Centre for Internet and Society

CIS's Closing Statement at Marrakesh on the Treaty for the Blind

pranesh — 2013-07-03T12:01:25Z

Pranesh Prakash read out an abridged version of this statement as his closing remarks in Marrakesh, where the WIPO Treaty for the Blind (the "Marrakesh Treaty") has been successfully concluded. The Marrakesh Treaty aims to facilitate access to published works by blind persons, persons with visual impairment, and other print disabled persons, by requiring mandatory exceptions in copyright law to enable conversions of books into accessible formats, and by enabling cross-border transfer of accessible format books.

Thank you, Mr. President.

I am truly humbled to be here today representing the Centre for Internet and Society, an Indian civil society organization. If I may assume the privilege of speaking on behalf of my blind colleagues at CIS who led much of our work on this treaty, and the many blindness organizations we have been working with over the past five years who haven't the means of being here today, I would like to thank you and all the delegates here for this important achievement. And especially, I would like to thank the World Blind Union and Knowledge Ecology International who renewed focus on this issue more than 2 decades after WIPO and UNESCO first called attention to this problem and created a "Working Group on Access by the Visually and Auditory Handicapped to Material Reproducing Works Produced by Copyright".

While doing so, I would like to remember my friend Rahul Cherian — a young, physically impaired lawyer from India — who co-founded Inclusive Planet, was a fellow with the Centre for Internet and Society, and was a legal adviser to the World Blind Union. He worked hard on this treaty for many years, but very unfortunately did not live long enough to see it becoming a reality. His presence here is missed, but I would like to think that by concluding this treaty, all the distinguished delegations here managed to honour his memory and work.

I am grateful to all the distinguished delegations here for successfully concluding a reasonably workable treaty, but especially those — such as Brazil, India, Ecuador, Nigeria, Uruguay, Egypt, South Africa, Switzerland, and numerous others — who realized they were negotiating with blind people's lives, and regarded this treaty as a means of ensuring basic human rights and dignity of the visually impaired and the print disabled, instead of regarding it merely as "copyright flexibility" to be first denied and then grudgingly conceded. The current imbalance in terms of global royalty flows and in terms of the bargaining strength of richer countries within WIPO — many of who strongly opposed the access this treaty seeks to facilitate right till the very end — is for me a stark reminder of colonialism, and I see the conclusion of this treaty as a tiny victory against it.

It is historic that today WIPO and its members have collectively recognized in a treaty that copyright isn't just an "engine of free expression" but can pose a significant barrier to access to knowledge. Today we recognize that blind writers are currently curtailed more by copyright law than protected by it. Today we recognize that copyright not only may be curtailed in some circumstances, but that it must be curtailed in some circumstances, even beyond the few that have been listed in the Berne Convention. One of the original framers of the Berne Convention, Swiss jurist and president, Numa Droz, recognized this in 1884 when he emphasized that "limits to absolute protection are rightly set by the public interest". And as Debabrata Saha, India's delegate to WIPO during the adoption of the WIPO Development Agenda noted, "intellectual property rights have to be viewed not as a self contained and distinct domain, but rather as an effective policy instrument for wide ranging socio-economic and technological development. The primary objective of this instrument is to maximize public welfare."

When copyright doesn't serve public welfare, states must intervene, and the law must change to promote human rights, the freedom of expression and to receive and impart information, and to protect authors and consumers. Importantly, markets alone cannot be relied upon to achieve a just allocation of informational resources, as we have seen clearly from the book famine that the blind are experiencing. Marrakesh was the city in which, as Debabrata Saha noted, "the damage [of] TRIPS [was] wrought on developing countries". Now it has redeemed itself through this treaty.

This treaty is an important step in recognizing that exceptions and limitations are as important a part of the international copyright acquis as the granting of rights to copyright holders. This is an important step towards fulfilling the WIPO Development Agenda. This is an important step towards fulfilling the UN Convention on the Rights of Persons with Disabilities. This is an important step towards fulfilling Article 27 of the Universal Declaration of Human Rights, Article 15 of the International Covenant on Economic Social and Cultural Rights and Article 30 of the UN Convention on Persons with Disabilities, all of which affirm the right of everyone — including the differently-abled — to take part in cultural life of the community.

While this treaty is an important part of overcoming the book famine that the blind have faced, the fact remains that there is far more that needs to be done to bridge the access gap faced by persons with disabilities, including the print disabled.

We need to ensure that globally we tackle societal and economic discrimination against the print disabled, as does the important issue of their education. This treaty is a small but important cog in a much larger wheel through which we hope to achieve justice and equity. And finally, blind people can stop being forced to wear an eye-patch and being pirates to get access to the right to read.

I also thank the WIPO Secretariat, Director General Francis Gurry, Ambassador Trevor Clark, Michelle Woods, and the WIPO staff for pushing transparency and inclusiveness of civil society organizations in these deliberations, in stark contrast to the way many bilateral and plurilateral treaties such as Anti-Counterfeiting Trade Agreement, the India-EU Free Trade Agreement, and the Trans-Pacific Partnership Agreement have been, and are being, conducted. I hope we see even more transparency, and especially non-governmental participation in this area in the future.

I call upon all countries, and especially book-exporting countries like the USA, UK, France, Portugal, and Spain to ratify this treaty immediately, and would encourage various rightholders organizations, and the MPAA who have in the past campaigned against this treaty and now welcome this treaty, to show their support for it by publicly working to get all countries to ratify this treaty and letting us all know about it.

I congratulate you all for the "Miracle of Marrakesh", which shows, as my late colleague Rahul Cherian said, "when people are demanding their basic rights, no power in the world is strong enough to stop them getting what they want".

For more details visit https://cis-india.org/a2k/blogs/cis-closing-statement-marrakesh-treaty-for-the-blind

Primer on the Treaty for the Visually Impaired

pranesh — 2013-06-25T08:47:18Z

In this primer, Pranesh Prakash and Puneeth Nagaraj explain what effects a WIPO Treaty for the Visually Impaired can have and who's opposing it.

A Primer on the provisions of the TVI and ongoing negotiations

The Treaty on Limitations and Exceptions for Visually Impaired Persons/Persons with Print Disabilities (“TVI” for short) is a landmark international instrument in recognizing the crucial link between copyright limitation and greater access to visually impaired persons / persons with print disabilities (“VIPs” for short). Below is a summary of the provisions of the Treaty and the benefit it will bring to VIPs, and the kinds of speed-bumps that rich countries are trying to place to make this treaty ineffective for the blind, the majority of whom live in poor countries.

1. Exceptions in Domestic Copyright Law

Currently, in most countries, only the owner of copyright to a particular book has the right to convert it into an “accessible format” (e.g. Braille, audio book, DAISY book, etc.). This treaty aims to create an exception to this rule by allowing print disabled persons, their representatives and non-profit ‘authorized entities’ the ability to convert books for the benefit of VIPs without seeking permission. The treaty would leave it up to each country whether their law will require such conversions to be paid or not since there is no uniformity on this question among countries that have national exceptions.

Opposition: The United States, European Union, France, Australia, Canada, and the publishing lobby have asked for multiple conditions for creation of accessible formats. They wish to confine this exception to non-profits, prevent translations, and ensure that books that are “commercially available” can be excluded, and require that countries who wish to use this exception have to comply with an onerous test called the “three step test”. Internationally, rights holders have zero formalities for gaining copyright (which, by international treaty, does not even have to be registered). But the rights holders want to ensure as many bureaucratic hurdles are put to exceptions as possible.

2. Cross-border Transfer of Accessible Works

One of the main purpose main purpose of the TVI is to increase the cross-boundary exchange of copyrighted works in accessible formats. According to the World Health Organisation, 87% of the visually impaired live in underdeveloped countries. Bangladesh and Swaziland, for instance, spend very little money on converting books, while in the USA, millions of dollars are spent both by the government and by charities. If this treaty is passed the way the World Blind Union and other pro-disability NGOs are asking, a blind girl from Bangladesh would be able register with a US-based site like Bookshare.org, after proving she’s blind, and just download the book she needs in a format that is accessible to her.

Opposition: The European Union and United States want make this non-mandatory. They also wish to restrict the ability of the Bangladeshi blind girl from accessing these books by allowing trade only between non-profit ‘authorized entities’. Unfortunately, many developing world countries (like Swaziland) don’t have any authorized entities to speak of, leaving blind people there stranded. For a treaty to be effective, individuals must be granted the right to import books as well. The European Union also wishes for a ‘commercial availability’ clause, meaning that if a book is ‘commercially available’ in the receiving country, then the authorized entity can’t export. In Europe itself there are almost no countries (with the UK being an exception) that have such a requirement when it comes to domestic conversions, but the EU still wants to ensure that as a requirement for poor countries. It is very difficult for an authorized entity located in the USA to determine in each and every case whether an accessible format of the book is ‘commercially available’ in the hundreds of countries they will receive requests from. Importantly, even a book priced exorbitantly or available only for those with expensive iPads may be considered ‘commercially available’, even if it is practically out of reach of the blind in the receiving country. This clause must go if the treaty is to be meaningful.

3. Digital locks

If digital locks (often called “Digital Rights/Restrictions Management” or DRMs) are used, then technologically, the blind can be restricted from enjoying a work which they have a legal right to access. For instance, Amazon has limited — at the behest of the Authors’ Guild of America — the ability of blind people to get their Kindle e-book readers to read aloud a book, and did so using digital locks. The TVI proposes that countries be required to ensure that the blind have effective access to books, even if they have digital locks.

Opposition: The United States and the publishing lobby is the biggest opponent of this provision. They have a system under which the blind are not required to automatically be granted the right to ‘circumvent’ the digital lock to make a book accessible even if they have bought an e-book, but have to granted permission to do so every three years by the government. The most recent three-yearly review found that the blind groups did not make out a strong enough case to justify granting them an exception, but thankfully this determination was overruled by the US Librarian of Congress. Thus the TVI must ensure that publishers cannot technologically impose restrictions on a book for the blind that they can’t do legally.

4. Translation

Another hot-button issue is the right to translation. Given that the biggest exporters of books, due to their colonial legacy, are USA, UK, France, and Spain, it is imperative that the blind in developing countries have access to these books in languages that they can understand. Very unfortunately, most of these languages are not profitable-enough markets for publishers to publish accessible translated books. Given this, it is necessary for charities to be able to make translations of accessible works specifically for the blind.

Opposition: The European Union and the publishing lobby is strongly opposing this, claiming that this will result in the blind having better access than the sighted. This is a false claim. A sighted student might have access to a translated book (made without an exception), but the blind student might not. For this has no merit as it ignores the social consequences of disability. This provision will merely bring the visually impaired to the same level as the rest of the population and not give them some illusory advantage.

For more details visit https://cis-india.org/a2k/blogs/primer-on-tvi

Indian surveillance laws & practices far worse than US

pranesh — 2013-07-12T11:09:39Z

Explosive would be just the word to describe the revelations by National Security Agency (NSA) whistleblower Edward Snowden.

Pranesh Prakash's column was published in the Economic Times on June 13, 2013. This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Now, with the American Civil Liberties Union suing the Obama administration over the NSA surveillance programme, more fireworks could be in store. Snowden's expose provides proof of what many working in the field of privacy have long known. The leaks show the NSA (through the FBI) has got a secret court order requiring telecom provider Verizon to hand over "metadata", i.e., non-content data like phone numbers and call durations, relating to millions of US customers (known as dragnet or mass surveillance); that the NSA has a tool called Prism through which it queries at least nine American companies (including Google and Facebook); and that it also has a tool called Boundless Informant (a screenshot of which revealed that, in February 2013, the NSA collected 12.61 billion pieces of metadata from India).

Nothing Quite Private

The outrage in the US has to do with the fact that much of the data the NSA has been granted access to by the court relates to communications between US citizens, something the NSA is not authorised to gain access to. What should be of concern to Indians is that the US government refuses to acknowledge non-Americans as people who also have a fundamental right to privacy, if not under US law, then at least under international laws like the Universal Declaration of Human Rights and the ICCPR.

US companies such as Facebook and Google have had a deleterious effect on privacy. In 2004, there was a public outcry when Gmail announced it was using an algorithm to read through your emails to serve you advertisements. Facebook and Google collect massive amounts of data about you and websites you visit, and by doing so, they make themselves targets for governments wishing to snoop on you, legally or not.

Worse, Indian-Style

That said, Google and Twitter have at least challenged a few of the secretive National Security Letters requiring them to hand over data to the FBI, and have won. Yahoo India has challenged the authority of the Controller of Certifying Authorities, a technical functionary under the IT Act, to ask for user data, and the case is still going on.

To the best of my knowledge, no Indian web company has ever challenged the government in court over a privacy-related matter. Actually, Indian law is far worse than American law on these matters. In the US, the NSA needed a court order to get the Verizon data. In India, the licences under which telecom companies operate require them to provide this. No need for messy court processes.

The law we currently have â€” sections 69 and 69B of the Information Technology Act â€” is far worse than the surveillance law the British imposed on us. Even that lax law has not been followed by our intelligence agencies.

Keeping it Safe

Recent reports reveal India's secretive National Technical Research Organisation (NTRO) â€” created under an executive order and not accountable to Parliament â€” often goes beyond its mandate and, in 2006-07, tried to crack into Google and Skype servers, but failed. It succeeded in cracking Rediffmail and Sify servers, and more recently was accused by the Department of Electronics and IT in a report on unauthorised access to government officials' mails.

While the government argues systems like the Telephone Call Interception System (TCIS), the Central Monitoring System (CMS) and the National Intelligence Grid (Natgrid) will introduce restrictions on misuse of surveillance data, it is a flawed claim. Mass surveillance only increases the size of the haystack, which doesn't help in finding the needle. Targeted surveillance, when necessary and proportional, is required. And no such systems should be introduced without public debate and a legal regime in place for public and parliamentary accountability.

The government should also encourage the usage of end-to-end encryption, ensuring Indian citizens' data remains safe even if stored on foreign servers. Merely requiring those servers to be located in India will not help, since that information is still accessible to American agencies if it is not encrypted. Also, the currently lax Indian laws will also apply, degrading users' privacy even more.

Indians need to be aware they have virtually no privacy when communicating online unless they take proactive measures. Free or open-source software and technologies like Open-PGP can make emails secure, Off-The-Record can secure instant messages, TextSecure for SMSes, and Tor can anonymise internet traffic.

http://cis-india.org/internet-governance/blog/economic-times-june-13-2013-pranesh-prakash-indian-surveillance-laws-and-practices-far-worse-than-us

For more details visit https://cis-india.org/internet-governance/blog/economic-times-june-13-2013-pranesh-prakash-indian-surveillance-laws-and-practices-far-worse-than-us

Computer Related Offences

pranesh — 2013-06-07T10:47:36Z

If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.

Explanation
For the purposes of this section,

the word “dishonestly” shall have the meaning assigned to it in section 24 of the Indian Penal Code;
the word “fraudulently” shall have the meaning assigned to it in section 25 of the Indian Penal Code.

For more details visit https://cis-india.org/internet-governance/resources/section-66-it-act.txt

Section 43 of the Information Technology Act

pranesh — 2013-06-07T10:37:04Z

Given below is the text of section 43 of the IT Act:

43. Penalty and compensation for damage to computer, computer system, etc.
If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network, or computer resource —

accesses or secures access to such computer, computer system or computer network;
downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;
disrupts or causes disruption of any computer, computer system or computer network;
denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means; (g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder;
charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network, he shall be liable to pay damages by way of compensation to the person so affected.
destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;
steel, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage;

Explanation.
For the purposes of this section:

"computer contaminant" means any set of computer instructions that are designed —
- to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or
- by any means to usurp the normal operation of the computer, computer system, or computer network;
"computer data base" means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in a formalised manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network;
"computer virus" means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, daia or instruction is executed or some other event takes place in that computer resource;
"damage" means to destroy, alter, delete, add, modify or rearrange any computer resource by any means.
"computer source code" means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

For more details visit https://cis-india.org/internet-governance/resources/section-43-it-act.txt

CIS Intervention on the Treaty for the Visually Impaired at SCCR/SS/GE/2/13

pranesh — 2013-04-25T11:57:02Z

The informal session and special session of the Standing Committee on Copyright and Related Rights was organised by WIPO in Geneva from April 18 to April 20, 2013. Pranesh Prakash participated in the session and spoke about the rights of the visually impaired. An abridged version of this was read out during the meeting on Saturday, April 20, 2013, at 22:15 due to time restrictions.

Thank you, Mr. Chair. I represent the Centre for Internet and Society, a policy research organization based in India. India, as everyone who has been attending these SCCR meetings since 2008 would know, has the world's largest population of blind and visually impaired persons. Two of my colleagues at CIS — Nirmita Narasimhan and Anandhi Viswanathan — are blind, and another one of my CIS colleagues who passed away recently (and whose tireless efforts were remembered here at WIPO recently with a minute of silence) — Rahul Cherian — spent many years working extensively on policy issues related to persons with disabilities, and in particular worked here in WIPO as part of Inclusive Planet, and with the World Blind Union. Hence, this issue is not an abstract one for us, but a very real one.

I commend the delegates here for taking some steps forward during this meeting. However, very disappointingly, with those few steps forward, we have seen a few things we had taken as settled being opened up again, and many steps being taken backward. The already-onerous requirements and procedures laid down in this treaty are seen by a few countries as not being onerous enough. Blind people, it is believed, might 'wrongly' take advantage of these provisions. Worse yet, there is a fear that sighted persons might take advantage of these provisions relating to the blind.

The absurdity of these fears somehow seems to have escaped the notice of many involved in these discussions. There is nothing in these provisions that would convert infringement by sighted people — even if under the pretence of this treaty — magically into lawful acts. And, indeed, there are multifarious ways of infringing copyright without such resort to this treaty. Yet, these very same onerous requirements (such as the "commercial availability" requirement) and bureaucratic processes will unrealistically increase transaction costs for the visually impaired and render infructuous the very purpose of this treaty. Those delegations who are unrelenting on these issues seem to living in a bizarre world where sighted infringers deviously use exceptions granted in an international copyright treaty to engage in piracy; a bizarre world where scanners and the Internet have not been invented. And by refusing to acknowledge these ground realities, they are merely forcing the blind into wearing eye-patches and being 'pirates'.

In particular, I would like to deplore the stand taken by the European Union, being represented here by the European Commission, whose actions run contrary to the call made in May 2011 by the European Parliament to "to address the ‘book famine’ experienced by visually impaired and print-disabled people". This is despite the European Parliament having reminded "the Commission and Member States of their obligations under the UN Convention on the Rights of Persons with Disabilities to take all appropriate measures to ensure that people with disabilities enjoy access to cultural materials in accessible formats, and to ensure that laws protecting IPR do not constitute an unreasonable or discriminatory barrier to access by people with disabilities to cultural materials". The EU, and a few countries of Group B, including the United States, have been slowly bleeding this treaty to death through over-legislation and bureaucracy.

The United States' and EU's stand on technological protection measures, if accepted, would mean that publishers will technologically be able to prevent the blind from enjoying accessible works, even when they can't do so legally on the basis of copyright law. The European Union's stand on all issues has been extraordinarily harmful, and seems to have an aim to make this treaty as unwieldy and unworkable as possible. They seem to regard the Berne Appendix as their model in this regard: an international agreement that exists on paper for the benefit of developing countries, but because of its bureaucratic processes is little used, and is widely regarded as a failure.

Here is what it boils down to: when it comes to the economic rights of copyright owners, current international law insists that there be no formalities, yet when it comes to the human rights of visually impaired person to access information — a right specifically guaranteed to them under the UN Convention on the Rights of Persons with Disabilities — some delegates in this room wish to ensure as many formalities as possible.

The rights of the visually impaired are being buried under unnecessary and complicated requirements and bureaucratic practices. This injustice must stop: the delegates here have the power to do so. And if the EU does not wish to be viewed as villains by all persons with print disabilities and all persons with conscience, it should stop trying to make this an ineffectual treaty. Many have quipped that this is fast becoming "A Treaty for Rightholders Against Persons with Visual Impairments and Print Disabilities" or alternatively "A Treaty for Morally Impaired Persons and Persons with Ethical Disabilities". That is an international shame.

Having colonized much of the world into using English, French, and Spanish, these European countries along with the USA are now in a position to be both culturally dominant and to refuse to sign up to this treaty if it helps blind persons outside of the EU and the USA who seek access to texts in these languages. These remnants of colonialism must be stamped out.

For more details visit https://cis-india.org/a2k/blogs/cis-intervention-eu-blocking-wipo-treaty-for-blind

Comments to the MHRD on WIPO Broadcast Treaty (March 2013)

pranesh — 2013-04-23T06:39:36Z

The Centre for Internet and Society would like to make the following comments on the draft legal text of SCCR/24/10 (Working Document for a Treaty on the Protection of Broadcasting Organizations) at the stakeholders meeting to be held on March 21, 2013.

Article 1 – Preamble: The draft legal text of SCCR/24/10 (“Treaty”) in the Preamble should in clear terms capture the intent of the WIPO General Assembly as to the object of the Treaty. The SCCR reiterated the General Assembly’s mandate for a signal based approach treaty for the protection of broadcasting and cablecasting organizations. In this regard, the SCCR in its report to the 50th Session of the WIPO General Assembly (Oct. 1-9, 2012) noted:

“The Committee reaffirmed its commitment to continue work on a signal based approach, consistent with the 2007 General Assembly mandate, towards developing an international treaty to update the protection of broadcasting and cablecasting organizations in the traditional sense. The Committee also agreed to recommend to the WIPO General Assembly that the Committee continue its work toward a text that will enable a decision on whether to convene a diplomatic conference in 2014.” [emphasis added]

Therefore it is submitted that the Preamble should at the very outset establish that the Treaty aims at
- protection of a related right and a signal based approach is adopted to protect such a related right
- protection of the broadcasting and cablecasting organizations in the traditional sense.
Article 2 – General Principles: It is submitted that the Development Agenda under TRIPS should be declared as general principle under the Treaty where as a balance must be struck between the rights of the broadcasting organizations and the larger public interest.
Article 5 – Definitions: The Treaty in its current form proposes alternatives to the definitions. On a general observation, it is submitted that the alternatives are unsatisfactory and waivers from the WIPO General Assembly mandate to adopt a signal based approach.

In precise terms, the definition section attributes a broad definition to the “broadcast” and fails to define the means of broadcast. The alternative to 5(b) does reintroduce the phrase, “general public” instead of “public”, as anything lesser would not constitute a broadcast as it was in the Article 5 of the March, 2007 draft non-paper, but fails to adopt a signal based approach by adding the words, “and specific program”.

Similarly definition of “retransmission” under the Alternative A for Article 5 clause (d) uses the words, “transmission by any means” which is again in conflict with the signal based approach.

Apart from the instances mentions above there are many other inconsistencies in the definition section and therefore it is submitted that none of the alternatives to the definition section can be implements within the mandate of the General Assembly.
Article 6 – Scope of Application: We agree with the Alternative A of Article 6, insofar as the alternative to clause 1 is adopted.
Article 9 – Protection for Broadcasting Organizations: In reference to Alternative A for Article 9 it is submitted that the public performance of broadcast signals should not be covered. In many countries, especially lower-income countries, shared viewing of televisions and shared listening to radio are culturally established and it should not be equated with signal theft, which should be the primary focus of this Treaty. Further, free-to-air TV and radio channels and state-sponsored TV and radio channels depend on advertisements and other forms of income, not subscriber payments. Given this, there is no reason why public performance, the wrongfulness of which is very business-model dependent, should be included in this treaty.

We strongly suggest that Alternative B to Article 9 should struck down as it is in contravention of the mandate of the WIPO General Assembly to adopt a signal based approach for the development of the text of the Treaty. There cannot be any fixation or post fixation rights be given to the broadcasting organization if a signal based approach is adopted for the Treaty.
Article 10 – Limitations and Exception: The limitations and exceptions should be mandatory as well, as not balancing limitations and exceptions with the rights granted to the broadcasters would be violating the spirit of the WIPO Development Agenda.

Further, it will also in contravention of Article 3 of the Treaty in its current form. The UNESCO Convention on the Protection and Promotion of the Diversity of Cultural Expression recognizes the principles of equitable access and openness and balance. It also mandates implementation of “measures aimed at enhancing diversity of the media, including through public service broadcasting.

It is also reiterated that, reasons for providing exceptions for over broadcast rights are not the same as those for copyright. For instance, a country may wish to make exceptions to signal protection for cases such as broadcast of a national sport, as India has done with the Sports Broadcasting Signals (Mandatory Sharing with Prasar Bharati) Act. This might well afoul of the three-step test proposed in Article 7(2), especially as it says “provide for the same or further limitations or exceptions...”.

Furthermore, a country may wish to limit the application of broadcasters rights for national broadcasters (whose programming is paid for by taxpayers, and thus should be available to them), but may not be able to do so under the provisions of Article 7(2). Thus, Article 10(2) should be deleted, and Article 10(1) should be expanded to include issues of national interest and for free-to-air broadcast signals.
Article 11 – Term of Protection: As submitted earlier by CIS, it is reiterated that no term of protection should be provided. As was noted by the US government in its response to the draft non-paper, it is questionable “whether a 20-year term of protection is consistent with a signal-based approach”. The Brazilian delegation also states: “Article 13 [of the previous draft treaty] should be deleted. A twenty-year term of protection is unnecessary. The agreed “signal-based” approach to the Treaty implies that the objected of protection is the signal, and therefore duration of protection must be linked with the ephemeral life of the signal itself.” Thus, a term is only needed if we stray away from a signal-based approach. As we do not wish to do so, there should be no term of protection.
Article 12 – Protection of Encryption and Rights Management Information: From our previous submission on this issue we reiterate that, No separate right to prevent unauthorized “decryption” should be granted, since signal-theft is already a crime. For instance, this provision would also cover decrypting an unauthorized retransmission without authorization from the retransmitter. This provides the unauthorized retransmitter rights, even though s/he has no right to retransmit. This leads to an absurd situation.

As stated by the Brazilian government with respect to the April 2007 non-paper:
“[Article 10 of the draft non-paper and Article 9 of the non-paper] is inconsistent with a “signal-based approach”. It creates unwarranted obstacles to technological development, to access to legitimate uses, flexibilities and exceptions and to access to the public domain. It does not focus on securing effective protection against an illicit act, but rather creates new exclusive rights so that they cover areas unrelated with the objective of the treaty, such as control by holder of industrial production of goods, the development and use of encryption technologies, and private uses. The prohibition of mere decryption of encrypted signals, without there having been unauthorized broadcasting activity, is abusive.”

If even the provision is to be retained, it should not grant the broadcasters any rights over and above that which is otherwise granted by the law, thus the following line is over-broad: “that are not authorized by the broadcasting organizations concerned or are not permitted by law.”

For more details visit https://cis-india.org/a2k/blogs/comments-on-wipo-broadcast-treaty

WGIG+8: Stock-Taking, Mapping, and Going Forward

pranesh — 2013-04-04T06:49:31Z

On February 27, 2013, the Centre for Internet and Society conducted a workshop on the Working Group on Internet Governance report, titled "WGIG+8: Stock-Taking, Mapping, and Going Forward" at the World Summit on the Information Society (WSIS) + 10 meeting at Fontenoy Building, conference room # 7, UNESCO Headquarters, Paris from 9.30 a.m. to 11.00 a.m.

Details of the event were published on the UNESCO website.

Session Personnel

Pranesh Prakash was the moderator for the session. There were about 10-15 participants along with 5 remote participants.

There were four speakers:

William Drake, International Fellow and Lecturer, Media Change & Innovation Division, IPMZ at the University of Zurich
Carlos Afonso, Executive Director of the Núcleo de Pesquisas, Estudos e Formação (NUPEF) institute
Avri Doria, Dotgay LLC, Association for Progressive Communications, International School for Internet Governance
Désirée Miloshevic, International Affairs and Policy Adviser, Afilias

Summary of the Discussion

Speakers Summaries

William Drake:
Mr. Drake argued that the WGIG process demonstrated the benefits of multistakeholder collaboration, and facilitated the WSIS negotiations, and the multistakeholder process that WGIG embodied promoted public engagement in the Internet governance debate. The working definition of “Internet governance” that the WGIG came up with demystified the nature and scope of Internet governance. One important outcome of the WGIG report was the proposal of the establishment of the Internet Governance Forum. The WGIG began the holistic assessment of “horizontal issues,” including development, and made some broad but useful recommendations on key “vertical issues”. And lastly, the WGIG offered four models for the oversight of core resources that helped to focus the global debate on the governance of the Internet’s core resources.

Carlos Afonso:
Mr. Afonso commented on the issue of international interconnection costs, and pointed out that they continue to be complex and involve complicated cost accounting. Mr. Afonso then pointed out that the Number Resource Organization (NRO) and the Regional Internet Registries (RIRs) could be doing more in the context of IPv6, in the way of stimulating backbone operators to ensure IPv6 visibility of the networks below them — many are already IPv6-ready but upstream providers do not provide corresponding transit. He also drew attention to “enhanced cooperation” as an issue that had not been anticipated at the time of the report, but had since become an important issue; similarly, he identified social networking and (in response to a question) military uses of the Internet, etc., as other such issues. He opined that the WGIG report needed to be elaborated upon in the present context.

Avri Doria:
Ms. Doria argued that while the report was reluctantly accepted after having been first rejected by the governments, it has proven to be highly useful. She praised the report for its working definition of IG, as it is still being used, and because the report made a clear distinction between governments and the governance of the Internet. She then argued that the definition of roles and responsibilities of stakeholders is very loose in the WGIG report and that these definitions are something that needs further study as they do not take into account the full role and responsibilities of all stakeholders. She also argued that the National Telecommunications and Information Administration is transferring some of its oversight powers over technical governance of the domain name system, to multistakeholder processes as can be seen from the “Affirmation of Commitments” which has replaced the earlier “Memorandum of Understanding” it had with ICANN." She argued that the Affirmation of Commitment based review teams are an important experiment that should be followed with interest.

Désirée Miloshevic:
Ms. Miloshevic pointed out that outside the meta issue of keeping the Internet open for innovation, issues relating to freedom of speech and human rights were the most important challenges facing Internet governance today. She highlighted that several issues, such as economic benefits, consumer protection, freedom to connect and education are issues that have either not been addressed or have been addressed inadequately in the report. She then went on to argue that the IGF, which is an outcome of the WGIG report has had a tangible impact on IG, particularly on clarifying IG as a multi-stakeholder process rather than describing mere institutional regulation models. For example, the IGF allows for newly identified public policy issues to continue to feature as topics in the IGF as emerging issues, such as open data, etc. Ms. Miloshevic also emphasised the need for stakeholders to increase the development of capacity in dealing with IG issues at the global level.

Summary of General Discussion

Overall, it was agreed by all panelists that the WGIG 2005 report and the WSIS process have had a large impact on Internet Governance (IG), particularly in terms of an increase in public awareness and participation in IG as well as in framing of IG as involving multiple stakeholders and not just governments. This has in turn led to a shifting of power equations as well as an increase in openness and transparency. The report has helped create the distinction between governments and governance of the Internet, and framed, through the working definition of IG that was later incorporated in the WSIS Tunis Agenda, the non-technical aspects of IG as a core part of IG. Further, the identification and mapping of issues associated with IG and the generation of institutional governance models were important outcomes of the report. The report was also seen as instrumental in the creation of the Internet Governance Forum (IGF).

Panellists also noted the changed context and the progress (and in many cases, lack of progress) since the WGIG report. Issues were raised around the lack of progress in implementing the specific recommendations made by the report. Inadequate capacity-building of actors in the global South, and efforts of the Number Resource Organization (NRO) and the Regional Internet Registries (RIRs) with respect to IPv6 were used as examples. It was also pointed out that a number of concerns have materialized that had not been anticipated at the time of the report, including 'enhanced cooperation', the emergence of social networking, and military uses of the Internet.

Moderator's summary

The WGIG and its report, the background report and the book that followed from that report, have proven to be crucial in defining the formulation and direction of Internet governance for the past 8 years, and have resulted in a multi-stakeholder governance model for the Internet and the IGF, and have set many norms that have shifted power equations. However, many significant issues that weren't central to Internet governance during the formulation of the WGIG report have since emerged, the majority of the recommendations made in the WGIG report haven't seen much progress, the capacity of actors in the global South to engage in IG issues has not increased greatly, and the IGF needs to gain greater credibility and centrality. Transnational private corporations are emerging as increasingly powerful actors in Internet governance and are slowly shifting the balance, a development that was unforeseen in 2005 when governments were seen as the most powerful actors.

Any agreed recommendations from the session

The panelists recommended the production of an analytical report that would explore the current status of the issues and recommendations laid in the original report issues as well as identify any new concerns that have arisen since 2005. An important aspect of this report would be an emphasis on the benefits of the IGF and the role of the WGIG process and report in underscoring the significance of multi-stakeholder processes. Further recommendations included the continued advancement of Internet rights and principles and enhanced cooperation, as these are two focus areas that have emerged since the WGIG report, and the strengthening of the IGF.

For more details visit https://cis-india.org/internet-governance/blog/wgig-8-stock-taking-mapping-and-going-forward

CIS Welcomes Standing Committee Report on IT Rules

pranesh — 2013-04-03T10:54:52Z

The Centre for Internet and Society welcomes the report by the Standing Committee on Subordinate Legislation, in which it has lambasted the government and has recommended that the government amend the Rules it passed in April 2011 under section 79 of the Information Technology Act.

Click to read the Parliamentary Standing Committee Report on the IT Rules. A modified version was published in CiOL on March 27, 2013.

These rules have been noted by many, including CIS, Software Freedom Law Centre, and Society for Knowledge Commons, and many eminent lawyers, as being unconstitutional. The Standing Committee, noting this, has asked the government to make changes to the Rules to ensure that the fundamental rights to freedom of speech and privacy are safeguarded, and that the principles of natural justice are respected when a person’s freedom of speech or privacy are curtailed.

Ambiguous and Over-reaching Language

The Standing Committee has noted the inherent ambiguity of words like "blasphemy", "disparaging", etc., which are used in the Intermediary Guidelines Rules, and has pointed out that unclear language can lead to harassment of people as has happened with Section 66A of the IT Act, and can lead to legitimate speech being removed. Importantly, the Standing Committee recognizes that many categories of speech prohibited by the Intermediary Guidelines Rules are not prohibited by any statute, and hence cannot be prohibited by the government through these Rules. Accordingly, the Standing Committee has asked the government to ensure "no new category of crimes or offences is created" by these Rules.

Government Confused Whether Rules Are Mandatory or Advisory

The Standing Committee further notes that there is a discrepancy in the government’s stand that the Intermediary Guidelines Rules are not mandatory, and are only "of advisory nature and self-regulation", and that "it is not mandatory for the Intermediary to disable the information, the rule does not lead to any kind of censorship". The Standing Committee points out the flaw in this, and notes that the language used in the rules is mandatory language (“shall act” within 36 hours). Thus, it rightly notes that there is a "need for clarity on the aforesaid contradiction". Further, it also notes that there is "there should be safeguards to protect against any abuse", since this is a form of private censorship by intermediaries."

Evidence Needed Against Foreign Websites

The government has told the Standing Committee that "foreign websites repeatedly refused to honour our laws", however, it has not provided any proof for this assertion. The government should make public all evidence that foreign web services are refusing to honour Indian laws, and should encourage a public debate on how we should tackle this problem in light of the global nature of the Internet.

Cyber Cafes Rules Violate Citizens’ Privacy

The Standing Committee also pointed out that the Cyber Cafe Rules violated citizens’ right to privacy in requiring that "screens of the computers installed other than in partitions and cubicles should face open space of the cyber café". Unfortunately, the Standing Committee did not consider the privacy argument against retention of extensive and intrusive logs. Under the Cyber Cafe Rules, cyber cafes are required to retain (for a minimum of one year) extensive logs, including that of "history of websites accessed using computer resource at cyber café" in such a manner that each website accessed can be linked to a person. The Committee only considered the argument that this would impose financial burdens on small cybercafes, and rejected that argument. CIS wishes the Committee had examined the provision on log maintenance on grounds of privacy as well."

Government’s Half-Truths

In one response, the government notes that "rules under Section 79 in particular have undergone scrutiny by High Courts in the country. Based on the Rules, the courts have given reliefs to a number of individuals and organizations in the country. No provision of the Rules notified under Sections 43A and 79 of the IT Act, 2000 have been held ultra vires."

What the government says is a half-truth. So far, courts have not struck down any of the IT Rules. But that is because none of the High Court cases in which the vires of the Rules have been challenged has concluded. So it is disingenuous of the government to claim that the Rule have "undergone scrutiny by High Courts". And in those cases where relief has been granted under the Intermediary Guidelines, the cases have been ex-parte or have been cases where the vires of the Rules have not been challenged. The government, if it wants to defend the Rules, should point out to any case in which the vires of the Rules have been upheld. Not a single court till date has declared the Rules to be constitutional when that question was before it.

Lack of Representation of Stakeholders in Policy Formulation

Lastly, the Standing Committee noted that it is not clear whether the Cyber Regulatory Advisory Committee (CRAC), which is responsible for policy guidance on the IT Act, has "members representing the interests of principally affected or having special knowledge of the subject matter as expressly stipulated in Section 88(2) of the IT Act". This is a problem that we at CIS also noted in November 2012, when the CRAC was reconstituted after having been defunct for more than a decade.

CIS hopes that the government finally takes note of the view of legal experts, the Standing Committee on Delegated Legislation, the Parliamentary motion against the Rules, and numerous articles and editorials in the press, and withdraws the Intermediary Guidelines Rules and the Cyber Cafe Rules, and instead replaces them with rules that do not infringe our constitutional rights.

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness, and engages in academic research on digital natives and digital humanities. It was among the organizations that submitted evidence to the Standing Committee on Subordinate Legislation on the IT Rules.

For more details visit https://cis-india.org/internet-governance/blog/cis-welcomes-standing-committee-report-on-it-rules

Statement of Solidarity on Freedom of Expression and Safety of Internet Users in Bangladesh

pranesh — 2013-01-15T11:51:44Z

This is a statement on the violent attack on blogger Asif Mohiuddin by the participants to the Third South Asian Meeting on the Internet and Freedom of Expression that took place in Dhaka, Bangladesh, on January 14–15, 2013.

Bangladeshi blogger Asif Mohiuddin was brutally attacked in a stabbing last evening. His condition is currently said to be critical. Violent attacks on mediapersons have led to at least four deaths in the past year. This trend is now extending to those writing online.

It is the duty of societies at large to ensure that principles we universally consider sacrosanct, such as the right to life and liberty and of freedom of expression are in fact ideas, and of the government to actively protect the rights guaranteed under the Constitution of Bangladesh and to ensure they are not just words on paper.

Article 39 of the Constitution of Bangladesh—and Article 19 of the Universal Declaration of Human Rights—guarantee both the freedom of thought and conscience, as well as the right of every citizen of freedom of speech and expression, and freedom of the press.

Article 32 of the Constitution of Bangladesh—and Article 3 of the Universal Declaration of Human Rights—guarantee that no person shall be deprived of life or personal liberty except by law.

The attack on Asif Mohiuddin constitutes a violation these fundamental principle by criminals, and we request the government to act decisively to show it will not tolerate such violations.

Reporters Without Borders note that "the ability of those in the media to work freely has deteriorated alarmingly in Bangladesh, which is now ranked 129th of 179 countries in the 2011-2012 World Press Freedom Index".

In general, the situation of those working as non-professional 'citizen journalists' is even worse. In a 2010 report, the UN Special Rapporteur wrote:

"Citizen journalists are by nature more isolated, they are more vulnerable to attack than professional journalists. However, citizen journalists enjoy less protection than their counterparts in traditional media, as they do not have the support of media organizations and networks, in particular the organizational resources, including lawyers and financial resources, which can help shield them from harassment."

This reality of greater vulnerability is equally applicable to those who do not self-identify as 'citizen journalists', but use social media to express unpopular opinions.

Keeping this in mind, we call upon the government on Bangladesh to carry out swift investigations into this particular incident and bring the perpetrators to justice, and to grant greater legal support to citizen journalists and ensure better protections for all those who use the Internet as a means of expression.

For more details visit https://cis-india.org/internet-governance/blog/statement-of-solidarity-asif-mohiuddin

No Civil Society Members in the Cyber Regulations Advisory Committee

pranesh — 2013-01-09T17:56:57Z

The Government of India has taken our advice and reconstituted the Cyber Regulations Advisory Commitee. But there is no representation of Internet users, citizens, and consumers — only government and industry interests.

In multiple op-eds (Indian Express and Mint), I have pointed out the need for the government to reconstitute the "Cyber Regulations Advisory Committee" (CRAC) under section 88 of the Information Technology Act. That it be reconstituted along the model of the Brazilian Internet Steering Committee was also part of the suggestions that CIS sent to the government after a meeting FICCI had convened along with the government on September 4, 2012.

Section 88 requires that people "representing the interests principally affected" by Internet policy or "having special knowledge of the subject matter" be present in this advisory body. The main function of the CRAC is to advise the the Central Government "either generally as regards any rules or for any other purpose connected with this Act".

Despite this important function, the CRAC had — till November 2012 — only ever met twice, both times in 2001. The response to an RTI informed us that the body had never provided any advice to the government.

Government Not Serious

The increasing pressure on the government for botching up Internet regulations has led it to reconstitute the CRAC. However, the list of members of the committee shows that the government is not serious about this committee representing "the interests primarily affected" by Internet policy.

Importantly, this goes against the express wish of the Shri Kapil Sibal, the Union Minister for Communications and IT, who has repeatedly stated that he believes that Internet-related policymaking should be an inclusive process. Most recently, at the 2012 Internet Governance Forum he stated that we need systems that are:

"collaborative, consultative, inclusive and consensual, for dealing with all public policies involving the Internet"

Interestingly, despite the Hon'ble Minster verbally inviting civil society organizations (on November 23, 2012) for a meeting of the CRAC that happened on November 25, 2012, the Department of Electronics and Information Technology refused to send us invitations for the meeting. This hints at a disconnect between the political and bureaucratic wings of the government, at least at some levels.

Interestingly, this isn't the first time this has been pointed out. Na. Vijayashankar was levelling similar criticisms against the CRAC way back in August 2000 when the original CRAC was constituted.

Breakdown by Stakeholder Groupings

While there is no one universal division of stakeholders in Internet governance, but four goups are widely recognized: governments (national and intergovernmental), industry, technical community, and civil society. Using that division, we get:

Government - 15 out of 22 members
Industry bodies - 6 out of 22 members
Technical community / Academia - 1 out of 22 members
Civil society - 0 out of 22 members.

List of Members of Cyber Regulatory Advisory Committee

The official notification (G.S.R. 827(E)) is available on the DEIT website and came into force on November 16, 2012.

(Note: Names with ~~strikethroughs~~ have been removed from the CRAC since 2000, and those with emphasis have been added.)

Minister, Ministry of Communication and Information Technology - Chairman
Minister of State, Ministry of Communications and Information Technology - Member
Secretary, Ministry of Communication and Information Technology, Department of Electronics and Information Technology - Member
Secretary, Department of Telecommunications - Member
~~Finance Secretary - Member~~
Secretary, Legislative Department - Member
Secretary, Department of Legal Affairs - Member
~~Shri T.K. Vishwanathan, Presently Member Secretary, Law Commission - Member~~
Secretary, Ministry of Commerce - Member
Secretary, Ministry of Home Affairs - Member
Secretary, Ministry of Defence - Member
Deputy Governor, Reserve Bank of India - Member
Information Technology Secretary from the states by rotation - Member
Director, IIT by rotation from the IITs - Member
Director General of Police from the States by rotation - Member
President, NASSCOM - Member
President, Internet Service Provider Association - Member
Director, Central Bureau of Investigation - Member
Controller of Certifying Authority - Member
Representative of CII - Member
Representative of FICCI - Member
Representative of ASSOCHAM - Member
President, Computer Society of India - Member
Group Coordinator, Department of Electronic and Information Technology - Member Secretary

For more details visit https://cis-india.org/internet-governance/blog/cyber-regulations-advisory-committee-no-civil-society

Response to RTI on Decisions of the Cyber Regulation Advisory Committee

pranesh — 2013-01-09T15:26:26Z

The Department of Electronics & Information Technology, Ministry of Communications & Information Technology responded to a right to information (RTI) application filed by Saket Bisani on behalf of the Centre for Internet & Society on July 13, 2012 through notification No. 14(110)/2012-ESD, dated October 3, 2010.

No. 14(110)/2012-ESD
M/o Communiciations & Information Technology
Department of Electronics & Information Technology
Electronics Niketan, 6, CGO Complex
New Delhi-110003

Dated:3.10.2012

Subject: RTI application received from Shri Saket Biswani

With reference to your RTI application dated 13.7.12 requesting for the following information.

Question

a) Please provide me a list of the dates of each meeting of the CRAC held from October 18, 2000 till July 13, 2012?

b) Please provide me copies of the minutes of every meeting held by the Cyber Regulation Advisory Committee from October 18, 2000 till July 13, 2012.

c) Provide me the list of all policy decisions that the CRAC has advised the Central Government on under section 88(3) (a) of the Information Technology.

d) Provide me a list of all policy decisions that the CRAC has advised the Central Government on under section 88(3)(a) of the Information Technology Act, 2000.

The information as received from the custodian of the information is placed below:

Answer

a) The meetings of CRAC were held on 6^th March, 2001 and 17-18 March, 2001.

b) Minutes of these two meetings of CRAC are attached.

c) No such advice was given by CRAC to DeitY under section 88(3)(a).

d) Information is attached.

(A.K. Kaushik)
Additional Director & CPIO
(E-Security & Cyber Laws)

To: Shri Saket Bisani
No. 194, 2^nd 'C' Cross,
Domlur 2^nd Stage
Bangalore-560 071

Minutes of the First Meeting of the Cyber Regulation Advisory Committee (CRAC) held on March 6, 2001, at Electronics Niketan, under the Chairmanship of Hon’ble Minister* (IT) Shri Pramod Mahajan.

(List of Participants enclosed as Annexure-A)

The chairman welcomed the participants to the First Meeting of the Committee. In his opening remarks he hoped that the Committee would play a constructive role in the implementation of the Information Technology Act.
While introducing the Agenda (circulated ahead of the meeting), Controller of Certifying Authorities (CCA) made a short presentation on proposed "Regulation.; under section 89 of the IT Act" consisting of 18 proposed Regulations, Smart Card as token carrying Keys, and various suggested Amendments to the IT ACT 2000.
During the ensuing discussions, participants sought some time to study and collate associated inputs from their respective colleagues/specialists before offering any concrete suggestions/recommendations. Chairman agreed to the suggestions and postponed the meeting to 11:00 AM on the March 17, 2001 at the same venue. Based on the recommendation of Secretary (IT), members were requested to forward their inputs, if any, through e-mail within a weeks time to the following:

For Regulations wider section 89 of IT Act	For amendments to IT Act 2000
Shri K.N. Gupta (CCA) Room No. 4006, Electronics Niketan 6 CGO Complex New Delhi 110003 e-mail:kgupta@mit.gov.in Tele: 436 3073 Fax: 439 5982	Shri A.B. Saha (Member Secretary) Room No. 2055, Electronics Niketan 6 CGO Complex New Delhi 110003 e-mail:saha@mit.gov.in Tele: 436 0958 Fax: 436 2924

Meeting ended with a vote of thanks to the Chair.

Minutes of the Second Meeting of the Cyber Regulation Advisory Committee (CRAC) held on 17-18 March, 2001 at Electronics Niketan, New Delhi under the Chairmanship of Hon'ble Minister (IT), Shri Pramod Mahajan.

(List of Participants enclosed as Annexure-A)

The chairman welcomed the participants to the second meeting of the Committee to consider further the draft regulations proposed by the Controller of Certifying Authority (CCA). ' " ~
During the ensuing discussions, following general recommendations/decisions were arrived at governing the overall formulation of the regulations that are necessary to bring about infrastructure facilitating activities envisaged under the IT Act 2000:

a) Any regulation to be framed by the Controller draws its authority only from Section 89(2) of the Act. Moreover, such regulations should complement the Rules already framed under the Section 87 of the Act.

b) To keep pace with the changing technology and standards, CCA may publicly notify/modify necessary specifications of technology, standards and procedures at regular interval (say, January of every year). Moreover, to adhere to the "principles of minimal governance", if any particular necessity emerges for inclusion of newer manifestations of any existing standard/technology/procedure, Controller should respond within ninety (90) days after receiving any specific request in writing, failing which it will deemed to have obtained his concurrence.

c) The commercial practices/interests may form the essential pedestal for the certification process. Aspects of cross-certification may preferably be left to the purview of the concerned market forces. However, the necessary interoperability will essentially be "market-driven" and not "authority-driven". This will also ensure that formulated rules and regulations stay in tune with market realities.

d) Strict adherence to open standards should be ensured to avoid emergence of monopoly of any kind.

e) Considering cost sensitiveness of the requisite digital signature certificate, families of technologies varying in convenience, reliability, availability, robustness, etc. may be allowed to inter-operate. However, CCA may undertake public awareness campaign to promote desirable best practices from time to time.

f) The minimal regulations facilitating activities envisaged in the Act is desirable. Some of the proposed provisions can also be ensured in the form of "terms & conditions" governing the operations of Certifying Authorities.

g) Emergence of guidelines governing smooth functioning may be better left to publications brought out by industry associations, public-minded professionals etc. Formulating rules and regulations in these regards should be minimal.

3. After framing the draft compilation of the requisite regulations in accordance with the conventional legal form in terms of content as well as structure with the assistance of the Ministry of Law, the regulations may be brought to the Ministry of Information Technology for approval.

4 The Committee considered the 18 regulations proposed in Agenda Item No.1 and the statement reproduced below contains the decision taken against each proposal.

SI	Item	Conclusions
1	Regulation 1 Standardising on two key-pairs for PKI in the country. Key-pair generation for subscribers by CAs.	Regulation not required. Encryption Key pair not part of the IT Act. Already covered under Rule 3, 4 & 5 of notified CA Rules. Subscriber should be at liberty to bring his key pair that CA may verify before acceptance. (Section 40 of the Act)
2	Regulation 2 Encryption key-pair of subscribers to be maintained by CAs in a database and made available to enforcement and law agencies under directions of the Controller.	Regulation not required. IT Act is silent regarding encryption.
3	Regulation 3 Disclosure Record of CA.	Disclosure may be done every six months. Necessary format for disclosure may be notified from time to time. (Para 2(f) above)
4	Regulation 4 Encryption Key Pair of CA to be made available to the Controller.	Regulation not required in accordance to conclusions against 1 & 2 above.
5	Regulation 5 Cross-Certification with foreign CAs.	As per recommendation 2(c) above.
6	Regulation 6 Terms and Conditions subject to which license shall be issued by the Controller to the prospective CAs.	Can be merged with regulation 11. As per the recommendation mentioned in 2(c) above.
7	Regulation 7 Standards that may be considered for different activities associated with the CAs functions including standardization of contents of the Certificates to be issued by CAs and standardization of the Certificate Revocation List.	As per the recommendation 2(b) above.
8	Regulation 8 Information to be made publicly available by a CA on its website. Notice of suspension or revocation of license.	CA must harness all form of networks and other practical media, and not only Internet, for disclosure to its subscriber and other interested parties.
9	Regulation 9 Standardisation of Certificate Practice Statement.	Agreed.
10	Regulation 10 Compromise of subscribers Digital Signature Key-Pair	Agreed.
11	Regulation 11 Description of classes of Certificates.	Shall be merged with regulation 6 above. In addition to 3 classes of certificates as identified by international bodies, the regulation should be open to additional classes of certificates, if required.
12	Regulation 12 Cross-Certification of CAs.	It should be market-driven. (Recommendation 2(c) above).
13	Regulation 13 Incorporation of Controllers Public Key Certificate as the "root” in all web browsers in the country.	Regulation not required. Need for integrating Controller's root key in the browsers may not be feasible.
14	Regulation 14 Minimum key length for CAs and subscribers.	Agreed for the provision of 1024 bits for subscriber/end-user and 2048 bits for CAs key pair.
15	Regulation 15 Audit of applicants to include manpower audit as well. Liability of CAs towards subscribers on account of their negligence.	Regulation not required. Audit provision has already been covered under Rule 31 of CA rules notified by MIT.
16	Regulation 16 Storage of Key-Pairs of CAs. Distribution of Key-Pairs / Certificates of subscribers by CAs.	Not to be regulated. Recommendation 2(e) above shall be followed.
17	Regulation 17 Documents to be submitted to the Controller along with the application for obtaining license to operate as CA.	Already covered under rule 10 of CA rules notified by MIT. Any additional information can be sought through the recourse of public notices from time to time.
18	Regulation 18 Upon acceptance of PKC by a subscriber, the PKC shall be published by the CA as required under the IT Act for access by the subscribers and relying parties. The CA will ensure the transmission of PKC and CRLs to the National Repository to be maintained by the Controller.	Agreed.

Meeting ended with a vote of thanks to the Chair.

Annexure - A

First sitting of the second meeting of the “Cyber Regulation Advisory Committee” held on 17th March 2001 to consider adjourned agenda of the first meeting held on 6ft March 2001

List of Participants

Sh Pramod Mahajan, Minister, Information Technology - Chairman
Sh.S.C Jain , Secretary, Legislative Department
Sh Vinay Kohli, Secretary, Ministry of Information Technology
Sh. N. Parameswaran, DDG(LR), Department of Telecommunications
Dr. Jaimini Bhagwati, Ministry of Finance
Maj.Gen. M. G. Datar, Addl.D.G, IT, Army HQ, Ministry of Defence
Sh Mukesh Mittal, Dy Secy, Ministry of Home Affairs
Sh T A Khan, Sr. Dir, NIC, Ministry of Commerce
Sh. K.R Ganapathy,CGM-IC,RBI

10. Sh.S.R-Mittal,Adviser,DIT, Reserve Bank of India

11. Sh Dewang Mehta, President, NASSCOM

12. Sh Amitabh Singhal, President, Internet Service Providers Association

13. Sh LN Behra, DIG, Director, Central Bureau of Investigation

14. Sh K N Gupta, Controller of Certifying Authority

15. Sh. Qamar Ahmed. Addl.C.P/Crime, DG Police by rotation from the States

16. Prof. R S Sirohi. I1T Delhi, Director, IIT Delhi

17. Sh.Sanjay Dhawan, ExecDirector,KPMG, Representing CII

18. Sh. M.A.J.Jeyaseelan, Secretary, FICCI

19. Sh. Subimal Bhattacharjee, Vice President ARGUS, Representing ASSOCHAM

20. Sh A B Saha, Senior Director, Ministry of IT - Member Convener

First sitting of the second meeting of the “Cyber Regulation Advisory Committee” held on 18th March 2001 to consider adjourned agenda of the first meeting held on 6ft March 2001

List of Participants

Sh Pramod Mahajan, Minister, Information Technology - Chairman
Sh.N.L. Meenu, Jt. Secretary, Legislative Department
Sh Vinay Kohli, Secretary, Ministry of Information Technology
Sh. N. Parameswaran, DDG(LR), Department of Telecommunications
Dr. Jaimoni Bhagwati, Ministry of Finance
Maj.Gen. M G Datar, Ministry of Defence
Sh Mukesh Mittal, Dy Secy, Ministry of Home Affairs
Sh T A Khan, Sr. Dir, NIC, Ministry of Commerce
Sh. K.R Ganapathy,CGM-IC,RBI

10. Sh Dewang Mehta, President, NASSCOM

11. Sh Amitabh Singhal, President, Internet Service Providers Association

12. Sh LN Behra, DIG, Director, Central Bureau of Investigation

13. Sh K N Gupta, Controller of Certifying Authority

14. Sh. Dinesh Bhatt, Dy. Police Commissioner, Delhi

15. Prof. R S Sirohi. I1T Delhi, Director, IIT Delhi

16. Sh.Sanjay Dhawan, ExecDirector,KPMG, Representing CII

17. Sh. M.A.J.Jeyaseelan, Secretary, FICCI

18. Sh. Subimal Bhattacharjee, Vice President ARGUS, Representing ASSOCHAM

19. Sh A B Saha, Senior Director, Ministry of IT - Member Convener

For more details visit https://cis-india.org/internet-governance/resources/deity-response-to-rti-on-decisions-of-crac

The Worldwide Web of Concerns

pranesh — 2012-12-27T04:31:39Z

The International Telecommunication Union’s World Conference on International Telecommunications (WCIT-12) is currently under way in Dubai, after a gap of 25 years. At this conference, the Inter-national Telecommunication Regulations — a binding treaty containing high-level principles — are to be revised.

Pranesh Prakash's column was published in the Deccan Chronicle on December 10, 2012.

Much has changed since the 1988 Melbourne conference. Since 1988, mobile telephony has grown by leaps and bounds, the Internet has expanded and the World Wide Web has come into existence.

Telecommunications is now, by and large, driven by the private sector and not by state monopolies.

While there are welcome proposals (consumer protection relating to billing of international roaming), there have also been contentious issues that Internet activists have raised: a) process-related problems with the ITU; b) scope of the ITRs, and of ITU’s authority; c) content-related proposals and “evil governments” clamping down on free speech; d) IP traffic routing and distribution of revenues.

Process-related problems: The ITU is a closed-door body with only governments having a voice, and only they and exorbitant fees-paying sector members have access to documents and proposals. Further, governments generally haven’t held public consultations before forming their positions. This lack of transparency and public participation is anathema to any form of global governance and is clearly one of the strongest points of Internet activists who’ve raised alarm bells over WCIT.

w Scope of ITRs: Most telecom regulators around the world distinguish between information services and telecom services, with regulators often not having authority over the former. A few countries even believe that the wide definition of telecommunications in the ITU constitution and the existing ITRs already covers certain aspects of the Internet, and contend that the revisions are in line with the ITU constitution. This view should be roundly rejected, while noting that there are some legitimate concerns about the shift of traditional telephony to IP-based networks and the ability of existing telecom regulations (such as those for mandatory emergency services) to cope with this shift.

ITU’s relationship with Internet governance has been complicated. In 1997, it was happy to take a hands-off approach, cooperating with Internet Society and others, only to seek a larger role in Internet governance soon after. In part this has been because the United States cocked a snook at the ITU and the world community in 1998 through the way it established Internet Corporation for Assigned Names and Numbers (ICANN) as a body to look after the Internet’s domain name system. While the fact that the US has oversight over ICANN needs to change (with de-nationalisation being the best option), Russia wants to supersede ICANN and that too through current revisions of the ITRs. Russia’s proposal is a dreadful idea, and must not just be discarded lightly but thrown away with great force. The ITU should remain but one among multiple equal stakeholders concerned with Internet governance.

One important, but relatively unnoticed, proposed change to ITU’s authority is that of making the standards that ITU’s technical wing churns out mandatory. This is a terrible idea (especially in view of the ITU’s track record at such standards) that only a stuffy bureaucrat without any real-world insight into standards adoption could have dreamt up.

Content-related proposals: Internet activists, especially US-based ones, have been most vocal about the spectre of undemocratic governments trying to control online speech through the ITRs. Their concerns are overblown, especially given that worse provisions already exist in the ITU’s constitution. A more real threat is that of increasing national regulation of the Internet and its subsequent balkanisation, and this is increasingly becoming reality even without revisions to the ITRs.

Having said that, we must ensure that issues like harmonisation of cyber-security and spam laws, which India has been pushing, should not come under ITU’s authority. A further worry is the increasing militarisation of cyberspace, and an appropriate space must be found by nation-states to address this pressing issue, without bringing it under the same umbrella as online protests by groups like Anonymous.

Division of revenue: Another set of proposals is being pushed by a group of European telecom companies hoping to revive their hard-hit industry. They want the ITU to regulate how payments are made for the flow of Internet traffic, and to prevent socalled “net neutrality” laws that aim to protect consumers and prevent monopolistic market abuse. They are concerned that the Googles and Facebooks of the world are free-riding on their investments. That all these companies pay to use networks just as all home users do, is conveniently forgotten. Thankfully, most countries don’t seem to be considering these proposals seriously.

Can general criteria be framed for judging these proposals? In submissions to the Indian government, the Centre for Internet and Society suggested that any proposed revision of the ITRs be considered favourably only if it passes all the following tests: if international regulation is required, rather than just national-level regulation (i.e., the principle of subsidiarity); if it is a technical issue limited to telecommunications networks and services, and their interoperability; if it is an issue that has to be decided exclusively at the level of nation-states; if the precautionary principle is satisfied; and if there is no better place than the ITRs to address that issue. If all of the above are satisfied, then it must be seen if it furthers substantive principles, such as equity and development, competition and prevention of monopolies, etc. If it does, then we should ask what kind of regulation is needed: whether it should be mandatory, whether it is the correct sort of intervention required to achieve the policy objectives.

The threat of a “UN takeover” of the Internet through the WCIT is non-existent. Since the ITU’s secretary-general is insisting on consensus (as is tradition) rather than voting, the possibility of bad proposals (of which there are many) going through is slim. However, that doesn’t mean that activists have been crying themselves hoarse in vain. That people around the world are a bit more aware about the linkage between the technical features of the Internet and its potential as a vehicle for free speech, commerce and development, is worth having to hear some shriller voices out there.

The writer is policy director at the Centre for Internet and Society, Bengaluru

For more details visit https://cis-india.org/internet-governance/blog/deccan-chronicle-pranesh-prakash-december-10-2012-the-worldwide-web-of-concerns

The Worldwide Web of Concerns

pranesh — 2012-12-10T05:10:47Z

The threat of a ‘UN takeover’ of the Internet through the WCIT is non-existent. However, that does not mean that activists have been crying themselves hoarse in vain.

Pranesh Prakash's column was published in the Asian Age on December 10, 2012.

The International Telecommunication Union’s World Conference on International Telecommunications (WCIT-12) is currently under way in Dubai, after a gap of 25 years. At this conference, the International Telecommunication Regulations — a binding treaty containing high-level principles — are to be revised.

Much has changed since the 1988 Melbourne conference. Since 1988, mobile telephony has grown by leaps and bounds, the Internet has expanded and the World Wide Web has come into existence. Telecommunications is now, by and large, driven by the private sector and not by state monopolies.

Process-related problems: The ITU is a closed-door body with only governments having a voice, and only they and exorbitant fees-paying sector members have access to documents and proposals. Further, governments generally haven’t held public consultations before forming their positions. This lack of transparency and public participation is anathema to any form of global governance and is clearly one of the strongest points of Internet activists who’ve raised alarm bells over WCIT.

Scope of ITRs: Most telecom regulators around the world distinguish between information services and telecom services, with regulators often not having authority over the former. A few countries even believe that the wide definition of telecommunications in the ITU constitution and the existing ITRs already covers certain aspects of the Internet, and contend that the revisions are in line with the ITU constitution. This view should be roundly rejected, while noting that there are some legitimate concerns about the shift of traditional telephony to IP-based networks and the ability of existing telecom regulations (such as those for mandatory emergency services) to cope with this shift.

Content-related proposals: Internet activists, especially US-based ones, have been most vocal about the spectre of undemocratic governments trying to control online speech through the ITRs. Their concerns are overblown, especially given that worse provisions already exist in the ITU’s constitution. A more real threat is that of increasing national regulation of the Internet and its subsequent balkanisation, and this is increasingly becoming reality even without revisions to the ITRs. Having said that, we must ensure that issues like harmonisation of cyber-security and spam laws, which India has been pushing, should not come under ITU’s authority. A further worry is the increasing militarisation of cyberspace, and an appropriate space must be found by nation-states to address this pressing issue, without bringing it under the same umbrella as online protests by groups like Anonymous.

Division of revenue: Another set of proposals is being pushed by a group of European telecom companies hoping to revive their hard-hit industry. They want the ITU to regulate how payments are made for the flow of Internet traffic, and to prevent so-called “net neutrality” laws that aim to protect consumers and prevent monopolistic market abuse. They are concerned that the Googles and Facebooks of the world are free-riding on their investments. That all these companies pay to use networks just as all home users do, is conveniently forgotten. Thankfully, most countries don’t seem to be considering these proposals seriously.

Can general criteria be framed for judging these proposals? In submissions to the Indian government, the Centre for Internet and Society suggested that any proposed revision of the ITRs be considered favourably only if it passes all the following tests: if international regulation is required, rather than just national-level regulation (i.e., the principle of subsidiarity); if it is a technical issue limited to telecommunications networks and services, and their interoperability; if it is an issue that has to be decided exclusively at the level of nation-states; if the precautionary principle is satisfied; and if there is no better place than the ITRs to address that issue. If all of the above are satisfied, then it must be seen if it furthers substantive principles, such as equity and development, competition and prevention of monopolies, etc. If it does, then we should ask what kind of regulation is needed: whether it should be mandatory, whether it is the correct sort of intervention required to achieve the policy objectives.

The writer is policy director at the Centre for Internet and Society, Bengaluru

For more details visit https://cis-india.org/internet-governance/blog/asian-age-column-december-10-2012-pranesh-prakash-the-worldwide-web-of-concerns

Fixing India’s anarchic IT Act

pranesh — 2012-11-30T06:33:58Z

Section 66A of the Information Technology (IT) Act criminalizes “causing annoyance or inconvenience” online, among other things. A conviction for such an offence can attract a prison sentence of as many as three years.

Pranesh Prakash's article was published in LiveMint on November 28, 2012.

How could the ministry of communications and information technology draft such a loosely-worded provision that’s clearly unconstitutional? How could the ministry of law allow such shoddy drafting with such disproportionate penalties to pass through? Were any senior governmental legal officers—such as the attorney general—consulted? If so, what advice did they tender, and did they consider this restriction “reasonable”? These are some of the questions that arise, and they raise issues both of substance and of process.

When the intermediary guidelines rules were passed last year, the government did not hold consultations in anything but name. Industry and non-governmental organizations (NGOs) sent in submissions warning against the rules, as can be seen from the submissions we retrieved under the Right to Information Act and posted on our website. However, almost none of our concerns, including the legality of the rules, were paid heed to.

Earlier this year, parliamentarians employed a little-used power to challenge the law passed by the government, leading communications minister Kapil Sibal to state that he would call a meeting with “all stakeholders”, and will revise the rules based on inputs. A meeting was called in August, where only select industry bodies and members of Parliament were present, and from which a promise emerged of larger public consultations. That promise hasn’t been fulfilled.

Substantively, there is much that is rotten in the IT Act and the various rules passed under it, and a few illustrations—a longer analysis of which is available on the Centre for Internet and Society (CIS) website—should suffice to indicate the extent of the malaise.

Some of the secondary legislation (rules) cannot be passed under the section of the IT Act they claim as their authority. The intermediary guidelines violate all semblance of due process by not even requiring that a person whose content is removed is told about it and given a chance to defend herself. (Any content that is complained about under those rules is required to be removed within 36 hours, with no penalties for wilful abuse of the process. We even tested this by sending frivolous complaints, which resulted in removal.)

The definition of “cyber terrorism” in section 66F(1)(B) of the IT Act includes wrongfully accessing restricted information that one believes can be used for defamation, and this is punishable by imprisonment for life. Phone-tapping requires the existence of a “public emergency” or threat to “public safety”, but thanks to the IT Act, online surveillance doesn’t. The telecom licence prohibits “bulk encryption” over 40 bits without key escrow, but these are violated by all, including the Reserve Bank of India, which requires that 128-bit encryption be used by banks. These are but a few of the myriad examples of careless drafting present in the IT Act, which lead directly to wrongful impingement of our civil and political liberties. While we agree with the minister for communications, that the mere fact of a law being misused cannot be reason for throwing it out, we believe that many provisions of the IT Act are prone to misuse because they are badly drafted, not to mention the fact that some of them display constitutional infirmities. That should be the reason they are amended, not merely misuse.

What can be done? First, the IT Act and its rules need to be fixed. Either a court-appointed amicus curiae (who would be a respected senior lawyer) or a committee with adequate representation from senior lawyers, Internet policy organizations, government and industry must be constituted to review and suggest revisions to the IT Act. The IT Act (in section 88) has a provision for such a multi-stakeholder advisory committee, but it was filled with mainly government officials and became defunct soon after it was created, more than a decade ago. This ought to be reconstituted. Importantly, businesses cannot claim to represent ordinary users, since except when it comes to regulation of things such as e-commerce and copyright, industry has little to lose when its users’ rights to privacy and freedom of expression are curbed.

Second, there must be informal processes and platforms created for continual discussions and constructive dialogue among civil society, industry and government (states and central) about Internet regulation (even apart from the IT Act). The current antagonism does not benefit anyone, and in this regard it is very heartening to see Sibal pushing for greater openness and consultation with stakeholders. As he noted on the sidelines of the Internet Governance Forum in Baku, different stakeholders must work together to craft better policies and laws for everything from cyber security to accountability of international corporations to Indian laws. In his plenary note at the forum, he stated: “Issues of public policy related to the Internet have to be dealt with by adopting a multi-stakeholder, democratic and transparent approach” which is “collaborative, consultative, inclusive and consensual”. I could not have put it better myself. Now is the time to convert those most excellent intentions into action by engaging in an open reform of our laws.

Pranesh Prakash is policy director at the Centre for Internet and Society.

For more details visit https://cis-india.org/internet-governance/blog/livemint-opinion-november-28-2012-pranesh-prakash-fixing-indias-anarchic-it-act