Centre for Internet and Society

DOT Order Blocking 857 Websites on Grounds of Decency and Morality

pranesh — 2015-08-03T07:42:53Z

Copy of leaked DOT order blocking 857 websites on grounds of morality and decency, claiming powers under section 79(3)(b) of the Information Technology Act.

For more details visit https://cis-india.org/internet-governance/resources/dot-morality-block-order-2015-07-31

Don't Shoot the Messenger: Speech on Intermediary Liability at 22nd SCCR of WIPO

pranesh — 2012-06-01T15:01:08Z

This is a speech made by Pranesh Prakash at an side-event co-organized by the World Intellectual Property Organization and the Internet Society on intermediary liability, to coincide with the release of Prof. Lillian Edwards's WIPO-commissioned report on 'Role and Responsibility of the Internet Intermediaries in the Field of Copyright'.

Good afternoon. I've been asked to provide a user's perspective to the question of intermediary liability. "In what cases should an Internet intermediary—a messenger—be held liable for the doings of a third party?" is the broad question. I believe that in answering that question we can be guided by two simple principles: As long as intermediaries don't exercise direct editorial control, they should not be held liable; and as long as they don't instigate or encourage the illegal activity, they should not be held liable. In all other cases, attacking Internet intermediaries generally a sign of 'shooting the messenger'. General intermediary liability and intermediary liability for copyright infringement share a common philosophical foundation, and so I will talk about general intermediary liability first.

While going about holding intermediaries liable, we must remember that what is at stake here is the fact that intermediaries are a necessary component of ensuring freedom of speech and self-expression on the World Wide Web. In this regard, we must keep in mind the joint declaration issued by four freedom of expression rapporteurs under the aegis of the Organization of American States on June 1, 2011:

Intermediary Liability

a. No one who simply provides technical Internet services such as providing access, or searching for, or transmission or caching of information, should be liable for content generated by others, which is disseminated using those services, as long as they do not specifically intervene in that content or refuse to obey a court order to remove that content, where they have the capacity to do so (‘mere conduit principle’).

b. Consideration should be given to insulating fully other intermediaries, including those mentioned in the preamble, from liability for content generated by others under the same conditions as in paragraph 2(a). At a minimum, intermediaries should not be required to monitor user-generated content and should not be subject to extra-judicial content takedown rules which fail to provide sufficient protection for freedom of expression (which is the case with many of the ‘notice and takedown’ rules currently being applied).

It is useful to keep in mind what the kind of liability we affix on offline intermediaries: Would we hold a library responsible for unlawful material that a user has placed on its shelves without its encouragement?

Ensuring a balanced system of intermediary liability is also very important in preserving the forms of innovations we have seen online. Ensuring that intermediaries aren't always held liable for what third parties do is an essential component of encouraging new models of participation, such as Wikipedia. While Wikipedia has community-set standards with regard to copyright, obscenity, and other such issues, holding the Wikimedia Foundation (which has only around 30-40 people) itself responsible for what millions of users write on Wikipedia will hamper such new models of peer-production. This point, unfortunately, has not prevented the Wikimedia Foundation being sued a great number of times in India, a large percentage of which take the form of SLAPP ('strategic lawsuit against public participation') cases, since if the real intention had been to remove the offending content, editing Wikipedia is an easy enough way of achieving that.

While searching for these balanced solutions, we need to look beyond Europe, and look at how countries like Chile, Brazil, India and others are looking at these issues. Unfortunately, this being Geneva, most of the people I see represented in this room are from the developed world as are the examples we are discussing (France and Spain).

In India, for instance, the Internet Service Providers Association made it clear in 2006 (when there was an outcry over censorship of blogging platforms) that they do not want to be responsible for deciding whether something about which they have received a complaint is unlawful or not.

With respect to copyright and the Internet, while the Internet allows for copyright infringement to be conducted more easily, it also allows for copyright infringement to be spotted more easily. Earlier, if someone copied, it would be difficult to find out. Now that is not so. So, that balance is already ingrained, and while many in the industry focus on the fact of easier infringement and thus ask for increased legal protection, such increase in legal protection is not required since the same technological factors that enable increased infringement also enable increased ability to know about that infringement.

On the Internet, intermediaries sometimes engage in primary infringement due to the very nature of digital technology. In the digital sphere, everything is a copy. Thus, whenever you're working on a computer, copies of the copyrighted that show up on your screen are automatically copied to your computer's RAM. Whenever you download anything from the Internet, copies of it are created en route to your computer. (That is the main reason that exceptions in the copyright laws of most countries that allow you to re-sell a book you own don't apply to electronic books.) In such a case, intermediaries must be specially protected.

Additionally, online activities that we take for granted, for instance search technologies, violate the copyright law of most countries. For online search technology to be reasonably fast (instead of taking hours for each search), the searching has to be done on a copies (cache) of actual websites instead of the actual websites. For image searching, it would be unreasonable to expect search companies to take licences for all the images they allow you to search through. Yet, not doing so might violate the copyright laws of many countries. No one, or so one would think, would argue that search engines should be made illegal, but in some countries copyright law is being used to attack intermediaries.

As noted above, intermediaries are a necessary part of online free speech. Current methods of regulating copyright infringement by users via intermediaries online may well fall afoul of internationally accepted standards of human rights. Frank La Rue, the UN Special Rapporteur on Freedom of Opinion and Expression in his recent report to the UN Human Rights Council stated:

While blocking and filtering measures deny access to certain content on the Internet, States have also taken measures to cut off access to the Internet entirely.

The Special Rapporteur is deeply concerned by discussions regarding a centralized “on/off” control over Internet traffic. In addition, he is alarmed by proposals to disconnect users from Internet access if they violate intellectual property rights. This also includes legislation based on the concept of “graduated response”, which imposes a series of penalties on copyright infringers that could lead to suspension of Internet service, such as the so-called “three-strikes law” in France and the Digital Economy Act 2010 of the United Kingdom.

Beyond the national level, the Anti-Counterfeiting Trade Agreement (ACTA) has been proposed as a multilateral agreement to establish international standards on intellectual property rights enforcement. While the provisions to disconnect individuals from Internet access for violating the treaty have been removed from the final text of December 2010, the Special Rapporteur remains watchful about the treaty’s eventual implications for intermediary liability and the right to freedom of expression.

With respect to graduated response, there is very little that one can add to Prof. Edwards's presentation. I would like to add one further suggestion that Prof. Ed Felten originally put forward as a 'modest proposal': Corporations which make or facilitate three wrongful accusations should face the same penalty as the users who are accused thrice. The recent US strategy of seizing websites even before trial has been sufficiently criticised, so I shall not spend my time on it.

I still have not seen any good evidence as to why for other kinds of primary or secondary liability incurred by online intermediaries the procedure for offline copyright infringement should not apply, since they are usually crafted taking into account principles of natural justice.

The only 'international' and slightly troublesome issue that a resolution is needed to is that of problems relating to different jurisdiction’s laws applying on a single global network. However, this question is much larger one that of copyright and a copyright-specific solution cannot be found. Thus WIPO is not the right forum for the redress of that problem.

For more details visit https://cis-india.org/a2k/blogs/intermediary-liability-wipo-speech

DIT's Response to RTI on Website Blocking

pranesh — 2011-08-02T07:13:47Z

For the first time in India, we have a list of websites that are blocked by order of the Indian government. This data was received from the Department of Information Technology in response to an RTI that CIS filed. Pranesh Prakash of CIS analyzes the implications of these blocks, as well as the shortcomings of the DIT's response.

Quick Analysis of DIT's Response to the RTI

Blocked websites

The eleven websites that the DIT acknowledges are blocked in India are:

Of the eleven blocked websites, one was still accessible on a Tata Communications DSL connection. Two of the blocked websites are grassroots news organizations connected to the Independent Media Centre: IndyBay (San Francisco Bay Area IMC) and the Arizona Indymedia website. The Bloggernews.net page that is on the blocked list is in fact an article by N. Vijayashankar (Naavi) from March 12, 2010 titled "Is E2 labs right in getting zone-h.org blocked?", criticising the judicial blocking of Zone-H.org by E2 Labs (with E2 Labs being represented by lawyer Pawan Duggal). The Zone-H.org case is still going through the judicial motions in the District Court of Delhi, but E2 Labs managed to get an ex parte (i.e., without Zone-H being heard) interim order from the judge asking Designated Officer (Mr. Gulshan Rai of DIT) to block access to Zone-H.org.

As has happened in the past, the government (or the court) accidentally ordered the blocking of all of website host webs.com, instead of blocking only http://donotdial100.webs.com (which subdomain apparently hosted 'defamatory' and 'abusive' information about mafia links within the Maharashtra police and political circles).

It is interesting to note that for most of the websites on most ISPs one gets a 'request timed out' error while trying to access the blocked websites, and not a sign saying: "site blocked for XYZ reason on request dated DD-MM-YYYY received from the DIT". On Reliance broadband connections, for some of the above websites an error message appears, which states: "This site has been blocked as per instructions from Department of Telecom".

Judicial blocking

As per the response of the government, all eleven seem to have been blocked on orders received from the judiciary. While they don't state this directly, this is the conclusion one is led to since the Department admits to blocking eleven websites and also notes that there have been eleven requests for blocking from the judiciary. Normally the judiciary is often thought of as a check on the executive's penchant for banning (seen especially in the recent book banning cases in Maharashtra, for instance, where the Bombay High Court has overturned most of the government's banning orders). However, in these cases the ill-informed lower judiciary seem to be manipulated by lawyers to suppress freedom of speech and expression, even going to the extent of blocking grassroots activist news organizations like the Independent Media Centre.

Websites not blocked by DIT

The DIT also notes that the blocks on Typepad.com was not authorized by it (nor, according to the RTI response received by Nikhil Pahwa of Medianama was the Mobango.com block authorised by the DIT). Typepad.com, Mobango.com, and Clickatell.com don't seem to be blocked currently. However, as was reported by Medianama, for a while when they were being blocked, some sites and ISPs (such as Typepad.com on Bharti Airtel DSL) showed a message stating that the website was blocked on request from the Department of Telecom, which we don't believe has the authority to order blocking of websites. While we still await a response from the Department of Telecom to the RTI we filed with them on this topic, in a letter to the Hindu, the Department of Telecom has clarified that it did not order any block on Typepad.com or any of the other websites. This leaves us unsure as to who ordered these blocks. Further, it points out a lacuna in our information policy that ISPs can suo motu block websites without justifications (such as violation of terms of use), proper notice to customers, or any kind of repercussions for wrongful blocking.

Insufficient information on Committee for Examination of Requests

All requests for websites blocking (except those directly from the judiciary) must be vetted by the Committee for Examination of Requests (CER) under Rule 8(4) of the Rules under s.69A of the IT Act. Given that the DIT admits that the Designated Officer (who carries out the blocking) has received 21 requests to date, there should be at least 21 recommendations of the CER. However, the DIT has not provided us with the details of those 21 requests and the 21 recommendations. We are filing another RTI to uncover this information.

Text of the DIT's Response

Government of India
Ministry of Communications & Information Technology
Department of Information Technology
Electronics Niketan, 6 CGO Complex,
New Delhi-110003

No : 14(3)/2011-ESD

Shri Pranesh Prakash
Centre for Internet and Society
194, 2-C Cross,
Domulur Stage II,
Bangalore- 560071.

Subject: Request for information under RTI Act,

Sir,
Reference your request dated 28lh February 2011 on the above subject.
The point wise information as received from the custodian of Information is enclosed for your reference and records.

sd/-
(A.K.Kaushik)
Additional Director & CPIO
Tel: 011-24364803

Subject : RTI on website blocking requested by Shri Pranesh Prakash

(i) Did the Department order Airtel to block TypePad under S.69A of the Information Technology Act ("IT Act"), 2000 read with the Information Technology (Procedures and Safeguards for Blocking Access of Information by Public) Rules, 2009 ("Rules") or any other law for the time being in force? If so, please provide a copy of such order or orders. If not, what action, if at all, has been taken by the Department against Airtel for blocking of websites in contravention of S.69A of the IT Act?

Reply - This Department did not order Airtel to block the said site.

(ii) Has the Department ever ordered a block under s.69A of the IT Act? If so, what was the information that was ordered to be blocked?

Reply - The Department has issued directions for blocking under section 69A for the following websites:
(a) www.zone-h.org.
(b) http://donotdial100.webs.com (IP 216.52.115.50)
(c) www.bloggernews.net/124029
(d) http://www.google.co.in/#h 1 =en&source=hp& biw=1276&bih=843&=dr+babasaheb+ambedkar+ wallpaper&aq=4&aqi=g10&aql =&oq=dr+ babas& gs_rfai=&fp=e791 fe993fa412ba
(e) http://www.cinemahd.net/desktop-enhancements/wallpaper/23945- wallpapers-beautiful-girl-wallpaper.html
(f) http://www.chakpak.com/find/images/ kamasutra-hindi-movie
(g) http://www.submitlink.khatana.net/2010/09/jennifer-stano-is-engaged- to.html
(h) http://www.result.khatana.net/2010/11/im-no-panty-girl-yana-gupta- wardrobe.html.
(i) http://www.facebook.com/pages/l-Hate-Ambedkar/172025102828076
(j) www.indybay.org
(k) www.arizona.indymedia.org

(iii) How many requests for blocking of information has the Designated Officer received, and how many of those requests have been accepted and how many rejected? How many of those requests were for emergency blocking under Rule 9 of the Rules?

Reply - Designated Officer received 21 request for blocking of information. 11 websites have been blocked on the basis of orders received from court of law. One request has been rejected. For other requests, additional input/information has been sought from the Nodal Officer.

No request for emergency blocking under rule 9 of the Rules have been received.

(iv) Please provide use the present composition of the Committee for Examination of Requests constituted under Rule 7 of the Rules.

Reply - The present composition of the Committee is :
(a) Designated Officer (Group Coordinator - Cyber Law)
(b) Joint Secretary, Ministry of Home Affairs
(c) Joint Secretary, Ministry of Information and Broadcasting
(d) Additional Secretary and Ministry of Law & Justice
(e) Senior Director, Indian Computer Emergency Response Team

(v) Please provide us the dates and copies of the minutes of all meetings held by the Committee for Examination of Requests under Rule 8(4) of the Rules, and copies of their recommendations.

Reply - The Committee had met on 24-08-2010 with respect to request for blocking of website www.betfair.com.

(vi) Please provide us the present composition of the Review Committee constituted under rule 419A of the Indian Telegraph Rules, 1951.
(vii) Please provide us the dates and copies of the minutes of all meetings held by the Review Committee under Rule 14 of the Rules, and copies of all orders issued by the Review Committee.

Reply - This Department do not have details for above. The said information may be available with Department of Telecommunications.

For more details visit https://cis-india.org/internet-governance/blog/rti-response-dit-blocking

Digital Security Workshop for Journalists and Human Rights Workers

pranesh — 2015-09-02T03:41:47Z

The Centre for Internet and Society would like to welcome journalists and human rights workers to attend a workshop on digital security. The workshop will be led by Pranesh Prakash, policy director at CIS and resident security expert. In this workshop, the participants will be provided hands-on training on how to assess security threats, how to protect sources, how to prevent others from snooping on private communications, and how to harden your computer and electronic devices' security. The training will focus both on understanding security, how it can mean different things in different situations, and the trade-offs involved, as well as on practical easy-to-use tools.

All attending are requested to bring their laptops, smartphones, and tablets.

Please mail pranesh AT cis-india DOT org if you wish to attend, or if you have any queries.

This workshop furthers CIS's work as part of the Cyber Stewards Network.

For more details visit https://cis-india.org/events/digital-security-workshop-journalists-bangalore-sept-2015

Digital India: PM Modi to launch BJP's flagship programme likely in July

pranesh — 2015-08-22T16:45:33Z

The article by Jochelle Mendonca and Neha Alawadhi was published in the Economic Times on May 29, 2015.

The Modi government, which completed one year at the Centre, is preparing for a big-ticket launch of Digital India, taking technology to the villages and block levels, through merchandise, hackathons and games spread over a week-long initiative across the country.

The National e-Governance Division (NeGD), under the Department of Electronics and Information Technology (DeitY), has empanelled agencies for a messaging campaign, gamification, printing and merchandise, advertising and creatives, including advertising for rural outreach and social media.

Working directly with the Prime Minister's Office, NeGD has been tasked with preparing for the launch since February. Though no formal dates have been fixed yet, the Digital India Week (DIW) is likely to take off in July, and will involve stakeholders across state governments and ministries, and is expected to be the flagship programme for the second year of the BJP government, EThas learnt.

"They really want to make this the biggest programme of the second year. The idea is that many things have been done in the digital space that need to get highlighted," an individual with knowledge of the plans told ET.

The event is certainly being planned on a grand scale, according to the tender documents issued by the government. The government has asked for merchandise such as t-shirts, caps, trophies, pen drives and leather cloth and plastic bags. A gamification agency will work on the portals, mobile applications and social media handles to boost participation.

The messaging agency must be able to carry out, track, record and analyse 50 lakh to one crore messages a day. The event will be launched by the Prime Minister through a radio address on "Mann ki Baat", which will be followed by events at gram panchayats, block and sub divisional headquarters, district and state levels, eventually culminating in a national event, according to a presentation seen by ET.

As part of the run-up to the DIW, events such as hackathons, training programmes and webinars would be held in schools and colleges, followed by crowdsourcing ideas through the government's portal MyGov, as well as a new Digital India portal that is being designed. "It is a typical BJP-style campaign.

The Prime Minister does not want to hold the final day event in Delhi and the location is being finalised. All state and line ministries have been involved, and are being asked to showcase e-services and best practices, along with the launch of some programmes like digital locker," said another person familiar with the plans being rolled out for the DIW. The watch words of the campaign will be "inform, educate and engage", which will include taking the message of Digital India to the masses through educational institutions, industry and government agencies.

"It will educate people on various important services such as digital literacy, cyber hygiene and e-waste management, and also look at engaging a large number of people, especially youth on a continuous basis," said a person familiar with the ongoing preparation.

NeGD is looking at using the principles of gamification to gather feedback. Experts on e-governance say this is a good move as most e-governance projects, across the world, fail because there's not enough buy-in from stakeholders or the goals aren't communicated widely to the public.

"E-governance needs evangelising. That is what this campaign looks like it will do. Some parts are dated — such as posters and the print elements. But this is a good idea. Whether it works or not depends on the participation they see at the end," Sunil Abraham, director at the Centre for Internet and Society, said.

For more details visit https://cis-india.org/internet-governance/news/economic-times-may-29-2015-jochelle-mendonca-and-neha-alawadhi-digital-india

Developer team fixed vulnerabilities in Honorable PM's app and API

pranesh — 2016-12-04T19:08:56Z

The official app of Narendra Modi, the Indian Prime Minister, was found to contain a security flaw in 2015 that exposed millions of people's personal data. A few days ago a very similar flaw was reported again. This post by Bhavyanshu Parasher, who found the flaw and sought to get it fixed last year, explains the technical details behind the security vulnerability.

This blog post has been authored by Bhavyanshu Parasher. The original post can be read here.

What were the issues?

The main issue was how the app was communicating with the API served by narendramodi.in.

I was able to extract private data, like email addresses, of each registered user just by iterating over user IDs.
There was no authentication check for API endpoints. Like, I was able to comment as any xyz user just by hand-crafting the requests.
The API was still being served over HTTP instead of HTTPS.

Fixed

The most important issue of all. Unauthorized access to personal info, like email addresses, is fixed. I have tested it and can confirm it.
A check to verify if a valid user is making the request to API endpoint is fixed. I have tested it and can confirm it.
Blocked HTTP. Every response is served over HTTPS. The people on older versions (which was serving over HTTP) will get a message regarding this. I have tested it. It says something like “Please update to the latest version of the Narendra Modi App to use this feature and access the latest news and exciting new features”. It’s good that they have figuered out a way to deal with people running older versions of the app. Atleast now they will update the app.

Detailed Vulnerability Disclosure

Found major security loophole in how the app accesses the “api.narendramodi.in/api/” API. At the time of disclosure, API was being served over “HTTP” as well as “HTTPS”. People who were still using the older version of the app were accessing endpoints over HTTP. This was an issue because data (passwords, email addresses) was being transmitted as plain text. In simple terms, your login credentials could easily be intercepted. MITM attack could easily fetch passwords and email addresses. Also, if your ISP keeps log of data, which it probably does, then they might already have your email address, passwords etc in plain text. So if you were using this app, I would suggest you to change your password immediately. Can’t leave out a possibility of it being compromised.

Another major problem was that the token needed to access API was giving a false sense of security to developers. The access token could easily be fetched & anyone could send hand-crafted HTTP requests to the server. It would result in a valid JSON response without authenticating the user making the request. This included accessing user-data (primarily email address, fb profile pictures of those registered via fb) for any user and posting comments as any registered user of the app. There was no authentication check on the API endpoint. Let me explain you with a demo.

The API endpoint to fetch user profile information (email address) was getprofile. Before the vulnerability was fixed, the endpoint was accessible via “http://www.narendramodi.in/api/getprofile?userid=useridvalue&token=sometokenvalue”. As you can see, it only required two parameters. userid, which we could easily iterate on starting from 1 & token which was a fixed value. There was no authentication check on API access layer. Hand-crafting such requests resulted in a valid JSON response which exposed critical data like email addresses of each and every user. I quickly wrote a very simply script to fetch some data to demonstrate. Here is the sample output for xrange(1,10).

Not just email addresses, using this method you could spam on any article pretending to be any user of the app. There was no authentication check as to who was making what requests to the API. See,

They have fixed all these vulnerabilities. I still believe it wouldn’t have taken so long if I would have been able to get in touch with team of engineers directly right from the beginning. In future, I hope they figure out an easier way to communicate. Such issues must be addressed as soon as they are found but the communication gap cost us lot of time. The team did a great job by fixing the issues and that’s what matters.

Disclosure to officials

The email address provided on Google play store returned a response stating “The email account that you tried to reach is over quota”. Had to get in touch with authorities via twitter.

Vulnerability disclosed to authorities on 30th sep, 2015 around 5:30 AM

After about 30 hours of reporting the vulnerabillity

Proposed Solution

Consulted @pranesh_prakash as well regarding the issue.

After this, I mailed them a solution regarding the issues.

Discussion with developer

Received phone call from a developer. Discussed possible solutions to fix it.

The solution that I proposed could not be implemented since the vulnerability is caused by a design flaw that should have been thought about right from the beginning when they started developing the app. It just proved how difficult it is to fix such issues for mobile apps. For web apps, it’s lot easier. Why? Because for mobile apps, you need to consider backward compatibility. If they applied my proposed solution, it would crash app for people running the older versions. Main problem is that people don’t upgrade to latest versions leaving themselves vulnerable to security flaws. The one I proposed is a better way of doing it I think but it will break for people using older versions as stated by the developer. Though, they (developers) have come up with solutions that I think would fix most of the issues and can be considered an alternative.

On Oct 3rd, I received mail from one of the developers who informed me they have fixed it. I could not check it out at that time as I was busy but I checked it around 5 PM. I can now confirm they have fixed all three issues.

Update 12/02/2016

This vulnerability in NM app is similar to the one I got fixed last year. Like I said before also, the vulnerability is because of how the API has been designed. They released the same patch which they did back then. Removing email addresses from the JSON output is not really a patch. I wonder why would they introduce personal information in JSON output again if they knew that’s a privacy problem and has been reported by me a year back. He showed how he was able to follow any user being any user. Similarly, I was able to comment on any post using account of any user of the app. When I talked to the developer back then he mentioned it will be difficult to migrate users to a newer/secure version of the app so they are releasing this patch for the meantime. It was more of a backward compatibility issue because of how API was designed. The only solution to this problem is to rewrite the API from scratch and add standard auth methods for API. That should take care of most of vulnerabilities.

Department of Telecommunications Order u/s. 69A IT Act Blocking 32 URLS (2014-12-17, plaintext version)

pranesh — 2014-12-31T15:21:21Z

For more details visit https://cis-india.org/internet-governance/resources/2014-12-17_DoT-32-URL-Block-Order.txt

Department of Telecommunications Order u/s. 69A IT Act Blocking 32 URLS (2014-12-17, compressed version)

pranesh — 2014-12-31T14:48:24Z

On December 17, 2014, the Dept. of Telecommunications blocked 32 URLs (as it was ordered to do so by the by Dept. of Electronics & IT — specifically the Designated Officer under section 69A of the Information Technology Act, 2000 and under the Information Technology (Procedures and Safeguards for Blocking of Access of Information by Public) Rules, 2009), those being: 01) https://justpaste.it/ 02) http://hastebin.com 03) http://codepad.org 04) http://pastie.org 05) https://pasteeorg 06) http://paste2.org 07) http://slexy.org 08) http://paste4btc.com/ 09) http://0bin.net 10) http://www.heypasteit.com 11) http://sourceforge.net/projects/phorkie 12) http://atnsoft.com/textpaster 13) https://archive.org 14) http://www.hpage.com 15) http://www.ipage.com/ 16) http://www.webs.com/ 17) http://www.weebly.com/ 18) http://www.000webhost.com/ 19) https://www.freehosting.com 20) https://vimeo.com/ 21) http://www.dailymotion.com/ 22) http://pastebin.com 23) https://gist.github.com 24) http://www.ipaste.eu 25) https://thesnippetapp.com 26) https://snipt.net 27) http://tny.ct (Tinypaste) 28) https://github.com (gist-it) 29) http://snipplr.com/ 30) http://termbin.com 31) http://www.snippetsource.net 32) https://cryptbin.com

For more details visit https://cis-india.org/internet-governance/resources/2014-12-17_DoT-32-URL-Block-Order_compressed.pdf

Department of Telecommunications Order u/s. 69A IT Act Blocking 32 URLS

pranesh — 2014-12-31T14:36:01Z

For more details visit https://cis-india.org/internet-governance/resources/2014-12-17_DoT-32-URL-Block-Order.pdf

Definition of Net Neutrality should be flexible: Pranesh Prakash

pranesh — 2015-06-19T01:43:04Z

Critics argue that Facebook’s Internet.org violates the principle of Net Neutrality.

The article by Sanjay Vijaykumar was published in the Hindu on May 10, 2015. Pranesh Prakash is extensively quoted.

The definition of Net Neutrality should be flexible enough to allow for experimentation with different models of providing cheaper Internet access and such experimentation needs to be regulated by the telecom regulator, Telecom and Regulatory Authority of India (TRAI) according to Internet expert Pranesh Prakash.

Mr. Prakash was reacting to the business model of Boston-based start-up Jana, which said it had figured out a way to offer billions of people in the emerging world free access to the Internet, without violating the web’s open nature. The firm has launched Jana Loyalty, a product that seeks to reward its smartphone users in two ways. One, it reimburses users the cost of downloading and using an app of Jana’s clients. Two, it gives free additional data with which the user can access any content online.

“While Jana is like Internet.org, since it is Internet service-specific zero-rating, Jana Loyalty is what my colleague Sunil Abraham dubs a ‘leaky walled garden’. The walled garden (site-specific access) exists, but you also get free access to the whole of the Web in return. Given that there is no one universal definition of Net Neutrality, and given India currently doesn’t have a definition, I can’t answer if this is a violation of Net Neutrality,” said Mr. Prakash, who is Policy Director at The Centre for Internet and Society (CIS), a Bangalore-based, non-profit, research and policy advocacy.

Facebook’s attempts to provide a limited version of the Internet free has been attracting criticism from supporters of Net Neutrality, especially in India. Critics argue that Facebook’s Internet.org, which offers users free access to a bouquet of pre-selected Web sites, violates the principle of Net Neutrality by choosing what is accessible and what isn’t. Facebook has reacted to this by opening up Internet.org to all developers who meet its guidelines. Mr. Prakash said the definition of Net Neturality should be flexible enough to allow for experimentation with different models of providing cheaper Internet access, including Jana Loyalty.

“However, such experimentation ought to be regulated by the telecom regulator. To minimise harm, they should be allowed on a case-by-case basis after the regulator has had an opportunity to conduct risk-benefit analysis against four goals it should seek to promote — universal and affordable access; effective competition; protection of consumers against harm; and diversity that arises from the openness and interconnectedness of the Internet,” he added.

Net neutrality is a principle that says Internet Service Providers (ISPs) should treat all traffic and content on their networks equally.

Why now?

Late last month, Trai released a draft consultation paper seeking views from the industry and the general public on the need for regulations for over-the-top (OTT) players such as Whatsapp, Skype, Viber etc, security concerns and net neutrality. The objective of this consultation paper, the regulator said, was to analyse the implications of the growth of OTTs and consider whether or not changes were required in the current regulatory framework.

What is an OTT?

OTT or over-the-top refers to applications and services which are accessible over the internet and ride on operators' networks offering internet access services. The best known examples of OTT are Skype, Viber, WhatsApp, e-commerce sites, Ola, Facebook messenger. The OTTs are not bound by any regulations. The Trai is of the view that the lack of regulations poses a threat to security and there’s a need for government’s intervention to ensure a level playing field in terms of regulatory compliance.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-sanjay-vijaykumar-may-10-2015-pranesh-prakash-on-definition-of-net-neutrality

DCOS Agreement on Procurement

pranesh — 2011-08-23T02:58:35Z

On December 6, 2008, at the closing of the third Internet Governance Forum in Hyderabad, India, the Dynamic Coalition on Open Standards (DCOS), of which the Centre for Internet and Society is a member, released an agreement entitled the "Dynamic Coalition on Open Standards (DCOS) Agreement on Procurement in Support of Interoperability and Open Standards".

For more details visit https://cis-india.org/openness/blog-old/dcos-agreement-on-procurement

Data-Driven Journalism, Data Literacy & Open Government — Talk at CIS

pranesh — 2012-07-31T06:08:55Z

The Open Knowledge Foundation and the Centre for Internet and Society invite you to an informal talk by Lucy Chambers and Laura Newman on 'Data-Driven Journalism, Data Literacy, and Open Government'.

The Government of India recently passed a policy that requires all departments to start opening up data to the public, and NIC is working towards consolidating this on a single website. This workshop would focus on exchanging information on how such data are used by journalists elsewhere, and what can be done in India to drive journalism using data.

Details

The Open Knowledge Foundation is an international not-for-profit with a mission to open up the world's data, build data-literacy and promote evidence-based policy making. Working in 3 broad fields open-government, open research and open cultural heritage the activities of the foundation are focused around projects, working groups and local meetups.

The talk will be very informal, and focus on Data Journalism (datajournalismhandbook.org), but will also touch on data management for governments (ckan.org), the teaching of data literacy (schoolofdata.org) and explaining the meaning of the numbers behind government expenditure (openspending.org).

More Details

The Data Journalism Handbook was born at a 48-hour workshop at MozFest 2011 in London. It subsequently spilled over into an international, collaborative effort involving dozens of data journalism's leading advocates and best practitioners including from the Australian Broadcasting Corporation, the BBC, the Chicago Tribune, Deutsche Welle, the Guardian, the Financial Times, Helsingin Sanomat, La Nacion, the New York Times, ProPublica, the Washington Post, the Texas Tribune, Verdens Gang, Wales Online, Zeit Online and many others. Ms. Chambers was one of the
editors of the book.

Additional Links

Data Journalism Handbook - Online Version:http://bit.ly/Istv8c

Examples of data-driven journalism:http://bit.ly/8KwHR

Data-Driven Journalism mailing list: http://bit.ly/hUOQX3

For more details visit https://cis-india.org/openness/data-driven-journalism-data-literacy-and-open-govt

Counter-proposal by the Centre for Internet and Society: Draft Information Technology (Intermediary Due Diligence and Information Removal) Rules, 2012

pranesh — 2016-04-24T11:48:49Z

Any restriction on freedom of speech should embody and be guided by the following principles, as identified by the UN Special Rapporteur on Freedom of Opinion and Expression

For more details visit https://cis-india.org/internet-governance/counter-proposal-by-cis-draft-it-intermediary-due-diligence-and-information-removal-rules-2012.pdf

Counter-proposal by the Centre for Internet and Society: Draft Information Technology (Intermediary Due Diligence and Information Removal) Rules, 2012

pranesh — 2016-04-24T11:56:49Z

Any restriction on freedom of speech should embody and be guided by the following principles, as identified by the UN Special Rapporteur on Freedom of Opinion and Expression.

For more details visit https://cis-india.org/internet-governance/counter-proposal-by-cis-draft-it-intermediary-due-diligence-and-information-removal-rules-2012.odt

Copyrights and Copywrongs Why the Government Should Embrace the Public Domain

pranesh — 2013-09-06T04:56:42Z

Each of you reading this article is a criminal and should be jailed for up to three years. Yes, you. "Why?," you may ask.

This article by Pranesh Prakash was published in Yojana, Issue: August 2013.

Have you ever whistled a tune or sung a film song aloud? Have you ever retold a joke? Have you replied to an e-mail without deleting the copy of that e-mail that automatically added to the reply? Or photocopied pages from a book? Have you ever used an image from the Internet in presentation? Have you ever surfed the Internet at work, used the the 'share' button on a website, or retweeted anything on Twitter? And before 2012, did you ever use a search engine?

If you have done any of the above without the permission of the copyright holder, you might well have been in violation of the Indian Copyright Act, since in each of those examples you're creating a copy or are otherwise infringing the rights of the copyright holder. Interestingly, it was only through an amendment in 2012 that search engines (like Google and Yahoo) were legalized.

Traditional Justifications for Copyright

Copyright is one among the many forms of intellectual property rights. Across differing theories of copyright, two broad categories may be made. The first category would be those countries where copyright is intended to benefit society, the other where it is intended to benefit the author. Within the second category, there can again be two subcategories: those that see the need to benefit the author due to notions of natural justice and those that see the need to provide incentives for authors to create. Incentives to create are necessary only when the act of creation itself is valuable (and more so than the creator). The act of creation is valued highly as it directly benefits society. Thus, it is seen that the second sub-category is closer to the societal benefit theory than the natural justice sub-category. In the United States, the wording of the Progress Clause makes things clear that copyright is for the benefit of the public, and the author is only given secondary consideration. It is in light of this that the U.S. Supreme Court said,
"The monopoly privileges that Congress may authorize are neither unlimited nor primarily designed to provide a special private benefit. Rather, the limited grant is a means by which an important public purpose may be achieved. It is intended to motivate the creative activity of authors and inventors by the provision of a special reward, and to allow the public access to the products of their genius after the limited period of exclusive control has expired."

Economic theories of copyright see copyright as an incentive mechanism, designed to encourage creators to produce material because they would be able to recover costs and make a profit due to the exclusionary rights that copyright law grants. Thus, the ideal period of copyright for any material, under the economic theory would be the minimum period required for a person to recoup the costs that go into the production of that material. Allowing for the great-grandchildren of the author to benefit from the author’s work would actually go against the incentive mechanism. Even if the author is motivated enough to put in even more hard work to provide for her great-grandchildren, her children, grandchildren, and great-grandchildren wouldn’t have any incentive to create for themselves (as the incentive is seen purely in terms of economics, and not in terms of creative urge, etc.), as they are already provided for by copyright. Thus, in a sense, the shift towards longer periods of copyright terms that we are seeing today can be seen as a shift from the incentive-based model to a rewards-based model of copyright.

The other standard theory of copyright justification is the natural rights theory, which deems intellectual property the fruit of the author’s labour, thus entitling them to complete control over that fruit. This brings us to the conception of property itself, and the Lockean and Hegelian justifications for personal property is what is most often used to back such an argument up.

There are many problems with the natural rights theory of intellectual property. If that theory were to hold water, copyright law would accord greater precedence to authors than to publishers. Yet, we see that it is publishers primarily, and not authors, who get benefit of copyright. The "work for hire" doctrine, embodied in Section 17 of the Copyright Act, holds that it is the employer who is treated as the owner of copyright, not the author. This plainly contradicts that natural rights theory. And it also raises the question of why we should protect certain kinds of knowledge investments in the first place. Publishing is a business, and all risks inherent with other businesses should come along with publishing. There is no reason that the State should safeguard their investment by vesting in them a right while safeguarding the investments of any other business only occasionally, and that too as an act of munificence. This problem arises because of the free transferability of copyright. This leads us to the larger problem, which is of course that of treating knowledge as a form of property. Property, as we have traditionally understood it, has a few features like excludability. Knowledge, however, does not share that feature with property. Once you know something that I created, I can’t exclude you from that knowledge that (unlike my ability to take back an apple you have stolen from me). This analysis also has the pernicious effect of excluding free speech analysis of copyright laws. An incorrect analogy is often drawn to explain why free speech analysis doesn’t work on property: you may wish to exercise your right to free speech on my front lawn, yet the State may decree that I am in full right to throw you off my property, without being accused of abridging your right to freedom of speech. So, the argument goes, enforcement of property rights is not an affront to freedom of speech. The problems with this analogy are obvious enough: the two forms of “property” cannot be equated. If you take the location of speech away, I can still speak. If, on the other hand, you restrict my ideas/expression, then I can no longer be said to have the freedom of expression.

One Size Doesn't Fit All

It is easy to see that copyright is an ill-fit for all the things that it now covers. Copyright in its present form is a historical accident, which evolved into the state it is in a very haphazard fashion. It is a colonial imposition on developing countries. It does not value that which we often value in Indian culture: tradition. Instead, copyright law values modernity and newness. It can also be seen as a trade issue imposed on us through the Trade-Related Intellectual Property Agreement (TRIPS Agreements) as part of the World Trade Organization.

Importantly, copyright is not a single well-planned scheme. In some cases — for literature, visual art works, lyrics, musical tunes, etc. — it provides rights to the artist, while in other cases — for recordings of those musical tunes, and for films — it provides rights to the producers. What are the legal reasons for this distinction? There aren't any; the distinction is a historical one (with sound recordings and films getting copyright protection after literature, etc.). At one point of time only exact copies were governed by copyright law. Hence, translations of a work were considered not to be infringement of that work (or a "derivative work"), but new independent works, since after all it takes considerable artistic effort to create a good translation of a work. However now even creating an encyclopedia based on Harry Potter (as the Harry Potter Lexicon was), is covered as infringement of the exclusive rights of the author. At one point of time photographs were not provided any copyright, being as they are, 'mere' mechanical reproductions. They were seen as not being 'creative' enough. However, around the turn of the twentieth century, that position changed, and hence every photograph you've taken of your dog is now copyrighted. According to a recent Supreme Court decision, merely adding paragraph numbering to court judgments is considered to be 'creative' enough to merit copyright protection! At one point of time, copyright existed for 14 years. Now, with the international minimum being "fifty years after the death of the author", it lasts for an average of more than a century! Once upon a time, copyright was only granted to those who wanted it and applied for it. That has now changed, and you have copyright over every single original thing that you have ever written, recorded, or otherwise affixed to a medium.

Copyright in the Digital Era

All digital activities violate copyright, since automatically copies are created on the computer's RAM, cache, etc. Because now everything is copyrighted, and copyrighted seemingly forever, each one of us violates copyright on a day-to-day basis. It is a mockery of the law when everyone is a criminal. The US President Barack Obama violated copyright law when he presented UK's Queen Elizabeth II an iPod filled with 40 songs from popular musicals like West Side Story and the King and I. When even presidents, with legal advisers cannot navigate copyright law successfully, what hopes have we ordinary people?

There is no shortage of similar examples to show that copyright law has gone out of control.

Take extradition, for instance. Augusto Pinochet was extradited, Charles Shobraj was sought to be extradited. Added to their ranks is the pimply teenager who runs TVShark, who British courts have cleared for extradition to the USA for potential violation of copyright law. The extreme injustice of copyright is easily observable if one sees the contorted map depicting net royalty inflows available on Worldmapper.org: there are a sum total of less than a dozen countries which are net exporters of IP; all other countries, including India, are net importers of IP. IP law is one area where both those who talk about social justice and those who talk about individual liberties find common ground in the monopolistic or exclusionary rights granted under copyright law. Copyright acts as a barrier to free trade, thus allowing Nelson Mandela's autobiography to be more expensive in South Africa than the United Kingdom because South Africa is prohibited by the UK publisher from importing the book from India. Mark Getty, the heir to the Getty Images fortune, once presciently observed that "IP is the oil of the 21st century".

Government Copyright

In the ivory towers of academia, there has in recent times been a clarion call that's resounding strongly: the call for open access. As the Public Library of Science states, "open access is a stands for unrestricted access and unrestricted reuse". Why is it important? "Most publishers own the rights to the articles in their journals. Anyone who wants to read the articles must pay to access them. Anyone who wants to use the articles in any way must obtain permission from the publisher and is often required to pay an additional fee. Although many researchers can access the journals they need via their institution and think that their access is free, in reality it is not. The institution has often been involved in lengthy negotiations around the price of their site license, and re-use of this content is limited." Importantly, the writers of articles (scholars) do not get paid by the publishers for their articles, and most developing countries are not able to afford the costs imposed by these scholarly publishers. Even India's premier scientific research agency, the Council for Scientific and Industrial Research, recently declared that the costs of scientific journals was beyond its means.

Why is this important? Because apart from establishing the idea of informational equity and justice, it also establishes the idea that taxpayer-funded research (as most scientific and much of academic research is) ought to belong to the public domain, and be available freely. This principle, seemingly uncontroversial, is very unfortunately not embodied in the Indian Copyright Act. Most public servants do not realize that that which they create may not be freely used by the public whom they serve.

Under the Indian Copyright Act, all creations of the government, whether by the executive, judiciary, or legislature, is by default copyrighted. This does not make sense under either of the two theories of copyright that we examined above. The government is not an 'author' who can have any form of 'natural rights' over its labour. Nor is the government incentivised to create more works if it has copyright over them. Most of the copyrighted works, such as various reports, the Gazette of India, etc., that the government creates are required to be created, and the cultural works it creates are for cultural promotion and not for commercial exploitation. Hence it makes absolutely no sense to continue with the colonial regime of 'crown copyright', when countries like the USA have suffered no ill effects by legally placing all government works in the public domain.

While there are a limited set of exceptions to government copyright provided for in the law, those are very minimal. This means that even though you are legally allowed to get a document through the Right to Information Act, publicising that document on the Internet could potentially get you jailed under the Copyright Act. This is obviously not what any government official would want. If instead of the four sub-sections that form the exception, the exception was merely one line and allowed for "the reproduction, communication to the public, or publication of any government work", then that itself would elegantly take care of the problem. This would also remove the ambiguities inherent currently in the Data.gov.in, where the central government is publishing information that it wants civil society, entrepreneurs, and other government departments to use, however there is no clarity on whether they are legally allowed to do so.

Recently, the member states of the World Intellectual Property Organization passed a treaty that would facilitate blind persons' access to books. On that occasion, at Marrakesh, I noted that intellectual property must not be seen as a good in itself, but as an instrumentalist tool which may be selectively deployed to achieve societally desirable objectives. I said: It is historic that today WIPO and its members have collectively recognized in a treaty that copyright isn't just an "engine of free expression" but can pose a significant barrier to access to knowledge. Today we recognize that blind writers are currently curtailed more by copyright law than protected by it. Today we recognize that copyright not only may be curtailed in some circumstances, but that it must be curtailed in some circumstances, even beyond the few that have been listed in the Berne Convention. One of the original framers of the Berne Convention, Swiss jurist and president, Numa Droz, recognized this in 1884 when he emphasized that "limits to absolute protection are rightly set by the public interest". And as Debabrata Saha, India's delegate to WIPO during the adoption of the WIPO Development Agenda noted, "intellectual property rights have to be viewed not as a self contained and distinct domain, but rather as an effective policy instrument for wide ranging socio-economic and technological development. The primary objective of this instrument is to maximize public welfare." When copyright doesn't serve public welfare, states must intervene, and the law must change to promote human rights, the freedom of expression and to receive and impart information, and to protect authors and consumers. Importantly, markets alone cannot be relied upon to achieve a just allocation of informational resources, as we have seen clearly from the book famine that the blind are experiencing. Marrakesh was the city in which, as Debabrata Saha noted, "the damage [of] TRIPS [was] wrought on developing countries". Now it has redeemed itself through this treaty.

The Indian government needs to similarly redeem itself by freeing governmental works, including the scientific research it funds, the archives of All India Radio, the movies that it produces through Prasar Bharati, and all other tax-payer funded works, and by returning them to the public domain, where they belong.

For more details visit https://cis-india.org/a2k/blogs/yojana-august-2013-pranesh-prakash-copyrights-and-copywrongs-why-the-govt-should-embrace-the-public-domain