and popular intermediaries have clearly laid down conditions of usage, he said.

The lack of transparency in the manner in which the government blocked these websites — even if it is accepted that the content was hateful, abhorrent and aimed at stirring social tension — is worrisome because it sets a precedent for unchecked use of power, without proper sanction. Nor was it a smart way of addressing an innovatively virulent way of spreading chaos. While the government’s use of the sledgehammer may have got it out of the immediate crisis it found itself in, it may have fewer friends when faced with a similar outbreak later.

For more details visit https://cis-india.org/news/www-the-hindu-aug-26-v-sridhar-regulating-the-internet-by-fiat

Regulating Social Media: Unrealistic, Impossible, Necessary?

praskrishna — 2013-04-30T16:50:13Z

The Press Council of India Chairperson Justice Markandey Katju calls for regulating social media, saying it will prevent offensive material coming into the public domain. But is it really necessary to regulate the social media? If yes, is it possible to do it?

This was published by NDTV on April 11, 2013.

NDTV aired a discussion by Ashwin S Kumar, Co-editor, Columnist, The Unreal Times; Kunal Majumder, Assitant Editor, Tehelka.com and Pranesh Prakash, Policy Director, Centre for Internet and Society on April 11, 2013 in response to Justice Katju's comments on bringing 'social media' under the Press Council of India.

Pranesh Prakash laid out four brief points:

'Social media' allows coffee house discussion and toilet wall scrawls to seem like print publications, but it's a mistake to treat it the same way we do print publications. The UK is now planning on using prosecutorial flexibility to refrain from prosecuting simple offensive speech on social media.
The same laws should apply online as they do offline (but how the apply, can differ), and that is currently the case. Most content-related offences in the IPC, etc., are offences online as well as offline.
Editors and journalists exist for most print publications and broadcast programmes, while that isn't true for most 'social media'. So guidelines applicable to the press mostly won't be applicable online.
Electronic publications (like Medianama, The Daily Dish, Huffington Post) which consider themselves engaged in a journalistic venture present a special problem that we do need to have a public conversation about.

Video

For more details visit https://cis-india.org/news/ndtv-video-april-11-2013-the-social-network-regulating-social-media-unrealistic-impossible-necessary

Regulating Sexist Online Harassment: A Model of Online Harassment as a Form of Censorship

amber — 2021-05-31T09:39:14Z

For more details visit https://cis-india.org/internet-governance/files/it-for-change-february-2021-amber-sinha-regulating-sexist-online-harassment.pdf

Regulating Sexist Online Harassment as a Form of Censorship

amber — 2021-05-31T09:56:31Z

This paper is part of a series under IT for Change’s project, Recognize, Resist, Remedy: Combating Sexist Hate Speech Online. The series, titled Rethinking Legal-Institutional Approaches to Sexist Hate Speech in India, aims to create a space for civil society actors to proactively engage in the remaking of online governance, bringing together inputs from legal scholars, practitioners, and activists. The papers reflect upon the issue of online sexism and misogyny, proposing recommendations for appropriate legal-institutional responses. The series is funded by EdelGive Foundation, India and International Development Research Centre, Canada.

Introduction

The proliferation of internet use was expected to facilitate greater online participation of women and other marginalised groups. However, over the past few years, as more and more people have come online, it is evident that social power in online spaces mirrors offline hierarchies. While identity and security thefts may be universal experiences, women and the LGBTQ+ community continue to face barriers to safety that men often do not, aside from structural barriers to access. Sexist harassment pervades the online experience of women, be it on dating sites, online forums, or social media.

In her book, Twitter and Tear Gas: The Power and Fragility of Networked Protest, Zeynep Tufekci argues that the nature and impact of censorship on social media are very different. Earlier, censorship was enacted by restricting speech. But now, it also works in the form of organised harassment campaigns, which use the qualities of viral outrage to impose a disproportionate cost on the very act of speaking out. Therefore, censorship plays out not merely in the form of the removal of speech but through disinformation and hate speech campaigns.

In most cases, this censorship of content does not necessarily meet the threshold of hate speech, and free speech advocates have traditionally argued for counter speech as the most effective response to such speech acts. However, the structural and organised nature of harassment and extreme speech often renders counter speech ineffective. This paper will explore the nature of online sexist hate and extreme speech as a mode of censorship. Online sexualised harassment takes various forms including doxxing, cyberbullying, stalking, identity theft, incitement to violence, etc. While there are some regulatory mechanisms – either in law, or in the form of community guidelines that address them, this paper argues for the need to evolve a composite framework that looks at the impact of such censorious acts on online speech and regulatory strategies to address them.

Click on to read the full text [PDF; 495 Kb]

For more details visit https://cis-india.org/internet-governance/blog/it-for-change-amber-sinha-regulating-sexist-online-harassment

Regulating Bitcoin in India

vipul — 2017-04-20T13:17:37Z

The article discusses the possible contours of future bitcoin regulation in India. Bitcoin, often considered a ‘notorious’ virtual currency limited only to techies or speculators, is currently fighting a battle to become a bona fide mainstream means of exchange.

While most currencies in the real world have the backing of a central authority of some kind (such as a sovereign or a Central Bank) infusing them with an air of legitimacy, Bitcoin has no such central authority which issues or controls it. Additionally, the distributed and decentralised nature of the Bitcoin network makes regulation a tricky issue. This article seeks to touch upon the issue of Bitcoin regulation and makes certain broad suggestions for the future. It is a follow-up to a previous article by this author discussing the legal treatment of Bitcoin under Indian law, available at http://cis-india.org/internet-governance/bitcoin-legal-regulation-india.

The Reserve Bank of India (RBI) has not exactly been shy in recognising and even regulating technological advances in the financial sector as is evident from their detailed guidelines on Internet Banking,[1] Prepaid Payment Instruments[2] Account Aggregator Regulations,[3] and the consultation paper on proposed regulations for P2P lending platforms,[4] etc. However, though the RBI has acknowledged the existence of Bitcoin (it issued a note cautioning the public against dealing in virtual currencies including Bitcoin way back in 2013[5] and again in 2017[6]), there have been no clear guidelines regarding the same. Nevertheless, Bitcoin has come a long way since its inception and a consensus is emerging amongst the more technically inclined individuals that Bitcoin is infact here to stay.

Even if a sceptical view is taken that Bitcoin may not last for a long time, that does not mean that regulation is useless as there is already a large amount of money invested in Bitcoin entities in India and Bitcoin exchanges seem to be betting big on this sector really taking off - especially in the backdrop of the government’s recent push towards a more digital and less cash dependent economy.

While the Indian government is trying to hard sell the idea of digital payments, primarily using existing banking channels as well as the relatively new National Payments Corporation of India (NPCI) and the various applications that are cropping up around the NPCI’s UPI platform, one must note that going digital could involve high administrative costs. These costs are typically charged by banks and intermediary merchants, and may not be palatable to all stakeholders, as was evident in the recent fracas between petrol pump owners and banks over proposed transactional charges on card payments.[7]

It is this vacuum that alternatives such as prepaid payment instruments and virtual currencies can fill while addressing the concern of high administrative charges, which is likely to be a major hurdle in going digital. Administrative charges for most of these instruments are significantly lower than what existing payment channels charge for digital transactions.[8]

Legality of Bitcoin and the need for Regulation

Bitcoin technology is being widely embraced all over the world, including neighbouring China which has become one of the biggest markets for the uniquely decentralised currency. However the biggest hurdle that Bitcoin enthusiasts see in mainstreaming this technology is the fact that most countries are treading too cautiously around Bitcoin and therefore do not have regulation governing them.

The creation and transfer of Bitcoin is based on an open source cryptographic protocol and is not managed by any central authority.[9] It is the decentralized nature of this virtual currency that makes regulation a major challenge. This does not mean that regulators are not capable of regulating Bitcoin, in fact attempts have been made in several jurisdictions but these are mostly in the discussion stage, for eg. the Washington Department of Financial Institutions (“DFI”) introduced a bill in December, 2016 which proposes amendments to certain portions of the Washington Uniform Money Services Act and includes provisions specific to digital currencies;[10] the U.S. District Court for the Southern District of New York has in a decision in September, 2016 taken the view that Bitcoin is money under the plain meaning of Section 1960, the federal money transmission statute.[11]

This article does not intend to undertake a discussion on how Bitcoin is dealt with in various jurisdictions, but instead is aimed at suggesting a possible way forward for Indian regulators to regulate Bitcoin in a manner that satisfies the regulatory zeal towards security as well as ensures that the technology does not get stifled through overregulation. It is important that the regulators create a balanced regulation because an impractical ecosystem for Bitcoin exchanges and their users, may lead to traders seeking alternative methods of purchasing Bitcoin such as P2P trading, over-the-counter (OTC) markets and underground trading platforms, which are significantly more difficult to regulate.[12]

Suggestions for Regulation

Since Bitcoin is a decentralised cryptocurrency, it is impossible to regulate it through one single centralised point for all transactions. Neither is it feasible to regulate each and every Bitcoin user. A pragmatic compromise between these two extremes could be to regulate the points at which fiat currency or valuable goods enter the Bitcoin system, i.e. the Bitcoin exchanges where people may buy and sell Bitcoin for actual real world money, or websites which offer Bitcoin as a means of payment. Such an approach would reduce the number of points of supervision and lead to effective enforcement of the regulations. The regulations may require any entity providing services such as buying and selling of Bitcoin for actual money, trading in Bitcoin (such as non-cash exchanges) or providing other Bitcoin related services (such as Bitcoin wallets, merchant gateways, remittance facilities, etc.) to be registered with a central government agency, preferably the Reserve Bank of India.

One legal issue regarding the regulation of companies transacting in Bitcoin is whether the RBI has the authority or jurisdiction to regulate Bitcoin in the first place. Without getting into the arguments regarding whether it is a dangerous trend or not, an easy way in which the RBI could ensure it has the authority to regulate Bitcoin would be to follow the path that the RBI adopted while regulating Account Aggregators under the Non-Banking Financial Company - Account Aggregator (Reserve Bank) Directions, 2016 wherein the RBI declared Account Aggregators as Non Banking Finance Companies under section 45-I(f)(iii) thereby getting the authority to regulate and supervise them under section 45JA of the Reserve Bank of India Act, 1934.

The Regulations, once issued by the Reserve Bank of India, can prescribe mandatory registration, capital adequacy provisions, corporate governance conditions, minimum security protocols, Know Your Customer (KYC) requirements and most importantly provide for regular and ongoing reporting requirements as well as supervision of the Reserve Bank of India over the activities of Bitcoin companies.

Any proposed Bitcoin regulatory framework would seek to address certain issues; for the purposes of this article, we will assume that the following three issues are the ones that must necessarily be addressed by a regulatory framework:

Security of the consumer’s property and prevention of fraud on the consumer. In the technology sector this translates into specific emphasis on increased security (against hacking) for accounts that the consumers maintain with the service provider.
India has robust exchange control laws and the inherently decentralised and digital nature of Bitcoin can enable transfer of value from one jurisdiction to another without any oversight by a central agency, potentially violating the exchange control laws of India.
Bitcoin has for long been associated with criminal and nefarious activities, infact many believe that the famous black market website “Silk Road” played a big role in making Bitcoin famous[13] and therefore preventing Bitcoin from being used for illegal activities (or creating a mechanism to ensure a digital trail to help investigations post facto) would be a major issue that the regulations would seek to tackle.

Given the above assumptions, let us examine whether the Regulations suggested above can satisfactorily address the concerns of security of consumers, exchange control, and keeping a tab on criminal activities.

If the regulations provide for minimum capital adequacy requirements as well as registration by the RBI or some other central agency, then the chances of consumers being duped by “fly-by-night” operators would be significantly reduced. The Regulations can also provide for minimum security protocols to be maintained by the companies, which protocols can themselves be developed in concert with Bitcoin experts. Critics may point to the hacking of various Bitcoin exchanges in the recent past, including that of MtGox, in which Bitcoin worth millions of dollars were siphoned off, and argue that the security protocols may not be enough to prevent future instances of hacking. But that is true even for the current security protocols for online banking; and that has not prevented a large number of banks from providing online banking facilities and the RBI regulating the same. The other vital issue that legally mandated security protocols would address (and potentially solve) is the issue of liability in case of hackings. Regulations may provide clarity on this issue and protect innocent customers from negligent companies while at the same time protecting entrepreneurs by defining and limiting the liability for bona fide and vigilant companies.

The other issue that may be of major concern to the authorities is exchange control. India has extremely specific exchange control laws, and if any person in India wants to transfer any amount to any person overseas, the only legal way to do so is through a bank transfer, which requires filling paperwork giving the reason for the transfer (although the RBI and banks usually don’t ask for any proof for small amounts upto a few lakhs). This means that all transfers outside India are done through proper banking channels and are therefore under the supervision of the RBI. However the decentralised nature of Bitcoin enables individuals to transfer money outside the borders of India without going through any banking channels and hence stay completely outside the purview of the RBI’s supervision. Such a system which lets users transfer money beyond national borders outside legal banking channels could be easily misused by nefarious actors and this is exactly what happened as international drug cartels turned to Bitcoin and other digital currencies to move their ill gotten wealth beyond the borders of various countries.[14] Regulating the entities which provide Bitcoin wallets and Bitcoin exchanges will ensure that the RBI can exercise its supervisory jurisdiction over Bitcoin transactions of individual customers even though these transactions do not go through the regular banking channels. The Regulations could impose an obligation on the companies to provide information on any suspicious activities or provide greater information about accounts which see very high volumes, etc. to ensure that Bitcoin is not used to finance organised crime. Thus, the regulations could have provisions that would require the companies providing the Bitcoin wallets or exchanges to flag and monitor customers whose trading accounts or Bitcoin wallets have transactions of an amount greater than a specified limit. This would provide the RBI with the ability to enquire as to the reasons for such high volumes and weed out illegal transactions while at the same time allowing bona fide transactions to continue.

Very closely linked to the issue of exchange control and supervision of transactions is the issue of checking the furtherance of criminal activities using the apparent anonymity offered by Bitcoin. However if the RBI has regulatory oversight over all the Bitcoin companies that are operating in India, then it would be possible for it to keep an eye on most Bitcoin transactions in India as long as the wallet that originates or terminates the transaction has been provided by a Bitcoin service provider located in India. An argument may be made that a criminal may use the services of Bitcoin wallet services provided by companies outside India and therefore outside the purview of the RBI and its regulations. However this argument may not be as plausible as it may seem at first look; if we assume that for any criminal activity the ultimate goal is to get the money in the form of recognizable legal tender (preferably cash or money in a bank account) then it stands to reason that the Bitcoin in the wallet would be exchanged for currency at some point or the other in the chain, which can only be done through a Bitcoin exchange if the transaction is of a fairly high value (which most criminal transactions are) and these exchanges as well as the accounts maintained by them will be under the purview of the RBI, thus providing the law enforcement agencies with the final link in the chain of transactions. Further, the public nature of the blockchain (the ledger where each Bitcoin trade is registered and verified) also makes it possible for the enforcement agencies to follow the trail of money for each and every Bitcoin or part thereof.

Conclusion

From the discussion above, we see that the major arguments that have been given by sceptics regarding Bitcoin and its attractiveness to criminals due to its decentralised nature are actually not very viable on a closer look. Bitcoin and the blockchain technology are extremely important steps in the direction of better and more efficient financial transactions in the global economy, which is why a number of mainstream banks are also showing a keen interest in the blockchain technology.[15] Regulations governing Bitcoin or virtual currencies would clear the air regarding their legal status so that consumers as well as entrepreneurs and investors can invest more money in this technology which could potentially change the way financial transactions are carried out across jurisdictions.

[1] https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=414&Mode=0

[2] https://rbi.org.in/scripts/NotificationUser.aspx?Id=10799&Mode=0

[3] https://www.rbi.org.in/scripts/BS_ViewMasDirections.aspx?id=10598

[4] https://rbidocs.rbi.org.in/rdocs/content/pdfs/CPERR280416.pdf

[5] https://rbi.org.in/scripts/BS_PressReleaseDisplay.aspx?prid=30247

[6] https://rbi.org.in/Scripts/BS_PressReleaseDisplay.aspx?prid=39435

[7] http://timesofindia.indiatimes.com/business/india-business/petrol-pumps-wont-accept-cards-from-monday-to-protest-banks-transaction-fee/articleshow/56402253.cms

[8] For example, currently the network fee for a person to person Bitcoin transfer is 0.0001 Bitcoin, which comes to roughly Rs. 6 per transaction irrespective of the amount involved.

[9] The processing of Bitcoin transactions is secured by servers called Bitcoin “miners”. These servers communicate over an internet-based network and confirm transactions by adding them to a ledger which is updated and archived periodically using peer-to-peer filesharing technology, also known as the “blockchain”. The integrity and chronological order of the blockchain is enforced with cryptography. In addition to archiving transactions, each new ledger update creates some newly-minted Bitcoins.

[10] https://www.virtualcurrencyreport.com/2017/01/washington-department-of-financial-institutions-proposes-virtual-currency-regulation/

[11] https://www.virtualcurrencyreport.com/2016/09/sdny-opinion-re-bitcoin/. For a discussion on how different States and agencies in the United States deal with Bitcoin, please see Misha Tsukerman, “THE BLOCK IS HOT: A SURVEY OF THE STATE OF BITCOIN REGULATION AND SUGGESTIONS FOR THE FUTURE, Berkeley Technology Law Journal, Vol. 30:385, 2015, p. 1127, available at http://scholarship.law.berkeley.edu/cgi/viewcontent.cgi?article=2084&context=btlj .

[12] http://themerkle.com/why-china-isnt-interested-in-banning-bitcoin-importance-of-regulation/

[13] See generally, Nathaniel Popper, “Digital Gold: Bitcoin and the Inside Story of the Misfits and Millionaires Trying to Reinvent Money”, Harper Collins, 2015.

[14] https://www.bloomberg.com/view/articles/2013-11-18/are-bitcoins-the-criminal-s-best-friend-

[15] http://www.morganstanley.com/ideas/big-banks-try-to-harness-blockchain.

For more details visit https://cis-india.org/internet-governance/blog/regulating-bitcoin-in-india

Registering for Aadhaar in 2019

sunil — 2019-01-03T14:59:04Z

It is a lot less scary registering for Aadhaar in 2019 than it was in 2010, given how the authentication modalities have since evolved.

The article was published in Business Standard on January 2, 2019.

Last November, a global committee of lawmakers from nine countries the UK, Canada, Ireland, Brazil, Argentina, Singapore, Belgium, France and Latvia summoned Mark Zuckerberg to what they called an “international grand committee” in London. Mr. Zuckerberg was too spooked to show up, but Ashkan Soltani, former CTO of the FTC was among those who testified against Facebook. He said “in the US, a lot of the reticence to pass strong policy has been about killing the golden goose” referring to the innovative technology sector. Mr. Soltani went on to argue that “smart legislation will incentivise innovation”. This could be done either intentionally or unintentionally by governments. For example, a poorly thought through blocking of pornography can result in innovative censorship circumvention technologies. On other occasions, this can happen intentionally. I hope to use my inaugural column in these pages to provide an Indian example of such intentional regulatory innovation.

Eight years ago, almost to this date, my colleague Elonnai Hickok wrote an open letter to the Parliamentary Finance Committee on what was then called the UID or Unique Identity. She compared Aadhaar to the digital identity project started by the National Democratic Alliance (NDA) government in 2001. Like the Vajpayee administration which was working in response to the Kargil War, she advocated a decentralised authentication architecture using smart cards based on public key cryptography. Last year, even before the five-judge constitutional bench struck down Section 57 of the Aadhaar Act, the UIDAI preemptively responded to this regulatory development by launching offline Aadhaar cards. This was to be expected especially since from the A.P. Shah Committee report, the Puttaswamy Judgment, the B.N. Srikrishna Committee consultation paper, report and bill, the principle of “privacy by design” was emerging as a key Indian regulatory principle in the domain of data protection.

The introduction of the offline Aadhaar mechanism eliminates the need for biometrics during authentication. I have previously provided 11 reasons why biometrics is inappropriate technology for e-governance applications by democratic governments, and this comes as a massive relief for both human rights activists and security researchers. Second, it decentralises authentication, meaning that there is a no longer a central database that holds a 360-degree view of all incidents of identification and authentication. Third, it dramatically reduces the attack surface for Aadhaar numbers, since only the last four digits remain unmasked on the card. Each data controller using Aadhaar will have to generate his/her own series of unique identifiers to distinguish between residents. If those databases leak or get breached, it won’t tarnish the credibility of Aadhaar or the UIDAI to the same degree. Fourth, it increases the probability of attribution in case a data breach were to occur; if the breached or leaked data contains identifiers issued by a particular data controller, it would become easier to hold them accountable and liable for the associated harms. Fifth, unlike the previous iteration of the Aadhaar “card”, on which the QR code was easy to forge and alter, this mechanism provides for integrity and tamper detection because the demographic information contained within the QR code is digitally signed by the UIDAI. Finally, it retains the earlier benefit of being very cheap to issue, unlike smart cards.

Thanks to the UIDAI, the private sector is also being forced to implement privacy by design. Previously, since everyone was responsible for protecting Aadhaar numbers, nobody was. Data controllers would gladly share the Aadhaar number with their contractors, that is, data processors, since nobody could be held responsible. Now, since their own unique identifiers could be used to trace liability back to them, data controllers will start using tokenisation when they outsource any work that involves processing of the collected data. Skin in the game immediately breeds more responsible behaviour in the ecosystem.

The fintech sector has been rightfully complaining about regulatory and technological uncertainty from last year’s developments. This should be addressed by developing open standards and free software to allow for rapid yet secure implementation of these changes. The QR code standard itself should be an open standard developed by the UIDAI using some of the best practices common to international standard setting organisations like the World Wide Web Consortium, Internet Engineers Task Force and the Institute of Electrical and Electronics Engineers. While the UIDAI might still choose to take the final decision when it comes to various technological choices, it should allow stakeholders to make contributions through comments, mailing lists, wikis and face-to-face meetings. Once a standard has been approved, a reference implementation must be developed by the UIDAI under liberal licences, like the BSD licence that allows for both free software and proprietary software derivative works. For example, a software that can read the QR code as well as send and receive the OTP to authenticate the resident. This would ensure that smaller fintech companies with limited resources can develop secure systems.

Since Justice Dhananjaya Y. Chandrachud’s excellent dissent had no other takers on the bench, holdouts like me must finally register for an Aadhaar number since we cannot delay filing taxes any further. While I would still have preferred a physical digital artefact like a smart card (built on an open standard), I must say it is a lot less scary registering for Aadhaar in 2019 than it was in 2010, given how the authentication modalities have since evolved.

For more details visit https://cis-india.org/internet-governance/blog/business-standard-january-2-2019-registering-for-aadhaar-in-2019

Reddit, Telegram among websites blocked in India, say internet groups

Sai Sachin Ravikumar — 2019-04-15T10:32:54Z

Discussion board Reddit, messaging service Telegram and comedy site College Humor have been blocked for intermittent periods, say internet groups.

The article by Sai Sachin Ravikumar was published in Business Standard on April 3, 2019. Gurshabad Grover was quoted.

Websites like Reddit and Telegram are being blocked in India by internet service providers, throwing into question the enforcement of net neutrality rules, advocacy groups said on Wednesday.

Restrictions on "torrent sites" that offer free movie and music downloads are routine in India to prevent copyright infringement. Pornography websites are also blocked by court orders seeking to protect children.

But in recent months, websites such as the discussion board Reddit, messaging service Telegram and comedy site College Humor have been blocked for intermittent periods, often for days and only in some regions, baffling internet users.

"It's not making any sense, what's happening," said Apar Gupta, executive director at the non-profit Internet Freedom Foundation (IFF). "A lot of these blocks are also happening in such a way that no notices are displayed." Since January, there have been at least 250 reports of websites blocked on networks operated by Jio, a unit of Reliance Industries, Bharti Airtel and Hathway, the IFF said in a letter to the telecoms department.

Jio and Airtel are among India's top telecom providers.

Some internet users have posted on social media screenshots of pages displaying messages saying a website was blocked to comply with government orders.

When Reuters tried to access CollegeHumor.com on Wednesday a message read: "Your requested URL has been blocked as per the directions received from Department of Telecommunications, Government of India."

An official at the telecoms department, which last year approved rules on net neutrality--the concept that all websites and data on the Internet be treated equally--declined to comment when contacted by Reuters.

Complaints by Indian internet users have covered "most forms of net neutrality violations," IFF's Gupta said.

Nearly 60 per cent of the user reports compiled by the foundation since January involved Jio networks, the IFF's data showed.

A Jio representative did not respond to an emailed request for comment. Hathway did not reply to phone and email requests for comment.

Bharti Airtel said in a statement it "supports an open internet" and does not block content unless directed by authorities. It did not say if it was currently blocking any websites.

Reddit did not respond to an emailed request for comment outside regular U.S. business hours.

Telegram, which has been blocked previously in Russia and Iran, did not immediately respond to a phone message seeking comment.

If websites are blocked based on government or court orders, or internet firms have legal grounds to restrict web pages, they might not violate net neutrality rules, said Gurshabad Grover, a researcher at the non-profit Centre for Internet and Society.

"But in this case we're not entirely sure," he said.

Other sites blocked this year include tax portal Taxscan and legal database Indian Kanoon.

After complaints from Jio's internet users, Indian Kanoon founder Sushant Sharma said he had been told by Jio the portal was blocked for one day last week due to a government order.

"By evening, apparently, that order was taken back," said Sharma, whose website has some 150,000 daily visitors.

For more details visit https://cis-india.org/internet-governance/news/business-standard-sai-sachin-ravikumar-april-3-2019-reddit-telegram-among-websites-blocked-in-india

Recruitment Tracker: 21 students placed out of the 49 who sat for recruitment in Christ University’s School of Law, Class of 2012

praskrishna — 2012-06-18T08:45:53Z

The Class of 2012 at the School of Law, Christ University saw 21 students placed out of the 49 who sat for recruitment. The graduating class has a batch strength of 77 students. The batch saw 8 pre-placement offers, 4 students being accepted for LLM’s abroad and 3 students opting for litigation while 1 student opted to appear for the civil services examination.

Published by the Bar & Bench News Network on June 11, 2012

Pangea 3 was the biggest recruiter, bagging four students while Nishith Desai Associates, Murli & Co., Clutch Group and Prudent Insurance Brokers Private Limited hiring two students each. J. Sagar Associates, Linklegal, PXV Law Partners, BMR Advisors and Bajaj Allianz General Insurance Corporation picked up one student each.

The Centre for Internet and Society, human-rights organisation Justice and Care, Teach for India and the Freeland Wildlife Trust hired one student each. Out of the four students who have opted for a Masters programme, two will be going to the National University of Singapore and one each to Cornell University and George Washington University.

At the time of publication, the recruitment process for one student was currently under progress at J. Sagar Associates.

Name of the Company / Firm	Number of Students Recruited
Pangea3	4
Nishith Desai & Associates	2
Murli & Co.	2
Prudent Insurance Brokers	2
Clutch Group	2
BMR Advisors	1
J Sagar Associates	1
Bajaj Allianz General Insurance Corporation	1
PXV Law Partners	1
Link Legal	1
Freeland Wildlife Trust	1
Centre for Internet & Society	1
Justice and Care	1
Teach for India	1
TOTAL	21

For more details visit https://cis-india.org/news/recruitment-tracker-21-students-placed

Reconfiguring Data Governance: Insights from India and the EU

2024-02-20T00:30:00Z

This policy paper is the result of a workshop organised jointly by the Tilburg Institute of Law, Technology and Society, Netherlands, the Centre for Communication Governance at the National Law University Delhi, India and the Centre for Internet & Society, India in January, 2023. The workshop brought together a number of academics, researchers, and industry representatives in Delhi to discuss a range of issues at the core of data governance theory and practice.

The workshop aimed to compare and assess lessons from data governance from India and the European Union, and to make recommendations on how to design fit-for-purpose institutions for governing data and AI in the European Union and India.

This policy paper collates key takeaways from the workshop by grounding them across three key themes: how we conceptualise data; how institutional mechanisms as well as community-centric mechanisms can work to empower individuals, and what notions of justice these embody; and finally a case study of enforcement of data governance in India to illustrate and evaluate the claims in the first two sections.

This report was a collaborative effort between researchers Siddharth Peter De Souza, Linnet Taylor, and Anushka Mittal at the Tilburg Institute for Law, Technology and Society (Netherlands), Swati Punia, Sristhti Joshi, and Jhalak M. Kakkar at the Centre for Communication Governance at the National Law University Delhi (India) and Isha Suri, and Arindrajit Basu at the Centre for Internet & Society, India.

Click to download the report

For more details visit https://cis-india.org/internet-governance/blog/reconfiguring-data-governance-insights-from-india-and-eu

Reclaiming AI Futures: Call for Contributions and Provocations

Divij Joshi — 2020-11-18T09:04:25Z

CIS is pleased to share this call for contributions by Mozilla Fellow Divij Joshi. CIS will be working with Divij to edit, collate, and finalise this publication. This publication will add to Divij’s work as part of the AI observatory. The work is entirely funded by Divij Joshi.

Please visit this link for the full call, and details on how to apply.

For more details visit https://cis-india.org/internet-governance/blog/reclaiming-ai-futures-call-for-contributions-and-provocations

Reading a closed book

radha — 2011-04-02T14:50:00Z

With the right combination of privacy tweaks and a little prudence, you can maintain privacy online - an article in Livemint by Krish Raghav (29th September, 2009)

Perhaps, no other word has undergone as much shape-shifting in the last few years as “privacy”. The concept, especially with the mainstreaming of social networking sites such as Facebook and Orkut, has metamorphosed into a fuzzy mess, with borders increasingly blurry and confines increasingly limited.

The story of Anoushka Shankar’s Facebook stalker may make the Internet look like a dangerous place for the unprepared, but with the right amount of prudence, you can maintain your privacy without having to give up on your online vices. While Facebook has faced enormous criticism for its lax privacy policies in the past, it’s wisened up now and features a detailed master control panel of privacy features, and the right combination of toggles and switches can help you put the personal back in your personal life. Here are five simple ways to help you define privacy online:

Learn the Privacy Settings

Privacy Settings is the second menu option under “Settings” in the big blue bar on top of every Facebook page. An important first step is defining who gets to see your contact information. Not all “friends” on Facebook need to be privy to your telephone number, for example. Proceed to the “Info” tab on your profile and click “Edit” under Contact information. Each item in that list can be customized to be viewable only to specific people.

It’s also best to be careful with what you put up in this section. “Don’t upload material that contains hints to your passwords,” says Sunil Abraham, executive director of the Bangalore-based non-profit civil society group, The Centre for Internet and Society. “Often, the answers to the secret question used to remind users of their password on sensitive online services can be determined by examining social networking content.” The name of your pet, birth date and names of schools are the usual secret questions and common information on profiles. “This is increasingly being targeted by hackers who use social engineering as their method of choice,” he says.

Organize your online social life

“Group your friends and fine-tune access-control over your social network content,” says Abraham. “Facebook allows you to granularly control who sees what. Configure this and then test your configuration before uploading sensitive content.”

Click on “Friends” on the top blue bar and select “Create new list” to begin organizing your friends. A useful distinction to start with is “Family” and “Friends”. While the latter might like to see photos of parties you attended last week, the former may not necessarily need to. It’s also important, says Abraham, to test your groupings to see if everything works. “Testing can be done by sitting with close friends who you can shift from group to group,” he says.

Be discreet

“Don’t upload material that might embarrass your future self: Text, images and video content that might be perfectly acceptable to your teen peers may not be acceptable to a future employer,” says Abraham. Rants against bosses or co-workers are highly unadvised and it’s best to stay away from anything inflammatory or potentially damaging. “Social networks have policies regarding data retention that change according to their commercial ambition and performance. Thus, in future, you may find it impossible to delete embarrassing content.”

Hide yourself from Google

To hide your profile from Google searches, go to “Privacy Settings”, click on “Search Privacy Settings” and deselect the box that says “create a public search listing for me and submit it for search engine indexing”. While that will hide your profile from showing up in search engines, the same can’t be said for content that you post there. “Don’t upload material that you would not want featured in mass media: Security compromises in social network services are usually systemic,” says Abraham. “Last year, 17GB of private photos were stolen from MySpace and were publicly available for download through torrent trackers such as Thepiratebay.org.”

Be careful of applications

Sure, Mafia Wars and FarmVille are great fun, but always read the fine print before using an application. Many are harmless, but some ask you for contact information and others that integrate external online services may make private information on these sites accessible. As an example, don’t give away your geographic location, warns Abraham. “If knowledge about your geographic location can be useful to business competitors, please be judicious when integrating services like Dopplr with your social network.” Dopplr is a site that allows travellers to plan itineraries and arrange meetings with people who might be at the same place at the same time.

Link to article in Livemint

For more details visit https://cis-india.org/news/reading-a-closed-book

re:thinking tomorrow

praskrishna — 2015-06-19T14:12:08Z

The lightning spread of communication technologies has enabled the dissemination of information and ideas that mainstream media have been unwilling or unable to publish.

While the Internet empowers individuals to engage in advocating, mobilising and reacting on behalf of the disempowered, it also raises significant issues of privacy and hate speech when used by the wrong people for the wrong reasons.

Are we at a stage where we can argue that online activism challenges the balance of power between governments and citizens, giving rise to a new form of deliberative and participatory democracy? Or is the transformative power of virtual civil disobedience blown out of proportion? To what extent is the Internet a level playing field where gender, ethnicity or class do not matter? What kinds of legal and political instruments are available to governments and corporations in their efforts to control the Internet? This panel discussion will bring together four female jury members of The BOBS Award 2015 who will seek answers to these and other questions regarding Internet activism, citizen journalism and grassroots mobilisation.

Rohini Lakshané was a panelist at this event organized by Hertie School of Governance at Berlin on May 4, 2015. For more see the event brochure.

For more details visit https://cis-india.org/internet-governance/news/re-thinking-tomorrow