Centre for Internet and Society

CIS's Statement at SCCR 24 on the Treaty for the Visually Impaired

pranesh — 2012-07-22T12:01:28Z

This was the statement read out by Pranesh Prakash at the 24th meeting of the WIPO Standing Committee for Copyright and Related Rights in Geneva, on Friday, July 20, 2012.

Thank you, Mr. Chairman.

I would like to associate CIS with the statements made by the WBU, eIFL, IFLA, KEI, ISOC, and CLA.

We NGOs been making statements at SCCR on this the topic of a treaty for the reading-disabled since 2009 now.

In this room there are a number of organizations that work with and for persons with disabilities which come here to Geneva, SCCR after SCCR. They do not come here to watch the enactment of an elaborate ritual, but to seek solutions for the very real knowledge drought that is being faced by the reading-disabled everywhere, and particularly in developing countries.

The way work on this treaty — or rather this binding-or-non-binding international instrument — has been stalled by some member states is a matter of shame. In India our Parliament recently passed an amendment to our copyright law that grants persons with disabilities, and those who are working for them, a strong yet simply-worded right to have equal access to copyrighted works as sighted persons.

An instrument that lays down detailed guidelines on rules and procedures to be followed by authorized entities will not work. An instrument that subjects the enjoyment of fundamental freedoms by persons with visual impairments to market forces and bureaucratic practices will not work.

Importantly, an instrument that ignores realities of the world: that the vast majority of persons with visual impairment live in developing countries just will not work.

I implore the delegations here to keep up the constructive spirit I have seen most of them display in the past two days, and ensure that the 2012 General Assembly convenes a Diplomatic Conference on this topic.

For more details visit https://cis-india.org/a2k/blogs/cis-statement-sccr24-treaty-visually-impaired

CIS's Statement at SCCR 24 on the WIPO Broadcast Treaty

pranesh — 2012-07-23T15:02:11Z

This was the statement read out by Pranesh Prakash at the 24th meeting of the WIPO Standing Committee for Copyright and Related Rights in Geneva, on Monday, July 23, 2012, specifically on the Chair's Non Paper on the Protection of Broadcasters which was released this morning.

Thank you, Madam Chair.

The Centre for Internet and Society would like to thank the Japanese, South African and Mexican delegations, as well as the Chair for their hard work on this text before us.

We wish to reiterate the statement on principles provided in the 22nd SCCR by many civil society non-governmental organizations, cable casters and technology companies opposing a rights-based Broadcast Treaty, and would like to associate ourselves with the statements made today by the CCIA, EFF, IFLA, LCA, eIFL, KEI, and the Internet Society.

I have a longer statement, which I will mail in later, but will read a shorter version now.

Why Do We Need Protection for Broadcasters?

Broadcasters make three kinds of investments for which they are protected. They invest in broadcasting infrastructure, they invest in licensing copyrighted works, and they at times invest in creating copyrighted works. The first investment is protected by 'broadcast rights', and the latter two investments are already protected by copyright law. So it is probably the first investment alone that needs to be protected, but the Rome Convention already does precisely that.

Broadcasters Already Protected Online

Importantly, the investments to be made in infrastructure for Internet-based transmission is insignificant, and hence Internet-based transmission should not be covered by this treaty, even if it is retransmission over the Internet, and even if it is traditional broadcaster which is transmitting over the Internet. Technology-neutrality should not be taken to such an extent as to forget why we are granting additional protection to broadcasters, which is to protect their investments.

Broadcasters Can Already Sue for Copyright Violation

The Motion Pictures Association in its statement just now mentioned "cause of action" as something that this treaty seeks to protect: that is, to allow broadcasters to have a standing to sue for copyright violation. The fact is that most, if not all, legal systems already allow for licensees — like broadcasters — to have cause of action for infringement. A global treaty is not needed for that.

Inconsistencies in Chair's Non Paper

Lastly, there are many inconsistencies in the Chair's non-paper: while it proclaims that it only extends protection to broadcast signals, and not the subject matter carried by such signals, the rest of the document does not follow that principle. Fixation cannot be covered in a signals-based treaty, nor does it make any logical sense to provide 20 years of protection for a signal that lasts for milliseconds. As the delegates would recall, the General Assembly's mandate was for a signals-based approach, and not for a rights-based approach.

Thank you, Madam Chair.

For more details visit https://cis-india.org/a2k/blogs/cis-statement-sccr24-broadcast-treaty

CIS's Statement at SCCR 24 on Exceptions & Limitations for Libraries and Archives

pranesh — 2012-07-25T10:54:38Z

This was the statement delivered by Pranesh Prakash on Wednesday, July 25, 2012, at the 24th session of the WIPO Standing Committee on Copyrights and Related Rights on the issue of exceptions and limitations for libraries and archives.

Thank you, Mr. Chair.

We would like to associate ourselves with the statements made by International Federation of Library Associations, Electronic Information for Libraries, Knowledge Ecology International, Conseil International des Archives, Library Copyright Alliance, Computer and Communications Industry Association, and the Canadian Library Association.

The Centre for Internet and Society would like to commend this house for adopting SCCR/23/8 as a working document on the issue of exceptions and limitations on libraries and archives. This issue is of paramount interest the world over, and particularly in developing countries. I would like to limit my oral intervention to three quick points, and will send a longer statement in via e-mail.

First, we feel that this committee should pay special attention to ensuring that digital works and online libraries and archives such as the Internet Archive, also receive the same protection as brick-and-mortar libraries.

Second, we are concerned that we have been seeing some delegations advancing a very narrow interpretation of the three-step test. Such a narrow interpretation is not supported by leading academics, nor by practices of member states. A narrow interpretation of the three-step test must be squarely rejected. In particular, I would like to associate CIS with the strong statements by IFLA and KEI to maintain flexibilities within exceptions and limitations, instead of overly prescriptive provisions encumbered by weighty procedures and specifications.

We have comments about parallel trade as well, drawing from our experience and research in India, and will send those in writing.

Libraries and archive enhance the value of the copyrighted works that they preserve and provide to the general public. They do not erode it. Exceptions and limitations that help them actually help copyright holders. The sooner copyright holders try not to muzzle libraries, especially when it comes to out-of-commerce works, electronic copies of works, and in developing countries, the better it will be for them, their commercial interests, as well as the global public interest.

Thank you.

For more details visit https://cis-india.org/a2k/blogs/cis-statement-sccr24-libraries-archives

Press Coverage of Online Censorship Row

pranesh — 2011-12-08T11:31:30Z

We are maintaining a rolling blog with press references to the row created by the proposal by the Union Minister for Communications and Information Technology to pre-screen user-generated Internet content.

Monday, December 5, 2011

India Asks Google, Facebook to Screen Content | Heather Timmons (New York Times, India Ink)

Tuesday, December 6, 2011

Sibal warns social websites over objectionable content | Sandeep Joshi (The Hindu)

Hate speech must be blocked, says Sibal | Praveen Swami & Sujay Mehdudia (The Hindu)

Won't remove material just because it's controversial: Google | (Press Trust of India)

Any Normal Human Being Would Be Offended | Heather Timmons (New York Times, India Ink)

After Sibal, Omar too feels some online content inflammatory | (Press Trust of India)

Online uproar as India seeks social media screening | Devidutta Tripathy and Anurag Kotoky (Reuters)

Kapil Sibal for content screening: Facebook, Twitter full of posts against censorship | (IANS)

India May Overstep Its Own Laws in Demanding Content Filtering | John Ribeiro (IDG)

Kapil Sibal warns websites: Mixed response from MPs | (Press Trust of India)

Websites must clean up content, says Sibal | (NewsX)

Kapil Sibal warns websites; Google says won't remove material just because it's controversial | Press Trust of India

Censorship By Any Other Name... | Yamini Lohia (Mint)

Kapil Sibal: We have to take care of sensibility of our people | Associated Press

Kapil Sibal gets backing of Digvijaya Singh over social media screening | Press Trust of India

Sibal Gets What He Set Out To Censor | (Hindustan Times, Agencies)

Objectionable Matter Will Be Removed, Censorship Not in Picture Yet: Kapil Sibal | Amar Kapadia (News Tonight)

Wednesday, December 7, 2011

Kapil Sibal Doesn't Understand the Internet | Shivam Vij (India Today)

'Chilling' Impact of India's April Internet Rules | Heather Timmons (New York Times, India Ink)

Screening, not censorship, says Sibal | (Business Standard)

Chandni Chowk to China | Salil Tripathi (Mint)

Kapil Sibal vs the internet | Sandipan Deb (Mint)

No Need for Censorship of the Internet: Cyber Law Experts | (Times News Network)

Protest with flowers for Sibal | (The Hindu)

Kapil Sibal cannot screen this report | Team DNA, Blessy Chettiar & Renuka Rao (Daily News and Analysis)

Kapil Sibal warns websites, but experts say prescreening of user content not practical | (Reuters)

Sibal's Remarks Brought Disgust | Hitesh Mehta (News Tonight)

BJP backs mechanism to curb objectionable content on websites | (The Hindu)

Move to regulate networking sites should be discussed in Parliament: BJP | (Press Trust of India)

Sibal under attack in cyberspace | (Press Trust of India)

Kapil Sibal's web censorship: Indian govt wanted 358 items removed, says Google | (Press Trust of India)

Kapil Sibal gets BJP support but with rider | (Indo-Asian News Service)

Sibal's way of regulating web not okay, says BJP | (Indo-Asian News Service)

Censorship in Blasphemy's Clothings | Gautam Chikermane (Hindustan Times, Just Faith)

India wants Google, Facebook to screen content | Sharon Gaudin (Computer World)

Should we be taming social media? | Swati Prasad (ZDNet, Inside India)

Kapil Sibal gets lampooned for views on Web control | (Daily News and Analysis)

'We don't need no limitation' | Asha Prakash (Times of India)

Five reasons why India can't censor the internet | Prasanto K. Roy (Indo-Asian News Service)

We Are the Web | (Indian Express)

Thursday, December 8, 2011

Kapil Sibal under attack in cyberspace, (Press Trust of India)

Speak Up for Freedom | Pranesh Prakash (Indian Express)

Newswallah: Censorship | Neha Thirani (New York Times, India Ink)

No Question of Censoring the Internet, Says Sachin Pilot | (NDTV)

Mind Your Netiquette, or We'll Mind it for You | A.A.K. (The Economist)

Take Parliament's view to regulate social networking sites, BJP tells govt | (Times News Network)

India wanted 358 items removed | Priscilla Jebaraj (The Hindu)

Indian Government v Social Networking sites: Expert Views | (Bar & Bench News Network)

Can Government Muzzle Websites? | Priyanka Joshi & Piyali Mandal (Business Standard)

US concerned over internet curbs, sidesteps India move | (Indo-Asian News Service)

Why Internet Companies Are Upset with Kapil Sibal | (Rediff)

Why Censor Facebook When You Don't Censor Sunny Leone? | (Indo-Asian News Service)

Online content issue: Talks with India on, says U.S. | (Press Trust of India)

US calls for Internet freedom amid India plan | Agence France-Presse

For more details visit https://cis-india.org/internet-governance/blog/press-coverage-online-censorship

About Us

pranesh — 2016-06-27T13:59:12Z

What we do

The Centre for Internet and Society is a non-profit research organisation that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and intellectual property rights, and openness (including open data, free/open source software, open standards, open access to scholarly literature, open educational resources, and open video), and engages in academic research on reconfigurations of social processes and structures through the Internet and digital media technologies, and vice versa.

Vision and Mission

The Centre for Internet and Society will critically engage with concerns of digital pluralism, public accountability and pedagogic practices, in the field of Internet and Society, with particular emphasis on South-South dialogues and exchange.

Through multidisciplinary research, intervention, and collaboration, we seek to explore, understand, and affect the shape and form of the internet, and its relationship with the political, cultural, and social milieu of our times.

For more details visit https://cis-india.org/about/about-us

Aadhaar marks a fundamental shift in citizen-state relations: From ‘We the People’ to ‘We the Government’

pranesh — 2017-04-04T16:10:06Z

Your fingerprints, iris scans, details of where you shop. Compulsory Aadhaar means all this data is out there. And it’s still not clear who can view or use it.

The article was published in the Hindustan Times on April 3, 2017.

Until recently, people were allowed to opt out of Aadhaar and withdraw consent to have their data stored. This is no longer going to be an option.
(Siddhant Jumde / HT Illustration)

Imagine you’re walking down the street and you point the camera on your phone at a crowd of people in front of you. An app superimposes on each person’s face a partially-redacted name, date of birth, address, whether she’s undergone police verification, and, of course, an obscured Aadhaar number.

OnGrid, a company that bills itself as a “trust platform” and offers “to deliver verifications and background checks”, used that very imagery in an advertisement last month. Its website notes that “As per Government regulations, it is mandatory to take consent of the individual while using OnGrid”, but that is a legal requirement, not a technical one.

Since every instance of use of Aadhaar for authentication or for financial transactions leaves behind logs in the Unique Identification Authority of India’s (UIDAI) databases, the government can potentially have very detailed information about everything from the your medical purchases to your use of video-chatting software. The space for digital identities as divorced from legal identities gets removed. Clearly, Aadhaar has immense potential for profiling and surveillance. Our only defence: law that is weak at best and non-existent at worst.

The Aadhaar Act and Rules don’t limit the information that can be gathered from you by the enrolling agency; it doesn’t limit how Aadhaar can be used by third parties (a process called ‘seeding’) if they haven’t gathered their data from UIDAI; it doesn’t require your consent before third parties use your Aadhaar number to collate records about you (eg, a drug manufacturer buying data from various pharmacies, and creating profiles using Aadhaar).

It even allows your biometrics to be shared if it is “in the interest of national security”. The law offers provisions for UIDAI to file cases (eg, for multiple enrollments), but it doesn’t allow citizens to file a case against private parties or the government for misuse of Aadhaar or identity fraud, or data breach.

It is also clear that the government opposes any privacy-related improvements to the law. After debating the Aadhaar Bill in March 2016, the Rajya Sabha passed an amendment by MP Jairam Ramesh that allowed people to opt out of Aadhaar, and withdraw their consent to UIDAI storing their data, if they had other means of proving their identity (thus allowing Aadhaar to remain an enabler).

But that amendment, as with all amendments passed in the Rajya Sabha, was rejected by the Lok Sabha, allowing the government to make Aadhaar mandatory, and depriving citizens of consent. While the Aadhaar Act requires a person’s consent before collecting or using Aadhaar-provided details, it doesn’t allow for the revocation of that consent.

In other countries, data security laws require that a person be notified if her data has been breached. In response to an RTI application asking whether UIDAI systems had ever been breached, the Authority responded that the information could not be disclosed for reasons of “national security”.

The citizen must be transparent to the state, while the state will become more opaque to the citizen.

How Did Aadhaar Change?

How did Aadhaar become the behemoth it is today, with it being mandatory for hundreds of government programmes, and even software like Skype enabling support for it?

The first detailed look one had at the UID project was through an internal UIDAI document marked ‘Confidential’ that was leaked through WikiLeaks in November 2009. That 41-page dossier is markedly different from the 170-page ‘Technology and Architecture’ document that UIDAI has on its website now, but also similar in some ways.

In neither of those is the need for Aadhaar properly established. Only in November 2012 — after scholars like Reetika Khera pointed out UIDAI’s fundamental misunderstanding of leakages in the welfare delivery system — was the first cost-benefit analysis commissioned, by when UIDAI had already spent ₹28 billion. That same month, Justice KS Puttaswamy, a retired High Court judge, filed a PIL in the Supreme Court challenging Aadhaar’s constitutionality, wherein the government has argued privacy isn’t a fundamental right.

Every time you use Aadhaar, you leave behind logs in the UIDAI databases. This means that the government can potentially have very detailed information about everything from the your medical purchases to your use of video-chatting software.

Even today, whether the ‘deduplication’ process — using biometrics to ensure the same person can’t register twice — works properly is a mystery, since UIDAI hasn’t published data on this since 2012. Instead of welcoming researchers to try to find flaws in the system, UIDAI recently filed an FIR against a journalist doing so.

At least in 2009, UIDAI stated it sought to prevent anyone from “[e]ngaging in or facilitating profiling of any nature for anyone or providing information for profiling of any nature for anyone”, whereas the 2014 document doesn’t. As OnGrid’s services show, the very profiling that the UIDAI said it would prohibit is now seen as a feature that all, including private companies, may exploit.

UID has changed in other ways too. In 2009, it was as a system that never sent out any information other than ‘Yes’ or ‘No’, which it did in response to queries like ‘Is Pranesh Prakash the name attached to this UID number’ or ‘Is April 1, 1990 his date of birth’, or ‘Does this fingerprint match this UID number’.

With the addition of e-KYC (wherein UIDAI provides your demographic details to the requester) and Aadhaar-enabled payments to the plan in 2012, the fundamentals of Aadhaar changed. This has made Aadhaar less secure.

Security Concerns

With Aadhaar Pay, due to be launched on April 14, a merchant will ask you to enter your Aadhaar number into her device, and then for your biometrics — typically a fingerprint, which will serve as your ‘password’, resulting in money transfer from your Aadhaar-linked bank account.

Basic information security theory requires that even if the identifier (username, Aadhaar number etc) is publicly known — millions of people names and Aadhaar numbers have been published on dozens of government portals — the password must be secret. That’s how most logins works, that’s how debit and credit cards work. How are you or UIDAI going to keep your biometrics secret?

In 2015, researchers in Carnegie Mellon captured the iris scans of a driver using car’s side-view mirror from distances of up to 40 feet. In 2013, German hackers fooled Apple iOS’s fingerprint sensors by replicating a fingerprint from a photo taken off a glass held by an individual. They even replicated the German Defence Minister’s fingerprints from photographs she herself had put online. Your biometrics can’t be kept secret.

Typically, even if your username (in this case, Aadhaar number) is publicly known, your password must be secret. That’s how most logins works, that’s how debit and credit cards work. How are you or UIDAI going to keep your biometrics secret?

In the US, in a security breach of 21.5 million government employees’ personnel records in 2015, 5.2 million employees’ fingerprints were copied. If that breach had happened in India, those fingerprints could be used in conjunction with Aadhaar numbers not only for large-scale identity fraud, but also to steal money from people’s bank accounts.

All ‘passwords’ should be replaceable. If your credit card gets stolen, you can block it and get a new card. If your Aadhaar number and fingerprint are leaked, you can’t change it, you can’t block it.

The answer for Aadhaar too is to choose not to use biometrics alone for authentication and authorisation, and to remove the centralised biometrics database. And this requires a fundamental overhaul of the UID project.

Aadhaar marks a fundamental shift in citizen-state relations: from ‘We the People’ to ‘We the Government’. If the rampant misuse of electronic surveillance powers and wilful ignorance of the law by the state is any precedent, the future looks bleak. The only way to protect against us devolving into a total surveillance state is to improve rule of law, to strengthen our democratic institutions, and to fundamentally alter Aadhaar. Sadly, the political currents are not only not favourable, but dragging us in the opposite direction.

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-pranesh-prakash-april-3-2017-aadhaar-marks-a-fundamental-shift-in-citizen-state-relations

CIS Counter Comments on TRAI Consultation on Differential Pricing

pranesh — 2016-03-25T16:28:06Z

This counter-comment also includes: a) An appendix that charts regulations on zero-rating across the globe, and shows that the popular press have misunderstood and misrepresented regulations in foreign countries; b) An appendix that charts specialized services (including differential pricing of specialized services) across the globe.

For more details visit https://cis-india.org/internet-governance/resources/net-neutrality/2016-01-14_cis_trai-counter-comments_differential-pricing

Software Freedom Pledge

pranesh — 2015-09-25T12:26:09Z

On September 19, 2015, celebrated globally as Software Freedom Day, a number of enthusiasts got together and collectively took a pledge.

We, who have gathered together for Software Freedom Day 2015, believe that software freedom is both a matter of ethical principle as well as a matter of pragmatism, and is necessary for a democratic, open society.

We believe that it is desirable that all people, but especially governments, use, contribute to, and spread open standards, free/libre/open source software, open APIs, openly-licensed content (including open data, open access, and open education resources), leading to a vibrant public domain, and ensure that all of the above are accessible for all, including persons with disabilities and other marginalised sections of society.

Given that, we pledge to:

use and spread free software amongst our family, friends, and neighbours, both in person and virtually.
demand that services we use in turn use open standards and open APIs, and thus be available for all using free/libre/open source software, without the payment of any royalties.
raise the issue of software freedom with our democratic representatives, to seek that they in turn respect and promote these principles.
as far as possible, making our own work openly available, and seek to convince our employers, publishers, producers, and other persons who might be in a position to restrict
work against any laws, policies — corporate or governmental — or technical restrictions that seek to prevent people from full exercise of their rights, and which are contrary to the above principles.

Signed by:

Abhaya Agarwal
Ananth Subray
Asutosha Sarangi
Chirag Sarthi J
Prakash Hebballi
Pranesh Prakash
Ralph Andrade
Subhashish Panigrahi
Tito Dutta
Veethika Mishra

For more details visit https://cis-india.org/openness/software-freedom-pledge-2015

Comparative Analysis of Comments Submitted on Draft IT Rules

pranesh — 2012-04-23T05:47:43Z

An RTI was filed asking the DIT to provide all the feedback received on its call for comments on the Draft Information Technology Rules. The feedback on the Due Diligence Rules / Intermediary Guidelines Rules have been compiled in this comparative table.

For more details visit https://cis-india.org/internet-governance/resources/comparative-analysis-draft-it-rules-comments

Indian Porn Ban is Partially Lifted But Sites Remain Blocked

pranesh — 2015-09-13T09:00:03Z

The Indian government made a quick about-face on its order to block hundreds of pornography websites on Tuesday, partially lifting the ban after political backlash against the moral policing.

The article was published in Wall Street Journal on August 5, 2015. Pranesh Prakash gave his inputs.

But the websites remained blocked because Internet service providers were afraid of legal trouble.

The new order from the Department of Telecommunications said that Internet service providers could unblock any of the 857 websites, so long as they don’t contain child pornography. However, the websites remain blocked because service providers say they have no way of knowing whether they contain child porn, and no control over whether they will in the future.

Ravi Shankar Prasad, the IT minister, said Tuesday night that the government would trim down the list of banned sites, to focus only on those that contain child porn.

“A new notification will be issued shortly. The ban will be partially withdrawn. Sites that do not promote child porn will be unbanned,” said Mr. Prasad on the TV news channel India Today.

The wording of the new order created confusion, because it appears to put the responsibility for policing the Internet for child pornography on service providers.

“How can we go ahead? What if something comes up tomorrow [on one of these sites], which has child porn, or something else?,” said an executive at an Indian service provider who asked not to be named.

“The onus cannot be put on the service providers. What the government is doing is inherently unfair, it is not what the law requires,” said Pranesh Prakash, policy director at the Centre for Internet and Society, a Bangalore-based civil liberties advocacy group. It is the government’s job to determine what violates the law, not private companies, Mr. Prakash said.

For more details visit https://cis-india.org/internet-governance/news/the-wall-street-journal-august-5-2015-sean-mclain-indian-porn-ban-is-partially-lifted-but-sites-remain-blocked

Internet Rights and Wrongs

pranesh — 2016-09-22T23:36:14Z

With a rise in PIL's for unwarranted censorship, do we need to step back and inspect if it's about time unreasonable trends are checked?

The article was published in India Today on September 1, 2016. The original piece can be read here.

Over the last few weeks, there have been a number of cases of egregious censorship of websites in India. Many people started seeing notices that (incorrectly) gave an impression that they may end up in jail if they visited certain websites. However, these notices weren't an isolated phenomenon, nor one that is new. Worryingly, the higher judiciary has been drawn into these questionable moves to block websites as well.

Since 2011, numerous torrent search engines and communities have been blocked by Indian internet service providers (ISPs). Torrent search engines provide the same functionality for torrents that Google provides for websites. Are copyright infringing materials indexed and made searchable by Google? Yes. Do we shut down Google for this reason? No. However, that is precisely what private entertainment companies have done over the past five years in India. Companies hired by the producers of Tamil movies Singham and 3 managed to get video-sharing websites like Vimeo, Dailymotion and numerous torrent search engines blocked even before the movies released, without showing even a single case of copyright infringement existed on any of them. During the FIFA World Cup, Sony even managed to get Google Docs blocked. In some cases, these entertainment companies have abused 'John Doe' orders (generic orders that allow copyright enforcement against unnamed persons) and have asked ISPs to block websites. The ISPs, instead of ignoring such requests as instances of private censorship, have also complied. In other cases (like Sony's FIFA World Cup case), courts have ordered ISPs to block hundreds of websites without any copyright infringement proven against them. High court judges haven't even developed a coherent theory on whether or how Indian law allows them to block websites for alleged copyright infringement. Still they have gone ahead and blocked.

In 2012, hackers got into Reliance Communications servers and released a list of websites blocked by them. The list contained multiple links that sought to connect Satish Seth-a group MD in Reliance ADA Group-to the 2G scam: a clear case of secretive private censorship by RCom. Further, visiting some of the YouTube links which pertained to Satish Seth showed that they had been removed by YouTube due to dubious copyright infringement complaints filed by Reliance BIG Entertainment. Did the department of telecom, whose licences forbid ISPs from engaging in private censorship, take any action against RCom? No. Earlier this year, Tata Sky filed a complaint against YouTube in the Delhi High Court, noting that there were videos on it that taught people how to tweak their set-top boxes to get around the technological locks that Tata Sky had placed. The Delhi HC ordered YouTube "not to host content that violates any law for the time being in force", presuming that the videos in question did in fact violate Indian law. They cite two sections: Section 65A of the Copyright Act and Section 66 of the Information Technology Act. The first explicitly allows a user to break technological locks of the kind that Tata Sky has placed for dozens of reasons (and allows a person to teach others how to engage in such breaking), whereas the second requires finding of "dishonesty" or "fraud" along with "damage to a computer system, etc", and an intention to violate the law-none of which were found. The court effectively blocked videos on YouTube without any finding of illegality, thus once again siding with censorial corporations.

In 2013, Indore-based lawyer Kamlesh Vaswani filed a PIL in the Supreme Court calling for the government to undertake proactive blocking of all online pornography. Normally, a PIL is only admittable under Article 32 of the Constitution, on the basis of a violation of a fundamental right (which are listed in Part III of our Constitution). Vaswani's petition-which I have had the misfortune of having read carefully-does not at any point complain that the state is violating a fundamental right by not blocking pornography. Yet the petition wants to curb the fundamental right to freedom of expression, since the government is by no means in a position to determine what constitutes illegal pornography and what doesn't.

The larger problem extends to the now-discredited censor board (headed by the notorious Pahlaj Nihalani), as also the self-censorship practised on TV by the private Indian Broadcasters Federation (which even bleeps out words and phrases like 'Jesus', 'period', 'breast cancer' and 'beef'). 'Swachh Bharat' should not mean sanitising all media to be unobjectionable to the person with the lowest outrage threshold. So who will file a PIL against excessive censorship?

For more details visit https://cis-india.org/internet-governance/blog/india-today-september-1-2016-pranesh-prakash-internet-rights-and-wrongs

The Socratic debate: Whose internet is it anyway?

pranesh — 2014-12-09T13:35:45Z

In the US, President Obama recently spoke out on the seemingly arcane topic of net neutrality. What is more astounding is that the popular satire news show host John Oliver spent a 13-minute segment talking about it in June, telling Internet trolls to “focus your indiscriminate rage in a useful direction” by visiting the US Federal Communications Commission’s (FCC) website and submitting comments on its weak draft proposal on net neutrality.

The article was published in the Economic Times on November 18, 2014.

Due to the work of activists, popular media coverage, pro-net neutrality technology companies, and John Oliver, eventually the FCC received 1.1 million responses. Text analysis by the Sunlight Foundation using natural language processing found that only 1% of the responses were clearly opposed to net neutrality. So millions of people in the US are both aware and care about this issue. But the general response in India would be: what is net neutrality and why should I be concerned?

Net neutrality is commonly described as the principle of ensuring that there is no discrimination between the different ‘packets’ that an Internet service provider (ISP) carries. That means that the traffic from NDTV should be treated equally by Reliance Infocomm as the traffic from Network 18’s CNNIBN; that even if Facebook wants to pay Airtel to deliver Whatsapp’s packets faster than Viber’s, Airtel may not do so; that peer-to-peer traffic is not throttled; that Facebook will not be able to pay Airtel to keep its subscribers bound within its walled gardens; and also that Airtel can’t claim to be providing Internet access while restricting that to only Facebook or Whatsapp.

The counter to this by telecom companies the world over, which has little evidence backing it, is primarily two-fold: first, one of equity — that it is ‘unfair’ for the likes of YouTube to get a ‘free ride’ on Airtel networks, hogging up bandwidth but not paying them; and second, that of economic incentives — networks are bleeding money due to services like WhatsApp and Skype replacing SMS and voice, and not being able to charge them will lead to a decrease in profitability and network expansion. The first claim is based on a myth of the ‘free ride’, while the reality is that subscribers who download more also pay the ISP more, while contentemitting companies also have to pay their network providers as per the traffic they generate, and those network providers, in turn, have to enter into ‘transit’ or ‘peering’ agreements with the ISPs that eventually provide access to consumers. The second claim has little evidence to back it up. Efficient competition is the best driver of both profit as well as network expansion. VSNL complained about services like Net2Phone in the 1990s and even filtered all voice-over-IP (VoIP) traffic — and illegally blocked a number of VoIP websites — to preserve its monopoly over international telephony. Instead, removing VSNL’s monopoly only benefited our nation. As for network expansion, it is inability of networks to profit from sparsely populated rural areas that poses a major roadblock. Fixing those problems require smart pricing by telecom companies and intelligent regulation, including exploring policy options like shared spectrum, but they do not necessarily require the abandoning of net neutrality.

However, the fact that the reasons telecom companies often provide against net neutrality are bogus doesn’t mean that it’s easy to ensure net neutrality. The Trai has been exploring this issue by holding a seminar on OTT services. However, the main focus of the discussions were not whether and how India should ensure net neutrality: it was on whether the government should regulate services like WhatsApp and bring them under the licence Raj. Yes, the debate going around in the regulatory circles is whether India should implement rules to ensure net non-neutrality so as favour telecom companies! Net neutrality is a difficult issue in regulatory terms since there is no common understanding among academics and activists of what all should fall under its ambit: only the ‘last mile’ or interconnection as well?

The policy dialogue in India is far removed from this and from considering the nuanced positions of anti-net neutrality scholars, such as Christopher Yoo, who raise concerns about the harms to innovation and the free market that would be caused by mandating net neutrality. The situation in India is much more dire, since blatant violations of net neutrality — howsoever defined — are already happening with Airtel launching its ‘One Touch Internet’, a limited walled garden approach that lies about offering access to the ‘Internet’ while only offering access to a few services based on secretive agreements with other companies. Mark Zuckerberg, the founder of Facebook, recently toured India talking about his grand vision of providing connectivity to the bottom half of the pyramid yet did not talk about how that connectivity would not be to the Internet, but will be limited to only a few services — including Facebook.

Even if we had good laws in favour of net neutrality, without effective monitoring and forceful action by the government, they will amount to little. s. Undoubtedly the contours of the conversation that needs to happen in India over net neutrality will be different from that happening in more developed countries with higher levels of Internet penetration.

However it is a cause of grave concern that while net neutrality is being brutally battered by telecom companies in the absence of any regulation, they are also seeking to legitimize their battery through regulation. It is time the direction of the conversation changed. Perhaps we should invite John Oliver over.

For more details visit https://cis-india.org/internet-governance/blog/economic-times-november-18-2014-pranesh-prakash-the-socratic-debate-whos-internet-is-it-anyway

Overview of the Constitutional Challenges to the IT Act

pranesh — 2014-12-19T09:01:50Z

There are currently ten cases before the Supreme Court challenging various provisions of the Information Technology Act, the rules made under that, and other laws, that are being heard jointly. Advocate Gopal Sankaranarayanan who's arguing Anoop M.K. v. Union of India has put together this chart that helps you track what's being challenged in each case.

PENDING MATTERS	CASE NUMBER	PROVISIONS CHALLENGED
Shreya Singhal v. Union of India	W.P.(CRL.) NO. 167/2012	66A
Common Cause & Anr. v. Union of India	W.P.(C) NO. 21/2013	66A, 69A & 80
Rajeev Chandrasekhar v. Union of India & Anr.	W.P.(C) NO. 23/2013	66A & Rules 3(2), 3(3), 3(4) & 3(7) of the Intermediaries Rules 2011
Dilip Kumar Tulsidas Shah v. Union of India & Anr.	W.P.(C) NO. 97/2013	66A
Peoples Union for Civil Liberties v. Union of India & Ors.	W.P.(CRL.) NO. 199/2013	66A, 69A, Intermediaries Rules 2011 (s.79(2) Rules) & Blocking of Access of Information by Public Rules 2009 (s.69A Rules)
Mouthshut.Com (India) Pvt. Ltd. & Anr. v. Union of India & Ors.	W.P.(C) NO. 217/2013	66A & Intermediaries Rules 2011
Taslima Nasrin v. State of U.P & Ors.	W.P.(CRL.) NO. 222/2013	66A
Manoj Oswal v. Union of India & Anr.	W.P.(CRL.) NO. 225/2013	66A & 499/500 Indian Penal Code
Internet and Mobile Ass'n of India & Anr. v. Union of India & Anr.	W.P.(C) NO. 758/2014	79(3) & Intermediaries Rules 2011
Anoop M.K. v. Union of India & Ors.	W.P.(CRL.) NO. 196/2014	66A, 69A, 80 & S.118(d) of the Kerala Police Act, 2011

For more details visit https://cis-india.org/internet-governance/blog/overview-constitutional-challenges-on-itact

The Worldwide Web of Concerns

pranesh — 2012-12-27T04:31:39Z

The International Telecommunication Union’s World Conference on International Telecommunications (WCIT-12) is currently under way in Dubai, after a gap of 25 years. At this conference, the Inter-national Telecommunication Regulations — a binding treaty containing high-level principles — are to be revised.

Pranesh Prakash's column was published in the Deccan Chronicle on December 10, 2012.

Much has changed since the 1988 Melbourne conference. Since 1988, mobile telephony has grown by leaps and bounds, the Internet has expanded and the World Wide Web has come into existence.

Telecommunications is now, by and large, driven by the private sector and not by state monopolies.

While there are welcome proposals (consumer protection relating to billing of international roaming), there have also been contentious issues that Internet activists have raised: a) process-related problems with the ITU; b) scope of the ITRs, and of ITU’s authority; c) content-related proposals and “evil governments” clamping down on free speech; d) IP traffic routing and distribution of revenues.

Process-related problems: The ITU is a closed-door body with only governments having a voice, and only they and exorbitant fees-paying sector members have access to documents and proposals. Further, governments generally haven’t held public consultations before forming their positions. This lack of transparency and public participation is anathema to any form of global governance and is clearly one of the strongest points of Internet activists who’ve raised alarm bells over WCIT.

w Scope of ITRs: Most telecom regulators around the world distinguish between information services and telecom services, with regulators often not having authority over the former. A few countries even believe that the wide definition of telecommunications in the ITU constitution and the existing ITRs already covers certain aspects of the Internet, and contend that the revisions are in line with the ITU constitution. This view should be roundly rejected, while noting that there are some legitimate concerns about the shift of traditional telephony to IP-based networks and the ability of existing telecom regulations (such as those for mandatory emergency services) to cope with this shift.

ITU’s relationship with Internet governance has been complicated. In 1997, it was happy to take a hands-off approach, cooperating with Internet Society and others, only to seek a larger role in Internet governance soon after. In part this has been because the United States cocked a snook at the ITU and the world community in 1998 through the way it established Internet Corporation for Assigned Names and Numbers (ICANN) as a body to look after the Internet’s domain name system. While the fact that the US has oversight over ICANN needs to change (with de-nationalisation being the best option), Russia wants to supersede ICANN and that too through current revisions of the ITRs. Russia’s proposal is a dreadful idea, and must not just be discarded lightly but thrown away with great force. The ITU should remain but one among multiple equal stakeholders concerned with Internet governance.

One important, but relatively unnoticed, proposed change to ITU’s authority is that of making the standards that ITU’s technical wing churns out mandatory. This is a terrible idea (especially in view of the ITU’s track record at such standards) that only a stuffy bureaucrat without any real-world insight into standards adoption could have dreamt up.

Content-related proposals: Internet activists, especially US-based ones, have been most vocal about the spectre of undemocratic governments trying to control online speech through the ITRs. Their concerns are overblown, especially given that worse provisions already exist in the ITU’s constitution. A more real threat is that of increasing national regulation of the Internet and its subsequent balkanisation, and this is increasingly becoming reality even without revisions to the ITRs.

Having said that, we must ensure that issues like harmonisation of cyber-security and spam laws, which India has been pushing, should not come under ITU’s authority. A further worry is the increasing militarisation of cyberspace, and an appropriate space must be found by nation-states to address this pressing issue, without bringing it under the same umbrella as online protests by groups like Anonymous.

Division of revenue: Another set of proposals is being pushed by a group of European telecom companies hoping to revive their hard-hit industry. They want the ITU to regulate how payments are made for the flow of Internet traffic, and to prevent socalled “net neutrality” laws that aim to protect consumers and prevent monopolistic market abuse. They are concerned that the Googles and Facebooks of the world are free-riding on their investments. That all these companies pay to use networks just as all home users do, is conveniently forgotten. Thankfully, most countries don’t seem to be considering these proposals seriously.

Can general criteria be framed for judging these proposals? In submissions to the Indian government, the Centre for Internet and Society suggested that any proposed revision of the ITRs be considered favourably only if it passes all the following tests: if international regulation is required, rather than just national-level regulation (i.e., the principle of subsidiarity); if it is a technical issue limited to telecommunications networks and services, and their interoperability; if it is an issue that has to be decided exclusively at the level of nation-states; if the precautionary principle is satisfied; and if there is no better place than the ITRs to address that issue. If all of the above are satisfied, then it must be seen if it furthers substantive principles, such as equity and development, competition and prevention of monopolies, etc. If it does, then we should ask what kind of regulation is needed: whether it should be mandatory, whether it is the correct sort of intervention required to achieve the policy objectives.

The threat of a “UN takeover” of the Internet through the WCIT is non-existent. Since the ITU’s secretary-general is insisting on consensus (as is tradition) rather than voting, the possibility of bad proposals (of which there are many) going through is slim. However, that doesn’t mean that activists have been crying themselves hoarse in vain. That people around the world are a bit more aware about the linkage between the technical features of the Internet and its potential as a vehicle for free speech, commerce and development, is worth having to hear some shriller voices out there.

The writer is policy director at the Centre for Internet and Society, Bengaluru

For more details visit https://cis-india.org/internet-governance/blog/deccan-chronicle-pranesh-prakash-december-10-2012-the-worldwide-web-of-concerns

How Surveillance Works in India

pranesh — 2013-07-15T10:20:45Z

When the Indian government announced it would start a Centralized Monitoring System in 2009 to monitor telecommunications in the country, the public seemed unconcerned. When the government announced that the system, also known as C.M.S., commenced in April, the news didn’t receive much attention.

This article by Pranesh Prakash was published in the New York Times on July 10, 2013.

After a colleague at the Centre for Internet and Society wrote about the program and it was lambasted by Human Rights Watch, more reporters started covering it as a privacy issue. But it was ultimately the revelations by Edward J. Snowden about American surveillance that prompted Indians to ask questions about its own government’s surveillance programs.

In India, we have a strange mix of great amounts of transparency and very little accountability when it comes to surveillance and intelligence agencies. Many senior officials are happy to anonymously brief reporters about the state of surveillance, but there is very little that is officially made public, and still less is debated in the national press and in Parliament.

This lack of accountability is seen both in the way the Big-Brother acronyms (C.M.S., Natgrid, T.C.I.S., C.C.T.N.S., etc.) have been rolled out, as well as the murky status of the intelligence agencies. No intelligence agency in India has been created under an act of Parliament with clearly established roles and limitations on powers, and hence there is no public accountability whatsoever.

The absence of accountability has meant that the government has since 2006 been working on the C.M.S., which will integrate with the Telephone Call Interception System that is also being rolled out. The cost: around 8 billion rupees ($132 million) — more than four times the initial estimate of 1.7 billion — and even more important, our privacy and personal liberty. Under their licensing terms, all Internet service providers and telecom providers are required to provide the government direct access to all communications passing through them. However, this currently happens in a decentralized fashion, and the government in most cases has to ask the telecoms for metadata, like call detail records, visited Web sites, IP address assignments, or to carry out the interception and provide the recordings to the government. Apart from this, the government uses equipment to gain access to vast quantities of raw data traversing the Internet across multiple cities, including the data going through the undersea cables that land in Mumbai.

With the C.M.S., the government will get centralized access to all communications metadata and content traversing through all telecom networks in India. This means that the government can listen to all your calls, track a mobile phone and its user’s location, read all your text messages, personal e-mails and chat conversations. It can also see all your Google searches, Web site visits, usernames and passwords if your communications aren’t encrypted.


A man surfing a Facebook page at an internet cafe in Guwahati, Assam, on Dec. 6, 2011. Image Credit: Anupam Nath/Associated Press

You might ask: Why is this a problem when the government already had the same access, albeit in a decentralized fashion? To answer that question, one has to first examine the law.

There are no laws that allow for mass surveillance in India. The two laws covering interception are the Indian Telegraph Act of 1885 and the Information Technology Act of 2000, as amended in 2008, and they restrict lawful interception to time-limited and targeted interception.The targeted interception both these laws allow ordinarily requires case-by-case authorization by either the home secretary or the secretary of the department of information technology.

Interestingly, the colonial government framed better privacy safeguards into communications interception than did the post-independence democratic Indian state. The Telegraph Act mandates that interception of communications can only be done on account of a public emergency or for public safety. If either of those two preconditions is satisfied, then the government may cite any of the following five reasons: “the sovereignty and integrity of India, the security of the state, friendly relations with foreign states, or public order, or for preventing incitement to the commission of an offense.” In 2008, the Information Technology Act copied much of the interception provision of the Telegraph Act but removed the preconditions of public emergency or public safety, and expands the power of the government to order interception for “investigation of any offense.” The IT Act thus very substantially lowers the bar for wiretapping.

Apart from these two provisions, which apply to interception, there are many laws that cover recorded metadata, all of which have far lower standards. Under the Code of Criminal Procedure, no court order is required unless the entity is seen to be a “postal or telegraph authority” — and generally e-mail providers and social networking sites are not seen as such.

Unauthorized access to communications data is not punishable per se, which is why a private detective who gained access to the cellphone records of Arun Jaitley, a Bharatiya Janata Party leader, has been charged under the weak provision on fraud, rather than invasion of privacy. While there is a provision in the Telegraph Act to punish unlawful interception, it carries a far lesser penalty (up to three years of imprisonment) than for a citizen’s failure to assist an agency that wishes to intercept or monitor or decrypt (up to seven years of imprisonment).

To put the ridiculousness of the penalty in Sections 69 and 69 B of the IT Act provision in perspective, an Intelligence Bureau officer who spills national secrets may be imprisoned up to three years. And under the Indian Penal Code, failing to provide a document one is legally bound to provide to a public servant, the punishment can be up to one month’s imprisonment. Further, a citizen who refuses to assist an authority in decryption, as one is required to under Section 69, may simply be exercising her constitutional right against self-incrimination. For these reasons and more, these provisions of the IT Act are arguably unconstitutional.

As bad as the IT Act is, legally the government has done far worse. In the licenses that the Department of Telecommunications grants Internet service providers, cellular providers and telecoms, there are provisions that require them to provide direct access to all communications data and content even without a warrant, which is not permitted by the existing laws on interception. The licenses also force cellular providers to have ‘bulk encryption’ of less than 40 bits. (Since G.S.M. network encryption systems like A5/1, A5/2, and A5/3 have a fixed encryption bit length of 64 bits, providers in India have been known use A5/0, that is, no encryption, thus meaning any person — not just the government — can use off-the-air interception techniques to listen to your calls.)

Cybercafes (but not public phone operators) are required to maintain detailed records of clients’ identity proofs, photographs and the Web sites they have visited, for a minimum period of one year. Under the rules designed as India’s data protection law (oh, the irony!), sensitive personal data has to be shared with government agencies, if required for “purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offenses.”

Along similar lines, in the rules meant to say when an Internet intermediary may be held liable for a user’s actions, there is a provision requiring the Internet company to “provide information or any such assistance to government agencies legally authorized for investigative, protective, cybersecurity activity.” (Incoherent, vague and grammatically incorrect sentences are a consistent feature of laws drafted by the Ministry of Communications and IT; one of the telecom licenses states: “The licensee should make arrangement for monitoring simultaneous calls by government security agencies,” when clearly they meant “for simultaneous monitoring of calls.”)

In a landmark 1996 judgment, the Indian Supreme Court held that telephone tapping is a serious invasion of an individual’s privacy and that the citizens’ right to privacy has to be protected from abuse by the authorities. Given this, undoubtedly governments must have explicit permission from their legislatures to engage in any kind of broadening of electronic surveillance powers. Yet, without introducing any new laws, the government has surreptitiously granted itself powers — powers that Parliament hasn’t authorized it to exercise — by sneaking such powers into provisions in contracts and in subordinate legislation.

For more details visit https://cis-india.org/internet-governance/blog/nytimes-july-10-2013-pranesh-prakash-how-surveillance-works-in-india