Centre for Internet and Society

Mapping MAG: A study in Institutional Isomorphism

jyoti — 2017-03-03T00:59:48Z

The paper is an update to a shorter piece of MAG analysis that had been conducted in July 2015. At that time our analysis was limited by the MAG membership data that was made available by the Secretariat. Subsequently we wrote to the Secretariat and this paper is based on the data shared by them including for the years for which membership details were previously not available.

This paper that delves into the history of the formation of the Multi-Stakeholder Advisory Group (MAG) and the Internet Governance Forum (IGF) including the lessons from the past that should be applied in strengthening its present structure. The paper covers three broad areas:

History of the formation of the MAG, its role within the IGF structure, influences that have impinged on its scope of work, manner in which its evolution has deviated from conceptualization
Analysis of MAG membership (2006-2015): Trends in the selection and rotation of the MAG membership
Recommendations to reform MAG/IGF

Jyoti Panday^[1]

The recent renewal of the Internet Governance Forum^[2] (IGF) mandate at the World Summit on the Information Society (WSIS)+10 High-Level Meeting^[3] was something of a missed opportunity. The discussions unerringly focused on the periphery of the problem - the renewal of the mandate, leaving aside questions of vital importance such as strengthening and improving the structures and processes associated with the IGF. The creation of the IGF as a forum for governments and other stakeholders to discuss policy and governance issues related to Internet was a watershed moment in the history of the Internet.

In the first decade of its existence the IGF has proven to be a valuable platform for policy debates, a space that fosters cooperation by allowing stakeholders to self-organise to address common areas of concern. But the IGF rests at being a platform for multistakeholder dialogue and is yet to realise its potential as per its mandate to “find solutions to the issues arising from the use and misuse of the Internet” as well as “identify emerging issues […] and, where appropriate, make recommendations”.^[4]

From the information available in the public domain, it is evident that the IGF is not crafting solutions and recommendations or setting the agenda on emerging issues. Even if unintended, this raises the disturbing possibility that alternative processes and forums are filling the vacuum created by the unrealised IGF mandate and helming policy development and agenda setting on Internet use and access worldwide. This sits uneasily with the fact that currently there is no global arrangement that serves or could be developed as an institutional home for global internet governance issues.

Moreover, the economic importance of the internet as well as its impact on national security, human rights and global politics has created a wide range of actors who seek to exert their influence over its governance. Given the lack of a global centralized body with authority to enforce norms and standards across political and functional boundaries, control of internet is an important challenge for both developed and emerging economies. As the infrastructure over which the internet runs is governed by nation states and their laws, national governments continue to seek to exert their influence on global issues.

Divergence of approaches to regulation and differences in capacity to engage in processes, has led to fragmentation of approaches to common challenges.^[5] Importantly, not all governments are democratic and may exert restrictions on content and access that conflict with the open and global nature of the internet. Alongside national governments, transnational private corporations play a critical role in security and stability of the internet. Much like the state, they too raise the niggling question of how to guard against the guardians.

Corporations control of sensitive information, their institutional identity, secrecy of operations: all are essential to their functioning but could also erode the practice of democratic governance, and the rights and liberties of users online. Additionally, as issues of human rights, access and local content have become interlinked with public policy issues civil society and academia have become relevant to traditionally closed policy spaces. Considering the variety of stakeholders and their competing interests, concerns about ensuring stability and security of the Internet have led the international community to pursue a range of governance initiatives.

Implementing a Multistakeholder Approach

At the broadest level debates about the appropriate way forward has evolved as a contestation between the choice of two models. On the one hand is the state-centric ‘multilateral’ model of participation, and on the other a ‘multistakeholder’ approach that aims for bottom up participation by all affected stakeholders. The multistakeholder approach sees resonance across several quarters^[6] including a high level endorsement from the Indian government last year.^[7] An innovative concept, a multistakeholder approach fits well within the wider debate about rethinking governance in a globalized world.

Proponents of the multistakeholder approach see it as a democratic process that allows for a variety of views to be included in decision making.^[8] Nevertheless, the intertwining of the Internet and society pitches actors and interests at opposing ends. While a multistakeholder approach broadens the scope for participation, it also raises serious issues of representation and accountability. Since multistakeholder processes fall outside the traditional paradigm of governance, establishing legitimacy of processes and structures becomes all the more important.

The multistakeholder concept is only beginning to be critically studied or evaluated. There have been growing concerns, particularly, from emerging economies^[9] of a lack of representation in policy development bodies and that issues affecting marginalised communities being overlooked in policy development process. From this view, the multistakeholder model has created ‘transnational and semi privatized’ structures and ‘transnational elites’.^[10] Such critics define emerging and existing platforms derived from the multistakeholder concept as ‘an embryonic form of transnational democracy’ that are occupied by elite actors.^[11]

Elite actors may include the state, private and civil society organisations, technical and academic communities and intergovernmental institutions. In the context thus sketched out, the key question that the WSIS+10 Review should have addressed is whether the IGF provides the space for the development of institutions and solutions that are capable of responding to the challenges of applying the multistakeholder concept to internet governance. The existing body of work on the role of the IGF has yet to identify, let alone come to terms with, this problem.

Applying critical perspectives examining essential structures and processes associated with the IGF becomes even more relevant given its recently renewed mandate. However, already the forum’s first planning meeting scheduled to take place in Geneva this week is already mired in controversy^[12] after a new Chair was named by the UN Secretary General.

The decision for appointing a new Chair was made without any form of public process, or any indication on the selection criteria. Moreover, the "multistakeholder advisory group" (MAG), which decides the content and substance of the forum, membership was also renewed recently. Problematically most of the nominations put forth by different constituent groups to represent them were rejected and individuals were appointed through a parallel top-down and secretive UN process. Of the 55 MAG members, 21 are new but only eight were officially selected by their respective groups.^[13]

This paper focuses on the role of the MAG structure and functioning and highlights issues and challenges in its working so as to pave the way for strategic thinking on its improvement. A tentative beginning towards identifying what the levers for change can be made by sifting through the eddies of history to uncover how the MAG has evolved and become politicised.

The paper makes two separate, but interrelated claims: first, it argues that as the de-facto bureau essential to the functioning of the IGF, there is an urgent need to introduce transparency and accountability in the selection procedure of the MAG members. Striking an optimum balance between expertise and legitimacy in the MAG composition is essential to ensure that workshops and sessions are not dominated by certain groups or interests and that the IGF remains an open, well-functioning circuit of information and robust debate.

Second, it argues for immediate evaluation of MAG’s operations given the calls for the production of tangible outcomes. There has been on-going discussion within the broader community about the role of the IGF with divisions between those who prefer a narrow interpretation of its mandate, while others who want to broaden its scope to provide policy recommendations and solutions.^[14]

The interpretation of the IGF mandate and whether the IGF should make recommendations has been a sticking point and is closely linked to the question of IGF’s legitimacy and relevance. Be that as it may, the intersessional work, best practices forum and dynamic coalitions over the last ten years have led to the creation of a vast repository of information that should feed into the pursuit of policy options and identification of best practices.

The true test of the multistakeholder model is not only to bring together wide range of views but to also ensure that accumulated knowledge is applied to address common problems. Implementing a multistakeholder approach and developing solutions necessitates enhanced coordination amongst stakeholder groups and in the context of the IGF, is contingent on the strength and stability of the MAG to be able to facilitate such cooperation.

The paper is organised in three parts: in the first section I delve into the history of the formation of the MAG. To understand the MAG’s role within the IGF structure it is essential to revisit the influences that shaped its conceptualisation and subsequent evolution over the decade. A critical historical perspective provides the context of the multiple considerations that have impinged on MAG’s scope of work, of the manner in which MAG’s evolution has deviated from intentions, and the lessons from the past that should be applied in strengthening its present structure.

The second section analyses trends in the selection and rotation of the MAG membership and traces out the elite elements in the composition of the MAG. The analysis reveals two distinct stages in the evolution of the MAG membership which has remained significantly homogeneous across stakeholder representation. The final section of the paper focuses on a set of recommendations to ensure that the MAG is strengthened, becomes sustainable and provides the impetus for IGF reform in the future.

Origins of the IGF

The WSIS process was divided in two phases, the Geneva phase focused on principles of internet governance. The outcome documents of the first phase included a Declaration of Principles and a Plan of Action being adopted by 175 countries. Throughout the process, developing countries such as China, Brazil and Pakistan opposed the prevailing regime that allowed US dominance and control of ‘critical infrastructure’. As the first phase of the WSIS could not resolve these differences the Working Group on Internet Governance (WGIG) was set up by the UN Secretary General to deliberate and report on the issues.

The establishment of the WGIG is an important development in the WSIS process not only because of the recommendations it developed to feed into the second phase of the negotiations, but also because of the procedural legitimacy the WGIG established through its working. The WGIG embodied the multistakeholder principle in its membership and open consultation processes. WGIG members were selected and appointed in their personal capacity through an open and consultative process. As a result the membership demonstrated diversity in the geography, stakeholder groups represented and gender demographics.

The consultations were open, transparent and allowed for a diverse range of views in the form of oral and written submissions from the public to feed into the policy process. At its final meeting the WGIG membership divided into smaller working groups to focus on specific issues, and reassembled at the plenary to review, discuss and consolidate sections which were then approved in a public forum. As the WGIG background paper notes “The WGIG agreed that transparency was another key ingredient to ensure ownership of the process among all stakeholders.”^[15]

The WGIG final report^[16] identified a vacuum within the context of existing structures and called for the establishment of a forum linked to the UN. The forum was to be modelled on the best practices and open format of the WGIG consultative processes allowing for the participation of diverse stakeholders to engage on an equal footing. It was in this context that the IGF was first conceptualised as a space for global multistakeholder ‘dialogue’ which would interface with intergovernmental bodies and other institutions on matters relevant to Internet governance.

The forum was conceived as a body that would connect different stakeholders involved in the management of the internet, as well as contribute to capacity-building for governance for developing countries drawing on local sources of knowledge and expertise. Importantly, the forum was to promote and assess on an ongoing basis the embodiment of WSIS principles in Internet governance processes and make recommendations’ and ‘proposals for action’ addressing emerging and existing issues not being dealt with elsewhere. However, as things turned out the exercises of power between states and institutional arrangements ultimately led to the development of a subtly altered version of the original IGF mandate.

Aftermath of the WGIG Report

The WGIG report garnered much attention and was welcomed by most stakeholders with the exception of the US government which along with private sector representatives such as Coordinating Committee of Business Interlocutors (CCBI) disagreed with the recommendations.^[17] Pre-empting the publication of the report, the National Telecommunications and Information Administration (NTIA) issued a statement in June 2005 affirming its resolve to “maintain its historic role in authorizing changes or modifications to the authoritative root zone file.”^[18]

The statement reiterated US government’s intention to fight for the preservation of the status quo, effectively ruling out the four alternative models for internet governance put forward in the WGIG report. The statement even referenced the WGIG report stating, “Dialogue related to Internet governance should continue in relevant multiple fora. Given the breadth of topics potentially encompassed under the rubric of Internet governance there is no one venue to appropriately address the subject in its entirety.”^[19]

The final report was presented to PrepCom 3 of the second phase in July 2005 and the subsequent negotiations were by far, the most significant in the context of the role and structure that the IGF would take in the future. US stance on its role with regard to the root zone garnered pushback from both civil society and other governments including Russia, Brazil, Iran and China. However the most significant reaction to US stance came from the European Union issuing a statement after the commencement of PrepCom 3 in September.

EU’s position recognised that adjustments were needed in institutional arrangements for internet governance and called for a new model for international cooperation which would include “the development and application of globally applicable public policy principles.”^[20] the US had not preempted this “shocking and profound change” and now isolated in its position on international governance of the internet, and it sent forth a strongly worded letter^[21] invoking its long-standing relationship and urging the EU to reconsider its stance.

The pressure worked since the US was in a strong position to stymie the achievement of a resolution from WSIS process. Moreover, introducing reforms to the internet naming and numbering arrangements was not possible without US cooperation. The letter resulted in EU going back on its aggressive stance and with it, the push for the establishment of global policy oversight over the domain names and numbers lost its momentum.

The letter significantly impacted the WSIS negotiations and shaped the role of the IGF. By creating a deadlock and by applying pressure US was able to negotiate a favourable outcomes for itself. The last minute negotiations led to the status quo continuing and in exchange the US provided an undertaking that it would not interfere with other countries’ ccTLDs. The weakened mandate meant that even though creation of the IGF under the WSIS process moved forward the direction changed from its conceptualisation and origins from the WGIG report.

Institutionalizing the IGF

In 2006, the UN Secretary General appointed Markus Kummer to assist with the establishment of the IGF. The newly formed IGF Secretariat initiated an open consultation to be held in Geneva in and issued an open call to stakeholders seeking written submissions as inputs into the consultation.^[22] Notably neither the US government nor the EU sent in a response to the consultation and submissions made by other stakeholders were largely a repetition of the views expressed at WSIS.

The division on the mandate of IGF was evident in this very first consultation. Private sector representatives such as the CCBI and ICC-Basis, government representatives from OECD countries like Canada and the technical community represented by likes of Nominet and ISOC^[23] opposed the development of the IGF as platform for policy development. On the other hand, civil society representatives such as APC called for the IGF to produce specific recommendations on issues where there is sufficient consensus.^[24]

With reference to the MAG structure, again there was division on whether the “effective and cost-efficient bureau” referred to in the Tunis Agenda should have a narrow mandate limited to setting the agenda for plenary meetings or if it should have a more substantial role. Civil society stakeholders envisioned assigning the bureau a more substantial role and notably the Internet Governance Project (IGP) discussion paper released in advance of the February 2006 Geneva consultations.^[25]

The paper offered design criteria for the Forum including specific organizational structures and processes proposing “a small, quasi-representational decision making structure” for the IGF Bureau.^[26] The paper recommended formation of twelve member bureau with five representatives from governments (from each UN geographic region) and two each from private sector civil society academic and technical communities. The bureau would set the agenda for the plenary meeting not arbitrarily through private discussions, but driven by working group proposals and it would also have the power to approve or reject applications for forming working groups.

The proposed structure in the IGP paper had it been implemented would have developed the bureau along the lines of the IETF where the working groups would develop recommendations which would feed into the deliberation process. However, there was a clear divide on the proposed structure with many stakeholders opposing the establishment of sub-groups or committees under the IGF.^[27]

Following the written submissions the first open consultations on the establishment of the IGF were held in Geneva on 16 and 17 February 2006, and were chaired by Nitin Desai.^[28] The consultation was well attended with more than 300 participants including 40 representatives from governments and the proceedings were webcast. Further, the two-day consultation was structured as a moderated roundtable event at which most interventions were read from prepared statements, many of which were also tabled as documents and later made available from the IGF Web site. This ofcourse meant that there was a repetition of the views expressed in response to the questionnaire or the WGIG report and as a consequence, there was little opportunity for consensus-building.

Once again there was conflict on whether the IGF should be conceptualised as annual ‘event’ that would provide space for policy dialogue or a ‘process’ of engaging with policy issues which would culminate in an annual event. The CCBI reiterated that “[t]he Tunis Agenda is clear that the IGF does not have decision-making or policy-making authority,” and the NRO emphasised that the “IGF must be a multi-stakeholder forum without decision-making attributions.”^[29]

William Drake argued for the IGF “as a process, not as a series of one-off meetings, but as a process that would promote collective dialogue, learning, and mutual understanding on an ongoing basis.”^[30] Government representatives were split for example see El Salvador statement “that the Internet Governance Forum will come up with recommendations built on consensus on specific issues,” and Brazil even characterised the first meeting as “an excellent opportunity to initiate negotiations on a framework treaty to deal with international Internet public policy issues.”^[31]

Although a broad consensus was declared on need for a lightweight multi-stakeholder bureau there was no consensus on its size, composition and the mandate of this bureau. Nitin Desai held the issue for further written input and the subsequent consultation received twelve submissions with most respondents recommended a body of ten and twenty five members. The notable exceptions were submissions from the Group of 77 and China that sought a combined total of forty members half of which would be governmental representatives.

The discussions during the February consultations and the input received from the written submissions paved the way for what eventually became the MAG. The IGF Secretariat announced the formation of a bureau with forty members and while not expressly stated, half of these would be governmental representatives. It has been speculated that the large membership decision was a result of political wrangling among governments, especially the G77 governments insisting on large group that would accommodate all the political and regional differences among its members.^[32]

IGF Secretariat - Set to Fail?

The unwieldy size of the MAG meant that it would have to rely on the newly constituted Secretariat for organization, agenda-setting, and results. This structure empowered the Secretariat while limiting the scope of the MAG, a group that was already divided in its interests and agenda. However, the Secretariat was restrained in its services to stakeholders as it had limited resources since it was not funded by the United Nations and relied upon voluntary donations to a trust fund.^[33]

Early donors included the Swiss Agency for Development and Cooperation (SWADC), ICANN and Nominet.^[34] Due to disjointed sources of funding, the Secretariat was vulnerable to the influence of its donors. For example, the decision to to base the Secretariat in Geneva was to meet the condition set by SWADC contribution. Distressingly, of the 20 non-governmental positions in the MAG, most were directly associated with the ICANN regime.

The over-representation of ICANN representatives in MAG selection was problematic since the IGF was conceptualised to address the lack of acceptance of ICANN’s legitimacy in the WSIS process. The lack of independent funding led to a deficit of accountability demonstrated in instances where it was possible for one of the MAG members to quietly insinuate that private sector support for the IGF and its Secretariat would be withdrawn if reforms unacceptable to that stakeholder group went ahead.^[35]

As might perhaps be expected from a Secretariat with such limited resources, its services to stakeholders were confined to maintaining a rudimentary website and responding to queries and requests. The transparency of the Secretariat’s activities was also very limited, most clearly exemplified by the process by which the Advisory Group was appointed.

Constituting the MAG

Following the announcement of the establishment of the MAG, a call for membership to the advisory group was made in March 2006. From the beginning the nomination process was riddled with lack of transparency and the nominations received from stakeholders were not acknowledged by the IGF Secretariat, nor was the selection criteria of made available. The legitimacy of the exercise was also marred by a top-down approach where first that nominees heard of the outcomes was the Secretariat's announcement of selected nominees. Lack of transparency and accountability resulted in the selection and appointment procedure being driven by patronage and lobbying.

The political wrangling was evident in the composition of the first MAG which was expanded to accommodate six regional coordinators personally appointed by Chair Nitin Desai to the Special Advisory Group (SAG). Of the twenty non-governmental positions, most were associated with the naming and numbering regime including sitting and former Board members and ICANN staff.^[36] Participation from civil society was limited as the composition did not recognise^[37] technical community as a distinct group, including it along with academic community and as part of civil society.

The political struggles at play was visible in the appointment of Michael D. Gallagher, the former head of the US Commerce Department's NTIA. This appointment was all the more relevant since it was Gallagher who had had only a few months back stated that the US government owns the DNS root and has no intention of giving it up. His presence signalled that the US government took the forum seriously enough to ensure its interests were voiced and received attention on the MAG.

Beyond issues of representation the working of the MAG suffered from a serious lack of transparency as meetings of the Advisory Group were closed, and no reports or minutes were released. The Advisory Group met in May and September in Geneva before the inaugural IGF meeting in Athens. Coordination between members for the preparations for Athens was done utilising a closed mailing list that was not publicly archived. Consequently, the detail of the operations of the Advisory Group ahead of the first IGF meeting were known only to its members.

Whatever little has been reported suggests that the Advisory Group possessed little formal authority, operating like a forum where members expressed views and debated issues without the object of taking formal decisions. Decisions were settled upon by rough consensus as declared by the Chair, and on all matters where there was no agreement the issues were summarised by the Chair in a report to the UN Secretary-General. The Secretary-General would take the report summary in consideration however retained the ultimate authority to make a formal decision.^[38]

The UN’s clear deciding role was not so obvious in the early years of the MAG’s existence because of the relatively novel nature of the IGF. Moreover Nitin Desai Chair, MAG and Markus Kummer, IGF Secretariat were appointed by the UN Secretary General and were on good terms with the then-Secretary General Kofi Annan and working together they acted as de facto selectors of the members of the MAG. Most of the MAG’s core membership in the first five years of its existence was made up of leaders from across the different stakeholder groups and self-selection within those groups was encouraged to lend broader stability.

Over the last decade, changes in institutional arrangements led the IGF to be moved as a ‘project’ under the UNDESA umbrella, where it is not a core mission, but simply one of many conferences that it handles across the world every year. The core personnel that shepherded the MAG and the IGF from its early days retired allowing for the creation a new core membership. The new group of leaders in the MAG membership have emerged partly as the result of selection and rotation process instituted by the UNDESA in appointing a ‘program committee’.

The history presented above is to help understand how the MAG was established under the UN umbrella and to highlight the key developments that shaped its scope and working. Importantly the weakened IGF mandate created divergences on the scope of the MAG to function as a ‘program committee’ limited to selecting proposals and planning the IGF or as an ‘advisory committee’ with a more substantial role in developing the forum as an innovative governance mechanism. In its conception the IGF was a novel idea and by empowering MAG and introducing transparency in the selection procedures of members and their workings could have perhaps led to a more democratic and accountable IGF. However, the possibility of this was stemmed early on.

The opacity in the appointment processes meant that patronage and lobbying became key to being selected as a member of the MAG. It established the worrying trend of ensuring diversity and representation taking precedent over the necessity of ensuring that representatives were appointed through a bottom-up multistakeholder process. Further, distributing the composition to ensure geographic representation severely limited participation of technical, academic and civil society. In the next section, I focus on the rotation of members of the MAG over the last ten years to identify and highlight trends that have emerged in its composition.

Analysis of MAG Composition (2006 - 2015)

This primary data for the analysis of the MAG membership has been collected from the membership list from 2010-2015 available on the I website. The membership list for 2005, 2006, 2007 and 2008 have been provided by the UN IGF Secretariat during the course of this research. To the best of my knowledge, this data is yet to be made publicly available and may be accessed here.^[39] The Secretariat notes that the MAG membership did not change in 2008 and 2009 and the confirmation is the only account of the list of members for both years, as the records were poorly maintained and are therefore unavailable in the public domain.

It is also worth noting that to the best of my knowledge, no data has been made available by the IGF Secretariat regarding the nomination process and the criteria on which a particular member has been re-elected to the MAG. The stakeholder groups identified for this analysis include government, civil society, industry, technical community and academia. Any overlap between two or more of these groups or movements of individuals between stakeholder groups and affiliations has been taken into account.

Over the decade of its existence, the MAG has had 196 unique members from various stakeholder groups. As per the Terms of Reference^[40] (ToR) of the MAG, it is the prerogative of the UN Secretary General to select MAG members. There also exists a policy of rotating one-third members of MAG every year for diversity and taking new viewpoints in consideration. Diversity within the UN is an ingrained process where every group is expected to be evenly balanced in geographic and gender representation. However, ensuring a diverse membership often comes at the cost of legitimate expertise. Further it may often lead to top-down decision making where individuals are appointed based on their characteristics rather than qualifications.

The complexity of the selection process is further compounded by the fact that the IGF Secretariat provides an initial set of recommendations identifying which members should be appointed to the MAG, but the selection and appointment is undertaken by UNDESA civil servants based in New York. Notably, while the IGF Secretariat staff is familiar with and interacts with stakeholder representatives at internet governance meetings and forums that are regularly held in Geneva, the New York UN based officials do not share such relationships with constituent groups.

Consequently, they end up selecting members who meet all their diversity requirements and have put themselves forward through the standard UN open nomination process. The practice of ensuring that UN diversity criteria is met, creates tension within the MAG membership as representatives nominated by different stakeholder and who have more legitimacy within their respective constituencies are not appointed to the MAG.

The stress on maintaining diversity is evident in the MAG membership’s gradual expansion from an initial group of 46 members in 2006 to include a total of 56 members as of 2015. However the increase in membership has not impacted representation of the technical, academic and civil society constituencies with only 56 members having been appointed from the three groups over the last decade.

This is problematic considering that at the time of its constitution of the MAG the composition did not recognise^[41] technical community as a distinct group, including it along with academic community as part of civil society. Consequently the three stakeholder groups have been represented collectively in the MAG and yet account for only 24.77% of the total membership compared to the government’s share of 39.3% and industry’s share of 35.7% respectively. At the regional level too membership across the three groups has ranged between 20-25% of the total membership.

The technical community is the least represented constituency accounting for only 5% of the total membership with only 10 members having been appointed over ten years. Of the 10, 6 were appointed from the WEOG region and there were no representatives appointed from the GRULAC region. Representatives from academia accounted for only 6% of the total membership with 13 representatives from the group having been appointed on the MAG. The technical community representation too was low from the US with only two members being appointed to the MAG and with each serving for a period of three years.

Civil society accounted for only 17% of the total membership with a total of 33 members and representation from the constituency was abysmally low across all regions. Civil society representation from the US included a total of five members, of which one served for one year, three served for two years each and only one representative continued for more than three years. Notably, there have been no academics from the US which is surprising given that most of the scholarship on internet governance is dominated by US scholars.

Industry was second largest represented group with a total of 64 members appointed to the MAG of which a whopping 30 members were appointed from the WEOG region. Representation was the highest across WEOG countries with 39.47% of the total membership and the group accounted for 32.4% and 32.5% of the total members from Africa and Asia Pacific respectively. Across Eastern European and GRULAC countries industry representation was very low accounting for merely 11.53% and 18.18% of the total membership respectively. Industry representative from the US Included two members serving one year each, five members who served two years each, two members who continued for three years each, one member was appointed for five years, one member who completed the maximum MAG term of eight years.

It is also interesting to note that the industry membership base expanded steadily, spiking in 2012 with a total of 40 representatives from the industry on the MAG. When assessed against the trend of the core leadership trickling out in 2012, the sudden increase in industry representation may point to attempts at capture from the stakeholder group in 2012. Industry representation from US in the MAG was by far the most consistent over the years and had the most evenly distributed appointment terms for members within a group.

Government has been the most dominant group within the MAG averaging a consistent 40% of the total membership over the last 10 years. At a regional level representation on the MAG was highest from Eastern Europe with more than 61% of its total membership comprising of individuals from the government constituency. GRULAC countries appointments to the MAG also demonstrate a preference for government representation with almost 58% of the total members appointed from within this group. The share of government representation in the total membership from Asia Pacific was 47.5% and 32.43% across Africa.

Another general policy followed in the selection procedure is that members are appointed for a period of one year, which is automatically extendable for two more years consecutively depending on their engagement in MAG activities. Members serving for one year term is inevitable due to the rotation policy, as new members replace existing members and often it may be the case of filling slots to ensure stakeholder group, geographic and gender diversity. Due to the limited resources made available for coordination between MAG members, one year appointments may not allow sufficient time for integrating new members into the procedures and workings of UN institutions.

Over the last decade 24.36% of the total appointed MAG members have been limited to serving a term of one year. Of the total 55 one year appointments 26 individuals served their first term in 2015 alone. This includes all nine representatives of civil society and it could be argued that for a stakeholder group with only 11% of the total membership share, such a rehaul weakens the ability of members to develop linkages severely limiting their ability to exert influence on decision making within the MAG.

Interestingly, the analysis reveals that one year term was a trend in the early years of the MAG where a core group took on the leadership role and continued guiding activities for newcomers including negotiating often conflicting agendas. The pattern of one year appointments was hardly visible from 2008-2012 but picked up again in 2013 and has continued ever since. The trend is perhaps indicative of the movement in the core MAG leadership as many of the original members retired or moved on to other engagements from 2010.

Importantly, the MAG ToR note that in case there is a lack of candidates fitting the desired area or under exceptional circumstances a member may continue beyond three years. However in the formative years the MAG this exception was the norm with most members continuing for more than three years. An analysis of the membership reveals that between 2006-2012 an elite core emerges which guided and was responsible for shaping the MAG and the IGF in its present day format. No doubt some of these members were exceptional talents and difficult to replace, however the lack of transparency in the nomination system makes it difficult to determine the basis on which these people continued beyond the stipulated one year term.

The analysis also suggests a shift in the leadership core over the last three years and points that a new leadership group is emerging which is distinguishable in that most members have served on the MAG for three or four years. Members serving for one, two or three years makes up more than 75% of the total membership and 111 individual members have served more than 2 years on the MAG. This could be the result of the depletion in membership of those familiar with internal workings and power structures within the UN, and the selection and rotation criteria and procedures that have weakened the original composition over the last decade.

Rotating membership might be necessary to prevent capture from any particular constituency or group, on the other hand more than half of the total members have spent less than three years on the MAG which makes the composition a shifting structure that limits long term engagement. Regular rotation of members can also lead to power struggles as continuing members exercise their influence to ensure that more members from within their constituency groups are appointed. Only seven individuals have completed the maximum term of eight years on the MAG while 23 individuals have completed five years or more on the MAG.

Finally, in terms of gender diversity, the ratio of male to female members is approximately 13:7 in the total membership with the approximate value in percentage being 65% and 35% respectively. Female representatives from WEOG countries dominate with a total of 29 women having been appointed from the region. Participation of women was the lowest across Asia Pacific and Eastern Europe with only nine and five representatives having been appointed respectively. There was a better balance of gender ratios across countries from Africa and GRULAC with 12 and 14 females having been appointed from the region.

Further analysis and visualisations derived from the MAG composition and identifying trends in appointment of individual members are available on the CIS website. The visualizations include MAG membership distribution across region^[42] and stakeholder groups^[43], evolution of stakeholder groups over the years^[44], stakeholder group distribution across countries^[45] and the timeline of total number of years served by individual members^[46]. The valuation also include a comparison of stakeholder group representatives appointed across India and the USA.^[47]

Recommendations: Reforming MAG & the IGF

Between April 4-6, 2016 the MAG convened in Geneva towards the IGF’s first planning meeting for the year^[48]. The meeting marks the beginning of MAG’s work in planning and delivering the forum, the first in its recently renewed and now extended mandate. This report is a much needed documentation of its working and processes and has been undertaken as an attempt to scrutinize if the MAG is truly a multi-stakeholder institution or if it is has evolved as a closed group of elite members cloaked in a multi-stakeholder name.

There is very little literature on the evolution of, or critiquing the MAG structure partly due to it being a relatively new structure and partly due its workings being shrouded in secrecy. The above analysis has been conducted with the aim of trying to understand MAG’s functioning of the selection of its membership. The paper explores the history of the formation of IGF and the MAG to identify the geo-political influences that have contributed to the MAG’s evolution and role in shaping the IGF over the last decade.

In this section I apply the theory of institutional isomorphism developed by DiMaggio and Powell in their seminal paper^[49] on organizational theory and social change. The paper posits that as organisations emerge as a field, a paradox arises where rational actors make their organizations increasingly similar as they try to change them. A focus on institutional isomorphism can add a much needed perspective on the political struggle for organizational power and survival that is missing from much of discourse and literature around the IGF and the MAG.

A consideration of isomorphic processes also leads to a bifocal view of power and its application in modern politics. I believe that there is much to be gained by attending to similarity as well as to variation between organisations within the same field and, in particular, to change in the degree of homogeneity or variation over time. In this paper I have attempted to study the incremental change in the IGF mandate as well as in the selection of the MAG members.

Applying the theoretical framework proposed by DiMaggio and Powell I identify possible areas of concern and offer recommendations for improvement of the IGF and reform of the MAG. I detail these recommendations through the impact of resource centralization and dependency, goal ambiguity, professionalization and structuration on isomorphic change. There is variability in the extent to and rate at which organizations in a field change to become more like their peers. Some organizations respond to external pressures quickly; others change only after a long period of resistance.

DiMaggio and Powell hypothesize that the greater the extent to which an organizational field is dependent upon a single (or several similar) source of support for vital resources, the higher the level of isomorphism. Their organisational theory also posits that the greater the extent to which the organizations in a field transact with agencies of the state, the greater the extent of isomorphism in the field as a whole. As my analysis reveals both hypotheses hold true for the IGF which is currently defined as a ‘project’ of the UNDESA. Since the IGF and the MAG are dependent on the UN for their existence, it is not surprising that both structures emulate the UN principles for diversity and governmental representation.

It is also worth noting that UN projects are normally not permanent and require regular renewal of mandate, reallocation of resources and budgets. When budget cuts take place as was the case during the global economic crisis, project funding is jeopardized as was the case when the IGF was left without an executive coordinator or a secretariat due to UN budget cuts.

This led to constituent groups coming together to directly fund the IGF secretariat through a special IGF Trust Fund created under an an agreement with the United Nations and to be administered by the UNDESA.^[50] The fund was drawn up to expire on 31 December 2015 and efforts to renew contribution to the fund for 2016 is being opposed and questions on the legality of the arrangement are being raised.^[51]

It is widely rumoured that the third party opposing the contribution is UNDESA itself. Securing guaranteed, stable and predictable funding for the IGF, including through a broadened donor base, is essential for the forum’s long term stability and ability to realize its underutilized potential. There have been several suggestions from the community in this regard including IT for Change’s suggestion that part of domain names tax collected by ICANN should to be dedicated to IGF funding through statutory/ constitutional arrangements. Centralisation of resources may lead to power structures being created and therefore any attempts at IGF and MAG reform in the future must consider the choice between incorporating the IGF as a permanent body with institutional funding under the UN and the implications of that on the forum’s structure.

There are four other hypotheses in DiMaggio and Powell’s framework that may be helpful in identifying levers for improvement of the IGF and the MAG. The first states that, the greater the extent to which goals are ambiguous within afield, the greater the rate of isomorphic change. As my analysis suggests, there is an urgent need to address the decade long debate on the MAG’s scope as a programme committee limited to planning an annual forum.

The question is linked to the broader need to clarify if the IGF will continue to evolve as an annual policy-dialogue forum or if it can take on a more substantive role that includes offering recommendations and assisting with development of policy on critical issues related to internet governance. Even the MAG is divided in its interpretation of its roles and responsibilities. A resurgence of the IGF necessitates that the global community reassess the need of the forum not only on the mandate assigned to it at the time of its conceptualisation but also in light of the newer and more complex challenges that have emerged over the decade.

The second hypothesis holds that the greater the extent of professionalization in a field greater the amount of institutional isomorphic change. DiMaggio and Powell measure professionalization by the universality of credential requirements, the robustness of training programs, or the vitality of professional associations. As the MAG composition analysis reveals the structure has evolved in a manner that gives preference to participation from the government and industry over participation from civil society, technical and academic communities.

Since the effect of institutional isomorphism is homogenization, the best indicator of isomorphic change is a decrease in variation and diversity, which could be measured by lower standard deviations of the values of selected indicators in a set of organizations. Such professionalization is evident in the functioning of the MAG that has taken on bureaucratic structure akin to other UN bodies where governmental approval weighs down an otherwise light-weight structure. Further the high level of industry representation creates distrust amongst other stakeholders and may be a reason the forum lacks legitimacy as a mechanism for governance as it could be perceived as being susceptible to capture.

The third hypothesis states that fewer the number of visible alternative organizational models in a field, the faster the rate of isomorphism in that field. The IGF occupies a special place in the UN pantheon of semi-autonomous groups and is often held up as a shining example of the ‘multistakeholder model’, where all groups have an equal say in decisions. Currently, there is no global definition of the multistakeholder model which at best remains a consensus framework for legitimizing Internet institutions.

It is worth noting that the system of sovereignty where authority is imposed is at odds with the earned authority within Internet institutions. Given the various interpretations of the approach, if multistakeholderism is to survive as a concept then it needs to be understood as a legitimizing principle that is strictly at odds with state sovereignty-based conceptions of legitimacy.^[52] Under a true multistakeholder system, states can have roles in Internet governance but they cannot unilaterally declare authority, or collectively assert it without the consent of the rest of the Internet.

Unfortunately as the MAG membership reveals the composition is dominated by governmental representatives who seek to enforce territorial authority over issues of global significance. Further, while alternative approaches to its application exist within the ecosystem they are context specific and have evolved within unique environments.^[53] As critics note emerging and existing platforms derived from the multistakeholder concept create ‘an embryonic form of transnational democracy’. Therefore it is important to recognise that the IGF is a physical manifestation of a much larger ideal, one where individuals and organizations have the ability to help shape the Internet and the information society to which it is intrinsically connected. This points to the need to study and develop alternative models to multistakeholder governance while continuing to strengthen existing practices and platforms.

As such, the IGF and its related local, national and regional initiatives represent a critical channel for expression especially for countries where such conversation is not pursued adequately and keeps discussions of the internet in the public space as opposed to building from regional/national initiatives. However, interaction between the global IGF and national IGFs is yet to be established. The MAG can play a critical role in developing and establishing mechanism to improve the national IGFs coordination with regional and national initiatives. A strengthened IGF could better serve national initiatives by providing formal backing and support to develop as platforms for engaging with long standing and emerging issues and identifying possible ways to address them.

DiMaggio and Powell’s final hypothesis holds that the greater the extent of structuration of a field, the greater the degree of isomorphism. As calls for creating structures to govern cyberspace pick up pace and given the extension of the IGF mandate its structure and working are in need of a rehaul. More research and analysis is needed to understand if there is a preferred approach for multistakeholder participation and engagement is emerging within both the IGF and MAG.

For example, if a portion or category of stakeholder group, countries and regions are not engaging in common dialogue, does the MAG have the mandate to promote and encourage participation? Has a process been established for ensuring a right balance when engaging different stakeholders and if yes, how is such a process initiated and promoted? The data shared by the IGF Secretariat confirmed that there were no records of the nomination procedure, that the membership list was missing for a year and that there was confusion in some cases who the nominees were are actually representing.

This opens up glaring questions on the legitimacy of the MAG such as on what criteria were MAG members selected and rotated? Was this evaluation undertaken by objective criteria or were representative handpicked by the UN? Moreover, it is important to asses of selection took place following an open call for nominations; or if members were handpicked by UN. Such analysis will help determine if there is scope within the current selection procedure to reach out to the wider multistakeholder community or if all MAG activities and discussions are restricted to its constituent membership. Clarifying the role of the IGF in the internet governance and policy space is inextricably linked to reforms in the MAG structure and processes and the questions raised above need urgent attention.

While these issues have been well known and documented for a number of years, yet there has been no progress on resolving them. Currently there is no website or document that lists the activities conducted by MAG in furtherance of ToR, nor does it produce annual report or maintain a publicly archived mailing list. Important recommendations for strengthening the IGF were made by the UN CSTD working group on IGF improvements.

The group took two years to produce its report identifying problems and offering recommendations that were to be implemented by end of 2015 and yet many of the problems identified within it have yet to be addressed. Worryingly, an internal MAG proposal to set up a working group to dig into the delays is being bogged down with discussions over scope and membership and a similar effort six months ago was also shot down.^[54]

The ineffectiveness of the MAG to institute reform have led to calls for a new oversight body with established bylaws as the MAG in its present form does not seem up to the task. Further the opaque decision making process and lack of clarity on the scope of the MAG means that each time it undertakes efforts for improvements these are thwarted as being outside of its mandate. There remains a lot of work to be done in strengthening the MAG structure as the group that undertakes the day-to-day work of the IGF and the many issues that plague the role and function of the IGF. A tentative beginning can be made by introducing transparency and accountability in MAG member selection.

^[1] This paper has been authored as part of a series on internet governance and has been made possible through a grant from the MacArthur Foundation.

^[2] The Internet Governance Forum See: http://www.intgovforum.org/cms/

^[3] World Summit on the Information Society (WSIS)+10 High-Level Meeting See: https://publicadministration.un.org/wsis10/

^[4]The mandate and terms of reference of the IGF are set out in paragraphs 72 to 80 of the Tunis Agenda for the Information Society (the Tunis Agenda). See: http://www.itu.int/net/wsis/docs2/tunis/off/6rev1.html

^[5] Samantha Bradshaw, Laura DeNardis, Fen Osler Hampson, Eric Jardine and Mark Raymond ‘The Emergence of Contention in Global Internet Governance’, the Centre for International Governance Innovation and Chatham House, 2015 See: https://www.cigionline.org/sites/default/files/no17.pdf

^[6] Mikael Wigell, ‘Multi-Stakeholder Cooperation in Global Governance’, The Finnish Institute of International Affairs. June 2008, See: https://www.ciaonet.org/attachments/6827/uploads

^[7] Arun Mohan Sukumar, India’s New ‘Multistakeholder’ Line Could Be a Game Changer in Global Cyberpolitics,The Wire, 22 June 2015 See:http://thewire.in/2015/06/22/indias-new-multistakeholder-line-could-be-a-gamechanger-in-global-cyberpolitics-4585/

^[8] Background Note on Sub-Theme Principles of Multistakeholder/Enhanced Cooperation, IGF Bali 2013 See: https://www.intgovforum.org/cmsold/2013/2013%20Press%20Releases%20and%20Articles/Principles%20of%20Multistakeholder-Enhanced%20Cooperation%20-%20Background%20Note%20on%20Sub%20Theme%20-%20IGF%202013-1.pdf

^[9] Statement by Mr. Santosh Jha, Director General, Ministry of External Affairs, at the First Session of the Review by the UN General Assembly on the implementation of the outcomes of the World Summit on Information Society in New York on July 1, 2015 See: https://www.pminewyork.org/adminpart/uploadpdf/74416WSIS%20stmnt%20on%20July%201,%202015.pdf

^[10] Jean-Marie Chenou, Is Internet governance a democratic process ? Multistakeholderism and transnational elites, IEPI – CRII Université de Lausanne, ECPR General Conference 2011,Section 35 Panel 4 See: http://ecpr.eu/filestore/paperproposal/1526f449-d7a7-4bed-b09a-31957971ef6b.pdf

^[11] Ibid. 9

^[12] Kieren McCarthy, ‘Critics hit out at 'black box' UN internet body’, The Register 31 March 2016 See: http://www.theregister.co.uk/2016/03/31/black_box_un_internet_body/?page=3

^[13] Ibid.

^[14] Malcolm Jeremy, ‘Multistakeholder governance and the Internet Governance Forum, Terminus Press 2008

^[15] Background Report of the Working Group on Internet Governance June 2005 See: https://www.itu.int/net/wsis/wgig/docs/wgig-background-report.pdf

^[16] Report of the Working Group on Internet Governance, Château de Bossey June 2005 http://www.wgig.org/docs/WGIGREPORT.pdf

^[17] Compilation of Comments received on the Report of the WGIG, PrepCom-3 (Geneva, 19-30 September 2005) See: http://www.itu.int/net/wsis/documents/doc_multi.asp?lang=en&id=1818%7C2008

^[18] U.S. Principles on the Internet's Domain Name and Addressing System June 30, 2005 See: https://www.ntia.doc.gov/other-publication/2005/us-principles-internets-domain-name-and-addressing-system

^[19] Ibid. 16.

^[20] Tom Wright, ‘EU Tries to Unblock Internet Impasse’, International Herald Tribune

Published: September 30, 2005 See: http://www.nytimes.com/iht/2005/09/30/business/IHT-30net.html

^[21] Kieren McCarthy, Read the letter that won the internet governance battle’, The Register, 2 Dec 2005 See: http://www.theregister.co.uk/2005/12/02/rice_eu_letter/

^[22] United Nations Press Release, 2 March, 2006 Preparations begin for Internet Governance Forum,

http://www.un.org/press/en/2006/sgsm10366.doc.htm

^[23] The Internet Society’s contribution on the formation of the Internet Governance Forum, February 2006 See: http://www.internetsociety.org/sites/default/files/pdf/ISOC_IGF_CONTRIBUTION.pdf

^[24] APC, Questionnaire on the Convening the Internet Governance Forum (IGF) See:http://igf.wgig.org/contributions/apc-questionnaire.pdf

^[25] Milton Mueller, John Mathiason, Building an Internet Governance Forum, 2 Febryary 2006, See: http://www.internetgovernance.org/wordpress/wp-content/uploads/igp-forum.pdf

^[26] Ibid.

^[27] Supra note 11.

^[28] Supra note 20.

^[29] Consultations on the convening of the Internet Governance Forum, Transcript of Morning Session 16 February 2006. See: http://unpan1.un.org/intradoc/groups/public/documents/igf/unpan038960.pdf

^[30] Ibid.

^[31] Ibid.

^[32]Milton Mueller, ICANN Watch, ‘The Forum MAG: Who Are These People?’ May 2006 See: http://www.icannwatch.org/article.pl?sid=06/05/18/226205&mode=thread

^[33] IGF Funding, See: https://intgovforum.org/cmsold/funding

^[34] Supra note 12.

^[35] Ibid.

^[36] ICANN’s infiltration of the MAG was evident in the composition of the first advisory group which included Alejandro Pisanty and Veni Markovski who were sitting ICANN Board members, one staff member (Theresa Swineheart), two former ICANN Board members (Nii Quaynor and Masanobu Katoh); two representatives of ccTLD operators (Chris Disspain and Emily Taylor); two representatives of the Regional Internet Address Registries (RIRs) (Raul Echeberria and Adiel Akplogan). Even the "civil society" representatives appointed were all associated with either ICANN's At Large Advisory Committee or its Noncommercial Users Constituency (or both) Adam Peake of Glocom, Robin Gross of IP Justice, Jeanette Hofmann of WZ Berlin, and Erick Iriarte of Alfa-Redi.

^[37] United Nations Press Release, Secretary General establishes Advisory Group to assist him in convening Internet Governance Forum, 17 May 2006 See: http://www.un.org/press/en/2006/sga1006.doc.htm

^[38] Jeremy Malcolm, Multi-Stakeholder Public Policy Governance and its Application to the Internet Governance Forum See: https://www.malcolm.id.au/thesis/x31762.html

^[39] MAG Spreadsheet CIS Website https://docs.google.com/spreadsheets/d/1uZzfBz9ihj1M0QSvlnORE0nRD62TCRxhA5d1E_RKfhc/edit#gid=1912343648

^[40] Terms of Reference for the Internet Governance Forum (IGF) Multistakeholder Advisory Group (MAG) Individual Member Responsibilities and Group Procedures See: http://www.intgovforum.org/cms/175-igf-2015/2041-mag-terms-of-reference

^[41] United Nations Press Release, Secretary General establishes Advisory Group to assist him in convening Internet Governance Forum, 17 May 2006 See: http://www.un.org/press/en/2006/sga1006.doc.htm

^[42] IGF MAG Membership Analysis, 2006-2015 http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_Treemap.html

^[43] IGF MAG Membership - Stakeholder Types and Regions - 2006-2015 See: http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_StakeholderTypes-Regions.html

^[44] IGF MAG Membership - Stakeholder Types across Years - 2006-2015 See: http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_StakeholderTypes-Years.html

^[45] IGF MAG Membership - Stakeholder Types and Countries - 2006-2015 See: http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_StakeholderTypes-Country.html

^[46] IGF MAG Membership Timeline, 2006-2015 See: http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_Member-Timeline.html

^[47] MAG Membership - India and USA - 2006-2015

See: http://cis-india.github.io/charts/2016.04_MAG-analysis/CIS_MAG-Analysis-2016_StakeholderTypes-India-USA.html

^[48] MAG Meetings in 2016

http://www.intgovforum.org/cms/open-consultations-and-mag-meeting

^[49] Paul J. DiMaggio and Walter W. Powell, ‘The Iron Cage Revisited: Institutional Isomorphism and Collective Rationality in Organizational Fields’, Yale University, American Sociological Review 1983, Vol. 48 (April: 147-160)

^[50] United Nations Funds-In-Trust Project Document Project number: GLO/11/X01 Project title: Internet Governance Forum Country/area: Global Start date: 1 April 2011 End date: 31 December 2015 Executing agency: UNDESA Funding: Multi-donor – extrabudgetary Budget: Long-term project framework – budget “A” See: http://www.intgovforum.org/cms/2013/TrustFund/Project%20document%20IGF.pdf

^[51] Kieren McCarthy, Critics hit out at 'black box' UN internet body, The Register 31 March 2016 See: http://www.theregister.co.uk/2016/03/31/black_box_un_internet_body/?page=2

^[52] Eli Dourado, Too Many Stakeholders Spoil the Soup, Foreign Policy, 15 May 2013 See:http://foreignpolicy.com/2013/05/15/too-many-stakeholders-spoil-the-soup/

^[53] IANA Transition, NetMundial are some of the other examples of multi-stakeholder engagement.

^[54] Ibid.

For more details visit https://cis-india.org/internet-governance/blog/mapping-mag-a-study-in-institutional-isomorphism

The Internet Has a New Standard for Censorship

jyoti — 2016-01-30T09:17:54Z

The introduction of the new 451 HTTP Error Status Code for blocked websites is a big step forward in cataloguing online censorship, especially in a country like India where access to information is routinely restricted.

The article was published in the Wire on January 29, 2016. The original can be read here.

Ray Bradbury’s dystopian novel Fahrenheit 451 opens with the declaration, “It was a pleasure to burn.” The six unassuming words offer a glimpse into the mindset of the novel’s protagonist, ‘the fireman’ Guy Montag, who burns books. Montag occupies a world of totalitarian state control over the media where learning is suppressed and censorship prevails. The title alludes to the ‘temperature at which book paper catches fire and burns,’ an apt reference to the act of violence committed against citizens through the systematic destruction of literature. It is tempting to think about the novel solely as a story of censorship. It certainly is. But it is also a story about the value of intellectual freedom and the importance of information.

Published in 1953, Bradbury’s story predates home computers, the Internet, Twitter and Facebook, and yet it anticipates the evolution of these technologies as tools for censorship. When the state seeks to censor speech, they use the most effective and easiest mechanisms available. In Bradbury’s dystopian world, burning books did the trick; in today’s world, governments achieve this by blocking access to information online. The majority of the world’s Internet users encounter censorship even if the contours of control vary depending on the country’s policies and infrastructure.

Online censorship in India

In India, information access blockades have become commonplace and are increasingly enforced across the country for maintaining political stability, for economic reasons, in defence of national security or preserving social values. Last week, the Maharashtra Anti-terror Squad blocked 94 websites that were allegedly radicalising the youth to join the militant group ISIS. Memorably, in 2015 the NDA government’s ham-fisted attempts at enforcing a ban on online pornography resulted in widespread public outrage. Instead of revoking the ban, the government issued yet another vaguely worded and in many senses astonishing order. As reported by Medianama, the revised order delegates the responsibility of determining whether banned websites should remain unavailable to private intermediaries.

The state’s shifting reasons for blocking access to information is reflective of its tendentious attitude towards speech and expression. Free speech in India is messily contested and normally, the role of the judiciary acts as a check on the executive’s proclivity for banning. For instance, in 2010 the Supreme Court upheld the Maharashtra High Court’s decision to revoke the ban on the book on Shivaji by American author James Laine, which, according to the state government, contained material promoting social enmity. However, in the context of communications technology the traditional role of courts is increasingly being passed on to private intermediaries.

The delegation of authority is evident in the government notifying intermediaries to proactively filter content for ‘child pornography’ in the revised order issued to deal with websites blocked as result of its crackdown on pornography. Such screening and filtering requires intermediaries to make a determination on the legality of content in order to avoid direct liability. As international best practices such as the Manila Principles on Intermediary Liability point out, such screening is a slow process and costly and intermediaries are incentivised to simply limit access to information.

Blocking procedures and secrecy

The constitutional validity of Section 69A of the Information Technology Act, 2008 which grants power to the executive to block access to information unchecked, and in secrecy was challenged in Shreya Singhal v. Union of India. Curiously, the Supreme Court upheld S69A reasoning that the provisions were narrowly-drawn with adequate safeguards and noted that any procedural inconsistencies may be challenged through writ petitions under Article 226 of the Constitution. Unfortunately as past instances of blocking under S69A reveal the provisions are littered with procedural deficiencies, amplified manifold by the authorities responsible for interpreting and implementing the orders.

Problematically, an opaque confidentiality criteria built into the blocking rules mandates secrecy in requests and recommendations for blocking and places written orders outside the purview of public scrutiny. As there are no comprehensive list of blocked websites or of the legal orders, the public has to rely on ISPs leaking orders, or media reports to understand the censorship regime in India. RTI applications requesting further information on the implementation of these safeguards have at best provided incomplete information.

Historically, the courts in India have held that Article 19(1)(a) of the Constitution of India is as much about the right to receive information as it is to disseminate, and when there is a chilling effect on speech, it also violates the right to receive information. Therefore, if a website is blocked citizens have a constitutional right to know the legal grounds on which access is being restricted. Just like the government announces and clarifies the grounds when banning a book, users have a right to know the grounds for restrictions on their speech online.

Unfortunately, under the present blocking regime in India there is no easy way for a service provider to comply with a blocking order while also notifying users that censorship has taken place. The ‘Blocking Rules’ require notice “person or intermediary” thus implying that notice may be sent to either the originator or the intermediary. Further, the confidentiality clause raises the presumption that nobody beyond the intermediaries ought to know about a block.

Naturally, intermediaries interested in self-preservation and avoiding conflict with the government become complicit in maintaining secrecy in blocking orders. As a result, it is often difficult to determine why content is inaccessible and users often mistake censorship for technical problem in accessing content. Consequently, pursuing legal recourse or trying to hold the government accountable for their censorious activity becomes a challenge. In failing to consider the constitutional merits of the confidentiality clause, the Supreme Court has shied away from addressing the over-broad reach of the executive.

Secrecy in removing or blocking access is a global problem that places limits on the transparency expected from ISPs. Across many jurisdictions intermediaries are legally prohibited from publicising filtering orders as well as information relating to content or service restrictions. For example in United Kingdom, ISPs are prohibited from revealing blocking orders related to terrorism and surveillance. In South Korea, the Korean Communications Standards Commission holds public meetings that are open to the public. However, the sheer volume of censorship (i.e. close to 10,000 URLs a month) makes it unwieldy for public oversight.

As the Manila Principles note, providing users with an explanation and reasons for placing restrictions on their speech and expression increases civic engagement. Transparency standards will empower citizens to demand that companies and governments they interact with are more accountable when it comes to content regulation. It is worth noting, for conduits as opposed to content hosts, it may not always be technically feasible for to provide a notice when content is unavailable due to filtering. A new standard helps improve transparency standards for network level intermediaries and for websites bound by confidentiality requirements. The recently introduced HTTP code for errors is a critical step forward in cataloguing censorship on the Internet.

A standardised code for censorship

On December 21, 2015, the Internet Engineering Standards Group (IESG) which is the organisation responsible for reviewing and updating the internet’s operating standards approved the publication of 451-’An HTTP Status Code to Report Legal Obstacles’. The code provides intermediaries a standardised way to notify users know when a website is unavailable following a legal order. Publishing the code allows intermediaries to be transparent about their compliance with court and executive orders across jurisdictions and is a huge step forward for capturing online censorship. HTTP code 451 was introduced by software engineer Tim Bray and the code’s name is an homage to Bradbury’s novel Fahrenheit 451.

Bray began developing the code after being inspired by a blog post by Terence Eden calling for a censorship error code. The code’s official status comes after two years of discussions within the technical community and is a result of campaigning from transparency and civil society advocates who have been pushing for clearer labelling of internet censorship. Initially, the code received pushback from within the technical community for reasons enumerated by Mark Nottingham, Chair of the IETF HTTP Working Group in his blog. However, soon sites began using the code on an experimental and unsanctioned basis and faced with increasing demand for and feedback, the code was accepted.

The HTTP code 451 works as a machine-readable flag and has immense potential as a tool for organisations and users who want to quantify and understand censorship on the internet. Cataloguing online censorship is a challenging, time-consuming and expensive task. The HTTP code 451 circumvents confidentiality obligations built into blocking or licensing regimes and reduces the cost of accessing blocking orders.

The code creates a distinction between websites blocked following a court or an executive order, and when information is inaccessible due to technical errors. If implemented widely, Bray’s new code will help prevent confusion around blocked sites. The code addresses the issue of the ISP’s misleading and inaccurate usage of Error 403 ‘Forbidden’ (to indicate that the server can be reached and understood the request, but refuses to take any further action) or 404 ‘Not Found’ (to indicate that the requested resource could not be found but may be available again in the future).

Adoption of the new standard is optional, though at present there are no laws in India that prevent intermediaries doing so. Implementing a standardised machine-readable flag for censorship will go a long way in bolstering the accountability of ISPs that have in the past targeted an entire domain instead of the specified URL. Adoption of the standard by ISPs will also improve the understanding of the burden imposed on intermediaries for censoring and filtering content as presently, there is no clarity on what constitutes compliance. Of course, censorious governments may prohibit the use of the code, for example by issuing an order that specifies not only that a page be blocked, but also precisely which HTTP return code should be used. Though such sanctions should be viewed as evidence of systematic rights violation and totalitarian regimes.

In India where access to software code repositories such as Github and Sourceforge are routinely restricted, the need for such code is obvious. The use of the code will improve confidence in blocking practices, allowing users to understand the grounds on which their right to information is being restricted. Improving transparency around censorship is the only way to build trust between the government and its citizens about the laws and policies applicable to internet content.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-jyoti-panday-january-29-2016-internet-has-a-new-standard-for-censorship

Summary Report Internet Governance Forum 2015

jyoti — 2015-11-30T10:47:13Z

Centre for Internet and Society (CIS), India participated in the Internet Governance Forum (IGF) held at Poeta Ronaldo Cunha Lima Conference Center, Joao Pessoa in Brazil from 10 November 2015 to 13 November 2015. The theme of IGF 2015 was ‘Evolution of Internet Governance: Empowering Sustainable Development’. Sunil Abraham, Pranesh Prakash & Jyoti Panday from CIS actively engaged and made substantive contributions to several key issues affecting internet governance at the IGF 2015. The issue-wise detail of their engagement is set out below.

INTERNET GOVERNANCE

I. The Multi-stakeholder Advisory Group to the IGF organised a discussion on Sustainable Development Goals (SDGs) and Internet Economy at the Main Meeting Hall from 9:00 am to 12:30 pm on 11 November, 2015. The discussions at this session focused on the importance of Internet Economy enabling policies and eco-system for the fulfilment of different SDGs. Several concerns relating to internet entrepreneurship, effective ICT capacity building, protection of intellectual property within and across borders were availability of local applications and content were addressed. The panel also discussed the need to identify SDGs where internet based technologies could make the most effective contribution. Sunil Abraham contributed to the panel discussions by addressing the issue of development and promotion of local content and applications. List of speakers included:

Lenni Montiel, Assistant-Secretary-General for Development, United Nations
Helani Galpaya, CEO LIRNEasia
Sergio Quiroga da Cunha, Head of Latin America, Ericsson
Raúl L. Katz, Adjunct Professor, Division of Finance and Economics, Columbia Institute of Tele-information
Jimson Olufuye, Chairman, Africa ICT Alliance (AfICTA)
Lydia Brito, Director of the Office in Montevideo, UNESCO
H.E. Rudiantara, Minister of Communication & Information Technology, Indonesia
Daniel Sepulveda, Deputy Assistant Secretary, U.S. Coordinator for International and Communications Policy at the U.S. Department of State
Deputy Minister Department of Telecommunications and Postal Services for the republic of South Africa
Sunil Abraham, Executive Director, Centre for Internet and Society, India
H.E. Junaid Ahmed Palak, Information and Communication Technology Minister of Bangladesh
Jari Arkko, Chairman, IETF
Silvia Rabello, President, Rio Film Trade Association
Gary Fowlie, Head of Member State Relations & Intergovernmental Organizations, ITU

Detailed description of the workshop is available here http ://www .intgovforum .org /cms /igf 2015-main -sessions

Transcript of the workshop is available here http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2327-2015-11-11-internet-economy-and-sustainable-development-main-meeting-room

Video link Internet economy and Sustainable Development here https://www.youtube.com/watch?v=D6obkLehVE8

II. Public Knowledge organised a workshop on The Benefits and Challenges of the Free Flow of Data at Workshop Room 5 from 11:00 am to 12:00 pm on 12 November, 2015. The discussions in the workshop focused on the benefits and challenges of the free flow of data and also the concerns relating to data flow restrictions including ways to address them. Sunil Abraham contributed to the panel discussions by addressing the issue of jurisdiction of data on the internet. The panel for the workshop included the following.

Vint Cerf, Google
Lawrence Strickling, U.S. Department of Commerce, NTIA
Richard Leaning, European Cyber Crime Centre (EC3), Europol
Marietje Schaake, European Parliament
Nasser Kettani, Microsoft
Sunil Abraham, CIS India

Detailed description of the workshop is available here http ://www .intgovforum .org /cms /workshops /list -of -published -workshop -proposals

Transcript of the workshop is available here http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2467-2015-11-12-ws65-the-benefits-and-challenges-of-the-free-flow-of-data-workshop-room-5

Video link https://www.youtube.com/watch?v=KtjnHkOn7EQ

III. Article 19 and Privacy International organised a workshop on Encryption and Anonymity: Rights and Risks at Workshop Room 1 from 11:00 am to 12:30 pm on 12 November, 2015. The workshop fostered a discussion about the latest challenges to protection of anonymity and encryption and ways in which law enforcement demands could be met while ensuring that individuals still enjoyed strong encryption and unfettered access to anonymity tools. Pranesh Prakash contributed to the panel discussions by addressing concerns about existing south Asian regulatory framework on encryption and anonymity and emphasizing the need for pervasive encryption. The panel for this workshop included the following.

David Kaye, UN Special Rapporteur on Freedom of Expression
Juan Diego Castañeda, Fundación Karisma, Colombia
Edison Lanza, Organisation of American States Special Rapporteur
Pranesh Prakash, CIS India
Ted Hardie, Google
Elvana Thaci, Council of Europe
Professor Chris Marsden, Oxford Internet Institute
Alexandrine Pirlot de Corbion, Privacy International

Detailed description of the workshop is available here http ://www .intgovforum .org /cms /worksh o ps /list -of -published -workshop -proposals

Transcript of the workshop is available here http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2407-2015-11-12-ws-155-encryption-and-anonymity-rights-and-risks-workshop-room-1

Video link available here https://www.youtube.com/watch?v=hUrBP4PsfJo

IV. Chalmers & Associates organised a session on A Dialogue on Zero Rating and Network Neutrality at the Main Meeting Hall from 2:00 pm to 4:00 pm on 12 November, 2015. The Dialogue provided access to expert insight on zero-rating and a full spectrum of diverse views on this issue. The Dialogue also explored alternative approaches to zero rating such as use of community networks. Pranesh Prakash provided a detailed explanation of harms and benefits related to different approaches to zero-rating. The panellists for this session were the following.

Jochai Ben-Avie, Senior Global Policy Manager, Mozilla, USA
Igor Vilas Boas de Freitas, Commissioner, ANATEL, Brazil
Dušan Caf, Chairman, Electronic Communications Council, Republic of Slovenia
Silvia Elaluf-Calderwood, Research Fellow, London School of Economics, UK/Peru
Belinda Exelby, Director, Institutional Relations, GSMA, UK
Helani Galpaya, CEO, LIRNEasia, Sri Lanka
Anka Kovacs, Director, Internet Democracy Project, India
Kevin Martin, VP, Mobile and Global Access Policy, Facebook, USA
Pranesh Prakash, Policy Director, CIS India
Steve Song, Founder, Village Telco, South Africa/Canada
Dhanaraj Thakur, Research Manager, Alliance for Affordable Internet, USA/West Indies
Christopher Yoo, Professor of Law, Communication, and Computer & Information Science, University of Pennsylvania, USA

Detailed description of the workshop is available here http://www.intgovforum.org/cms/igf2015-main-sessions

Transcript of the workshop is available here http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2457-2015-11-12-a-dialogue-on-zero-rating-and-network-neutrality-main-meeting-hall-2

V. The Internet & Jurisdiction Project organised a workshop on Transnational Due Process: A Case Study in MS Cooperation at Workshop Room 4 from 11:00 am to 12:00 pm on 13 November, 2015. The workshop discussion focused on the challenges in developing an enforcement framework for the internet that guarantees transnational due process and legal interoperability. The discussion also focused on innovative approaches to multi-stakeholder cooperation such as issue-based networks, inter-sessional work methods and transnational policy standards. The panellists for this discussion were the following.

Anne Carblanc Head of Division, Directorate for Science, Technology and Industry, OECD
Eileen Donahoe Director Global Affairs, Human Rights Watch
Byron Holland President and CEO, CIRA (Canadian ccTLD)
Christopher Painter Coordinator for Cyber Issues, US Department of State
Sunil Abraham Executive Director, CIS India
Alice Munyua Lead dotAfrica Initiative and GAC representative, African Union Commission
Will Hudsen Senior Advisor for International Policy, Google
Dunja Mijatovic Representative on Freedom of the Media, OSCE
Thomas Fitschen Director for the United Nations, for International Cooperation against Terrorism and for Cyber Foreign Policy, German Federal Foreign Office
Hartmut Glaser Executive Secretary, Brazilian Internet Steering Committee
Matt Perault, Head of Policy Development Facebook

Detailed description of the workshop is available here http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals

Transcript of the workshop is available here http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2475-2015-11-13-ws-132-transnational-due-process-a-case-study-in-ms-cooperation-workshop-room-4

Video link Transnational Due Process: A Case Study in MS Cooperation available here https://www.youtube.com/watch?v=M9jVovhQhd0

VI. The Internet Governance Project organised a meeting of the Dynamic Coalition on Accountability of Internet Governance Venues at Workshop Room 2 from 14:00 – 15:30 on 12 November, 2015. The coalition brought together panelists to highlight the challenges in developing an accountability framework for internet governance venues that include setting up standards and developing a set of concrete criteria. Jyoti Panday provided the perspective of civil society on why acountability is necessary in internet governance processes and organizations. The panelists for this workshop included the following.

Robin Gross, IP Justice
Jeanette Hofmann, Director Alexander von Humboldt Institute for Internet and Society
Farzaneh Badiei, Internet Governance Project
Erika Mann, Managing Director Public PolicyPolicy Facebook and Board of Directors ICANN
Paul Wilson, APNIC
Izumi Okutani, Japan Network Information Center (JPNIC)
Keith Drazek , Verisign
Jyoti Panday, CIS
Jorge Cancio, GAC representative

Detailed description of the workshop is available here http://igf2015.sched.org/event/4c23/dynamic-coalition-on-accountability-of-internet-governance-venues?iframe=no&w=&sidebar=yes&bg=no

Video link https://www.youtube.com/watch?v=UIxyGhnch7w

VII. Digital Infrastructure Netherlands Foundation organized an open forum at Workshop Room 3 from 11:00 – 12:00 on 10 November, 2015. The open forum discussed the increase in government engagement with “the internet” to protect their citizens against crime and abuse and to protect economic interests and critical infrastructures. It brought together panelists topresent ideas about an agenda for the international protection of ‘the public core of the internet’ and to collect and discuss ideas for the formulation of norms and principles and for the identification of practical steps towards that goal. Pranesh Prakash participated in the e open forum. Other speakers included

Bastiaan Goslings AMS-IX, NL
Pranesh Prakash CIS, India
Marilia Maciel (FGV, Brasil
Dennis Broeders (NL Scientific Council for Government Policy)

Detailed description of the open forum is available here http://schd.ws/hosted_files/igf2015/3d/DINL_IGF_Open%20Forum_The_public_core_of_the_internet.pdf

Video link available here https://www.youtube.com/watch?v=joPQaMQasDQ

VIII. UNESCO, Council of Europe, Oxford University, Office of the High Commissioner on Human Rights, Google, Internet Society organised a workshop on hate speech and youth radicalisation at Room 9 on Thursday, November 12. UNESCO shared the initial outcome from its commissioned research on online hate speech including practical recommendations on combating against online hate speech through understanding the challenges, mobilizing civil society, lobbying private sectors and intermediaries and educating individuals with media and information literacy. The workshop also discussed how to help empower youth to address online radicalization and extremism, and realize their aspirations to contribute to a more peaceful and sustainable world. Sunil Abraham provided his inputs. Other speakers include

1. Chaired by Ms Lidia Brito, Director for UNESCO Office in Montevideo

2.Frank La Rue, Former Special Rapporteur on Freedom of Expression

3. Lillian Nalwoga, President ISOC Uganda and rep CIPESA, Technical community

4. Bridget O’Loughlin, CoE, IGO

5. Gabrielle Guillemin, Article 19

6. Iyad Kallas, Radio Souriali

7. Sunil Abraham executive director of Center for Internet and Society, Bangalore, India

8. Eve Salomon, global Chairman of the Regulatory Board of RICS

9. Javier Lesaca Esquiroz, University of Navarra

10. Representative GNI

11. Remote Moderator: Xianhong Hu, UNESCO

12. Rapporteur: Guilherme Canela De Souza Godoi, UNESCO

Detailed description of the workshop is available here http://igf2015.sched.org/event/4c1X/ws-128-mitigate-online-hate-speech-and-youth-radicalisation?iframe=no&w=&sidebar=yes&bg=no

Video link to the panel is available here https://www.youtube.com/watch?v=eIO1z4EjRG0

INTERMEDIARY LIABILITY

IX. Electronic Frontier Foundation, Centre for Internet Society India, Open Net Korea and Article 19 collaborated to organize a workshop on the Manila Principles on Intermediary Liability at Workshop Room 9 from 11:00 am to 12:00 pm on 13 November 2015. The workshop elaborated on the Manila Principles, a high level principle framework of best practices and safeguards for content restriction practices and addressing liability for intermediaries for third party content. The workshop saw particpants engaged in over lapping projects considering restriction practices coming togetehr to give feedback and highlight recent developments across liability regimes. Jyoti Panday laid down the key details of the Manila Principles framework in this session. The panelists for this workshop included the following.

Kelly Kim Open Net Korea,
Jyoti Panday, CIS India,
Gabrielle Guillemin, Article 19,
Rebecca McKinnon on behalf of UNESCO
Giancarlo Frosio, Center for Internet and Society, Stanford Law School
Nicolo Zingales, Tilburg University
Will Hudson, Google

Detailed description of the workshop is available here http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals

Transcript of the workshop is available here http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2423-2015-11-13-ws-242-the-manila-principles-on-intermediary-liability-workshop-room-9

Video link available here https://www.youtube.com/watch?v=kFLmzxXodjs

ACCESSIBILITY

X. Dynamic Coalition on Accessibility and Disability and Global Initiative for Inclusive ICTs organised a workshop on Empowering the Next Billion by Improving Accessibility at Workshop Room 6 from 9:00 am to 10:30 am on 13 November, 2015. The discussion focused on the need and ways to remove accessibility barriers which prevent over one billion potential users to benefit from the Internet, including for essential services. Sunil Abraham specifically spoke about the lack of compliance of existing ICT infrastructure with well established accessibility standards specifically relating to accessibility barriers in the disaster management process. He discussed the barriers faced by persons with physical or psychosocial disabilities. The panelists for this discussion were the following.

Francesca Cesa Bianchi, G3ICT
Cid Torquato, Government of Brazil
Carlos Lauria, Microsoft Brazil
Sunil Abraham, CIS India
Derrick L. Cogburn, Institute on Disability and Public Policy (IDPP) for the ASEAN(Association of Southeast Asian Nations) Region
Fernando H. F. Botelho, F123 Consulting
Gunela Astbrink, GSA InfoComm

Detailed description of the workshop is available here http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals

Transcript of the workshop is available here http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2438-2015-11-13-ws-253-empowering-the-next-billion-by-improving-accessibility-workshop-room-3

Video Link Empowering the next billion by improving accessibility https://www.youtube.com/watch?v=7RZlWvJAXxs

OPENNESS

XI. A workshop on FOSS & a Free, Open Internet: Synergies for Development was organized at Workshop Room 7 from 2:00 pm to 3:30 pm on 13 November, 2015. The discussion was focused on the increasing risk to openness of the internet and the ability of present & future generations to use technology to improve their lives. The panel shred different perspectives about the future co-development of FOSS and a free, open Internet; the threats that are emerging; and ways for communities to surmount these. Sunil Abraham emphasised the importance of free software, open standards, open access and access to knowledge and the lack of this mandate in the draft outcome document for upcoming WSIS+10 review and called for inclusion of the same. Pranesh Prakash further contributed to the discussion by emphasizing the need for free open source software with end‑to‑end encryption and traffic level encryption based on open standards which are decentralized and work through federated networks. The panellists for this discussion were the following.

Satish Babu, Technical Community, Chair, ISOC-TRV, Kerala, India
Judy Okite, Civil Society, FOSS Foundation for Africa
Mishi Choudhary, Private Sector, Software Freedom Law Centre, New York
Fernando Botelho, Private Sector, heads F123 Systems, Brazil
Sunil Abraham, CIS India
Pranesh Prakash, CIS India
Nnenna Nwakanma- WWW.Foundation
Yves MIEZAN EZO, Open Source strategy consultant
Corinto Meffe, Advisor to the President and Directors, SERPRO, Brazil
Frank Coelho de Alcantara, Professor, Universidade Positivo, Brazil
Caroline Burle, Institutional and International Relations, W3C Brazil Office and Center of Studies on Web Technologies

Detailed description of the workshop is available here http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals

Transcript of the workshop is available here http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2468-2015-11-13-ws10-foss-and-a-free-open-internet-synergies-for-development-workshop-room-7

Video link available here https://www.youtube.com/watch?v=lwUq0LTLnDs

For more details visit https://cis-india.org/internet-governance/blog/summary-report-internet-governance-forum-2015

Contestations of Data, ECJ Safe Harbor Ruling and Lessons for India

jyoti — 2015-10-14T14:40:08Z

The European Court of Justice has invalidated a European Commission decision, which had previously concluded that the 'Safe Harbour Privacy Principles' provide adequate protections for European citizens’ privacy rights for the transfer of personal data between European Union and United States. The inadequacies of the framework is not news for the European Commission and action by ECJ has been a long time coming. The ruling raises important questions about how the claims of citizenship are being negotiated in the context of the internet, and how increasingly the contestations of personal data are being employed in the discourse.

The European Court of Justice (ECJ) has invalidated a European Commission (EC) decision¹ which had previously concluded that the 'Safe Harbor Privacy Principles'² provide adequate protections for European citizens’ privacy rights³ for the transfer of personal data between European Union and United States. This challenge stems from the claim that public law enforcement authorities in America obtain personal data from organisations in safe harbour for incompatible and disproportionate purposes in violation of the Safe Harbour Privacy Principles. The court's judgment follows the advice of the Advocate General of the Court of Justice of the European Union (CJEU) who recently opined⁴ that US practices allow for large-scale collection and transfer of personal data belonging to EU citizens without them benefiting from or having access to judicial protection under US privacy laws. The inadequacies of the framework is not news for the Commission and action by ECJ has been a long time coming. The ruling raises important questions about how increasingly the contestations of personal data are being employed in asserting claims of citizenship in context of the internet.

As the highest court in Europe, the ECJ's decisions are binding on all member states. With this ruling the ECJ has effectively restrained US firms from indiscriminate collection and sharing of European citizens’ data on American soil. The implications of the decision are significant, because it shifts the onus of evaluating protections of personal data for EU citizens from the 4,400 companies⁵ subscribing to the system onto EU privacy watchdogs. Most significantly, in addressing the rights of a citizen against an established global brand, the judgement goes beyond political and legal opinion to challenge the power imbalance that exists with reference to US based firms.

Today, the free movement of data across borders is a critical factor in facilitating trade, financial services, governance, manufacturing, health and development. However, to consider the ruling as merely a clarification of transatlantic mechanisms for data flows misstates the real issue. At the heart of the judgment is the assessment whether US firms apply the tests of ‘necessity and proportionality’ in the collection and surveillance of data for national security purposes. Application of necessity and proportionality test to national security exceptions under safe harbor has been a sticking point that has stalled the renegotiation of the agreement that has been underway between the Commission and the American data protection authorities.⁶

For EU citizens the stake in the case are even higher, as while their right to privacy is enshrined under EU law, they have no administrative or judicial means of redress, if their data is used for reasons they did not intend. In the EU, citizens accessing and agreeing to use of US based firms are presented with a false choice between accessing benefits and giving up on their fundamental right to privacy. In other words, by seeking that governments and private companies provide better data protection for the EU citizens and in restricting collection of personal data on a generalised basis without objective criteria, the ruling is effectively an assertion of ‘data sovereignty’. The term ‘data sovereignty’, while lacking a firm definition, refers to a spectrum of approaches adopted by different states to control data generated in or passing through national internet infrastructure.⁷ Underlying the ruling is the growing policy divide between the US and EU privacy and data protection standards, which may lead to what is referred to as the balkanization⁸ of the internet in the future.

US-EU Data Protection Regime

The safe harbor pact between the EU and US was negotiated in the late 1990s as an attempt to bridge the different approaches to online privacy. Privacy is addressed in the EU as a fundamental human right while in the US it is defined under terms of consumer protection, which allow trade-offs and exceptions when national security seems to be under threat. In order to address the lower standards of data protection prevalent in the US, the pact facilitates data transfers from EU to US by establishing certain safeguards equivalent to the requirements of the EU data protection directive. The safe harbor provisions include firms undertaking not to pass personal information to third parties if the EU data protection standards are not met and giving users right to opt out of data collection.⁹

The agreement was due to be renewed by May 2015¹⁰ and while negotiations have been ongoing for two years, EU discontent on safe harbour came to the fore following the Edward Snowden revelations of collection and monitoring facilitated by large private companies for the PRISM program and after the announcement of the TransAtlantic Trade and Investment Partnership (TTIP).¹¹ EU member states have mostly stayed silent as they run their own surveillance programs often times, in cooperation with the NSA. EU institutions cannot intervene in matters of national security however, they do have authority on data protection matters. European Union officials and Members of Parliament have expressed shock and outrage at the surveillance programs unveiled by Snowden's 2013 revelations. Most recently, following the CJEU Advocate General’s opinion, 50 Members of European Parliament (MEP) sent a strongly worded letter the US Congress hitting back on claims of ‘digital protectionism’ emanating from the US¹². In no uncertain terms the letter clarified that the EU has different ideas on privacy, platforms, net neutrality, encryption, Bitcoin, zero-days, or copyright and will seek to improve and change any proposal from the EC in the interest of our citizens and of all people.

Towards Harmonization

In November 2013, as an attempt to minimize the loss of trust following the Snowden revelations, the European Commission (EC) published recommendations in its report on 'Rebuilding Trust is EU-US Data Flows'.¹³ The recommendations revealed two critical initiatives at the EU level—first was the revision of the EU-US safe harbor agreement¹⁴ and second the adoption of the 'EU-US Umbrella Agreement¹⁵'—a framework for data transfer for the purpose of investigating, detecting, or prosecuting a crime, including terrorism. The Umbrella Agreement was recently initialed by EU and US negotiators and it only addresses the exchange of personal data between law enforcement agencies.¹⁶ The Agreement has gained momentum in the wake of recent cases around issues of territorial duties of providers, enforcement jurisdictions and data localisation.¹⁷ However, the adoption of the Umbrella Act depends on US Congress adoption of the Judicial Redress Act (JRA) as law.¹⁸

Judicial Redress Act

The JRA is a key reform that the EC is pushing for in an attempt to address the gap between privacy rights and remedies available to US citizens and those extended to EU citizens, including allowing EU citizens to sue in American courts. The JRA seeks to extend certain protections under the Privacy Act to records shared by EU and other designated countries with US law enforcement agencies for the purpose of investigating, detecting, or prosecuting criminal offenses. The JRA protections would extend to records shared under the Umbrella Agreement and while it does include civil remedies for violation of data protection, as noted by the Center for Democracy and Technology, the present framework does not provide citizens of EU countries with redress that is at par with that which US persons enjoy under the Privacy Act.¹⁹

For example, the measures outlined under the JRA would only be applicable to countries that have outlined appropriate privacy protections agreements for data sharing for investigations and ‘efficiently share’ such information with the US. Countries that do not have agreements with US cannot seek these protections leaving the personal data of their citizens open for collection and misuse by US agencies. Further, the arrangement leaves determination of 'efficiently sharing' in the hands of US authorities and countries could lose protection if they do not comply with information sharing requests promptly. Finally, JRA protections do not apply to non-US persons nor to records shared for purposes other than law enforcement such as intelligence gathering. JRA is also weakened by allowing heads of agencies to exercise their discretion to seek exemption from the Act and opt out of compliance.

Taken together the JRA, the Umbrella Act and the renegotiation of the Safe Harbor Agreement need considerable improvements. It is worth noting that EU’s acceptance of the redundancy of existing agreements and in establishing the independence of national data protection authorities in investigating and enforcing national laws as demonstrated in the Schrems and in the Weltimmo²⁰ case point to accelerated developments in the broader EU privacy landscape.

Consequences

The ECJ Safe Harbor ruling will have far-reaching consequences for the online industry. Often, costly government rulings solidify the market dominance of big companies. As high regulatory costs restrict the entrance of small and medium businesses the market, competition is gradually wiped out. Further, complying with high standards of data protection means that US firms handling European data will need to consider alternative legal means of transfer of personal data. This could include evolving 'model contracts' binding them to EU data protection standards. As Schrems points out, “Big companies don’t only rely on safe harbour: they also rely on binding corporate rules and standard contractual clauses.”²¹

The ruling is good news for European consumers, who can now approach a national regulator to investigate suspicions of data mishandling. EU data protection regulators may be be inundated with requests from companies seeking authorization of new contracts and with consumer complaints. Some are concerned that the ruling puts a dent in the globalized flow of data²², effectively requiring data localization in Europe.²³ Others have pointed out that it is unclear how this decision sits with other trade treaties such as the TPP that ban data localisation.²⁴ While the implications of the decision will take some time in playing out, what is certain is that US companies will be have to restructure management, storage and use of data. The ruling has created the impetus for India to push for reforms to protect its citizens from harms by US firms and improve trade relations with EU.

The Opportunity for India

Multiple data flows taking place over the internet simultaneously and that has led to ubiquity of data transfers o ver the Internet, exposing individuals to privacy risks. There has also been an enhanced economic importance of data processing as businesses collect and correlate data using analytic tools to create new demands, establish relationships and generate revenue for their services. The primary concern of the Schrems case may be the protection of the rights of EU citizens but by seeking to extend these rights and ensure compliance in other jurisdictions, the case touches upon many underlying contestations around data and sovereignty.

Last year, Mr Ram Narain, India Head of Delegation to the Working Group Plenary at ITU had stressed, “respecting the principle of sovereignty of information through network functionality and global norms will go a long way in increasing the trust and confidence in use of ICT.”²⁵ In the absence of the recognition of privacy as a right and empowering citizens through measures or avenues to seek redressal against misuse of data, the demand of data sovereignty rings empty. The kind of framework which empowered an ordinary citizen in the EU to approach the highest court seeking redressal based on presumed overreach of a foreign government and from harms abetted by private corporations simply does not exist in India. Securing citizen’s data in other jurisdictions and from other governments begins with establishing protection regimes within the country.

The Indian government has also stepped up efforts to restrict transfer of data from India including pushing for private companies to open data centers in India.²⁶ Negotiating data localisation does not restrict the power of private corporations from using data in a broad ways including tailoring ads and promoting products. Also, data transfers impact any organisation with international operations for example, global multinationals who need to coordinate employee data and information. Companies like Facebook, Google and Microsoft transfer and store data belonging to Indian citizens and it is worth remembering that the National Security Agency (NSA) would have access to this data through servers of such private companies. With no existing measures to restrict such indiscriminate access, the ruling purports to the need for India to evolve strong protection mechanisms. Finally, the lack of such measures also have an economic impact, as reported in a recent Nasscom-Data Security Council of India (DSCI) survey²⁷ that pegs revenue losses incurred by the Indian IT-BPO industry at $2-2.5 billion for a sample size of 15 companies. DSCI has further estimated that outsourcing business can further grow by $50 billion per annum once India is granted a “data secure” status by the EU.²⁸ EU’s refusal to grant such a status is understandable given the high standard of privacy as incorporated under the European Union Data Protection Directive a standard to which India does not match up, yet. The lack of this status prevents the flow of data which is vital for Digital India vision and also affects the service industry by restricting the flow of sensitive information to India such as information about patient records.

Data and information structures are controlled and owned by private corporations and networks transcend national borders, therefore the foremost emphasis needs to be on improving national frameworks. While, enforcement mechanisms such as the Mutual Legal Assistance Treaty (MLAT) process or other methods of international cooperation may seem respectful of international borders and principles of sovereignty,²⁹ for users that live in undemocratic or oppressive regimes such agreements are a considerable risk. Data is also increasingly being stored across multiple jurisdictions and therefore merely applying data location lens to protection measures may be too narrow. Further it should be noted that when companies begin taking data storage decisions based on legal considerations it will impact the speed and reliability of services.³⁰ Any future regime must reflect the challenges of data transfers taking place in legal and economic spaces that are not identical and may be in opposition. Fundamentally, the protection of privacy will always act as a barrier to the free flow of information even so, as the Schrems case ruling points out not having adequate privacy protections could also restrict flow of data, as has been the case for India.

The time is right for India to appoint a data controller and put in place national frameworks, based on nuanced understanding of issues of applying jurisdiction to govern users and their data. Establishing better protection measures will not only establish trust and enhance the ability of users to control data about themselves it is also essential for sustaining economic and social value generated from data generation and collection. Suggestions for such frameworks have been considered previously by the Group of Experts on Privacy constituted by the Planning Commission.³¹ By incorporating transparency in mechanisms for data and access requests and premising requests on established necessity and proportionality Indian government can lead the way in data protection standards. This will give the Indian government more teeth to challenge and address both the dangers of theft of data stored on servers located outside of India and restrain indiscriminate access arising from terms and conditions of businesses that grant such rights to third parties.

1 Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (notified under document number C(2000) 2441) (Text with EEA relevance.) Official Journal L 215 , 25/08/2000 P. 0007 -0047 2000/520/EC: http ://eur -lex .europa .eu /LexUriServ /LexUriServ .do ?uri =CELEX :32000 D 0520:EN :HTML

2 Safe Harbour Privacy Principles Issued by the U.S. Department of Commerce on July 21, 2000 http ://www .export .gov /safeharbor /eu /eg _main _018475.asp

3 Megan Graham, Adding Some Nuance on the European Court ’s Safe Harbor Decision , Just security

https ://www .justsecurity .org /26651/adding -nuance -ecj -safe -harbor -decision /

4 Advocate General’s Opinion in Case C-362/14 Maximillian Schrems v Data Protection Commissioner Court of Justice of the European Union, Press Release, No 106/15 Luxembourg, 23 September 2015 http ://curia .europa .eu /jcms /upload /docs /application /pdf /2015-09/cp 150106 en .pdf

5 Jennifer Baker, ‘EU desperately pushes just-as-dodgy safe harbour alternatives’, The Register, October 7, 2015 http ://www .theregister .co .uk /2015/10/07/eu _pushes _safe _harbour _alternatives /

6 Draft Report, General Data Protection Regulation, Committee on Civil Liberties, Justice and Home Affairs, European Parliament, 2009-2014 http ://www .europarl .europa .eu /meetdocs /2009_2014/documents /libe /pr /922/922387/922387 en .pdf

7 Dana Polatin-Reuben, Joss Wright, ‘An Internet with BRICS Characteristics: Data Sovereignty and the Balkanisation of the Internet’, University of Oxford, July 7, 2014 https ://www .usenix .org /system /files /conference /foci 14/foci 14-polatin -reuben .pdf

8 Sasha Meinrath, The Future of the Internet: Balkanization and Borders, Time, October 2013 http ://ideas .time .com /2013/10/11/the -future -of -the -internet -balkanization -and -borders /

9 Safe Harbour Privacy Principles, Issued by the U.S. Department of Commerce, July 2001 http ://www .export .gov /safeharbor /eu /eg _main _018475.asp

10 Facebook case may force European firms to change data storage practices, The Guardian, September 23, 2015 http ://www .theguardian .com /us -news /2015/sep /23/us -intelligence -services -surveillance -privacy

11 Privacy Tracker, US-EU Safe Harbor Under Pressure, August 2, 2013 https ://iapp .org /news /a /us -eu -safe -harbor -under -pressure

12 Kieren McCarthy, Privacy, net neutrality, security, encryption ... Europe tells Obama, US Congress to back off, The Register, 23 September, 2015 http ://www .theregister .co .uk /2015/09/23/european _politicians _to _congress _back _off /

13 Communication from the Commission to the European Parliament and the Council, Rebuilding Trust in EU-US Data Flows, European Commission, November 2013 http ://ec .europa .eu /justice /data -protection /files /com _2013_846_en .pdf

14 Safe Harbor on trial in the European Union, Access Blog, September 2014 https ://www .accessnow .org /blog /2014/11/13/safe -harbor -on -trial -in -the -european -union

15 European Commission - Fact Sheet Questions and Answers on the EU-US data protection "Umbrella agreement", September 8, 2015 http ://europa .eu /rapid /press -release _MEMO -15-5612_en .htm

16 McGuire Woods, ‘EU and U.S. reach “Umbrella Agreement” on data transfers’, Lexology, September 14, 2015 http ://www .lexology .com /library /detail .aspx ?g =422 bca 41-2 d 54-4648-ae 57-00 d 678515 e 1 f

17 Andrew Woods, Lowering the Temperature on the Microsoft-Ireland Case, Lawfare September, 2015 https ://www .lawfareblog .com /lowering -temperature -microsoft -ireland -case

18 Jens-Henrik Jeppesen, Greg Nojeim, ‘The EU-US Umbrella Agreement and the Judicial Redress Act: Small Steps Forward for EU Citizens’ Privacy Rights’, October 5, 2015 https ://cdt .org /blog /the -eu -us -umbrella -agreement -and -the -judicial -redress -act -small -steps -forward -for -eu -citizens -privacy -rights /

19 Ibid 18.

20 Landmark ECJ data protection ruling could impact Facebook and Google, The Guardian, 2 October, 2015 http ://www .theguardian .com /technology /2015/oct /02/landmark -ecj -data -protection -ruling -facebook -google -weltimmo

21 Julia Powles, Tech companies like Facebook not above the law, says Max Schrems, The Guardian, Octover 9, 2015 http ://www .theguardian .com /technology /2015/oct /09/facebook -data -privacy -max -schrems -european -court -of -justice

22 Adam Thierer, Unintended Consequences of the EU Safe Harbor Ruling, The Technology Liberation Front, October 6, 2015 http ://techliberation .com /2015/10/06/unintended -consequenses -of -the -eu -safe -harbor -ruling /#more -75831

23 Anupam Chander, Tweeted ECJ #schrems ruling may effectively require data localization within Europe, https ://twitter .com /AnupamChander /status /651369730754801665

24 Lokman Tsui, Tweeted, “If the TPP bans data localization, but the ECJ ruling effectively mandates it, what does that mean for the internet?” https ://twitter .com /lokmantsui /status /651393867376275456

25 Statement from Indian Head of Delegation, Mr Ram Narain for WGPL, Indian statement on ITU and Internet at the Working Group Plenary November 4, 2014 https ://ccgnludelhi .wordpress .com /author /asukum 87/page /2/

26 Sounak Mitra, Xiaomi bets big on India despite problems, Business Standard, December 2014 http ://www .business -standard .com /article /companies /xiaomi -bets -big -on -india -despite -problems -114122201023_1.html

27 Neha Alawadi, Ruling on data flow between EU & US may impact India’s IT sector, Economic Times,October 7, 2015 http ://economictimes .indiatimes .com /articleshow /49250738.cms ?utm _source =contentofinterest &utm _medium =text &utm _campaign =cppst

28 Pranav Menon, Data Protection Laws in India and Data Security- Impact on India and Data Security-Impact on India - EU Free Trade Agreement, CIS Access to Knowledge, 2011 http ://cis -india .org /a 2 k /blogs /data -security -laws -india .pdf

29 Surendra Kumar Sinha, India wants Mutual Legal Assistance treaty with Bangladesh, Economic Times, October 7, 2015 http ://economictimes .indiatimes .com /articleshow /49262294.cms ?utm _source =contentofinterest &utm _medium =text &utm _campaign =cppst

30 Pablo Chavez, Director, Public Policy and Government Affairs, Testifying before the U.S. Senate on transparency legislation, November 3, 2013 http ://googlepublicpolicy .blogspot .in /2013/11/testifying -before -us -senate -on .htm

31 Report of the Group of Experts on Privacy (Chaired by Justice A P Shah, Former Chief Justice, Delhi High Court), Planning Commission, October 2012 http ://planningcommission .nic .in /reports /genrep /rep _privacy .pdf

For more details visit https://cis-india.org/internet-governance/blog/contestations-of-data-ecj-safe-harbor-ruling-and-lessons-for-india

CIS submission to the UNGA WSIS+10 Review

jyoti — 2015-08-09T16:24:04Z

The Centre for Internet & Society (CIS) submitted its comments to the non-paper on the UNGA Overall Review of the Implementation of the WSIS outcomes, evaluating the progress made and challenges ahead.

To what extent has progress been made on the vision of the peoplecentred, inclusive and development oriented Information Society in the ten years since the WSIS?
The World Summit on the Information Society (WSIS) in 2003 and 2005 played an important role in encapsulating the potential of knowledge and information and communication technologies (ICT) to contribute to economic and social development. Over the past ten years, most countries have sought to foster the use of information and knowledge by creating enabling environment for innovation and through efforts to increase access. There have been interventions to develop ICT for development both at an international and national level through private sector investment, bilateral treaties and national strategies.

However, much of the progress made in the past ten years in terms of getting people connected and reaping the benefits of ICT has not been sufficiently peoplecentred, nor have they been sufficiently inclusive.

These developments have not been sufficiently peoplecentred, since governments across the world have been using the Internet as a monumental surveillance tool, invading people’s privacy without legitimate justifications, in an arbitrary manner without due care for reasonableness, proportionality, or democratic accountability. These developments have not been sufficiently peoplecentred, since the largest and most profitable Internet businesses — businesses that have more users than most nationstates have citizens, yet have one-sided terms of service — have eschewed core principles like open standards and interoperability that helped create the Internet and the World Wide Web, and instead promote silos.

We still reside in a world where development has been very lopsided, and ICTs have contributed to reducing some of these gulfs, while exacerbating others. For instance, persons with visual impairment are largely yet to reap the benefits of the Information Society due to a lack of attention paid to universal, while sighted persons have benefited far more; the ability of persons who don’t speak a language like English to contribute to global Internet governance discussions is severely limited; the spread of academic knowledge largely remains behind prohibitive paywalls.

As ICTs have grown both in sophistication and reach, much work remains to achieve the peoplecentred, inclusive and developmentoriented information society envisaged in WSIS. While the diffusion of ICTs has created new opportunities for development, even today less than half the world has access to broadband (with only eleven per cent of the world’s population having access to fixed broadband). See International Telecommunication Union, ICT Facts and Figures: The World in 2015.

Ninety per cent of people connected come from the industrialized countries — North America (thirty per cent), Europe (thirty per cent) and the AsiaPacific (thirty per cent). Four billion people from developing countries remain offline, representing two-thirds of the population residing in developing countries. Of the nine hundred and forty million people residing in Least Developed Countries (LDCs), only eighty-nine million use the Internet and only seven per cent of households have Internet access, compared with the world average of forty-six per cent. See International Telecommunication Union, ICT Facts and Figures: The World in 2015. This digital divide is first and foremost a question of access to basic infrastructure (like electricity).

Furthermore, there is a problem of affordability, all the more acute since in the South in comparison with countries of the North due to the high costs related to access to the connection. Further, linguistic, educational, cultural and content related barriers are also contributing to this digital divide. Growth of restrictive regimes around intellectual property, vision of the equal and connected society. Security of critical infrastructure with in light of ever growing vulnerabilities, the loss of trust following revelations around mass surveillance and a lack of consensus on how to tackle these concerns are proving to be a challenge to the vision of a connected information society. The WSIS+10 overall review is timely and a much needed intervention in assessing the progress made and planning for the challenges ahead.

There were two bodies as major outcomes of the WSIS process: the Internet Governance Forum and the Digital Solidarity Fund, with both of these largely failing to achieve their intended goals. The Internet Governance Forum, which is meant to be a leading example of “multi-stakeholder governance” is also a leading example of what the Multi-stakeholder Advisory Group (MAG) noted in 2010 as “‘black box’ approach”, with the entire process around the nomination and selection of the MAG being opaque. Indeed, when CIS requested the IGF Secretariat to share information on the nominators, we were told that this information will not be made private. Five years since the MAG lamented its own blackbox nature, things have scarcely improved. Further, analysis of MAG membership since 2006 shows that 26 persons have served for 6 years or more, with the majority of them being from government, industry, or the technical community. Unsurprisingly, 36 per cent of the MAG membership has come from the WEOG group, highlighting both deficiencies in the nomination/selection
process as well as the need for capacity building in this most important area. The Digital Solidarity Fund failed for a variety of reason, which we have analysed in a separate document annexed to this response.

What are the challenges to the implementation of WSIS outcomes?

Some of the key areas that need attention going forward and need to be addressed include:

Access to Infrastructure

Developing policies aimed at promoting innovation and increasing affordable access to hardware and software, and curbing the ill effects of the currentlyexcessive patent and copyright regimes.

Focussing global energies on solutions to lastmile access to the Internet in a manner that is not decoupled from developmental ground realities.
This would include policies on spectrum sharing, freeing up underutilized spectrum, and increasing unlicensed spectrum.
This would also include governmental policies on increasing competition among Internet providers at the last mile as well as at the backbone (both nationally and internationally), as well as commitments for investments in basic infrastructure such as an openaccess national fibreoptic backbone where the private sector investment is not sufficient.
Developing policies that encourage local Internet and communications infrastructure in the form of Internet exchange points, data centres, community broadcasting.

Access to Knowledges

As the Washington Declaration on IP and the Public Interest5 points out, the enclosure of the public domain and knowledge commons through expansive “intellectual property” laws and policies has only gotten worse with digital technologies, leading to an unjust allocation of information goods, and continuing royalty outflows from the global South to a handful of developing countries. This is not sustainable, and urgent action is needed to achieve more democratic IP laws, and prevent developments such as extra judicial enforcement mechanisms such as digital restrictions management systems from being incorporated within Web standards.
Aggressive development of policies and adoption of best practices to ensure that persons with disabilities are not treated as secondgrade citizens, but are able to fully and equally participate in and benefit from the Information Society.
Despite the rise of video content on the Internet, much of that has been in parts of the world with already high literacy, and language and illiteracy continue to pose barriers to full usage of the Internet.
While the Tunis Agenda highlighted the need to address communities marginalized in Information Society discourse, including youth, older persons, women, indigenous peoples, people with disabilities, and remote and rural communities, but not much progress has been seen on this front.

Rights, Trust, and Governance

Ensuring effective and sustainable participation especially from developing countries and marginalised communities. Developing governance mechanisms that are accountable, transparent and provide checks against both unaccountable commercial interests as well as governments.
Building citizen trust through legitimate, accountable and transparent governance mechanisms.
Ensuring cooperation between states as security is influenced by global foreign policy, and is of principal importance to citizens and consumers, and an enabler of other rights.
As the Manila Principles on Intermediary Liability show, uninformed intermediary liability policies, blunt and heavy handed regulatory measures, failing to meet the principles of necessity and proportionality, and a lack of consistency across these policies has resulted in censorship and other human rights abuses by governments and private parties, limiting individuals’ rights to free expression and creating an environment of uncertainty that also impedes innovation online. In developing, adopting, and reviewing legislation, policies and practices that govern the liability of intermediaries, interoperable and harmonized regimes that can promote innovation while respecting users’ rights in line with the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights and the United Nations Guiding Principles on Business and Human Rights are needed and should be encouraged.
An important challenge before the Information Society is that of the rise of “quantified society”, where enormous amounts of data are generated constantly, leading to great possibilities and grave concerns regarding privacy and data protection.
Reducing tensions arising from the differences between cultural and digital nationalism including on issues such as data sovereignty, data localisation, unfair trade and the need to have open markets.
Currently, there is a lack of internationally recognized venues accessible to all stakeholders for not only discussing but also acting upon many of these issues.

What should be the priorities in seeking to achieve WSIS outcomes and progress towards the Information Society, taking into account emerging trends?
All the challenges mentioned above should be a priority in achieving WSIS outcomes and ensuring innovation to lead social and economic progress in society. Digital literacy, multilingualism and addressing privacy and user data related issues need urgent attention in the global agenda. Enabling increased citizen participation thus accounting for the diverse voices that make the Internet a unique medium should also be treated as priority. Renewing the IGF mandate and giving it teeth by adopting indicators for development and progress, periodic review and working towards tangible outcomes would be beneficial to achieving the goal of a connected information society.

What are general expectations from the WSIS + 10 High Level Meeting of the United Nations General Assembly?
We would expect the WSIS+10 High Level Meeting to endorse an outcome document that seeks to d evelop a comprehensive policy framework addressing the challenges highlighted above . It would also be beneficial, if the outcome document could identify further steps to assess development made so far, and actions for overcoming the identified challenges. Importantly, this should not only be aimed at governments, but at all stakeholders. This would be useful as a future road map for regulation and would also allow us to understand the impact of Internet on society.

What shape should the outcome document take?
The outcome document should be a resolution of the UN General Assembly, with high level policy statements and adopted agreements to work towards identified indicators. It should stress the urgency of reforms needed for ICT governance that is democratic, respectful of human rights and social justice and promotes participatory policymaking. The language should promote the use of technologies and institutional architectures of governance that ensure users’ rights over data and information and recognize the need to restrict abusive use of technologies including those used for mass surveillance. Further, the outcome document should underscore the relevance of the Universal Declaration of Human Rights, including civil, political, social, economic, and cultural rights, in the Information Society.

The outcome document should also acknowledge that certain issues such as security, ensuring transnational rights, taxation, and other such cross jurisdictional issues may need greater international cooperation and should include concrete steps on how to proceed on these issues. The outcome document should acknowledge the limited progress made through outcome-less multi-stakeholder governance processes such as the Internet Governance Forum, which favour status quoism, and seek to enable the IGF to be more bold in achieving its original goals, which are still relevant. It should be frank in its acknowledgement of the lack of consensus on issues such as “enhanced cooperation” and the “respective roles” of stakeholders in multi-stakeholder processes, as brushing these difficulties under the carpet won’t help in magically building consensus. Further, the outcome document should recognize that there are varied approaches to multi-stakeholder governance.

For more details visit https://cis-india.org/internet-governance/blog/cis-submission-to-unga-wsis-review

Multi-stakeholder Advisory Group Analysis

jyoti — 2016-04-12T10:02:31Z

This analysis has been done to see the trend in the selection and rotation of the members of the Multistakeholder advisory group (MAG) in the Internet Governance Forum (IGF). The MAG has been functional for nine years from 2006-2015. The analysis is based on data procured, collated and organised by Pranesh Prakash and Jyoti Panday. Shambhavi Singh, Law Student, NLU Delhi who was interning with CIS at the time also assisted with the organisation and analysis of the data.

The researcher has collected the data from the lists of members available in the public domain from 2010-2015. The lists prior to 2010 have been procured by the Centre for Internet and society from the UN Secretariat of the Internet Governance Forum (IGF).

This research is based solely upon the members and the nature of their stake holding has been analysed in the light of MAG terms of reference. No data has been made available regarding the nomination process and the criteria on which a particular member has been re-elected to the MAG (The IGF Secretariat does not share this data).

According to the analysis, in these six years, the MAG has had around 182 members from various stakeholder groups.

We have divided it into five stakeholder groups, Government, Civil Society, Industry, Technical Community and Academia. Any overlap between two or more of these groups has also been taken into account, for example- A member of the Internet Society (ISOC) being both in the Civil Society and Technical Community.

According to the MAG Terms of Reference[1], it is the prerogative of the UN Secretary General to select MAG Members. The general policy is that the MAG members are appointed for a period of one year, which is automatically renewed for 2 more years consecutively depending on their engagement in MAG activities.

There is also a policy of rotating off 1/3^rd members of MAG every year for diversity and taking new viewpoints in consideration. There is also an exceptional circumstance where a person might continue beyond three years in case there is a lack of candidates fitting the desired area.

However, it seems like the exception has become the norm as a whopping number of members have continued beyond 3 years, ranging from 4 years up to as long as 8 years, this figure rounds up to around 49. No doubt some of them are exceptional talents and difficult to replace. However, the lack of transparency in the nomination system makes it difficult to determine the basis on which these people continued beyond the usual term.

S. No.	Stakeholder	Number of years	Total Members continuing beyond 3 years
1	Civil Society	8, 6, 6, 4, 4,	5
2	Government/Industry	4, 5	2
3	Technical community/ Civil society	8, 8, 8, 6, 6, 4, 4, 4, 4,4	10
4	Industry/ Civil society	8, 6,	2
5	Industry	8, 7, 7, 6, 6, 4,	6
6	Industry/Tech Community/ Civil Society	8,	1
7	Government	7, 7, 7, 6, 6, 6, 6, 5, 5, 5, 5, 5, 5, 4, 4, 4, 4, 4, 4,	19
8	Academia	6, 6, 5,	3
9	Industry/ Tech community	6,	1

The stakeholders that have continued beyond 8 years have around 39% members from Government and related agencies. The next being Technical Community/Civil Society with around 20% representation, followed by Industry at 12%, 10% from the Civil Society, 6% from Academia, 4% from Government/Industry, 4% from Industry/Civil Society and 2% each from Industry/Technical Community and Industry/Technical Community/Civil Society respectively.

Table with overlapping interests merged

S. No.	Stakeholder	Total Members continuing beyond 3 years
1	Civil Society	7 + 9 + 1+1 = 18
2	Government	19
3	Tech Community	9 + 1 + 1+1 = 12
4	Industry	6 + 2 + 1 + 1+2 = 13
5	Academia	3

When the overlap is grouped separately, as in if a Technical Community/Civil Society person is placed both in Technical Community and Civil Society groups individually, then the representation of stakeholder representation is as follows(approximate values)-

Government- 29%

Civil Society- 28%

Industry- 20%

Technical Community-17%

Academia-5%

This clearly shows us that stakeholders from academia generally did not stay on MAG beyond 3 years. Even when all members that have ever been on MAG are taken into consideration, only around 8% representation has been from the academic community. This needs to be taken into account when new MAG members are selected in 2016.

The researcher has also looked at the MAG Representation based on gender and UN Regional Groups. The results of the analysis were as follows-

The ratio of male members is to female members is approximately 16:9 in the MAG and the approximate value in percentage being 64% and 36% respectively.

Now coming to the UN Regional Groups, the results that the analysis yielded were as follows-

The Western European and Others Group (WEOG) has the highest representation in MAG, a large number of members being from Switzerland, USA and UK. This is followed by the Asia Pacific Group which has 20% representation. The third largest is the African group with 19% representation followed by Latin American and Caribbean Group (GRULAC) and Eastern European Group with 13% and 12% representation respectively.

The representation of developed, developing and Least Developed Countries is as follows-

Developed countries have approximately 42% representation, developing countries having 53% and LDCs having a mere 5% representation. There should be some effort to strive for better LDC representation as they are the most backward when it comes to Global ICT Penetration. [2]

[1] Intgovforum.org, 'MAG Terms Of Reference' (2015) <http://www.intgovforum.org/cms/175-igf-2015/2041-mag-terms-of-reference> accessed 13 July 2015.

[2] ICT Facts And Figures (1st edn, International Telecommunication Union 2015) <http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2015.pdf> accessed 11 July 2015.

For more details visit https://cis-india.org/internet-governance/blog/mag-analysis

Role of Intermediaries in Countering Online Abuse

jyoti — 2015-08-02T16:38:36Z

The Internet can be a hostile space and protecting users from abuse without curtailing freedom of expression requires a balancing act on the part of online intermediaries.

This got published as two blog entries in the NALSAR Law Tech Blog. Part 1 can be accessed here and Part 2 here.

As platforms and services coalesce around user-generated content (UGC) and entrench themselves in the digital publishing universe, they are increasingly taking on the duties and responsibilities of protecting rights including taking reasonable measures to restrict unlawful speech. Arguments around the role of intermediaries tackling unlawful content usually center around the issue of regulation—when is it feasible to regulate speech and how best should this regulation be enforced?

Recently, Twitter found itself at the periphery of such questions when an anonymous user of the platform, @LutyensInsider, began posting slanderous and sexually explicit comments about Swati Chaturvedi, a Delhi-based journalist. The online spat which began in February last year, culminated into Swati filing an FIR against the anonymous user, last week. Within hours of the FIR, the anonymous user deleted the tweets and went silent. Predictably, Twitter users hailed this as a much needed deterrence to online harassment. Swati’s personal victory is worth celebrating, it is an encouragement for the many women bullied daily on the Internet, where harassment is rampant. However, while Swati might be well within her legal rights to counter slander, the rights and liabilities of private companies in such circumstances are often not as clear cut.

Should platforms like Twitter take on the mantle of deciding what speech is permissible or not? When and how should the limits on speech be drawn? Does this amount to private censorship?The answers are not easy and as the recent Grand Chamber of the European Court of Human Rights (ECtHR) judgment in the case of Delfi AS v. Estonia confirms, the role of UGC platforms in balancing the user rights, is an issue far from being settled. In its ruling, the ECtHR reasoned that because of their role in facilitating expression, online platforms have a requirement “to take effective measures to limit the dissemination of hate speech and speech inciting violence was not ‘private censorship”.

This is problematic because the decision moves the regime away from a framework that grants immunity from liability, as long as platforms meet certain criteria and procedures. In other words the ruling establishes strict liability for intermediaries in relation to manifestly illegal content, even if they may have no knowledge. The 'obligation' placed on the intermediary does not grant them safe harbour and is not proportionate to the monitoring and blocking capacity thus necessitated. Consequently, platforms might be incentivized to err on the side of caution and restrict comments or confine speech resulting in censorship. The ruling is especially worrying, as the standard of care placed on the intermediary does not recognize the different role played by intermediaries in detection and removal of unlawful content. Further, intermediary liability is its own legal regime and is at the same time, a subset of various legal issues that need an understanding of variation in scenarios, mediums and technology both globally and in India.

Law and Short of IT

Earlier this year, in a leaked memo, the Twitter CEO Dick Costolo took personal responsibility for his platform's chronic problem and failure to deal with harassment and abuse. In Swati's case, Twitter did not intervene or take steps to address harrassment. If it had to, Twitter (India), as all online intermediaries would be bound by the provisions established under Section 79 and accompanying Rules of the Information Technology Act. These legislations outline the obligations and conditions that intermediaries must fulfill to claim immunity from liability for third party content. Under the regime, upon receiving actual knowledge of unlawful information on their platform, the intermediary must comply with the notice and takedown (NTD) procedure for blocking and removal of content.

Private complainants could invoke the NTD procedure forcing intermediaries to act as adjudicators of an unlawful act—a role they are clearly ill-equipped to perform, especially when the content relates to political speech or alleged defamation or obscenity. The SC judgment in Shreya Singhal addressing this issue, read down the provision (Section 79 by holding that a takedown notice can only be effected if the complainant secures a court order to support her allegation. Further, it was held that the scope of restrictions under the mechanism is restricted to the specific categories identified under Article 19(2). Effectively, this means Twitter need not take down content in the absence of a court order.

Content Policy as Due Diligence

Another provision, Rule 3(2) prescribes a content policy which, prior to the Shreya Singhal judgment was a criteria for administering takedown. This content policy includes an exhaustive list of types of restricted expressions, though worryingly, the terms included in it are not clearly defined and go beyond the reasonable restrictions envisioned under Article 19(2). Terms such as “grossly harmful”, “objectionable”, “harassing”, “disparaging” and “hateful” are not defined anywhere in the Rules, are subjective and contestable as alternate interpretation and standard could be offered for the same term. Further, this content policy is not applicable to content created by the intermediary.

Prior to the SC verdict in Shreya Singhal, actual knowledge could have been interpreted to mean the intermediary is called upon its own judgement under sub-rule (4) to restrict impugned content in order to seek exemption from liability. While liability accrued from not complying with takedown requests under the content policy was clear, this is not the case anymore. By reading down of S. 79 (3) (b) the court has addressed the issue of intermediaries complying with places limits on the private censorship of intermediaries and the invisible censorship of opaque government takedown requests as they must and should adhere, to the boundaries set by Article 19(2). Following the SC judgment intermediaries do not have to administer takedowns without a court order thereby rendering this content policy redundant. As it stands, the content policy is an obligation that intermediaries must fulfill in order to be exempted from liability for UGC and this due diligence is limited to publishing rules and regulations, terms and conditions or user agreement informing users of the restrictions on content. The penalties for not publishing this content policy should be clarified.

Further, having been informed of what is permissible users are agreeing to comply with the policy outlined, by signing up to and using these platforms and services. The requirement of publishing content policy as due diligence is unnecessary given that mandating such ‘standard’ terms of use negates the difference between different types of intermediaries which accrue different kinds of liability. This also places an extraordinary power of censorship in the hands of the intermediary, which could easily stifle freedom of speech online. Such heavy handed regulation could make it impossible to publish critical views about anything without the risk of being summarily censored.

Twitter may have complied with its duties by publishing the content policy, though the obligation does not seem to be an effective deterrence. Strong safe harbour provisions for intermediaries are a crucial element in the promotion and protection of the right to freedom of expression online. By absolving platforms of responsibility for UGC as long as they publish a content policy that is vague and subjective is the very reason why India’s IT Rules are in fact, in urgent need of improvement.

Size Matters

The standards for blocking, reporting and responding to abuse vary across different categories of platforms. For example, it may be easier to counter trolls and abuse on blogs or forums where the owner or an administrator is monitoring comments and UGC. Usually platforms outline monitoring and reporting policies and procedures including recourse available to victims and action to be taken against violators. However, these measures are not always effective in curbing abuse as it is possible for users to create new accounts under different usernames. For example, in Swati’s case the anonymous user behind @LutyensInsider account changed their handle to @gregoryzackim and @gzackim before deleting all tweets. In this case, perhaps the fear of criminal charges ahead was enough to silence the anonymous user, which may not always be the case.

Tackling the Trolls

Most large intermediaries have privacy settings which restrict the audience for user posts as well as prevent strangers from contacting them as a general measure against online harassment. Platforms also publish monitoring policy outlining the procedure and mechanisms for users to register their complaint or report abuse. Often reporting and blocking mechanisms rely on community standards and users reporting unlawful content. Last week Twitter announced a new feature allowing lists of blocked users to be shared between users. An improvement on existing mechanism for blocking, the feature is aimed at making the service safer for people facing similar issues and while an improvement on standard policies defining permissible limits on content, such efforts may have their limitations.

The mechanisms follow a one-size-fits-all policy. First, such community driven efforts do not address concerns of differences in opinion and subjectivity. Swati in defending her actions stressed the “coarse discourse” prevalent on social media, though as this article points out she might be assumed guilty of using offensive and abusive language. Subjectivity and many interpretations of the same opinion can pave the way for many taking offense online. Earlier this month, Nikhil Wagle’s tweets criticising Prime Minister Narendra Modi as a “pervert” was interpreted as “abusive”, “offensive” and “spreading religious disharmony”. While platforms are within their rights to establish policies for dealing with issues faced by users, there is a real danger of them doing so for “political reasons” and based on “popularity” measures which may chill free speech. When many get behind a particular interpretation of an opinion, lawful speech may also be stifled as Sreemoyee Kundu found out. A victim of online abuse her account was blocked by Facebook owing to multiple reports from a “faceless fanatical mob”. Allowing the users to set standards of permissible speech is an improvement, though it runs the risk of mob justice and platforms need to be vigilant in applying such standards.

While it may be in the interest of platforms to keep a hands off approach to community policies, certain kind of content may necessiate intervention by the intermediary. There has been an increase in private companies modifying their content policy to place reasonable restriction on certain hateful behaviour in order to protect vulnerable or marginalised voices. Twitter and Reddit's policy change in addressing revenge porn are reflective of a growing understanding amongst stakeholders that in order to promote free expression of ideas, recognition and protection of certain rights on the Internet may be necessary. However, any approach to regulate user content must assess the effect of policy decisions on user rights. Google's stand on tackling revenge porn may be laudable, though the decision to push down 'piracy' sites in its search results could be seen to adversely impact the choice that users have. Terms of service implemented with subjectivity and lack of transparency can and does lead to private censorship.

The Way Forward

Harassment is damaging, because of the feeling of powerlessness that it invokes in the victims and online intermediaries represent new forms of power through which users' negotiate and manage their online identity. Content restriction policies and practices must address this power imbalance by adopting baseline safeguards and best practices. It is only fair that based on principles of equality and justice, intermediaries be held responsible for the damage caused to users due to wrongdoings of other users or when they fail to carry out their operations and services as prescribed by the law. However, in its present state, the intermediary liability regime in India is not sufficient to deal with online harassment and needs to evolve into a more nuanced form of governance.

Any liability framework must evolve bearing in mind the slippery slope of overbroad regulation and differing standards of community responsibility. Therefore, a balanced framework would need to include elements of both targeted regulation and soft forms of governance as liability regimes need to balance fundamental human rights and the interests of private companies. Often, achieving this balance is problematic given that these companies are expected to be adjudicators and may also be the target of the breach of rights, as is the case in Delfi v Estonia. Global frameworks such as the Manila Principles can be a way forward in developing effective mechanisms. The determination of content restriction practices should always adopt the least restrictive means of doing so, distinguishing between the classes of intermediary. They must evolve considering the proportionality of the harm, the nature of the content and the impact on affected users including the proximity of affected party to content uploader.

Further, intermediaries and governments should communicate a clear mechanism for review and appeal of restriction decisions. Content restriction policies should incorporate an effective right to be heard. In exceptional circumstances when this is not possible, a post facto review of the restricton order and its implementation must take place as soon as practicable. Further, unlawful content restricted for a limited duration or within a specific geography, must not extend beyond these limits and a periodic review should take place to ensure the validity of the restriction. Regular, systematic review of rules and guidelines guiding intermediary liability will go a long way in ensuring that such frameworks are not overly burdensome and remain effective.

For more details visit https://cis-india.org/internet-governance/blog/role-of-intermediaries-in-counting-online-abuse

IANA Transition Stewardship & ICANN Accountability (II)

jyoti — 2015-07-31T15:47:20Z

This paper is the second in a multi-part series, in which we provide an overview of submitted proposals and highlight areas of concern that will need attention moving forward. The series is a work in progress and will be updated as the processes move forward. It is up for public comments and we welcome your feedback.

The discussions and the processes established for transition plan have moved rapidly, though not fast enough—given the complicated legal and technical undertaking it is. ICG will be considering the submitted proposals and moving forward on consultations and recommendations for pending proposals. ICANN53 saw a lot of discussion on the implementation of the proposals from the numbers and protocols community, while the CWG addressed the questions related to the 2^nd draft of the names community proposal. The Protocol Parameters (IANA PLAN Working Group) submitted to ICG on 6 January 2015, while the Numbering Resources (CRISP Team) submitted on 15 January 2015. The Domain Names (CWG-Stewardship) submitted its second draft to ICG on 25 June 2015. The ICG had a face-to-face meeting in Buenos Aires and their proposal to transition the stewardship of the IANA functions is expected to be out for public comment July 31 to September 8, 2015. Parallelly, the CCWG on Enhancing ICANN Accountability offered its first set of proposals for public comment in June 2015 and organised two working sessions at ICANN'53. More recently, the CCWG met in Paris focusing on the proposed community empowerment mechanisms, emerging concerns and progress on issues so far.

Number and Protocols Proposals

The numbering and the protocol communities have developed and approved their plans for the transition. Both communities are proposing a direct contractual relationship with ICANN, in which they have the ability to end the contract on their terms. The termination clause has seen push back from ICANN and teams involved in the negotiations have revealed that ICANN has verbally represented that they will reject any proposed agreement in which ICANN is not deemed the sole source prime contractor for IANA functions in perpetuity.[1] The emerging contentious negotiations on the issue of separability i.e., the ability to change to a different IANA functions operator, is an important issue.[2] As Milton Mueller points out, ICANN seems to be using these contract negotiations to undo the HYPERLINK "http://www.internetgovernance.org/2015/04/28/icann-wants-an-iana-functions-monopoly-and-its-willing-to-wreck-the-transition-process-to-get-it/#comment-40045"community process and that ICANN’s staff members are viewing themselves, rather than the formal IANA transition process shepherded by the ICG, as the final authority on the transition.[3] The attempts of ICANN Staff to influence or veto ideas regarding what solutions will be acceptable to NTIA and the Congress goes beyond its mandate to facilitate the transition dialogue. The ARIN meeting[4] and the process of updating MoU with IETF which mandates supplementary SLAs[5] are examples of ICANN leveraging its status as the incumbent IANA functions operator, with which all three operational communities must negotiate, to ensure that the outcome of the IANA transition process does not threaten its control.

Names Proposal

Recently, the CWG working on recommendations for the names related functions provided an improved 2nd draft of their earlier complex proposal which attempts to resolve the internal-external debate with a middle ground, with the creation of Post-Transition IANA (PTI). PTI a subsidiary/affiliate of the current contract-holder, ICANN, will be created and handed the IANA contract and its related technology and staff. Therefore, ICANN takes on the role of the contracting authority and PTI as the contracted party will perform the names-related IANA functions. Importantly, under the new proposal CWG has done away altogether with the requirement of “authorisation” to root zone changes and the reasons for this decision have not been provided. The proposal also calls for creation of a Customer Standing Committee (CSC) to continuously monitor the performance of IANA and creation a periodic review process, rooted in the community, with the ability to recommend ICANN relinquishing its role in names-related IANA functions, if necessary. A key concern area is the external oversight mechanism Multistakeholder Review Team– has been done away with. This is a significant departure from the version placed for public comment in December 2014. It is expected that clarification will be sought from the CWG on how it has factored in inputs from the first round of public comments.

Consensus around the CWG 2nd Draft

There is a growing consensus around the model proposed—the numbers community has commented on the proposal that it does "not foresee any incompatibility between the CWG's proposal”.[6] On the IANA PLAN list, members of the protocols community have also expressed willingness to accept the new arrangement to keep all the IANA functions together in PTI during the transition and view this as merely a reorganization.[7] However, acceptance of the proposal is pending till clarification related to how the PTI will be set up and its legal standing and scope are provided.

Structure of PTI

Presently, two corporate forms are being considered for the PTI, a nonprofit public benefit corporation (PBC) or a limited liability corporation (LLC), with a single member, ICANN, at its outset. Milton Mueller has advocated for the incorporation of PTI as a PBC rather than as a LLC, with its board composed of a mix of insiders and outsiders.[8] He is of the view that LLC form makes the implementation of PTI much more complex and risky as the CWG would need to debate mechanisms of control for the PTI as part of the transition process. The choice of structure is important as it will define the limitations and responsibilities that will be placed on the PTI Board—an important and necessary accountability mechanism.

Broadly, the division of views is around selection of the Board Members that is if they should be chosen either by IANA's customers or representative groups within ICANN or solely by the Board. The degree of autonomy which the PTI has given the existing ICANN structure is also a key developing question. Debate on autonomy of PTI are broadly centered around two distinct views of PTI being incorporated in a different country, to prevent ICANN from slowly subsuming the organization. The other view endorsed by ICANN states that a high degree of autonomy risks creates additional bureaucracy and process for no discernible improvement in actual services.

Functional Separability

Under the CWG-Stewardship draft proposal, ICANN would assume the role currently fulfilled by NTIA (overseeing the IANA function), while PTI would assume the role currently played by ICANN (the IANA functions operator). A divisive area here is that the goal of “functional separation” is defeated with PTI being structured as an “affiliate” wholly owned subsidiary, as it will be subject to management and policies of ICANN. From this view, while ICANN as the contracting party has the right of selecting future IANA functions operators, the legal and policy justification for this has not been provided. It is expected that ICANN'53 will see discussions around the PTI will focus on its composition, legal standing and applicability of the California law.

Richard Hill is of the view that the details of how PTI would be set up is critical for understanding whether or not there is "real" separation between ICANN and PTI leading to the conclusion of a meaningful contract in the sense of an agreement between two separate entities.[9] This functional separation and autonomy is granted by the combination of a legally binding contract, CSC oversight, periodic review and the possibility of non-renewal of the contract.[10]

Technical and policy roles - ICANN and PTI

The creation of PTI splits the technical and policy functions between ICANN and PTI. The ICANN Board comments on CWG HYPERLINK "http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/pdfrIUO5F9nY4.pdf"PrHYPERLINK "http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/pdfrIUO5F9nY4.pdf"oHYPERLINK "http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/pdfrIUO5F9nY4.pdf"posal also confirm PTI having no policy role, nor it being intended to in the future, and that while it will have control of the budget amounts ceded to it by ICANN the funding of the PTI will be provided by ICANN as part of the ICANN budgeting process.[11] The comments from the Indian government on the proposal states this as an issue of concern, as it negates ICANN's present role as a merely technical coordination body. The concerns stem from placing ICANN in the role of the perpetual contracting authority for the IANA function makes ICANN the sole venue for decisions relating to naming policy as well as the entity with sole control over the PTI under the present wholly subsidiary entity.[12]

Key areas of work related to the distinction between the PTI and ICANN policy and technical functions include addressing how the new PFI Board would be structured, what its role would be, and what the legal construction between it and ICANN. The ICANN Board too has sought some important clarifications on its relationship as a parent body including areas where the PTI is separate from ICANN and areas where CWG sees shared services as being allowable (shared office space, HR, accounting, legal, payroll). It also sought clarification on the line of reporting, duties of the PTI Directors and alignment of PTI corporate governance with that of ICANN.

The Swedish government has commented that the next steps in this process would be clarification of the process for designing the PTI-IANA contract, a process to establish community consent before entering the contract, explicit mention of whom the contracting parties are and what their legal responsibilities would be in relation to it.[13]

Internal vs External Accountability

The ICANN Board, pushing for an internal model of full control of IANA Functions is of the view that a more independent PTI could somehow be "captured" and used to thwart the policies developed by ICANN. However, others have pointed out that under proposed structure PTI has strong ties to ICANN community that implements the policies developed by ICANN.[14] With no funding and no authority other than as a contractor of ICANN, if PTI is acting in a manner contrary to its contract it would be held in breach and could be replaced under the proposal.

Even so, as the Indian government has pointHYPERLINK "http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/pdfJGK6yVohdU.pdf"edHYPERLINK "http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/pdfJGK6yVohdU.pdf" out from the point of view of institutional architecture and accountability, this model is materially worse off than the status quo.[15]

The proposed PTI and ICANN relationship places complete reliance on internal accountability mechanisms within ICANN, which is not a prudent institutional design. The Indian government anticipates a situation where, in the event there is customer/ stakeholder dissatisfaction with ICANN’s role in naming policy development, there would be no mechanism to change the entity which fulfils this role. They feel that the earlier proposal for the creation of a Contract Co, a lightweight entity with the sole purpose of being the repository of contracting authority, and award contracts including the IANA Functions Contract provided a much more effective mechanism for external accountability. While the numbers and protocol communities have proposed a severable contractual relationship with ICANN for the performance of its SLAs no such mechanism exists with respect to ICANN's role in policy development for names.

Checks and Balances

Under the current proposal the Customer Standing Committee (CSC) has the role, of constantly reviewing the technical aspects of the naming function as performed by PTI. This, combined with the proposed periodic IANA Function Review (IFR), would act as a check on the PTI. The current draft proposal does not specify what will be the consequence of an unfavourable IANA Functions Review.

Some other areas of focus going forward relate to the IFR team inclusion in ICANN bylaws along the lines of the AOC established in 2009.[16] Also, ensuring the IFR team clarifies the scope of separability. The circumstances and procedures in place for pulling the IANA contract away if it has been established that ICANN is not fulfilling it contractual agreements. This will be a key accountability mechanism and deterrent for ICANN controlling the exercise of its influence.

CCWG Accountability

Work Stream (WS1): Responsible for drafting a mechanism for enhancing ICANN accountability, which must be in place before the IANA stewardship transition.

Work Stream (WS2): Addressing long term accountability topics which may extend beyond the IANA Stewardship Transition.

The IANA transition was recognized to be dependent on ICANN’s wider accountability, and this has exposed the trust issues between community and leadership and the proposal must be viewed in this context. The CCWG Draft Proposal attempts 4 significant new undertakings:

A. Restating ICANN’s Mission, Commitments, and Core Values, and placing those into the ICANN Bylaws. The CCWG has recommended that some segments of the Affirmation of Commitments (AOC)– a contract on operating principles agreed upon between ICANN and the United States government – be absorbed into the Corporation’s bylaws.

B. Establishing certain bylaws as “Fundamental Bylaws” that cannot be altered by the ICANN Board acting unilaterally, but over which stakeholders have prior approval rights;

C. Creating a formal “membership” structure for ICANN, along with “community empowerment mechanisms”. Some of the community empowerment mechanisms including (a) remove individual Board members, (b) recall the entire Board, (c) veto or approve changes to the ICANN Bylaws, Mission Statement, Commitments, and Core Values; and (d) to veto Board decisions on ICANN’s Strategic Plan and its budget;

D. Enhancing and strengthening ICANN's Independent Review Process (IRP) by creating a standing IRP Panel empowered to review actions taken by the corporation for compliance both with stated procedures and with the Bylaws, and to issue decisions that are binding upon the ICANN Board.

The key questions likely to be raised at ICANN 53 on several of these proposals will likely concern how these empowerment mechanisms affect the “legal nature” of the community.

Membership and Accountability

At the heart of the distrust between the ICANN Board and the community is the question of membership. ICANN as a corporation is a private sector body that is largely unregulated, with no natural competitors, cash-rich and directly or indirectly supports many of its participants and other Internet governance processes. Without effective accountability and transparency mechanisms, the opportunities for distortion, even corruption, are manifold. In such an environment, placing limitations on the Board’s power is critical to invoke trust. Three keys areas of accountability related to the Board include: no mechanisms for recall of individual board directors; the board’s ability to amend the company’s constitution (its bylaws), and the track record of board reconsideration requests.[17]

With no membership, ICANN’s directors represent the end of the line in terms of accountability. While there is a formal mechanism to review board decisions, the review is conducted by a subset of the same people. The CCWG’s proposal to create SOs/ACs as unincorporated “members” with Articles of Association has met with a lot of discussion, especially in the Governmental Advisory Council (GAC).[18] The GAC has posed several critical questions on this set up, some of which are listed here:

Can a legal person created and acting on behalf of the GAC become a member of ICANN, even though the GAC does not appoint Board members?
If GAC does not wish to become a member, how could it still be associated to the exercise of the 6 (community empowerment mechanisms) powers?
It is still unclear what the liability of members of future “community empowered structures” would be.
What are the legal implications on rights, obligations and liabilities of an informal group like the GAC creating an unincorporated association (UA) and taking decisions as such UA, from substantial (like exercising the community powers) to clerical (appointing its board, deciding on its financing) and whether there are implications when the members of such an UA are Governments?

Any proposal to strengthen accountability of ICANN needs to provide for membership so that there is ability to remove directors, creates financial accountability by receiving financial accounts and appointing editors and can check the ICANN’s board power to change bylaws without recourse to a higher authority.

Constitutional Undertaking

David Post and Danielle Kehl have pointed out that the CCWG correctly identifies the task it is undertaking – to ensure that ICANN’s power is adequately and appropriately constrained – as a “constitutional” one.[19] Their interpretation is based on the view that even if ICANN is not a true “sovereign,” it can usefully be viewed as one for the purpose of evaluating the sufficiency of checks on its power. Subsequently, the CCWG Draft Proposal, and ICANN’s accountability post-transition, can be understood and analyzed as a constitutional exercise, and that the transition proposal should meet constitutional criteria. Further, from this view the CCWG draft reflects the reformulation of ICANN around the broadly agreed upon constitutional criteria that should be addressed. These include:

A clear enumeration of the powers that the corporation can exercise, and a clear demarcation of those that it cannot exercise.
A division of the institution’s powers, to avoid concentrating all powers in one set of hands, and as a means of providing internal checks on its exercise.
Mechanism(s) to enforce the constraints of (1) and (2) in the form of meaningful remedies for violations.

Their comments reflect that they support CCWG in their approach and progress made in designing a durable accountability structure for a post-transition ICANN. However, they have stressed that a number of important omissions and/or clarifications need to be addressed before they can be confident that these mechanisms will, in practice, accomplish their mission. One such suggestion relates to ICANN’s policy role and PTI technical role separability. Given ICANN’s position in the DNS hierarchy gives it the power to impose its policies, via the web of contracts with and among registries, registrars, and registrants, on all users of the DNS, a constitutional balance for the DNS must preserve and strengthen the separation between DNS policy-making and policy-implementation. Importantly, they have clarified that even if ICANN has the power to choose what policies are in the best interest of the community it is not free to impose them on the community. ICANN's role is a critical though narrow one: to organize and coordinate the activities of that stakeholder community – which it does through its various Supporting Organizations, Advisory Committees, and Constituencies – and to implement the consensus policies that emerge from that process. Their comments on the CCWG draft call for stating this clarification explicitly and institutionalizing separability to be guided by this critical safeguard against ICANN’s abuse of its power over the DNS.

An effective implementation of this limitation will help clarify the role mechanisms being proposed such as the PTI and is critical for creating sustainable mechanisms, post-transition. More importantly, clarifying ICANN’s mission would ensure that in the post-transition communities could challenge its decisions on the basis that it is not pertaining to the role outlined or based on strengthening the stability and security of the DNS. Presently, it is very unclear where ICANN can interfere in terms of policymaking and implementation.

Other Issues

Other issues expected to be raised in the context of ICANN's overall accountabiltiy will likey concern the following:

Strengthening financial transparency and oversight

Given the rapid growth of the global domain name industry, one would imagine that ICANN is held up to the same standard of accountability as laid down in the right to information mechanisms countries such as India. CIS has been raising this issue for a while and has managed to received the list of ICANN’s current domain name revenues.[20]

By sharing this information, ICANN has shown itself responsive to repeated requests for transparency however, the shared revenue data is only for the fiscal year ending June 2014, and historical revenue data is still not publicly available. Neither is a detailed list (current and historical) of ICANN’s expenditures publicly available. Accountability mechanisms and discussions must seek that ICANN provide the necessary information during its regular Quarterly Stakeholder Reports, as well as on its website.

Strengthening transparency

A key area of concern is ICANN's unchecked influence and growing role as an institution in the IG space. Seen in the light of the impending transition, the transparency concerns gain significance and given ICANN's vocal interests in maintaining the status quo of its role in DNS Management. While financial statements (current and historic) are public and community discussions are generally open, the complexity of the contractual arrangements in place tracking the financial reserves available to ICANN through these processes are not sufficient.

Further, ICANN as a monopoly is presently constrained only by the NTIA review and few internal mechanisms like the Documentary Information Disclosure Policy (DIDP)[21], Ombudsman[22], Reconsideration and Independent Review[23] and the Accountability and Transparency Review (ATRT)[24]. These mechanisms are facing teething issues and some do not conform to the principles of natural justice. For example, a Reconsideration Request can be filed if one is aggrieved by an action of ICANN’s Board or staff. Under ICANN’s By-laws, it is the Board Governance Committee, comprising ICANN Board members, that adjudicates Reconsideration Requests.[25]

Responses to the DIDP requests filed by CIS reveal that the mechanism in its current form, is not sufficient to provide the transparency necessary for ICANN’s functioning. For instance, in the response to DIDP pertaining to the Ombudsman Requests[26], ICANN cites confidentiality as a reason to decline providing information as making Ombudsman Requests public would violate ICANN Bylaws, toppling the independence and integrity of the Ombudsman. Over December ’14 and January ’15, CIS sent 10 DIDP requests to ICANN with an aim was to test and encourage discussions on transparency from ICANN. We have received responses for 9 of our requests, and in 7 of those responses ICANN provides very little new information and moving forward we would stress the improvements of existing mechanisms along with introduction of new oversight and reporting parameters towards facilitating the transition process.[27]

[1]John Sweeting and others, 'CRISP Process Overview' (ARIN 35, 2015) https://regmedia.co.uk/2015/04/30/crisp_panel.pdf

[2]Andrew Sullivan, [Ianaplan] Update On IANA Transition & Negotiations With ICANN (2015), Email http://www.ietf.org/mail-archive/web/ianaplan/current/msg01680.html

[3]Milton Mueller, ‘ICANN WANTS AN IANA FUNCTIONS MONOPOLY – WILL IT WRECK THE TRANSITION PROCESS TO GET IT?’ (Internet Governance Project, 28 April 2015) http://www.internetgovernance.org/2015/04/28/icann-wants-an-iana-functions-monopoly-and-its-willing-to-wreck-the-transition-process-to-get-it/#comment-40045

[4]Tony Smith, 'Event Wrap: ICANN 52' (APNIC Blog, 20 February 2015) http://blog.apnic.net/2015/02/20/event-wrap-icann-52/

[5]Internet Engineering Task Force, 'IPROC – IETF Protocol Registries Oversight Committee' (2015) https://www.ietf.org/iana/iproc.html

[6]Axel Pawlik, Numbers Community Proposal Contact Points With CWG’S Draft IANA Stewardship Transition Proposal (2015), Email http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/msg00003.html

[7]Jari Arkko, Re: [Ianaplan] CWG Draft And Its Impact On The IETF (2015), Email http://www.ietf.org/mail-archive/web/ianaplan/current/msg01843.html

[8]Milton Mueller, Comments Of The Internet Governance Project (2015), Email http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/msg00021.html

[9]Richard Hill, Initial Comments On CWG-Stewardship Draft Proposal (2015), Email http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/msg00000.html

[10]Brenden Kuerbis, 'Why The Post-Transition IANA Should Be A Nonprofit Public Benefit Corporation' (Internet Governance Project, 18 May 2015) http://www.internetgovernance.org/2015/05/18/why-the-post-transition-iana-should-be-a-nonp

[11]ICANN Board Comments On 2Nd Draft Proposal Of The Cross Community Working Group To Develop An IANA Stewardship Transition Proposal On Naming Related Functions (20 May 2015) http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/pdfrIUO5F9nY4.pdf

[12]Comments Of Government Of India On The ‘2nd Draft Proposal Of The Cross Community Working Group To Develop An IANA Stewardship Transition Proposal On Naming Related Functions’ (2015) http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/pdfJGK6yVohdU.pdf

[13]Anders Hektor, Sweden Comments To CWG-Stewardship (2015), Email http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/msg00016.html

[14]Brenden Kuerbis, 'Why The Post-Transition IANA Should Be A Nonprofit Public Benefit Corporation |' (Internet Governance Project, 18 May 2015) http://www.internetgovernance.org/2015/05/18/why-the-post-transition-iana-should-be-a-nonprofit-public-benefit-corporation/

[15]Comments Of Government Of India On The ‘2nd Draft Proposal Of The Cross Community Working Group To Develop An IANA Stewardship Transition Proposal On Naming Related Functions’ (2015) http://forum.icann.org/lists/comments-cwg-stewardship-draft-proposal-22apr15/pdfJGK6yVohdU.pdf

[16]Kieren McCarthy, 'Internet Kingmakers Drop Ego, Devise Future Of DNS, IP Addys Etc' (The Register, 24 April 2015) http://www.theregister.co.uk/2015/04/24/internet_kingmakers_drop_ego_devise_future_of_the_internet/

[17]Emily Taylor, ICANN: Bridging The Trust Gap (Paper Series No. 9, Global Commission on Internet Governance March 2015) https://regmedia.co.uk/2015/04/02/gcig_paper_no9-iana.pdf

[18]Milton Mueller, 'Power Shift: The CCWG’S ICANN Membership Proposal' (Internet Governance Project, 4 June 2015) http://www.internetgovernance.org/2015/06/04/power-shift-the-ccwgs-icann-membership-proposal/

[19]David Post, Submission Of Comments On CCWG Draft Initial Proposal (2015), Email http://forum.icann.org/lists/comments-ccwg-accountability-draft-proposal-04may15/msg00050.html

[20] Hariharan, 'ICANN reveals hitherto undisclosed details of domain names revenues', 8 December, 2014 See: http://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014

[21] ICANN, Documentary Information Disclosure Policy See: https://www.icann.org/resources/pages/didp-2012-02-25-en

[22] ICANN Accountability, Role of the Ombudsman https://www.icann.org/resources/pages/accountability/ombudsman-en

[23] ICANN Reconsideration and independent review, ICANN Bylaws, Article IV, Accountability and Review https://www.icann.org/resources/pages/reconsideration-and-independent-review-icann-bylaws-article-iv-accountability-and-review

[24] ICANN Accountability and Transparency Review Final Recommendations https://www.icann.org/en/system/files/files/final-recommendations-31dec13-en.pdf

[25] ICANN Bylaws Article iv, Section 2 https://www.icann.org/resources/pages/governance/bylaws-en#IV

[26] ICANN Response to DIDP Ombudsman https://www.icann.org/resources/pages/20141228-1-ombudsman-2015-01-28-en

[27] Table of CIS DIDP Requests See: http://cis-india.org/internet-governance/blog/table-of-cis-didp-requests/at_download/file

For more details visit https://cis-india.org/internet-governance/blog/iana-transition-stewardship-and-icann-accountability-2

IANA Transition Stewardship & ICANN Accountability (I)

jyoti — 2015-07-31T14:56:26Z

This paper is the first in a multi-part series, in which we provide a background to the IANA transition and updates on the ensuing processes. An attempt to familiarise people with the issues at stake, this paper will be followed by a second piece that provides an overview of submitted proposals and areas of concern that will need attention moving forward. The series is a work in progress and will be updated as the processes move forward. It is up for public comments and we welcome your feedback.

In developing these papers we have been guided by Kieren McCarthy's writings in The Register, Milton Mueller writings on the Internet Governance Project, Rafik Dammak emails on the mailings lists, the constitutional undertaking argument made in the policy paper authored by Danielle Kehl & David Post for New America Foundation.

Introduction

The 53rd ICANN conference in Buenos Aires was pivotal as it marked the last general meeting before the IANA transition deadline on 30th September, 2015. The multistakeholder process initiated seeks communities to develop transition proposals to be consolidated and reviewed by the the IANA Stewardship Transition Coordination Group (ICG). The names, number and protocol communities convened at the conference to finalize the components of the transition proposal and to determine the way forward on the transition proposals. The Protocol Parameters (IANA PLAN Working Group) submitted to ICG on 6 January 2015, while the Numbering Resources (CRISP Team) submitted on 15 January 2015. The Domain Names (CWG-Stewardship) submitted its second draft to ICG on 25 June 2015. The ICG had a face-to-face meeting in Buenos Aires and their proposal to transition the stewardship of the IANA functions is expected to be out for public comment July 31 to September 8, 2015.

Parallelly, the CCWG on Enhancing ICANN Accountability offered its first set of proposals for public comment in June 2015 and organised two working sessions at ICANN'53. More recently, the CCWG met in Paris focusing on the proposed community empowerment mechanisms, emerging concerns and progress on issues so far. CIS reserves its comments to the CCWG till the second round of comments expected in July.

This working paper explains the IANA Transition, its history and relevance to management of the Internet. It provides an update on the processes so far, including the submissions by the Indian government and highlights areas of concern that need attention going forward.

How is IANA Transition linked to DNS Management?

The IANA transition presents a significant opportunity for stakeholders to influence the management and governance of the global network. The Domain Name System (DNS), which allows users to locate websites by translating the domain name with corresponding Internet Protocol address, is critical to the functioning of the Internet. The DNS rests on the effective coordination of three critical functions—the allocation of IP Addresses (the numbers function), domain name allocation (the naming function), and protocol parameters standardisation (the protocols function).

History of the ICANN-IANA Functions contract

Initially, these key functions were performed by individuals and public and private institutions. They either came together voluntarily or through a series of agreements and contracts brokered by the Department of Commerce’s National Telecommunications and Information Administration (NTIA) and funded by the US government. With the Internet's rapid expansion and in response to concerns raised about its increasing commercialization as a resource, a need was felt for the creation of a formal institution that would take over DNS management. This is how ICANN, a California-based private, non-profit technical coordination body, came at the helm of DNS and related issues. Since then, ICANN has been performing the Internet Assigned Numbers Authority (IANA) functions under a contract with the NTIA, and is commonly referred to as the IANA Functions Operator.

IANA Functions

In February 2000, the NTIA entered into the first stand-alone IANA Functions HYPERLINK "http://www.ntia.doc.gov/files/ntia/publications/sf_26_pg_1-2-final_award_and_sacs.pdf"contract[1] with ICANN as the Operator. While the contractual obligations have evolved over time, these are largely administrative and technical in nature including:

(1) the coordination of the assignment of technical Internet protocol parameters;

(2) the allocation of Internet numbering resources; and

(3) the administration of certain responsibilities associated with the Internet DNS root zone management;

(4) other services related to the management of the ARPA and top-level domains.

ICANN has been performing the IANA functions under this oversight, primarily as NTIA did not want to let go of complete control of DNS management. Another reason was to ensure NTIA's leverage in ensuring that ICANN’s commitments, conditional to its incorporation, were being met and that it was sticking to its administrative and technical role.

Root Zone Management—Entities and Functions Involved

NTIA' s involvement has been controversial particularly in reference to the Root Zone Management function, which allows allows for changes to the HYPERLINK "http://www.internetsociety.org/sites/default/files/The Internet Domain Name System Explained for Non-Experts (ENGLISH).pdf"highest level of the DNS namespace[2] by updating the databases that represent that namespace. DNS namespace is defined to be the set of names known as top-level domain names or TLDs which may be at the country level (ccTLDs or generic (gTLDs). This HYPERLINK "https://static.newamerica.org/attachments/2964-controlling-internet-infrastructure/IANA_Paper_No_1_Final.32d31198a3da4e0d859f989306f6d480.pdf"function to maintain the Root was split into two parts[3]—with two separate procurements and two separate contracts. The operational contract for the Primary (“A”) Root Server was awarded to VeriSign, the IANA Functions Contract—was awarded to ICANN.

These contracts created contractual obligations for ICANN as IANA Root Zone Management Function Operator, in co-operation with Verisign as the Root Zone Maintainer and NTIA as the Root Zone Administrator whose authorisation is explicitly required for any requests to be implemented in the root zone. Under this contract, ICANN had responsibility for the technical functions for all three communities under the IANA Functions contract.

ICANN also had policy making functions for the names community such as developing HYPERLINK "https://www.iana.org/domains/root/files"rules and procedures and policies under HYPERLINK "https://www.iana.org/domains/root/files"which any changes to the Root Zone File[4] were to be proposed, including the policies for adding new TLDs to the system. The policy making of numbers and protocols is with IETF and RIRs respectively. HYPERLINK "http://www.ntia.doc.gov/files/ntia/publications/ntias_role_root_zone_management_12162014.pdf"NTIA role in root zone management[5] is clerical and judgment free with regards to content. It authorizes implementation of requests after verifying whether procedures and policies are being followed.

This contract was subject to extension by mutual agreement and failure of complying with predefined commitments could result in the re-opening of the contract to another entity through a Request For Proposal (RFP). In fact, in 2011 HYPERLINK "http://www.ntia.doc.gov/files/ntia/publications/11102011_solicitation.pdf"NTIA issued a RFP pursuant to ICANN HYPERLINK "http://www.ntia.doc.gov/files/ntia/publications/11102011_solicitation.pdf"'HYPERLINK "http://www.ntia.doc.gov/files/ntia/publications/11102011_solicitation.pdf"s Conflict of Interest Policy.[6]

Why is this oversight needed?

The role of the Administrator becomes critical for ensuring the security and operation of the Internet with the Root Zone serving as the directory of critical resources. In December 2014, HYPERLINK "http://www.theregister.co.uk/2015/04/30/confidential_information_exposed_over_300_times_in_icann_security_snafu/"a report revealed 300 incidents of internal security breaches[7] some of which were related to the Centralized Zone Data System (CZDS) – where the internet core root zone files are mirrored and the WHOIS portal. In view of the IANA transition and given ICANN's critical role in maintaining the Internet infrastructure, the question which arises is if NTIA will let go of its Administrator role then which body should succeed it?

Transition announcement and launch of process

On 14 March 2014, the NTIA HYPERLINK "http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions"announced[8] “its intent to transition key Internet domain name functions to the global multistakeholder community”. These key Internet domain name functions refer to the IANA functions. For this purpose, the NTIA HYPERLINK "http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions"asked[9] the Internet Corporation for Assigned Names and Numbers (ICANN) to convene a global multistakeholder process to develop a transition proposal which has broad community support and addresses the following four principles:

Support and enhance the multistakeholder model;
Maintain the security, stability, and resiliency of the Internet DNS;
Meet the needs and expectation of the global customers and partners of the IANA services; and
Maintain the openness of the Internet.

The transition process has been split according to the three main communities naming, numbers and protocols.

Structure of the Transition Processes

ICANN performs both technical functions and policy-making functions. The technical functions are known as IANA functions and these are performed by ICANN are for all three communities.

I. Naming function: ICANN performs technical and policy-making for the names community. The technical functions are known as IANA functions and the policy-making functions relates to their role in deciding whether .xxx or .sucks should be allowed amongst other issues. There are two parallel streams of work focusing on the naming community that are crucial to completing the transition. The first, Cross-Community Working Group to Develop an IANA Stewardship Transition Proposal on Naming Related Functions will enable NTIA to transition out of its role in the DNS. Therefore, accountability of IANA functions is the responsibility of the CWG and accountability of policy-making functions is outside its scope. CWG has submitted its second draft to the ICG.

The second, Cross-Community Working Group on Accountability (CCWG-Accountability) is identifying necessary reforms to ICANN’s bylaws and processes to enhance the organization’s accountability to the global community post-transition. Therefore accountability of IANA functions is outside the scope of the CCWG. The CCWG on Enhancing ICANN Accountability offered its first set of proposals for public comment in June 2015.

II. Numbers function: ICANN performs only technical functions for the numbers community. The policy-making functions for numbers are performed by RIRs. CRISP is focusing on the IANA functions for numbers and has submitted their proposal to the ICG earlier this year.

III. Protocols function: ICANN performs only technical functions for the protocols community. The policy-making functions for protocols are performed by IETF. IETF-WG is focusing on the IANA functions for protocols and has submitted their proposal to the ICG earlier this year.

Role of ICG

After receiving the proposals from all three communities the ICG must combine these proposals into a consolidated transition proposal and then seek public comment on all aspects of the plan. ICG’s role is crucial, because it must build a public record for the NTIA on how the three customer group submissions tie together in a manner that ensures NTIA’s HYPERLINK "http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions"criteria[10] are met and institutionalized over the long term. Further, ICG's final submission to NTIA must include a plan to enhance ICANN’s accountability based on the CCWG-Accountability proposal.

NTIA Leverage

Reprocurement of the IANA contract is HYPERLINK "http://www.newamerica.org/oti/controlling-internet-infrastructure/"essential for ICANN HYPERLINK "http://www.newamerica.org/oti/controlling-internet-infrastructure/"'HYPERLINK "http://www.newamerica.org/oti/controlling-internet-infrastructure/"s HYPERLINK "http://www.newamerica.org/oti/controlling-internet-infrastructure/" legitimacy[11] in the DNS ecosystem and the authority to reopen the contract and in keeping the policy and operational functions separate meant that, NTIA could simply direct VeriSign to follow policy directives being issued from the entity replacing ICANN if they were deemed to be not complying. This worked as an effective leverage for ICANN complying to their commitments even if it is difficult to determine how this oversight was exercised. Perceptually, this has been interpreted as a broad overreach particularly, in the context of issues of sovereignty associated with ccTLDs and the gTLDs in their influence in shaping markets. However, it is important to bear in mind that the NTIA authorization comes after the operator, ICANN—has validated the request and does not deal with the substance of the request rather focuses merely on compliance with outlined procedure.

NTIA's role in the transition process

NTIA in its HYPERLINK "http://www.ntia.doc.gov/files/ntia/publications/ntia_second_quarterly_iana_report_05.07.15.pdf"Second Quarterly Report to the Congress[12] for the period of February 1-March 31, 2015 has outlined some clarifications on the process ahead. It confirmed the flexibility of extending the contract or reducing the time period for renewal, based on community decision. The report also specified that the NTIA would consider a proposal only if it has been developed in consultation with the multi-stakeholder community. The transition proposal should have broad community support and does not seek replacement of NTIA's role with a government-led or intergovernmental organization solution. Further the proposal should maintain security, stability, and resiliency of the DNS, the openness of the Internet and must meet the needs and expectations of the global customers and partners of the IANA services. NTIA will only review a comprehensive plan that includes all these elements.

Once the communities develop and ICG submits a consolidated proposal, NTIA will ensure that the proposal has been adequately “stress tested” to ensure the continued stability and security of the DNS. NTIA also added that any proposed processes or structures that have been tested to see if they work, prior to the submission—will be taken into consideration in NTIA's review. The report clarified that NTIA will review and assess the changes made or proposed to enhance ICANN’s accountability before initiating the transition.

Prior to ICANN'53, Lawrence E. Strickling Assistant Secretary for Communications and Information and NTIA Administrator HYPERLINK "http://www.ntia.doc.gov/blog/2015/stakeholder-proposals-come-together-icann-meeting-argentina"has posed some questions for consideration[13] by the communities prior to the completion of the transition plan. The issues and questions related to CCWG-Accountability draft are outlined below:

Proposed new or modified community empowerment tools—how can the CCWG ensure that the creation of new organizations or tools will not interfere with the security and stability of the DNS during and after the transition? Do these new committees and structures create a different set of accountability questions?
Proposed membership model for community empowerment—have other possible models been thoroughly examined, detailed, and documented? Has CCWG designed stress tests of the various models to address how the multistakeholder model is preserved if individual ICANN Supporting Organizations and Advisory Committees opt out?
Has CCWG developed stress tests to address the potential risk of capture and barriers to entry for new participants of the various models? Further, have stress tests been considered to address potential unintended consequences of “operationalizing” groups that to date have been advisory in nature?
Suggestions on improvements to the current Independent Review Panel (IRP) that has been criticized for its lack of accountability—how does the CCWG proposal analyze and remedy existing concerns with the IRP?
In designing a plan for improved accountability, should the CCWG consider what exactly is the role of the ICANN Board within the multistakeholder model? Should the standard for Board action be to confirm that the community has reached consensus, and if so, what accountability mechanisms are needed to ensure the Board operates in accordance with that standard?
The proposal is primarily focused on the accountability of the ICANN Board—has the CCWG considered accountability improvements that would apply to ICANN management and staff or to the various ICANN Supporting Organizations and Advisory Committees?
NTIA has also asked the CCWG to build a public record and thoroughly document how the NTIA criteria have been met and will be maintained in the future.
Has the CCWG identified and addressed issues of implementation so that the community and ICANN can implement the plan as expeditiously as possible once NTIA has reviewed and accepted it.

NTIA has also sought community’s input on timing to finalize and implement the transition plan if it were approved. The Buenos Aires meeting became a crucial point in the transtion process as following the meeting, NTIA will need to make a determination on extending its current contract with ICANN. Keeping in mind that the community and ICANN will need to implement all work items identified by the ICG and the Working Group on Accountability as prerequisites for the transition before the contract can end, the community’s input is critical.

NTIA's legal standing

On 25th February, 2015 the US Senate Committee on Commerce, Science & Transportation on 'Preserving the Multi-stakeholder Model of Internet Governance'[14] heard from NTIA head Larry Strickling, Ambassador Gross and Fadi Chehade. The hearing sought to plug any existing legal loopholes, and tighten its administrative, technical, financial, public policy, and political oversight over the entire process no matter which entity takes up the NTIA function. The most important takeaway from this Congressional hearing came from Larry Strickling’s testimony[15] who stated that NTIA has no legal or statutory responsibility to manage the DNS.

If the NTIA does not have the legal responsibility to act, and its role was temporary; on what basis is the NTIA driving the current IANA Transition process without the requisite legal authority or Congressional mandate? Historically, the NTIA oversight, effectively devised as a leverage for ICANN fulfilling its commitments have not been open to discussion. HYPERLINK "http://forum.icann.org/lists/comments-ccwg-accountability-draft-proposal-04may15/pdfnOquQlhsmM.pdf"Concerns have also been raised[16] on the lack of engagement with non-US governments, organizations and persons prior to initiating or defining the scope and conditions of the transition. Therefore, any IANA transition plan must consider this lack of consultation, develop a multi-stakeholder process as the way forward—even if the NTIA wants to approve the final transition plan.

Need to strengthen Diversity Principle

Following submissions by various stakeholders raising concerns regarding developing world participation, representation and lack of multilingualism in the transition process—the Diversity Principle was included by ICANN in the Revised Proposal of 6 June 2014. Given that representatives from developing countries as well as from stakeholder communities outside of the ICANN community are unable to productively involve themselves in such processes because of lack of multilingualism or unfamiliarity with its way of functioning merely mentioning diversity as a principle is not adequate to ensure abundant participation. As CIS has pointed out[17] before issues have been raised about the domination by North American or European entities which results in undemocratic, unrepresentative and non-transparent decision-making in such processes. Accordingly, all the discussions in the process should be translated into multiple native languages of participants in situ, so that everyone participating in the process can understand what is going on. Adequate time must be given for the discussion issues to be translated and circulated widely amongst all stakeholders of the world, before a decision is taken or a proposal is framed. This was a concern raised in the recent CCWG proposal which was extended as many communities did not have translated texts or adequate time to participate.

Representation of the global multistakeholder community in ICG

Currently, the Co-ordination Group includes representatives from ALAC, ASO, ccNSO, GNSO, gTLD registries, GAC, ICC/BASIS, IAB, IETF, ISOC, NRO, RSSAC and SSAC. Most of these representatives belong to the ICANN community, and is not representative of the global multistakeholder community including governments. This is not representative of even a multistakeholder model which the US HYPERLINK "http://cis-india.org/internet-governance/blog/iana-transition-suggestions-for-process-design"g HYPERLINK "http://cis-india.org/internet-governance/blog/iana-transition-suggestions-for-process-design"ov HYPERLINK "http://cis-india.org/internet-governance/blog/iana-transition-suggestions-for-process-design"ernment HYPERLINK "http://cis-india.org/internet-governance/blog/iana-transition-suggestions-for-process-design"has announced[18] for the transition; nor in the multistakeholder participation spirit of NETmundial. Adequate number of seats on the Committee must be granted to each stakeholder so that they can each coordinate discussions within their own communities and ensure wider and more inclusive participation.

ICANN's role in the transition process

Another issue of concern in the pre-transition process has been ICANN having been charged with facilitating this transition process. This decision calls to question the legitimacy of the process given that the suggestions from the proposals envision a more permanent role for ICANN in DNS management. As Kieren McCarthy has pointed out [19]ICANN has taken several steps to retain the balance of power in managing these functions which have seen considerable pushback from the community. These include an attempt to control the process by announcing two separate processes[20] – one looking into the IANA transition, and a second at its own accountability improvements – while insisting the two were not related. That effort was beaten down[21] after an unprecedented letter by the leaders of every one of ICANN's supporting organizations and advisory committees that said the two processes must be connected.

Next, ICANN was accused of stacking the deck[22] by purposefully excluding groups skeptical of ICANN’s efforts, and by trying to give ICANN's chairman the right to personally select the members of the group that would decide the final proposal. That was also beaten back. ICANN staff also produced a "scoping document"[23], that pre-empt any discussion of structural separation and once again community pushback forced a backtrack.[24]

These concerns garner more urgency given recent developments with the community working HYPERLINK "http://www.ietf.org/mail-archive/web/ianaplan/current/msg01680.html"groups[25] and ICANN divisive view of the long-term role of ICANN in DNS management. Further, given HYPERLINK "https://www.youtube.com/watch?v=yGwbYljtNyI#t=1164"ICANNHYPERLINK "https://www.youtube.com/watch?v=yGwbYljtNyI#t=1164" HYPERLINK "https://www.youtube.com/watch?v=yGwbYljtNyI#t=1164"President Chehade’s comments that the CWG is not doing its job[26], is populated with people who do not know anything and the “IANA process needs to be left alone as much as possible”. Fadi also specified that ICANN had begun the formal process of initiating a direct contract with VeriSign to request and authorise changes to be implemented by VeriSign. While ICANN may see itself without oversight in this relationship with VeriSign, it is imperative that proposals bear this plausible outcome in mind and put forth suggestions to counter this.

The HYPERLINK "http://www.ietf.org/mail-archive/web/ianaplan/current/msg01680.html"update from IETF on the ongoing negotiation with ICANN on their proposal[27] related to protocol parameters has also flagged that ICANN is unwilling to cede to any text which would suggest ICANN relinquishing its role in the operations of protocol parameters to a subsequent operator, should the circumstances demand this. ICANN has stated that agreeing to such text now would possibly put them in breach of their existing agreement with the NTIA. Finally, HYPERLINK "https://twitter.com/arunmsukumar/status/603952197186035712"ICANN HYPERLINK "https://twitter.com/arunmsukumar/status/603952197186035712"Board Member, Markus Kummer[28] stated that if ICANN was to not approve any aspect of the proposal this would hinder the consensus and therefore, the transition would not be able to move forward.

ICANN has been designated the convenor role by the US government on basis of its unique position as the current IANA functions contractor and the global coordinator for the DNS. However it is this unique position itself which creates a conflict of interest as in the role of contractor of IANA functions, ICANN has an interest in the outcome of the process being conducive to ICANN. In other words, there exists a potential for abuse of the process by ICANN, which may tend to steer the process towards an outcome favourable to itself.

Therefore there exists a strong rationale for defining the limitations of the role of ICANN as convenor. The community has suggested that ICANN should limit its role to merely facilitating discussions and not extend it to reviewing or commenting on emerging proposals from the process. Additional safeguards need to be put in place to avoid conflicts of interest or appearance of conflicts of interest. ICANN should further not compile comments on drafts to create a revised draft at any stage of the process. Additionally, ICANN staff must not be allowed to be a part of any group or committee which facilitates or co-ordinates the discussion regarding IANA transition.

How is the Obama Administration and the US Congress playing this?

Even as the issues of separation of ICANN's policy and administrative role remained unsettled, in the wake of the Snowden revelations, NTIA initiated the long due transition of the IANA contract oversight to a global, private, non-governmental multi-stakeholder institution on March 14, 2014. This announcement immediately raised questions from Congress on whether the transition decision was dictated by technical considerations or in response to political motives, and if the Obama Administration had the authority to commence such a transition unilaterally, without prior open stakeholder consultations. Republican HYPERLINK "http://www.reuters.com/article/2015/06/02/us-usa-internet-icann-idUSKBN0OI2IJ20150602"lawmakers have raised concerns about the IANA transition plan [29]worried that it may allow other countries to capture control.

More recently, HYPERLINK "https://www.congress.gov/bill/114th-congress/house-bill/2251"Defending Internet Freedom Act[30] has been re-introduced to US Congress. This bill seeks ICANN adopt the recommendations of three internet community groups, about the transition of power, before the US government relinquishes control of the IANA contract. The bill also seeks ownership of the .gov and .mil top-level domains be granted to US government and that ICANN submit itself to the US Freedom of Information Act (FOIA), a legislation similar to the RTI in India, so that its records and other information gain some degree of public access.It has also been asserted by ICANN that neither NTIA nor the US Congress will approve any transition plan which leaves open the possibility of non-US IANA Functions Operator in the future.

Funding of the transition

The Obama administration is also HYPERLINK "http://www.broadcastingcable.com/news/washington/house-bill-blocks-internet-naming-oversight-handoff/141393"fighting a Republican-backed Commerce, Justice, Science, and HYPERLINK "http://www.broadcastingcable.com/news/washington/house-bill-blocks-internet-naming-oversight-handoff/141393"Related Agencies Appropriations Act (H.R. 2578)[31] which seeks to block NTIA funding the IANA transition. One provision of this bill restricts NTIA from using appropriated dollars for IANA stewardship transition till the end of the fiscal year, September 30, 2015 also the base period of the contact in function. This peculiar proviso in the Omnibus spending bill actually implies that Congress believes that the IANA Transition should be delayed with proper deliberation, and not be rushed as ICANN and NTIA are inclined to.

The IANA Transition cannot take place in violation of US Federal Law that has defunded it within a stipulated time-window. At the Congressional Internet Caucus in January 2015, NTIA head Lawrence Strickling clarified that NTIA will “not use appropriated funds to terminate the IANA functions...” or “to amend the cooperative agreement with Verisign to eliminate NTIA's role in approving changes to the authoritative root zone file...”. This implicitly establishes that the IANA contract will be extended, and Strickling confirmed that there was no hard deadline for the transition.

DOTCOM Act

The Communications and Technology Subcommittee of the House Energy and Commerce Committee HYPERLINK "http://energycommerce.house.gov/markup/communications-and-technology-subcommittee-vote-dotcom-act"amended the DOTCOM Act[32], a bill which, in earlier drafts, would have halted the IANA functions transition process for up to a year pending US Congressional approval. The bill in its earlier version represented unilateral governmental interference in the multistakeholder process. The new bill reflects a much deeper understanding of, and confidence in, the significant amount of work that the global multistakeholder community has undertaken in planning both for the transition of IANA functions oversight and for the increased accountability of ICANN. The amended DOTCOM Act would call for the NTIA to certify – as a part of a proposed GAO report on the transition – that “the required changes to ICANN’s by-laws contained in the final report of ICANN’s Cross Community Working Group on Enhancing ICANN Accountability and the changes to ICANN’s bylaws required by ICANN’s IANA have been implemented.” The bill enjoys immense bipartisan support[33], and is being lauded as a prudent and necessary step for ensuring the success of the IANA transition.

[1] IANA Functions Contract <http://www.ntia.doc.gov/files/ntia/publications/sf_26_pg_1-2-final_award_and_sacs.pdf> accessed 15th June 2015

[2] Daniel Karrenberg, The Internet Domain Name System Explained For Nonexperts <http://www.internetsociety.org/sites/default/files/The%20Internet%20Domain%20Name%20System%20Explained%20for%20Non-Experts%20(ENGLISH).pdf> accessed 15 June 2015

[3] David Post and Danielle Kehl, Controlling Internet Infrastructure The “IANA Transition” And Why It Matters For The Future Of The Internet, Part I (1st edn, Open Technology Institute 2015) <https://static.newamerica.org/attachments/2964-controlling-internet-infrastructure/IANA_Paper_No_1_Final.32d31198a3da4e0d859f989306f6d480.pdf> accessed 10 June 2015.

[4] Iana.org, 'IANA — Root Files' (2015) <https://www.iana.org/domains/root/files> accessed 11 June 2015.

[5] 'NTIA's Role In Root Zone Management' (2014). <http://www.ntia.doc.gov/files/ntia/publications/ntias_role_root_zone_management_12162014.pdf> accessed 15 June 2015.

[6] Contract ( 2011) <http://www.ntia.doc.gov/files/ntia/publications/11102011_solicitation.pdf> accessed 10 June 2015.

[7] Kieren McCarthy, 'Confidential Information Exposed Over 300 Times In ICANN Security Snafu' The Register (2015) <http://www.theregister.co.uk/2015/04/30/confidential_information_exposed_over_300_times_in_icann_security_snafu/> accessed 15 June 2015.

[8] NTIA, ‘NTIA Announces Intent To Transition Key Internet Domain Name Functions’ (2014) <http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions> accessed 15 June 2015.

[9] NTIA, ‘NTIA Announces Intent To Transition Key Internet Domain Name Functions’ (2014) <http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions> accessed 15 June 2015.

[10] NTIA, ‘NTIA Announces Intent To Transition Key Internet Domain Name Functions’ (2014) <http://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions> accessed 15 June 2015.

[11] David Post and Danielle Kehl, Controlling Internet Infrastructure The “IANA Transition” And Why It Matters For The Future Of The Internet, Part I (1st edn, Open Technology Institute 2015) <https://static.newamerica.org/attachments/2964-controlling-internet-infrastructure/IANA_Paper_No_1_Final.32d31198a3da4e0d859f989306f6d480.pdf> accessed 10 June 2015.

[12] National Telecommunications and Information Administration, 'REPORT ON THE TRANSITION OF THE STEWARDSHIP OF THE INTERNET ASSIGNED NUMBERS AUTHORITY (IANA) FUNCTIONS' (NTIA 2015) <http://www.ntia.doc.gov/files/ntia/publications/ntia_second_quarterly_iana_report_05.07.15.pdf> accessed 10 July 2015.

[13] Lawrence Strickling, 'Stakeholder Proposals To Come Together At ICANN Meeting In Argentina' <http://www.ntia.doc.gov/blog/2015/stakeholder-proposals-come-together-icann-meeting-argentina> accessed 19 June 2015.

[14] Philip Corwin, 'NTIA Says Cromnibus Bars IANA Transition During Current Contract Term' <http://www.circleid.com/posts/20150127_ntia_cromnibus_bars_iana_transition_during_current_contract_term/> accessed 10 June 2015.

[15] Sophia Bekele, '"No Legal Basis For IANA Transition": A Post-Mortem Analysis Of Senate Committee Hearing' <http://www.circleid.com/posts/20150309_no_legal_basis_for_iana_transition_post_mortem_senate_hearing/> accessed 9 June 2015.

[16] Comments On The IANA Transition And ICANN Accountability Just Net Coalition (2015) <http://forum.icann.org/lists/comments-ccwg-accountability-draft-proposal-04may15/pdfnOquQlhsmM.pdf> accessed 12 June 2015.

[17] The Centre for Internet and Society, 'IANA Transition: Suggestions For Process Design' (2014) <http://cis-india.org/internet-governance/blog/iana-transition-suggestions-for-process-design> accessed 9 June 2015.

[18] The Centre for Internet and Society, 'IANA Transition: Suggestions For Process Design' (2014) <http://cis-india.org/internet-governance/blog/iana-transition-suggestions-for-process-design> accessed 9 June 2015.

[19] Kieren McCarthy, 'Let It Go, Let It Go: How Global DNS Could Survive In The Frozen Lands Outside US Control Public Comments On Revised IANA Transition Plan' The Register (2015) <http://www.theregister.co.uk/2015/05/26/iana_icann_latest/> accessed 15 June 2015.

[20] Icann.org, 'Resources - ICANN' (2014) <https://www.icann.org/resources/pages/process-next-steps-2014-08-14-en> accessed 13 June 2015.

[21] <https://www.icann.org/en/system/files/correspondence/crocker-chehade-to-soac-et-al-18sep14-en.pdf> accessed 10 June 2015.

[22] Richard Forno, '[Infowarrior] - Internet Power Grab: The Duplicity Of ICANN' (Mail-archive.com, 2015) <https://www.mail-archive.com/infowarrior@attrition.org/msg12578.html> accessed 10 June 2015.

[23] ICANN, 'Scoping Document' (2014) <https://www.icann.org/en/system/files/files/iana-transition-scoping-08apr14-en.pdf> accessed 9 June 2015.

[24] Milton Mueller, 'ICANN: Anything That Doesn’T Give IANA To Me Is Out Of Scope |' (Internetgovernance.org, 2014) <http://www.internetgovernance.org/2014/04/16/icann-anything-that-doesnt-give-iana-to-me-is-out-of-scope/> accessed 12 June 2015.

[25] Andrew Sullivan, '[Ianaplan] Update On IANA Transition & Negotiations With ICANN' (Ietf.org, 2015) <http://www.ietf.org/mail-archive/web/ianaplan/current/msg01680.html> accessed 14 June 2015.

[26] DNA Member Breakfast With Fadi Chehadé (2015-02-11) (The Domain Name Association 2015).

[27] Andrew Sullivan, '[Ianaplan] Update On IANA Transition & Negotiations With ICANN' (Ietf.org, 2015) <http://www.ietf.org/mail-archive/web/ianaplan/current/msg01680.html> accessed 14 June 2015.

[28] Mobile.twitter.com, 'Twitter' (2015) <https://mobile.twitter.com/arunmsukumar/status/603952197186035712> accessed 12 June 2015.

[29] Alina Selyukh, 'U.S. Plan To Cede Internet Domain Control On Track: ICANN Head' Reuters (2015) <http://www.reuters.com/article/2015/06/02/us-usa-internet-icann-idUSKBN0OI2IJ20150602> accessed 15 June 2015.

[30] 114th Congress, 'H.R.2251 - Defending Internet Freedom Act Of 2015' (2015).

[31] John Eggerton, 'House Bill Blocks Internet Naming Oversight Handoff: White House Opposes Legislation' Broadcasting & Cable (2015) <http://www.broadcastingcable.com/news/washington/house-bill-blocks-internet-naming-oversight-handoff/141393> accessed 9 June 2015.

[32] Communications And Technology Subcommittee Vote On The DOTCOM Act (2015).

[33] Timothy Wilt, 'DOTCOM Act Breezes Through Committee' Digital Liberty (2015) <http://www.digitalliberty.net/dotcom-act-breezes-committee-a319> accessed 22 June 2015.

For more details visit https://cis-india.org/internet-governance/blog/iana-transitition-stewardship-icann-accountability-1

Panel Discussion on Internet Intermediaries, Law and Innovation

jyoti — 2015-06-14T16:37:56Z

CII, Google and Centre For Communications Governance, NLU Delhi hosted a panel discussion on June 2 in New Delhi. Jyoti Panday attended.

The Centre for Internet & Society (CIS) participated in the panel discussion on 'Internet Intermediaries, Law and Innovation' hosted by CII, Google and Centre For Communications Governance, NLU Delhi. The panel discussed the impact of the existing provisions on intermediary liability and innovation and sought suggestions and the way forward.

The panel was moderated by Dr Subho Ray, President, IAMAI

Other panelists included:

Mr Anupam Chander, Eminent Global Lawyer & Academician
Mr Apar Gupta, Advocate
Ms Mishi Choudhary, Founding Director , Software Freedom Law Centre
Mr J Sai Deepak, Associate Partner, Litigation Team, Saikrishna & Associates

Mr Indranil Choudhury, Founder and CEO, Lexplosion

Click to download the presentation.

For more details visit https://cis-india.org/internet-governance/news/panel-discussion-on-internet-intermediaries-law-and-innovation

IANA Transition & ICANN Accountability Process and India' s Position

jyoti — 2015-08-23T09:26:06Z

Jyoti Panday participated in the workshop organized by CCAOI on "IANA Transition & ICANN Accountability Process and India' s Position" on May 30, 2015.

Dr Ajay Kumar launched the IANA Transition Report and set the context for the workshop. Dr Mahesh Uppal was the moderator of the panel and other participants included Mr Samiran Gupta, ICANN providing an overview of the current status on the transition, Mr Parminder Singh, IT for Change and Mr Rahul Sharma, DSCI sharing concerns of different stakeholders.

The panel also saw discussion on issues in the transition process that are of relevance to India and what should their position going forward including ensuring the efficiency of ICANN Functions included in the CWG draft proposal.

CIS raised issues around financial accountability and the role of ICANN in shaping markets therefore the urgent need for improving transparency and accountability measures.

The report launched at the workshop is available here.

For more details visit https://cis-india.org/internet-governance/news/iana-transition-icann-accountability-process-indian-position

DeitY says 143 URLs have been Blocked in 2015; Procedure for Blocking Content Remains Opaque and in Urgent Need of Transparency Measures

jyoti — 2015-04-30T07:37:40Z

Across India on 30 December 2014, following an order issued by the Department of Telecom (DOT), Internet Service Providers (ISPs) blocked 32 websites including Vimeo, Dailymotion, GitHub and Pastebin.

In February 2015, the Centre for Internet and Society (CIS) requested the Department of Electronics and Information Technology (DeitY) under the Right to Information Act, 2005 (RTI Act) to provide information clarifying the procedures for blocking in India. We have received a response from DeitY which may be seen here.

In this post, I shall elaborate on this response from DeitY and highlight some of the accountability and transparency measures that the procedure needs. To stress the urgency of reform, I shall also touch upon two recent developments—the response from Ministry of Communication to questions raised in Parliament on the blocking procedures and the Supreme Court (SC) judgment in Shreya Singhal v. Union of India.

Section 69A and the Blocking Rules

Section 69A of the Information Technology Act, 2008 (S69A hereinafter) grants powers to the central government to issue directions for blocking of access to any information through any computer resource. In other words, it allows the government to block any websites under certain grounds. The Government has notified rules laying down the procedure for blocking access online under the Procedure and Safeguards for Blocking for Access of Information by Public Rules, 2009 (Rules, 2009 hereinafter). CIS has produced a poster explaining the blocking procedure (download PDF, 2.037MB).

There are three key aspects of the blocking rules that need to be kept under consideration:

Officers and committees handling requests

Designated Officer (DO) – Appointed by the Central government, officer not below the rank of Joint Secretary.
Nodal Officer (NO) – Appointed by organizations including Ministries or Departments of the State governments and Union Territories and any agency of the Central Government.
Intermediary contact–Appointed by every intermediary to receive and handle blocking directions from the DO.
Committee for Examination of Request (CER) – The request along with printed sample of alleged offending information is examined by the CER—committee with the DO serving as the Chairperson and representatives from Ministry of Law and Justice; Ministry of Home Affairs; Ministry of Information and Broadcasting and representative from the Indian Computer Emergency Response Team (CERT-In). The CER is responsible for examining each blocking request and makes recommendations including revoking blocking orders to the DO, which are taken into consideration for final approval of request for blocking by the Secretary, DOT.
Review Committee (RC) – Constituted under rule 419A of the Indian Telegraph Act, 1951, the RC includes the Cabinet Secretary, Secretary to the Government of India (Legal Affairs) and Secretary (Department of Telecom). The RC is mandated to meet at least once in 2 months and record its findings and has to validate that directions issued are in compliance with S69A(1).

Provisions outlining the procedure for blocking

Rules 6, 9 and 10 create three distinct blocking procedures, which must commence within 7 days of the DO receiving the request.

a) Rule 6 lays out the first procedure, under which any person may approach the NO and request blocking, alternatively, the NO may also raise a blocking request. After the NO of the approached Ministry or Department of the State governments and Union Territories and/or any agency of the Central Government, is satisfied of the validity of the request they forward it to the DO. Requests when not sent through the NO of any organization, must be approved by Chief Secretary of the State or Union Territory or the Advisor to the Administrator of the Union Territory, before being sent to the DO.

The DO upon receiving the request places, must acknowledge receipt within 24 four hours and places the request along with printed copy of alleged information for validation by the CER. The DO also, must make reasonable efforts to identify the person or intermediary hosting the information, and having identified them issue a notice asking them to appear and submit their reply and clarifications before the committee at a specified date and time, within forty eight hours of the receipt of notice.

Foreign entities hosting the information are also informed and the CER gives it recommendations after hearing from the intermediary or the person has clarified their position and even if there is no representation by the same and after examining if the request falls within the scope outlined under S69A(1). The blocking directions are issued by the Secretary (DeitY), after the DO forwards the request and the CER recommendations. If approval is granted the DO directs the relevant intermediary or person to block the alleged information.

b) Rule 9 outlines a procedure wherein, under emergency circumstances, and after the DO has established the necessity and expediency to block alleged information submits recommendations in writing to the Secretary, DeitY. The Secretary, upon being satisfied by the justification for, and necessity of, and expediency to block information may issue an blocking directions as an interim measure and must record the reasons for doing so in writing.

Under such circumstances, the intermediary and person hosting information is not given the opportunity of a hearing. Nevertheless, the DO is required to place the request before the CER within forty eight hours of issuing of directions for interim blocking. Only upon receiving the final recommendations from the committee can the Secretary pass a final order approving the request. If the request for blocking is not approved then the interim order passed earlier is revoked, and the intermediary or identified person should be directed to unblock the information for public access.

c) Rule 10 outlines the process when an order is issued by the courts in India. The DO upon receipt of the court order for blocking of information submits it to the Secretary, DeitY and initiates action as directed by the courts.

Confidentiality clause

Rule 16 mandates confidentiality regarding all requests and actions taken thereof, which renders any requests received by the NO and the DO, recommendations made by the DO or the CER and any written reasons for blocking or revoking blocking requests outside the purview of public scrutiny. More detail on the officers and committees that enforce the blocking rules and procedure can be found here.

Response on blocking from the Ministry of Communication and Information Technology

The response to our RTI from E-Security and Cyber Law Group is timely, given the recent clarification from the Ministry of Communication and Information Technology to a number of questions, raised by parliamentarian Shri Avinash Pande in the Rajya Sabha. The questions had been raised in reference to the Emergency blocking order under IT Act, the current status of the Central Monitoring System, Data Privacy law and Net Neutrality. The Centre for Communication Governance (CCG), National Law University New Delhi have extracted a set of 6 questions and you can read the full article here.

The governments response as quoted by CCG, clarifies under rule 9—the Government has issued directions for emergency blocking of a total number of 216 URLs from 1st January, 2014 till date and that a total of 255 URLs were blocked in 2014 and no URLs has been blocked in 2015 (till 31 March 2015) under S69A through the Committee constituted under the rules therein. Further, a total of 2091 URLs and 143 URLs were blocked in order to comply with the directions of the competent courts of India in 2014 and 2015 (till 31 March 2015) respectively. The government also clarified that the CER, had recommended not to block 19 URLs in the meetings held between 1^stJanuary 2014 upto till date and so far, two orders have been issued to revoke 251 blocked URLs from 1st January 2014 till date. Besides, CERT-In received requests for blocking of objectionable content from individuals and organisations, and these were forwarded to the concerned websites for appropriate action, however the response did not specify the number of requests.

We have prepared a table explaining the information released by the government and to highlight the inconsistency in their response.

Applicable rule and procedure outlined under the Blocking Rules	Number of websites
	2014	2015	Total
Rule 6 - Blocking requests from NO and others	255	None	255
Rule 9 - Blocking under emergency circumstances	-	-	216
Rule 10 - Blocking orders from Court	2091	143	2234
Requests from individuals and orgs forwarded to CERT-In	-	-	-
Recommendations to not block by CER	-	-	19
Number of blocking requests revoked	-	-	251

In a response to an RTI filed by the Software Freedom Law Centre, DeitY said that 708 URLs were blocked in 2012, 1,349 URLs in 2013, and 2,341 URLs in 2014.

Shreya Singhal v. Union of India

In its recent judgment, the SC of India upheld the constitutionality of 69A, stating that it was a narrowly-drawn provision with adequate safeguards. The constitutional challenge on behalf of the People’s Union for Civil Liberties (PUCL) considered the manner in which the blocking is done and the arguments focused on the secrecy present in blocking.

The rules may indicate that there is a requirement to identify and contact the originator of information, though as an expert has pointed out, there is no evidence of this in practice. The court has stressed the importance of a written order so that writ petitions may be filed under Article 226 of the Constitution. In doing so, the court seems to have assumed that the originator or intermediary is informed, and therefore held the view that any procedural inconsistencies may be challenged through writ petitions. However, this recourse is rendered ineffective not only due to procedural constraints, but also because of the confidentiality clause. The opaqueness through rule 16 severely reigns in the recourse that may be given to the originator and the intermediary. While the court notes that rule 16 requiring confidentality was argued to be unconstitutional, it does not state its opinion on this question in the judgment. One expert, holds the view that this, by implication, requires that requests cannot be confidential. However, such a reading down of rule 16 is yet to be tested.

Further, Sunil Abraham has pointed out, “block orders are unevenly implemented by ISPs making it impossible for anyone to independently monitor and reach a conclusion whether an internet resource is inaccessible as a result of a S69A block order or due to a network anomaly.” As there are no comprehensive list of blocked websites or of the legal orders through which they are blocked exists, the public has to rely on media reports and filing RTI requests to understand the censorship regime in India. CIS has previously analysed the leaked block lists and lists received as responses to RTI requests which have revealed that the block orders are full of errors and blocking of entire platforms and not just specific links has taken place.

While the state has the power of blocking content, doing so in secrecy and without judical scrutiny, mark deficiencies that remain in the procedure outlined under the provisions of the blocking rules . The Court could read down rule 16 except for a really narrow set of exceptions, and in not doing so, perhaps has overlooked the opportunities for reform in the existing system. The blocking of 32 websites, is an example of the opaqueness of the system of blocking orders, and where the safeguards assumed by the SC are often not observed such as there being no access to the recommendations that were made by the CER, or towards the revocation of the blocking orders subsequently. CIS filed the RTI to try and understand the grounds for blocking and related procedures and the response has thrown up some issues that must need urgent attention.

Response to RTI filed by CIS

Our first question sought clarification on the websites blocked on 30^thDecember 2014 and the response received from DeitY, E-Security and Cyber Law Group reveals that the websites had been blocked as “they were being used to post information related to ISIS using the resources provided by these websites”. The response also clarifies that the directions to block were issued on 18-12-2014 and as of 09-01-2015, after obtaining an undertaking from website owners, stating their compliance with the Government and Indian laws, the sites were unblocked.

It is not clear if ATS, Mumbai had been intercepting communication or if someone reported these websites. If the ATS was indeed intercepting communication, then as per the rules, the RC should be informed and their recommendations sought. It is unclear, if this was the case and the response evokes the confidentiality clause under rule 16 for not divulging further details. Based on our reading of the rules, court orders should be accessible to the public and without copies of requests and complaints received and knowledge of which organization raised them, there can be no appeal or recourse available to the intermediary or even the general public.

We also asked for a list of all requests for blocking of information that had been received by the DO between January 2013 and January 2015, including the copies of all files that had accepted or rejected. We also specifically, asked for a list of requests under rule 9. The response from DeitY stated that since January 1, 2015 to March 31, 2015 directions to block 143 URLs had been issued based on court orders. The response completely overlooks our request for information, covering the 2 year time period. It also does not cover all types of blocking orders under rule 6 and rule 9, nor the requests that are forwarded to CERT-In, as we have gauged from the ministry's response to the Parliament. Contrary to the SC's assumption of contacting the orginator of information, it is also clear from DeitY's response that only the websites had been contacted and the letter states that the “websites replied only after blocking of objectionable content”.

Further, seeking clarification on the functioning of the CER, we asked for the recent composition of members and the dates and copies of the minutes of all meetings including copies of the recommendations made by them. The response merely quotes rule 7 as the reference for the composition and does not provide any names or other details. We ascertain that as per the DeitY website Shri B.J. Srinath, Scientist-G/GC is the appointed Designated Officer, however this needs confirmation. While we are already aware of the structure of the CER which representatives and appointed public officers are guiding the examination of requests remains unclear. Presently, there are 3 Joint Secretaries appointed under the Ministry of Law and Justice, the Home Ministry has appointed 19, while 3 are appointed under the Ministry of Information and Broadcasting. Further, it is not clear which grade of scientist would be appointed to this committee from CERT-In as the rules do not specify this. While the government has clarified in their answer to Parliament that the committee had recommended not to block 19 URLs in the meetings held between 1st January 2014 to till date, it is remains unclear who is taking these decisions to block and revoke blocked URLs. The response from DeitY specifies that the CER has met six times between 2014 and March 2015, however stops short on sharing any further information or copies of files on complaints and recommendations of the CER, citing rule 16.

Finally, answering our question on the composition of the RC the letter merely highlights the provision providing for the composition under 419A of the Indian Telegraph Rules, 1951. The response clarifies that so far, the RC has met once on 7th December, 2013 under the Chairmanship of the Cabinet Secretary, Department of Legal Affaits and Secretary, DOT. Our request for minutes of meetings and copies of orders and findings of the RC is denied by simply stating that “minutes are not available”. Under 419A, any directions for interception of any message or class of messages under sub-section (2) of Section 5 of the Indian Telegraph Act, 1885 issued by the competent authority shall contain reasons for such direction and a copy of such order shall be forwarded to the concerned RC within a period of seven working days. Given that the RC has met just once since 2013, it is unclear if the RC is not functioning or if the interception of messages is being guided through other procedures. Further, we do not yet know details or have any records of revocation orders or notices sent to intermediary contacts. This restricts the citizens’ right to receive information and DeitY should work to make these available for the public.

Given the response to our RTI, the Ministry's response to Parliament and the SC judgment we recommend the following steps be taken by the DeitY to ensure that we create a procedure that is just, accountable and follows the rule of law.

The revocation of rule 16 needs urgent clarification for two reasons:

Under Section 22 of the RTI Act provisions thereof, override all conflicting provisions in any other legislation.
In upholding the constitutionality of S69A the SC cites the requirement of reasons behind blocking orders to be recorded in writing, so that they may be challenged by means of writ petitions filed under A rticle 226 of the Constitution of India.

If the blocking orders or the meetings of the CER and RC that consider the reasons in the orders are to remain shrouded in secrecy and unavailable through RTI requests, filing writ petitions challenging these decisions will not be possible, rendering this very important safeguard for the protection of online free speech and expression infructuous. In summation, the need for comprehensive legislative reform remains in the blocking procedures and the government should act to address the pressing need for transparency and accountability. Not only does opacity curtial the strengths of democracy it also impedes good governance. We have filed an RTI seeking a comprehensive account of the blocking procedure, functioning of committees from 2009-2015 and we shall publish any information that we may receive.

For more details visit https://cis-india.org/internet-governance/blog/deity-says-143-urls-blocked-in-2015

The Supreme Court Judgment in Shreya Singhal and What It Does for Intermediary Liability in India?

jyoti — 2015-04-17T23:59:34Z

Even as free speech advocates and users celebrate the Supreme Court of India's landmark judgment striking down Section 66A of the Information Technology Act of 2000, news that the Central government has begun work on drafting a new provision to replace the said section of the Act has been trickling in.

The SC judgement in upholding the constitutionality of Section 69A (procedure for blocking websites) and in reading down Section 79 (exemption from liability of intermediaries) of the IT Act, raises crucial questions regarding transparency, accountability and under what circumstances may reasonable restrictions be placed on free speech on the Internet. While discussions and analysis of S. 66A continue, in this post I will focus on the aspect of the judgment related to intermediary liability that could benefit from further clarification from the apex court and in doing so, will briefly touch upon S. 69A and secret blocking.

Conditions qualifying intermediary for exemption and obligations not related to exemption

The intermediary liability regime in India is defined under S. 79 and assosciated rules that were introduced to protect intermediaries for liability from user generated content and ensure the Internet continues to evolve as a “marketplace of ideas”. But as intermediaries may not have sufficient legal competence or resources to deliberate on the legality of an expression, they may end up erring on the side of caution and takedown lawful expression. As a study by Centre for Internet and Society (CIS) in 2012 revealed, the criteria, procedure and safeguards for administration of the takedowns as prescribed by the rules lead to a chilling effect on online free expression.

S. 69A grants powers to the Central Government to “issue directions for blocking of public access to any information through any computer resource”. The 2009 rules allow the blocking of websites by a court order, and sets in place a review committee to review the decision to block websites as also establishes penalties for the intermediary that fails to extend cooperation in this respect.

There are two key aspects of both these provisions that must be noted:

a) S. 79 is an exemption provision that qualifies the intermediary for conditional immunity, as long as they fulfil the conditions of the section. The judgement notes this distinction, adding that “being an exemption provision, it is closely related to provisions which provide for offences including S. 69A.”

b) S. 69A does not contribute to immunity for the intermediary rather places additional obligations on the intermediary and as the judgement notes “intermediary who finally fails to comply with the directions issued who is punishable under sub-section (3) of 69A.” The provision though outside of the conditional immunity liability regime enacted through S. 79 contributes to the restriction of access to, or removing content online by placing liability on intermediaries to block unlawful third party content or information that is being generated, transmitted, received, stored or hosted by them. Therefore restriction requests must fall within the contours outlined in Article 19(2) and include principles of natural justice and elements of due process.

Subjective Determination of Knowledge

The provisions for exemption laid down in S. 79 do not apply when they receive “actual knowledge” of illegal content under section 79(3)(b). Prior to the court's verdict actual knowledge could have been interpreted to mean the intermediary is called upon its own judgement under sub-rule (4) to restrict impugned content in order to seek exemption from liability. Removing the need for intermediaries to take on an adjudicatory role and deciding on which content to restrict or takedown, the SC has read down “actual knowledge” to mean that there has to be a court order directing the intermediary to expeditiously remove or disable access to content online. The court also read down “upon obtaining knowledge by itself” and “brought to actual knowledge” under Rule 3(4) in the same manner as 79(3)(b).

Under S.79(3)(b) the intermediary must comply with the orders from the executive in order to qualify for immunity. Further, S. 79 (3)(b) goes beyond the specific categories of restriction identified in Article 19(2) by including the term “unlawful acts” and places the executive in an adjudicatory role of determining the illegality of content. The government cannot emulate private regulation as it is bound by the Constitution and the court addresses this issue by applying the limitation of 19(2) on unlawful acts, “the court order and/or the notification by the appropriate government or its agency must strictly conform to the subject matters aid down in Article 19(2).”

By reading down of S. 79 (3) (b) the court has addressed the issue of intermediaries complying with takedown requests from non-government entities and has made government notifications and court orders to be consistent with reasonable restrictions in Article 19(2). This is an important clarification from the court, because this places limits on the private censorship of intermediaries and the invisible censorship of opaque government takedown requests as they must and should adhere, to the boundaries set by Article 19(2).

Procedural Safeguards

The SC does not touch upon other parts of the rules and in not doing so, has left significant procedural issues open for debate. It is relevant to bear in mind and as established above, S. 69A blocking and restriction requirements for the intermediary are part of their additional obligations and do not qualify them for immunity. The court ruled in favour of upholding S. 69A as constitutional on the basis that blocking orders are issued when the executive has sufficiently established that it is absolutely necessary to do so, and that the necessity is relatable to only some subjects set out in Article 19(2). Further the court notes that reasons for the blocking orders must be recorded in writing so that they may be challenged through writ petitions. The court also goes on to specify that under S. 69A the intermediary and the 'originator' if identified, have the right to be heard before the committee decides to issue the blocking order.

Under S. 79 the intermediary must also comply with government restriction orders and the procedure for notice and takedown is not sufficiently transparent and lacks procedural safeguards that have been included in the notice and takedown procedures under S. 69. For example, there is no requirement for committee to evaluate the necessity of issuing the restriction order, though the ruling does clarify that these restriction notices must be within the confines of Article 19(2). The judgement could have gone further to directing the government to state their entire cause of action and provide reasonable level of proof (prima facie). It should have also addressed issues such as the government using extra-judicial measures to restrict content including collateral pressures to force changes in terms of service, to promote or enforce so-called "voluntary" practices.

Accountability

The judgement could also have delved deeper into issues of accountability such as the need to consider 'udi alteram partem' by providing the owner of the information or the intermediary a hearing prior to issuing the restriction or blocking order nor is an post-facto review or appeal mechanism made available except for the recourse of writ petition. Procedural uncertainty around wrongly restricted content remains, including what limitations should be placed on the length, duration and geographical scope of the restriction. The court also does not address the issue of providing a recourse for the third party provider of information to have the removed information restored or put-back remains unclear. Relatedly, the court also does not clarify the concerns related to frivolous requests by establishing penalties nor is there a codified recourse under the rules presently, for the intermediary to claim damages even if it can be established that the takedown process is being abused.

Transparency

The bench in para 113 in addressing S. 79 notes that the intermediary in addition to publishing rules and regulations, privacy policy and user agreement for access or usage of their service has to also inform users of the due diligence requirements including content restriction policy under rule 3(2). However, the court ought to have noted the differentiation between different categories of intermediaries which may require different terms of use. Rather than stressing a standard terms of use as a procedural safeguard, the court should have insisted on establishing terms of use and content restriction obligations that is proportional to the role of the intermediary and based on the liability accrued in providing the service, including the impact of the restriction by the intermediary both on access and free speech. By placing requirement of disclosure or transparency on the intermediary including what has been restricted under the intermediary's own terms of service, the judgment could have gone a step further than merely informing users of their rights in using the service as it stands presently, to ensuring that users can review and have knowledge of what information has been restricted and why. The judgment also does not touch upon broader issues of intermediary liability such as proactive filtering sought by government and private parties, an important consideration given the recent developments around the right to be forgotten in Europe and around issues of defamation and pornography in India.

The judgment, while a welcome one in the direction of ensuring the Internet remains a democratic space where free speech thrives, could benefit from the application of the recently launched Manila principles developed by CIS and others. The Manila Principles is a framework of baseline safeguards and best practices that should be considered by policymakers and intermediaries when developing, adopting, and reviewing legislation, policies and practices that govern the liability of intermediaries for third-party content.

The court's ruling is truly worth celebrating, in terms of the tone it sets on how we think of free speech and the contours of censorship that exist in the digital space. But the real impact of this judgment lies in the debates and discussions which it will throw open about content removal practices that involve intermediaries making determinations on requests received, or those which only respond to the interests of the party requesting removal. As the Manila Principles highlight a balance between public and private interests can be obtained through a mechanism where power is distributed between the parties involved, and where an impartial, independent, and accountable oversight mechanism exists.

For more details visit https://cis-india.org/internet-governance/blog/sc-judgment-in-shreya-singhal-what-it-means-for-intermediary-liability

Freedom of Expression in a Digital Age: Effective Research, Policy Formation & the Development of Regulatory Frameworks in South Asia

jyoti — 2015-04-12T03:53:04Z

The Centre for Internet & Society cordially invites you to a panel discussion on Freedom of Expression in a Digital Age. The event organized by Center for Global Communication Studies at the Annenberg School for Communication at the University of Pennsylvania, Observer Research Foundation and the Centre for Internet and Society will be held at Observer Research Foundation on April 21, 2015 from 11.00 a.m. to 6.00 p.m.

The discussion will highlight the challenges in promoting and strengthening online freedom of expression and evaluating the application of existing regulatory frameworks in South Asia. Click to view the invite.

International Frameworks and Freedom of Expression

Freedom of expression-an important fundamental right in itself, is also critical for defending and upholding other freedoms and rights. We exercise this right in our day-to-day lives, through the exchange of ideas, opinions and information. Understanding the means and structures of communication, and the regulation of environments that facilitate such exchange therefore become crucial for those seeking to realize freedom of expression.

Freedom of expression is enshrined in Article 19 of both theUniversal Declaration of Human Rights (UDHR) and the International Covenant on Civil and Political Rights (ICCPR). The UDHR holds that " everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers" . The ICCPR holds that, " everyone shall have the right to freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art, or through any other media of his choice".

Freedom of expression has also been enshrined in regional conventions and charters, for example the European Convention for the Protection of Human Rights and Fundamental Freedoms, the American Convention on Human Rights4, and the African Charter on Human and Peoples' Rights ("Banjul Charter") .

The former UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, highlighted in his 2013 report report that these frameworks are applicable to actions that take place online.6 While there may be no disagreements on freedom of expression as a legal right, it is important to bear in mind that it is not a non-derogable right, and may therefore be limited subject to safeguards indicated, for example, in Article 19(3) of the ICCPR.

While there may be limitations are placed on the exercise of freedom of expression, there is limited clarity on when and how freedom of expression can be legitimately circumscribed. There have been attempts by civil society groups to articulate more clearly the specific conditions when freedom of expression may be derogated, most notably the Siracusa Principles on the Limitation and Derogation Provisions in the International Covenant on Civil and Political Rights ("Siracusa Principles" ), and the Johannesburg Principles on National Security, Freedom of Expression and Access to Information ("Johannesburg Principles").

Freedom of Expression and Communications

Over the years, the norms and standards required for freedom of expression in the traditional media world have received much attention. When regulating communication, some restrictions upon freedom of expression have been regarded necessary and are enforceable by national or international courts. Such restrictions have been defined in international human rights laws and cover issues such as defamation, incitement to violence and hate speech. While these restrictions are not affected by the introduction of new means of communication, the proliferation of digital communications does warrant the recognition that there are new forms of censorship, unsettled questions of jurisdiction, and the need to develop new norms and standards that can keep pace with the myriad forms of expression and information sharing.

Communication in the digital age has led to the evolution of the Internet as a medium that has revolutionised largely local capacity for communication into a worldwide phenomenon that encompasses everything from personal one-to-one emails, social networks and reaching out to large audiences globally. The proliferation of digital technologies has not only fostered unprecedented access to information; the very environment stands transformed by the introduction of new kinds of information from voice, sound, image, text and code, that are accessible on a range of devices and across several types of technologies.

These networks and services democratized communication by lowering barriers to access and creating new space for publishing and peer-to-peer collaboration. Bypassing traditional gatekeepers of other forms of media, users can take on the role of writers, broadcasters or publishers on the Internet thus creating limitless possibilities for producing, sharing and exchanging all kinds of content. From this view, the Internet has sprung up as a globally accessible means of communication that is free from traditional restraints on free speech and expression. However, there are other unintended consequences that the Internet has had on both forms of power and control in the regulation of content, as online content has become increasingly contested, enclosed in a nationalized sphere challenging the free flow of information and freedom of expression.

Freedom of Expression in South Asia

As a network of networks, the internet has no overarching jurisdiction and with no single entity governing the totality of the internet, there exists a jurisdictional vacuum over content on the web. Further, there are no means of regulating content internationally or even a broad consensus on the norms that should be applied for restricting freedom of expression either on traditional or modern media. This has led to adverse consequences such as states adopting arbitrary actions and standards or companies exercising private censorship with content online.

South Asia has an important role in global development, with its share of the world's largest working-age population, a quarter of the world's middle-class consumers, the largest number of poor and undernourished in the world, and several fragile states of global geopolitical importance. With inclusive growth, South Asia has the potential to change the global order and communications and technology continue to play a critical role in realising the region's potential. Unfortunately, the history of colonial rule, authoritarian governments and a turbulent geo-political landscape have resulted in a tendency to over-regulate speech. Governments have construed the advent of the Internet as a challenge to their authority and their anxiousness to restrict use of the medium by citizens has resulted in often regressive and sometimes draconian laws such as Myanmar's Electronic Transactions Law, India's IT Act and Pakistan's Prevention of Electronic Crimes Act.

As the Internet expands and provides greater access, it also places censorship and surveillance capacities in the hands of states and corporations. It is therefore crucial that there exist strong protections of the right to freedom of expression that balance state powers and citizen rights. While the Internet has thrown up its own set of challenges such as hate speech, the verbal online abuse of women and the use of the Internet to spread rumours of violence, the regulation of content is a question that is far from being settled and needs our urgent attention. What role can and should the law play? When is it justified for the government to intervene? What can be expected from intermediaries, such as social networks and ISPs? And what can users do to protect the right to free speech - their own and that of others?

Balancing freedom of expression with other rights is further complicated by the challenges of fast paced and changing regulatory environment. By highlighting these challenges and questioning the application of existing frameworks we aim to contribute to further promoting and strengthening the right to freedom of expression, in India and beyond.

Introduction to panel and conference:

This is the context in which the Centre for Internet and Society, the Observer Research Foundation, the University of Pennsylvania's Internet Policy Observatory, and the Programme for Comparative Media Law and Policy at Oxford University are coming together to organise an event under the title 'Freedom of Expression in a Digital Age'. The event is a discussion and deliberation on 'Effective Research, Policy Formation, & the Development of Regulatory Frameworks in South Asia', aimed at bringing together policymakers, researchers, experts and civil society in discussing some of the most crucial issues in this space. The event would seek to look at past experiences, look at current realities and look ahead to how things could be made better in the South Asian context. The program agenda includes

Freedom of Expression in a Digital Age' Effective Research, Policy Formation, & the Development of Regulatory Frameworks in South Asia
Program Agenda and Article Submission Tracks
Learnings from the past		Current Realities		Looking ahead
11:00 - 1:00	1:00 - 2:00	2:00 - 4:00	4:00- 4:15	4:15-6:00
Welcome and Introductions		Welcome and Introductions		Welcome and Introductions
Overview of existing policies and regulatory models and their impact on FoEx online including the implementation of these models across South Asia	Lunch	How FoEx is being enabled online in different jurisdications and sectors of society across South Asia	Coffee break	Challenges associated with formulating a standard, harmonized, and adaptable regulation that is applicable to multiple digital platforms, both at the national and international level and possible solutions
FoEx as defined in jurisdictions across South Asia and as compared to international standards		Ways in which FoEx is, or may be, curtailed online		Ways forward to bridge existing gaps between policy formation and policy implementation with respect to FOEX online
Emerging technologies, markets, services and platforms and how they have shaped FoEx across South Asia		Online FoEx and the present need to balance it against other digital rights in jurisdictions across South Asia		Exploration of emerging regulatory questions such as whether online speech should be regulated in the same manner as offline speech or, if there are there are particular forms of online speech that are difficult to regulate such as defamation, hate speech, if there are effective models of remedy for violation of FOEX online
Impact of challenges on FoEx online such as barriers of entry, access, accessibility, cost, liability, policies and enforcement mechanisms differing across platforms across South Asia		The impact of jurisdiction, multi-national platforms, and domestic regulation on FOEX online		Ways in which civil society can impact and influence the development and implementation of Internet regulation
Research techniques that have been applied to the issue and have been effective in different political contexts across South Asia		Role and responsibility of intermediaries in regulating online speech as per governmental standards via content policies, terms of service, and other practices across South Asia		Exploration of the future role and interplay of technology and policy in enabling FOEX online
Q&A		Q&A		Q&A

About the Organisers

The Center for Global Communication Studies at the Annenberg School for Communication at the University of Pennsylvania-has created the Internet Policy Observatory (IPO) to research the dynamic technological and political contexts in which these Internet governance debates take place. The IPO serves as a platform for informing relevant communities of activists, academics, and policy makers, and for displaying collected data and analysis. The Observatory encourages and sponsors research and studies ongoing events, key decisions and proposals, on Internet policy. The IPO seeks to deepen understanding of the evolution of mechanisms and processes that affect domestic Internet policies in key jurisdictions and the legal, political, economic, international and social factors that influence the implementation, or non-implementation, of such policies.The IPO also seeks to understand the relationship between national efforts and international policy formations and the role of civil society in domestic Internet policy processes and control.

The Centre for Internet and Society (CIS)-is a non-profit research organization working to explore, understand and affect the shape and form of the Internet and its relationship with the political, cultural, and social milieu of our times. CIS' multidisciplinary research, intervention and collaboration engages with policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, openness (including open government data, free/open source software, open standards, open access to scholarly literature, open educational resources, and open video). CIS also engages in academic research on digital natives and digital humanities.

The Observer Research Foundation (ORF)- is India's premier independent public policy think tank and is engaged in developing and discussing policy alternatives on a wide range of issues of national and international significance. The fundamental objective of ORF is to influence the formulation of policies for building a strong and prosperous India in a globalised world. It hosts India's largest annual cyber conference - CyFy: the India Conference on Cyber Security and Internet Governance.

For more details visit https://cis-india.org/internet-governance/events/freedom-of-expression-in-digital-age

Centre for Internet and Society joins the Dynamic Coalition for Platform Responsibility

jyoti — 2014-10-07T10:54:03Z

The Centre for Internet and Society (CIS) has joined the multistakeholder cooperative engagement amidst stakeholders towards creating Due Diligence Recommendations for online platforms and Model Contractual Provisions to be enshrined in ToS. This blog provides a brief background of the role of dynamic coalitions within the IGF structure, establishes the need for the coalition and provides an update on the action plan and next steps for interested stakeholders.

"Identify emerging issues, bring them to the attention of the relevant bodies and the general public, and, where appropriate, make recommendations."
Tunis Agenda (Para 72.g)

The first United Nations Internet Governance Forum (IGF), in 2006 saw the emergence of the concept of Dynamic Coalition and a number of coalitions have been established over the years. The IGF is structured to bring together multistakeholder groups to,

"Discuss public policy issues related to key elements of Internet governance in order to foster the sustainability, robustness, security, stability and development of the Internet."
Tunis Agenda (Para 72.a)

While IGF workshops allow various stakeholders to jointly analyse "hot topics" or to examine progress that such issues have undertaken since the previous IGF, dynamic coalitions are informal, issue-specific groups comprising members of various stakeholder groups. With no strictures upon the objects, structure or processes of dynamic coalitions claiming association with the IGF, and no formal institutional affiliation, nor any access to the resources of the IGF Secretariat, IGF Dynamic Coalitions allow collaboration of anyone interested in contributing to their discussions. Currently, there are eleven active dynamic coalitions at the IGF and can be divided into three distinct types—networks, working groups and Birds of Feather (BOFs).

Workshops at the IGF are content specific events that, though valuable in informing participants, are limited in their impact by being confined to the launch of a report or by the issues raised within the conference room. The coalitions on the other hand are expected to have a broader function, acting as a coalescing point for interested stakeholders to gather and analyse progress around identified issues and plan next steps. The coalitions can also make recommendations around issues, however, no mechanism has been developed so far, by which the recommendations can be considered by the plenary body. The long-term nature of coalition is perhaps, most suited to engage stakeholders in heterogeneous groups, towards understanding and cooperating around emerging issues and to make recommendations to inform policy making.

Platform Responsibility

Social networks and other interactive online services, give rise to 'cyber-spaces' where individuals gather, express their personalities and exchange information and ideas. The transnational and private nature of such platforms means that they are regulated through contractual provisions enshrined in the platforms' Terms of Service (ToS). The provisions delineated in the ToS not only extend to users in spite of their geographical location, the private decisions undertaken by platform providers in implementing the ToS are not subject to constitutional guarantees framed under national jurisdictions.

While ToS serve as binding agreement online, an absence of binding international rules in this area despite the universal nature of human rights represented is a real challenge, and makes it necessary to engage in a multistakeholder effort to produce model contractual provisions that can be incorporated in ToS. The concept of 'platform responsibility' aims to stimulate behaviour in platform providers to provide intelligible and solid mechanisms, in line with the principles laid out by the UN Guiding Principles on Business and Human Rights and equip platform users with common and easy-to-grasp tools to guarantee the full enjoyment of their human rights online. The utilisation of model contractual provisions in ToS may prove instrumental in fostering trust in online services for content production, use and dissemination, increasing demand of services and ultimately consumer demand may drive the market towards human rights compliant solutions.

The Dynamic Coalition on Platform Responsibility

To nurture a multi-stakeholder endeavour aimed at the elaboration of model contractual-provisions, Mr. Luca Belli, Council of Europe / Université Paris II, Ms Primavera De Filippi, CNRS / Berkman Center for Internet and Society and Mr Nicolo Zingales, Tilburg University / Center for Technology and Society Rio, initiated and facilitated the creation of the Dynamic Coalition on Platform Responsibility (DCPR). DCPR has over fifty individual and organisational members from civil society organisations, academia, private sector organisations and intergovernmental organisations and held its first meeting at the IGF in Istanbul. The meeting began with an overview of the concept of platform responsibility, highlighting relevant initiatives from Council of Europe, Global Network Initiative, Ranking Digital Rights and the Center for Democracy and Technology have undertaken in this regard. Existing issues such as difficulty in comprehension and lack of standardization of redress across rights were raised along with the fundamental lack of due process in terms of transparency across existing mechanisms.

Online platforms compliance to human rights is often framed around the duty of States to protect human rights and often, Internet companies do not sufficient consideration of the effects of their business practices on users fundamental rights undermining trust.

The meeting focused it efforts with a call to identify issues of process and substance and specific rights and challenges to be addressed by the DCPR. The procedural issues raised concerned 'responsibility' in decision-making e.g., giving users the right to be heard and an effective remedy before an impartial decision-making body, and obtaining their consent for changes in the contractual terms. The concerns raised around substantive rights such as privacy and freedom of expression eg., disclosure of personal information and content removal and need to promote 'responsibility' through establishing concrete mechanisms to deal with such issues.

It was suggested that concept of responsibility including in case of conflict between different rights could be grounded in Human Rights case law eg., from European Court of Human Rights jurisprudence. It was also established that any framework that would evolve from this coalition would consider the distinction between users (eg., adults, children, and people with or without continuous access to the Internet) and platforms (eg., in terms of size and functionality).

Action Plan

The participants at the DCPR meeting agreed to establish a multistakeholder cooperative engagement amidst stakeholders that will go beyond dialogue and produce concrete proposals. Particularly, participants suggested developing:

Due Diligence Recommendations: Recommendations to online platforms with regard to processes of compliance with internationally agreed human rights standards.
Model Contractual Provisions: Elaboration of a set of principles and provisions protecting platform users’ rights and guaranteeing transparent mechanisms to seek redress in case of violations.

DCPR will ground the development of these frameworks in the preliminary step of compilation of existing projects and initiatives dealing with the analysis of ToS compatibility with human rights standards. Members, participants and interested stakeholders are invited to highlight and share relevant initiatives by 10th October regarding:

Processes of due diligence for human rights compliance;
The evaluation of ToS cocompliance with human rights standards;

Further to this compilation, a first recommendation draft regarding online platforms' due diligence will be circulated on the mailing list by 30th October 2014. CIS will be contributing to the drafting which will be led and elaborated by the DCPR coordinators. This draft will be open for comments via the DCPR mailing list until 30th November 2014 and we encourage you to sign up to the mailing list (http://lists.platformresponsibility.info/listinfo/dcpr).

A second draft will be developed compiling the comments expressed via the mailing-list and shared for comments by 10 December 2014. The final version of the recommendation will be drafted by 30 December. Subsequently, the first set of model contractual provisions will be elaborated building upon such recommendation. A call for inputs will be issued in order to gather suggestions on the content of these provisions.

For more details visit https://cis-india.org/internet-governance/blog/cis-joins-dynamic-coalition-for-platform-responsibility