Centre for Internet and Society

Bios and Photos of Speakers for Big Data in the Global South International Workshop

praskrishna — 2015-11-06T02:01:15Z

For more details visit https://cis-india.org/internet-governance/blog/big-data-global-south-international-workshop-bios-and-photos.pdf

October 2015 Bulletin

praskrishna — 2016-06-18T17:59:14Z

Our newsletter for the month of October is below.

The Centre for Internet & Society (CIS) is happy to share the tenth issue of CIS newsletter (October 2015). It has been a significant month for us. There have been crucial public debates on the violation of digital privacy of individuals and institutions, discussions on India’s national policy on access to knowledge rights, and re-examination of bans on access to internet services imposed by various state governments in India. CIS kept itself engaged with research on these topics from a public interest perspective. Previous editions of the newsletter can be accessed at http://cis-india.org/about/newsletters.

-------------------------------
Highlights
-------------------------------

NVDA team conducted a training programme in West Bengal in the month of September. Fourteen delegates attended the programme. Nirmal Verma was the trainer.
Nehaa Chaudhari authored an article that provides insights into the final draft of India’s National IPR Policy.
Odia Wikisource celebrated its first anniversary in Bhubaneswar. The event was prominently covered in various news channels. Subhashish Panigrahi wrote a blog post.

In 2013, the interview project “WikipediansSpeak” was launched in response to observations that many noteworthy Wikimedians were being underrepresented both locally and globally. For improving their visibility and reach, CIS-A2K interviewed Telugu Wikimedian Viswanadh B.K.

CIS initiated an effort to crowdsource incidents of violation of digital, online and telephonic privacy of persons and organizations in India and shared the full list of public incidents under CC-BY-SA international license.

Sunil Abraham wrote a column in the Week telling readers that internet of things phenomenon is based on a paradigm shift from thinking of the internet merely as a means to connect individuals, corporations and other institutions to an internet where all devices in (insulin pumps and pacemakers), on (wearable technology) and around (domestic appliances and vehicles) humans beings are connected.

Pranesh Prakash, Padmini Baruah and Jyoti Panday wrote a blog post that questions the division of the three IANA functions — names, numbers and protocols — given that there is no no real technical stability to be gained from a unified Post Transition IANA.

CIS analysed five main mailing lists where the IANA transition plan was formulated. The research found that the discussions around IANA transition have not been driven by the “global multi-stakeholder community”, but mostly by males from industry in North America and Western Europe.

In recent months, there was a spree of bans on access to Internet services in Indian states, for different reasons. State governments relied on Section 144 of Criminal Procedure Code for imposing the bans. Geetha Hariharan and Padmini Baruah in a blog post argued that Section 69A of the Information Technology Act, 2000 should be evoked if necessary and not that of the Criminal Procedure Code.
Zero Draft of the UN General Assembly's Overall Review of implementation of WSIS Outcomes was released on October 9. CIS responded to the call with its comments.
Shyam Ponappa’s monthly column published in the Business Standard talks about Digital India and the Prime Minister’s visit to the Silicon Valley.

CIS has announced the Internet Researchers’ Conference (IRC 2016), an annual conference series. The first edition is expected to take place from February 25 to 27, 2016 (yet to be confirmed). CIS invites you to propose sessions for the conference by Sunday, November 15, 2015.

----------------------------------------------
Accessibility and Inclusion
----------------------------------------------
Under a grant from the Hans Foundation we are doing a project on developing text-to-speech software for 15 Indian languages. The progress made so far in the project can be accessed here.

►NVDA and eSpeak

# Monthly Updates

October 2015 Report (Suman Dogra; October 31, 2015).

# Event Report

Training in use of eSpeak Bengali with NVDA (Organized by CIS; Turnstone Matruchaya, Siligudi, West Bengal; September 7 – 9, 2015). The report was published in the month of October.

-----------------------------------------------------------
Access to Knowledge
-----------------------------------------------------------
As part of the Access to Knowledge programme we are doing two projects. The first one (Pervasive Technologies) under a grant from the International Development Research Centre (IDRC) is for research on the complex interplay between pervasive technologies and intellectual property to support intellectual property norms that encourage the proliferation and development of such technologies as a social good. The second one (Wikipedia) under a grant from the Wikimedia Foundation is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Pervasive Technologies

# Blog Entries

Compilation of Mobile Phone Patent Litigation Cases in India (Rohini Lakshané; March 15, 2015). This post was recently updated.
Comparison of National IPR Strategy September 2012, National IPR Strategy July 2014 and Draft National IP Policy, December 2014 (Amulya Purushothama; October 15, 2015).
National IPR Policy Series: Quick Observations on the Leaked Draft of the National IPR Policy (Nehaa Chaudhari; October 18, 2015).

# Participation in Event

IPEX 2015 (Organized by the Confederation of Indian Industry, APTDC and TDPC; September 25 - 26, 2015; Hotel Westin, Chennai). Rohini Lakshané attended the event.

►Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

# Blog Entries

WikipediansSpeak: Telugu-language library catalog project helps Wikipedia grow (Subhashish Panigrahi; October 11, 2015). This was published on Wikimedia blog in two languages English and Ukranian.
A Kannada Wikipedia brochure for newbies (U.B. Pavanaja; October 19, 2015).
Odia Wikisource to Celebrate Its First Anniversary in Bhubaneswar (Subhashish Panigrahi; Mybhubaneswar.com; October 24, 2015).

# Op-ed

ଓଡ଼ିଆ ଉଇକିପାଠାଗାରର ଆବଶ୍ୟକତା (Need for an Odia-language Wikisource) (Subhashish Panigrahi; Samaja; October 25, 2015).

# Media Coverage

CIS gave its inputs to the following:

ଓଡ଼ିଆ ଉଇକିପାଠାଗାରର ଆବଶ୍ୟକତା ସମାଜ (Full Odisha.com; October 24, 2015).
Odia Wikisource celebrates 1st anniversary this 25th October (Bhubaneswar Buzz; October 24, 2015).
Odia Wikisource to celebrate its first anniversary tomorrow! (Odisha Sun Times; October 25, 2015).
Odia language classics could now be read from phones, tablets and of course from computers! (Orissadairy; October 25, 2015).
Odia Wikisource to Hold 1st Anniversary (Pioneer; October 26, 2015).
Otago Southland are the Coolest (Library and Information Association of New Zealand; October 26, 2015). The submission was accepted for Wikimania 2015.
India & France to digitise manuscripts, artworks & archives (Medianama; October 29, 2015).

-----------------------------------------------
Internet Governance
-----------------------------------------------
As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and International Development Research Centre (IDRC)) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on studying the restrictions placed on freedom of expression online by the Indian government.

►Big Data

# Article

Connected Trouble (Sunil Abraham; November 1, 2015).

# Upcoming Event

Big Data in the Global South International Workshop (Organized by Institute for Technology and Society of Rio de Janeiro; Hotel Windsor Florida, Rua Ferreira Viana, Flamengo, Rio de Janeiro, Brazil; November 16 – 17, 2015). Sunil Abraham and Vipul Kharbanda will be speaking at this event.

►Privacy

# Blog Entries

Contestations of Data, ECJ Safe Harbor Ruling and Lessons for India (Jyoti Panday; October 14, 2015).
Crowdsourcing Incidents of Communication Privacy Violation in India (Sumandro Chattapadhyay; October 16, 2015).

# Event Organized

Communication Rights in the Age of Digital Technology (Organized by CIS; Deck Suite Hall, 5th Floor, Habitat Centre, Lodhi Road, Near Air Force Bal Bharti School, New Delhi; October 30, 2015).

# Participation in Events

The Changing Landscape of ICT Governance and Practice - Convergence and Big Data (Co-organized by Innovation Center for Big Data and Digital Convergence, Yuan Ze University, Taiwan; August 24 – 25, 2015). Sharat Chandra Ram was granted the Young Scholar Award 2015 to attend the Young Scholar Workshop followed by main CPRSouth2015 conference (Communication Policy Research South) conference.
Porn. Panic. Ban: A Conversation on Sexual Expression, Pornography, Sexual Exploitation, Consent (Organized by Point of View and the Internet Democracy Project; New Delhi; October 28 - 30, 2015). Rohini Lakshané was a speaker. Tanveer Hasan also attended this conference.

►Free Speech and Expression

# Submission

Comments on the Zero Draft of the UN General Assembly’s Overall Review of the Implementation of WSIS Outcomes (WSIS+10) (Geetha Hariharan with inputs from Sumandro Chattapadhyay, Pranesh Prakash, Sunil Abraham, Japreet Grewal and Nehaa Chaudhari; October 16, 2015).

# Blog Entries

The Legal Validity of Internet Bans: Part I (Geetha Hariharan and Padmini Baruah; October 8, 2015).
The Legal Validity of Internet Bans: Part II (Geetha Hariharan and Padmini Baruah; October 8, 2015).
Peering behind the veil of ICANN's DIDP (II) (Padmini Baruah; October 15, 2015).
The 'Global Multistakholder Community' is Neither Global Nor Multistakeholder (Pranesh Prakash; October 20, 2015).
Do we need a Unified Post Transition IANA? (Pranesh Prakash, Padmini Baruah and Jyoti Panday; October 23, 2015).

# Event Organized

Cyber Security Policy Research (CIS, New Delhi; October 18, 2015). Tim Maurer gave a talk.

# Participation in Events

Cyfy 2015: The India Conference on Cyber Security and Internet Governance (Organized by Observer Research Foundation; Hotel Tajmansingh; New Delhi; October 14 – 16, 2015). Sunil Abraham was a panelist in the session "Protection of Intellectual Property and Business Secrets in the Knowledge Economy".
ICANN 54 (Organized by ICANN; INEX - Ireland’s Internet Neutral Exchange, Dublin; October 18 – 22, 2015). Pranesh Prakash, Snehashish Ghosh, Jyoti Panday and Padmini Baruah participated in the event.

--------------------------------
Telecom
--------------------------------

CIS is involved in promoting access and accessibility to telecommunications services and resources and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

# Op-ed

Digital India - Now to Work (Shyam Ponappa; Business Standard; October 1, 2015; Organizing India Blogspot; October 2, 2015).

--------------------------------
Researchers at Work
--------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by contemporary concerns to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It is interested in producing local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

# Submission

Where's My Data? Submission for Knight News Challenge 2015 (Sumandro Chattapadhyay; October 1, 2015). CIS is contributing to this submission.

# Blog Entry

Building Expertise to Support Digital Scholarship: A Global Perspective (Vivian Lewis, Lisa Spiro, Xuemao Wang, and Jon E. Cawthorne; October 16, 2015). CIS was featured in this report.

# Upcoming Event

First Edition of Internet Researchers' Conference (IRC) 2016 - Studying Internet in India: Call for Sessions (Organized by CIS; New Delhi; February 25 – 27, 2016).

---------------------------------
News & Media Coverage
---------------------------------
CIS gave its inputs to the following media coverage:

The rise and rise of slacktivism (Divya Gandhi; Hindu; October 3, 2015).
Modi's Valley hug sparks swadeshi talk (Sujit John and Shilpa Phadnis; The Times of India; October 6, 2015).
CIS in Top 50 Tech Blogs of India (rebateszone; Ocotber 7, 2015).
Access at the cost of Net neutrality? (Suhrith Parthasarathy; Hindu; October 8, 2015).
Dadri reopens debate on online hate speech (Amulya Gopalakrishnan; The Times of India; October 9, 2015).
How To Win Friends, FB Style (Arindam Mukherjee; Outlook; October 12, 2015).
Supreme Court provides partial relief for Aadhaar (Apurva Vishwanath and Saurabh Kumar; October 15, 2015).
Digital India: Did Modi get it wrong in Silicon Valley? (Ayeshea Perera; BBC News; October 16, 2015).
Net advocacy body probing linkages between telcos and Facebook’s auto-play video option (Prabhu Mallikarjunan; Financial Express; October 28, 2015).

---------------------------------
About CIS
---------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/october-2015-bulletin

We've come a long, long way together: building coalitions around the right to privacy

praskrishna — 2015-10-29T01:30:50Z

Our worldwide coalition against surveillance is expanding, reaching organisations across all continents and silos.

This article by Matthew Rice was published as part of an openDemocracy editorial partnership with the World Forum for Democracy. Centre for Internet and Society was mentioned.

In the wider civil society space, the opportunities for travel come thick and fast. From the multi-stakeholder perspective, the Internet Governance Forum will be held during November in João Pessoa, Brazil. There is the Stockholm Internet Forum in, naturally, Stockholm. In freedom of expression there is the International Freedom of Expression Exchange Strategy Conference in Trinidad & Tobago, while End Violence Against Women International's conference will be held in Washington in March 2016. What doesn't happen often is an opportunity for these weary travellers to meet in one place and discuss their backgrounds, their similarities, their differences. This is what excites me about the upcoming World Forum for Democracy, which will be organised by the Council of Europe in Strasbourg on 18-20 November 2015. It will be an occasion to meet new people, to bring more minds to think about how surveillance affects their work as well as them as individuals within our and their society, and to discover what the right to privacy means to them.

Building coalitions working on surveillance has reached a new stage. We now have a strong international network of organisations from diverse countries already representing an impressive array of stakeholders across disciplines. That took time and effort to build. The next phase is to push even further the diversity in background and discipline of organisations engaged in these debates as we advocate for the protection of the right to privacy as a fundamental human right.

NSA/GCHQ who?

While the focus of privacy and surveillance in the media has been on the deeply important Edward Snowden revelations, building a global network has provided an opportunity to move away from the simplified nexus of NSA and GCHQ. Casting an eye around the world we see organisations making gains in elevating their national discourse around privacy and pushing governments to make changes. In Pakistan, a successful challenge against the dangerously bad Prevention of Electronic Crime Bill because of its lack of inclusion of civil society in the debate led to the postponement of the bill and a consultation with the previously frozen out groups. Alongside this, exposing Pakistan's Inter-Security Intelligence agency's proposal for a mass surveillance system helped to drive national debate on what is a proportionate interference with the right to privacy, which involved local groups such as the Digital Rights Foundation, Bytes 4 All and Bolo Bhi.

In Colombia, the release of two investigative reports into the shadowy world of intelligence agencies has provided organisations in the country with the opportunity to question their own representatives about their knowledge of surveillance capabilities. A meeting of the intelligence commission, the committee that oversees the work of Colombian intelligence agencies, in early October was too coincidental to not have been influenced by the work of organisations like the Karisma Foundation in beginning discussions with lawmakers directly and delivering the reports to the relevant stakeholders.

Only five years ago, these stories of civil society stirring debates on privacy and national security wouldn't have been possible.

It has taken years for this global network to form. Privacy International began the conversation through work in Asia in mid-2008. This is often referred to as the first time that the right to privacy had been discussed with organisations in the region, such as the Centre for Internet and Society in India, or the Foundation for Media Alternatives in the Philippines. Those first conversations have come a long way, as shown by the development of initiatives like the International Principles on the Application of Human Rights to Communications Surveillance, which has been signed by 420 organisations from around the world, as well as the expansion of Privacy International across continents from Latin America to Africa and Asia.

Discovering new allies

Establishing this global network required the identification of an ideal type of partnering organisation. It was to be either engaged in research or activism, with a focus on policy relating to modern forms of communication like the internet. An interest in law, the state, and the effect of the private sector helped too. Now, this ideal type is being rewritten, expanded with new characteristics.

Coalition development is in a new phase. Groups outside of the field of internet governance and 'digital rights' are now becoming involved in the debate about privacy and surveillance. In Britain, the role of organisations focused on victim support and child protection are starting to taking an active role in the discussions about the forthcoming Investigatory Powers Bill, which will spell out the powers of the security services to conduct surveillance and associated safeguards. Other civil society actors will be represented in the coalition Don't Spy On Us, which includes organisations such as Privacy International, Open Rights Group, Liberty, Big Brother Watch, Article 19 and English PEN, and which has helped to expand the base of participants in the discussions.

Journalist groups have been growing in their presence also. Press Gazette's Save Our Sources campaign focused on the protection of the anonymity of sources after the unlawful use of the Regulation of Investigatory Powers Act to identify the source of a story from The Sun. The National Union of Journalists has also been running a campaign on these issues for over a year.

The global network has continued to expand its address book too. In Chile, Derechos Digitales has been reaching out to indigenous communities threatened with displacement from their land to discuss the effect surveillance has had on their work. Meanwhile, in South Africa, the Right 2 Know Campaign published a series of case studies on the harassment of various activists, community leaders, think tanks and local unions by intelligence agencies.

These past few years have shown groups from different professional backgrounds and operating at different scales, either nationally or internationally, have become more engaged in the topic of surveillance. This is both a natural and a necessary development. As our lives are increasingly dependent upon the use of technology to communicate, and the devices we carry broadcast information about us even when we are not using them, the discussion on privacy and surveillance needs to reach all areas of society.

The idea to be presented at the World Forum for Democracy is built on the back of this international movement. Currently, national jurisdictions around the world make a distinction between the communications of a national and those of a non-national, and afford them with different human rights protection. In our increasingly interconnected world, this distinction is a big hurdle to the realisation of a meaningful right to privacy, without discrimination. By introducing a right to privacy through interference based jurisdiction – where states owe a negative obligation not to interfere with a person’s communication – our right to privacy will travel with the communications we send.

The success of this idea requires a worldwide, international movement with diverse voices, who will work towards this change using the skills and experiences acquired in their own work, whether that is through strategic litigation, policy development or community organising. All skills and approaches have a role to play in realising the right to privacy across the world.

As I look at the programme for the World Forum for Democracy, and at the different Labs to be held, I see an opportunity to continue to expand this coalition, as well as to learn from other groups’ experiences of building similar movements. Labs organised by interfaith, intercultural, or anti-hate groups bring together people that Privacy International would not normally cross paths with. Meeting new ideas and perspectives on how to achieve change – this is where creativity sparks.

The past few years have exposed Privacy International’s area of work to different cultures, different contexts and different challenges. It has been for the better. The participation of PI, along with some of its partners, in the World Forum for Democracy appears set to carry on this trend.

For more details visit https://cis-india.org/internet-governance/news/open-democracy-matthew-rice-

Encryption and Anonymity: Rights and Risks

praskrishna — 2015-10-27T02:37:45Z

Internet Governance Forum (IGF) 2015 will be held at Jao Pessoa in Brazil from November 10 to 13, 2015. The theme of IGF 2015 is Evolution of Internet Governance: Empowering Sustainable Development. ARTICLE 19 and Privacy International are organizing a workshop on Encryption and Anonymity on November 12, 2015. Pranesh Prakash is a speaker.

This was published on the IGF website.

Encryption and anonymity are two key aspects of the right to privacy and free expression online. From real-name registration in Iran to the UK Prime Minister's calls for Internet backdoors to encrypted communications, however, the protection of encrypted and anonymous speech is increasingly under threat. Recognising these challenges, the UN Special Rapporteur on freedom of expression, David Kaye, presented a report to the Human Rights Council in June 2015 which highlighted the need for greater protection of encryption and anonymity.

Five months on from the Special Rapporteur’s report, the participants in this roundtable will discuss his recommendations and the latest challenges to the protection of anonymity and encryption. For example, how can law enforcement demands be met while ensuring that individuals still enjoy strong encryption and unfettered access to anonymity tools? What steps should governments, civil society, individuals and the private sector take to avoid the legal and technological fragmentation of a tool now vital to expression and communication? How can individuals protect themselves from mass surveillance in the digital age?

At the end of the session, the participants should have identified areas for future advocacy both at the international and domestic levels as well as areas for further research for the protection of anonymity and encryption on the Internet.

Agenda

Moderator welcomes speakers and audience.
Outline of key issues on encryption and anonymity, including summary of the UN Special Rapporteur's report.
Each speaker speaks for 5-7 mins, giving their perspective re the issues.
Questions from participants, including remote participation via Twitter.
Conclusion and steps for further action.

About IGF 2015

Internet Governance Forum (IGF) is a multistakeholder, democratic and transparent forum which facilitates discussions on public policy issues related to key elements of Internet governance. IGF provides enabling platform for discussions among all stakeholders in the Internet governance ecosystem, including all entities accredited by the World Summit on the Information Society (WSIS), as well as other institutions and individuals with proven expertise and experience in all matters related to Internet governance.

After consulting the wider Internet community and discussing the overarching theme of the 2015 IGF meeting, the Multistakeholder Advisory Group decided to retain the title “Evolution of Internet Governance: Empowering Sustainable Development”. This theme will be supported by eight sub-themes that will frame the discussions at the João Pessoa meeting.

For more details visit https://cis-india.org/internet-governance/news/encryption-and-anonymity-rights-and-risks

FOSS & a Free, Open Internet: Synergies for Development

praskrishna — 2016-06-18T17:57:53Z

Internet Governance Forum (IGF) 2015 will be held at Jao Pessoa in Brazil from November 10 to 13, 2015. The theme of IGF 2015 is Evolution of Internet Governance: Empowering Sustainable Development. Civil Society is organizing a workshop on FOSS and a Free, Open Internet. The workshop will be held on November 13, 2015 from 2.00 p.m. to 3.30 p.m. Sunil Abraham and Pranesh Prakash will be speaking at this event.

This was published on the IGF website.

The workshop will explore links between the Free and Open nature of the Internet and the Free and Open Source Software through a series of experience sharing among the speakers as well as audiences. The speakers have been selected on the basis of their wide exposure and geographical and occupational diversity.

As ICTs permeate lives of people around the world, code is fast emerging as an instrument that can change lives. In many parts of the world, the 4Rs of primary education are Reading, wRiting, aRithmetic and pRogramming, indicative of the role that ICTs will play in the future.

Free and Open Source Software (FOSS) is, inter alia, a mechanism whereby code, and consequently the ability to code, is being democratized. In contrast with centralized proprietary models, FOSS allows decentralized creation, distribution and maintenance of code. Such democratization enables grassroots level application of code to solve local problems, leading to more empowered communities. Free flow of code is therefore important to ensure that communities to stay 'plugged in' and current. Code also enables communities to side-step practices such as surveillance, censorship.

A Free, Open, Unfragmented Internet is of critical importance to FOSS--without a free Internet, the FOSS-based peer-production methodologies for code would be infeasible. Interestingly, the Internet also needs the innovations of FOSS to remain free & open, thus forming a positive mutual dependency.

Both FOSS and the Internet are at risk from forces that are seeking increasing control over content and fragmentation, challenging its openness. This would be inimical to the rights of present & future generations to use technology to improve their lives.

The Round-table seeks to highlight perspectives from the participants about the future co-developemnt of FOSS and a free, open Internet; the threats that are emerging; and ways for communities to surmount these.

Name, stakeholder group, and organizational affiliation of workshop proposal co-organizer(s)

Civil Society
Technical Community
Private Sector

Has the proposer, or any of the co-organizers, organized an IGF workshop before?

yes

The link to the workshop report

http://wsms1.intgovforum.org/content/no80-steady-stepsfoss-and-mdgs

Subject matter #tags that describe the workshop

#openInternet #foss #codefordev

Description of the plan to facilitate discussion amongst speakers, audience members and remote participants

Besides specially identified resource persons, the Roundtable will invite IGF participants who are part of FOSS communities around the world (particularly Brazil, which has a vibrant FOSS community). Participation will include real-time remote participation from FOSS communities around the world, as well as Twitter and email-based submission of ideas and thoughts.

The Round-table format has been chosen for many-to-many interactions so as to generate a wealth of ideas. No speaker shall speak for more than 5 minutes. Two moderators will guide discussions, and a rapporteur will ensure that ideas are captured. The report of the Roundtable would be posted to all participating communities so as to stimulate grassroots-level action.

Names and affiliations (stakeholder group, organization) of the participants in the proposed workshop

Mr.Satish Babu, Technical Community, Director, International Centre for FOSS, Trivandrum, India, who shall provide technical inputs of FOSS and its relevance, particularly to emerging economies, Confirmed

Ms. Judy Okite, Civil Society, FOSS Foundation for Africa, is an experienced activist who has been promoting the use of FOSS in Africa. Seeking funding at present.

Ms. Mishi Choudhary, Private Sector, Software Freedom Law Centre, New York, is a lawyer working with FOSS and its legal implications for over two decades. Confirmed

Mr. Fernando Botelho, Private Sector, heads F123 Systems, Brazil, a FOSS-centric company that provides accessibility solutions to visually impaired people. Confirmed

Mr. Sunil Abraham, Centre for Internet and Society (CIS), Bangalore, a civil society organization working on Internet and public policy. Confirmed

Mr. Pranesh Prakash, Centre for Internet and Society (CIS), Bangalore, a civil society organization working on Internet and public policy. Confirmed

Ms. Nnenna Nwakanma- WWW.Foundation, a Civil Society organization working in Africa on a broad range of areas including FOSS. Confirmed

Mr. Yves MIEZAN EZO, Open Source strategy consultant, Private Sector. Seeking funding for participation.

Mr. Harish Pillay, Private Sector, RedHat Asia-Pacific. Seeking funding for participation.

Corinto Meffe, Advisor to the President and Directors, SERPRO, Brazil. Confirmed

Frank Coelho de Alcantara, Professor, Universidade Positivo, Brazil, Confirmed

Ms. Caroline Burle, Institutional and International Relations, W3C Brazil Office and Center of Studies on Web Technologies - CeWeb.br (a CGI.br/NIC.br initiative). Confirmed

Name of in-person Moderator(s)

Satish Babu, Mishi Choudhary

Name of Remote Moderator(s)

Judy Okite

Name of Rapporteur(s)

Pranesh Prakash

Description of the proposer's plans for remote participation

Besides around 30 persons at the IGF, we will be providing wide publicity for the workshop through FOSS communities and networks. Besides live audio/video participation, Twitter shall be a key resource for real-time participation. There shall be a Twitter co-ordinator identified whose role will be to tweet the salient points at the Roundtable periodically for the benefit of documenting and informing interested communities.

For those that have either technical difficulties or time-zone problems, ideas and comments can be submitted by email before the workshop to the moderators.

For more details visit https://cis-india.org/internet-governance/news/foss-a-free-open-internet-synergies-for-development

Cyfy 2015: The India Conference on Cyber Security and Internet Governance

praskrishna — 2015-10-17T14:44:42Z

In its third year, Cyfy; South Asia’s biggest internet policy conference is being held in New Delhi, from 14-16 October, 2015. The event is organized by Observer Research Foundation at Hotel Taj Mansingh. Sunil Abraham is a panelist in the session "Protection of Intellectual Property and Business Secrets in the Knowledge Economy".

Building on its scope and scale of the previous year — over 55 speakers, from 12 countries, with 350 attendees — the conference discusses issues that affect the emerging world and developed world alike. The conversations will further and widen the debate around internet governance, security, surveillance, freedom of expression, norms of state behaviour, technology and specific societal challenges that emerging and developing countries seek to address by the effective design and deployment on these technologies. In 2015, Cyfy will bring together more experts from South Asia, in order to present new thought on the specific challenges of internet access, policy and regulation, e-governance, financial inclusion, and bottom of the pyramid solutions.

Along with its growing network of both Indian and international partners, ORF looking forward to hosting another thought-provoking and productive few days, and bridging some digital divides in contemporary internet cyber policy debates.

Protection of Intellectual Property and Business Secrets in the Knowledge Economy

Over the past decade, there has been an exponential rise in cyber-enabled theft of intellectual property, and it has been recognized as an unfair predatory practice. With the rise of the globalized knowledge economy, the stability of open trading systems increasingly depends on cross-border IP protection. What is the relevance of the protection of intellectual property and business secrets for economic development and stability of the international trading system?

Download the agenda For more info visit here.

For more details visit https://cis-india.org/internet-governance/news/cyfy-2015-india-conference-on-cyber-security-and-internet-governance

Contestations of Data, ECJ Safe Harbor Ruling and Lessons for India

jyoti — 2015-10-14T14:40:08Z

The European Court of Justice has invalidated a European Commission decision, which had previously concluded that the 'Safe Harbour Privacy Principles' provide adequate protections for European citizens’ privacy rights for the transfer of personal data between European Union and United States. The inadequacies of the framework is not news for the European Commission and action by ECJ has been a long time coming. The ruling raises important questions about how the claims of citizenship are being negotiated in the context of the internet, and how increasingly the contestations of personal data are being employed in the discourse.

The European Court of Justice (ECJ) has invalidated a European Commission (EC) decision¹ which had previously concluded that the 'Safe Harbor Privacy Principles'² provide adequate protections for European citizens’ privacy rights³ for the transfer of personal data between European Union and United States. This challenge stems from the claim that public law enforcement authorities in America obtain personal data from organisations in safe harbour for incompatible and disproportionate purposes in violation of the Safe Harbour Privacy Principles. The court's judgment follows the advice of the Advocate General of the Court of Justice of the European Union (CJEU) who recently opined⁴ that US practices allow for large-scale collection and transfer of personal data belonging to EU citizens without them benefiting from or having access to judicial protection under US privacy laws. The inadequacies of the framework is not news for the Commission and action by ECJ has been a long time coming. The ruling raises important questions about how increasingly the contestations of personal data are being employed in asserting claims of citizenship in context of the internet.

As the highest court in Europe, the ECJ's decisions are binding on all member states. With this ruling the ECJ has effectively restrained US firms from indiscriminate collection and sharing of European citizens’ data on American soil. The implications of the decision are significant, because it shifts the onus of evaluating protections of personal data for EU citizens from the 4,400 companies⁵ subscribing to the system onto EU privacy watchdogs. Most significantly, in addressing the rights of a citizen against an established global brand, the judgement goes beyond political and legal opinion to challenge the power imbalance that exists with reference to US based firms.

Today, the free movement of data across borders is a critical factor in facilitating trade, financial services, governance, manufacturing, health and development. However, to consider the ruling as merely a clarification of transatlantic mechanisms for data flows misstates the real issue. At the heart of the judgment is the assessment whether US firms apply the tests of ‘necessity and proportionality’ in the collection and surveillance of data for national security purposes. Application of necessity and proportionality test to national security exceptions under safe harbor has been a sticking point that has stalled the renegotiation of the agreement that has been underway between the Commission and the American data protection authorities.⁶

For EU citizens the stake in the case are even higher, as while their right to privacy is enshrined under EU law, they have no administrative or judicial means of redress, if their data is used for reasons they did not intend. In the EU, citizens accessing and agreeing to use of US based firms are presented with a false choice between accessing benefits and giving up on their fundamental right to privacy. In other words, by seeking that governments and private companies provide better data protection for the EU citizens and in restricting collection of personal data on a generalised basis without objective criteria, the ruling is effectively an assertion of ‘data sovereignty’. The term ‘data sovereignty’, while lacking a firm definition, refers to a spectrum of approaches adopted by different states to control data generated in or passing through national internet infrastructure.⁷ Underlying the ruling is the growing policy divide between the US and EU privacy and data protection standards, which may lead to what is referred to as the balkanization⁸ of the internet in the future.

US-EU Data Protection Regime

The safe harbor pact between the EU and US was negotiated in the late 1990s as an attempt to bridge the different approaches to online privacy. Privacy is addressed in the EU as a fundamental human right while in the US it is defined under terms of consumer protection, which allow trade-offs and exceptions when national security seems to be under threat. In order to address the lower standards of data protection prevalent in the US, the pact facilitates data transfers from EU to US by establishing certain safeguards equivalent to the requirements of the EU data protection directive. The safe harbor provisions include firms undertaking not to pass personal information to third parties if the EU data protection standards are not met and giving users right to opt out of data collection.⁹

The agreement was due to be renewed by May 2015¹⁰ and while negotiations have been ongoing for two years, EU discontent on safe harbour came to the fore following the Edward Snowden revelations of collection and monitoring facilitated by large private companies for the PRISM program and after the announcement of the TransAtlantic Trade and Investment Partnership (TTIP).¹¹ EU member states have mostly stayed silent as they run their own surveillance programs often times, in cooperation with the NSA. EU institutions cannot intervene in matters of national security however, they do have authority on data protection matters. European Union officials and Members of Parliament have expressed shock and outrage at the surveillance programs unveiled by Snowden's 2013 revelations. Most recently, following the CJEU Advocate General’s opinion, 50 Members of European Parliament (MEP) sent a strongly worded letter the US Congress hitting back on claims of ‘digital protectionism’ emanating from the US¹². In no uncertain terms the letter clarified that the EU has different ideas on privacy, platforms, net neutrality, encryption, Bitcoin, zero-days, or copyright and will seek to improve and change any proposal from the EC in the interest of our citizens and of all people.

Towards Harmonization

In November 2013, as an attempt to minimize the loss of trust following the Snowden revelations, the European Commission (EC) published recommendations in its report on 'Rebuilding Trust is EU-US Data Flows'.¹³ The recommendations revealed two critical initiatives at the EU level—first was the revision of the EU-US safe harbor agreement¹⁴ and second the adoption of the 'EU-US Umbrella Agreement¹⁵'—a framework for data transfer for the purpose of investigating, detecting, or prosecuting a crime, including terrorism. The Umbrella Agreement was recently initialed by EU and US negotiators and it only addresses the exchange of personal data between law enforcement agencies.¹⁶ The Agreement has gained momentum in the wake of recent cases around issues of territorial duties of providers, enforcement jurisdictions and data localisation.¹⁷ However, the adoption of the Umbrella Act depends on US Congress adoption of the Judicial Redress Act (JRA) as law.¹⁸

Judicial Redress Act

The JRA is a key reform that the EC is pushing for in an attempt to address the gap between privacy rights and remedies available to US citizens and those extended to EU citizens, including allowing EU citizens to sue in American courts. The JRA seeks to extend certain protections under the Privacy Act to records shared by EU and other designated countries with US law enforcement agencies for the purpose of investigating, detecting, or prosecuting criminal offenses. The JRA protections would extend to records shared under the Umbrella Agreement and while it does include civil remedies for violation of data protection, as noted by the Center for Democracy and Technology, the present framework does not provide citizens of EU countries with redress that is at par with that which US persons enjoy under the Privacy Act.¹⁹

For example, the measures outlined under the JRA would only be applicable to countries that have outlined appropriate privacy protections agreements for data sharing for investigations and ‘efficiently share’ such information with the US. Countries that do not have agreements with US cannot seek these protections leaving the personal data of their citizens open for collection and misuse by US agencies. Further, the arrangement leaves determination of 'efficiently sharing' in the hands of US authorities and countries could lose protection if they do not comply with information sharing requests promptly. Finally, JRA protections do not apply to non-US persons nor to records shared for purposes other than law enforcement such as intelligence gathering. JRA is also weakened by allowing heads of agencies to exercise their discretion to seek exemption from the Act and opt out of compliance.

Taken together the JRA, the Umbrella Act and the renegotiation of the Safe Harbor Agreement need considerable improvements. It is worth noting that EU’s acceptance of the redundancy of existing agreements and in establishing the independence of national data protection authorities in investigating and enforcing national laws as demonstrated in the Schrems and in the Weltimmo²⁰ case point to accelerated developments in the broader EU privacy landscape.

Consequences

The ECJ Safe Harbor ruling will have far-reaching consequences for the online industry. Often, costly government rulings solidify the market dominance of big companies. As high regulatory costs restrict the entrance of small and medium businesses the market, competition is gradually wiped out. Further, complying with high standards of data protection means that US firms handling European data will need to consider alternative legal means of transfer of personal data. This could include evolving 'model contracts' binding them to EU data protection standards. As Schrems points out, “Big companies don’t only rely on safe harbour: they also rely on binding corporate rules and standard contractual clauses.”²¹

The ruling is good news for European consumers, who can now approach a national regulator to investigate suspicions of data mishandling. EU data protection regulators may be be inundated with requests from companies seeking authorization of new contracts and with consumer complaints. Some are concerned that the ruling puts a dent in the globalized flow of data²², effectively requiring data localization in Europe.²³ Others have pointed out that it is unclear how this decision sits with other trade treaties such as the TPP that ban data localisation.²⁴ While the implications of the decision will take some time in playing out, what is certain is that US companies will be have to restructure management, storage and use of data. The ruling has created the impetus for India to push for reforms to protect its citizens from harms by US firms and improve trade relations with EU.

The Opportunity for India

Multiple data flows taking place over the internet simultaneously and that has led to ubiquity of data transfers o ver the Internet, exposing individuals to privacy risks. There has also been an enhanced economic importance of data processing as businesses collect and correlate data using analytic tools to create new demands, establish relationships and generate revenue for their services. The primary concern of the Schrems case may be the protection of the rights of EU citizens but by seeking to extend these rights and ensure compliance in other jurisdictions, the case touches upon many underlying contestations around data and sovereignty.

Last year, Mr Ram Narain, India Head of Delegation to the Working Group Plenary at ITU had stressed, “respecting the principle of sovereignty of information through network functionality and global norms will go a long way in increasing the trust and confidence in use of ICT.”²⁵ In the absence of the recognition of privacy as a right and empowering citizens through measures or avenues to seek redressal against misuse of data, the demand of data sovereignty rings empty. The kind of framework which empowered an ordinary citizen in the EU to approach the highest court seeking redressal based on presumed overreach of a foreign government and from harms abetted by private corporations simply does not exist in India. Securing citizen’s data in other jurisdictions and from other governments begins with establishing protection regimes within the country.

The Indian government has also stepped up efforts to restrict transfer of data from India including pushing for private companies to open data centers in India.²⁶ Negotiating data localisation does not restrict the power of private corporations from using data in a broad ways including tailoring ads and promoting products. Also, data transfers impact any organisation with international operations for example, global multinationals who need to coordinate employee data and information. Companies like Facebook, Google and Microsoft transfer and store data belonging to Indian citizens and it is worth remembering that the National Security Agency (NSA) would have access to this data through servers of such private companies. With no existing measures to restrict such indiscriminate access, the ruling purports to the need for India to evolve strong protection mechanisms. Finally, the lack of such measures also have an economic impact, as reported in a recent Nasscom-Data Security Council of India (DSCI) survey²⁷ that pegs revenue losses incurred by the Indian IT-BPO industry at $2-2.5 billion for a sample size of 15 companies. DSCI has further estimated that outsourcing business can further grow by $50 billion per annum once India is granted a “data secure” status by the EU.²⁸ EU’s refusal to grant such a status is understandable given the high standard of privacy as incorporated under the European Union Data Protection Directive a standard to which India does not match up, yet. The lack of this status prevents the flow of data which is vital for Digital India vision and also affects the service industry by restricting the flow of sensitive information to India such as information about patient records.

Data and information structures are controlled and owned by private corporations and networks transcend national borders, therefore the foremost emphasis needs to be on improving national frameworks. While, enforcement mechanisms such as the Mutual Legal Assistance Treaty (MLAT) process or other methods of international cooperation may seem respectful of international borders and principles of sovereignty,²⁹ for users that live in undemocratic or oppressive regimes such agreements are a considerable risk. Data is also increasingly being stored across multiple jurisdictions and therefore merely applying data location lens to protection measures may be too narrow. Further it should be noted that when companies begin taking data storage decisions based on legal considerations it will impact the speed and reliability of services.³⁰ Any future regime must reflect the challenges of data transfers taking place in legal and economic spaces that are not identical and may be in opposition. Fundamentally, the protection of privacy will always act as a barrier to the free flow of information even so, as the Schrems case ruling points out not having adequate privacy protections could also restrict flow of data, as has been the case for India.

The time is right for India to appoint a data controller and put in place national frameworks, based on nuanced understanding of issues of applying jurisdiction to govern users and their data. Establishing better protection measures will not only establish trust and enhance the ability of users to control data about themselves it is also essential for sustaining economic and social value generated from data generation and collection. Suggestions for such frameworks have been considered previously by the Group of Experts on Privacy constituted by the Planning Commission.³¹ By incorporating transparency in mechanisms for data and access requests and premising requests on established necessity and proportionality Indian government can lead the way in data protection standards. This will give the Indian government more teeth to challenge and address both the dangers of theft of data stored on servers located outside of India and restrain indiscriminate access arising from terms and conditions of businesses that grant such rights to third parties.

1 Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (notified under document number C(2000) 2441) (Text with EEA relevance.) Official Journal L 215 , 25/08/2000 P. 0007 -0047 2000/520/EC: http ://eur -lex .europa .eu /LexUriServ /LexUriServ .do ?uri =CELEX :32000 D 0520:EN :HTML

2 Safe Harbour Privacy Principles Issued by the U.S. Department of Commerce on July 21, 2000 http ://www .export .gov /safeharbor /eu /eg _main _018475.asp

3 Megan Graham, Adding Some Nuance on the European Court ’s Safe Harbor Decision , Just security

https ://www .justsecurity .org /26651/adding -nuance -ecj -safe -harbor -decision /

4 Advocate General’s Opinion in Case C-362/14 Maximillian Schrems v Data Protection Commissioner Court of Justice of the European Union, Press Release, No 106/15 Luxembourg, 23 September 2015 http ://curia .europa .eu /jcms /upload /docs /application /pdf /2015-09/cp 150106 en .pdf

5 Jennifer Baker, ‘EU desperately pushes just-as-dodgy safe harbour alternatives’, The Register, October 7, 2015 http ://www .theregister .co .uk /2015/10/07/eu _pushes _safe _harbour _alternatives /

6 Draft Report, General Data Protection Regulation, Committee on Civil Liberties, Justice and Home Affairs, European Parliament, 2009-2014 http ://www .europarl .europa .eu /meetdocs /2009_2014/documents /libe /pr /922/922387/922387 en .pdf

7 Dana Polatin-Reuben, Joss Wright, ‘An Internet with BRICS Characteristics: Data Sovereignty and the Balkanisation of the Internet’, University of Oxford, July 7, 2014 https ://www .usenix .org /system /files /conference /foci 14/foci 14-polatin -reuben .pdf

8 Sasha Meinrath, The Future of the Internet: Balkanization and Borders, Time, October 2013 http ://ideas .time .com /2013/10/11/the -future -of -the -internet -balkanization -and -borders /

9 Safe Harbour Privacy Principles, Issued by the U.S. Department of Commerce, July 2001 http ://www .export .gov /safeharbor /eu /eg _main _018475.asp

10 Facebook case may force European firms to change data storage practices, The Guardian, September 23, 2015 http ://www .theguardian .com /us -news /2015/sep /23/us -intelligence -services -surveillance -privacy

11 Privacy Tracker, US-EU Safe Harbor Under Pressure, August 2, 2013 https ://iapp .org /news /a /us -eu -safe -harbor -under -pressure

12 Kieren McCarthy, Privacy, net neutrality, security, encryption ... Europe tells Obama, US Congress to back off, The Register, 23 September, 2015 http ://www .theregister .co .uk /2015/09/23/european _politicians _to _congress _back _off /

13 Communication from the Commission to the European Parliament and the Council, Rebuilding Trust in EU-US Data Flows, European Commission, November 2013 http ://ec .europa .eu /justice /data -protection /files /com _2013_846_en .pdf

14 Safe Harbor on trial in the European Union, Access Blog, September 2014 https ://www .accessnow .org /blog /2014/11/13/safe -harbor -on -trial -in -the -european -union

15 European Commission - Fact Sheet Questions and Answers on the EU-US data protection "Umbrella agreement", September 8, 2015 http ://europa .eu /rapid /press -release _MEMO -15-5612_en .htm

16 McGuire Woods, ‘EU and U.S. reach “Umbrella Agreement” on data transfers’, Lexology, September 14, 2015 http ://www .lexology .com /library /detail .aspx ?g =422 bca 41-2 d 54-4648-ae 57-00 d 678515 e 1 f

17 Andrew Woods, Lowering the Temperature on the Microsoft-Ireland Case, Lawfare September, 2015 https ://www .lawfareblog .com /lowering -temperature -microsoft -ireland -case

18 Jens-Henrik Jeppesen, Greg Nojeim, ‘The EU-US Umbrella Agreement and the Judicial Redress Act: Small Steps Forward for EU Citizens’ Privacy Rights’, October 5, 2015 https ://cdt .org /blog /the -eu -us -umbrella -agreement -and -the -judicial -redress -act -small -steps -forward -for -eu -citizens -privacy -rights /

19 Ibid 18.

20 Landmark ECJ data protection ruling could impact Facebook and Google, The Guardian, 2 October, 2015 http ://www .theguardian .com /technology /2015/oct /02/landmark -ecj -data -protection -ruling -facebook -google -weltimmo

21 Julia Powles, Tech companies like Facebook not above the law, says Max Schrems, The Guardian, Octover 9, 2015 http ://www .theguardian .com /technology /2015/oct /09/facebook -data -privacy -max -schrems -european -court -of -justice

22 Adam Thierer, Unintended Consequences of the EU Safe Harbor Ruling, The Technology Liberation Front, October 6, 2015 http ://techliberation .com /2015/10/06/unintended -consequenses -of -the -eu -safe -harbor -ruling /#more -75831

23 Anupam Chander, Tweeted ECJ #schrems ruling may effectively require data localization within Europe, https ://twitter .com /AnupamChander /status /651369730754801665

24 Lokman Tsui, Tweeted, “If the TPP bans data localization, but the ECJ ruling effectively mandates it, what does that mean for the internet?” https ://twitter .com /lokmantsui /status /651393867376275456

25 Statement from Indian Head of Delegation, Mr Ram Narain for WGPL, Indian statement on ITU and Internet at the Working Group Plenary November 4, 2014 https ://ccgnludelhi .wordpress .com /author /asukum 87/page /2/

26 Sounak Mitra, Xiaomi bets big on India despite problems, Business Standard, December 2014 http ://www .business -standard .com /article /companies /xiaomi -bets -big -on -india -despite -problems -114122201023_1.html

27 Neha Alawadi, Ruling on data flow between EU & US may impact India’s IT sector, Economic Times,October 7, 2015 http ://economictimes .indiatimes .com /articleshow /49250738.cms ?utm _source =contentofinterest &utm _medium =text &utm _campaign =cppst

28 Pranav Menon, Data Protection Laws in India and Data Security- Impact on India and Data Security-Impact on India - EU Free Trade Agreement, CIS Access to Knowledge, 2011 http ://cis -india .org /a 2 k /blogs /data -security -laws -india .pdf

29 Surendra Kumar Sinha, India wants Mutual Legal Assistance treaty with Bangladesh, Economic Times, October 7, 2015 http ://economictimes .indiatimes .com /articleshow /49262294.cms ?utm _source =contentofinterest &utm _medium =text &utm _campaign =cppst

30 Pablo Chavez, Director, Public Policy and Government Affairs, Testifying before the U.S. Senate on transparency legislation, November 3, 2013 http ://googlepublicpolicy .blogspot .in /2013/11/testifying -before -us -senate -on .htm

31 Report of the Group of Experts on Privacy (Chaired by Justice A P Shah, Former Chief Justice, Delhi High Court), Planning Commission, October 2012 http ://planningcommission .nic .in /reports /genrep /rep _privacy .pdf

For more details visit https://cis-india.org/internet-governance/blog/contestations-of-data-ecj-safe-harbor-ruling-and-lessons-for-india

GSMA Conference Invite

praskrishna — 2015-10-14T01:49:36Z

For more details visit https://cis-india.org/internet-governance/blog/gsma-conference-invite.pdf

Communication Rights in the Age of Digital Technology

rakesh — 2015-10-24T07:45:26Z

The Centre for Internet & Society (CIS) invites you to a conference to discuss the evolution of privacy and surveillance in India on Friday, October 30, 2015 at Deck Suite Hall, 5th Floor, Habitat Centre, Lodhi Road, Near Air Force Bal Bharti School, New Delhi - 110003, from 11 a.m. to 5 p.m.

The conference will be conducted in a round-table format. Topics to be discussed shall include, among others, the Human DNA Profiling Bill, 2012, the PIL questioning the data collection under the UID scheme, the draft National Encryption Policy and the Supreme Court judgement in Shreya Singhal v. Union of India, in the context of privacy and surveillance in India. The conference will be a forum for discussion, knowledge exchange and agenda building.

Background Note

In India, the Right to Privacy has been interpreted to mean an individuals’ right to be left alone. In the age of massive use of Information and Communications Technology, it has become imperative to have this right protected. The Supreme Court has held in a number of its decisions that the right to privacy is implicit in the fundamental right to life and personal liberty under Article 21 of the Indian Constitution, though Part III does not explicitly mention this right. Since the 1960s, the Apex Court has been dealing with this issue, primarily with respect to privacy being recognised as a fundamental or common law right and the standards that need to be satisfied in order to impose any restrictions on it.

In the year 2012, the Planning Commission constituted a Group of Experts under the chairmanship of Justice AP Shah, Former Chief Justice of the Delhi High Court to recommend a potential privacy framework for privacy in India. Previously in 2011 the Department of Personnel and Training had prepared a draft Bill on Right to Privacy which has yet to materialize into a comprehensive legislation on privacy. In 2014, a version of the revised Right to Privacy Bill was leaked. Amendments to the Bill aim to protect individuals against misuse of their data by the government or private agencies, and is in the process of being finalized by the Indian Government .

Of late, privacy concerns have gained importance in India due to the initiation of national programmes like the UID Scheme, DNA Profiling, the National Encryption Policy, etc. attracting criticism for their impact on the right to privacy. For example, DeitY introduced a draft National Encryption Policy in September this year to prescribe methods for encryption. However, the policy would have posed significant restriction on the ability of citizens to encrypt online communication. Backlash from the citizens, industry, social media and privacy experts led the Government to withdraw the policy as the measures included made the information system vulnerable in every sense.

Earlier this year, the Apex Court gave a historical judgement by striking down section 66A of the IT (Amendment) Act 2008. The Court upheld section 69A and the Information Technology (Procedure & Safeguards for Blocking for Access of Information by Public) Rules 2009 to be constitutionally valid, which accords the government with the authority to block transmission of information and websites when it deems it as necessary for reasons like sovereignty and integrity of India, public order, etc.

Another government initiative which has generated considerable controversy for its threat to privacy is the UID project which aims to issue a unique identification number to all citizens by the Unique Identification Authority of India, which can be authenticated and verified online. In August this year, the Supreme Court, vide an interim order, restricted the use of Aadhaar by declaring it to be optional for availing government benefits and services. Though the Government contended the right to privacy as a fundamental right in India, the Court deferred this issue to a larger Constitutional Bench, and the Supreme Court upheld its decision yet again in the month of October.

Similarly, the d raft Human DNA P rofiling B ill 2015 is being questioned on grounds of privacy invasion on a massive scale as it aims to collect and store the DNA samples of criminals, suspects, volunteers, and victims and regulate DNA laboratories and DNA sampling for use by law enforcement agencies. The Bill also fails to include comprehensive privacy safeguards and provisions regarding collection of DNA samples with or without the consent of an individual, making individual privacy an important concern.

Going by these ongoing debates, one can say that Privacy as a right has primarily evolved by way of judicial interpretation and continues to evolve in light of several controversial Government policies, projects and schemes. However its development is often undermined by tension between several competing national interests which calls for clear guidelines to protect this inviolable right of the citizens.

Download the Invite

For more details visit https://cis-india.org/internet-governance/events/communication-rights-in-the-age-of-digital-technology

September 2015 Bulletin

praskrishna — 2015-11-25T01:55:25Z

We are happy to share with you the ninth issue of the Centre for Internet and Society (CIS) newsletter (September 2015). It has been a significant month for public debates on the digital future of governance, citizenship, and economy in India, led by conversations around the draft National Encryption Policy, the Aadhaar number as a basis for provision of welfare services, the investigation of Google for potential abuse of market dominance by the Competition Commission of India, and the Guidelines for Examination of Computer Related Inventions released by the Indian Patents Office. We were busy engaging with these issues, and more.

The past editions of the newsletter can be accessed at http://cis-india.org/about/newsletters.

Sumandro Chattapadhyay, Research Director

Internet Researchers' Conference (IRC) 2016 - Studying Internet in India
With great excitement, we are announcing the beginning of an annual conference series titled Internet Researchers' Conference (IRC), the first edition of which is to take place in Delhi during February 25-27, 2016 (yet to be confirmed). We invite you to propose sessions for the conference by Sunday, November 15, 2015.

Highlights

CIS sent an Open Letter to Prime Minister Narendra Modi during his US visit, requesting him to urge USA to ratify the Marrakesh Treaty. During the month, NVDA team organized training programmes for the visually impaired at Kullu, Bangalore and Ranchi. Nehaa Chaudhari in a blog post laid out a series of research questions, potentially seeking to apply actor-network theory as a research methodology. Recently, the Indian Patents Office released the Guidelines for Examination of Computer Related Inventions (“2015 Guidelines/ Guidelines”) in an attempt to clarify examination of software related patents in India. Anubha Sinha analysed the 2015 Guidelines. Read on to understand how the new guidelines will potentially lead to an increase in software patenting activity by expanding the scope of patentable subject matter – in negation of the legislative intent of section 3(k) of the Indian Patents Act, 1970. As a part of its content donation initiative, CIS has brought Nadustunna Charithra magazine under CC BY SA licence. CIS-A2K has received 74 issues as of now from the Telugu Jaati foundation. Sunil Abraham’s article titled Hits and Misses with the Draft Encryption Policy was published in The Wire on September 26, 2015. Vidushi Marda in a blog post titled Data Flow in the Unique Identification Scheme of India analysed the data flow within the UID scheme and highlighted the vulnerabilities at each stage. Vanya Rakesh in a blog post titled Human DNA Profiling Bill 2012 v/s 2015 Bill has analysed the Human DNA Profiling Bill introduced in 2012 with the provisions of the 2015 Bill. CIS sought information from ICANN on their revenue streams by sending them a second request under their Documentary Information Disclosure Policy. This request and their response have been described in a blog post by Aditya Garg. CIS has submitted a joint proposal with DataMeet and Oorvani for the Knight News Challenge 2015. We are proposing the development of "an application for users to search for locally-relevant data, discuss missing data, demand data, explore and respond to data demands by others, and start data crowd-sourcing exercises." CIS made its submission on CCWG-Accountability 2nd Draft Proposal on Work Stream 1 Recommendations to ICANN's CCWG-Accountability. Pranesh Prakash, on behalf of CIS, submitted comments to the Department of Telecom Panel’s report on net neutrality via MyGov. Prakash states that the report displays a far better understanding of the underlying issues than the TRAI consultation paper did, and is overall a good effort at balancing the different sides. Shyam Ponappa’s monthly column titled More on Those Dropped Calls was published by Business Standard.

Accessibility and Inclusion

Under a grant from the Hans Foundation we are doing a project on developing text-to-speech software for 15 Indian languages. The progress made so far in the project can be accessed here.

NVDA and eSpeak

Monthly Updates

September 2015 Report (Suman Dogra; September 30, 2015).

Event Reports

Training in the use of eSpeak Hindi with NVDA (Organized by CIS and Lakshay for the Differently Abled; September 29 – 30, 2015; Ranchi). The event was conducted online by Dr. Homiyar over skype, with local support from Mritunjay Kumar and Zainab.
5 day TOT for Training in Use of eSpeak Kannada with NVDA (Organized by CIS, Mithra Jyoti, Enable India and NFB, Bangalore; September 21 – 25, 2015; Bangalore).
eSpeak Training in Hindi Language (Organized by CIS and National Association for the Blind; Kullu; September 3 – 4, 2015).
Training in eSpeak Marathi (Organized by CIS; Atmadepam Society; August 22 – 23, 2015). The report was published in the month of September.

Access to Knowledge

As part of the Access to Knowledge programme we are doing two projects. The first one (Pervasive Technologies) under a grant from the International Development Research Centre (IDRC) is for research on the complex interplay between pervasive technologies and intellectual property to support intellectual property norms that encourage the proliferation and development of such technologies as a social good. The second one (Wikipedia) under a grant from the Wikimedia Foundation is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

Pervasive Technologies

Blog Entries

Pervasive Technologies: Working Document Series - Research Questions and a Literature Review on the Actor-Network Theory (Nehaa Chaudhari; September 5, 2015).
FAQ: CIS Proposal for Compulsory Licensing of Critical Mobile Technologies (Rohini Lakshané; September 25, 2015).

Other (Copyright and Patent)

Submission

Comments on the Guidelines for Examination of Computer Related Inventions (CRIs) (Anubha Sinha; September 21, 2015).

Blog Entries

Open Letter to PM Modi on Intellectual Property Rights issues on His Visit to the United States of America in September 2015 (Pranesh Prakash and Nehaa Chaudhari; September 23, 2015).

Participation in Events

National Conference: WTO, FTAs and Investment Treaties: Implications for development policy space (Organized by Focus on the Global South, Institute for Studies in Industrial Development (ISID), Madhyam, MSF Access Campaign, National Working Group on Patent Laws and WTO (NWGPL), Public Services International (PSI) – South Asia, South Solidarity Initiative – ActionAid, Third Word Network (TWN), and Forum against FTAs; September 22 – 23, 2015; Institute for Studies in Industrial Development, New Delhi). Nehaa Chaudhari made a presentation on Copyright: Access to Knowledge in Free Trade Agreements?
IPEX 2015 (Organized by Confederation of Indian Industry, APTDC and TDPC; September 25 - 26, 2015; Chennai). Rohini Lakshané attended the event.

Media Coverage

Open letter from CIS to PM Modi on Intellectual Property Rights issues on his Visit to US (Apoorva Mandhani; LiveLaw; September 23, 2015).

Wikipedia

Blog Entries

CIS brings Nadustunna Charithra magazine under CC BY SA licence (Tanveer Hasan; September 2, 2015).
OCR and OER – update (Subhashish Panigrahi; Open Education Working Group; September 25, 2015).
As Odia Wikipedia turns 13, what happens next? (Subhashish Panigrahi; September 26, 2015). This was originally published on the Wikimedia Blog on August 21. The post was shared on Wikipedia's official Facebook page, and on Twitter handles [1 and 2].
Google's Optical Character Recognition Software Now Works with All South Asian Languages (Subhashish Panigrahi; September 26, 2015).
Wikimedia contributor shares his Linux story (Subhashish Panigrahi; September 27, 2015). This article is part of a series called My Linux Story. To participate and share your Linux story, contact us at: open@opensource.com. Read the original published by Opensource.com on September 3, 2015.

Events Co-organized

Annamaya Library edit-a-thon (Organized by CIS-A2K and Telugu Wikipedia Community; August 6, 2015; Andhra Loyola College; Vijaywada).
International Workshop on Digitization and Archiving (Organized by CIS-A2K and Wikipedia Community; August 19 – 21, 2015). Rahmanuddin Shaik was one of the trainers.

Media Coverage

CIS gave its inputs to the following:

Unable to read Odia on your android device? Don’t fret! (Ruby Nanda; Odisha Sun Times; September 28, 2015).

Openness

The advent of the Internet has radically redefined what it means to be open and collaborative. The Internet itself is built upon open standards and free/libre/open source software. Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

Open Data

Submission

As one of the general stewards of the process, CIS was invited to take part in the final drafting meeting of the International Open Data Charter held before Con Datos 2015 in Santiago, Chile, but we could not take part in it. Apart from organising two public consultations on the draft Charter in Bengaluru and Delhi, we also submitted our detailed comments on the document. The final version of the Charter document has been launched at the United Nation General Assembly meeting, on September 27.

Free Software

Blog Entry

Software Freedom Pledge (Pranesh Prakash; September 25, 2015).

Internet Governance

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and International Development Research Centre (IDRC)) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on studying the restrictions placed on freedom of expression online by the Indian government.

Privacy

Article

Hits and Misses With the Draft Encryption Policy (Sunil Abraham; The Wire; September 26, 2015).

Blog Entries

Data Flow in the Unique Identification Scheme of India (Vidushi Marda; September 3, 2015).
Human DNA Profiling Bill 2012 v/s 2015 Bill (Vanya Rakesh; September 6, 2015).
Open Governance and Privacy in a Post-Snowden World: Webinar (Vanya Rakesh; September 26, 2015).

Participation in Event

The Changing Landscape of ICT Governance and Practice - Convergence and Big Data (Co-organized by Innovation Center for Big Data and Digital Convergence, Yuan Ze University, Taiwan; August 24 – 25, 2015). Sharat Chandra Ram was granted the Young Scholar Award 2015 to attend the Young Scholar Workshop followed by main CPRSouth2015 conference (Communication Policy Research South) conference.

Free Speech and Expression

Submission

CIS Submission on CCWG-Accountability 2nd Draft Proposal on Work Stream 1 Recommendations (Pranesh Prakash; September 13, 2015).

Blog Entries

DIDP Request #11: NETmundial Principles (Aditya Garg; September 14, 2015).
DIDP Request #12: Revenues (Aditya Garg; September 14, 2015).
Peering behind the veil of ICANN’s DIDP (Padmini Baruah; September 21, 2015).

Participation in Event

Asian Regional Consultation on the WSIS+10 Review (Organized by The Internet Democracy Project, Bytes for All, APNIC, the Association for Progressive Communications, ISOC, Global Partners Digital and ICT Watch; September 3 – 5, 2015). Jyoti Panday attended the event.

IGF

The tenth annual IGF meeting will be held in João Pessoa, Brazil, on November 10 - 13, 2015. IGF's MAG has decided to retain the title “Evolution of Internet Governance: Empowering Sustainable Development” as the overarching theme. Sunil Abraham will be a panelist for the following workshops:

Understanding and Mitigating Online Hate Speech and Youth Radicalisation (Organized by Council of Europe, Oxford University, OHCHR, Google and ISOC; November 2015).
Transnational Due Process: A Case Study in Multi-stakeholder Cooperation (Organized by the United Nations; November 2015).

Cyber Security

Event Organized

Bangalore Chapter Meet of DSCI (Co-organized by DSCI and CIS; September 26, 2015). Melissa Hathaway, Commissioner, Global Commission for Internet Governance and Sunil Abraham gave a talk at this event.

Miscellaneous

Sustainable Smart Cities India Conference 2015, Bangalore (Vanya Rakesh; September 21, 2015).

Telecom

Submission

Comments on the DoT Panel Report via MyGov (Pranesh Prakash; September 26, 2015).

Op-ed

More on those Dropped Calls (Shyam Ponappa; Business Standard; September 2, 2015 and Organizing India Blogspot; September 3, 2015).

Researchers at Work

The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by contemporary concerns to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It is interested in producing local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Submission

Where's My Data? Submission for Knight News Challenge 2015 (Sumandro Chattapadhyay; September 30, 2015). The text of the proposal was prepared by Nisha Thompson of DataMeet, Meera K of Oorvani, and Sumandro Chattapadhyay.

Blog Entries

The Internet in the Indian Judicial Imagination (Divij Joshi; September 9, 2015).
The Many Lives and Sites of Internet in Bhubaneswar (Sailen Routray; September 21, 2015).

News & Media Coverage

CIS gave its inputs to the following media coverage:

Does this click with you? (Parshathy J. Nath; The Hindu; September 1, 2015).
Government may tieup with global police, Interpol to fight child pornography (Surabhi Agarwal; September 3, 2015).
Hiding behind rules on naming sites it banned, govt reveals fears (Harjeet Inder Singh Sahi; September 3, 2015).
Outrage before sharing (Nikhil Verma; The Hindu; September 9, 2015).
Faking a stand (Shweta T. Nanda; The Week; September 20, 2015).
Some Key Words Are Missing (Arindam Mukherjee; Outlook; September 21, 2015).
Open sesame (The Hindu; September 22, 2015).
India encryption policy draft faces backlash (Moulishree Srivastava; September 22, 2015)
Online outcry forces government to withdraw draft encryption policy (Naina Khedekar; First Post; September 23, 2015).
Encryption policy would have affected emails, operating systems, WiFi (Amrita Madhukalya; DNA; September 23, 2015).
Govt presses 'undo' button on draft encryption policy (Business Standard; September 23; 2015).
Huge outcry forces India to backtrack on social media data proposal (Today; September 24, 2015).
Facebook’s Free Internet Access Program in Developing Countries Provokes Backlash (Newley Purnell and Resty Woro Uniar; The Wall Street Journal; September 24, 2015).
Ahead of hosting Modi, Facebook rebrands internet.org as Free Basics (Business Standard; September 26, 2015).
‘By weakening our security, govt is putting us at risk of espionage’ (S. Raghotham and Mayukh Mukherjee; Asian Age; September 27, 2015).
ভারতে পাঁচশোরও বেশি স্টেশনে ফ্রি ওয়াই-ফাই চালু হবে (BBC; September 28, 2015).
Do you agree with our fee hike? Press 1 to answer Yes; or 2 for Yes (Kieren McCarthy; The Register; September 29, 2015).
Indian PM Narendra Modi’s digital dream gets bad reception (Amanda Hodge; September 29, 2015).
What Bengaluru Thinks of the Big Tech Announcements in Silicon Valley (Maya Sharma; NDTV; September 29, 2015).

About CIS

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the mediation and reconfiguration of social and cultural processes and structures by the internet and digital media technologies.

► Follow us elsewhere

CIS - Twitter: http://twitter.com/cis_india
Access to Knowledge - Twitter: https://twitter.com/CISA2K
Access to Knowledge - Facebook: https://www.facebook.com/cisa2k
Access to Knowledge - E-Mail: a2k@cis-india.org
Researchers at Work - E-Mail: raw@cis-india.org
Researchers at Work - Mailing List: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

► Request for Collaboration

For more details visit https://cis-india.org/about/newsletters/september-2015-bulletin

Indian PM Narendra Modi’s digital dream gets bad reception

praskrishna — 2015-09-29T15:23:04Z

As Indian Prime Minister Narendra Modi told Silicon Valley’s most powerful chief executives this week how his government “attacked poverty by using the power of networks and mobile phones’’, the entire population of the state of Kashmir remained offline — by order of the state.

The article by Amanda Hodge was published in the Australian on September 29, 2015. Sunil Abraham gave inputs.

“I see technology as a means to empower and as a tool that bridges the distance between hope and opportunity,” Mr Modi said yesterday on a trip in which he will also discuss development at the UN.

Earlier, in a “town hall” meeting with Facebook chief Mark Zuckerberg Mr Modi hailed the power of social media networks that gave governments the opportunity to correct themselves “every five minutes”, rather than every five years.

His remarks during his Digital India tour of the US west coast sparked a storm of Twitter protest.

The northern state’s former chief minister Omar Abdullah, who noted the “irony of listening to Prime Minister Modi lecturing about connected digital India, while we are totally disconnected”.

The ban on mobile and broadband internet in Jammu and Kashmir was imposed last Friday, the beginning of the Muslim holiday of Eid-ul-Zuha during which animals are slaughtered and the meat fed to the poor, for fear social media could inflame tensions over the state government’s decision to enforce a beef ban.

It was to have lasted 24 hours but — notwithstanding Twitter feedback — was extended twice as a “precautionary” measure.

As Mr Modi outlined his dreams of a broadband network connecting the country’s most remote communities, millions of New Delhi mobile phone users continued their daily wrestle with line dropouts.

“We are bringing technology, transparency, efficiency, ease and effectiveness in governance,” he said, as in New Delhi the government talked of pulling down more mobile towers.

Centre for Internet and Society director Sunil Abraham said yesterday: “Schizophrenia between rhetoric and reality (on digital policy) is the global standard for all world leaders.

“Politicians in opposition are invariably opposed to surveillance and in favour of free speech but the very day that politician assumes office even if it is someone as splendid as Barack Obama, they change their opinions on these topics and become pro-surveillance and pro-censorship.”

Certainly successive Indian governments have had a patchy record on such issues. Last March India’s activist Supreme Court struck down a controversial section of the Information Technology Act which made posting information of a “grossly offensive or menacing character” punishable by up to three years’ jail.

That month police in northern Uttar Pradesh arrested a teenager for a Facebook post, which they said “carried derogatory language against a community”.

Previous cases under the former Congress-led government include that of a university professor detained for posting a cartoon about the chief minister of West Bengal and the arrest of two young women over a Facebook post criticising the shutdown of Mumbai following the death of a Hindu right politician.

While Mr Modi’s government welcomed the Supreme Court ruling as a “landmark day for freedom of speech and expression”, last month it attempted to block 857 random porn sites.

Notwithstanding the gulf between Mr Modi’s digital dream rhetoric and the reality at home, his second US visit in 17 months has reaped dividends. Google has committed to a joint initiative to roll out free Wi-Fi to 500 railway stations across the country, and Qualcomm has pledged a $US150 million ($213m) tech startup fund.

But Mr Abraham warned of the potential for such investments to compromise net neutrality — the principle of allowing internet users access to all content and applications.

For more details visit https://cis-india.org/internet-governance/news/the-australian-amanda-hodge-september-29-2015-indian-pm-narendra-modi-digital-dream-gets-bad-reception

Hits and Misses With the Draft Encryption Policy

sunil — 2015-09-26T16:46:53Z

Most encryption standards are open standards. They are developed by open participation in a publicly scrutable process by industry, academia and governments in standard setting organisations (SSOs) using the principles of “rough consensus” – sometimes established by the number of participants humming in unison – and “running code” – a working implementation of the standard. The open model of standards development is based on the Free and Open Source Software (FOSS) philosophy that “many eyes make all bugs shallow”.

The article was published in the Wire on September 26, 2015.

This model has largely been a success but as Edward Snowden in his revelations has told us, the US with its large army of mathematicians has managed to compromise some of the standards that have been developed under public and peer scrutiny. Once a standard is developed, its success or failure depends on voluntary adoption by various sections of the market – the private sector, government (since in most markets the scale of public procurement can shape the market) and end-users. This process of voluntary adoption usually results in the best standards rising to the top. Mandates on high quality encryption standards and minimum key-sizes are an excellent idea within the government context to ensure that state, military, intelligence and law enforcement agencies are protected from foreign surveillance and traitors from within. In other words, these mandates are based on a national security imperative.

However, similar mandates for corporations and ordinary citizens are based on a diametrically opposite imperative – surveillance. Therefore these mandates usually require the use of standards that governments can compromise usually via a brute force method (wherein supercomputers generate and attempt every possible key) and smaller key-lengths for it is generally the case that the smaller the key-length the quicker it is for the supercomputers to break in. These mandates, unlike the ones for state, military, intelligence and law enforcement agencies, interfere with the market-based voluntary adoption of standards and therefore are examples of inappropriate regulation that will undermine the security and stability of information societies.

Plain-text storage requirement

First, the draft policy mandates that Business to Business (B2B) users and Consumer to Consumer (C2C) users store equivalent plain text (decrypted versions) of their encrypted communications and storage data for 90 days from the date of transaction. This requirement is impossible to comply with for three reasons. Foremost, encryption for web sessions are based on dynamically generated keys and users are not even aware that their interaction with web servers (including webmail such as Gmail and Yahoo Mail) are encrypted. Next, from a usability perspective, this would require additional manual steps which no one has the time for as part of their daily usage of technologies. Finally, the plain text storage will become a honey pot for attackers. In effect this requirement is as good as saying “don’t use encryption”.

Second, the policy mandates that B2C and “service providers located within and outside India, using encryption” shall provide readable plain-text along with the corresponding encrypted information using the same software/hardware used to produce the encrypted information when demanded in line with the provisions of the laws of the country. From the perspective of lawful interception and targeted surveillance, it is indeed important that corporations cooperate with Indian intelligence and law enforcement agencies in a manner that is compliant with international and domestic human rights law. However, there are three circumstances where this is unworkable: 1) when the service providers are FOSS communities like the TOR project which don’t retain any user data and as far as we know don’t cooperate with any government; 2) when the service provider provides consumers with solutions based on end-to-end encryption and therefore do not hold the private keys that are required for decryption; and 3) when the Indian market is too small for a foreign provider to take requests from the Indian government seriously.

Where it is technically possible for the service provider to cooperate with Indian law enforcement and intelligence, greater compliance can be ensured by Indian participation in multilateral and multi-stakeholder internet governance policy development to ensure greater harmonisation of substantive and procedural law across jurisdictions. Options here for India include reform of the Mutual Legal Assistance Treaty (MLAT) process and standardisation of user data request formats via the Internet Jurisdiction Project.

Regulatory design

Governments don’t have unlimited regulatory capability or capacity. They have to be conservative when designing regulation so that a high degree of compliance can be ensured. The draft policy mandates that citizens only use “encryption algorithms and key sizes will be prescribed by the government through notification from time to time.” This would be near impossible to enforce given the burgeoning multiplicity of encryption technologies available and the number of citizens that will get online in the coming years. Similarly the mandate that “service providers located within and outside India…must enter into an agreement with the government”, “vendors of encryption products shall register their products with the designated agency of the government” and “vendors shall submit working copies of the encryption software / hardware to the government along with professional quality documentation, test suites and execution platform environments” would be impossible for two reasons: that cloud based providers will not submit their software since they would want to protect their intellectual property from competitors, and that smaller and non-profit service providers may not comply since they can’t be threatened with bans or block orders.

This approach to regulation is inspired by license raj thinking where enforcement requires enforcement capability and capacity that we don’t have. It would be more appropriate to have a “harms”-based approach wherein the government targets only those corporations that don’t comply with legitimate law enforcement and intelligence requests for user data and interception of communication.

Also, while the “Technical Advisory Committee” is the appropriate mechanism to ensure that policies remain technologically neutral, it does not appear that the annexure of the draft policy, i.e. “Draft Notification on modes and methods of Encryption prescribed under Section 84A of Information Technology Act 2000”, has been properly debated by technical experts. According to my colleague Pranesh Prakash, “of the three symmetric cryptographic primitives that are listed – AES, 3DES, and RC4 – one, RC4, has been shown to be a broken cipher.”

The draft policy also doesn’t take into account the security requirements of the IT, ITES, BPO and KPO industries that handle foreign intellectual property and personal information that is protected under European or American data protection law. If clients of these Indian companies feel that the Indian government would be able to access their confidential information, they will take their business to competing countries such as the Philippines.

And the good news is…

On the other hand, the second objective of the policy, which encourages “wider usage of digital Signature by all entities including Government for trusted communication, transactions and authentication” is laudable but should have ideally been a mandate for all government officials as this will ensure non-repudiation. Government officials would not be able to deny authorship for their communications or approvals that they grant for various applications and files that they process.

Second, the setting up of “testing and evaluation infrastructure for encryption products” is also long overdue. The initiation of “research and development programs … for the development of indigenous algorithms and manufacture of indigenous products” is slightly utopian because it will be a long time before indigenous standards are as good as the global state of the art but also notable as an important start.

The more important step for the government is to ensure high quality Indian participation in global SSOs and contributions to global standards. This has to be done through competition and market-based mechanisms wherein at least a billion dollars from the last spectrum auction should be immediately spent on funding existing government organisations, research organisations, independent research scholars and private sector organisations. These decisions should be made by peer-based committees and based on publicly verifiable measures of scientific rigour such as number of publications in peer-reviewed academic journals and acceptance of “running code” by SSOs.

Additionally the government needs to start making mathematics a viable career in India by either employing mathematicians directly or funding academic and independent research organisations who employ mathematicians. The basis of all encryptions standards is mathematics and we urgently need the tribe of Indian mathematicians to increase dramatically in this country.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-26-09-2015-sunil-abraham-hits-and-misses-with-draft-encryption-policy

Open Governance and Privacy in a Post-Snowden World : Webinar

vanya — 2015-10-04T11:09:12Z

On 10th September 2015, the OGP Support Unit, the Open Government Guide, and the World Bank held a webinar on “Open Governance and Privacy in a Post-Snowden World” presented by Carly Nyst, Independent consultant and former Legal Director of Privacy International and Javier Ruiz, Policy Director of Open Rights Group. This is a summary of the key issues that were discussed by the speakers and the participants.

See Open Governance and Privacy in a Post-Snowden World

Summary

The webinar discussed how Government surveillance has become an important and key issue in the 21^st century, thanks to Edward Snowden. The main concern raised was with respect to what a democracy should look like in the present day. Should the states’ use of technology enable state surveillance or an open government? Typically, there is a balance that must be achieved between the privacy of an individual and the security of the state – particularly as the former is primarily about social rights and collective interest of citizens.

At the international level, the right to privacy has been recognized as a basic human right and an enabler of other individual freedoms. This right encapsulates protection of personal data where citizens have the authority to choose whether to share or reveal their personal data or not. Due to technological advancement that has enabled collection, storage and sharing of personal data, the right to privacy and data protection frameworks have become of utmost importance and relevance with regard to open government efforts. Therefore, it is important for Governments to be transparent in handling sensitive data that they collect and use.

Many countries have also introduced laws to balance the right to privacy and right to information. The role of the private sector and NGOs involved in enabling an open and transparent government must also be duly addressed at a national level.

Key Questions:

Why should the government release information?

There are multiple reasons for doing so including:

For the purposes of research and public policy (which relates to healthcare, social issues, economics, national statistics, census, etc.)

Transparency and accountability (politicians, registers, public expenses, subsidies, fraud, court records, education)

Public participation and public services (budgets, anti-corruption, engagement, and e-governance).

However, all these have certain risks and privacy implications:

Risk of identification of individual: Any individual whose information is released has the risk of identification, followed by issues like identity theft, discrimination, stigmatization or repression. Normally, the solution for this would be anonymization of the data; however, this is not an absolute solution. Privacy laws can generally cope with such risks, but with pseudonymous data it becomes difficult in preventing identification.
Profiling of social categories which can lead to discrimination: In such a situation, policies and other legislations regulating the use of data and providing remedy for violations can help.
Exploitation and unfair/unethical use of information: When understanding the potential exploitation of information it is useful to consider who is going to benefit from the release of information. For example, in UK, with respect to release of Health Data, the main concern is that people and companies will benefit commercially from the information released, despite of the result potentially being improved drugs and treatment.

What are the Solutions?

The webinar also discussed potential solutions to the questions and challenges posed. For example, when commitments of Open Government Data Partnership are considered, privacy legislations must also be proposed. Further, key stakeholders must make commitments to take pro-active measures to reduce informational asymmetries between the state and citizens. To reduce the risks, measures must be taken to publish what information the State has or what the Government knows about the citizens. For example, in UK, within the civil society network, it is being duly considered in the national plan that the government will publicize how it will share data and have a centralized view on the process of information handling and usage of the data.

The Open Government Guide provides for Illustrative Commitments like enactment of data protection legislation, establishing programmes for awareness and assessment of their impact, giving citizens control of their personal information and the right to redress when that information is misused, etc.

Surveillance

The issue of surveillance and the role of privacy in an open government context was also discussed. The need for creating a balance between the legitimate interest of national security and the privacy of individuals was emphasized. With the rise of digital technologies, many governmental measures pertaining to surveillance intervene in individual privacy. There are many forms of surveillance and this has serious privacy implications, especially in developing countries. For example:

Communications surveillance
Visual surveillance
Travel surveillance

This raises the question: When is surveillance legitimate and when must it be allowed?

The International Principles on the Application of Human Rights to Communications Surveillance acts as a soft law and tries to set out what a good surveillance system looks like by ensuring that governments are in compliance with international human rights law.

In essence surveillance does not violate privacy, however, there must be a clear and foreseeable legal framework laying circumstances when the government has the power to collect data and when individuals might be able to foresee when they might be under surveillance.

Also, a competent judicial authority must be established to oversee surveillance and keep a check on executive power by placing restrictions on privacy invasions. The actions of the government must be proportionate and the benefits must not outweigh harm caused by surveillance.

Role of openness in a “mass surveillance” state

Surveillance measures that are being undertaken by governments are increasingly secretive. The European court of Human Rights has held that Secret surveillance may undermine democracy under the cloak of protecting it. Hence, open government and openness will work towards protecting privacy and not undermining it.

To balance the measure of government surveillance with privacy, there is a need to publish laws regulating such powers; publish transparency reports about surveillance, interception and access to communications data; reform legislations relating to surveillance by state agencies to ensure it complies with human rights and establish safeguards to ensure that new technologies used for surveillance and interception respect the right to privacy.

Conclusion

The conclusion one can draw is that Privacy concerns have gained importance in today’s data driven world. The main question that needs to be answered is whether Government’s should adopt surveillance measures or adopt an Open Government?

Considering equal importance of national security and privacy of individuals, it is required that a balance must be crafted between the two. This could be possibly done by enacting foreseeable and clear laws outlining scope of surveillance by the Government on one hand, and informing citizens about such measures on the other. Establishment of a competent judicial authority to keep a check on Government actions is also suggested to work out the delicate balance between surveillance and privacy.

For more details visit https://cis-india.org/internet-governance/blog/open-governance-and-privacy-in-a-post-snowden-world-webinar

Govt presses 'undo' button on draft encryption policy

praskrishna — 2015-09-25T01:55:57Z

The decision came a day before PM embarked on a visit to the US, where he is expected to meet leaders of firms such as Apple, Facebook, Google and Tesla.

The article was published in Business Standard on September 23, 2015. Sunil Abraham gave inputs.

The government on Tuesday scrapped a draft national encryption policy that mandated firms and individuals to allow authorities access to all encrypted information on email, apps, websites and business servers.

The decision came a day before Prime MinisterNarendra Modi embarked on a visit to the US, where he is expected to meet leaders of firms such as Apple, Facebook, Google and Tesla. Activists and executives from technology firms had expressed outrage on the draft policy, saying the move would have taken India a step back in technology adoption.

At a meeting of the Union Cabinet on Tuesday, Modi was livid at the controversy generated by the draft policy and directed officials to withdraw it ahead of his US trip, sources said.

The draft had global ramifications, as Facebook,Twitter and messaging apps such as WhatsApp were named in it.

Ravi Shankar Prasad, Union minister for communications and information technology, distanced the government from the draft hosted on the IT department site, but admitted it gave “uncalled-for misgivings”. He directed officials to rework the draft but did not set a timeframe for seeking feedback from the public.

“Yesterday (Monday), it was brought to our notice that the draft had been put in the public domain for, seeking comment. I read the draft. I understand that the manner in which it was written could lead to misconceptions. I have asked for the draft policy to be withdrawn and reworded. I personally feel some of the expressions used in the draft are giving rise to uncalled-for misgivings,” Prasad said. “Experts had framed the draft policy. It is not the government’s final view.”

According to the original draft, the encryption policy sought every message sent by a user, be it through services such as WhatsApp, an SMS or an email, be mandatorily stored in plain text format for 90 days and made available on demand to security agencies. Failure to do so, it added, would draw legal action.

This was because typically, all messaging apps and services such as WhatsApp, Viber, Line, Google Chat and Yahoo! Messenger have high levels of encryption, which security agencies find hard to crack and intercept.

Early on Tuesday, before Prasad announced the withdrawal of the draft policy, the government had issued an addendum to keep social media and web applications such as WhatsApp, Twitter and Facebook out of its purview.

In a three-point clarification, the Department of Electronics and Information Technology (DeitY) said some encryption products were exempt. “Mass-use encryption products, currently being used in web applications, social media sites and social media applications, such as WhatsApp, Facebook and Twitter…SSL/TLS encryption products being used in internet banking and payment gateways, as directed by the Reserve Bank of India”, and SSL/TLS encryption products being used for e-commerce and password based transactions,” it said.

“Ideally, the new policy should only focus on two objectives: It should mandate encryption standards within the government, military, law enforcement and intelligence agencies. It shouldn’t regulate the use of encryption by the private sector; the private sector should be allowed to use whatever it believes is appropriate, as long as it is considered a reasonable security measure by courts, under section 43A of the IT Act,” said Sunil Abraham, director,Centre for Internet and Society (CIS).

Prasad reiterated the government, under the leadership of Prime Minister Narendra Modi, had promoted social media activism. “The right of articulation and freedom we fully respect. But at the same time, we need to acknowledge that cyber space transaction is rising enormously for individuals, businesses, the government and companies,” he said.

Opposition parties slammed the Draft policy. Congress communications in-charge Randeep Surjewala said, “Subjugation of individual freedom, surveillance of the citizen and suppression of dissent have emerged as the DNA of the Narendra Modi-led BJP government. The draft policy on encryption, first circulated, then amended and now, withdrawn with a rider for re-issuing it, is a totalitarian, misconceived and a failed attempt of the Modi government to override all sense of individual freedom of speech and expression and encroach upon the right to privacy of communication…With 243.1 million internet users in India at the end of 2014 (173 million being mobile internet users), 112 million Facebook users, 80 million WhatsApp users, 22 million Twitter users and 950 million mobile connections, the intrusion of individual liberty is fraught with dangerous dimensions under the Modi government.”

Aam Aadmi Party spokesperson Raghav Chadha said, “Only a fascist government can bring such a policy. The draft policy was in violation of the right to personal liberty and the fundamental tenets of freedom of speech and expression…the draft policy was for snooping. It presupposes the 1.2 billion people of India are potential criminals. It reflects the inclination of the government and its intention to turn India into a totalitarian state.”

ABOUT THE NATIONAL ENCRYPTION POLICY

Five things the government draft policy wanted

Information security for individuals, businesses and government agencies
Development of indigenous encryption standards
Use of digital signatures to authenticate transactions
Legal interception and data retention
Service providers to register under appropriate government agency

Things that caused outrage

Regulation of private sector encryption
Storage of all encrypted communications for

90 days

Gaining backdoor into private communications of users

Amendment & withdrawal

Omission of mass encryption products such as those used by social networks
Withdrawal of draft policy following Ravi Shankar Prasad’s statement

For more details visit https://cis-india.org/internet-governance/news/business-standard-september-23-2015-govt-presses-undo-button-on-draft-encryption-policy

The Internet in the Indian Judicial Imagination

Divij Joshi — 2015-09-09T05:26:50Z

This post by Divij Joshi is part of the 'Studying Internets in India' series. Divij is a final year student at the National Law School of India University, Bangalore and is a keen observer and researcher on issues of law, policy and technology. In this essay, he traces the history of the Internet in India through the lens of judicial trends, and looks at how the judiciary has defined its own role in relation to the Internet.

Introduction

On the 14th of August, 1995, the eve of the 48th anniversary of Indian Independence, India began a new, and wholly unanticipated tryst with destiny - Videsh Sanchar Nigam Limited (VSNL) launched India's first full Internet service for public access [1]. In 1998, just a few years after VSNL introduced dial-up Internet, around 0.5% of India’s population had regular Internet access. By 2013, the latest estimate, 15% of the country was connected to the Internet, and the number is growing exponentially [2]. As the influence of the Internet grew, the law and the courts began to take notice. In 1998, there were four mentions of the Internet in the higher judiciary (the High Courts in States and the Supreme Court of India), by 2015, it was referred to in hundreds of judgements and orders of the higher judiciary [3].

The revolutionary capacity of the Internet cannot be understated. It has played a critical part in displacing, creating and enhancing social structures and institutions – from the market, to ideas of community – and its potential still remains unexplored. The Internet has also unsettled legal systems around the world, because of its massive potential to create very new forms of social and legal relationships and paradigms which extant law was unequipped for. The dynamism of the Internet means that legislation and statutory law, being static and rigid, is inherently ill suited for the governance of the Internet, and much of this role is ultimately ceded to the judiciary. In a widely unregulated policy background, the role played by this institution in identifying and dealing with the peculiar nature of regulatory issues on the Internet – such as the central role of intermediaries, the challenges of intellectual property rights concerns, the conflicts of law between different jurisdictions, and the courts’ own role in being a regulator – is tremendously important. In this article, an attempt is made to weave a thread through judicial decisions as well as judicial obiter (or peripheral text) regarding the Internet, to explain how the judiciary has captured and defined the Internet and its capacities, potentials and actors, and what effects this has on the Internet and on society. Inter alia, this article examines how judicial disputes have shaped internet policy in India.

The Internet and the Role of the Courts

The relationship between the law and technology is reminiscent of the famous paradox posed by the greek philosopher Zeno – Achilles and a tortoise agree to race. The tortoise has a head start, and, by the logic of the paradox, Achilles is never able to catch up to him. Every time Achilles covers the distance between himself and the tortoise at any point, the tortoise has moved ahead some distance, which need to be covered once again. As Achilles covers that distance, the tortoise has once again moved a distance away, and so on, to infinite progression, proving that Achilles can never catch up to the tortoise [4].

The legal regulation of the Internet follows a similar path. The Internet was not an immediate concern for law and policy, which meant that its evolution was largely determined in a space free from centralized governmental regulation. By the time parliaments and courts began to understand the implications of Internet regulation, it was apparent that such regulation would be constrained by the very features of the Internet. The core feature of the Internet is decentralization of control, which is necessarily antithetical to creating a centralized legal regulation with. Moreover, the constant mutation in the function and use of the technology renders statutory law incredibly ineffective in being an adequate regulator. Even where legislatures determined a need to step in and draw special regulations for the Internet, they need to be either so broad or vague that they cede much of the regulatory space to interpreters – the courts – or be so specific that much of the regulation quickly becomes obsolete. Most importantly, the final authority to determine matters of constitutional import such as the content and scope of fundamental rights rests with the higher judiciary. In this scenario, the courts become the de facto policy makers for regulating technology. In light of our current political and social context, where the level of legislative debate on issues of public importance and constitutional import is negligible, the judiciary’s analysis of Internet regulation becomes even more important [5].

The judiciary is thus in a unique position to decide Internet policy and governance. The preliminary question is whether there is even a need to talk about the Internet as a special system with distinct policy concerns. The regulation of the Internet is certainly fundamental to the development of knowledge and education in societies, but do its unique features merit a departure from traditional law? The second and connected question is whether the law can actually play a role in determining how the Internet is shaped, i.e. how does technology respond to the law? The architecture of the system that defines the functionality of the Internet – like the TCP/IP protocol – has embodied certain values such as decentralization, autonomy, openness and privacy [6], which have to a large extent underlined the social and ethical implications of the Internet – the way it is used, the way it functions and the way it grows. These were the values explicitly introduced into the systems we use today to communicate and interact on the Internet [7]. However, there is no a priori, fixed nature of the Internet. The form the technologies that make up the Internet take, depend upon its architecture and its design, which are malleable, and to which laws contribute by incentivizing certain values and encumbering others. The legal regulation of the Internet, therefore critically affects the architecture of the system, and promotes and secures certain values.

Recognizing the effect of law upon the architecture of the Internet is critical to any balancing exercise that the judiciary has to conduct when it decides disputes about the Internet. The Internet is a unique public resource, in that its participants are (mostly) private actors pursuing a vareity of goals and interests. The values outlined above emerged in this context, where control was decetnralized and regulation depended to a large extent upon how these disparate parties act. However, the same values also disturb existing structures to control information for legitimate causes - such as protecting intellectual property rights or preventing hate speech. Adjudicating these values, often in the absence of any explicit social or political moral framework (with respect to lack of legislative or constitutional guidance on these values), the judicial responses end up as policy directions that shape the Internet. Seen outside a broader, progressive social context, which takes into account the impact of shaping technologies to reflect values, interests on the Internet are generally adjudicated and enforced as proprietary rights between private actors, which ultimately results in changing the dynamics and relative distribution of control over the technologies that make up the Internet. This proprietory conception of interests on the Internet is highly insular, and tends to undermine the intersts of the public as a stakeholder in the regulation of the Internet. This can play out in many ways – from regulation being overwhelmingly determined according to private interests like restricting new technologies in order to protect intellectual property; or with private actors imputed as the focal point of regulation, and therefore given massive control over the Internet. However, the courts can take a different approach to regulating the Internet. The judiciary, especially the Indian Supreme Court, has a generally activist trend, especially in environmental matters [8]. One of the most elegant principles invoked by the courts for the protection of the common environment, has been the public trust doctrine, which postulates that certain (environmental) resources exist for the public benefit and can only be eroded upon to ensure that they develop in the most beneficial way for the common resources [9]. A commons approach to the Internet would require a comprehensive evaluation of the roles played by different actors across different layers of the Internet and how to regulate them [10], but would be principally similar, in that rules of private property would be constrained by potential spillover effects on intellectual information resources.

As a prelude to examining the judicial analysis of the Internet, it is interesting to examine the judiciary’s own perception of its role in Internet regulation. Courts are constrained in their exercise of power by rules of jurisdiction, which become incredibly convoluted on the Internet. A broad assertion of state power over the net can potentially fragment it, which is an obvious problem. At the same time, state sovereignty and protection of the interests of its citizens and laws has to be balanced with the above concerns [11]. The judiciary in India first attempted to grapple with the problem by exercising ‘universal jurisdiction’ over all actions on the Internet, which allowed the Court to claim jurisdiction over a defendant as long as the website or service could be accessed from within its jurisdiction [12]. This broad-reaching standard was antithetical to the development of a harmonized, unfragmented Internet and created problems of jurisdictional and sovereign conflict. As the implications of such a direction became clear, the court evolved different standards for jurisdiction which were based on whether the Internet service had some connection with the territorial jurisdiction of the court in question. The judiciary began to develop caution in its approach towards exercising personal jurisdiction in Internet cases, first applying the ‘interactivity test’ and then the ‘specific targeting’ standards for questions of jurisdiction [13]. However, the judiciary continues to adhere to a ‘long-arm’ standard for copyright and trademark violations, which allows it to extend its jurisdiction extra-territorially under those laws, through rather specious analogies with pre-internet technologies. For example, in WWE v Reshma [14], the Court explicitly analogized sale of services or goods on the Internet with contracts concluded over the telephone. Although analogies provide a comfortable framework for analysis, they also shield important distinctions between technologies from legal analysis. Problems arising from Internet cases – where many actors across many jurisdictions are involved in varying degrees – are unique to Internet technologies and such analogies ignore these important distinctions. Morever, in all the above cases, the judiciary’s assertions of power over the Internet seems to be restricted only by pragmatic regulatory concerns (such as whether personal obedience of the defendant can be secured) and its evolving understanding of questions of jurisdiction are explicitly linked to changes in the use and perception of the Internet and an understanding of interactivity and communication on the Internet.

The Early Internet and Judicial Perceptions

The Internet crept into the judicial vocabulary in 1996; a year after public access was made available, when the Supreme Court first took cognizance of ‘Internet’ as a means of interlinking countries and gathering information instantaneously [15]. Several other cases in the High Courts also spoke of the ‘Information Highway’ [16] and the various services that companies were offering, which could be availed by individuals on the Internet [17]. This corresponded with the popular understanding of the ‘first wave’ of the Internet, mostly relating to business providing services and information to users on the World Wide Web or as a space for limited personal interaction (such as through email) [18].

Some of the earliest cases where the Courts had the opportunity to examine the nature of the Internet were related to Intellectual Property on the Internet, specifically trademark and copyright in the online world. The Domain Name System, which serve to identify devices accessible on the Internet, was one of the first regulatory challenges on the Internet. Domain name disputes were unprecedented in the analog world of intellectual property, since domain names were uniquely scarce goods due to the limitations of the DNS technology. In India, the Delhi High Court in the case of Yahoo v Akash Arora first took cognizance of regulatory challenges of the DNS system on the Internet, a space which it conceptualized as a large public network of computers, and held that domain names serve the same functions on the Internet as trademarks. This case saw the recognition of the Internet as a separate, regulable space, which the Court defined as “a global collection of computer networks linking millions of public and private computers around the world.” The Court recognized some of the core, democratic features of the Internet: “The Internet is now recognized as an international system, a communication medium that allows anyone from any part of the lobe with access to the Internet to freely exchange information and share data.” In this case, the Court upheld traditional trademark rights in the case of use of domain names. The Court’s first recognition of trademark on the Internet heralded the imputation of proprietary interests on the decentralized, shared network that was the Internet, and was a precursor to the many such cases, which mostly focused on private commercial concerns. Even as the Court understood the importance of the Internet commons, i.e. the information and architecture that makes up the Internet, it chose to ignore concerns of public interest in the openness of those commons, in its balancing of proprietary rights for trademark cases. The commercial significance of the Internet was echoed in the Rediff case, where the Bombay High Court opined that “Undoubtedly the Internet is one of the important features of the Information Revolution. It is increasingly used by commercial organisations to promote themselves and their product and in some cases to buy and sell” [19]. Moreover, in these early cases, the law of the analog age was applied wholesale to the Internet, without examining in-depth the possible differences in principle and approach, providing no precedent for the development of an ‘internet law’ [20]. Overly focussed on the proprietary nature of Internet interests, the conception of the Internet as a non-commercial space for collaboration at a decentralized or an individual level is absent from the judicial vocabulary at this stage.

Private Actors and Public Interest

The Internet permits decentralization in the hands of several private actors, which makes control of information over it so difficult. However, the information and technology that makes up the Internet are also highly centralized at certain nodal points, such as the services which provide the physical infrastructure of the Internet (like ISPs) or intermediaries which create platforms for distribution of information. Since the Internet has no centralized architecture to enable governmental control, these private intermediaries fall squarely in the crosshairs of regulatory concerns, specifically concerning their liability as facilitators of offensive or illegal content and actions. Facebook, Ebay, Twitter, Myspace, YouTube and Google are examples of private actors that have emerged as dominant service providers that host, index or otherwise facilitate access to user-generated content. Other forms of intermediaries, such as software like Napster or torrent databases like The Pirate Bay, are responsible for driving the growth of Internet-based technologies, like new modes of information sharing and communication. These services have emerged as the most important platform for sharing of information and free speech on the Internet. Most of the interaction and communication on the Internet takes place through these intermediaries and therefore they are in a position to control much of the speech that takes place online. The implications of regulating such actors are quite enormous, and its context is unique to the Internet. These private actors now control the bulk of the information that is shared online, and many of them have almost monopolistic control over certain unique forms of information sharing – think Google in the case of search engines. Developing an adequate regulatory mechanism for them is therefore critical to the future of the net. If the laws do not adequately protect their ability to host content without being liable for the same, it is likely that these actors will lean towards collateral censorship of speech beyond that which is prohibited by law, simply to protect against liability. Secondly, such liability would tend to disincentivise the creation of new platforms and services that increase access to knowledge, which have been integral to innovation on the Internet [21]. The issue of intermediary liability at this scale is unique to the Internet. The court has to adequately frame policy considerations which strike at the fundamental nature of the Internet, such as intellectual property and access to information. At the same time, concerns about legal accountability need to also be addressed. The approach that courts have taken towards the role of intermediaries is therefore critical towards any examination of Internet regulation [22].

In India, the first court to explicitly examine the public importance in issues of online intermediary liability was in the context of regulation of pornography, specifically child pornography, which has been a mainstay of regulatory concerns on the Internet. The case prompted legislative action in the form of creating rules to secure intermediary immunity. In this case the Court imputed liability for the listings of certain offensive content upon the owners of the website, Bazzee.com. Hard cases make bad law, and the same was true of this case. Referring to the challenges of regulating content on the Internet, due to the inability of methods to screen and filter such content, the Court held that intermediaries must be strictly liable for all offensive content on their site. The Court held that:

The proliferation of the internet and the possibility of a widespread use through instant transmission of pornographic material, calls for a strict standard having to be insisted upon. Owners or operators of websites that offer space for listings might have to employ content filters if they want to prove that they did not knowingly permit the use of their website for sale of pornographic material…even if for some reason the filters fail, the presumption that the owner of the website had the knowledge that the product being offered for sale was obscene would get attracted.

Intermediaries, therefore, were imputed with the liability of controlling ‘obscene’ speech – a vague and over-broad standard which did not account for the realities of online speech [23]. The above analysis reflects the judiciary’s refusal to take into account the technical concerns on the Internet which ultimately shape its architecture – and the limitations of the judiciary in reflecting upon their own role in policy making on the internet. Ultimately, the decision was overturned by a legislative act, which invoked different standards of liability for intermediaries.

In Consim Info Pvt. Ltd vs Google India Pvt. Ltd [24], the Madras High Court considered “Keyword Advertising” and the liability of search engines and competitors for ‘meta-tags’ that resulted in search engine results which may divert a trademark holder’s traffic. Google’s AdWord programme, which allows purchase of certain ‘keywords’ for the search engine results, and can potentially enable certain forms of trademark infringement, was at issue [25]. Trademarks as AdWords or search terms fulfil and important social utility of information access [26]. However, the Court’s reasoning was conspicuously missing an analysis of the public interest in protecting and promoting search engines, which were important concerns taken into account when these issues were deliberated in other forums [27]. The Court saw this dispute only taking into account private property interests and not public interest considerations, such as the general public benefit of technology which enables new forms of searching and indexing. In fact, an argument by the defendant based on the fundamental right to free (commercial) speech was raised and ignored by the court. The Court therefore ignored the public importance of search engines in favour of protecting proprietary interests which arose in a different context.

Copyright law also has tremendous implications on the Internet. As the Internet became the primary mode for the distribution of different kinds of information and creative content, the very ease of sharing that contributed to its popularity made it prone to violations of copyright, and this created a conflict between the interests of traditional rights holders and the development of the Internet as a means of better sharing of information and knowledge. The problem of holding intermediaries liable for conduct has been compounded in cases where the Court ordered ex-parte ‘John Doe’ orders against unknown defendants likely to be infringing copyright, and imputed the liability for removal of such content on the intermediaries or ISP’s, effectively issuing wide blocking orders without considering their implications or even providing a fair hearing [28]. In RK Productions [29], for instance, when holding that ISPs could be liable for failure to follow blocking orders against infringing content, the Madras High Court described the role of ISPs, such as Airtel and VSNL, as “vessels for others to use their services to infringe third party works.” Once again, the court took a particularly pessimistic view of the Internet’s capabilities, limiting its analysis to the ISP’s function in facilitating infringement and holding that “Without the ISPs, no person would be in a position to access the pirated contents nor would the unknown persons be in a position to upload the pirated version of the film.” In Myspace, the Delhi High Court held that no different standard for secondary infringement (by intermediaries) applied on the Internet, and imputed the same standard as in the 1957 Copyright Act. (In fact, it explicitly compared Myspace to brick and mortar shops selling infringing DVD’s or CD’s) [30]. The Court held that the principles of immunity under the IT Act were overridden by the provisions of the Copyright Act, and then went on to impute a strict standard for intermediaries seeking safe harbor for infringing material, including, inexplicably, that provision of some means to tackle infringement would be sufficient proof of knowledge of actual infringement, and therefore implicating mere passive platforms as infringers. Further, the Court expressly rejected a post-hoc solution for the same, and held that the intermediaries must ensure prior restraint of infringing works to escape liability. The claims that arise in cases of infringement of intellectual property on the Internet, specifically in the liability of intermediaries, are unique, and have unique implications. The inability or refusal of the judiciary to identify claims of freedom of speech and freedom of information of the larger public within the internet commons, in response to broad censorship orders for preventing infringement means that implicitly, policy takes a direction that favours private interests.

An analysis of the above cases shows that important implications of intermediary liability such as the effect on the public’s access to information and the freedom of speech in the context of the Internet did not play a role in the Courts decisions. In particular, the examination of cases above shows that private disputes are now at the forefront of issues of public importance. The Courts have unfortunately taken an insular view of these disputes, adjudicating them as inter-party, without considering the public function that private players on the Internet provide, and how their decisions should factor in these considerations.

However, the recent case of Shreya Singhal v Union of India [31], decided by the Supreme Court this March, hopefully announces a departure from this insular examination of the Internet towards a constitutional analysis, where framing an appropriate public policy for the Internet is at the forefront of the Court’s analysis.

Shreya Singhal and Constitutionalizing the Internet

In March, 2015, the Supreme Court of India struck down the notoriously abused Section 66A of the Information Technology Act, which criminalized certain classes of speech, and hopefully heralded a new phase of Internet jurisprudence in India, which imports constitutionalism into matters of cyberspace. Section 66A, premised on the pervasiveness of the Internet, criminalized online speech on vague grounds such as ‘grossly offensive’ or ‘menacing’. The Court’s examination of the nature of the Internet is particularly important. While dismissing a challenge that speech on the Internet should not be treated as distinct from other speech, the Supreme Court opined that “the internet gives any individual a platform which requires very little or no payment through which to air his views”, and by this reasoning concluded that to a limited extent, specific offences could be drawn for online speech. However, this understanding of the features of the Internet – the democratization of knowledge sharing by making it cheap and expansive, was implicit throughout the Court’s judgement, which upheld the idea of the Internet as a ‘marketplace of ideas’ and a space for free and democratic exchange, and struck down the impugned restrictive provisions as unconstitutional, in part because of their vagueness and likelihood to censor legitimate speech, bearing no relation to the constitutional restrictions on free speech under Article 19(2). Moreover, the Court understood the importance of collateral censorship and intermediary safe harbor, although only briefly examined, and read down expansive intermediary liability terms under the IT Rules to include prior judicial review of takedown notices [32].

Hopefully, the Shreya Singhal judgement marks the beginning of constitutional engagement of the judiciary with the Internet. At this moment itself, the Supreme Court is grappling with questions of limitations of online pornography [33]; search engine liability for hate speech [34]; intermediary liability for defamation [35]; and liability for mass surveillance. How the Supreme Court takes cognizance of these cases, how they ultimately proceed, and how they take into account the principles sounded by the Shreya Singhal court, will have a tremendous impact on the internet and society in India.

Conclusion

This article was an attempt to study the Internet in India, and look at the relationship between the judiciary and the Internet. But ‘the Internet’ is not some fixed, immutable space, and any study has to take this into account. The function of the Internet depends upon the values built in to it. These values can be in favor of free speech, or enable censorship. They can protect privacy, or enable mass surveillance. The growth of the Internet as a medium of free speech and expression has been fuelled to a large extent in the spaces free of legal regulation, but the law is perhaps the most important regulator of the Internet, in its ability to use state power to create incentives for certain values, and to change the nature of the Internet. This study, therefore, charted the dynamic relationship between judicial law and other factors responsible for the regulation of the Internet.

For a technology which is so pervasive in our daily lives, and growing in importance day by day, it is surprising that the Supreme Court of India has only recently taken cognizance of constitutional issues on the Internet. While important internet-specific issues have arisen in disputes before the judiciary, judicial examination has generally ignored technical nuances of the new technology, and furthermore ignored the wider implications of framing Internet policy by applying rules that applied in other contexts, such as for copyright or trademark. Without a clear articulation of political and moral bases to guide Internet policy, a clear policy-driven approach to the Internet remains absent, and the regulatory space has been captured by fragmented interest groups without an assessment of larger interests in maintaining the Internet commons, such as allowing peer-based production and sharing of information.

There is, however, reason to be optimistic about the courts and the Internet. The Supreme Courts reaffirmation and identification of the freedom of speech on the Internet in Shreya Singhal, will, hopefully, resonate in the policy decisions of both the courts and legislators, and the internet can be reformulated as a space deserving constitutional scrutiny and protection.

References

[1] VSNL Starts India's First Internet Service Today, The Indian Technomist, (14th August, 1995), available at http://dxm.org/techonomist/news/vsnlnow.html.

[2] Internet Statistics by Country, International Telecommunication Union, available at http://www.itu.int/en/ITU-D/Statistics/Pages/stat/default.aspx.

[3] Source: http://manupatra.com/.

[4] Nick Huggett, Zeno's Paradoxes, The Stanford Encyclopedia of Philosophy, Edward N. Zalta (ed.), available at http://plato.stanford.edu/archives/win2010/entries/paradox-zeno/.

[5] See: http://indianexpress.com/article/india/india-others/a-little-reminder-no-one-in-house-debated-section-66a-congress-brought-it-and-bjp-backed-it/; Publicly available records of Lok Sabha debates also show no mention of this controversial law.

[6] I take values to mean certain desirable goals and methods, which could be both intrinsically good to pursue and whose pursuit allows other instrumental goods to be achieved. See Michael J. Zimmerman, Intrinsic vs. Extrinsic Value, The Stanford Encyclopedia of Philosophy, Edward N. Zalta (ed.), available at http://plato.stanford.edu/archives/spr2015/entries/value-intrinsic-extrinsic/.

[7] Hellen Nissenbaum, How Computer Systems Embody Values, Computer Magazine, 118, (March 2001), available at https://www.nyu.edu/projects/nissenbaum/papers/embodyvalues.pdf.

[8] S.P. Sathe, Judicial Activism: The Indian Experience, 6 Washington University Journal of Law & Policy, 29, (2001).

[9] M.C. Mehta v. Kamal Nath and Ors., 2000(5) SCALE 69.

[10] Yochai Benkler, From Consumers to Users: Shifting the Deeper Structures of Regulation Toward Sustainable Commons and User Access, 52(3) Federal Communications Law Journal, 561, (2000).

[11] Thomas Shultz, Carving up the Internet: Jurisdiction, Legal Orders, and the Private/Public International Law Interface, 19(4) European Journal Of International Law, 799, (2008); Wendy A. Adams, Intellectual Property Infringement in Global Networks: The Implications of Protection Ahead of the Curve, 10 Int’l J.L. & Info. Tech, 71, (2002).

[12] Casio India Co. Limited v. Ashita Tele Systems Pvt. Limited, 2003 (27) P.T.C. 265 (Del.) (India).

[13] Banyan Tree Holding (P) Ltd. v. A. Murali Krishna Reddy & Anr., CS(OS) 894/2008.

[14] World Wrestling Entertainment v. Reshma Collection (FAO (OS) 506/2013 (Delhi).

[15] Dr. Ashok v. Union of India and Ors., AIR 1997 SC 2298.

[16] Rajan Johnsonbhai Christy vs State Of Gujarat, (1997) 2 GLR 1077.

[17] Union Of India And Ors. Vs. Motion Picture Association And Ors, 1999 (3) SCR 875; Yahoo!, Inc. vs Akash Arora & Anr., 1999 IIAD Delhi 229 – “The Internet provides information about various corporations, products as also on various subjects like educational, entertainment, commercial, government activities and services.”

[18] Yochai Benkler, The Wealth of Networks.

[19] Rediff Communication Limited vs Cyberbooth & Another, 1999 (4) Bom CR 278.

[20] Even when the Supreme Court finally recognized these concerns a few years later, when the Internet had morphed into a massive commercial platform and an important forum for free speech, in the Satyam Infotech case (2004(3)AWC 2366 SC), it discussed the unique problem of domain name identifiers and scarcity of domain names, yet went on to hold that an even higher standard of passing off for trademarks should apply in domain names, disregarding the prior standard of an ‘honest concurrent user’.

[21] Jack Balkin, The Future of Free Expression in a Digital Age, 36 Pepperdine Law Review, (2008)

[22] Id.

[23] Avnish Bajaj v. State (NCT of Delhi), 3 Comp. L.J. 364 (2005).

[24] 2013 (54) PTC 578 (Mad)

[25] The judgement also reveals the predominance of Google’s search engine service. The Court defines the operation of “search engines” as synonymous with Google’s particular service – including adding elements like the ‘I’m Feeling Lucky’ option as defining elements of search engines.

[26] David J. Franklyn & David A. Hyman, Trademarks As Search Engine Keywords: Much Ado About Something?, 26(2) Harvard Journal of Law and Technology, 540, (2013).

[27] Id.

[28] Reliance Big Entertainment v. Multivision Network and Ors, Delhi High Court, available at http://cis-india.org/internet-governance/resources/john-doe-order-reliance-entertainment-v-multivision-network-and-ors.-movie-singham; Sagarika Music Pvt. Ltd. v. Dishnet Wireless Ltd., C.S. No. 23/2012, G.A. No. 187/2012 (Calcutta High Court Jan. 27, 2012) (order); See Generally, Ananth Padmanabhan, Give Me My Space and Take Down His, 9 Indian Journal of Law and Technology, (2013).

[29] R.K. Productions v. BSNL Ltd and Ors. O.A.No.230 of 2012, Madras High Court.

[30] Super Cassetes Industries Ltd. v. Myspace Inc. and Anr., 2011 (47) P.T.C. 49 (Del.)

[31] Shreya Singhal and Ors. V Union of India and Ors., W.P.(Crl).No. 167 of 2012, Supreme Court, (2015).

[32] The courts refusal to address important questions of intermediary responsibility has also been criticized, see Jyoti Pandey, The Supreme Court Judgment in Shreya Singhal and What It Does for Intermediary Liability in India?, Centre for Internet and Society, available at http://cis-india.org/internet-governance/blog/sc-judgment-in-shreya-singhal-what-it-means-for-intermediary-liability.

[33] See: http://sflc.in/kamlesh-vaswani-v-uoi-w-p-c-no-177-of-2103/.

[34] See: http://cis-india.org/internet-governance/blog/search-engine-and-prenatal-sex-determination.

[35] See: https://indiancaselaws.wordpress.com/2013/10/23/google-india-pvt-ltd-vs-visaka-industries-limited/.

The post is published under Creative Commons Attribution 4.0 International license, and copyright is retained by the author.

For more details visit https://cis-india.org/raw/blog_the-internet-in-the-indian-judicial-imagination