Centre for Internet and Society

No Civil Society Members in the Cyber Regulations Advisory Committee

pranesh — 2013-01-09T17:56:57Z

The Government of India has taken our advice and reconstituted the Cyber Regulations Advisory Commitee. But there is no representation of Internet users, citizens, and consumers — only government and industry interests.

In multiple op-eds (Indian Express and Mint), I have pointed out the need for the government to reconstitute the "Cyber Regulations Advisory Committee" (CRAC) under section 88 of the Information Technology Act. That it be reconstituted along the model of the Brazilian Internet Steering Committee was also part of the suggestions that CIS sent to the government after a meeting FICCI had convened along with the government on September 4, 2012.

Section 88 requires that people "representing the interests principally affected" by Internet policy or "having special knowledge of the subject matter" be present in this advisory body. The main function of the CRAC is to advise the the Central Government "either generally as regards any rules or for any other purpose connected with this Act".

Despite this important function, the CRAC had — till November 2012 — only ever met twice, both times in 2001. The response to an RTI informed us that the body had never provided any advice to the government.

Government Not Serious

The increasing pressure on the government for botching up Internet regulations has led it to reconstitute the CRAC. However, the list of members of the committee shows that the government is not serious about this committee representing "the interests primarily affected" by Internet policy.

Importantly, this goes against the express wish of the Shri Kapil Sibal, the Union Minister for Communications and IT, who has repeatedly stated that he believes that Internet-related policymaking should be an inclusive process. Most recently, at the 2012 Internet Governance Forum he stated that we need systems that are:

"collaborative, consultative, inclusive and consensual, for dealing with all public policies involving the Internet"

Interestingly, despite the Hon'ble Minster verbally inviting civil society organizations (on November 23, 2012) for a meeting of the CRAC that happened on November 25, 2012, the Department of Electronics and Information Technology refused to send us invitations for the meeting. This hints at a disconnect between the political and bureaucratic wings of the government, at least at some levels.

Interestingly, this isn't the first time this has been pointed out. Na. Vijayashankar was levelling similar criticisms against the CRAC way back in August 2000 when the original CRAC was constituted.

Breakdown by Stakeholder Groupings

While there is no one universal division of stakeholders in Internet governance, but four goups are widely recognized: governments (national and intergovernmental), industry, technical community, and civil society. Using that division, we get:

Government - 15 out of 22 members
Industry bodies - 6 out of 22 members
Technical community / Academia - 1 out of 22 members
Civil society - 0 out of 22 members.

List of Members of Cyber Regulatory Advisory Committee

The official notification (G.S.R. 827(E)) is available on the DEIT website and came into force on November 16, 2012.

(Note: Names with ~~strikethroughs~~ have been removed from the CRAC since 2000, and those with emphasis have been added.)

Minister, Ministry of Communication and Information Technology - Chairman
Minister of State, Ministry of Communications and Information Technology - Member
Secretary, Ministry of Communication and Information Technology, Department of Electronics and Information Technology - Member
Secretary, Department of Telecommunications - Member
~~Finance Secretary - Member~~
Secretary, Legislative Department - Member
Secretary, Department of Legal Affairs - Member
~~Shri T.K. Vishwanathan, Presently Member Secretary, Law Commission - Member~~
Secretary, Ministry of Commerce - Member
Secretary, Ministry of Home Affairs - Member
Secretary, Ministry of Defence - Member
Deputy Governor, Reserve Bank of India - Member
Information Technology Secretary from the states by rotation - Member
Director, IIT by rotation from the IITs - Member
Director General of Police from the States by rotation - Member
President, NASSCOM - Member
President, Internet Service Provider Association - Member
Director, Central Bureau of Investigation - Member
Controller of Certifying Authority - Member
Representative of CII - Member
Representative of FICCI - Member
Representative of ASSOCHAM - Member
President, Computer Society of India - Member
Group Coordinator, Department of Electronic and Information Technology - Member Secretary

For more details visit https://cis-india.org/internet-governance/blog/cyber-regulations-advisory-committee-no-civil-society

Response to RTI on Decisions of the Cyber Regulation Advisory Committee

pranesh — 2013-01-09T15:26:26Z

The Department of Electronics & Information Technology, Ministry of Communications & Information Technology responded to a right to information (RTI) application filed by Saket Bisani on behalf of the Centre for Internet & Society on July 13, 2012 through notification No. 14(110)/2012-ESD, dated October 3, 2010.

No. 14(110)/2012-ESD
M/o Communiciations & Information Technology
Department of Electronics & Information Technology
Electronics Niketan, 6, CGO Complex
New Delhi-110003

Dated:3.10.2012

Subject: RTI application received from Shri Saket Biswani

With reference to your RTI application dated 13.7.12 requesting for the following information.

Question

a) Please provide me a list of the dates of each meeting of the CRAC held from October 18, 2000 till July 13, 2012?

b) Please provide me copies of the minutes of every meeting held by the Cyber Regulation Advisory Committee from October 18, 2000 till July 13, 2012.

c) Provide me the list of all policy decisions that the CRAC has advised the Central Government on under section 88(3) (a) of the Information Technology.

d) Provide me a list of all policy decisions that the CRAC has advised the Central Government on under section 88(3)(a) of the Information Technology Act, 2000.

The information as received from the custodian of the information is placed below:

Answer

a) The meetings of CRAC were held on 6^th March, 2001 and 17-18 March, 2001.

b) Minutes of these two meetings of CRAC are attached.

c) No such advice was given by CRAC to DeitY under section 88(3)(a).

d) Information is attached.

(A.K. Kaushik)
Additional Director & CPIO
(E-Security & Cyber Laws)

To: Shri Saket Bisani
No. 194, 2^nd 'C' Cross,
Domlur 2^nd Stage
Bangalore-560 071

Minutes of the First Meeting of the Cyber Regulation Advisory Committee (CRAC) held on March 6, 2001, at Electronics Niketan, under the Chairmanship of Hon’ble Minister* (IT) Shri Pramod Mahajan.

(List of Participants enclosed as Annexure-A)

The chairman welcomed the participants to the First Meeting of the Committee. In his opening remarks he hoped that the Committee would play a constructive role in the implementation of the Information Technology Act.
While introducing the Agenda (circulated ahead of the meeting), Controller of Certifying Authorities (CCA) made a short presentation on proposed "Regulation.; under section 89 of the IT Act" consisting of 18 proposed Regulations, Smart Card as token carrying Keys, and various suggested Amendments to the IT ACT 2000.
During the ensuing discussions, participants sought some time to study and collate associated inputs from their respective colleagues/specialists before offering any concrete suggestions/recommendations. Chairman agreed to the suggestions and postponed the meeting to 11:00 AM on the March 17, 2001 at the same venue. Based on the recommendation of Secretary (IT), members were requested to forward their inputs, if any, through e-mail within a weeks time to the following:

For Regulations wider section 89 of IT Act	For amendments to IT Act 2000
Shri K.N. Gupta (CCA) Room No. 4006, Electronics Niketan 6 CGO Complex New Delhi 110003 e-mail:kgupta@mit.gov.in Tele: 436 3073 Fax: 439 5982	Shri A.B. Saha (Member Secretary) Room No. 2055, Electronics Niketan 6 CGO Complex New Delhi 110003 e-mail:saha@mit.gov.in Tele: 436 0958 Fax: 436 2924

Meeting ended with a vote of thanks to the Chair.

Minutes of the Second Meeting of the Cyber Regulation Advisory Committee (CRAC) held on 17-18 March, 2001 at Electronics Niketan, New Delhi under the Chairmanship of Hon'ble Minister (IT), Shri Pramod Mahajan.

(List of Participants enclosed as Annexure-A)

The chairman welcomed the participants to the second meeting of the Committee to consider further the draft regulations proposed by the Controller of Certifying Authority (CCA). ' " ~
During the ensuing discussions, following general recommendations/decisions were arrived at governing the overall formulation of the regulations that are necessary to bring about infrastructure facilitating activities envisaged under the IT Act 2000:

a) Any regulation to be framed by the Controller draws its authority only from Section 89(2) of the Act. Moreover, such regulations should complement the Rules already framed under the Section 87 of the Act.

b) To keep pace with the changing technology and standards, CCA may publicly notify/modify necessary specifications of technology, standards and procedures at regular interval (say, January of every year). Moreover, to adhere to the "principles of minimal governance", if any particular necessity emerges for inclusion of newer manifestations of any existing standard/technology/procedure, Controller should respond within ninety (90) days after receiving any specific request in writing, failing which it will deemed to have obtained his concurrence.

c) The commercial practices/interests may form the essential pedestal for the certification process. Aspects of cross-certification may preferably be left to the purview of the concerned market forces. However, the necessary interoperability will essentially be "market-driven" and not "authority-driven". This will also ensure that formulated rules and regulations stay in tune with market realities.

d) Strict adherence to open standards should be ensured to avoid emergence of monopoly of any kind.

e) Considering cost sensitiveness of the requisite digital signature certificate, families of technologies varying in convenience, reliability, availability, robustness, etc. may be allowed to inter-operate. However, CCA may undertake public awareness campaign to promote desirable best practices from time to time.

f) The minimal regulations facilitating activities envisaged in the Act is desirable. Some of the proposed provisions can also be ensured in the form of "terms & conditions" governing the operations of Certifying Authorities.

g) Emergence of guidelines governing smooth functioning may be better left to publications brought out by industry associations, public-minded professionals etc. Formulating rules and regulations in these regards should be minimal.

3. After framing the draft compilation of the requisite regulations in accordance with the conventional legal form in terms of content as well as structure with the assistance of the Ministry of Law, the regulations may be brought to the Ministry of Information Technology for approval.

4 The Committee considered the 18 regulations proposed in Agenda Item No.1 and the statement reproduced below contains the decision taken against each proposal.

SI	Item	Conclusions
1	Regulation 1 Standardising on two key-pairs for PKI in the country. Key-pair generation for subscribers by CAs.	Regulation not required. Encryption Key pair not part of the IT Act. Already covered under Rule 3, 4 & 5 of notified CA Rules. Subscriber should be at liberty to bring his key pair that CA may verify before acceptance. (Section 40 of the Act)
2	Regulation 2 Encryption key-pair of subscribers to be maintained by CAs in a database and made available to enforcement and law agencies under directions of the Controller.	Regulation not required. IT Act is silent regarding encryption.
3	Regulation 3 Disclosure Record of CA.	Disclosure may be done every six months. Necessary format for disclosure may be notified from time to time. (Para 2(f) above)
4	Regulation 4 Encryption Key Pair of CA to be made available to the Controller.	Regulation not required in accordance to conclusions against 1 & 2 above.
5	Regulation 5 Cross-Certification with foreign CAs.	As per recommendation 2(c) above.
6	Regulation 6 Terms and Conditions subject to which license shall be issued by the Controller to the prospective CAs.	Can be merged with regulation 11. As per the recommendation mentioned in 2(c) above.
7	Regulation 7 Standards that may be considered for different activities associated with the CAs functions including standardization of contents of the Certificates to be issued by CAs and standardization of the Certificate Revocation List.	As per the recommendation 2(b) above.
8	Regulation 8 Information to be made publicly available by a CA on its website. Notice of suspension or revocation of license.	CA must harness all form of networks and other practical media, and not only Internet, for disclosure to its subscriber and other interested parties.
9	Regulation 9 Standardisation of Certificate Practice Statement.	Agreed.
10	Regulation 10 Compromise of subscribers Digital Signature Key-Pair	Agreed.
11	Regulation 11 Description of classes of Certificates.	Shall be merged with regulation 6 above. In addition to 3 classes of certificates as identified by international bodies, the regulation should be open to additional classes of certificates, if required.
12	Regulation 12 Cross-Certification of CAs.	It should be market-driven. (Recommendation 2(c) above).
13	Regulation 13 Incorporation of Controllers Public Key Certificate as the "root” in all web browsers in the country.	Regulation not required. Need for integrating Controller's root key in the browsers may not be feasible.
14	Regulation 14 Minimum key length for CAs and subscribers.	Agreed for the provision of 1024 bits for subscriber/end-user and 2048 bits for CAs key pair.
15	Regulation 15 Audit of applicants to include manpower audit as well. Liability of CAs towards subscribers on account of their negligence.	Regulation not required. Audit provision has already been covered under Rule 31 of CA rules notified by MIT.
16	Regulation 16 Storage of Key-Pairs of CAs. Distribution of Key-Pairs / Certificates of subscribers by CAs.	Not to be regulated. Recommendation 2(e) above shall be followed.
17	Regulation 17 Documents to be submitted to the Controller along with the application for obtaining license to operate as CA.	Already covered under rule 10 of CA rules notified by MIT. Any additional information can be sought through the recourse of public notices from time to time.
18	Regulation 18 Upon acceptance of PKC by a subscriber, the PKC shall be published by the CA as required under the IT Act for access by the subscribers and relying parties. The CA will ensure the transmission of PKC and CRLs to the National Repository to be maintained by the Controller.	Agreed.

Meeting ended with a vote of thanks to the Chair.

Annexure - A

First sitting of the second meeting of the “Cyber Regulation Advisory Committee” held on 17th March 2001 to consider adjourned agenda of the first meeting held on 6ft March 2001

List of Participants

Sh Pramod Mahajan, Minister, Information Technology - Chairman
Sh.S.C Jain , Secretary, Legislative Department
Sh Vinay Kohli, Secretary, Ministry of Information Technology
Sh. N. Parameswaran, DDG(LR), Department of Telecommunications
Dr. Jaimini Bhagwati, Ministry of Finance
Maj.Gen. M. G. Datar, Addl.D.G, IT, Army HQ, Ministry of Defence
Sh Mukesh Mittal, Dy Secy, Ministry of Home Affairs
Sh T A Khan, Sr. Dir, NIC, Ministry of Commerce
Sh. K.R Ganapathy,CGM-IC,RBI

10. Sh.S.R-Mittal,Adviser,DIT, Reserve Bank of India

11. Sh Dewang Mehta, President, NASSCOM

12. Sh Amitabh Singhal, President, Internet Service Providers Association

13. Sh LN Behra, DIG, Director, Central Bureau of Investigation

14. Sh K N Gupta, Controller of Certifying Authority

15. Sh. Qamar Ahmed. Addl.C.P/Crime, DG Police by rotation from the States

16. Prof. R S Sirohi. I1T Delhi, Director, IIT Delhi

17. Sh.Sanjay Dhawan, ExecDirector,KPMG, Representing CII

18. Sh. M.A.J.Jeyaseelan, Secretary, FICCI

19. Sh. Subimal Bhattacharjee, Vice President ARGUS, Representing ASSOCHAM

20. Sh A B Saha, Senior Director, Ministry of IT - Member Convener

First sitting of the second meeting of the “Cyber Regulation Advisory Committee” held on 18th March 2001 to consider adjourned agenda of the first meeting held on 6ft March 2001

List of Participants

Sh Pramod Mahajan, Minister, Information Technology - Chairman
Sh.N.L. Meenu, Jt. Secretary, Legislative Department
Sh Vinay Kohli, Secretary, Ministry of Information Technology
Sh. N. Parameswaran, DDG(LR), Department of Telecommunications
Dr. Jaimoni Bhagwati, Ministry of Finance
Maj.Gen. M G Datar, Ministry of Defence
Sh Mukesh Mittal, Dy Secy, Ministry of Home Affairs
Sh T A Khan, Sr. Dir, NIC, Ministry of Commerce
Sh. K.R Ganapathy,CGM-IC,RBI

10. Sh Dewang Mehta, President, NASSCOM

11. Sh Amitabh Singhal, President, Internet Service Providers Association

12. Sh LN Behra, DIG, Director, Central Bureau of Investigation

13. Sh K N Gupta, Controller of Certifying Authority

14. Sh. Dinesh Bhatt, Dy. Police Commissioner, Delhi

15. Prof. R S Sirohi. I1T Delhi, Director, IIT Delhi

16. Sh.Sanjay Dhawan, ExecDirector,KPMG, Representing CII

17. Sh. M.A.J.Jeyaseelan, Secretary, FICCI

18. Sh. Subimal Bhattacharjee, Vice President ARGUS, Representing ASSOCHAM

19. Sh A B Saha, Senior Director, Ministry of IT - Member Convener

For more details visit https://cis-india.org/internet-governance/resources/deity-response-to-rti-on-decisions-of-crac

The Worldwide Web of Concerns

pranesh — 2012-12-27T04:31:39Z

The International Telecommunication Union’s World Conference on International Telecommunications (WCIT-12) is currently under way in Dubai, after a gap of 25 years. At this conference, the Inter-national Telecommunication Regulations — a binding treaty containing high-level principles — are to be revised.

Pranesh Prakash's column was published in the Deccan Chronicle on December 10, 2012.

Much has changed since the 1988 Melbourne conference. Since 1988, mobile telephony has grown by leaps and bounds, the Internet has expanded and the World Wide Web has come into existence.

Telecommunications is now, by and large, driven by the private sector and not by state monopolies.

While there are welcome proposals (consumer protection relating to billing of international roaming), there have also been contentious issues that Internet activists have raised: a) process-related problems with the ITU; b) scope of the ITRs, and of ITU’s authority; c) content-related proposals and “evil governments” clamping down on free speech; d) IP traffic routing and distribution of revenues.

Process-related problems: The ITU is a closed-door body with only governments having a voice, and only they and exorbitant fees-paying sector members have access to documents and proposals. Further, governments generally haven’t held public consultations before forming their positions. This lack of transparency and public participation is anathema to any form of global governance and is clearly one of the strongest points of Internet activists who’ve raised alarm bells over WCIT.

w Scope of ITRs: Most telecom regulators around the world distinguish between information services and telecom services, with regulators often not having authority over the former. A few countries even believe that the wide definition of telecommunications in the ITU constitution and the existing ITRs already covers certain aspects of the Internet, and contend that the revisions are in line with the ITU constitution. This view should be roundly rejected, while noting that there are some legitimate concerns about the shift of traditional telephony to IP-based networks and the ability of existing telecom regulations (such as those for mandatory emergency services) to cope with this shift.

ITU’s relationship with Internet governance has been complicated. In 1997, it was happy to take a hands-off approach, cooperating with Internet Society and others, only to seek a larger role in Internet governance soon after. In part this has been because the United States cocked a snook at the ITU and the world community in 1998 through the way it established Internet Corporation for Assigned Names and Numbers (ICANN) as a body to look after the Internet’s domain name system. While the fact that the US has oversight over ICANN needs to change (with de-nationalisation being the best option), Russia wants to supersede ICANN and that too through current revisions of the ITRs. Russia’s proposal is a dreadful idea, and must not just be discarded lightly but thrown away with great force. The ITU should remain but one among multiple equal stakeholders concerned with Internet governance.

One important, but relatively unnoticed, proposed change to ITU’s authority is that of making the standards that ITU’s technical wing churns out mandatory. This is a terrible idea (especially in view of the ITU’s track record at such standards) that only a stuffy bureaucrat without any real-world insight into standards adoption could have dreamt up.

Content-related proposals: Internet activists, especially US-based ones, have been most vocal about the spectre of undemocratic governments trying to control online speech through the ITRs. Their concerns are overblown, especially given that worse provisions already exist in the ITU’s constitution. A more real threat is that of increasing national regulation of the Internet and its subsequent balkanisation, and this is increasingly becoming reality even without revisions to the ITRs.

Having said that, we must ensure that issues like harmonisation of cyber-security and spam laws, which India has been pushing, should not come under ITU’s authority. A further worry is the increasing militarisation of cyberspace, and an appropriate space must be found by nation-states to address this pressing issue, without bringing it under the same umbrella as online protests by groups like Anonymous.

Division of revenue: Another set of proposals is being pushed by a group of European telecom companies hoping to revive their hard-hit industry. They want the ITU to regulate how payments are made for the flow of Internet traffic, and to prevent socalled “net neutrality” laws that aim to protect consumers and prevent monopolistic market abuse. They are concerned that the Googles and Facebooks of the world are free-riding on their investments. That all these companies pay to use networks just as all home users do, is conveniently forgotten. Thankfully, most countries don’t seem to be considering these proposals seriously.

Can general criteria be framed for judging these proposals? In submissions to the Indian government, the Centre for Internet and Society suggested that any proposed revision of the ITRs be considered favourably only if it passes all the following tests: if international regulation is required, rather than just national-level regulation (i.e., the principle of subsidiarity); if it is a technical issue limited to telecommunications networks and services, and their interoperability; if it is an issue that has to be decided exclusively at the level of nation-states; if the precautionary principle is satisfied; and if there is no better place than the ITRs to address that issue. If all of the above are satisfied, then it must be seen if it furthers substantive principles, such as equity and development, competition and prevention of monopolies, etc. If it does, then we should ask what kind of regulation is needed: whether it should be mandatory, whether it is the correct sort of intervention required to achieve the policy objectives.

The threat of a “UN takeover” of the Internet through the WCIT is non-existent. Since the ITU’s secretary-general is insisting on consensus (as is tradition) rather than voting, the possibility of bad proposals (of which there are many) going through is slim. However, that doesn’t mean that activists have been crying themselves hoarse in vain. That people around the world are a bit more aware about the linkage between the technical features of the Internet and its potential as a vehicle for free speech, commerce and development, is worth having to hear some shriller voices out there.

The writer is policy director at the Centre for Internet and Society, Bengaluru

For more details visit https://cis-india.org/internet-governance/blog/deccan-chronicle-pranesh-prakash-december-10-2012-the-worldwide-web-of-concerns

The Worldwide Web of Concerns

pranesh — 2012-12-10T05:10:47Z

The threat of a ‘UN takeover’ of the Internet through the WCIT is non-existent. However, that does not mean that activists have been crying themselves hoarse in vain.

Pranesh Prakash's column was published in the Asian Age on December 10, 2012.

The International Telecommunication Union’s World Conference on International Telecommunications (WCIT-12) is currently under way in Dubai, after a gap of 25 years. At this conference, the International Telecommunication Regulations — a binding treaty containing high-level principles — are to be revised.

Much has changed since the 1988 Melbourne conference. Since 1988, mobile telephony has grown by leaps and bounds, the Internet has expanded and the World Wide Web has come into existence. Telecommunications is now, by and large, driven by the private sector and not by state monopolies.

Process-related problems: The ITU is a closed-door body with only governments having a voice, and only they and exorbitant fees-paying sector members have access to documents and proposals. Further, governments generally haven’t held public consultations before forming their positions. This lack of transparency and public participation is anathema to any form of global governance and is clearly one of the strongest points of Internet activists who’ve raised alarm bells over WCIT.

Scope of ITRs: Most telecom regulators around the world distinguish between information services and telecom services, with regulators often not having authority over the former. A few countries even believe that the wide definition of telecommunications in the ITU constitution and the existing ITRs already covers certain aspects of the Internet, and contend that the revisions are in line with the ITU constitution. This view should be roundly rejected, while noting that there are some legitimate concerns about the shift of traditional telephony to IP-based networks and the ability of existing telecom regulations (such as those for mandatory emergency services) to cope with this shift.

Content-related proposals: Internet activists, especially US-based ones, have been most vocal about the spectre of undemocratic governments trying to control online speech through the ITRs. Their concerns are overblown, especially given that worse provisions already exist in the ITU’s constitution. A more real threat is that of increasing national regulation of the Internet and its subsequent balkanisation, and this is increasingly becoming reality even without revisions to the ITRs. Having said that, we must ensure that issues like harmonisation of cyber-security and spam laws, which India has been pushing, should not come under ITU’s authority. A further worry is the increasing militarisation of cyberspace, and an appropriate space must be found by nation-states to address this pressing issue, without bringing it under the same umbrella as online protests by groups like Anonymous.

Division of revenue: Another set of proposals is being pushed by a group of European telecom companies hoping to revive their hard-hit industry. They want the ITU to regulate how payments are made for the flow of Internet traffic, and to prevent so-called “net neutrality” laws that aim to protect consumers and prevent monopolistic market abuse. They are concerned that the Googles and Facebooks of the world are free-riding on their investments. That all these companies pay to use networks just as all home users do, is conveniently forgotten. Thankfully, most countries don’t seem to be considering these proposals seriously.

Can general criteria be framed for judging these proposals? In submissions to the Indian government, the Centre for Internet and Society suggested that any proposed revision of the ITRs be considered favourably only if it passes all the following tests: if international regulation is required, rather than just national-level regulation (i.e., the principle of subsidiarity); if it is a technical issue limited to telecommunications networks and services, and their interoperability; if it is an issue that has to be decided exclusively at the level of nation-states; if the precautionary principle is satisfied; and if there is no better place than the ITRs to address that issue. If all of the above are satisfied, then it must be seen if it furthers substantive principles, such as equity and development, competition and prevention of monopolies, etc. If it does, then we should ask what kind of regulation is needed: whether it should be mandatory, whether it is the correct sort of intervention required to achieve the policy objectives.

The writer is policy director at the Centre for Internet and Society, Bengaluru

For more details visit https://cis-india.org/internet-governance/blog/asian-age-column-december-10-2012-pranesh-prakash-the-worldwide-web-of-concerns

Fixing India’s anarchic IT Act

pranesh — 2012-11-30T06:33:58Z

Section 66A of the Information Technology (IT) Act criminalizes “causing annoyance or inconvenience” online, among other things. A conviction for such an offence can attract a prison sentence of as many as three years.

Pranesh Prakash's article was published in LiveMint on November 28, 2012.

How could the ministry of communications and information technology draft such a loosely-worded provision that’s clearly unconstitutional? How could the ministry of law allow such shoddy drafting with such disproportionate penalties to pass through? Were any senior governmental legal officers—such as the attorney general—consulted? If so, what advice did they tender, and did they consider this restriction “reasonable”? These are some of the questions that arise, and they raise issues both of substance and of process.

When the intermediary guidelines rules were passed last year, the government did not hold consultations in anything but name. Industry and non-governmental organizations (NGOs) sent in submissions warning against the rules, as can be seen from the submissions we retrieved under the Right to Information Act and posted on our website. However, almost none of our concerns, including the legality of the rules, were paid heed to.

Earlier this year, parliamentarians employed a little-used power to challenge the law passed by the government, leading communications minister Kapil Sibal to state that he would call a meeting with “all stakeholders”, and will revise the rules based on inputs. A meeting was called in August, where only select industry bodies and members of Parliament were present, and from which a promise emerged of larger public consultations. That promise hasn’t been fulfilled.

Substantively, there is much that is rotten in the IT Act and the various rules passed under it, and a few illustrations—a longer analysis of which is available on the Centre for Internet and Society (CIS) website—should suffice to indicate the extent of the malaise.

Some of the secondary legislation (rules) cannot be passed under the section of the IT Act they claim as their authority. The intermediary guidelines violate all semblance of due process by not even requiring that a person whose content is removed is told about it and given a chance to defend herself. (Any content that is complained about under those rules is required to be removed within 36 hours, with no penalties for wilful abuse of the process. We even tested this by sending frivolous complaints, which resulted in removal.)

The definition of “cyber terrorism” in section 66F(1)(B) of the IT Act includes wrongfully accessing restricted information that one believes can be used for defamation, and this is punishable by imprisonment for life. Phone-tapping requires the existence of a “public emergency” or threat to “public safety”, but thanks to the IT Act, online surveillance doesn’t. The telecom licence prohibits “bulk encryption” over 40 bits without key escrow, but these are violated by all, including the Reserve Bank of India, which requires that 128-bit encryption be used by banks. These are but a few of the myriad examples of careless drafting present in the IT Act, which lead directly to wrongful impingement of our civil and political liberties. While we agree with the minister for communications, that the mere fact of a law being misused cannot be reason for throwing it out, we believe that many provisions of the IT Act are prone to misuse because they are badly drafted, not to mention the fact that some of them display constitutional infirmities. That should be the reason they are amended, not merely misuse.

What can be done? First, the IT Act and its rules need to be fixed. Either a court-appointed amicus curiae (who would be a respected senior lawyer) or a committee with adequate representation from senior lawyers, Internet policy organizations, government and industry must be constituted to review and suggest revisions to the IT Act. The IT Act (in section 88) has a provision for such a multi-stakeholder advisory committee, but it was filled with mainly government officials and became defunct soon after it was created, more than a decade ago. This ought to be reconstituted. Importantly, businesses cannot claim to represent ordinary users, since except when it comes to regulation of things such as e-commerce and copyright, industry has little to lose when its users’ rights to privacy and freedom of expression are curbed.

Second, there must be informal processes and platforms created for continual discussions and constructive dialogue among civil society, industry and government (states and central) about Internet regulation (even apart from the IT Act). The current antagonism does not benefit anyone, and in this regard it is very heartening to see Sibal pushing for greater openness and consultation with stakeholders. As he noted on the sidelines of the Internet Governance Forum in Baku, different stakeholders must work together to craft better policies and laws for everything from cyber security to accountability of international corporations to Indian laws. In his plenary note at the forum, he stated: “Issues of public policy related to the Internet have to be dealt with by adopting a multi-stakeholder, democratic and transparent approach” which is “collaborative, consultative, inclusive and consensual”. I could not have put it better myself. Now is the time to convert those most excellent intentions into action by engaging in an open reform of our laws.

Pranesh Prakash is policy director at the Centre for Internet and Society.

For more details visit https://cis-india.org/internet-governance/blog/livemint-opinion-november-28-2012-pranesh-prakash-fixing-indias-anarchic-it-act

Breaking Down Section 66A of the IT Act

pranesh — 2012-12-14T09:51:17Z

Section 66A of the Information Technology Act, which prescribes 'punishment for sending offensive messages through communication service, etc.' is widely held by lawyers and legal academics to be unconstitutional. In this post Pranesh Prakash explores why that section is unconstitutional, how it came to be, the state of the law elsewhere, and how we can move forward.

Back in February 2009 (after the IT Amendment Act, 2008 was hurriedly passed on December 22, 2008 by the Lok Sabha, and a day after by the Rajya Sabha[1] but before it was notified on October 27, 2009) I had written that s.66A is "patently in violation of Art. 19(1)(a) of the Constitution of India":

Section 66A which punishes persons for sending offensive messages is overly broad, and is patently in violation of Art. 19(1)(a) of our Constitution. The fact that some information is "grossly offensive" (s.66A(a)) or that it causes "annoyance" or "inconvenience" while being known to be false (s.66A(c)) cannot be a reason for curbing the freedom of speech unless it is directly related to decency or morality, public order, or defamation (or any of the four other grounds listed in Art. 19(2)). It must be stated here that many argue that John Stuart Mill's harm principle provides a better framework for freedom of expression than Joel Feinberg's offence principle. The latter part of s.66A(c), which talks of deception, is sufficient to combat spam and phishing, and hence the first half, talking of annoyance or inconvenience is not required. Additionally, it would be beneficial if an explanation could be added to s.66A(c) to make clear what "origin" means in that section. Because depending on the construction of that word s.66A(c) can, for instance, unintentionally prevent organisations from using proxy servers, and may prevent a person from using a sender envelope different from the "from" address in an e-mail (a feature that many e-mail providers like Gmail implement to allow people to send mails from their work account while being logged in to their personal account). Furthermore, it may also prevent remailers, tunnelling, and other forms of ensuring anonymity online. This doesn't seem to be what is intended by the legislature, but the section might end up having that effect. This should hence be clarified.

I stand by that analysis. But given that it is quite sparse, in this post I will examine s.66A in detail.

Here's what s. 66A of the IT (Amendment) Act, 2008 states:

66A. Punishment for sending offensive messages through communication service, etc.,
Any person who sends, by means of a computer resource or a communication device,—
(a) any information that is grossly offensive or has menacing character;
(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently by making use of such computer resource or a communication device,
(c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages

shall be punishable with imprisonment for a term which may extend to three years and with fine.

Explanation: For the purposes of this section, terms "electronic mail" and "electronic mail message" means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, images, audio, video and any other electronic record, which may be transmitted with the message.[2]

A large part of s.66A can be traced back to s.10(2) of the UK's Post Office (Amendment) Act, 1935:

If any person —
(a) sends any message by telephone which is grossly offensive or of an indecent, obscene, or menacing character; or
(b) sends any message by telephone, or any telegram, which he knows to be false, for the purpose of causing annoyance, inconvenience, or needless anxiety to any other person; or
(c) persistently makes telephone calls without reasonable cause and for any such purposes as aforesaid;
he shall be liable upon summary conviction to a fine not exceeding ten pounds, or to imprisonment for a term not exceeding one month, or to both such fine and imprisonment.

Section 66A bears a striking resemblance to the three parts of this law from 1935, with clauses (b) and (c) being merged in the Indian law into a single clause (b) of s.66A, with a whole bunch of new "purposes" added. Interestingly, the Indian Post Office Act, 1898, was never amended to add this provision.

The differences between the two are worth exploring.

Term of Punishment

The first major difference is that the maximum term of imprisonment in the 1935 Act is only one month, compared to three years in s.66A of the IT Act. It seems the Indian government decided to subject the prison term to hyper-inflation to cover for the time. If this had happened for the punishment for, say, criminal defamation, then that would have a jail term of up to 72 years! The current equivalent laws in the UK are the Communications Act, 2003 (s. 127) and the Malicious Communications Act 1988 (s.1) for both of which the penalty is up to 6 months' imprisonment or to a maximum fine of £5000 or both. What's surprising is that in the Information Technology (Amendment) Bill of 2006, the penalty for section 66A was up to 2 years, and it was changed on December 16, 2008 through an amendment moved by Mr. A. Raja (the erstwhile Minister of Communications and IT) to 3 years. Given that parts of s.66A(c) resemble nuisance, it is instructive to note the term of punishment in the Indian Penal Code (IPC) for criminal nuisance: a fine of Rs. 200 with no prison term.

"Sending" vs. "Publishing"

J. Sai Deepak, a lawyer, has made an interesting point that the IT Act uses "send" as part of its wording, and not "publish". Given that, only messages specifically directed at another would be included. While this is an interesting proposition, it cannot be accepted because: (1) even blog posts are "sent", albeit to the blog servers — s.66A doesn't say who it has to be sent to; (2) in the UK the Communications Act 2003 uses similar language and that, unlike the Malicious Communication Act 1988 which says "sends to another person", has been applied to public posts to Twitter, etc.; (3) The explanation to s.66A(c) explicitly uses the word "transmitted", which is far broader than "send", and it would be difficult to reconcile them unless "send" can encompass sending to the publishing intermediary like Twitter.

Part of the narrowing down of s.66A should definitely focus on making it applicable only to directed communication (as is the case with telephones, and with the UK's Malicious Communication Act), and not be applicable to publishing.

Section 66A(c)

Section 66A(c) was also inserted through an amendment moved by Mr. Raja on December 16, 2008, which was passed by the Lok Sabha on December 22, 2008, and a day after by the Rajya Sabha. (The version introduced in Parliament in 2006 had only 66A(a) and (b).) This was done in response to the observation by the Standing Committee on Information Technology that there was no provision for spam. Hence it is clear that this is meant as an anti-spam provision. However, the careless phrasing makes it anything but an anti-spam provision. If instead of "for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages" it was "for the purpose of causing annoyance and inconvenience and to deceive and to mislead the addressee or recipient about the origin of such messages", it would have been slightly closer to an anti-spam provision, but even then doesn't have the two core characteristics of spam: that it be unsolicited and that it be sent in bulk. (Whether only commercial messages should be regarded as spam is an open question.) That it arise from a duplicitous origin is not a requirement of spam (and in the UK, for instance, that is only an aggravating factor for what is already a fine-able activity).

Curiously, the definitional problems do not stop there, but extend to the definitions of "electronic mail" and "electronic mail message" in the 'explanation' as well. Those are so vast that more or less anything communicated electronically is counted as an e-mail, including forms of communication that aren't aimed at particular recipients the way e-mail is.

Hence, the anti-spam provision does not cover spam, but covers everything else. This provision is certainly unconstitutional.

Section 66A(b)

Section 66A(b) has three main elements: (1) that the communication be known to be false; (2) that it be for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will; (3) that it be communicated persistently. The main problem here is, of course, (2). "Annoyance" and "inconvenience", "insult", "ill will" and "hatred" are very different from "injury", "danger", and "criminal intimidation". That a lawmaker could feel that punishment for purposes this disparate belonged together in a single clause is quite astounding and without parallel (except in the rest of the IT Act). That's akin to having a single provision providing equal punishment for calling someone a moron ("insult") and threatening to kill someone ("criminal intimidation"). While persistent false communications for the purpose of annoying, insulting, inconveniencing, or causing ill will should not be criminalised (if need be, having it as a civil offence would more than suffice), doing so for the purpose of causing danger or criminal intimidation should. However, the question arises whether you need a separate provision in the IT Act for that. Criminal intimidation is already covered by ss. 503 and 506 of the IPC. Similarly, different kinds of causing danger are taken care of in ss.188, 268, 283, 285, 289, and other provisions. Similarly with the other "purposes" listed there, if, for instance, a provision is needed to penalise hoax bomb threats, then the provision clearly should not be mentioning words like "annoyance", and should not be made "persistent". (At any rate, s. 505(1) of the IPC suffices for hoax bomb threats, so you don't need a separate provision in the IT Act).

I would argue that in its current form this provision is unconstitutional, since there is no countervailing interest in criminalising false and persistent "insults", etc., that will allow those parts of this provision to survive the test of 'reasonableness' under Art.19(2). Furthermore, even bits that survive are largely redundant. While this unconstitutionality could be cured by better, narrower wording, even then one would need to ensure that there is no redundancy due to other provisions in other laws.

Section 66A(a)

In s.66A(a), the question immediately arises whether the information that is "grossly offensive" or "menacing" need to be addressed at someone specific and be seen as "grossly offensive" or "menacing" by that person, or be seen by a 'reasonable man' test.

Additionally, the term "grossly offensive" will have to be read in such a heightened manner as to not include merely causing offence. The one other place where this phrase is used in Indian law is in s.20(b) of the Indian Post Office Act (prohibiting the sending by post of materials of an indecent, obscene, seditious, scurrilous, threatening, or grossly offensive character). The big difference between s.20(b) of the IPO Act and s.66A of the IT Act is that the former is clearly restricted to one-to-one communication (the way the UK's Malicious Communication Act 1988 is). Reducing the scope of s.66A to direct communications would make it less prone to challenge.

Additionally, in order to ensure constitutionality, courts will have to ensure that "grossly offensive" does not simply end up meaning "offensive", and that the maximum punishment is not disproportionately high as it currently is. Even laws specifically aimed at online bullying, such as the UK's Protection from Harassment Act 1997, can have unintended effects. As George Monbiot notes, the "first three people to be prosecuted under [the Protection from Harassment Act] were all peaceful protesters".

Constitutional Arguments in Importing Laws from the UK

The plain fact is that the Indian Constitution is stronger on free speech grounds than the (unwritten) UK Constitution, and the judiciary has wide powers of judicial review of statutes (i.e., the ability of a court to strike down a law passed by Parliament as 'unconstitutional'). Judicial review of statutes does not exist in the UK (with review under its EU obligations being the exception) as they believe that Parliament is supreme, unlike India. Putting those two aspects together, a law that is valid in the UK might well be unconstitutional in India for failing to fall within the eight octagonal walls of the reasonable restrictions allowed under Art.19(2). That raises the question of how they deal with such broad wording in the UK.

Genealogy of UK Law on Sending 'Indecent', 'Menacing', 'Grossly Offensive' Messages

Quoting from the case of DPP v. Collins [2006] UKHL 40 [6]:

The genealogy of [s. 127(1) of the Communication Act] may be traced back to s.10(2)(a) of the Post Office (Amendment) Act, 1935, which made it an offence to send any message by telephone which is grossly offensive or of an indecent, obscene or menacing character. That subsection was reproduced with no change save of punctuation in s.66(a) of the Post Office Act 1953. It was again reproduced in s.78 of the Post Office Act 1969, save that "by means of a public telecommunication service" was substituted for "by telephone" and "any message" was changed to "a message or other matter". Section 78 was elaborated but substantially repeated in s.49(1)(a) of the British Telecommunications Act 1981 and was re-enacted (save for the substitution of "system" for "service") in s.43(1)(a) of the Telecommunications Act 1984. Section 43(1)(a) was in the same terms as s.127(1)(a) of the 2003 Act, save that it referred to "a public telecommunication system" and not (as in s.127(1)(a)) to a "public electronic communications network". Sections 11(1)(b) of the Post Office Act 1953 and 85(3) of the Postal Services Act 2000 made it an offence to send certain proscribed articles by post.

While the above quotation talks about s.127(1) it is equally true about s.127(2) as well. In addition to that, in 1988, the Malicious Communications Act (s.1) was passed to prohibit one-to-one harassment along similar lines.

The UK's Post Office Act was eclipsed by the Telecommunications Act in 1984, which in turn was replaced in 2003 by the Communications Act. (By contrast, we still stick on to the colonial Indian Post Office Act, 1898.) Provisions from the 1935 Post Office Act were carried forward into the Telecommunications Act (s.43 on the "improper use of public telecommunication system"), and subsequently into s.127 of the Communications Act ("improper use of public electronic communications network"). Section 127 of the Communications Act states:

127. Improper use of public electronic communications network
(1) A person is guilty of an offence if he —
(a) sends by means of a public electronic communications network a message or other matter that is grossly offensive or of an indecent, obscene or menacing character; or
(b) causes any such message or matter to be so sent.
(2) A person is guilty of an offence if, for the purpose of causing annoyance, inconvenience or needless anxiety to another, he —
(a) sends by means of a public electronic communications network, a message that he knows to be false,
(b) causes such a message to be sent; or
(c) persistently makes use of a public electronic communications network.
(3) A person guilty of an offence under this section shall be liable, on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale, or to both.
(4) Subsections (1) and (2) do not apply to anything done in the course of providing a programme service (within the meaning of the Broadcasting Act 1990 (c. 42)).

Currently in the UK there are calls for repeal of s.127. In a separate blog post I will look at how the UK courts have 'read down' the provisions of s.127 and other similar laws in order to be compliant with the European Convention on Human Rights.

Comparison between S. 66A and Other Statutes

Section 144, IPC, 1860

Power to issue order in urgent cases of nuisance or apprehended danger

...obstruction, annoyance or injury to any person lawfully employed, or danger to human life, health or safety, or a disturbance of the public tranquillity

Babulal Parate v. State of Maharastra and Ors. [1961 AIR SC 884] (Magistrates order under s. 144 of the Cr. PC, 1973 was in violation of Art.19(1)(a) of the Constitution).

A special thanks is due to Snehashish Ghosh for compiling the below table.

Section	Term(s)/phrase(s) used in 66A	Term(s)/ phrase(s) used in similar sections
Section 66A (heading)	Punishment for sending offensive messages through communication service, etc	Section 127, CA, 2003, "Improper use of public electronic communications network"
Section 66A(a)	Any person who sends, by means of a computer resource or a communication device	Section 1(1), MCA 1988, "Any person who sends to another person..."
Section 66A(a)	Grossly offensive	Section 1(1)(a)(i), MCA 1988; Section 127(1)(a),CA, 2003; Section 10(2)(a), Post Office (Amendment) Act, 1935; Section 43(1)(a), Telecommunications Act 1984; Section 20, India Post Act 1898
Section 66A(a)	Menacing character	Section127(1)(a),CA, 2003
Section 66A(b)	Any information which he knows to be false	Section 1(1)(a)(iii), MCA 1988 "information which is false and known or believed to be false by the sender"; Section 127(2)(a), CA, 2003, "a message that he knows to be false"
Section 66A(b) “purpose of...”	Causing annoyance	Section127(2), CA, 2003
	Inconvenience	Section 127 (2), CA, 2003
	Danger
	Insult	Section 504, IPC, 1860
	Injury	Section 44 IPC, 1860, "The word 'injury' denotes any harm whatever illegally caused to any person, in body, mind, reputation or property."
	Criminal intimidation	Sections 503 and 505 (2), IPC, 1860
	Enmity, hatred or ill-will	Section 153A(1)(a), IPC, 1860
	Persistently by making use of such computer resource or a communication device	Section 127(2)(c), CA, 2003, "persistently makes use of a public electronic communications network."
Section 66A(c)	Deceive or to mislead	-

Notes
MCA 1988: Malicious Communications Act (s.1)
CA: Communications Act 2003 (s.127)
*Replaced by Communications Act 2003

[1]. The Information Technology (Amendment) Bill, 2008, was one amongst the eight bills that were passed in fifteen minutes on December 16, 2008.
[2]. Inserted vide Information Technology Amendment Act, 2008.

This was re-posted in Outlook (November 28, 2012)

For more details visit https://cis-india.org/internet-governance/blog/breaking-down-section-66-a-of-the-it-act

Draft nonsense

pranesh — 2012-12-03T09:08:10Z

Seriously flawed and dodgily drafted provisions in the IT Act provide the state a stick to beat its citizens with.

Pranesh Prakash's op-ed was published in the Times of India on November 24, 2012.

Section 66A of the Information Technology Act once again finds itself in the middle of a brewing storm. It has been used in cases ranging from the Mamata Banerjee cartoon case, the Aseem Trivedi case, the Karti Chidambaram case, the Chinmayi case, to the current Bal Thackeray-Facebook comments case. In all except the Karti Chidambaram case (which is actually a case of defamation where 's. 66A' is inapplicable), it was used in conjunction with another penal provision, showing that existing laws are more than adequate for regulation of online speech. That everything from online threats wishing sexual assault (the Chinmayi case) to harmless cartoons are sought to be covered under this should give one cause for concern. Importantly, this provision is cognisable (though bailable), meaning an arrest warrant isn't required. This makes it a favourite for those wishing to harass others into not speaking.

Section 66A prohibits the sending "by means of a computer resource or a communication device" certain kinds of messages. These messages are divided into three sub-parts : (a) anything that is "grossly offensive or has menacing character";(b) information known to be false for the purposes of "causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will" and is sent persistently;or (c) "for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages". This carries with it a punishment of up to three years in jail and a fine without an upper limit. As even non-lawyers can see, these are very broadly worded, with use of 'or' everywhere instead of 'and', and the punishment is excessive. The lawyers amongst the readers will note that while some of the words used are familiar from other laws (such as the Indian Penal Code), they are never used this loosely. And all should hopefully be able to conclude that large parts of section 66A are plainly unconstitutional.

If that is so obvious, how did we end up getting this law? We copied (and badly at that) from the UK. The sad part is that the modifications that were introduced while copying are the bits that cause the most trouble. The most noteworthy of these changes are the increase in term of punishment to 3 years (in the UK it's 6 months); the late introduction (on December 16, 2008 by A Raja) of sub-section (c), meant as an anti-spam provision, but covering everything in the world except spam;and the mangling up of sub-section (b) to become a witches brew of all the evil intentions in this world.

Further, we must recognise that our Constitution is much stronger when it comes to issues like free speech than the UK's unwritten constitution, and our high courts and Supreme Court have the power to strike down laws for being unconstitutional, unlike in the UK where Parliament reigns supreme. The most the courts can do there is accommodate the European Convention on Human Rights by 'reading down' laws rather than striking them down.

Lastly, even if we do decide to engage in policy-laundering, we need to do so intelligently. The way the government messed up section 66A should serve as a fine lesson on how not to do so. While one should fault the ministry of communications and IT for messing up the IT Act so badly, it is apparent that the law ministry deserves equal blame as well for being the sleeping partner in this deplorable joint venture. For instance, wrongfully accessing a computer to remove material which one believes can be used for defamation can be considered 'cyber-terrorism'. Where have all our fine legal drafters gone? In a meeting, former SEBI chairman M Damodaran noted how bad drafters make our policies seem far dumber than they are. We wouldn't be in this soup if we had good drafters who clearly understand the fundamental rights guaranteed by our constitution.

There are a great many things flawed in this unconstitutional provision, from the disproportionality of the punishment to the non-existence of the crime. The 2008 amendment to the IT Act was one of eight laws passed in 15 minutes without any debate in the 2008 winter session of Parliament. For far too long the Indian government has spoken about "multi-stakeholder" governance of the internet at international fora (meaning that civil society and industry must be seen as equal to governments when it comes to policymaking for the governance of the internet). It is about time we implemented multi-stakeholder internet governance domestically. The way to go forward in changing this would be to set up a multi-stakeholder body (including civil society and industry) which can remedy this and other ridiculously unconstitutional provisions of our IT Act.

For more details visit https://cis-india.org/internet-governance/blog/times-crest-pranesh-prakash-november-24-2012-draft-nonsense

Section 66A of the Information Technology Act

pranesh — 2012-11-25T13:34:26Z

Note: The Information Technology Act, 2000 was amended in 2008. The amended Act which received the assent of the President on February 5, 2009, contains section 66A.

66A. Punishment for sending offensive messages through communication service, etc.

Any person who sends, by means of a computer resource or a communication device,—

(a) any information that is grossly offensive or has menacing character; or

(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device,

(c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages,

shall be punishable with imprisonment for a term which may extend to three years and with fine.

Explanation.— For the purpose of this section, terms “electronic mail” and “electronic mail message” means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, images, audio, video and any other electronic record, which may be transmitted with the message.

For more details visit https://cis-india.org/internet-governance/resources/section-66A-information-technology-act

Arbitrary Arrests for Comment on Bal Thackeray's Death

pranesh — 2013-01-02T03:42:37Z

Two girls have been arbitrarily and unlawfully arrested for making comments about the late Shiv Sena supremo Bal Thackeray's death. Pranesh Prakash explores the legal angles to the arrests.

Facts of the case

This morning, there was a short report in the Mumbai Mirror about two girls having been arrested for comments one of them made, and the other 'liked', on Facebook about Bal Thackeray:

Police on Sunday arrested a 21-year-old girl for questioning the total shutdown in the city for Bal Thackeray’s funeral on her Facebook account. Another girl who ‘liked’ the comment was also arrested.

The duo were booked under Section 295 (a) of the IPC (for hurting religious sentiments) and Section 64 (a) of the Information Technology Act, 2000. Though the girl withdrew her comment and apologised, a mob of some 2,000 Shiv Sena workers attacked and ransacked her uncle’s orthopaedic clinic at Palghar.

“Her comment said people like Thackeray are born and die daily and one should not observe a bandh for that,” said PI Uttam Sonawane.

What provisions of law were used?

There's a small mistake in Mumbai Mirror's reportage as there is no section "64(a)"¹ in the Information Technology (IT) Act, nor a section "295(a)" in the Indian Penal Code (IPC). They must have meant section 295A of the IPC ("outraging religious feelings of any class") and section 66A of the IT Act ("sending offensive messages through communication service, etc."). (Update: The Wall Street Journal's Shreya Shah has confirmed that the second provision was section 66A of the IT Act.)

Section 295A of the IPC is cognizable and non-bailable, and hence the police have the powers to arrest a person accused of this without a warrant.² Section 66A of the IT Act is cognizable and bailable.

Update: Some news sources claim that section 505(2) of the IPC ("Statements creating or promoting enmity, hatred or ill-will between classes") has also been invoked.

Was the law misapplied?

This is clearly a case of misapplication of s.295A of the IPC.³ This provision has been frivolously used numerous times in Maharashtra. Even the banning of James Laine's book Shivaji: Hindu King in Islamic India happened under s.295A, and the ban was subsequently held to have been unlawful by both the Bombay High Court as well as the Supreme Court. Indeed, s.295A has not been applied in cases where it is more apparent, making this seem like a parody news report.

Interestingly, the question arises of the law under which the friend who 'liked' the Facebook status update was arrested. It would take a highly clever lawyer and a highly credulous judge to make 'liking' of a Facebook status update an act capable of being charged with electronically "sending ... any information that is grossly offensive or has menacing character" or "causing annoyance or inconvenience", or under any other provision of the IT Act (or, for that matter, the IPC).⁴ That 'liking' is protected speech under Article 19(1)(a) is not under question in India (unlike in the USA where that issue had to be adjudicated by a court), since unlike the wording present in the American Constitution, the Indian Constitution clearly protects the 'freedom of speech and expression', so even non-verbal expression is protection.

Role of bad law and the police

In this case the blame has to be shared between bad law (s.66A of the IT Act) and an abuse of powers by police. The police were derelict in their duty, as they failed to provide protection to the Dhada Orthopaedic Hospital, run by the uncle of the girl who made the Facebook posting. Then they added insult to injury by arresting Shaheen Dhada and the friend who 'liked' her post. This should not be written off as a harmless case of the police goofing up. Justice Katju is absolutely correct in demanding that such police officers should be punished.

Rule of law

Rule of law demands that laws are not applied in an arbitrary manner. When tens of thousands were making similar comments in print (Justice Katju's article in the Hindu, for instance), over the Internet (countless comments on Facebook, Rediff, Orkut, Twitter, etc.), and in person, how did the police single out Shaheen Dhada and her friend for arrest?⁵

This should not be seen merely as "social media regulation", but as a restriction on freedom of speech and expression by both the law and the police. Section 66A makes certain kinds of speech-activities ("causing annoyance") illegal if communicated online, but legal if that same speech-activity is published in a newspaper. Finally, this is similar to the Aseem Trivedi case where the police wrongly decided to press charges and to arrest.

This distinction is important as it being a Facebook status update should not grant Shaheen Dhada any special immunity; the fact of that particular update not being punishable under s.295 or s.66A (or any other law) should.

Section 64 of the IT Act is about "recovery of penalty" and the ability to suspend one's digital signature if one doesn't pay up a penalty that's been imposed.↩
The police generally cannot, without a warrant, arrest a person accused of a bailable offence unless it is a cognizable offence. A non-bailable offence is one for which a judicial magistrate needs to grant bail, and it isn't an automatic right to be enjoyed by paying a bond-surety amount set by the police.↩
Section 295A of the IPC has been held not to be unconstitutional. The first case to challenge the constitutionality of section 66A of the IT Act was filed recently in front of the Madurai bench the Madras High Court.)↩
One can imagine an exceptional case where such an act could potentially be defamatory, but that is clearly exceptional.↩
This is entirely apart from the question of how the Shiv Sena singled in on Shaheen Dhada's Facebook comment.↩

This blog entry has been re-posted in the following places

Outlook (November 19, 2012).
KAFILA (November 19, 2012).

For more details visit https://cis-india.org/internet-governance/blog/bal-thackeray-comment-arbitrary-arrest-295A-66A

Will The International Telecommunication Regulations (ITRs) Impact Internet Governance? A Multistakeholder Perspective

pranesh — 2012-12-10T04:40:11Z

Pranesh Prakash made a presentation at the India Internet Governance Conference (IIGC) held at the FICCI, Federation House, Tansen Marg, New Delhi on October 4 and 5, 2012. The event was organised by the Ministry of Communications & Information Technology, FICCI and Internet Society. CIS was one of the supporting organisations.

Principles

I'll outline some broad principles that should be kept in mind while deciding on proposals for the International Telecommunications Regulations (ITR).

Any proposal should be considered for the ITR if an only if it satisfies all the below criteria:

Only if international regulation is needed

If only national regulation is sufficient, then ITR is not the right place for it.
International roaming price transparency, for instance, is an issue where international cooperation is required.

Only if it is a technical issue limited to telecommunications networks and interoperability

On the issues of 'security', if it is strictly about network security, then it is fine.

ITU already does some standard setting work around this.

If it about security of root server operations, or DNS, etc., that's not around telecommunications, despite being a technical issue.
If it is about criminal activities on telecommunications networks, that is not a technical issue.

Only if it is something that can be decided at the level of states.

Multistakeholder issues should not end up at the ITU, since the ITU is not a multistakeholder body.
This principle has been accepted by the ITU itself in the Geneva Declaration as well as the Tunis Agenda.

Only if it proposes to address a proven harm

The ETNO proposal, for instance, does not make it very clear why they think current interconnection system is a problem.

Though the ETNO proposal says that it is required to enable "fair compensation", "sustainable development of telecom", it does so without showing why the current payment mechanisms are unsustainable, or how telecom industry has changed lately, or even how moving from voice to data (even for voice) is going to affect "sustainable development of telecom".
Geoff Huston provides the wonderful example of how ten years ago, content providers were asking for fair compensation from telecom providers ("content is being provided free, while ISPs charge customers; ISPs are worthless without content, hence ISPs need to share revenue with content providers"). Now the opposite argument is being made by telecom operators.

Airtel in India has publicly asked Google and Facebook for revenue sharing.

Rohan Samarajiva of LIRNEasia

He believes ETNO proposal is bad for developing countries.

Adverse unintended effect of ETNO proposal ("sending-party network pays") is that less traffic will be directed towards poorer regions without the ability (whether through ad sales, or otherwise) to justify that expenditure by the sender.

ISOC paper is one of the most in-depth analysis so far.

They strongly believe it is going to be bad for Internet

Truth is that there has been no clear economic study so far of the potential impact. Hence counting benefits without proper analysis is risky.

Only if there's no better place than ITU

If another existing organization like ICANN or IETF can look at it, then ITU should not take over.

If all the above principles are satisfied, then the question becomes:

Does the proposal further substantive principles, such as:
Development
Competition and prevention of monopolies
Etc.

If the proposal does advance such substantive principles, then we should ask what kind of regulation is needed: Whether mandatory or not whether it is the minimal amount required to achieve the policy objectives.

Conclusion

Indian government's positions on the specific proposals to the ITR haven't yet been made public.

But the India government has taken a public position on the larger issue before: the IBSA statement on Enhanced Cooperation from December 2010. the IBSA reaffirms its commitment to the stability and security of the Internet as a global facility based on the full participation of all stakeholders, from both developed and developing countries, within their respective roles and responsibilities in line with paragraph 35 of the Tunis Agenda.

"The management of the Internet encompasses both technical and public policy issues and should involve all stakeholders and relevant intergovernmental and international organizations."

Demonization of the ITU is not good, though some in civil society have engaged in it, and is not the issue here. * After all, ITU was a core part of the WSIS process that led to the multistakeholder system. * ITU does have its own role to play in Internet governance.

Importantly, transparency and public participation is required. * We have signed an international civil society letter asking ITU to be more transparent. This has had a little impact; more documents are now out in the public. And there's now WCITLeaks.org * The Indian government must hold inclusive meetings with all relevant experts and stakeholders, including civil society organizations and academics.

For more details visit https://cis-india.org/internet-governance/blog/will-the-international-telecommunication-regulations-itrs-impact-internet-governance-a-multistakeholder-perspective

Statement of Civil Society Members and Groups Participating in the "Best Bits" pre-IGF meeting at Baku in 2012

pranesh — 2012-12-07T08:06:25Z

The Centre for Internet & Society was one of the signatories for this submission made to the ITU on November 16, 2012.

Read the statement of civil society members and groups participating in the “Best Bits” pre-IGF meeting at Baku in 2012

We thank the Secretariat of the ITU for making the opportunity to submit our views.

Nevertheless, the process of the revision of the International Telecommunication Regulations (ITRs) has not been sufficiently inclusive and transparent, despite some recent efforts to facilitate public participation. Fundamental to the framing of public policy must be the pursuit of the public interest and fundamental human rights, and we urge Member States to uphold and protect these values.

We as civil society organizations wish to engage with the World Conference on International Telecommunication (WCIT) process in this spirit. Member States, in most cases, have not held open, broad-based, public consultations in the lead up to the WCIT, nor have they indicated such a process for the WCIT itself.

In order to address this deficiency, and at a minimum, we would urge:

All Member States and regional groups to make their proposals available to the public in sufficient time to allow for meaningfulpublic participation;
All delegates to support proposals to open sessions of the WCIT meeting to the public;
The ITU Secretariat to increase transparency of the WCIT including live webcast with the video, audio, and text transcripts, as far as possible, to enable participation by all, including persons with disabilities;
The ITU Secretariat, Member States, and regional groups to make as much documentation publicly available as possible on the ITU's website, so that civil society can provide substantive input on proposals as they are made available;
Member States to encourage and facilitate civil society participation in their national delegations;
The ITU to create spaces during the WCIT for civil society to express their views, as was done during the WSIS process.

Given the uncertainty about the nature of final proposals that will be presented, we urge delegates that the following criteria be applied to any proposed revisions of the ITRs.

That any proposed revisions are confined to the traditional scope of the ITRs, where international regulation is required around technical issues is limited to telecommunications networks and interoperability standards.
There should be no revisions to the ITRs that involve regulation of the Internet Protocol and the layers above.
There should be no revisions that could have a negative impact on affordable access to the Internet or the public's rights to privacy and freedom of expression.

More generally we call upon the ITU to promote principles of net neutrality, open standards, affordable access and universal service, and effective competition.

Signatories:

Access (Global)
Association for Progressive Communications (Global)
Bangladesh NGOs Network for Radio and Communication (Bangladesh)
Bytes for All (Pakistan)
Center for Democracy and Technology (United States of America)
Centre for Community Informatics Research (Canada)
Centre for Internet and Society (India)
Collaboration on International ICT Policy for East and Southern Africa (Eastern and Southern Africa)
Consumer Council of Fiji (Fiji)
Consumers International (Global)
Dynamic Coalition on Internet Rights and Principles (IRP) (Global)
Electronic Frontier Finland (Finland)
Imagining the Internet Center (United States of America)
Instituto Nupef (Brazil)
Internet Democracy Project (India)
Internet Research Project (Pakistan)
Global Partners and Associates (United Kingdom)
GobernanzadeInternet.co (Colombia)
ICT Watch Indonesia (Indonesia)
Instituto Brasileiro de Defesa do Consumidor / Brazilian Institute for
Consumer Defense (Brazil)
InternetNZ (New Zealand)
IT for Change (India)
Media Education Center (Armenia)
ONG Derechos Digitales (Chile)
OpenMedia (Canada)
Public Knowledge (United States of America)
Thai Netizen Network (Thailand)
Ginger Paque (Venezuala)
Nnenna Nwakanma (Côte d'Ivoire)
Sonigitu Ekpe (Nigeria)
Wolfgang Kleinwächter (Denmark)

For more details visit https://cis-india.org/internet-governance/blog/statement-of-civil-society-members-and-groups-at-best-bits-pre-igf-meeting

Indian Government's Submission to ITU

pranesh — 2012-12-09T00:48:10Z

The following is the text of the submission made by the Government of India to the World Conference of International Telecommunications, Dubai on November 3, 2012. This is the final version of a draft that was circulated earlier.

Read the detailed comments on India's draft proposal on the Proposed Amendments to the ITU’s ITR’s – November 3, 2012

World Conference on International Telecommunications (WCIT-12) Dubai, 3-14 December 2012
PLENARY MEETING														Document 21-E 3 November 2012 Original: English

India (Republic of)

PROPOSALS FOR THE WORK OF THE CONFERENCE

Introduction

We recognise and appreciate the efforts of International Telecommunication Union in preparing the Draft on proposed ITRs for WCIT 2012.

The attached proposal is developed through a consultation process involving various stakeholder groups, both, in Indian Public and Private sectors. Due consideration has been given to the existing legislations and government policies in the preparation of this proposal. We acknowledge that since 1988, there have been significant changes and challenges in Telecommunications / ICTs in terms of Technological breakthroughs, New Services and Market Structure. Acknowledging this fact, India’s proposal is offered in the form of addition (ADD) or modification (MOD) only on some of the relevant proposals, by giving reference to the appropriate CWG/4/XXX number mentioned in the Annex 2 of the ITU Document 4(Add.2)-E. Considering the magnitude of issues in International Telecommunications, India may take appropriate stand on other provisions of the draft ITR document during the WCIT discussions.

Further, the proposals from different regions to the conference as well as its preparatory process were carefully studied. In order to help the conference achieve a consensus on the various issues being discussed, the content of this proposal has been largely drawn from the output of the Council Working Group on WCIT (WCIT/4 Add.2 ” Draft of the future ITRs”).

A new proposal on 5A: Confidence and Security of Telecommunications/ICTs is also included as India believes that an international framework on Security is of importance in today’s connected world.

INTERNATIONAL TELECOMMUNICATION
REGULATIONS
PREAMBLE

MOD	IND/21/1

1 While the sovereign right of each Member State to regulate its telecommunications is fully recognized, the provisions of the present International Telecommunication Regulations (hereinafter “Regulations”) complement the Constitution and Convention of the International Telecommunication Union, with a view to attaining the purposes of the International Telecommunication Union in promoting the development of telecommunication services and their most efficient operation while harmonizing the development of facilities for world-wide telecommunications.

Reasons: This Proposal is based on CWG /4 A 2/3.

Article 1

Purpose and Scope of the Regulations

ADD IND/21/2

3A c) These Regulations recognize that Member States should endeavour to take the necessary measures to prevent interruptions of services and ensure that no harm is caused by their operating agencies to the operating agencies of other Member States which are operating in accordance with the provisions of these Regulations.

Reasons: This Proposal is based on CWG /4 A 2/12.

ADD IND/21/3

3B d) These Regulations recognize the absolute priority for safety of life telecommunications, including distress telecommunications, emergency telecommunications services and telecommunications for disaster relief as provided in Article.

Reasons: This Proposal is based on CWG /4 A 2/14.

Article 2

Definitions

ADD IND/21/4

14A 2.1A Telecommunication/ICT: Any transmission, emission or reception, including processing, of signs, signals, writing, images and sounds or intelligence of any nature by wire, radio, optical or other electromagnetic systems, having a bearing on Telecommunication Technologies and Services.

Reasons: This Proposal is based on CWG /4 A 2/48.

ADD IND/21/5

27A 2.11 Transit rate: a rate set by the point of transit in a third country (indirect relation).

Reasons: This Proposal is based on CWG /4 A 2/74.

ADD IND/21/6

27C 2.13 Spam: information transmitted over telecommunication networks as text, sound, image, tangible data used in a man-machine interface bearing advertizing nature or having no meaningful message, simultaneously or during a short period of time, to a large number of particular addressees without prior consent of the addressee (recipient) to receive this information or information of this nature.

Reasons: This Proposal is based on CWG /4 A 2/78.

ADD IND/21/7

27D 2.14 Hub: a transit center (or network operator) that offers to other operators a telecommunication traffic termination service to nominated destinations contained in the offer.

Reasons: This Proposal is based on CWG /4 A 2/80.

ADD IND/21/8

27E 2.15 Hubbing: the routing of telecommunication traffic in hubbing mode consists in the use of hub facilities to terminate telecommunication traffic to other destinations.

Reasons: This Proposal is based on CWG /4 A 2/82.

ADD IND/21/9

27F 2.16 Network fraud: (fraud on international telecommunication networks): The causing of harm to operating agencies or to the public, the wrongful obtaining of gain in the provision of international telecommunication services through abuse of trust or deception, including through inappropriate use of numbering resources.

Reasons: This Proposal is based on CWG /4 A 2/87.

ADD IND/21/10

27G 2.17 Global telecommunication service (GTS): A service which enables communication to be established through a global number between subscribers whose physical location and national jurisdiction have no bearing on the tariff to be set for the service’s use; which satisfies and complies with recognized and accepted international standards; and which is provided over the public telecommunication network by operating agencies having obtained the relevant numbering resources from ITU-T.

Reasons: This Proposal is based on CWG /4 A 2/89.

ADD IND/21/11

27H 2.21 Originating Identification: The Originating Identification is the service by which the terminating party shall receive the identity information in order to identify the origin of the communication.

Reasons: This Proposal is based on CWG /4 A 2/81.

ADD IND/21/12

27L 2.25 Stability of the international telecommunication network: The capability of the international telecommunication network to carry international traffic in the event of failure of telecommunication nodes or links and also in the face of internal and external destructive actions and to return to its original state.

Reasons: This Proposal is based on CWG /4 A 2/99.

ADD IND/21/13

27M 2.26 Security of the international telecommunication network: The capability of the international telecommunication network to withstand internal and external destabilizing actions liable to compromise its functioning.

Reasons: This Proposal is based on CWG /4 A 2/101.

ADD IND/21/14

27N 2.27 International Roaming: Provision to the subscriber of the opportunity to use telecommunication services offered by other operating agencies of other member states, with which the subscriber has not concluded an agreement.

Reasons: This Proposal is based on CWG /4 A 2/103.

ADD IND/21/15

27O 2.28 IP interconnection: IP interconnection refers to means and rules employed to ensure the delivery of IP traffic through different networks.

Reasons: This Proposal is based on CWG /4 A 2/105.

ADD IND/21/16

27P 2.29 End to end quality of service delivery and best effort delivery: End to End quality of service delivery refers to the delivery of PDU (Packet Data Unit) with predefined end-to-end performance objectives; Best-effort delivery refers delivery to of a PDU without predefined performance targets.

Reasons: This Proposal is based on CWG /4 A 2/107.

Article 3

International Network

ADD IND/21/17

31A 3.5 Member States shall ensure that international naming, numbering, addressing and identification resources are used only by the assignees and only for the purposes for which they were assigned; and that unassigned resources are not used. The provisions of the relevant ITU-T Recommendations shall be applied.

Reasons: This Proposal is based on CWG /4 A 2/134.

ADD IND/21/18

31B 3.6 International calling party number delivery shall be provided in accordance with relevant ITU-T Recommendations.

Reasons: This Proposal is based on CWG /4 A 2/142.

Article 4

International Telecommunication Services

MOD IND/21/19

34 4.3 Subject to national law, Member States shall endeavour to ensure that operating agencies provide and maintain, to the greatest extent practicable, a satisfactory quality of service corresponding to the relevant ITU-T Recommendations with respect to:

Reasons: This Proposal is based on CWG /4 A 2/168.

MOD IND/21/20

35 a) access to the international network by users using terminals which are permitted to be connected to the network and which do not cause harm or diminish the level of safety and security of technical facilities and personnel;

Reasons: This Proposal is based on CWG /4 A 2/174.

MOD IND/21/21

36 b) international telecommunication facilities and services available to customers for their use;

Reasons: This Proposal is based on CWG /4 A 2/176.

MOD IND/21/22

37 c) at least a form of telecommunication service which is reasonably accessible to the public, including those who may not be subscribers to a specific telecommunication service; and

Reasons: This Proposal is based on CWG /4 A 2/179.

MOD IND/21/23

38 d) a capability for interworking between different services, as appropriate, to facilitate international telecommunication services.

Reasons: This Proposal is based on CWG /4 A 2/181.

ADD IND/21/24

38A 4.4 Member States shall ensure that operating agencies providing international telecommunication services, including roaming, make available to subscribers information on tariffs and taxes. Each subscriber should be able to have access to such information and receive it in a timely manner and free of charge when roaming (entering into roaming), except where the subscriber has previously declined to receive such information.

Reasons: This Proposal is based on CWG /4 A 2/188.

ADD IND/21/25

38B 4.5 Given the particular characteristics of GTS, which allows subscribers to have a worldwide number, implement GTSs in accordance with the National regulations.

Reasons: This Proposal is based on CWG /4 A 2/195.

ADD IND/21/26

38E 4.8 Member States, subject to national security requirements, may foster the establishment of mutual agreements on mobile services accessed within a predetermined border zone in order to prevent or mitigate inadvertent roaming charges.

Reasons: This Proposal is based on CWG /4 A 2/201.

Article 5

Safety of Life and Priority of Telecommunications

MOD IND/21/27

39 5.1 Safety of life telecommunications, including distress telecommunications, emergency telecommunication services and telecommunications for disaster relief, shall be entitled to transmission as of right and shall, where technically practicable, have absolute priority over all other telecommunications, in accordance with the relevant Articles of the Constitution, Convention and relevant ITU-T Resolutions and Recommendations.

Reasons: This Proposal is based on CWG /4 A 2/204.

ADD IND/21/28

41B 5.5 Member States should cooperate to introduce in addition to their existing national emergency numbers, a global number for calls to the emergency services globally.

Reasons: This Proposal is based on CWG /4 A 2/217.

ADD IND/21/29

41C 5.6 Member States shall ensure that operating agencies inform every roaming subscriber of the number to be used for calls to the emergency services, while entering into roaming, free of charge.

Reasons: This Proposal is based on CWG /4 A 2/219.

ADD IND/21/30

Article 5A

Confidence and security of telecommunications/ICTs

Reasons: This Proposal is based on CWG /4 A 2/221.

ADD IND/21/31

41D 5A1. Member‐States shall have the right to take appropriate measures to protect and Secure the ICT Network infrastructure and data contained in or flowing through the Network and also to prevent the misuse of ICT network and services within their state.

5A2. The Member States should endeavour to take appropriate measures, individually or in cooperation with other Member states, to ensure Security of the ICT Network and information, including user information, contained in or flowing through the ICT network within their jurisdiction.

5A3. Member‐States should endeavour to oversee that Operating Agencies in their territory do not engage in activities which impinge on the security and integrity of ICT network such as denial of service attack, unsolicited electronic communication (spam), unsolicited access to network elements and devices etc., to enable effective functioning of ICTs in secure and trustworthy conditions.

5A4. Member States should endeavour to cooperate to harmonize national laws, jurisdictions, and practices in the relevant areas.

Reasons: Combined proposal on clauses proposed from CWG /4 A 2/222 to 232 in 5A and 5B.

Article 6

Charging and Accounting

ADD IND/21/32

43A 6.1.1A Cost of International Roaming Services

a) Member States shall encourage competition in the international roaming market;

b) Member States are encouraged to cooperate to develop policies for reducing charges on international roaming services.

Reasons: This Proposal is based on CWG /4 A 2/243.

MOD IND/21/33

45 6.1.3 Member States are free to levy fiscal taxes on international telecommunication services in accordance with their national laws; however, the Member States should endeavour to avoid international double taxation on such services.

Reasons: This Proposal is based on CWG /4 A 2/249.

ADD IND/21/34

54E 6.10 Subject to national law, Member States shall ensure that Operating Agencies collaborate in preventing and controlling fraud in international telecommunications by:

– Identifying and transmitting to the transit and destination Operating Agencies the pertinent information required for the purposes of payment for the routing of international traffic, in particular the originating Country Code, National Destination Code and the Calling Party Number.

– Following up requests of other Member States or their Operating Agencies to investigate calls that cannot be billed, and helping to resolve outstanding accounts.

– Following up requests of other Member States or their Operating Agencies to identify the source of calls originated from their territories exerting potential fraudulent activity.

Reasons: This Proposal is based on CWG /4 A 2/287.

ADD IND/21/35

54F 6.11 The ITU Standardization Sector shall be responsible for disseminating the regulatory frameworks in place in administrations having an impact on matters related to fraud.

Reasons: This Proposal is based on CWG /4 A 2/289.

ADD IND/21/36

54H 6.12A Member States shall foster the establishment of international roaming mobile services prices based on principles of reasonability, competitiveness and non-discrimination relative to prices applied to local users of the visited country.

Reasons: This Proposal is based on CWG /4 A 2/293.

ADD IND/21/37

54K 6.14 Member States should foster continued investment in high-bandwidth infrastructures.

Reasons: This Proposal is based on CWG /4 A 2/299.

ADD IND/21/38

54L 6.15 Member States shall promote cost-oriented pricing. Regulatory measures may be imposed to the extent that this cannot be achieved through market mechanisms and to the extent that such measures do not hinder competition.

Reasons: This Proposal is based on CWG /4 A 2/301.

ADD IND/21/39

54N 6.17 Member States shall promote transparency of end-user prices, in particular to avoid surprising bills for international services (e.g mobile roaming and data roaming).

Reasons: This Proposal is based on CWG /4 A 2/305.

ADD IND/21/40

54S 6.D Member States should endeavour to take measures to ensure that an adequate return is provided on investments in network infrastructures in identified areas. If this cannot be achieved through market mechanisms, then other mechanisms may be used.

Reasons: This Proposal is based on CWG /4 A 2/315.

ADD IND/21/41

54O 6.18 Member States should consider measures to favour special interconnection rates for landlocked countries.

Reasons: This Proposal is based on CWG /4 A 2/307.

ADD IND/21/42

54P 6.18A Member States should endeavour that Recognized Operating Agencies establish charging units and parameters that bill telecommunication service consumers according to what is effectively consumed.

Reasons: This Proposal is based on CWG /4 A 2/309.

ADD IND/21/43

54R 6.20 Rendering and Settlement of Accounts

6.20.1 The settlement of international accounts shall be regarded as current transactions and shall be effected in accordance with the current international obligations of the Member States and Sector Members concerned in those cases where their governments have concluded arrangements on this subject. Where no such arrangements have been concluded, and in the absence of special agreements made under Article 42 of the Constitution, these settlements shall be effected in accordance with the Administrative Regulations.

6.20.2 Administrations of Member States and Sector Members which operate international telecommunication services shall come to an agreement with regard to the amount of their debits and credits.

6.20.3 The statement of accounts with respect to debits and credits referred to in No. 498 above shall be drawn up in accordance with the provisions of the Administrative Regulations, unless special arrangements have been concluded between the parties concerned.

Reasons: The text is taken from CV 497, 498 and 499. This proposal is based on CWG /4 A 2/313.

ADD IND/21/44

57B Member States shall encourage the provision of global services based on international standards that ensure accessible telecommunications and ICT services to persons with disabilities.

Reasons: This Proposal is based on HNG /5/2.

For more details visit https://cis-india.org/internet-governance/blog/indian-govts-submission-to-itu

Submission on India's Draft Comments on Proposed Changes to the ITU's ITRs

pranesh — 2012-12-07T04:15:56Z

Given below are the responses from the representatives of civil society in India (The Society for Knowledge Commons, Centre for Internet & Society, The Delhi Science Forum, Free Software Movement of India, Internet Democracy Project and Media for Change) to the Government of India's proposals for the upcoming WCIT meeting, in December 2012, in Dubai.

Our detailed comments on India's draft proposals can be found here. Also read the final version of Indian Government's submission to ITU on November 3, 2012.

Background

We believe that, aspects of Internet governance that have been and are presently addressed by bodies other than ITU should not be brought under the mandate of the ITU through the ITRs.

Some of the proposed changes to the ITR's could have a significant negative impact on the openness of the Internet.

In addition, the processes related to the WCIT lack openness and transparency: the WCIT / ITU excludes civil society, academia and other stakeholders from participation in and access to most dialogues and documents, contrary to established principles of Internet governance as laid down in the Tunis Agenda and as supported by the Indian government at several national and international fora. The WCIT process needs to be improved both at the domestic and global level. We urge the Indian government to support a more open process in the future, with respect to deliberations that will have a significant impact on the people.

We recognise that concerns regarding cyber-security, spam, fraud, etc. are real and that some of these concerns require to be addressed at the global level. However, we believe that as a number of parallel processes are working on these specific issues, these need not be brought under the ITRs.

We therefore strongly recommend that the ITRs continue to be restricted to the infrastructure layer that has traditionally been the area of its focus and not the content or the application layer of the Internet. Any measure that impinges on these layers should be kept out of ITRs and taken up at other appropriate (multi-stakeholder) fora.

We note that the proposal ARB/7/24 defines an "operating agency" as "any individual, company, corporation or governmental agency which operates a telecommunication installation intended for an international telecommunication service or capable of causing harmful interference with such a service" and believe that this definition is too broad in scope and ambit. Inclusion of such a term would broaden the mandate of the ITU to regulate numerous actors in the Internet sphere who do not fall under the infrastructure layer of the Internet. We call on the Indian government to ensure that the term "operating agency" is defined in a narrower or more restrictive manner and only used in exceptional cases. Normally, the obligations of member states should be with respect to "recognised operating agencies" and not omnibus all "operating agencies".

Follow-up

We would like to note that we have never officially received this document directly from the Indian government. In view of the support the Indian government continually espouses for multi-stakeholder Internet governance, this is a matter of deep regret.

We are aware that the official closing date for proposals is early November. However, we also know that several governments intend to submit proposals right upto the beginning of the WCIT meeting. In addition, several governments have included civil society representatives on their official delegation.

We therefore call upon the Department of Telecommunications to organise an open consultation with civil society representatives, to discuss both India's proposals and the comments of various civil society representatives on them, in greater depth, as part of DoT’s preparation for the WCIT meeting and in line with India's espoused commitment to multi-stakeholderism. We look forward to discussing our inputs with the Government to make the decision making process on governance more participatory and inclusive.

For more details visit https://cis-india.org/internet-governance/blog/submission-on-indias-draft-comments-on-proposed-changes-to-itus-itrs

Submission by Indian Civil Society Organisations on Proposals for the Future ITRs and Related Processes

pranesh — 2012-12-07T08:00:19Z

The Centre for Internet & Society was one of the signatories of this submission which was sent in November 2012, in response to the International Telecommunication Union's call for public comments in relation to the revision of International Telecommunication Regulations that are to take place at the ITU's World Conference on International Telecommunications in Dubai from December 3 to 14, 2012.

We, the undersigned civil society organisations from India, respectfully acknowledge the important role that the ITU has played in the spread of telecommunications around the world. However, we are concerned about the lack of transparency and openness of the processes related to the WCIT: the WCIT/ITU excludes civil society, academia and other stakeholders from participation in and access to most dialogues and documents. The documents that are publicly available show that some of the proposals might deal with Internet governance. According to established principles as laid down in the Tunis Agenda - which process the ITU helped to lead - Internet governance processes are required to be multistakeholder in nature. The WCIT and ITU processes require urgent improvement with regard to openness, inclusiveness and transparency. While we appreciate the current opportunity to share our comments, we would like to encourage the ITU and its Member States to adopt a genuine multistakeholder approach at the earliest.

As mentioned, we do welcome the current opportunity to share our thoughts. Though this list is not exhaustive, some of our major concerns are as follows:

We believe that, given the historical development of present methods of internet regulation, aspects of Internet governance that have been and are presently addressed by bodies other than ITU should not be brought under the mandate of the ITU through the ITRs.

We therefore strongly recommend that the ITRs continue to be restricted to aspects of the physical layer that have traditionally been the areas of its focus. The ITRs scope should not be expanded to other layers, nor to content - any measure that impinges on these layers should be kept out of ITRs and taken up at other appropriate (multi-stakeholder) fora. In addition, it is crucial that “ICTs” and the term “processing” be excluded from the definition of telecommunication as this clearly opens up the possibility for Member States to regulate/attempt to regulate the “content/“application” layer on the internet at the ITU.

We also recommend that provisions regarding international naming, numbering, addressing and identification resources will be restricted to telephony, as should provisions regarding transit rate, originating identification and end-to-end QoS. Provisions regarding the routing of Internet traffic should not find a place in the ITRs at all.

We recognise that concerns regarding cyber security, spam, fraud, etc. are real and that some of these concerns require to be addressed at the global level. However, as these are being discussed in many other fora, we believe that the ITRs are not the best place to address these. Their inclusion here could inhibit the further evolution and expansion of the Internet. We also believe that any fora discussing cyber security should be multistakeholder, open and transparent.

We note that the proposal ARB/7/24 defines an “operating agency” as “any individual, company, corporation or governmental agency which operates a telecommunication installation intended for an international telecommunication service or capable of causing harmful interference with such a service” and believe that this definition is too broad in scope and ambit. Inclusion of such a term would broaden the mandate of the ITU to regulate numerous actors in the Internet sphere who do not fall under the infrastructure layer of the Internet. The term “operating agency” should be defined in a narrower or more restrictive manner and, irrespective of its exact definition, only be used in exceptional cases. Normally, the obligations of member states should be with respect to “recognised operating agencies” and not omnibus all “operating agencies”.

Signed:

Centre for Internet and Society
Delhi Science Forum
Free Software Movement India
Internet Democracy Project
Knowledge Commons (India)

For more details visit https://cis-india.org/internet-governance/blog/submission-on-proposals-for-future-itrs-and-related-processes

pranesh — 2012-10-04T04:53:47Z

The Centre for Internet & Society submitted its written comments on the Draft Copyright Rules, 2012 to Mr. G.R. Raghavender, Registrar of Copyrights & Director (BP&CR), Ministry of Human Resource Development.

G.R. Raghavender
Registrar of Copyrights & Director (BP&CR)
Copyright Office
Department of Higher Education
Ministry of Human Resource Development
4th floor, Jeevan Deep Building,
Parliament Street
New Delhi — 110001

Dear Sir,

This submission contains comments from the Centre for Internet and Society on the Draft Copyright Rules, 2012. I apologize for the slight delay in submitting these.

Yours sincerely,
Pranesh Prakash
Policy Director
Centre for Internet and Society

Relinquishment of Copyright

Analysis

The law in India allows anonymously and pseudonymously created works to be copyrighted as well, as is clear from section 23 of the Copyright Act. However, rule 8 as it currently is does not allow such authors to relinquish copyright. Relinquishment of copyright is a very different kind of act from registration of copyright, and hence it is not necessary to seek the same categories of information from both. Certain categories of information sought during registration of copyright ("class of work", "language of the work", "nationality of author") are required not because they help identify a work, but because they help in indexing the work ("class of work", "language of work") or in ensuring that the work is copyrightable in India ("nationality of author"). Such considerations do not matter when it comes to relinquishment of copyright, i.e., when a work is allowed to pass into the public domain. Further, technological progress has made it difficult to determine the answer to a question like "country of first publication", "nationality of the publisher", etc. If a work has been uploaded by an author on to his blog, is the publisher the author or the person hosting the blog? If an Indian author residing in India first publishes a work on the server located in Argentina, is the country of first publication India or Argentina? The answer to these questions does not make a difference to the issue of relinquishment of copyright. The only information that is required for relinquishment of rights is a) what work is being put in the public domain, b) by whom, c) from when.

Furthermore, the current requirements of rule 8 cannot easily be satisfied by using most of the popular means of relinquishing copyright (such as the CC0 — Creative Commons Zero — licence).

Recommendations

Rule 8 be modified to read: A public notice issued by an author relinquishing his or her rights as per subsection (1) of section 21 of the Copyright Act, shall include the following details: (a) Title of the work (b) Full name, or pseudonym, in case the work has not been created anonymously (c) Date of issuance of the notice (d) If copyright in the work is registered under section 45, the registration number.

Rule 9 be modified to read: Any one of the following shall constitute public notice of relinquishment of copyright: i. Mentioning of the notice on the work, or cover of the work, or in the metadata of the work if the work is electronic; or ii. Publication in a newspaper; or iii. Publication by the author on a publicly-accessible website

Rule 10 be modified to add the following sentence: The author shall forward a copy of the public notice to the Registrar of Copyright if copyright in the work has been registered under section 45 and on receiving such notice, the Registrar of Copyright shall post the same on the website of the Copyright Office.

Statutory Licence for Cover Versions

Analysis

Rule 34(2) is redundant and does not contain any detail not already present in the existing proviso to section 31C(1) of the Copyright Act. Additionally, Rule 35 also does not contain any detail not already present in the existing parent provision, section 31C of the Copyright Act.

Recommendations

Rules 34(2) and 35 be deleted.
Rule 37 should be modified to add a sub-rule requiring maintenance of records online.

Indexes

Analysis

In rule 71(3), it requires that the indexes be maintained in the form of cards. These are presumably physical cards. It is unclear why the rule should not require the maintenance of these indexes online to facilitate search by the public. Further entries 13 and 14 of Schedule II are from a time when the transaction costs incurred by the Registrar of Copyright for providing extracts from an Index were non-negligible, and hence it would have been necessary to charge a person for such services. With the capabilities of electronic systems, such retrievals are almost costless, and can be done without the intervention of the Registrar of Copyright. Hence entries 13 and 14 should not be made applicable to online retrievals. If copyright societies can be required to provide information free of costs on their websites (as per rule 65), the Registrar of Copyright should be required to do so too.

Recommendation

Modify sub-rule (3) of rule 71 to read: "Every Index shall be available online as a downloadable database, with an online search facility."

Modify the second sentence in rule 72 to read: "The online search or inspection of the Register of Copyrights and Indexes can be utilised free of cost."

Storage of Transient or Incidental Copies of a Work

Analysis

It is not clear enough from the language of rule 74 that it applies only to s.52(1)(c) and not to s.52(1)(b). Since only s.52(1)(c) has a complaints mechanism, this should be made clear.

Importantly, to protect the interest of the public, the intermediaries should be asked to give public notice regarding the alleged infringing copy to ensure that the take-down mechanism is not abused, and secondly to ensure that the public can independently verify that intermediaries are following the requirement in rule 74(4) of restoring storage of the work if no court order is forthcoming within 21 days.

Lastly, there is no clear precedent in India to treat a uniform resource identifier (URI) as 'place' for purposes of section 51(a)(ii) of the Copyright Act, 1957. Therefore it is necessary to further clarify the meaning of the term 'place' as used in current Rule 74(2)(d). This would be best served by using the correct technological term ("URI") instead of the word "place".

Recommendation

Modify sub-rule (1) of rule 74 to: "Any owner of copyright may give a written complaint as per clause (c) of subsection (1) of section 52 of the Copyright Act to a person who has facilitated..."

Add sub-rule (6) to rule 74: "The person responsible for storage shall put up a public notice thereby notifying all persons requesting access to the alleged infringing copy by stating reasons for restraining such access whether during the period of 21 days from the complaint from the copyright owner, or pursuant to an order from a competent court."

Modify rule 74(2) to read: "Details of the specific uniform resource identifier (URI) where transient or incidental storage of the work may be taking place."

Making or Adapting the Work by Organizations Working for the Benefit of Persons with Disabilities

Analysis

Rule 75 requires organizations making use of the exception granted under s.52(1)(zb) to maintain records. This could not have been the intention of the legislature in passing s.52(1)(zb), since that provision does not require any maintenance of records. Indeed, none of the exceptions ennume-rated in s.52(1) require the maintenance of records. This is in contrast with s.31B, which is also applicable to organizations working for the benefit of persons with disabilities, but only those that are doing so as a for-profit venture. Rule 29(6) already requires the Registrar of Copyright to notify the grant of a licence under s.31B in the Official Gazette. That provision may be modified to add that the Registrar of Copyright maintains these records in a centralized database that can be queried online.

Recommendations

Delete rule 75, and modify rule 29(6) to include a centralized database.

Technological Protection Measures

Analysis

Most experts seem to hold that s.65A of the Indian Copyright Act does not affect circumvention tools, as it only deals with the act of unauthorized circumvention and not with the tools, in sharp contrast with s.1201(a)(2) of the Digital Millennium Copyright Act in the US, which criminalises the "manufacture, import, offer to the public, provision, or otherwise trafficking in any [circumvention] technology, product, service, device, component, or part thereof". The Indian law has conciously chosen not to emulate the DMCA in this respect, as the WIPO Copyright Treaty does not require it.

The broad understanding of "facilitation" contained the Copyright Rules unfortunately seem to undermine this clear distinction. If facilitation is understood to include offer to the public, provision, or distribution, as seems to be the case in Rule 79(3) and 79(4), then law becomes unworkable with each and every website that allows for the downloading of any software that can be used to play DVDs, etc., must specifically keep a register of downloaders from India. This is unnecessary, and goes beyond the intent of s.65A, which is to cover those who actively facilitate circumvention and not those who make available the tools to circumvent. This distinction should not be blurred.

Recommendation

Delete sub-rules (3) and (4) of rule 79.

For more details visit https://cis-india.org/a2k/feedback-to-draft-copyright-rules-2012

Centre for Internet and Society

No Civil Society Members in the Cyber Regulations Advisory Committee

Government Not Serious

Breakdown by Stakeholder Groupings

List of Members of Cyber Regulatory Advisory Committee

Response to RTI on Decisions of the Cyber Regulation Advisory Committee

The Worldwide Web of Concerns

The Worldwide Web of Concerns

Fixing India’s anarchic IT Act

Breaking Down Section 66A of the IT Act

Term of Punishment

"Sending" vs. "Publishing"

Section 66A(c)

Section 66A(b)

Section 66A(a)

Constitutional Arguments in Importing Laws from the UK

Genealogy of UK Law on Sending 'Indecent', 'Menacing', 'Grossly Offensive' Messages

Comparison between S. 66A and Other Statutes

Draft nonsense

Section 66A of the Information Technology Act

Arbitrary Arrests for Comment on Bal Thackeray's Death

Facts of the case

What provisions of law were used?

Was the law misapplied?

Role of bad law and the police

Rule of law

Social Media Regulation vs. Suppression of Freedom of Speech and Expression

Will The International Telecommunication Regulations (ITRs) Impact Internet Governance? A Multistakeholder Perspective

Principles

Conclusion

Statement of Civil Society Members and Groups Participating in the "Best Bits" pre-IGF meeting at Baku in 2012

Signatories:

Indian Government's Submission to ITU

Submission on India's Draft Comments on Proposed Changes to the ITU's ITRs

Background

Follow-up

Submission by Indian Civil Society Organisations on Proposals for the Future ITRs and Related Processes

Feedback to Draft Copyright Rules, 2012

Relinquishment of Copyright

Analysis

Recommendations

Statutory Licence for Cover Versions

Analysis

Recommendations

Indexes

Analysis

Recommendation

Storage of Transient or Incidental Copies of a Work

Analysis

Recommendation

Making or Adapting the Work by Organizations Working for the Benefit of Persons with Disabilities

Analysis

Recommendations

Technological Protection Measures

Analysis

Recommendation