Centre for Internet and Society

January 2013 Bulletin

praskrishna — 2013-06-11T11:56:35Z

We at the Centre for Internet & Society (CIS) wish you all a great year ahead and welcome you to the first issue of our newsletter for the year 2013. This issue brings you an overview of our research programs, events organised and participated, news and media coverage, and videos of recent events.

Jobs

CIS is seeking applications for the posts of Programme Officer (Access to Knowledge — Indic Language Initiatives), Developer (NVDA Project), Programme Officer (Access to Knowledge and Openness), and Programme Officer (Internet Governance). To apply send your resume to sunil@cis-india.org and pranesh@cis-india.org. For our Privacy project, we are seeking applications for the post of Researcher, Technology/Security Expert, Graphic Designer as well as for internships. To apply for these posts, please send in your resume to Elonnai Hickok (elonnai@cis-india.org).

Accessibility

CIS is carrying out two projects in partnership with the Hans Foundation. The first one is to create a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India and the second one is for developing a screen reader and text to speech synthesizer for Indian languages. We are also working with the World Blind Union to develop the Treaty for Improved Access for Blind, Visually Impaired and other Reading Disabled Persons, and assisting in the negotiations at WIPO:

National Resource Kit for Persons with Disabilities

Anandhi Viswanathan from CIS and Manojna Yeluri from the Centre for Law and Policy Research are working in this project. Shruti Ramakrishnan has left the project. Draft chapters have been published. Feedback and comments are invited from readers for the chapter on Haryana:

The Haryana Chapter (by Anandi Viswanathan, January 31, 2012): The state implements the provisions under the central laws, particularly the Persons with Disabilities (Equal Opportunities, Protection of Rights and Full Participation) Act 1995 and the National Trust for Welfare of Persons with Autism, Cerebral Palsy, Mental Retardation and Multiple Disabilities Act 1999.

Submission / Notification

Making Public Libraries Accessible to People with Disabilities (by Rahul Cherian, January 23, 2013): CIS was one of the 20 disability rights groups that wrote to the Ministry of Culture.
Government of Madhya Pradesh initiates ICT Accessibility in Public Communication (by Nirmita Narasimhan, January 31, 2013): CIS with Daisy Forum of India member Arushi in Bhopal submitted a request for a notification mandating that all communication by the Government of Madhya Pradesh should be accessible to persons with disabilities.

Report

Accessible Broadcasting in India (by Srividya Vaidyanathan, January 11, 2013): The abridged version of ITU’s report "Making Television Accessible" which was initially put up for comments last year has been updated once again.

Blog Entry

Linking Commercial Availability and Exceptions in the Treaty for Visually Impaired/Persons with Disabilities (by Rahul Cherian, January 23, 2013).

Access to Knowledge

In partnership with the International Development Research Centre we are doing a project on Pervasive Technologies examining the relationship between production of pervasive technologies and intellectual property. The Wikimedia Foundation’s India Program to support and develop free knowledge in India is now being executed by us. We are also supporting the Iraq government in developing an eGovernment Interoperability Framework:

Wikipedia

Beginning from September 1, 2012, Wikimedia Foundation has awarded CIS a two-year grant of INR 26,000,000 to support and develop free knowledge in India. The A2K team consists of four members based in Delhi: T. Vishnu Vardhan, Nitika Tandon, Subhashish Panigrahi and Noopur Raval.

New Project Director

T. Vishnu Vardhan is the new Programme Director-Access to Knowledge at CIS. Vishnu has over the last 11 years worked in various capacities as researcher, grant manager, teacher, project consultant, information architect and translator. Vishnu managed the Art, Crafts and Culture portfolio of Sir Ratan Tata Trust and also worked as Research Coordinator at the Centre for the Study of Culture and Society.

New Distinguished Fellow at CIS

Tejaswini Niranjana, a Senior Fellow at the Centre for the Study of Culture and Society (CSCS), Bangalore, and Visiting Professor at the Tata Institute of Social Sciences (TISS), Mumbai is joining our team as an Adviser to the 'Access to Knowledge' project. She will guide the A2K team in expanding the Indian language Wikipedias and in increasing the number of active editors through strategic partnerships with Higher Education institutions across India.

Reports

Access to Knowledge Report — September to December 2012 (by Noopur Raval, January 31, 2013): The report covers an overview of the activities done by the Access to Knowledge team under the grant provided by the Wikimedia Foundation from September 2012 to December 2012.
Indic Language Wikipedias — Statistical Report — 2012 (by Shiju Alex, January 21, 2013): A statistical update of the Indic language Wikipedias for the year 2012 providing perspectives on the health of various Indic language communities as well as the state of various Indic language wikipedias.

Wiki Event Reports
CIS organised a series of Wiki workshops in Goa in the month of December 2012, we bring you the reports from those events.

Note: The workshops were held in the month of December 2012 but the reports were published only in the month of January.

Two-day Wiki Workshop in Goa University: An Introduction (by Nitika Tandon, January 15, 2013).
Wikipedia in St. Xavier's College, Mapusa, Goa (by Nitika Tandon, January 19, 2013).
Bringing Konkani Encyclopedia in Public Domain (by Nitika Tandon, January 22, 2013).
Promoting GLAM in Goa (by Nitika Tandon, January 24, 2013).
Konkani in Wikipedia Incubator — Taking it to the Next Level (by Nitika Tandon, January 25, 2013).

CIS also organised a Wiki workshop in Ghaziabad:

A Wiki Workshop at Raj Kumar Goel Institute of Technology, Ghaziabad (RKGIT, Ghaziabad, January 17, 2013).

Wiki Event Participated

Celebrating the success of Wikipedia in Wikipedia Summit Pune 2013 (organized by Wikipedia Club, Pune, January 12 – 13, 2013). Subhashish Panigrahi participated in the event.

Wikipedia News Coverage

First Odia Wikipedia Education Program concludes at IIMC, Dhenkanal (Odisha Diary Bureau, Dhenkanal, January 27, 2013).
Odia Wikipedia's 9th Anniversary and Workshop on Application of Odia in Media (Sambad, January 30, 2013).

Wiki Events Organised

Odia Education Program (Indian Institute of Mass Communication, Dhenkanal, Orissa, January 26, 2013).
Odia Wikipedia 9th Anniversary Celebration (Academy of Media Learning, Samantha Vihar, Bhubaneswar, Orissa, January 29, 2013).

Pervasive Technologies

The Pervasive Technologies project carries out research on the intellectual property implicated in the hardware, software and content available in low-cost mobile devices.The long-term outcome of this project is to create a legitimate, legal space for these technologies to exist on the Indian market.

Events Participated

Pervasive Technologies: Access to Knowledge in the Market Place — A Presentation by Sunil Abraham (FGV Law School, Rio de Janeiro, December 15, 2012).
Fifth International IPR Conference (GIPC 2013) (organised by ITAG Business Solutions, Hotel Lalit Ashok, Bangalore, January 30, 2013): Snehashish Ghosh made a presentation on the Pervasive Technologies Project.

Other Openness Updates

Blog Posts / Columns

The Violence of Knowledge Cartels (by Nishant Shah, Hybrid Publishing Lab, January 17, 2013).
Remembering Aaron Swartz, Taking Up the Fight (by Nishant Shah, DML Central, January 24, 2013).

Interview

Aaron Swartz: The First Martyr of the Free Information Movement: Prabir Purkayastha interviewed Lawrence Liang on Newsclick, January 19, 2013. The video is published.

Media Coverage

Bangalore hackers write code as tribute to Aaron Swartz (by Deepa Kurup, Hindu, January 21, 2013. Sunil Abraham is quoted.

HasGeek
HasGeek creates discussion spaces for geeks and has organised conferences like the Fifth Elephant, Droidcon India 2011, Android Camp, etc. HasGeek is supported by CIS and works out from CIS office in Bengaluru.
Event Organized Aaron Swartz Memorial Hacknight (CIS, Bangalore, January 19 – 20, 2013): Aaron’s collaborators such as Anand Chitipothu and A S L Devi participated in the event.

Internet Governance

With Privacy International, London we signed an agreement to facilitate the implementation of activities related to surveillance and freedom of speech and expression. In this month we have blog posts on data retention, international principles of surveillance and human rights and comparitive analysis of Indian legislation vis-à-vis draft of the International Principles on Surveillance of Communications by Ellonai Hickok, and columns by Sunil Abraham and Nishant Shah:

Privacy Research

Data Retention in India (by Elonnai Hickok, January 30, 2013): The post provides an insight into the data retention mandates from the Government of India and data retention practices by service providers.
Draft International Principles on Communications Surveillance and Human Rights (by Elonnai Hickok, January 16, 2013): These principles were developed by Privacy International and the Electronic Frontier Foundation and seek to define an international standard for the surveillance of communications.
A Comparison of Indian Legislation to Draft International Principles on Surveillance of Communications (by Elonnai Hickok, January 31, 2013): The principles, first drafted in October 2012 and developed subsequently seek to establish an international standard for surveillance of communications in the context of human rights. CIS is contributing feedback to the drafting of the principles.

Columns/Op-eds

Web of Sameness (by Nishant Shah, Indian Express, January 18, 2013).
TV versus Social Media: The Rights and Wrongs (by Sunil Abraham, The Tribune, January 20, 2013).

Statement

Statement of Solidarity on Freedom of Expression and Safety of Internet Users in Bangladesh (by Pranesh Prakash, January 15, 2013): This is a statement on the violent attack on blogger Asif Mohiuddin by the participants to the Third South Asian Meeting on the Internet and Freedom of Expression.

Blog Entries

No Civil Society Members in the Cyber Regulations Advisory Committee (by Pranesh Prakash, January 10, 2013).
Five Frequently Asked Questions about the Amended ITRs (by Chinmayi Arun, January 28, 2013): The author discusses the five major questions that have been the subject of debate after the World Conference on International Telecommunications 2012 (WCIT).

Upcoming Event

DML Conference 2013 (co-organised by CIS and Digital Media & Learning Research Hub Central, Sheraton Chicago Hotel & Towers - Chicago, Illinois, March 14 – 16, 2013).

Event Organized

An Introduction to Bitfilm and Bitcoin – A Discussion by Aaron Koenig (CIS, Bangalore, January 23, 2013): Aaron Koenig, Managing Director, Bitfilm Networks of Hamburg, Germany gave a talk.

Events Participated

Panel Discussion on E-Commerce at NLSIU (organised by National Law School of India University, Bangalore, January 7, 2013). Pranesh Prakash was a panelist.
Mobile Broadband: Leveraging for Business Transformation (Chancery Pavilion, Bangalore, January 9, 2013): Sunil Abraham was a panelist in this event.
Third South Asian Meeting on the Internet and Freedom of Expression (organized by Internet Democracy Project, Voices for Interactive Choice & Empowerment and Global Partners & Associates, Dhaka, January 14 – 15, 2013): Pranesh Prakash moderated the session on "Understanding cyber security and surveillance in South Asia”.
Is Freedom of Expression under Threat in the Digital Age? (organized by Editors Guild of India, Index on Censorship and Sage, India International Centre, New Delhi, January 15, 2013): Sunil Abraham was a panelist at this event.
7th India Digital Summit 2013 (organised by Internet and Mobile Association of India, Lalit Hotel, New Delhi, January 16 – 17, 2013): Sunil Abraham was the moderator for Plenary Session 3: Discussion on Social Media – Freedom, Moderation or Regulation.

Upcoming Event

9th International Asian Conference (organised by ITechLaw, February 14 – 15, 2013): Sunil Abraham will be participating as a panelist in the session on “Censorship of Online Content”.

Media Coverage

2012 in Review: Biometric ID Systems Grew Internationally...and So Did Concerns about Privacy (by Rebecca Bowe, Right Side News, January 1, 2013)
Cool Jobs | Parmesh Shahani, Head, Godrej India Culture Lab (LiveMint, January 4, 2013).
Clash of the cyberworlds (by Latha Jishnu, Dinsa Sachan and Moyna, Down to Earth, January 15, 2013 issue). Pranesh Prakash is quoted.
Is freedom of expression under threat in digital age? (originally published by Indo Asian News Service, January 16, 2013 and also covered in the Business Standard, Vancouver Desi, DNA, and Tech2). Sunil Abraham is quoted.
Is freedom of expression under threat in the digital age? (by Mahima Kaul, Index on Censorship, January 18, 2013).
Internet Freedom in India – Open to Debate (by Kirsty Hughes, Index on Censorship, January 22, 2013). CIS research on censorship is quoted.
Cyber security, surveillance and the right to privacy: country perspectives (by Richa Kaul Padte, Internet Democracy Project).
Surveillance Camp: Privatized State Surveillance (by Katitza Rodriguez, Electronic Frontier Foundation, January 28, 2013). Elonnai Hickok is quoted.
An innovative concept comes to the fore (Deccan Herald, January 29, 2013).

Internet Access – Knowledge Repository
In partnership with Ford Foundation, CIS was tasked to produce and disseminate modules on various aspects of telecommunications including policy, regulations, infrastructure and market. However, as on November 9, 2012 there was a change in the mandate of the project. Currently, we are working on building a knowledge repository on “Internet Access”. This new repository will cover the history of the internet, technologies involved, principle and values of internet access, broadband market and universal access. It will also touch upon various polices and regulations which has an impact on internet access and bodies and mechanism which are responsible for such policy formulation. For this purpose we will be hosting a new website: www.internet-institute.in.
We are also organizing an “Institute on Internet and Society” in collaboration with the Ford Foundation India, which is to be held from June 8, 2013 to June 14, 2013. Call for registrations and relevant details will be soon announced on our website.

Telecom

While the potential for growth and returns exist for telecommunications in India, a range of issues need to be addressed. One aspect is more extensive rural coverage and the other is a countrywide access to broadband which is low. Both require effective and efficient use of networks and resources, including spectrum.:

Column by Shyam Ponappa

What's Needed Is User-Centric Design, Not Good Intentions (by Shyam Ponappa, Business Standard, January 3, 2013 and Organizing India Blogpost, January 6, 2013).

Event(s) Participated

21^st Convergence Conference Conference India 2013 (organized by Exhibitions India Group, January 16 – 17, 2013, Pragati Maidan, New Delhi). Snehashish Ghosh participated in the event.

Digital Humanities

From 2012 to 2015, the Researchers At Work series is focusing on building research clusters in the field of Digital Humanities. We organised the first Habits of Living workshops in Bangalore last year. The next workshop is being held in Brown University:

Habits of Living Workshop

Habits of Living: Networked Affects, Glocal Effects (organised by CIS and Brown University, March 21 – 23, 2013, Brown University, Rhode Island). Nishant Shah will be speaking at this event.

About CIS
CIS was registered as a society in Bangalore in 2008. As an independent, non-profit research organisation, it runs different policy research programmes such as Accessibility, Access to Knowledge, Openness, Internet Governance, and Telecom. The policy research programmes have resulted in outputs such as the e-Accessibility Policy Handbook for Persons with Disabilities with ITU and G3ict, and Digital Alternatives with a Cause?, Thinkathon Position Papers and the Digital Natives with a Cause? Report with Hivos, etc. We have conducted policy research for the Ministry of Communications & Information Technology, Ministry of Human Resource Development, Ministry of Personnel, Public Grievances and Pensions, Ministry of Social Justice and Empowerment, etc., on WIPO Treaties, Copyright Bill, NIA Bill, etc.
CIS is accredited as an observer at WIPO. CIS staff participates in the Standing Committee for Copyright and Related Rights (SCCR) meetings regularly held in Geneva, and participate in the discussions and comments on them from a public interest perspective. Our Policy Director, Nirmita Narasimhan won the National Award for Empowerment of Persons with Disabilities from the Government of India and also received the NIVH Excellence Award.

Follow us elsewhere

Get short, timely messages from us on Twitter
Join the CIS group on Facebook
Visit us at http://cis-india.org

Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

Request for Collaboration

We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/january-2013-bulletin

Data Retention in India

elonnai — 2013-07-12T15:51:13Z

As part of its privacy research, the Centre for Internet and Society has been researching upon data retention mandates from the Government of India and data retention practices by service providers. Globally, data retention has become a contested practice with regards to privacy, as many governments require service providers to retain more data for extensive time periods, for security purposes. Many argue that the scope of the retention is becoming disproportional to the purpose of investigating crimes.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

The Debate around Data Retention

According to the EU, data retention “refers to the storage of traffic and location data resulting from electronic communications (not data on the content of the communications)”.[1]

The debate around data retention has many sides, and walks a fine line of balancing necessity with proportionality. For example, some argue that the actual retention of data is not harmful, and at least some data retention is necessary to assist law enforcement in investigations. Following this argument, the abuse of information is not found in the retention of data, but instead is found by who accesses the data and how it is used. Others argue that any blanket or a priori data retention requirements are increasingly becoming disproportional and can lead to harm and misuse. When discussing data retention it is also important to take into consideration what type of data is being collected and by what standard is access being granted. Increasingly, governments are mandating that service providers retain communication metadata for law enforcement purposes. The type of authorization required to access retained communication metadata varies from context to context. However, it is often lower than what is required for law enforcement to access the contents of communications. The retention and lower access standards to metadata is controversial because metadata can encompass a wide variety of information, including IP address, transaction records, and location information — all of which can reveal a great deal about an individual.[2] Furthermore, the definition of metadata changes and evolves depending on the context and the type of information being generated by new technologies.

Data Retention vs. Data Preservation

Countries have taken different stances on what national standards for data retention by service providers should be. For example, in 2006 the EU passed the Data Retention Directive which requires European Internet Service Providers to retain telecom and Internet traffic data from customers' communications for at least six months and upto two years. The stored data can be accessed by authorized officials for law enforcement purposes.[3] Despite the fact that the Directive pertains to the whole of Europe, in 2010 the German Federal Constitutional Court annulled the law that harmonized German law with the Data Retention Directive.[4] Other European countries that have refused to adopt the Directive include the Czech Republic and Romania.[5] Instead of mandating the retention of data, Germany, along with the US, mandates the 'preservation' of data. The difference being that the preservation of data takes place through a specified request by law enforcement, with an identified data set. In some cases, like the US, after submitting a request for preservation, law enforcement must obtain a court order or subpoena for further access to the preserved information.[6]

Data Retention in India

In India, the government has established a regime of data retention. Retention requirements for service providers are found in the ISP and UASL licenses, which are grounded in the Indian Telegraph Act, 1885.

ISP License

According to the ISP License,[7] there are eight categories of records that service providers are required to retain for security purposes that pertain to customer information or transactions. In some cases the license has identified how long records must be maintained, and in other cases the license only states that the records must be made available and provided. This language implies that records will be kept.

According to the ISP License, each ISP must maintain:

Users and Services: A log of all users connected and the service they are using, which must be available in real time to the Telecom Authority. (Section 34.12).

Outward Logins or Telnet: A log of every outward login or telnet through an ISPs computer must be available in real time to the Telecom Authority. (Section 34.12).

Packets: Copies of all packets originating from the Customer Premises Equipment of the ISP must be available in real time to the Telecom Authority. (Section 34.12).

Subscribers: A complete list of subscribers must be made available on the ISP website with password controlled access, available to authorized Intelligence Agencies at any time. (Section 34.12).
Internet Leased Line Customers: A complete list of Internet leased line customers and their sub-customers consisting of the following information: name of customer, IP address allotted, bandwidth provided, address of installation, date of installation/commissioning, and contact person with phone no./email. These must be made available on a password protected website (Section 34.14). The password and login ID must be provided to the DDG (Security), DoT HQ and concerned DDG(VTM) of DoT on a monthly basis. The information should also be accessible to authorized government agencies (Section 34.14).

Diagram Records and Reasons: A record of complete network diagram of set-up at each of the internet leased line customer premises along with details of connectivity must be made available at the site of the service provider. All details of other communication links (PSTN, NLD, ILD, WLL, GSM, other ISP) plus reasons for taking the links by the customer must be recorded before the activation of the link. These records must be readily available for inspection at the respective premises of all internet leased line customers (Section 34.18).
Commercial Records: All commercial records with regard to the communications exchanged on the network must be maintained for a year (Section 34.23).
Location: The service provider should be able to provide the geographical location of any subscriber at a given point of time (Section 34.28(x).

Remote Activities: A complete audit trail of the remote access activities pertaining to the network operated in India. These must be retained for a period of six months, and must be provided on request to the licensor or any other agency authorized by the licensor (Section 34.28 (xv).

UASL License

According to the UASL License[8], there are twelve categories of records that ISP’s are required to retain that pertain to costumer information or transactions for security purposes. In some cases the license has identified how long records must be maintained, and in other cases the license only states that the information must be provided and made available when requested. This language implies that records will be kept.

According to the license, service providers must maintain and make available:

Numbers: Called/calling party mobile/PSTN numbers when required. Telephone numbers of any call-forwarding feature when required (Section 41.10).
Interception records: Time, date and duration of interception when required (Section 41.10).
Location: Location of target subscribers. For the present, cell ID should be provided for location of the target subscriber when required (Section 41.10).
All call records: All call data records handled by the system when required (Section 41.10). This includes:
1. Failed call records: Call data records of failed call attempts when required. (Section 41.10).
2. Roaming subscriber records: Call data records of roaming subscribers when required. (Section 41.10)
Commercial records: All commercial records with regards to the communications exchanged on the network must be retained for one year (Section 41.17).
Outgoing call records: A record of checks made on outgoing calls completed by customers who are making large outgoing calls day and night to various customers (Section 41.19(ii)).
Calling line Identification: A list of subscribers including address and details using calling line identification should be kept in a password protected website accessible to authorized government agencies (Section 41.19 (iv)).
Location: The service provider must be able to provide the geographical location of any subscriber at any point of time (Section 41.20(x)).
Remote access activities: Complete audit trail of the remote access activities pertaining to the network operated in India for a period of six months (Section 41.20 (xv)).

RTI Request to BSNL and MTNL

On September 10, 2012, the Centre for Internet and Society sent an RTI to MTNL and BSNL with the following questions related to the respective data retention practices:

Does MTNL/BSNL store the following information/data:

Text message detail (To and from cell numbers, timestamps)
Text message content (The text and/or data content of the SMS or MMS)
Call detail records (Inbound and outbound phone numbers, call duration)
Bill copies for postpaid and recharge/top-up billing details for prepaid
Location data (Based on cell tower, GPS, Wi-Fi hotspots or any combination thereof)

If it does store data then

For what period does MTNL/BSNL store: SMS and MMS messages, cellular and mobile data, customer data?
What procedures for retention does MTNL/BSNL have for: SMS and MMS messages, cellular and mobile data, and customer data?
What procedures for deletion of: SMS and MMS messages, cellular and mobile data, and customer data?
What security procedures are in place for SMS and MMS messages, cellular and mobile data, and customer data?

BSNL Response

BSNL replied by stating that it stores at least three types of information including:

IP session information - connection start end time, bytes in and out (three years offline)
MAC address of the modem/router/device (three years offline)
Bill copies for post paid and recharge/top up billing details for prepaid. Billing information of post paid Broadband are available in CDR system under ITPC, prepaid voucher details (last six months).

MTNL Response

MTNL replied by stating that it stores at least () types of information including:

Text message details (to and from cell number, timestamps) in the form of CDRs (one year)
Call detail records including inbound and outbound phone numbers and call duration (one year)
Bill copies from postpaid (one year)
Recharge details for prepaid (three months)
Location of the mobile number if it has used the MTNL GSM/3GCDMA network (one year)

It is interesting that BSNL stores information that is beyond the required time period required in both the ISP and the UASL licenses. The responses to the RTI showed that each service provider also stores different types of information. This could or could not be the actual case, as each question could have been interpreted differently by the responding officer.

Conclusion

The responses to the RTI from BSNL and MTNL are a step towards understanding data retention practices in India, but there are still many aspects about data retention in India which are unclear including:

What constitutes a ‘commercial record’ which must be stored for one year by service providers?
How much data is retained by service providers on an annual basis?
What is the cost involved in retaining data? For the service provider? For the public?
How frequently is retained information accessed by law enforcement? What percentage of the data is accessed by law enforcement?
How many criminal and civil cases rely on retained data?
What is the authorization process for access to retained records? Are these standards for access the same for all types of retained data?

Having answers to these questions would be useful for determining if the Indian data retention regime is proportional and effective. It would also be useful in determining if it would be meaningful to maintain a regime of data retention or switch over to a more targeted regime of data preservation.

Though it can be simple to say that a regime of data preservation is the most optimal choice as it gives the individual the greatest amount of immediate privacy protection,

A regime of data preservation would mean that all records would be treated like an interception, where the police or security agencies would need to prove that a crime was going to take place or is in the process of taking place and then request the ISP to begin retaining specific records. This approach to solving crime would mean that the police would never use retained data or historical data as part of an investigation – to either solve a case or to take the case to the next level. If Indian law enforcement is at a point where they are able to concisely identify a threat and then begin an investigation is a hard call to make. It is also important to note that though preservation of data can reduce the risk to individual privacy as it is not possible for law enforcement to track individuals based off of their historical data and access large amounts of data about an individual, preservation does not mean that there is no possibility for abuse. Other factors such as:

Any request for preservation and access to records must be legitimate and proportional
Accessed and preserved records must be used only for the purpose indicated

Accessed and preserved records can only be shared with authorized authorities

Any access to preserved records that do not pertain to an investigation must be deleted

These factors must be enforced through the application of penalties for abuse of the system. These factors can also be applied to not only a data preservation regime, but also a data retention regime and are focused on preventing the actual abuse of data after retained. That said, before an argument for either data retention or data preservation can be made for India it is important to understand more about data retention practices in India and use of retained data by Indian law enforcement and access controls in place.

[1]. European Commission – Press Release. Commission Takes Germany to Court Requesting that Fines be Imposed. May 31st 2012. Available at: http://bit.ly/14qXW6o. Last accessed: January 21st 2013
[2].Draft International Principles on Communications Surveillance and Human Rights: http://bit.ly/UpGA3D
[3]. European Commission – Press Release. Commission Takes Germany to Court Requesting that Fines be Imposed. May 31^st 2012. Available at: http://bit.ly/14qXW6o . Last accessed: January 21^st 2013.
[4]. European Commission – Press Release. Commission Takes Germany to Court Requesting that Fines be Imposed. May 31^st 2012. Available at: http://bit.ly/14qXW6o. Last accessed: January 21^st 2013.
[5]. Tiffen, S. Sweden passes controversial data retention directive. DW. March 22 2012. Available at: http://bit.ly/WOfzaX. Last Accessed: January 21^st 2013.
[6]. Kristina, R. The European Union's Data Retention Directive and the United State's Data Preservation Laws: Fining the Better Model. 5 Shilder J.L. Com. & Tech. 13 (2009) available at: http://bit.ly/VoQxQ9. Last accessed: January 21^st 2013
[7]. Government of India. Ministry of Communications & IT Department of Telecommunications. License Agreement for Provision of Internet Services.
[8]. Government of India. Ministry of Communications & IT Department of Telecommunications. License Agreement for Provision of Unified Access Services after Migration from CMTS. Amended December 3^rd 2009.

For more details visit https://cis-india.org/internet-governance/blog/data-retention-in-india

Surveillance Camp: Privatized State Surveillance

praskrishna — 2013-01-29T06:51:39Z

This is the second in a series of posts mapping global surveillance challenges discussed at EFF’s Surveillance Camp in Rio de Janeiro, Brazil.

Katitza Rodriguez's blog post was published by the Electronic Frontier Foundation on their website on January 28, 2013. Elonnai Hickok is quoted.

In December 2012, EFF organized a Surveillance and Human Rights Camp in Brazil that brought together the expertise of a diverse group of people concerned about state electronic surveillance in Latin American and other countries. Among other concerns, participants spotlighted the many ways in which the private sector is increasingly playing a role in state surveillance. Here are a few examples:

Voluntary Agreements Between Law Enforcement and Private Companies

Often law enforcement agencies will approach companies asking for voluntary disclosure of information for investigative purposes. Those requests may look and sound more like threats, with a great deal of moral pressure applied on the companies.

This voluntary assistance remains out of the public eye and shrouded in secrecy, as notification of state access is never given to the individual concerned, is not codified in law, and is not clearly disclosed in the company's terms of service or user agreement. Currently there is minimal, if any, oversight over such voluntary cooperation, so the scope of assistance provided is not well-documented.

Canada

Canadian ISPs have jointly decided to provide identifying data about Canadian Internet users to law enforcement in child exploitation investigations. In fact, several Canadian ISPs have developed a formal protocol in conjunction with various law enforcement agencies to be used when those authorities are seeking identification information associated with a given IP address at a specific date and time. Since the adoption of this protocol, some ISPs have expanded their information sharing practices to cover customer identification data in other contexts, such as online harassment cases.

Law Enforcement Approaching Service Providers Without Legally-Required Authorization

A growing concern is the number of law enforcement officers skirting the law by asking service providers to simply fork over information without any sort of search warrant. Even when legal procedures, such as a search warrant, exist, police increasingly request information without obtaining a legal authorization. Nevertheless, they often expect full compliance from service providers.

Chile

In 2008, a Chilean website called Huelga.cl (“strike” in English) was approached by the Cyber Crime Section of the Chilean Police. The site is an online space for coordinating union actions. The agency demanded that the webmaster hand over data related to pseudonymous user accounts, such as IP addresses, records of previous connections, real names, and physical addresses. The targeted users had left comments on a website about an ongoing strike.

In this case, because police did not have a court order to back up the request for information, Huelga.cl took a stand by resisting police pressure and refusing to hand over the data without a fight. For legal assistance, they turned to Derechos Digitales, a Chilean online human rights nonprofit organization, and managed to resist the request.

In another case, the Regional Director of the Chilean Department of Labor, the agency responsible for ensuring the enforcement of labor laws, sent a letter to Huelga.cl simply demanding the removal of “inappropriate content” from their website along with the disclosure of user information, but it was only for administrative purposes as opposed to serious criminal investigations. Huegal.cl again refused to comply and instead, made the director’s demands public.

It is not always the case that service providers can resist extralegal government requests, find legal advice or have enough economic resources to fight against those demands as Huelga.cl did. Huelga.cl should be praised for speaking up and managing to make the request from law enforcement public.

Governments Pressure Private Sector

Governments frequently impose heavy fines for non-compliance with their requests for data access. This form of coercion acts as a mechanism of enforcement over service providers and can raise serious concerns for free expression. The service provider is left with little incentive or option to resist illegitimate requests from the government when they are threatened with heavy fines.

Brazil

In 2012, a judge from northern Brazil froze Google's accounts and imposed a fine on the company for refusing to remove three anonymous blogs or reveal contact details of the bloggers. The content of the blogs state d the mayor of Varzea Alegre of corruption and embezzlement.

While some companies might be able to withstand governmental pressure, alarms were raised that this won’t be the case for smaller companies that lack resources and influence. This is particularly true in contexts where heavy fines for noncompliance are written into legislation, and companies are not given legal avenues to appeal or fight the fine.

Foreign Governments Access To Individuals’ Data in the Cloud

Governments are increasingly seeking to negotiate access or interceptation capabilities to user data with companies that do not lie within their jurisdictions. This form of access is complicated because it is not always clear which country’s laws apply or to what extent. Because of the complex nature of these requests, governments often look for "easy" solutions that call for voluntary disclosure of information or simply allow full access to the user data.

For example, government officials in India have been pushing for real time interception capabilities for all BlackBerry services. In response to the demands from the Indian Government, after a number of unsatisfactory proposals, in 2012 RIM set up a NOC in Mumbai, providing security agencies with access to BlackBerry Messenger services, and created a solution for access to Blackberry Internet Services. In addition to asking RIM for real time access to communications, the Government of India had required Service Providers in India to adopt the solution provided by RIM by end of 2012 or risk being shut down.

According to Elonnai Hickok from the Centre for Internet and Society in Bangalore, India, the discussions between RIM and the Indian Government is just one example of how governments are trying to negotiate their interests in light of the challenges posed by communications stored in the cloud and in multiple jurisdictions.

While the Internet is technically borderless, in reality, state actors impose their sovereignty onto online environments with increasing frequency. The exercise of sovereignty over shared spaces can subject individuals to the laws of another country without any awareness on their part that this has happened. This in effect transforms the surveillance efforts of one country into privacy risks for all the world’s citizens.

Conclusion

State agencies and law enforcement are increasingly outsourcing investigations to private companies who are not under the same sort of judicial oversight as official law enforcement entities would be. The increasingly close and non-transparent connection between the private sector and law enforcement needs to be addressed, as it poses a risk to the rights and freedoms of the individual. Of major concern to all Camp participants was the notion that private companies are routinely complying with the requests of law enforcement in the absence of due process. We encourage further research and documentation of this phenomenon. To highlight on this issue, we will be blogging next about the privatization of public security in Latin America.

For more details visit https://cis-india.org/news/electronic-frontier-foundation-january-28-2013-katitza-rodriguez-surveillance-camp-privatized-state-surveillance

Five Frequently Asked Questions about the Amended ITRs

chinmayi — 2013-01-30T05:36:26Z

This piece discusses the five major questions that have been the subject of debate after the World Conference on International Telecommunications 2012 (WCIT). The politics surrounding the WCIT are not discussed here but it must be kept in mind that they have played a significant role in the outcome of the conference and in some of the debates about it.

Each question is discussed with reference to the text of the treaty, to the minutes of the plenary sessions (which are available via the ITU website), a little international law and a few references to other people’s comments on the treaty.

1. Do the ITRs apply to content on the internet?

Article 1.1 (a) has been amended to add the sentence “These Regulations do not address the content-related aspects of telecommunications”. Although some discussions about the International Telecommunication Regulations (ITRs) and content have ignored this altogether, others seem concerned about its interpretation.

The ITU Secretary General has issued a statement in which he has clarified that “The new ITR treaty does NOT cover content issues and explicitly states in the first article that content-related issues are not covered by the treaty”.

Commentators like Chuan-Zheng Lee however, continue to view the treaty with suspicion, on the basis that it is necessary to examine content in order to tell whether it is spam (Lee and Chaparro differ on this question). However, others like Eric Pfanner have pointed to this paragraph in their skepticism about the US refusal to sign.

Some highlights from the plenary session discussions

The Chairman proposed the addition to Article 1.1(a) at the tenth plenary session. He did this to address concerns that the ITRs text could be interpreted to apply to content on the Internet. The original formulation that he proposed was ‘These regulations do not address and cannot be interpreted as addressing content’. This text was suggested in the middle of an extended discussion on Article 5A.

Many countries were skeptical of this insertion. Sudan argued that content could not be avoided in telecommunication networks “because it will always be in transit.” The United Arab Emirates seemed concerned about international interference in states’ existing regulation of content, and said “maybe we could actually say this in the minutes of the meeting that this regulation should not be interpreted as on alteration to Member States content regulation”.

Concerns about what the term ‘content’ means and whether it would apply broadly were raised by more than one country, including Saudi Arabia. For instance, it was argued that the text proposed by the Chairman might interfere with parts of the treaty that require operators to send tariff information correspondence. More than one country that felt that the insertion of this text would impact several parts of the treaty, and that it would be difficult to determine what amounted to dealing with content. The primary issue appeared to be that the term ‘content’ was not defined, and it therefore remained unclear what was being excluded. In response to these concerns, the Chairman withdrew his proposal for the amendment excluding content.

However, several states then spoke up in favour of the Chairman’s proposal, suggesting that the proposed amendment to Article 1.1 influenced their acceptance of Article 5A (on security and robustness of networks – discussed in detail below). Brazil suggested that an answer to the definitional concerns may be found in the work by Study Group 17, which had a definition available.

Following this, the next day, at the twelfth plenary, the Chairman brought back the Article 1.1 amendment excluding content. He stated explicitly that this amendment might be the way to get Articles 5A and 5B approved. The text he read out was insertion of the words “to the exclusion of their content”, after ‘’services’ at the end of 1.1A. Interestingly however, the term ‘content’ was never defined.

At the next plenary session, Iran raised the objection that this phrase was overbroad, and proposed the following formulation instead: “These Regulations do not address the content-related aspects of telecommunications”. This formulation found its way into the amended ITRs as the treaty stands today.

2. Does Article 5A on network security legitimize surveillance of Internet content?

Article 5A deals with ‘security and robustness of networks’ and requires member states to “individually and collectively endeavour to ensure the security and robustness of international telecommunication networks...”. This may have given rise to concerns about interpretations that may extend the security of networks to malware or viruses, and therefore to content on the Internet. However, Article 5A has to be read with Article 1.1(a), and therefore must be interpreted such that it does not ‘address the content-related aspects of telecommunications’.

Some commentators continue to see Article 5A as problematic. Avri Doria has argued that the use of the word ‘security’ in addition to ‘robustness’ of telecommunication infrastructure suggests that it means Internet security. However Emma Llansó of the Centre for Democracy and Technology has noted that the language used in this paragraph is “ far too vague to be interpreted as a requirement or even a recommendation that countries surveil users on their networks in order to maintain security”. Llansó has suggested that civil society advocates make it clear to countries which attempt to use this article to justify surveillance, that it does not lend itself to such practices.

Some highlights from the plenary session discussions

Article 5A was one of the most controversial parts of the ITRs and was the subject of much debate.

On December 11^th, in the Chairman’s draft that was being discussed, Article 5A was titled ‘security of networks’, and required members to endeavour to ensure the “security and robustness of international telecommunication networks”. The Chairman announced that this was the language that came out of Committee 5’s deliberations, and that ‘robustness’ was inserted at the suggestion of CEPT.

Several countries like Poland, Australia, Germany and the United States of America were keen on explicitly stating that Article 5A was confined to the physical or technical infrastructure, and either wanted a clarification that to this effect or use of the term ‘robustness’ instead of security. Many other countries, such as Russia and China, were strongly opposed to this suggestion and insisted that the term security must remain in the document (India was one of the countries that preferred to have the document use the term ‘security’).

It was in the course of this disagreement, during the tenth plenary session, that the Chairman suggested his global solution for Article 1.1 – a clarification that this would not apply to content. This solution was contested by several countries, withdrawn and then reinstated (in the eleventh plenary) after many countries explained that their assent to Article 5A was dependant on the existence of the Article 1 clarification about content (see above for details).

There was also some debate about whether Article 5A should use the term ‘robustness’ or the term ‘security’ (eg. The United States clarified that its preference was for the use of ‘resilience and robustness’ rather than security). The Secretary General referred to this disagreement, and said that he was therefore using both terms in the draft. The title of Article 5A was changed, in the eleventh plenary, to use both terms, instead of only referring to security.

3. Does Article 5B apply to spam content on the Internet?

The text of the amended treaty talks of ‘unsolicited bulk electronic communications’ and does not use the term ‘spam’[Article 5B says that ‘Members should endeavour to take necessary measures to prevent the propagation of unsolicited bulk electronic communications and minimize its impact on international telecommunication services’].If this phrase is read in isolation, it may certainly be interpreted as being applicable to spam. Commentators like Avri Doria have pointed to sources like Resolution 130 of the Plenipotentiary Conference of the International Telecommunication Union (Guadalajara, 2010) to demonstrate that ‘unsolicited bulk electronic communications’ ordinarily means spam. However, others like Enrique A. Chaparro argue that it cannot possibly extend to content on the Internet given the language used in Article 1.1(a). Chapparo has explained, that given the exclusion of content, Article 5B it authorizes anti-spam mechanisms that do not work on content.

Article 5B, which discusses ‘unsolicited bulk electronic communications’, must be read with Article 1, which is the section on purpose and scope of the ITRS. Article 1.1 (a) specifies that the ITRs “do not address the content-related aspects of telecommunications”. Therefore it may be argued that ‘unsolicited bulk electronic communications’ cannot be read as being applicable to content on the Internet.

However, many continue to be concerned about Article 5B’s applicability to spam on the Internet. Although some of them that their fear is that some states may interpret Article 5B as applying to content, despite the contents of Article 1.1(a), many have failed to engage with the issue in the context of Article 1.1(a).

Some highlights from the plenary session discussions

Article 5B is inextricably linked with the amendment to Article 1.1. Mexico asked specifically about what the proposed amendment to Article 1.1 would mean for Article 5B: “I’m referring to the item which we’ll deal with later, namely unsolicited bulk electronic communications. Could that be referred to as content, perhaps?”. The Chairman responded saying, “This is exactly will solve the second Article 5B, that we are not dealing with content here. We are dealing with measures to prevent propagation of unsolicited bulk electronic messages”.

The amendment to Article 1.1 was withdrawn soon after it was introduced. Before it was reintroduced, Sweden said (at the eleventh plenary) that it could not see how Article 5B could apply without looking into the content of messages. The United States agreed with this and went on state that the issue of spam was being addressed at the WTSA level, as well as by other organisations. It argued that the spam issue was better addressed at the technical level than by introducing it in treaty text.

The amendment excluding content was reintroduced during the twelfth plenary. The Chairman explicitly stated that it might be the way to get Articles 5A and 5B approved.

The word ‘spam’ was dropped from the ITRs in the eight plenary, and “unsolicited bulk electronic communications” was used instead. However, in the eleventh plenary, as they listed their reasons for not signing the newly-amended ITRs, Canada and the United States of America referred to ‘spam’ which suggests that they may have viewed the change as purely semantic.

4. Does the resolution on Internet Governance indicate that the ITU plans to take over the Internet?

Much controversy has arisen over the plenary resolution ‘to foster an enabling environment for the greater growth of the Internet’. This controversy has arisen partly thanks to the manner in which it was decided to include the resolution, and partly over the text of the resolution. The discussion here focuses on the text of the resolution and then describes the proceedings that have been (correctly) criticized.

The history of this resolution, as Wolfgang Kleinwächter has explained, is that it was part of a compromise to appease the countries which were taking positions on the ITU’s role in Internet governance, that were similar to the controversial Russian proposal. The controversial suggestions about Internet governance were excluded from the actual treaty and included instead in a non-binding resolution.

The text of the resolution instructs the Secretary General to “to continue to take the necessary steps for ITU to play an active and constructive role in the development of broadband and the multi-stakeholder model of the Internet as expressed in § 35 of the Tunis Agenda”. This paragraph is particularly controversial since of paragraph 35 of the Tunis Agenda says “Policy authority for Internet-related public policy issues is the sovereign right of States. They have rights and responsibilities for international Internet-related public policy issues.” Kleinwächter has pointed out that this selection leaves out later additions that have taken place with progression towards a multi-stakeholder model.

The resolution also resolves to invite member states to “to elaborate on their respective positions on international Internet-related technical, development and public-policy issues within the mandate of ITU at various ITU forums including, inter alia, the World Telecommunication/ICT Policy Forum, the Broadband Commission for Digital Development and ITU study groups”.

A little after its introduction, people began expressing concerns such as the Secretary General may treat the resolution as binding, While the language may raise cause for concern, it is important to note that resolutions of this nature are not binding and countries are free to opt out of them. Opinions vary about the intentions that have driven the inclusion of this resolution, and what it may mean for the future. However commentators like Milton Mueller have scoffed at these concerns, pointing out that the resolution is harmless and may have been a clever political maneuver to resolve the basic conflict haunting the WCIT, and that mere discussion of the Internet in the ITU harms no one.

Some highlights from the plenary session discussions

Egypt and Bulgaria suggested that the resolution refer to paragraph 55 of the Tunis agenda instead of paragraph 35, by inserted the following text “”Recognizing that the existing arrangements for Internet Governance have worked effectively to make the Internet the highly robust, dynamic and geographically diverse medium it is today, with the private sector taking the lead in day-to-day operations and with innovation and value creation at the edges.” The US was also quite insistent on this language (although it did also argue that this was the wrong forum to discuss these issues).

The Chairman was willing to include paragraph 55 in addition to paragraph 35 but Saudi Arabia objected to this inclusion. Finland suggested that the resolution should be removed since it was not supported by all the countries present and was therefore against the spirit of consensus. The Secretary General defended the resolution, suggesting both that it was harmless and that since it was a key component of the compromise, eliminating it would threaten the compromise. South Africa and Nigeria supported this stand.

It was during this debate that the procedural controversy arose. Late into the night, the Chairman said there was a long list of countries that wished to speak and said “I just wanted to have the feel of the room on who will accept the draft resolution”. He proceeded to have countries indicate whether they would accept the draft resolution or not, and then announced that the majority of the countries in the room were in favour of retaining the resolution. The resolution was then retained. Upon Spain’s raising the question, the Chairman clarified that this was not a vote. The next day, other countries raised the same question and the Chairman, while agreeing that the resolution was adopted on the basis of the ‘taking of temperature’ insisted that it was not a vote so much as an effort to see what majority of the countries wanted.

5. Does the human rights language used in the preamble, especially the part about states’ access to the Internet, threaten the Internet in any way?

The preamble says “Member States affirm their commitment to implement these Regulations in a manner that respects and upholds their human rights obligations”, and “These Regulations recognize the right of access of Member States to international telecommunication services”. The text of the preamble can be used as an interpretation aid since it is recognized as providing context to, and detailing the object and purpose of, a treaty. However if the meaning resulting from this appears to be ambiguous, obscure, absurd or unreasonable, then supplementary means such as the preparatory work for the treaty and the circumstances for its conclusion may also be taken into account.

Therefore anyone who is concerned about the impact of the text inserted in the preamble must (a) identify text within the main treaty that could be interpreted in an undesirable manner using the text in the preamble; and (b) consider preparatory work for the treaty and see whether it supports this worrying interpretation. For example, if there were concerns about countries choosing to interpret the term ‘human rights’ as subordinating political rights to economic rights, it would be important to take note of the Secretary General’s emphasis on the UDHR being applicable to all member states.

Initially, only the first insertion about ‘human rights obligations’ was part of the draft treaty. The second insertion, recognizing states’ rights followed after the discussion about human rights language. Some states argued that it was inconsistent to place human rights obligations on states towards their citizens, but to leave out their cross-border obligations. It was immediately after this text was voted into the draft, that the United States, the United Kingdom and other countries refused to sign the ITRs. This particular insertion is phrased as a right of states rather than that of individuals or citizens, which does not align with the language of international human rights. While it may not be strictly accurate to say that human rights have traditionally been individual centric (since collective rights are also recognized in certain contexts), it is certainly very unusual to treat the rights of states or governments as human rights.

Some highlights from the plenary session discussions

The United States of America and the Netherlands wanted to include language to state explicitly that states’ international human rights obligations are not altered in anyway. This was to clarify that the inclusion of human rights language was not setting the ITU up as a forum in which human rights obligations are debated. Malaysia objected to the use of human rights language in the preamble right at the outset, on the grounds that the ITRs are the wrong place for this, and that the right place is the ITU Constitution. It even pointed to the fact that jurisprudence is ever-evolving, to suggest that the meaning of human rights obligations might change over time. These were the two major perspectives offered towards the beginning of the discussion.

The Chairman underlined the fact that the Universal Declaration of Human Rights is already applicable to all UN countries. He argued that reflection of these principles in the ITRs would help build universal public faith in the conference.

The first traces of the states’ access rights can be seen in Cuba’s intervention at the ninth plenary – Cuba argued that limiting states’ access to public information networks amounted to infringement of human rights. At the fourteenth plenary, Nigeria proposed on behalf of the African group that the following text be added to the preamble “And recognize the right of access of all Member States to international telecommunication networks and services." Countries like China which had been ambivalent about the human rights language in the preamble, were happy with this move away from an individual-centric understanding of human rights, to one that sees states as representative of people.

The United States was express in its dissent, and said “human rights obligations go to the individual”. Sweden was also not happy with the proposal and argued that it moved away from well-established human rights language that affirmed existing commitments to drafting new human rights language.

It was an amended version of the African group proposal that finally found its way into the preamble. It was supported by many countries such as China, Nigeria and Sudan, who took the position that group rights are included within human rights, and that governments represent their citizens and therefore have rights on their behalf. This position was strenuously disputed by states like the USA, Switzerland, United Kingdom and Canada.

For more details visit https://cis-india.org/internet-governance/blog/five-faqs-on-amended-itrs

Cyber security, surveillance and the right to privacy: country perspectives

praskrishna — 2013-01-23T12:10:23Z

This blog post is fourth in a series of eight blog posts to report on the “Third South Asian Meeting on the Internet and Freedom of Expression” recently concluded in Dhaka, Bangladesh.

This post was published in the Internet Democracy Project Website on January 22, 2013. All the blog posts in this series are written by Richa Kaul Padte, the official rapporteur at the meeting.

'The best way to protect people’s rights is to enable people to protect their rights themselves' – Chinmayi Arun

Pranesh Prakash, CIS India	Opening the session on cyber security, surveillance and privacy, moderator Pranesh Prakash from the Centre for Internet and Society (India) frames the debate by talking about how the principles raised by discussions on security, privacy and surveillance are always in tension with each other. ‘The boundaries that have been drawn in a pre-digital era don’t apply online always [and] the classic model of state-controlled surveillance is not as relevant [today].’

Taking forward the discussion by setting both a global and national framework around the issue, Assistant Professor at the Delhi-based National Law University Chinmayi Arun brings to light the ways in which cyber security is consistently tabled on several global agendas; however, with little to no meaningful parallel discussions around the right to privacy. She also connects the idea of surveillance to notions of censorship vis a vis freedom of expression, and poignantly states: ‘surveillance is a lot more insidious than censorship – [so much] more can take place before people realise it is happening.’ Prakash furthers this idea in his transition between country perspectives by highlighting the ways in which surveillance measures are already established and heavily pervasive, with both Prakash and Arun advocating greater transparency in areas where these measures are in place. As Arun says, ‘it’s not true that every instance of surveillance needs to be secret until it’s done’, and distinguishing between necessary surveillance measures (in the case of crime investigations, for example) and those that position all people as criminals who must be monitored, is key to taking the discussion forward.

Chinmayi Arun, National Law University Delhi, India

Mohammed Nazmuzzaman Bhuian, Dhaka University

Mohammad Nazmuzzaman Bhuian, an Associate Professor from the University of Dhaka, opens a Bangladeshi country perspective with the question, ‘how does a cyber security act become a surveillance act?’ A cyber crime refers to any crime that involves a computer or a network, and the crimes under this can play out in two ways. The computer itself may be a target, or it may be used to carry out a crime. It is when it is used to carry out a crime that the question of online surveillance arises

Offering another perspective from Bangladesh, Head of the Centre for IT Security and Privacy and Assistant Professor, University of Asia Pacific, Mohammad Shahriar Rahman, discusses the manipulation of security and surveillance laws by the State in order to create greater security for itself. He cites the ban of YouTube in the country in response to a US-produced video ridiculing the Prophet Mohammed and the attacks on bloggers who have advocated for free speech on the Internet, including speech that may be anti-authoritarian or anti-religious. These examples echo Mariyath Mohamed’s perspectives on the interplay between religion, politics and censorship from the previous session, which clearly resound through many South Asian countries.

Mohammad Shahriar Rahman, University of Asia Pacific, Bangladesh

Kailash Prasad Neupane, Nepal Telecommunications Authority	Perspectives from Nepal, offered by speaker Kailash Prasad Neupane from the Nepal Telecommunications Authority, highlight the acute similarities between the laws in different South Asian countries, which all position the freedom of expression as ‘subject to certain restrictions’, where the subjectivity of the clause tends to be interpreted by a powerful and majority State against its minority citizens, thus undermining both democracy and citizens’ rights. As Rahman says, ‘if the government wants to be seen as democratic in these times, they need to realise you can’t jail everyone who is critical of the Prime Minister.’

Speaking from the floor, Bishakha Datta, from Mumbai-based women’s media organisation Point of View, expands on the speakers’ views by highlighting the ways in which, given the extensive measures of State security and surveillance, societies themselves become structured around a culture of surveillance that citizens in turn internalise and see as a necessary part of their lives. She asks, ‘when we talk about the right to privacy, are we saying that we are willing to accept surveillance as long as our privacy is maintained, or are we opposing it on the grounds of privacy?’ Echoing Prakash’s idea that ‘the way in which security and privacy are portrayed as being at loggerheads is false’, Arun responds to Datta by advocating privacy as the starting point for all discussions surrounding security. In summary she states, ‘we must underline our right to privacy,and that right must always dominate. One must always start with that right, and then narrow the circumstances in which, only when it is absolutely necessary and to the extent absolutely necessary, it may be violated.’ And it is through this consistent demand for the right to privacy, and the placing of citizens and individuals (rather than the interests of the State) at the heart of these conversations, that we can see security and privacy as co-existing notions that work to ensure, rather than suppress, freedom of expression.	Bishakha Datta, Point of View, India

For more details visit https://cis-india.org/news/internet-democracy-richa-kaul-padte-jan-22-2013-cyber-security-surveillance-and-the-right-to-privacy

Is freedom of expression under threat in the digital age?

praskrishna — 2013-02-03T10:50:52Z

This week Index held a high level panel debate in partnership with the Editors Guild of India and the India International Centre to discuss the question “Is freedom of expression under threat in the digital age?” Mahima Kaul reports

This post by Mahima Kaul was published in Index on Censorship on January 18, 2013.

Index on Censorship, in partnership with The Editors Guild of India, hosted a debate in New Delhi on Tuesday (15 January) asking, “Is freedom of expression under threat in the digital age?” Discussing the topic were Ajit Balakrishnan (founder and Chief Executive of rediff.com), Index on Censorship CEO Kirsty Hughes, Sunil Abraham (Executive Director of the centre for Internet and Society), and Professor Timothy Garton Ash, Director of the Free Speech Debate project.

Sunil Abraham questioned the idea of technology specific “internet freedom” that has been advocated by many not least the US Secretary of State Hillary Clinton. He said there was for instance much greater freedom and diversity on Indian TV than in the US. He also argued that that this freedom does not seem to extend to a right of access to knowledge, as demonstrated by the charges brought against open access activist and developer Aaron Swartz, who committed suicide earlier this month. Swartz was facing charges for allegedly downloading 4.8 million academic articles from subscription-only digital library JSTOR.

Abraham said one unintentional effect of censorship by governments is that it teaches citizens how to protect themselves online. Finally, he questioned the Indian government’s draconian laws and arbitrary actions in the digital realm, wondering whether this is the authorities’ way of warning future netizens about “acceptable online behaviour”, to condition the public not to criticise the government and to create a chilling effect.

Digital

Is freedom of expression under threat in the digital age?

18 Jan 2013

This week Index held a high level panel debate in partnership with the Editors Guild of India and the India International Centre to discuss the question “Is freedom of expression under threat in the digital age?” Mahima Kaul reports

Freedom of expression is always under threat and in need of defending, argued Timothy Garton Ash. However, he didn’t think the threat was particularly high today in the digital realm — rather the threats to privacy were what were particularly concerning online. With 76.8 per cent of India’s 1.2 billion population connected by mobile phone, there is an extraordinary opportunity for the prevalence of freedom of expression brought about by new technologies. But he said there are also a lot of challenges to free expression in India — and that “swing states” such as Brazil and India will be very important in determining where the global conversation goes on freedom of expression

Ajit Balakrishnan, founder of web portal Rediff.com, explained that many of the problems that have occurred in the digital realm in India have to do with poor drafting of legislation. He was particularly concerned about intermediary liability and explained why and how intermediaries roles needed protecting. He also explained that government officials have genuine problems with phrasing, and that when it comes to the application of these laws, understanding them and when they should be applied will take another 25 years. He added that the country is challenged by a legal system ill-equipped for coping with new technologies.

Kirsty Hughes said that freedom of expression is a universal right, meant to be applied across borders not just within countries. She said that while the digital domain allowed a big expansion in freedom of expression there were risks we are heading towards a more controlled net, a partially censored net, and a fragmented net (for instance with Iran attempting to build its own internet disconnected from the rest of the world). She said that some of the negative reactions by government to social media in India were seen to in the UK where there had been a trend towards criminalising supposedly offensive comment — although the new interim guidelines on social media prosecutions were a step in the right direction. Hughes emphasised three main concerns — state censorship, privatisation of censorship and the role of big companies, and mass surveillance. She pointed out that the British government had pushed for extensive surveillance with the Communications Data Bill, but this has now been shelved after a critical report from MPs.

Ramanjit Singh Chima, policy adviser for Google, said that the question is not about absolute freedom, but about what is appropriate and lawful. He emphasised that in the US, judges had strongly defended free expression online as they saw the digital world as a powerful space for free exprssion. He pointed out how effective social media tools, including Google’s own products, have become in helping during emergency situations like natural disasters and terrorist attacks. He also pointed out that the internet is not only about free expression but business as well. The internet contributes to 1.6 per cent of India’s GDP. Singh Chima said positive judgements by US and EU courts protect the users, adding that regulation for the net should be appropriate for its engineering.

For more details visit https://cis-india.org/news/index-on-censorship-mahima-kaul-january-18-2013-is-freedom-of-expression-under-threat-in-the-digital-age

Draft International Principles on Communications Surveillance and Human Rights

elonnai — 2013-07-12T15:55:45Z

These principles were developed by Privacy International and the Electronic Frontier Foundation and seek to define an international standard for the surveillance of communications. The Centre for Internet and Society has been contributing feedback to the principles.

The principles are still in draft form. The most recent version can be accessed here. This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Our goal is that these principles will provide civil society groups, industry, and governments with a framework against which we can evaluate whether current or proposed surveillance laws and practices are consistent with human rights. We are concerned that governments are failing to develop legal frameworks to adhere to international human rights and adequately protect communications privacy, particularly in light of innovations in surveillance laws and techniques.

These principles are the outcome of a consultation with experts from civil society groups and industry across the world. It began with a meeting in Brussels in October 2012 to address shared concerns relating to the global expansion of government access to communications. Since the Brussels meeting we have conducted further consultations with international experts in communications surveillance law, policy and technology.[1]

We are now launching a global consultation on these principles. Please send us comments and suggestions by January 3rd 2013, by emailing rights (at) eff (dot) org.

Preamble
Privacy is a fundamental human right, and is central to the maintenance of democratic societies. It is essential to human dignity and it reinforces other rights, such as freedom of expression and association, and is recognised under international human rights law.[2] Activities that infringe on the right to privacy, including the surveillance of personal communications by public authorities, can only be justified where they are necessary for a legitimate aim, strictly proportionate, and prescribed by law.[3]

Before public adoption of the Internet, well-established legal principles and logistical burdens inherent in monitoring communications generally limited access to personal communications by public authorities. In recent decades, those logistical barriers to mass surveillance have decreased significantly. The explosion of digital communications content and information about communications, or “communications metadata”, the falling cost of storing and mining large sets of data, and the commitment of personal content to third party service providers make surveillance possible at an unprecedented scale.[4]

While it is universally accepted that access to communications content must only occur in exceptional situations, the frequency with which public authorities are seeking access to information about an individual’s communications or use of electronic devices is rising dramatically—without adequate scrutiny. [5] When accessed and analysed, communications metadata may create a profile of an individual's private life, including medical conditions, political and religious viewpoints, interactions and interests, disclosing even greater detail than would be discernible from the content of a communication alone. [6] Despite this, legislative and policy instruments often afford communications metadata a lower level of protection and do not place sufficient restrictions on how they can be subsequently used by agencies, including how they are data-mined, shared, and retained.

It is therefore necessary that governments, international organisations, civil society and private service providers articulate principles establishing the minimum necessary level of protection for digital communications and communications metadata (collectively "information") to match the goals articulated in international instruments on human rights— including a democratic society governed by the rule of law. The purpose of these principles is to:

Provide guidance for legislative changes and advancements related to communications and communications metadata to ensure that pervasive use of modern communications technology does not result in an erosion of privacy.
Establish appropriate safeguards to regulate access by public authorities (government agencies, departments, intelligence services or law enforcement agencies) to communications and communications metadata about an individual’s use of an electronic service or communication media.

We call on governments to establish stronger protections as required by their constitutions and human rights obligations, or as they recognize that technological changes or other factors require increased protection.

These principles focus primarily on rights to be asserted against state surveillance activities. We note that governments are required not only to respect human rights in their own conduct, but to protect and promote the human rights of individuals in general.[7] Companies are required to follow data protection rules and yet are also compelled to respond to lawful requests. Like other initiatives,[8] we hope to provide some clarity by providing the below principles on how state surveillance laws must protect human rights.

The Principles

Legality: Any limitation to the right to privacy must be prescribed by law. Neither the Executive nor the Judiciary may adopt or implement a measure that interferes with the right to privacy without a previous act by the Legislature that results from a comprehensive and participatory process. Given the rate of technological change, laws enabling limitations on the right to privacy should be subject to periodic review by means of a participatory legislative or regulatory process

Legitimate Purpose: Laws should only allow access to communications or communications metadata by authorised public authorities for investigative purposes and in pursuit of a legitimate purpose, consistent with a free and democratic society.

Necessity: Laws allowing access to communications or communications metadata by authorised public authorities should limit such access to that which is strictly and demonstrably necessary, in the sense that an overwhelmingly positive justification exists, and justifiable in a democratic society in order for the authority to pursue its legitimate purposes, and which the authority would otherwise be unable to pursue. The onus of establishing this justification, in judicial as well as in legislative processes, is on the government.

Adequacy: Public authorities should restrain themselves from adopting or implementing any measure of intrusion allowing access to communications or communications metadata that is not appropriate for fulfillment of the legitimate purpose that justified establishing that measure.

Competent Authority: Authorities capable of making determinations relating to communications or communications metadata must be competent and must act with independence and have adequate resources in exercising the functions assigned to them.

Proportionality: Public authorities should only order the preservation and access to specifically identified, targeted communications or communications metadata on a case-by-case basis, under a specified legal basis. Competent authorities must ensure that all formal requirements are fulfilled and must determine the validity of each specific attempt to access or receive communications or communications metadata, and that each attempt is proportionate in relation to the specific purposes of the case at hand. Communications and communications metadata are inherently sensitive and their acquisition should be regarded as highly intrusive. As such, requests should at a minimum establish a) that there is a very high degree of probability that a serious crime has been or will be committed; b) and that evidence of such a crime would be found by accessing the communications or communications metadata sought; c) other less invasive investigative techniques have been exhausted; and d) that a plan to ensure that the information collected will be only that information reasonably related to the crime and that any excess information collected will be promptly destroyed or returned. Neither the scope of information types, the number or type of persons whose information is sought, the amount of data sought, the retention of that data held by the authorities, nor the level of secrecy afforded to the request should go beyond what is demonstrably necessary to achieve a specific investigation.

Due process: Due process requires that governments must respect and guarantee an individual’s human rights, that any interference with such rights must be authorised in law, and that the lawful procedure that governs how the government can interfere with those rights is properly enumerated and available to the general public.[9]While criminal investigations and other considerations of public security and safety may warrant limited access to information by public authorities, the granting of such access must be subject to guarantees of procedural fairness. Every request for access should be subject to prior authorisation by a competent authority, except when there is imminent risk of danger to human life. [10]

User notification: Notwithstanding the notification and transparency requirements that governments should bear, service providers should notify a user that a public authority has requested his or her communications or communications metadata with enough time and information about the request so that a user may challenge the request. In specific cases where the public authority wishes to delay the notification of the affected user or in an emergency situation where sufficient time may not be reasonable, the authority should be obliged to demonstrate that such notification would jeopardize the course of investigation to the competent judicial authority reviewing the request. In such cases, it is the responsibility of the public authority to notify the individual affected and the service provider as soon as the risk is lifted or after the conclusion of the investigation, whichever is sooner.

Transparency about use of government surveillance: The access capabilities of public authorities and the process for access should be prescribed by law and should be transparent to the public. The government and service providers should provide the maximum possible transparency about the access by public authorities without imperiling ongoing investigations, and with enough information so that individuals have sufficient knowledge to fully comprehend the scope and nature of the law, and when relevant, challenge it. Service providers must also publish the procedure they apply to deal with data requests from public authorities.

Oversight: An independent oversight mechanism should be established to ensure transparency of lawful access requests. This mechanism should have the authority to access information about public authorities' actions, including, where appropriate, access to secret or classified information, to assess whether public authorities are making legitimate use of their lawful capabilities, and to publish regular reports and data relevant to lawful access. This is in addition to any oversight already provided through another branch of government such as parliament or a judicial authority. This mechanism must provide – at a minimum – aggregate information on the number of requests, the number of requests that were rejected, and a specification of the number of requests per service provider and per type of crime. [11]

Integrity of communications and systems: It is the responsibility of service providers to transmit and store communications and communications metadata securely and to a degree that is minimally necessary for operation. It is essential that new communications technologies incorporate security and privacy in the design phases. In order, in part, to ensure the integrity of the service providers’ systems, and in recognition of the fact that compromising security for government purposes almost always compromises security more generally, governments shall not compel service providers to build surveillance or monitoring capability into their systems. Nor shall governments require that these systems be designed to collect or retain particular information purely for law enforcement or surveillance purposes. Moreover, a priori data retention or collection should never be required of service providers and orders for communications and communications metadata preservation must be decided on a case-by-case basis. Finally, present capabilities should be subject to audit by an independent public oversight body.

Safeguards for international cooperation: In response to changes in the flows of information and the technologies and services that are now used to communicate, governments may have to work across borders to fight crime. Mutual legal assistance treaties (MLATs) should ensure that, where the laws of more than one state could apply to communications and communications metadata, the higher/highest of the available standards should be applied to the data. Mutual legal assistance processes and how they are used should also be clearly documented and open to the public. The processes should distinguish between when law enforcement agencies can collaborate for purposes of intelligence as opposed to sharing actual evidence. Moreover, governments cannot use international cooperation as a means to surveil people in ways that would be unlawful under their own laws. States must verify that the data collected or supplied, and the mode of analysis under MLAT, is in fact limited to what is permitted. In the absence of an MLAT, service providers should not respond to requests of the government of a particular country requesting information of users if the requests do not include the same safeguards as providers would require from domestic authorities, and the safeguards do not match these principles.

Safeguards against illegitimate access: To protect individuals against unwarranted attempts to access communications and communications metadata, governments should ensure that those authorities and organisations who initiate, or are complicit in, unnecessary, disproportionate or extra-legal interception or access are subject to sufficient and significant dissuasive penalties, including protection and rewards for whistleblowers, and that individuals affected by such activities are able to access avenues for redress. Any information obtained in a manner that is inconsistent with these principles is inadmissible as evidence in any proceeding, as is any evidence derivative of such information.

Cost of surveillance: The financial cost of providing access to user data should be borne by the public authority undertaking the investigation. Financial constraints place an institutional check on the overuse of orders, but the payments should not exceed the service provider’s actual costs for reviewing and responding to orders, as such would provide a perverse financial incentive in opposition to user’s rights.

Signatories

Organisations

Article 19 (International)
Bits of Freedom (Netherlands)
Center for Internet & Society India (CIS India)
Derechos Digitales (Chile)
Electronic Frontier Foundation (International)
Privacy International (International)
Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic (Canada)
Statewatch (UK)

Individuals

Renata Avila, human rights lawyer (Guatemala)

Footnotes

[1]For more information about the background to these principles and the process undertaken, see https://www.privacyinternational.org/blog/towards-international-principles-on-communications-surveillance
[2]Universal Declaration of Human Rights Article 12, United Nations Convention on Migrant Workers Article 14, UN Convention of the Protection of the Child Article 16, International Covenant on Civil and Political Rights, International Covenant on Civil and Political Rights Article 17; regional conventions including Article 10 of the African Charter on the Rights and Welfare of the Child, Article 11 of the American Convention on Human Rights, Article 4 of the African Union Principles on Freedom of Expression, Article 5 of the American Declaration of the Rights and Duties of Man, Article 21 of the Arab Charter on Human Rights, and Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms; Johannesburg Principles on National Security, Free Expression and Access to Information, Camden Principles on Freedom of Expression and Equality.
[3]Martin Scheinin, “Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism,” p11, available at http://www2.ohchr.org/english/issues/terrorism/rapporteur/docs/A_HRC_13_37_AEV.pdf. See also General Comments No. 27, Adopted by The Human Rights Committee Under Article 40, Paragraph 4, Of The International Covenant On Civil And Political Rights, CCPR/C/21/Rev.1/Add.9, November 2, 1999, available at http://www.unhchr.ch/tbs/doc.nsf/0/6c76e1b8ee1710e380256824005a10a9?Opendocument.
[4]Communications metadata may include information about our identities (subscriber information, device information), interests, including medical conditions, political and religious viewpoints (websites visited, books and other materials read, watched or listened to, searches conducted, resources used), interactions (origins and destinations of communications, people interacted with, friends, family, acquaintances), location (places and times, proximities to others); in sum, logs of nearly every action in modern life, our mental states, interests, intentions, and our innermost thoughts.
[5]For example, in the United Kingdom alone, there are now approximately 500,000 requests for communications metadata every year, currently under a self-authorising regime for law enforcement agencies, who are able to authorise their own requests for access to information held by service providers. Meanwhile, data provided by Google’s Transparency reports shows that requests for user data from the U.S. alone rose from 8888 in 2010 to 12,271 in 2011.
[6]See as examples, a review of Sandy Petland’s work, ‘Reality Mining’, in MIT’s Technology Review, 2008, available at http://www2.technologyreview.com/article/409598/tr10-reality-mining/ and also see Alberto Escudero-Pascual and Gus Hosein, ‘Questioning lawful access to traffic data’, Communications of the ACM, Volume 47 Issue 3, March 2004, pages 77 - 82.
[7]Report of the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, May 16 2011, available at http://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/a.hrc.17.27_en.pdf
[8]The Global Network Initiative establishes standards to help the ICT sector protect the privacy and free expression of their users. See http://www.globalnetworkinitiative.org/
[9]As defined by international and regional conventions mentioned above.
[10]Where judicial review is waived in such emergency cases, a warrant must be retroactively sought within 24 hours.
[11]One example of such a report is the US Wiretap report, published by the US Court service. Unfortunately this applies only to interception of communications, and not to access to communications metadata. See http://www.uscourts.gov/Statistics/WiretapReports/WiretapReport2011.aspx. The UK Interception of Communications Commissioner publishes a report that includes some aggregate data but it is does not provide sufficient data to scrutinise the types of requests, the extent of each access request, the purpose of the requests, and the scrutiny applied to them. See http://www.intelligencecommissioners.com/sections.asp?sectionID=2&type=top.

For more details visit https://cis-india.org/internet-governance/blog/draft-intl-principles-on-communications-surveillance-and-human-rights

Third South Asian Meeting on the Internet and Freedom of Expression

praskrishna — 2013-01-17T07:16:58Z

Internet Democracy Project, Voices for Interactive Choice & Empowerment and Global Partners & Associates are organizing this event in Dhaka on January 14 - 15, 2013.

Pranesh Prakash is moderating the session on "Understanding cyber security and surveillance in South Asia today". Chinmayi Arun is speaking in this panel.

The Third South Asian Meeting on the Internet and Freedom of Expression seeks to address the question of how freedom of expression on the Internet is best protected by taking as its starting point two of the biggest challenges for freedom of expression online in South Asia today: hate speech online on the one hand, and cyber security and surveillance on the other.

The meeting seeks to investigate how these challenges affect freedom of expression on the Internet as well as how they can be addressed most effectively while protecting free speech online. It will also touch briefly on the important question of what kind of Internet governance processes are most likely to ensure the desired outcomes materialise.

A very short history of the South Asian Meeting on the Internet and Freedom of Expression
The first South Asian Meeting on the Internet and Freedom of Expression took place in March 2011 in Delhi, and mapped the many challenges for free speech online in our region, as an input into the report on the Internet and freedom of expression of UN Special Rapporteur on Freedom of Expression, Mr. Frank La Rue.

The second South Asian Meeting, in Kathmandu in November 2011, assessed the extent to which policy and regulation in the South Asian countries complied with the recommendations Mr. La Rue made in his report.

This third meeting will now build on these earlier efforts by bringing together experts from civil society, business, the research community and other stakeholder groups from across the region to discuss two of the biggest shared challenges for freedom of expression online in South Asia today in detail: the rising visibility of hate speech on the one hand, and the impact of discourses regarding cyber security and surveillance on the other.

Why focus on hate speech and security/surveillance now?
Since UN Special Rapporteur on Freedom of Expression, Mr. Frank La Rue, presented his report on the Internet and freedom of expression to the UN Human Rights Council in June 2011, the complexity of this topic has received growing recognition. However, not all trends that La Rue had pointed out as directly affecting freedom of expression online – from access to the Internet to cyber attacks – are equally important in the South Asian region. Detailed analysis in several South Asian countries has shown that, though Internet penetration rates remain fairly low, most countries do possess, for example, the political will crucial to improve these figures. The two trends that seem to be of greatest concern in our region are that of the fight against hate speech, and the impact on freedom of expression of cyber security and surveillance measures. The latter is foregrounded for a variety of reasons ranging from the safety of individual users to national security.

Incidentally, across the region, as in many parts of the world, hate speech and cyber security have also been among the most important reasons governments have quoted to justify greater government control over the Internet. At the national level, this has at times manifested itself through the approval and implementation of legislation that has far-reaching consequences for freedom of speech online, without consulting many of the stakeholders who are affected at any point in time. At the global level, we see a growing number of proposals by governments that would effectively expand their collective powers to regulate the Internet, though with varying levels of involvement of other stakeholders envisioned.

Yet while governments' intentions when imposing censorship or approving surveillance measures may at times be in doubt, it is difficult to deny that the Internet has facilitated a new proliferation of hate speech, as well as that it has thrown up new security challenges that couldn't even be imagined before.

It is therefore our contention that the challenges of hate speech online and of ensuring cyber security in our region are real, and need to be addressed head-on if we are to strengthen and protect the right to freedom of expression online. For this reason, the meeting seeks to investigate both the precise nature of these challenges and what Internet governance mechanisms we need to evolve to ensure that they can be addressed most effectively whilst upholding and strengthening the right to freedom of expression. If we are to take the challenges the threats of hate speech and cyber security policy embody seriously yet also aim to uphold and strengthen the right to freedom of expression online, then what are the solutions we require? And who will need to be responsible for implementing them?

Participants
Taking into account the many parallels in the shape problems of hate speech and cyber security and surveillance take across the South Asian region as a result of shared cultures and historical legacies alike, participants will be invited from Bangladesh, India, Nepal, Pakistan, Afghanistan, Sri Lanka and the Maldives. Moreover, as solutions to these problems will invariably require collaboration among various stakeholders in the Internet governance field in order to be effective, participants will be drawn from a wide variety of stakeholder groups, including civil society, business, government, academia and the media from across the region. In this way, the meeting hopes tofacilitate a South Asia wide, multistakeholder dialogue, to learn, discuss and evolve more detailed thinking on these topics for one and a half days. The meeting will come to an end with a public event at the end of the second day.

The meeting will use a variety of formats, including key note presentations, panel discussions, case studies and small group conversations.

Agenda

January 14, 2013

9.00-09.45	Welcome and introductions to participants
09.45-10.15	Introduction to the meeting: the challenge that hate speech online and cyber security/surveillance pose to freedom of expression on the Internet – Dixie Hawtin Intro: Internet governance and human rights issues in general Why is this event focussed on hate speech and surveillance?
10.15-10.45	Tea/coffee break
10.45-12.15	The challenge of hate speech on the Internet in South Asia Strengthening the right to freedom of expression to curtail hate speech (Anja Kovacs) Three country perspectives, from the Maldives (Mariyath Mohamed), Pakistan (tbc), and Bangladesh (Salim Khan) Moderator: Bishakha Datta
12.15-13:30	Lunch
13.30-14.00	Keynote: Thinking about a rights-based approach to cyber security and surveillance as it relates to speech – KS Park
14.00-15.30	Understanding cyber security and surveillance in South Asia today With Three country perspectives from Bangladesh (Mohammad Rahman), Nepal (Kailash Prasad Neupane) and India (Chinmayi Arun). Moderator: Pranesh Prakash
15.30-16:00	Tea/coffee break
16.00-17.30	Legal and ethical questions and challenges when addressing cyber security and surveillance: two case studies – Rohan Samarajiva

January 15, 2013

9.00-9.15	Introduction to day 2
9.15-9.45	Cybersecurity, surveillance and hate speech online – key issues that need to be addressed in governance in order to protect Internet freedom of expession. This session will discuss particular issues that have relevance for both cyber security debates and hate speech issues in greater depth. Four topics that will be addressed are: The question of anonimity (KS Park) Cross-border cooperation and other jurisdictional issues in context of cloud computing and crossborder data flows and storage (Aditya Rao) Domain Names and registration (Babu Ram Aryal) Intermediaries as law enforcers (Suman Pradhan) Moderator: Shahzad Ahmed
10.45-11.00	Tea/coffee break
11.00-13.00	What kind of solutions could a rights-based approach throw up to the challenges raised so far in the meeting? Open discussion in groups and plenary, following key note speaker, Bulbul Monjurul Ahsan
13.00-13.30	Summing up and thank you
13.30-15.00	Lunch
15:00 – 16:00	Meeting participants move to venue for public meeting, tea/coffee break and arrival of wider public
16.00-18.30	PUBLIC EVENT: The Internet and freedom of expression Confirmed speakers include: Abu Taher, Info Commissioner; Iftekharuzzaman, Executive Director, Transparency International Bangladesh; Sarah Hossain, Lawyer and Honorary Executive Director, BLAST; Shaheen Anam, Executive Director, Manusher Jonno Foundation; Monjurul Ahsan Bulbul, eminent journalist and CEO, Boishakhi Television; and Rohan Samarajiva, Chair and CEO, LIRNEasia.

List of Participants

Aditya Rao, Senior Associate, Amarchand Mangaldas, India
Ahmed Swapan, Executive Director, VOICE, Bangladesh
Amrit Pant, General Secretary, Computer Association of Nepal & President, Information Technology Development Society, Nepal
Anja Kovacs, Project Director, Internet Democracy Project, India
Babu Ram Aryal, President, Internet Society, Nepal Chapter, Nepal
Binaya Guragain, Coordinator of Programs, Equal Access, Nepal
Bishakha Datta, Wikimedia Foundation Board Member & Co-founder, Point of View, India
Chinmayi Arun, Assistant Professor, National Law University Delhi & Fellow, Centre for Internet and Society, India.
Dixie Hawtin, Project Manager for Digital Communications and Freedom of Expression, Global Partners and Associates, UK
Farhana Rumki, Associate Programme Coordinator, VOICE, Bangladesh
Kailash Prasad Neupane, Chief of Legal Section, Spokesperson, Secretary and Registrar, Nepal Telecommunications Authority, Nepal
Khairuzzaman Kamal, Founder Secretary General of Bangladesh Manobadhikar Sangbadik Forum & Senior Reporter at Bangladesh Sangbad Sangstha, Bangladesh
Khawaza Mainuddin, Executive Editor, ICE Business Times Magazine, Bangladesh
K S Park, Executive Director, the PSPD Public Interest Law Center & Professor, Korea University Law School, South Korea
Mariyath Mohamed, Journalist, Minivan News, Maldives
Mohammad Nazmuzzaman Bhuian Emon, Associate Professor, Department of Law, University of Dhaka, Bangladesh
Mohammad Shahriar Rahman, Assistant Professor, Department of Computer Science and Engineering, University of Asia Pacific & Head, Center for IT Security and Privacy, Bangladesh
Moiyen Zalal Chowdhury, Community Manager, Somewhere.In & Norad Fellow,Bangladesh
Monjurul Ahsan Bulbul, Chair, International Press Institute & Editor-in-chief and CEO,Boiskakhi TV, Bangladesh
Pranesh Prakash, Policy Director, Centre for Internet and Society, India
Prasanth Sunganathan, Counsel, Software Freedom Law Centre, India
Rezaur Rahman Lenin, Research Fellow, VOICE, Bangladesh
Richa Kaul Padte, Writer, India
Rohan Samarajiva, Chair and CEO, LIRNEasia, Sri Lanka
Saleem Samad, Columnist & Correspondent at Reporters without Borders, Bangladesh
Salimullah Khan, Writer and Professor, Stamford University, Bangladesh
Sana Saleem, Director, Bolo Bhi, Pakistan
Santosh Sigdel, Advocate and Vice President, Internet Society, Nepal Chapter, Nepal
Shahzad Ahmed, Country Director, Bytes for All, Pakistan
Shehla Rashid Shora, Project Officer, Internet Democracy Project, India
Shehnaz Banu, Media and Communication Officer, Alliance for Social Dialogue, Bangladesh
Soheil Zafar, Editor, Unmochan Blog & TV Producer and Researcher, 71 Television, Bangladesh
Suman Lal Pradhan, CEO, Websurfer, Nepal
Sushma Luthra, Event Coordinator, India
Syeda Fedous Jana, Managing Director and Co-Founder of Somewhere.In, Bangladesh
Tahmina Rahman, Director Bangladesh and South Asia Region, Article 19, Bangladesh
Vasana Wickremasena, Executive Director, Centre for Integrated Communication Research and Advocacy, Sri Lanka

For more details visit https://cis-india.org/news/third-south-asian-meeting-on-internet-and-freedom-of-expression

I & P Partners Meeting at Rio

praskrishna — 2013-01-07T12:22:36Z

Sunil Abraham made a presentation on Open Business and IP.

For more details visit https://cis-india.org/openness/blog-old/i-and-p-partners-meeting.pdf

Clash of the cyberworlds

praskrishna — 2013-01-15T06:57:48Z

In an increasingly digital world, the issue of Internet freedom and governance has become hugely contested. Censorship and denial of access occur across the political spectrum of nations, even in liberal democracies.

The article by Latha Jishnu, Dinsa Sachan and Moyna was published in Down to Earth magazine's January 15, 2013 issue. Pranesh Prakash is quoted.

In run-up to the just-concluded World Conference on International Telecommunications in Dubai, there was a frenzied campaign to ensure that governments kept their hands off the Internet. It was feared the International Telecommunications Union, a UN body, was aiming to take control of the Internet. That hasn’t happened. But the outcome in Dubai has highlighted once again the double speak on freedom by countries that claim to espouse it and by corporations interested in protecting their interests, says Latha Jishnu, who warns that the major threat to the Internet freedom comes from the wide-ranging surveillance measures that all governments are quietly adopting. Dinsa Sachan speaks to institutions and officials to highlight the primacy of cyber security for nations, while Moyna tracks landmark cases that will have a bearing on how free the Net remains in India.

For months now a little-known UN agency, the International Telecommunication Union (ITU), has been looming large in cyberspace, portrayed as an evil force plotting to take over the Internet and threatening to destroy its freedom by rewriting archaic regulations. ITU, set up in 1865, is primarily a technical body that administers a 24-year-old treaty, International Telecommunication Regulations (ITRs), which are basic principles that govern the technical architecture of the global communication system.

	How did the 193-nation ITU, which regulates radio spectrum, assigns satellite orbits and generally works to improve telecom infrastructure in the developing world, turn into everyone’s favourite monster in the digital world? The provocation was ITU’s World Conference on International Telecommunications (WCIT) in Dubai, where ITRs were proposed to be revised. Leaked documents of the proposals made to ITU had shown that statist countries like Russia and China, known for their crackdown on Internet freedom, had put forward proposals to regulate digital “crime” and “security” aspects that are currently not regulated at the global level for want of consensus on balancing enforcement with protection of individual rights.

Other proposals were about technical coordination and the setting up of standards that enable all the devices, networks and software across the Internet to communicate and connect with one another. Although ITU secretary general Hamadoun I Touré had emphasised that the Dubai WCIT was primarily attempting to chart “a globally agreed-upon roadmap that offers future connectivity to all, and ensures sufficient communications capacity to cope with the exponential growth in voice, video and data”, there was widespread scepticism among developed countries.

Online subversion in India AT the seventh annual meeting of the Internet Governance Forum in Baku, Azerbaijan, last November, Minister for Communications and Information Technology Kapil Sibal was a star turn. He made an elevating speech about the need to put in place a “collaborative, consultative, inclusive and consensual” system for dealing with policies involving the Internet. India, with 125 million Internet users—a number that “is likely to grow to about half a billion over the next few years”—would be a key player in the cyberworld of tomorrow, he promised. According to the minister, Internet governance was an oxymoron because the concept of governance was for dealing with the physical world and had no relevance in cyberspace. These were high sounding words that crashed against the reality of India’s paranoia over online subversion. For starters, Sibal flew into a media blitz over Google’s transparency Report which ranked India second globally in accessing private details of its citizens. Even if it was a far second behind the US, it was an embarrassing revelation for the government which appears to have been rather enthusiastic in seeking information on the users of its various services. Such user data would include social networking profiles, complete gmail accounts and search terms used. In the first half of 2012, India made 2,319 requests related to 3,467 users compared with 7,969 requests by the US. Globally, Google clocked a total of 20,938 requests for user data. A few days down the line there was a public explosion over the arrest of two young women in Palghar, near Mumbai, for posting a prosaic comment on Facebook over Bal Thackeray’s death. Thanks to the deliberately vague wording of Section 66A of the IT Act, such arrests have become common and Rajya Sabha devoted a whole afternoon to discuss the impugned legislation and seek its withdrawal. Sibal’s response has been to issue guidelines on the use of this Section which civil society organisations say will do nothing to sort out matters. Then there are the IT (Intermediaries Guidelines) Rules, 2011, issued under Section 79 of the IT Act, which have been used indiscriminately by business interests to shut down websites, resulting in unbridled censorship of the Internet time and again. Although a motion for its annulment was moved in Parliament by Rajya Sabha member P Rajeeve, it was withdrawn after Sibal promised to talk to all stakeholders. A host of MPs have termed the rules a violation of right to freedom of speech besides going against the laws of natural justice. The promised meeting of stakeholders has not yielded any results and censorship on grounds of possible online piracy continues. In this regard, India is more restrained than the US which has pulled down huge numbers of domains on the ground they were violating intellectual property by selling pirated goods.

Western global powers, behemoth Internet companies, private telecom corporations and almost the entire pack of civil liberties organisations came together in a frenzied campaign to ensure that ITU kept its hands off the Internet. Massive online petitions were launched, backed by Internet companies such as search engine Google and social networking service Facebook. The Internet, they said, should not become an ITU remit because it would change the multi-stakeholder approach, which currently marks the way the Internet is governed, and replace it with government control that would curb digital freedom. Not only did the US administration oppose the revision of ITRs, the US Congress also passed a rare unanimous resolution against the WCIT proposals.

In the end, it was an anti-climax: nothing much came of these proposals. Although WCIT was marked by high drama—a walkout by the US and six European countries, a show of hands on a contested but innocuous resolution and an unexpected vote—the “final acts” (http://www.itu.int/en/wcit-12/Documents/final-acts-wcit-12.pdf) or the changes in ITRs make no mention of the I word. Not once. The 30-page document states at the outset that “these regulations do not address the content-related aspects of telecommunications” —an indirect reference to the Internet.

	Ultimately, it was a triumph of the US-led position even if 89 of the 144 eligible countries signed it. Most of the developed countries refused to sign it. Nor, unexpectedly, did India, and thereby hangs a curious tale. Officials who were privy to the negotiations told Down To Earth that India was all set to sign the new ITRs when its delegation got last-minute instructions from Delhi not to endorse them. “It was unexpected and a let-down for India and our global allies,” confesses an official of the Ministry of Communications & IT. “There was nothing in the final document that we had objections to.” According to the grapevine, Minister for Communications and Information Technology Kapil Sibal was facing pressure from two sides: the US Administration and domestically from civil society, Internet service providers and the private telecom players who had objected to India’s proposals on ITRs. The US is known to be keeping a close eye on what India decides to do on the new treaty which it can still ratify. In the Dubai treaty, the only ITR that does impinge on the Net is (Article 5B) on unsolicited bulk electronic communications or spam. But even here, what it merely states is that member-states should endeavour to take necessary measures to prevent the “propagation of unsolicited bulk electronic communications and minimize its impact on international telecommunication services.”

In many ways, what took place during the hectic days before and during the December 3-14 WCIT was in a broad sense a replay of the Cold War scenario of the good (freedom-loving countries) versus evil (authoritarian or autocratic regimes), although alliance may have shifted in the two blocs. What is clear is that a larger geopolitical fight is playing out with the Internet as disputed terrain. American analysts themselves have pointed out that the “US got most of what it wanted. But then it refused to sign the document and left in a huff.”

Even the innocuous Article 5A, which calls on members “to ensure the security and robustness of international telecommunication networks”, was interpreted by US delegation head Terry Kramer as a means that could be used by some governments to curb free speech!

As an outraged Saudi delegate said, “It is unacceptable that one party to the conference gets everything they want and everybody else must make concessions. And after having made many concessions, we are then asked to suppress the language which was agreed to. I think that that is dangerous. We are on a slippery slope.” The final outcome: all the contentious issues were relegated to resolutions, which have no legal basis.

Indeed, the US has managed to get its way on most issues: protecting the mammoth profits of its Internet companies and ensuring that control of the Internet address system, now done by a group based in the US, will not be shared with other ITU members. And, the likes of Google (2011 profit: $37.9 billion) and Facebook will not have to pay telecom companies for use of their networks to deliver content.

Challenges of securing cyberworld

E-commerce in India, where every tenth person is online, is on the rise—and, consequently, crime on the Internet. In 2011, the country’s nodal agency for handling cyber crime, Indian Computer Emergency Response Team, tackled 13,301 incidences of security breach. The incidents ran the gamut from website intrusions, phishing to network probing and virus attacks. Further, in 2009, 2010, 2011 and 2012 (until October), there were 201, 303, 308 and 294 cyber attacks respectively on sites owned by the Indian government. Most notably, hacker group Anonymous defaced the website of Union Minister of Communications and Information Technology, Kapil Sibal.

To beef up cyber security, the Union ministry plans to pump in Rs 45 crore in 2012-13. It also put up a draft cyber security policy for public comments in 2011. Currently, cases involving cyber security and crime are handled under the IT Act of 2000 (Amendment 2008) and the Indian Penal Code.

But will the government go about its business of securing the Net in a responsible manner? There is scepticism. Section 69 of the Act gives any government agency the right to “intercept, monitor or decrypt” information online. Chinmayi Arun, assistant professor of law at National Law University in Delhi, said at the Internet Governance Conference held at FICCI in October that crimes like defamation are not on the same page as cyber terrorism, and “we have to question whether they warranty invasion of privacy”. She added that the workings of the surveillance system has to be made more open to build public trust.

Pranesh Prakash, policy director at Centre for Internet and Society (CIS) in Bengaluru, draws attention to a fundamental flaw in the section. “Government is allowed to wire tap under the Telegraph Act, 1885. But the Act lays out specific guidelines for such an action. For example, you can only tap phones in the case of a ‘public emergency’ or ‘public safety’ situation. The IT Act does not put such limitations on interception of information,” he says.

Cyber security and ITU

A few months prior to the controversial World Conference on International Telecommunications in Dubai, countries, including Russia and Arab states, had proposed measures that would, through International Telecommunication Union (ITU), grant disproportional power to countries to control the Internet in the name of security measures. Several proposals, most notably those of India and Arab States, explicitly stated in the proposed Article 5A that countries should be able to “undertake appropriate measures, individually or in cooperation with other Member States” to tackle issues relating to “confidence and security of telecommunications/ICTs”. It raised alarm among civil society. US-based think tank Center for Democracy and Technology (CDT) said in its report dated September, 2012, that cyber security does not fall under the ambit of International Telecom Regulations, and some countries would misuse such privileges for “intrusive or repressive measures”.

The proposal by African member states recommended that nations should “harmonise their laws” on data retention. In other words, intermediaries would have to retain public data for a long period so that governments can access it whenever they please. With regard to this, CDT noted, “Not only do national laws on data retention vary greatly, but there is ongoing controversy about whether governments should impose data retention mandates at all.”

A clause in the Arab proposal on routing said, “A Member State has the right to know how its traffic is routed.” Currently, the way Internet works, senders and recipients do not know how data between their computers travels or is routed. However, enabling countries to have control over routing has its dangers. CDT notes, “(This) would simply not work and could fundamentally disrupt the operation of the Internet.” Internet traffic travels over an IP network. While travelling, it is fragmented into small packets. Packets generally take a different path across interconnected networks in many different countries before reaching the recipient’s computer. CDT notes providing routing information to countries would require “extensive network engineering changes, not only creating huge new costs, but also threatening the performance benefits and network efficiency of the current system”. Although routing was not part of India’s proposal, Ram Narain, deputy director general at the department of telecommunications, told Down To Earth it was one of the country’s concerns.

However, to civil society’s partial relief, such draconian cyber security clauses were not adopted in the new itr treaty. Two clauses added to the treaty, Article 5A and 5B, address some cyber security concerns. Titled “Security and robustness of networks”, Article 5A urges countries to “individually and collectively endeavour to ensure the security and robustness of international telecommunication networks”. Article 5B talks about keeping tabs on spam.

Prasanth Sugathan, senior advocate with Software Freedom Law Centre, an international network of lawyers, says while he would have preferred that the two clauses were kept out of the new treaty, they do not seem harmful. “They are a much toned down version of what Arab states and Russia had suggested,” he says.

This is one reason India, Brazil and other democracies from the developing world also want a change in ITRs. They want the Internet behemoths to pay for access to their markets so that such revenues can be used to build their own Internet infrastructure.

In the furious debate on keeping the Net free of international control even hawk-eyed civil society organisations prefer to ignore the monetary aspects of Net control. Some analysts believe that maintaining the status quo is not so much about protecting the values of the Internet as about safeguarding interests, both monetary and hegemonistic. Such an assessment may not be wide of the mark if one joins the dots. Google, says a Bloomberg report of December 10, “avoided about $2 billion in worldwide income taxes in 2011 by shifting $9.8 billion in revenues into a Bermuda shell company, almost double the total from three years before”. It also said that the French, Italian, British and Australian governments are probing Google’s tax avoidance in its borderless operations.

	What is clear, however, is that a number of countries for reasons springing from different motivations, appear determined to undermine America’s control of the outfits that now define how the Internet works. Although the US maintains that ICANN (Internet Corporation for Assigned Names and Numbers) is a private, non-profit corporation, it is overseen by the US Commerce Department. According to People’s Daily, what the US spouts about Net freedom is so much humbug. In an August 2012 report, the leading Chinese daily claimed the US “controls and owns all cyberspaces in the world, and other countries can only lease Internet addresses and domain names from the US, leading to American hegemonic monopoly over the world’s Internet”. It also highlighted a fact that has slipped below the radar. During the Iraq invasion, the US government asked ICANN to terminate services to Iraq’s top-level domain name “.iq” and thereafter all websites with the domain name “.iq” disappeared overnight. It charges the US with having “taken advantage of its control over the Internet to launch an invisible war against disobedient countries and to intimidate and threaten other countries”. While this may be true, the irony is that China, with its great firewall of censorship, is in no shape to position itself as a champion of freedom. Like other authoritarian countries, it will do everything to police the Net and control it.

The right of countries and peoples to access the Net was highlighted in Dubai when some African countries raised the issue of US control of the global Internet. Some of these, such as Sudan, have long been complaining about Washington’s sanctions that entail denial of Internet services. ITU officials point out that Resolution 69, first passed in the 2008 meeting, invoked again in 2010 and dusted off once again for the WCIT negotiations, invoked “human rights” to argue for “non-discriminatory access to modern telecom/ ICT facilities, services and applications”. Says Paul Conneally, head of Communications & Partnership Promotion at ITU, “The real target of these resolutions are US sanctions imposed on nations that are deemed bad actors. These sanctions mean that people in those countries—not just the government, mind you, but everyone, innocent and guilty alike—are denied access to Internet services such as Google, Sourceforge, domain name registrars such as GoDaddy, software and services from Oracle, Windows Live Messenger, etc.”

The catalogue of Sudan’s complaints shows at least 27 instances in 2012 when companies from Google to Microsoft and Paypal to Oracle cut off their services to the African country. This might explain why major companies would be opposed to the resolution on a right to access Internet services. Such a right would allow countries to use ITRs to compel them to provide services they might otherwise have preferred not to. But so far all such sanctions appear to have been a decision of the US Administration.

The problem of the digital divide, in fact, did not get the headlines it should have. Africa accounts for just 7 per cent of the 2.4 billion people who use the Net worldwide and penetration in the region is just 15.6 per cent of the population. Compare this with North America where over 78 per cent are linked to the digital world and Touré’s logic about the ITU’s mandate appears reasonable.

When Apple censors the drone war NETIZENS know that the Internet suffers from the depredations of government, hackers and viruses. But not many are aware that companies are as prone to taking legitimate stuff off the Net on the flimsiest grounds. In the case of Apple it could have been misplaced patriotism or plain business sense that prompted it to block an app which monitors drone strike locations in November last year. The App Store rejected the product, calling it “objectionable and crude”. Drones+ (see photo) is an application that simply adds a location to a map every time a drone strike is reported in the media and added to a database maintained by the UK’s Bureau of Investigative Journalism. Josh Begley, a graduate student at New York University, who developed the app, says it shows no visuals of war or classified information. All it does is to keep its users informed about when and where drone attacks are taking place in Pakistan and Afghanistan. “This is behavior I would expect of a company in a repressive country like China, not an iconic American company in the heart of Silicon Valley,” says a petition to the company CEO. Did Apple’s censorship have anything to do with the fact that it received huge contracts from the Pentagon? US legislators have joined the protests against Apple. The most brazen act of corporate censorship occurred in August 2012 with NASA’s livestream coverage of the Curiosity rover’s landing on Mars in the space agency’s $2.5 billion mission. A news agency, Scripps, coolly claimed as its own the public domain video posted on NASA’s official YouTube channel that documented the epic landing (see our opening visuals). “This video contains content from Scripps Local News, who has blocked it on copyright grounds. Sorry about that,” said a message on NASA’s blackened screen. So much for the strict US laws aimed at curbing online piracy!

Touré noted that the revised ITRs would see greater transparency in global roaming charges, lead to “more investment in broadband infrastructure” and help those with disabilities. But he was hopeful that the new treaty signed in Dubai would make it possible for the 4.5 billion people still offline to be connected. “When all these people come online, we hope they will have enough infrastructure and connectivity so that traffic will continue to flow freely,” Touré said.

But should ITU govern the Net? Not in its entirety, according to experts. For one, ITU until the Dubai meeting was far from being transparent and does not allow participation of civil society or other stakeholders in its negotiations unless they are part of the official delegation of the member-states. In fact, even critics of the current system, who think the system is lopsided and hypocritical, believe ITU needs to reform itself and confine to the carrier/infrastructure layer of the Internet. Nor should it get into laying down standards which is done by Internet Engineering Task Force (IETF) and the naming and numbering that is managed by ICANN.

But Conneally counters this by asking what would happen if the US decided to deny domain name root zone to Iran because of its bad human rights record. “Suppose it ordered Verisign to remove .IR from the DNS root and make it non-functional. Would we want ICANN/the Internet governance regime to be used as a political/strategic tool to reform Iran? What happens to global interoperability when the core infrastructure gets used in that way?”

Who then should ensure that the Internet is run in a free and open manner? Should it be the Internet Governance Forum (IGF)? But IGF is to be an open consultative forum that cannot by itself govern. It brings in participation for any or all Internet-related policy processes but it by itself was never supposed to do policy or governance.

Parminder Jeet Singh, executive director of ItforChange, says whoever governs is the government for that purpose. “This truism is significant in the present context, because there is an attempt by those who really control/ govern the Internet at present, largely through illegitimate and often surreptitious ways, to confuse issues around Internet governance in all ways possible, including through abuse of established language and political principles and concepts.”

ITforChange is a Bengaluru institution working on information society theory and practice, especially from the standpoint of equity, social justice and gender equality, and it is that perspective which informs Singh’s suggestions. “What we need are safeguards as, for instance, with media regulation. The Internet, of course, is much more than media. It is today one of the most important factors that can and will influence distribution of economic, social and political power. Without regulation it will always be that those who currently dominate it will take away the biggest pie.

Surveillance club

Eight Indian companies are among the 700 members of European Telecommunications Standards Institute. The group works with government and law enforcement agencies to integrate surveillance capabilities into communications infrastructure. It also hosts regular meetings on lawful interception

Wipro Technologies	Associate Service Providers
• HCL Technologies Limited	• Associate Consultancy for Co./Partnership
• Accenture Services Pvt Ltd	• Observers
• CEWiT	• Associate Research Body
• Saankhya Labs Pvt Ltd	• Associate Manufacturers
• Sasken Communication	• Associate Manufacturers
• Technologies
• SmartPlay Technologies	Associate Consultancy for Co./Partnership
• TEJAS NETWORKS LTD	• Associate Manufacturers

Other critics of the current system concede that bringing governments on board, especially authoritarian and statist powers which the digital world threatens, would give them perverse incentives to control it. But this threat should be met not by insisting that the Internet needs no governance or regulation, but by safeguards that ensure equitable access and benefits, Singh stresses.

While the jury is out on the question whether the new ITRs will make any material difference to the way, and if at all, the Net will come under added government oversight and intervention, developments elsewhere show that ITU is not the main threat to digital freedom.

The irony is that while cyber security is contentious in ITU, other international organisations, such as the UN Office on Drugs and Crime (UNODC) and a clutch of influential telecom industry associations, are pushing for surveillance programmes that ensure policing of a high order with sophisticated infrastructure to monitor online communications. A host of countries already have such systems in place and are pressuring countries like India to fall in line.

A UNODC report, titled ‘The use of the Internet for terrorist purposes’, has detailed how countries can and should use new technology for online surveillance—all in the name of anti-terrorism. The report discusses sensitive issues such as blocking websites and using spyware to bypass encryption and also urges countries to cooperate on an agreed framework for data retention.

At the same time, powerful industry bodies, such as ATIS (Alliance for Telecommunications Industry Solutions) and the European Telecommunications Standards Institute (ETSI), are reported to be working with government and law enforcement agencies to integrate surveillance capabilities into communications infrastructure, according to Future Tense, a project which looks at emerging technologies and how these affect society, policy and culture. It says India is under pressure from another industry organisation, the Telecommunications Industry Association (TIA), “to adopt global standards for surveillance”, calling on the country’s government to create a “centralized monitoring system” and “install state-of-the-art legal intercept equipment”.

TIA is a Washington-based trade group which brings together companies such as Nokia, Siemens Networks and Verizon Wireless, and is focused on issues related to electronic surveillance and is developing standards for intercepting VOIP and data retention alongside with ETSI and ATIS. At least seven Indian companies are members of ETSI, which is said to hold international meetings on data interception thrice a year.

Add to this chilling list the International Chamber of Commerce. It is reported to be seeking the establishment of surveillance centre hubs of several countries to help governments intercept communications and obtain data that is stored in cloud servers in foreign jurisdictions. Given this backdrop why are the US and its cohorts creating a ruckus on ITRs?

It would also mean that by focusing on ITRs and ITU as a major threat to Internet freedom civil society may be jousting at windmills.

Malice and freedom of speech

Two suits highlight the challenge of treading between the two

Among the many legal cases in India related to the use and misuse of the world wide web, two stand out for involving web giants and provoking sharp reaction. These are the cases registered in Delhi district courts in December 2011, objecting to chunks of content—portraying prominent political figures and religious places among others in a certain light—hosted on websites. One was filed by a Delhi journalist, Vinai Rai, requesting the court to press criminal charges against 21 web agencies, including Google, Facebook and Yahoo! India. The other, filed by a social activist, M A A Qasmi, was a civil suit requesting action against 22 web agencies. Both mentioned that the content on the websites was inflammatory, threat to national integrity, unacceptable, and created enmity, hatred and communal discord.

A year on, tangible impact has not been much. The number of accused in the civil case has come down to seven web agencies and in the criminal case the government is yet to issue summons to the companies concerned (see ‘The case so far’). However, these litigations are seen as landmarks in the recent history of the Internet and its interaction with societies and governments. The cases—especially off-the-record comments by the judiciary suggesting blanket ban and pre-screening of all content—provoked a debate on the freedom of expression and Indian cyber laws.

The case so far

JANUARY 13, 2012: Delhi High Court dismisses petition by Google and Facebook asking to be absolved of criminal charges filed in district court

JANUARY 20: High Court asks for reply from Delhi Police in response to plea by Yahoo! India challenging district court summons

FEBRUARY 16: Court refuses to stay proceedings against Facebook and Google but allows them to be represented by counsel

MARCH: Court dismisses criminal charges against Yahoo! India and Microsoft but says the charges can be revived if new evidence comes to light. Sets aside summons

Malicious content exists on the web and may even need to be taken down, but the laws used to remove malicious content can also be used to curb political speech, thus, infringing on the right to freedom of expression, says Prasanth Sugathan, senior advocate with Software Freedom Law Centre, an international network of lawyers.

Some like Pranesh Prakash of non-profit Centre for Internet and Society believe the IT Rules are at odds with the IT Act and give powers for censorship. He explains that the IT Act, 2000, provides for protection of intermediaries; web browsers, social networking sites and websites cannot be held responsible for what a third party publishes on their forums—“similar to the way in which we cannot sue a telephone agency or a post office for someone else making use of these platforms to harass or defame another person”. But the IT rules of 2011 watered down this protection.

Supreme Court advocate and cyber law expert Pavan Duggal explains how. The Act states once a complaint is made against certain content, the web agency hosting it must notify the person who put up the content, verify the content and judge whether it needs to be removed. But the rules state that once the web agency is notified it must remove the content within 36 hours or it could be prosecuted for not acting on the complaint. The rules have gone beyond the Act’s scope, especially vis-a-vis privacy and data protection, leaving no scope for hearing out the accused, he says.

The disjunct between the Act and the rules is being contested in various spheres, including Parliament. But there is a bright side too. Duggal believes the cases have brought pertinent issues, like free speech and privacy concerns, into the public domain. Ramanjeet Chima, policy adviser for Google, says freedom of expression is paramount for Google but the recognition of local sentiments is also being given equal weightage.

Senior advocate Sidharth Luthra, who was representing Facebook in the Delhi High Court, wonders whether the existing Indian laws are in tune with the ever-changing online world. Unwilling to comment on the case, he says the law is limited in its scope, while technology is not. Refusing to comment on the cases, the Google adviser emphasised the need to use the existing provisions of big web agencies to address grievances regarding content.

The Internet “is not the wild wild west”; all content, users and viewers can be traced, Duggal cautions. Since the Internet can impact political issues government is increasingly looking for ways to control it. “There is no ideal solution but it is evident that some monitoring and regulation are required, and in all parts of the world all regimes are in the process of addressing this,” he says.

For more details visit https://cis-india.org/news/down-to-earth-latha-jishnu-dinsa-sachan-moyna-january-15-2013-clash-of-the-cyber-worlds

Indian government websites: Gold mine for cybercriminals

praskrishna — 2014-01-31T06:18:12Z

If you are a cybercriminal trying to commit identity theft or digitally impersonate a citizen, you have help from the unlikeliest of sources — the Government of India.

The article by Srutijith KK was published in the Times of India on January 3, 2014. Sunil Abraham is quoted.

Various government agencies have put vast amount of personal information online, often with little barrier to access and with hardly any provision to prevent their misuse.

Combine a few of these databases and you have a gold mine of information on India's citizens, including some of its wealthiest residents, whose bank accounts are of special interest to thieves. "If I want to target someone, I now have access to so much detail that shouldn't have been in public. Hackers with good social engineering skills will be able to call a call centre and impersonate a person. And from a stalking perspective, it has implications for not just celebrities, but anybody with a jilted lover, a political rival, and so on," said Binoo Thomas, a digital security expert at McAfee Labs.

For example, if somebody wants to get personal details of some of India's richest people, he would simply need to click on the LPG transparency links on Indane, Bharat Gas and HP portals and narrow the search to the South Mumbai region. Many gas agencies have their area of service in their names, such as Bandra Gas Agency or Colaba Gas Agency.

Select one of these gas agencies and you have a list of all the customers, with their consumer number, address and, in many cases, a mobile number. This database is also searchable by name. You can quickly search for any famous surname and be rewarded with a consumer number, residence address and in many cases, a mobile phone number.

A cursory search gave ET the mobile number and full residential address of the well-known matriarch of a famous business family. A search under the Bandra Gas Agency promptly showed the full residential address of a famous Bollywood actress. Your next stop could be the website of the Election Commission of India, which has asked all state Election Commissions to place the entire voter rolls online.

The voter roll also has the full residential address, age and gender of a person. A quick search on the MTNL Mumbai directory online will reveal the landline number for a person. With a little bit of luck and time to troll social networks such as Facebook and LinkedIn, a skilled cybercriminal can discern your date of birth and professional details.

Date of birth, phone number, alternate number and billing address are the details many telephone companies and banks use to determine whether a person calling its customer helpline is indeed who she says she is. This kind of information also allows a hacker to design effective phishing attacks, which lures a person into revealing information such as passwords or credit card numbers. An email that lists accurate personal information appears authoritative and has greater likelihood of being trusted by a recipient.

Thread of identity theft
This kind of crime has been on the rise. In December, US Department of Justice estimated that $24.7 billion were lost to identity theft in 2012, as 11.5 million Americans found themselves defrauded. Similar data is unavailable for India. "Privacy has become a matter of personal security. As the state has been pushed to function in a more transparent manner, authorities are making the details about us transparent instead! The data protection principles are well evolved all over the world.

All of these data controllers are in violation of every good principle. We don't need to wait for a law to observe these principles," said Usha Ramanathan, an independent law researcher specialising in privacy, surveillance and related issues. The ministry of rural development, which administers the Mahatma Gandhi National Rural Employment Guarantee Scheme, goes a step further, and places online the bank account numbers and IFSC codes for all its beneficiaries.

RTI requirements
The justification for publishing this kind of data online is typically section 4 of the RTI Act, which requires all government departments to proactively publish details of subsidy programmes, including details of the subsidy availed. However, section 8(1) of the same Act says that personal information that invades privacy of an individual need not be published unless an appellate authority decides that a larger public interest is served by it. It's unclear what public interest is served by the publication of full residential address, mobile number or bank accounts by various agencies.

In some cases, like the MNREGS and the voter rolls, sector-specific laws also apply. "Going by the provisions of the MGNREGA, which mandates proactive disclosures, we keep all processes in the public view... We have not perceived any threat in displaying bank account numbers of wage seekers, most of which have been opened for receiving wages," said R Subrahmanyam, the joint secretary at the ministry of rural development who heads the MNREGA division.

The petroleum ministry did not respond to an email requesting comment. In an emailed response, Chief Election Commissioner VS Sampath referred to Rule 33 of the Registration of Elector Rules, 1960, to establish that the voter roll was a public document. "Thus it can be seen that Electoral Roll is a public document which is available to the public for inspection. The Commission has, therefore, given instructions to put this public document on the website to facilitate inspection by public. When law stipulates that it is a public document, the public has a right to access it," he said. But no law states that anonymising techniques or relevant barriers to accessing private information should not be deployed.

Legal vacuum
India does not have an omnibus privacy law that overrides sector specific legislation. According to Sunil Abraham of the Bangalore-based thinktank Centre for Internet and Society, there are some 50 different laws that have a privacy element in India. The Department of Personnel and Training has been working on a draft privacy law for three years now.

"We need to think of this problem in the light of the privacy law that is being drafted. Traditionally and culturally our view of privacy has been different. A more explicit understanding of the privacy needs of the citizens is certainly welcome. Section 43A of the IT Act has provisions for data protection," said J Satyanarayana, secretary at the department of information technology.

But 43A applies only to corporations, and government agencies are not bound by it. Apart from the central government agencies, several state government agencies and schemes also collect and store personal information. But no standard protocol binds them in deciding who shall have access and who shall not.

For more details visit https://cis-india.org/news/the-times-of-india-january-3-2014-sruthijit-kk-indian-govt-websites-gold-mine-for-cybercriminals

State Surveillance and Human Rights Camp: Summary

elonnai — 2013-07-12T16:02:51Z

On December 13 and 14, 2012, the Electronic Frontier Foundation organized the Surveillance and Human Rights Camp held in Rio de Janeiro, Brazil. The meeting examined trends in surveillance, reasons for state surveillance, surveillance tactics that governments are using, and safeguards that can be put in place to protect against unlawful or disproportionate surveillance.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

The camp also examined different types of data, understanding tools that governments can use to access data, and looked at examples of surveillance measures in different contexts. The camp was divided into plenary sessions and individual participatory workshops, and brought together activists, researchers, and experts from all over the world. Experiences from multiple countries were shared, with an emphasis on the experience of surveillance in Latin America. Among other things, this blog summarizes my understanding of the discussions that took place.

The camp also served as a platform for collaboration on the Draft International Principles on Communications Surveillance and Human Rights. These principles seek to set an international standard for safeguards to the surveillance of communications that recognizes and upholds human rights, and provide guidance for legislative changes related to communications and communications meta data to ensure that the use of modern communications technology does not violate individual privacy. The principles were first drafted in October 2012 in Brussels, and are still in draft form. A global consultation is taking place to bring in feedback and perspective on the principles.

The draft principles were institutionalized for a number of reasons including:

Currently there are no principles or international best standards specifically prescribing necessary and important safeguards to surveillance of communication data.
Practices around surveillance of communications by governments and the technology used by governments is rapidly changing, while legislation and safeguards protecting individual communications from illegal or disproportionate surveillance are staying the same, and thus rapidly becoming outdated.
New legislation that allows surveillance through access to communication data that is being proposed often attempts to give sweeping powers to law enforcement for access to data across multiple jurisdictions, and mandates extensive cooperation and assistance from the private sector including extensive data retention policies, back doors, and built in monitoring capabilities.
Surveillance of communications is often carried out with few safeguards in place including limited transparency to the public, and limited forms of appeal or redress for the individual.

This has placed the individual in a vulnerable position as opaque surveillance of communications is carried out by governments across the world — the abuse of which is unclear. The principles try to address these challenges by establishing standards and safeguards which should be upheld and incorporated into legislation and practices allowing the surveillance of communications.

A summary of the draft principles is below. As the principles are still a working draft, the most up to date version of the principles can be accessed here .

Summary of the Draft International Principles on Communications Surveillance and Human Rights

Legality: Any surveillance of communications undertaken by the government must be codified by statute.

Legitimate Purpose: Laws should only allow surveillance of communications for legitimate purposes.

Necessity: Laws allowing surveillance of communications should limit such measures to what is demonstrably necessary.

Adequacy: Surveillance of communications should only be undertaken to the extent that is adequate for fulfilling legitimate and necessary purposes.

Competent Authority: Any authorization for surveillance of communications must be made by a competent and independent authority.

Proportionality: All measures of surveillance of communications must be specific and proportionate to what is necessary to achieve a specific purpose.

Due process: Governments undertaking surveillance of communications must respect and guarantee an individual’s human rights. Any interference with an individual's human rights must be authorized by a law in force.

User notification: Governments undertaking surveillance of communications must allow service providers to notify individuals of any legal access that takes place related to their personal information.

Transparency about use of government surveillance: The governments ability to survey communications and the process for surveillance should be transparent to the public.

Oversight: Governments must establish an independent oversight mechanism to ensure transparency and accountability of lawful surveillance measures carried out on communications.

Integrity of communications and systems: In order to enable service providers to secure communications securely, governments cannot require service providers to build in surveillance or monitoring capabilities.

Safeguards for international cooperation: When governments work with other governments across borders to fight crime, the higher/highest standard should apply.

Safeguards against illegitimate access: Governments should provide sufficient penalties to dissuade against unwarranted surveillance of communications.

Cost of surveillance: The financial cost of the surveillance on communications should be borne by the government undertaking the surveillance.

Types of Data

The conversations during the camp reviewed a number of practices related to surveillance of communications, and emphasized the importance of establishing the draft principles. Setting the background to various surveillance measures that can be carried out by the government, the different categories of communication data that can be easily accessed by governments and law enforcement were discussed. For example, law enforcement frequently accesses information such as IP address, account name and number, telephone number, transactional records, and location data. This data can be understood as 'non-content' data or communication data, and in many jurisdictions can easily be accessed by law enforcement/governments, as the requirements for accessing communication data are lower than the requirements for accessing the actual content of communications. For example, in the United States a court order is not needed to access communication data whereas a judicial order is needed to access the content of communications.[1]

Similarly, in the UK law enforcement can access communication data with authorization from a senior police officer.[2]

It was discussed how it is concerning that communication data can be accessed easily, as it provides a plethora of facts about an individual. Given the sensitivity of communication data and the ability for personal information to be derived from the data, the ease that law enforcement is accessing the data, and the unawareness of the individual about the access- places the privacy of users at risk.

Ways of Accessing Data

Ways in which governments and law enforcement access information and associated challenges was discussed, both in terms of the legislation that allows for access and the technology that is used for access.

Access and Technology

In this discussion it was pointed out that in traditional forms of accessing data governments are no longer effective for a number of reasons. For example, in many cases communications and transactions, etc., that take place on the internet are encrypted. The ubiquitous use of encryption means more protection for the individual in everyday use of the internet, but serves as an obstacle to law enforcement and governments, as the content of a message is even more difficult to access. Thus, law enforcement and governments are using technologies like commercial surveillance software, targeted hacking, and malware to survey individuals. The software is sold off the shelf at trade shows by commercial software companies to law enforcement and governments. Though the software has been developed to be a useful tool for governments, it was found that in some cases it has been abused by authoritarian regimes. For example in 2012, it was found that FinSpy, a computer espionage software made by the British company Gamma Group was being used to target political dissidents by the Government of Bahrain. FinSpy has the ability to capture computer screen shots, record Skype chats, turn on computer cameras and microphones, and log keystrokes.[3]

In order to intercept communications or block access to sites, governments and ISPs also rely on the use of deep packet inspection (DPI).[4] Deep packet inspection is a tool traditionally used by internet service providers for effective management of the network. DPI allows for ISP's to monitor and filter data flowing through the network by inspecting the header of a packet of data and the content of the packet.[5] With this information it is possible to read the actual content of packets, and identify the program or service being used.[6]

DPI can be used for the detection of viruses, spam, unfair use of bandwidth, and copyright enforcement. At the same time, DPI can allow for the possibility of unauthorized data mining and real time interception to take place, and can be used to block internet traffic whether it is encrypted or not.[7]

Governmental requirements for deep packet inspection can in some cases be found in legislation and policy. In other cases it is not clear if it is mandatory for ISP's to provide DPI capabilities, thus the use of DPI by governments is often an opaque area. Recently, the ITU has sought to define an international standard for deep packet inspection known as the "Y.2770" standard. The standard proposes a technical interoperable protocol for deep packet inspection systems, which would be applicable to "application identification, flow identification, and inspected traffic types".[8]

Access and Legislation

The discussions also examined similarities across legislation and policy which allows governments legal access to data. It was pointed out that legislation providing access to different types of data is increasingly becoming outdated, and is unable to distinguish between communications data and personal data. Thus, relevant legislation is often based on inaccurate and outdated assumptions about what information would be useful and what types of safeguards are necessary. For example, it was discussed how US surveillance law has traditionally established safeguards based on assumptions like: surveillance of data on a personal computer is more invasive than access to data stored in the cloud, real-time surveillance is more invasive than access to stored data, surveillance of newer communications is more invasive than surveillance of older communications, etc. These assumptions are no longer valid as information stored in the cloud, surveillance of older communications, and surveillance of stored data can be more invasive than access to newer communications, etc. It was also discussed that increasingly relevant legislation also contains provisions that have generic access standards, unclear authorization processes, and provide broad circumstances in which communication data and content can be accessed. The discussion also examined how governments are beginning to put in place mandatory and extensive data retention plans as tools of surveillance. These data retention mandates highlight the changing role of internet intermediaries including the fact that they are no longer independent from political pressure, and no longer have the ability to easily protect clients from unauthorized surveillance.

1]. EFF. Mandatory Data Retention: United States. Available at: https://www.eff.org/issues/mandatory-data-retention/us
[2].Espiner, T. Communications Data Bill: Need to Know. ZDNet. June 18th 2012. http://www.zdnet.com/communications-data-bill-need-to-know-3040155406/
[3]. Perlroth, M. Software Meant to Fight Crime is Used to Spy on Dissidents. The New York Times. August 30th 2012. Available at: http://www.nytimes.com/2012/08/31/technology/finspy-software-is-tracking-political-dissidents.html?_r=0
[4]. Wawro, A. What is Deep Packet Inspection?. PCWorld. February 1st 2012. Available at: http://www.pcworld.com/article/249137/what_is_deep_packet_inspection_.html
[5]. Geere, D. How deep packet inspection works. Wired. April 27th 2012. Available at: http://www.wired.co.uk/news/archive/2012-04/27/how-deep-packet-inspection-works
[6]. Kassner. M. Deep Packet Inspection: What You Need to Know. Tech Republic. July 27th 2008. Available at: http://www.techrepublic.com/blog/networking/deep-packet-inspection-what-you-need-to-know/609
[7]. Anonyproz. How to Bypass Deep Packet Inspection Devices or ISPs Blocking Open VPN Traffic. Available at: http://www.anonyproz.com/supportsuite/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=138
[8].Chirgwin. R. Revealed: ITU's deep packet snooping standard leaks online: Boring tech doc or Internet eating monster. The Register. December 6th 2012. Available at: http://www.theregister.co.uk/2012/12/06/dpi_standard_leaked/

For more details visit https://cis-india.org/internet-governance/blog/state-surveillance-human-rights-camp-summary

December 2012 Bulletin

praskrishna — 2013-01-16T05:15:27Z

We at the Centre for Internet & Society wish you all a great year ahead. In the December 2012 newsletter, we bring you the draft early chapters of our “National Resource Kit” project for persons with disabilities (covering four southern states); and accessibility-related comments on the Twelfth Five Year Plan; the draft research on pervasive technologies and access to knowledge that we presented at the Global Congress on Intellectual Property and the Public Interest in Brazil; our comments on the privacy implications of including RFID tags in the proposed Rule 138A of the Motor Vehicle Rules, a report on the open access lectures delivered by Prof. Leslie Chan during his tour of India, reports of Wikipedia-related workshops conducted across three cities, and news and media coverage.

Jobs

CIS is seeking applications for the posts of Programme Officer (Access to Knowledge — Indic Language Initiatives), Developer (NVDA Project), Research Manager (Digital Humanities project), and Policy Associate (Access to Knowledge and Openness) and Policy Associate (Internet Governance). To apply send your resume to sunil@cis-india.org and pranesh@cis-india.org.

Accessibility

India has an estimated 70 million disabled persons who are unable to read printed materials due to some form of physical, sensory, cognitive or other disability. The disabled need accessible content, devices and interfaces facilitated via copyright law and electronic accessibility policies:

National Resource Kit for Persons with Disabilities
CIS received a grant of INR 54,83,200 from the Hans Foundation for Creating a National Kit of Laws, Policies and Programs for Persons with Disabilities on August 16, 2012. Anandhi Vishwanathan from CIS and Shruti Ramakrishnan from the Centre for Law and Policy Research are the researchers presently working for this project. Early draft chapters have been published. Feedback and comments are invited from the readers:

The Tamil Nadu Chapter (by Shruti Ramakrishnan, December 30, 2012).
The Karnataka Chapter (by Shruti Ramakrishnan, December 30, 2012).
The Kerala Chapter (by Anandi Vishwanathan, December 31, 2012).
The Andhra Chapter (by Anandi Vishwanathan, December 31, 2012).

Access to Knowledge

The Access to Knowledge programme addresses the harms caused to consumers, developing countries, human rights, and creativity/innovation from excessive regimes of copyright, patents, and other such monopolistic rights over knowledge:

Event Organised

2012 Global Congress on Intellectual Property and the Public Interest (FGV Law School, Rio de Janeiro, December 15 – 17, 2012). The Second Global Congress on Intellectual Property and the Public Interest was organized by Fundação Getulio Vargas, American University Washington College of Law, Columbia University, Open AIR, and ICSTD. Sunil Abraham and Pranesh Prakash participated in the event. Pranesh was one of the moderators in the Roundtable Discussion on Priority Policy Forums, Research and Analysis Needs and Commitments.

Research for the Global Congress

For the 2012 Global Congress on Intellectual Property and Public Interest event, CIS conducted research. Jadine Lannon (based on research by Annapoornima and Rohan George and with help from Yogesh Kumar did research on documentation of phones and their patent, Amba Kak did research on copyright and mobile licensing, Vikrant Vasudev conducted research on patent pools and valuation methods, Hans Varghese Mathews did research on mathematical models of patent pools and Nehaa Chaudhuri did research on analysis of 3Gand 4G patent pools.

Openness

The 'Openness' programme critically examines alternatives to existing regimes of intellectual property rights, and transparency and accountability. Under this programme, we study Open Government Data, Open Access to Scholarly Literature, Open Access to Law, Open Content, Open Standards, and Free/Libre/Open Source Software:

Event Report

Random Hacks of Kindness Global December 2012 — A Report (by Yogesh Londhe, December 10, 2012). Event was hosted at CIS office in Bangalore. CIS, Amnesty International India Office, Greenpeace India Office, HasGeek, Yahoo Research & Development and SimpleTechLife sponsored the event held in CIS office in Bangalore on December 1 and 2, 2012.

Events Participated

‘Information & Networks’ Partners’ Meeting (organised by International Development Research Centre, Canada in Rio de Janeiro, December 11 – 12, 2013). Sunil Abraham spoke in session on Open Business and IP.

Open Access Champion Leslie Chan Delivers Five Talks in India (Department of Library & Information Science, University of Kerala, National Institute of Interdisciplinary Science & Technology, CSIR, Indian Institute of Information Technology and Management – Kerala, Manasa Media Centre, Mysore University Library and SDM Institute for Management Development, December 17 – 20, 2012).

Access to Knowledge (Wikipedia Project)
Beginning from September 1, 2012, Wikimedia Foundation has awarded CIS a two-year grant of INR 26,000,000 to support and develop free knowledge in India. The A2K team consists of three members based in Delhi: Nitika Tandon, Subhashish Panigrahi and Noopur Raval.

Events Organised

Wikipedia Workshop at NMAIT (NMAIT, Karkala Taluk, December 21, 2012, co-organised in association with Metawings Institute).
Wikipedia Workshop at SRM (SRM University, Chennai, December 17, 2012, co-organised in association with Metawings Institute).
Marathi Wiki Workshop at TISS (Tata Institute of Social Sciences, Mumbai, December 8, 2012).

Blog Entries

Non Unicode ISCII Text Can be Converted to Unicode Now! (by Subhashish Panigrahi, December 19, 2012).
New Avenues: Media Wiki Groups (by Noopur Raval, December 28, 2012).

News / Media Coverage

A Report of Odia Wikipedia Workshop at IIT, Kharagpur (Samaja, Odia daily, Kolkata edition, December 3, 2012).

Videos

Wikipedia: State of Tech — A Talk by Erik Moeller (CIS, Bangalore, November 12, 2012). Erik Moeller, Vice President of Engineering and Product Development at the Wikimedia Foundation gave a talk.
Art in the Open Source Age — A Talk by Gene Kogan (CIS, Bangalore, November 30, 2012). Gene Kogan, a programmer and digital artist gave a talk.

HasGeek
HasGeek creates discussion spaces for geeks and has organised conferences like the Fifth Elephant, Droidcon India 2011, Android Camp, etc. HasGeek is supported by CIS and works out from CIS office in Bengaluru.

Upcoming Event

Meta Refresh (MLR Convention Centre, JP Nagar, Bangalore, February 22 and 23, 2013).

Internet Governance

The Internet Governance programme conducts research around the various social, technical, and political underpinnings of global and national Internet governance, and includes online privacy, freedom of speech, and Internet governance mechanisms and processes:

Analysis of Central Motor Vehicle Rules

Comments on the Proposed Rule 138A of the Central Motor Vehicle Rules, 1989 Concerning Radio Frequency Identification Tags (by Bhairav Acharya, December 3, 2012).

Columns/Op-eds

Online Censorship: How Government should Approach Regulation of Speech (by Sunil Abraham, Economic Times, December 5, 2012).
The Worldwide Web of Concerns (by Pranesh Prakash, Deccan Chronicle, and Asian Age, December 10, 2012).
The Trouble with Hurried Solutions (by Chinmayi Arun, The Hindu, December 15, 2012).
Tomorrow, Today (Nishant Shah, The Indian Express, December 29, 2012).

Event Organised

Meeting of the Network of Internet & Society Centers (organised by Berkman Center for Internet & Society, Alexander von Humboldt Institute for Internet & Society, Center for Technology & Society, KEIO University SFC, the MIT Media Lab, the MIT Center for Civic Media, NEXA Center for Internet & Society and CIS, Cambridge, Massachusetts, December 6 – 8, 2012).

Upcoming Events

DML Conference 2013 (Sheraton Chicago Hotel & Towers - Chicago, Illinois, March 14 – 16, 2012).

Events Participated

Second International e-Governance Conference (organized by the National Committee for Corporate Governance Electronic Iraq and the United Nations Development Programme, Rashid Hotel, Baghdad, December 2, 2012). Sunil Abraham presented on "Review of the Legal Environment in Iraq for Effective e-Governance".
Seminar/Artist Talks : "Outresourcing" with the Transmediale Collective (organised by the Berlin - Transmediale new media collective, December 3, 2012, Bangalore). Sharath Chandra Ram presented a White Paper.
World Conference on International Telecommunications (organised by ITU, December 3 – 14). Chinmayi Arun participated as a civil society representative.
Internet Driven Developments: Structural Changes and Tipping Points (organised by Berkman Center for Internet & Society, Cambridge, Massachusetts at Harvard University, December 6 – 8, 2012).
Annual Conference on Human Rights 2012 (organised by Estonian Institute of Human Rights and Google). Malavika Jayaram participated as a panelist.
State Surveillance and Human Rights Camp (Sheraton Rio Hotel & Resort, Rio, Brazil, December 13 and 14, 2012). Elonnai Hickok made a presentation on MLATS and International Cooperation for Law Enforcement Purposes.
Economic Impact of Internet in India (organised by Aspen Institute India, December 21, 2012). Chinmayi Arun attended this event.

Blog Entries

Transcripts from WCIT-12 (by Snehashish Ghosh, December 3, 2012).
Section 66-A, Information Technology Act, 2000: Cases (by Snehashish Ghosh, December 3, 2012).
Internet-driven Developments — Structural Changes and Tipping Points (by Elonnai Hickok, December 28, 2012).
State Surveillance and Human Rights Camp: Summary (by Elonnai Hickok, December 31, 2012).
Mining the Web Collective (by Sharath Chandra Ram, December 31, 2012).

Video

Technology Culture and Events in South East Asia — A Presentation by Preetam Rai (CIS, Bangalore, December 18, 2012). Preetam Rai gave a lecture.

Media Coverage

66A ‘cut & paste job’ (by GS Mudur, Telegraph, December 3, 2012). Pranesh Prakash and Snehashish Ghosh are quoted.
Ayodhya trending on Twitter sparks censorship concerns (by Surabhi Agarwal, December 6, 2012). Sunil Abraham is quoted.
Debate on Section 66A rages on (Vasudha Venugopal, The Hindu, December 10, 2012). Pranesh Prakash is quoted.
Hacktivists deface BSNL website (by Kim Arora, The Times of India, December 13, 2012).
Govt likely to issue guidelines to clarify IT rules soon (by Surabhi Agarwal, LiveMint, December 16, 2012).
The freedom of expression debate: The State must mend fences with The Web (by Rahul Jayaram, India Today, December 18, 2012).
‘The IT Act is fine, but its interpretation is not’ (DNA, December 19, 2012).
No fear of losing internet freedom till Jan 15: Experts (by Kim Arora, The Times of India, December 22, 2012). Pranesh Prakash is quoted.
UN agrees to review agencies governing Internet (by Surabhi Agarwal, LiveMint, December 27, 2012). Pranesh Prakash is quoted.
Delhi gang rape: What Facebook, Twitter expose about govt (The Times of India, December 31, 2012). Pranesh Prakash is quoted.
A note of dissent on cash transfers and UID (The Hindu, December 31, 2012). Sunil Abraham was one of the signatories.
The year social media came of age in India (by Javed Anwer and Rukmini Shrinivasan, The Times of India, December 31, 2012). Sunil Abraham is quoted.

Telecom

Newspaper Column

Inflation Control Through Structural Reforms (by Shyam Ponappa, Business Standard, December 11, 2012).

Building Knowledge and Capacity around Telecommunication Policy in India
Ford Foundation has given a grant of USD 2,00,000 to CIS to build expertise in the area of telecommunications in India. The knowledge repository deals with these modules: Introduction to Telecommunications, Telecommunications Infrastructure and Technologies, Government of India Regulatory Framework for Telecom, Telecommunication and the Market, Universal Access and Accessibility, The International Telecommunications Union and other international bodies, Broadcasting, Emerging Topics and Way Forward. Dr. Surendra Pal, Satya N Gupta, Paranjoy Guha Thakurta, Payal Malik, Dr. Rakesh Mehrotra and Dr. Nadeem Akhtar are the expert reviewers.

The following are the new outputs:

Licensing Framework for Telecom: A Historical Overview (by Snehashish Ghosh, December 31, 2012).
Market Structure in the Telecom Industry (by Snehashish Ghosh, December 31, 2012).

Digital Natives

Digital Natives with a Cause? examines the changing landscape of social change and political participation in light of the role that young people play through digital and Internet technologies, in emerging information societies. Consolidating knowledge from Asia, Africa and Latin America, it builds a global network of knowledge partners who critically engage with discourse on youth, technology and social change, and look at alternative practices and ideas in the Global South:

Book Review

Not Just Fancy Television (by Nishant Shah, Indian Express, December 8, 2012): Nishant Shah reviews Ben Hammersley's book "64 Things You Need to Know for Then: How to Face the Digital Future Without Fear ", published by Hodder & Stoughton.

Media Coverage

What does it mean to be a digital native? (by Oliver Joy, CNN, December 8, 2012).

About CIS

CIS was registered as a society in Bangalore in 2008. As an independent, non-profit research organisation, it runs different policy research programmes such as Accessibility, Access to Knowledge, Openness, Internet Governance, and Telecom. The policy research programmes have resulted in outputs such as the e-Accessibility Policy Handbook for Persons with Disabilities with ITU and G3ict, and Digital Alternatives with a Cause?, Thinkathon Position Papers and the Digital Natives with a Cause? Report with Hivos, etc. We conducted policy research for the Ministry of Communications & Information Technology, Ministry of Human Resource Development, Ministry of Personnel, Public Grievances and Pensions, Ministry of Social Justice and Empowerment, etc., on WIPO Treaties, Copyright Bill, NIA Bill, etc. CIS is accredited as an observer at WIPO, and has given policy briefs to delegations from various countries, our Programme Manager, Nirmita Narasimhan won the National Award for Empowerment of Persons with Disabilities from the Government of India and also received the NIVH Excellence Award.

Follow us elsewhere

Get short, timely messages from us on Twitter
Join the CIS group on Facebook
Visit us at http://cis-india.org

Support Us
Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

Request for Collaboration
We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org

For more details visit https://cis-india.org/about/newsletters/december-2012-bulletin

Bangalore CryptoParty!

praskrishna — 2013-01-06T13:47:02Z

Care about your privacy and online security? Want to fight against pervasive governmental surveillance and corporate invasions of privacy? The Centre for Internet & Society invites you to the CryptoParty tonight (Friday) at 6.00 p.m. Make sure to bring friends (and your laptop and smart phones)!

We will discuss, install and use digital security and privacy tools and practices.

Hosts

Thejesh GN
Kaustubh Srikanth
Pranesh Prakash

Details

We Will Provide

Food and drinks: Snacks - Samosas + Kachoris + Biscuits + Tea + Soft Drinks
Software: Security-in-a-box toolkits + Ubuntu Live USBs + software + internet connection
Expertise: Kaustubh Srikanth + Thejesh GN + Pranesh Prakash

You need to bring

Your own laptop (highly recommended)
Desire to learn about secure and private communications and storage (mandatory! :D)
Expertise, to share with others (if possible)

Intro

(20 mins)

Privacy vs. convenience
Importance of Free and Open Source Software and Open Standards
Basics of Passwords

Choosing secure passwords

Dropbox Register Page

Storing comes later
2FA - Google Authenticator

Securing online Identities

Show and tell

Browsing (45 mins)
(5 mins)

Firefox (multiple platforms) / offline

(15 mins):

AdBlockPlus
RequestPolicy
HTTPSEverywhere
Ghostery / DoNotTrackMe
Noscript

(5 mins)

Anti-Google Surveillance

DuckDuckGo
GoogleSharing

(10 mins)

Password management

Keepass + Password Safe
Cloud Services

LastPass
Keepass + Dropbox

Email + IM (1 hour)
(10 mins)

Thunderbird (multiple platforms) / available offline

Enigmail

(30 mins)

GPG4Win + GPGTools / offline
Seahorse (on Ubuntu Fresh Install)
Enigmail + Key Management (Kaustubh)
Key-signing party!

(15 mins)

Instant Messaging with OTR

Pidgin + Adium / offline
OTR / offline

Tell (27 mins)
(5 mins)

Tor (Pranesh)

(5 mins)

VPNs and SSH tunnel

RiseUp (Kaustubh)
SSH tunneling using AWS / RackSpace (Thej)

(12 mins)

Mobiles

APG + K9 (Pranesh)
WhisperCore (Kaustubh mentions)
Text Secure (Thej)
Gibbberbot (Pranesh)

(3 mins)

Full-disk encryption

Ubuntu (Pranesh demoes quickly)
BitLocker
TrueCrypt

(2 mins)

Virtual machines

VirtualBox (Kaustubh demoes quickly)

For more details visit https://cis-india.org/internet-governance/events/bangalore-crypto-party

State Surveillance and Human Rights Camp

praskrishna — 2012-12-21T07:19:55Z

A two-day conference was held in Rio on December 13 and 14 at Sheraton Rio Hotel & Resort. Elonnai Hickok participated in the event and made a presentation on MLATS and International Cooperation for Law Enforcement Purposes.

Click here to see the Wiki page of the event. See Elonnai's presentation here [PDF, 313 Kb].

DAY 1: Mapping Out Government Surveillance Problems

8:30 - 9:00 Registration

9:00 - 9:10 Welcome/Introduction

Katitza Rodriguez, Electronic Frontier Foundation [Peru, ES]

Simultaneous interpretation from Spanish to English and Portuguese.

Plenary: Kinds of Data, Ways of Getting It

09:10 - 10:30

Chair: Enrique Chaparro, Fundacion Via Libre [Argentina, ES]

Metadata, online identifiers, and technologies of surveillance

Seth Schoen, Electronic Frontier Foundation [United States, EN]

Simultaneous interpretation from English to Spanish and Portuguese.

Surveillance is getting easier and cheaper for many reasons, not least because people are using electronic communications more than ever before, and there are so many facts out there to be noticed about the ways devices are talking to each other.
I will talk about the kinds of things that refer to people and their devices, with a particular focus on telecommunications metadata and transactional records that are described as "non-content" and may receive lower levels of legal protection. I'll discuss who is in a position to record this information, some of the things that can be learned from it, and why traffic analysis is powerful and difficult to defend against.
I'll try to explain concepts like MAC address, IP address, account name and number, telephone number, IMEI, IMSI, transient identifiers, log files, transactional records, locational privacy, and associational privacy.

How law enforcement agencies use cell phone location tracking technology in criminal cases

Hanni Fakhoury, Electronic Frontier Foundation [United States, EN]

With the rise of smartphones, the U.S. government's use of cell site location data to pinpoint our exact location has grown more widespread (and precise) over time. For years, U.S. courts permitted the government to get this location data without a search warrant under a tortured interpretation of federal electronic privacy statutes and an even more alarming constitutional argument: that we don't have any privacy in data we turn over to third parties, like cell phone companies. This talk will review what location data is and why the police want it, how they can get it under U.S. law, and legal and practical steps that need to be taken to safeguard our privacy.

Simultaneous interpretation from English to Spanish and Portuguese.

Deep packet inspection: What it is, how it works, and how it is used for surveillance

Chris Parsons, Doctoral Candidate, University of Victoria [Canada, EN]

Simultaneous interpretation from English to Spanish and Portuguese.

We are in the midst of a standardization revolution, a mass translation of discordant analogue signal types to interoperable digital transmission standards. All this digitized consumer traffic passes through the gateways of Internet Service Providers’ (ISPs). ISPs function as communicative bottlenecks, ideally positioning them to monitor, mine, and modify data using the Deep Packet Inspection (DPI) appliances situated within their networks. Some uses of these appliances could reshape the conditions of communication in democracies, blocking or modifying data transmissions in near real time.
In this presentation I discuss the technical capabilities of deep packet inspection and its significance for increased private and public surveillance capabilities. Drawing from case material from academic and advocacy work, I identify how the technology has been used for ISP-level surveillance, for copyright purposes, for national security purposes, and for advertising purposes. Moreover, I address how advocates in differing nations have opposed various uses of the technology, why they have done so, and conditions that facilitate domestic resistance to deep packet inspections' uses.

Advances in online spying: Commercial surveillance software, targeted hacking and beyond

Morgan Marquis-Boire, Google [New Zealand, EN]

Eva Galperin, Electronic Frontier Foundation [United States, EN]

Simultaneous interpretation from English to Spanish and Portuguese.

Against an increasingly security-aware online community, the traditional tools of blocking, filtering, and wiretapping have become less effective. Nervous regimes turn to the largely unregulated $5 billion a year industry in Internet surveillance tools.
Once the realm of the black market and intelligence agencies, the latest computer spyware is now sold at trade shows for dictator pocket change.
This talk will detail the cat and mouse game between authoritarian regimes and dissidents, as well as ongoing efforts to map out the relationship between surveillance software companies and governments.

10:30 - 10:40 Coffee Break

Workshops: Round I

10:40 - 11:50

Format: Interactive sessions with active participat0ion from the audience.

Workshop 1: Mobile privacy threats

This workshop addresses the ways governments are tracking mobile devices’ location and use, and why it’s been harder to protect communications privacy on mobile devices than on PCs.

Facilitators:
Hanni Fakhoury, Electronic Frontier Foundation [United States, EN]
Seth Schoen, Electronic Frontier Foundation [United States, EN/PT]

Rapporteur:
Enrique Chaparro, Fundación Vía Libre [Argentina, EN/ES]

Workshop 2: Training activists about state surveillance capabilities

In this workshop we’ll talk about some of new surveillance technologies that states are deploying, and the tactics that are used to legitimize the surveillance.
Going beyond just ‘what is used and how’, we speak to some political tactics that advocates have used to resist these tools on practical and principled levels, some of the conditions that contribute to successes, and ways of mobilizing effective strategies against expansions of state surveillance.

Facilitator:
Chris Parsons, University of Victoria [Canada, EN]

Rapporteur:
Katarzyna Szymielewicz, European Digital Rights [Poland, EN]

Workshop 3: Tactics for opposing state sponsored malware and surveillance

This workshop will review the different tactics government and non-government actors have employed to stop authoritarian regimes from making use of surveillance technology built in the United States and Europe to spy on their citizens.
We will discuss corporate responsibility, export controls, as well as the role of security research and user education campaigns. The workshop will end with a brainstorm of at least one concrete action each workshop attendee can take.

Facilitators:

Eva Galperin, Electronic Frontier Foundation [United States, EN]
Morgan Marquis-Boire [New Zealand, EN]

Rapporteur:
Silvio Rhatto, Sarava Group [Brazil, PT]

Reporting Back Session

11:50 - 12:40 Chair:

Katitza Rodriguez, Electronic Frontier Foundation [Peru, ES]

Rapporteurs:
Enrique Chaparro, Fundación Vía Libre [Argentina, EN/ES]
Katarzyna Szymielewicz, European Digital Rights [Poland, EN]

Report: Training Activists about State Surveillance Capabilities

Silvio Rhatto, Sarava Group [Brazil, PT]

Format: Each rapporteur has 10 minutes to report back about the results of their workshop discussion and 20 minutes to answer questions.

12:40 - 2:00 Lunch

Legal and Policy Plenary: Government Access to People’s Data

2:00 - 3:20

Chair: Pedro Paranaguá, Advisor for Internet Policy to the Workers’ Party in the Brazilian Chamber of Deputies [Brazil, PT/EN]

Different data, different rules? How the law has assigned varying levels of privacy protection to different categories of personal information

Kevin Bankston, Center for Democracy and Technology [United States, EN]

Using the example of US law, this presentation will map the different legal protections that have traditionally been applied to different types surveillance of different types of data, and consider how to redraw that map in light of new technologies.
Speaking generally, US surveillance law has been written based on the assumptions that: (1) surveillance of data on your computer is more invasive than access to your data in the cloud;(2) real-time surveillance is more invasive than access to stored data; (3) surveillance of the content of communications is more invasive than surveillance of non-content meta-data; (4) surveillance of newer communications is more invasive than surveillance of older communications.
These assumptions have long defined which types of surveillance are most strongly regulated against and which types of data are most strongly protected by law. Changing technology has made these assumptions about invasiveness and privacy increasingly obsolete, assuming that they ever made sense at all. But if these distinctions are outdated, what if any legal distinctions between different types of surveillance or data should replace them? How, if at all, can the law sensibly distinguish between personal communications and communications data in which we have a reasonable expectation of privacy, and that which we do not?

Simultaneous interpretation from English to Spanish and Portuguese.

Internet companies as an agent of the state & european mandatory telecommunications data retention

Katarzyna Szymielewicz, European Digital Rights [Poland, EN]

In this short presentation I will introduce European (i.e. based on EU legislation) regime of mandatory retention of telecommunication data for law enforcement purposes, explaining its political context, implementation and negative impact on human rights standards (not just privacy-related!).
Using case studies of Poland and Germany I will present two strikingly different approaches to storing telecommunication data and law enforcement, thus questioning the necessity and proportionality of this controversial measure. I will also touch briefly on pending political developments (including the revision of the Data Retention Directive and the reform of data protection law in the EU), explaining what the stakes are, what European civil society organisations are fighting for and why it is such an important fight. Finally, I will explain how the debate about mandatory data retention feeds into a broader discussion about the role of Internet intermediaries, including both their independence from political pressure and protection of their clients from surveillance executed by “private police.”

Simultaneous interpretation from English to Spanish and Portuguese.

Crossborder access to citizen's data and cloud computing in the investigation of criminal cases: Regional trends

Marcos Salt, profesor de derecho penal y procesal penal de la universidad de Buenos Aires (UBA) [Argentina, ES]

During the brief presentation, I will present practical examples of the problems caused by the application by analogy of the rules on physical evidence to obtain digital evidence.
I try to show that this trend is inconvenient to both for efficiency in the investigation of crimes by the state as to the validity of individual rights. I will place special reference to cross-border access to citizen's data in the cloud.

Simultaneous interpretation from Spanish to English and Portuguese.

Background on lawful interception mandates and government access to encryption keys

Seth Schoen, Electronic Frontier Foundation [United States, EN]

Simultaneous interpretation from English to Spanish and Portuguese.

In this session, I'll discuss some of the history of fights over government surveillance powers and government access in the United States, starting in the early 1990s and continuing to the present day. These issues have centered on three main themes: restrictions on cryptography and privacy tools, obligations for communications intermediaries to acquire and implement surveillance capabilities, and mandatory retention of telecommunications data.
One interesting point is that many of the same themes keep recurring: the powers that the government is seeking today are often similar to those it sought two decades ago.
Another interesting point is that the government has not always been successful in expanding its surveillance powers. Many of its proposals never became law and there are still plenty of issues left to fight over. But governments around the world are continuing to having a major effect on the design of technology, getting wiretapping interfaces and backdoors added to communications systems and discouraging deployments of strong encryption.

MLATS and International Cooperation for Law Enforcement Purposes

Elonnai Hickok, Center for Internet & Society India [India, EN]

In this session I will be looking at the challenges, requisite safeguards, and possible solutions in the context of international cooperation for fighting crime. In doing so I will look closely at the proposed principle of safeguards for international cooperation.
The objective of this session will be to explore ways of improving MLATS and international law enforcement cooperation in order to ensure that basic safeguards can be built into the process of international cooperation.

Simultaneous interpretation from English to Spanish and Portuguese.

Format: 10-15 minutes for each five speakers to introduce legal issues and 20 minutes of discussions

3:10 - 3:20 Coffee Break

Workshops: Round II

3:20 - 4:30

Workshop 1: Electronic surveillance demonstrations

In this workshop, we'll take a look at a few electronic surveillance devices (including an ordinary laptop) and look at some of what they can intercept. Technological infrastructure permitting, we may have a live demonstration of intercepting or modifying users' Internet communications.
We'll also consider low-cost surveillance techniques and discuss what kinds of demonstrations have the most pedagogical value for making users aware of particular threats.

Facilitator:
Seth Schoen, Electronic Frontier Foundation [United States, EN]

Rapporteur:
Eva Galperin, Electronic Frontier Foundation [United States, EN/ES/PT]

Simultaneous interpretation from English to Spanish and Portuguese.

Workshop 2: Legal framework regarding compelled disclosure of communications, subscriber information, and cryptographic keys

In this workshop we will cover various examples of compelled disclosure of private information (from subscriber information and content of communication to cryptographic keys) in the context of law enforcement, focusing on their legal aspects. We will briefly present various legal frameworks, discussing both the examples of legal safeguards (“good practices”) and their shortcomings that allow for government surveillance.
We will also look at various human rights implications of these measures and (potential / existing) role of private companies from the perspective of their compliance with such measures (incl. when requested by non-democratic regimes).

Facilitators:
Katarzyna Szymielewicz, European Digital Rights [Poland, EN]
Elonnai Hickok, Center for Internet & Society India [India, EN]

Rapporteur:
Hanni Fakhoury, Electronic Frontier Foundation [United States, EN]

Workshop 3: What data is most private? What surveillance is most invasive? How if at all should laws treat them differently?

This workshop will build on the discussion that began in the law & policy plenary, discussing how certain surveillance laws have applied different legal protections to different types of data and surveillance, and questioning whether such distinctions make sense in light of new technology.
The workshop will address that question from legal, personal, and political perspectives. Participants will share with each other details of how the laws in their countries treat different types of data and different types of surveillance, to facilitate shared understanding of the existing legal frameworks and to identify existing gaps and discrepancies in current legal protections.
Based on their own personal experiences as Internet users and as advocates, participants will then discuss what data in their lives they consider most private and what types of surveillance they find most invasive, and reflect on how if at all the law should distinguish between them. Finally, participants will discuss the politics of these different frameworks: both how gaps and weaknesses in existing frameworks threaten the ability of advocates to politically organize in the face of government surveillance, and how we can best work through the political process and change those frameworks to better reflect current technology and human rights norms.

Facilitators:
Kevin Bankston, Center for Democracy and Technology [United States, EN]
Danilo Doneda, Fundação Getúlio Vargas [Brazil, PT/EN]

Rapporteur:
Beatriz Busaniche, Fundación Vía Libre [Argentina, ES]

Reporting Back Session & Closing Meeting Day 1

4:30 - 5:20

Chair:
Katitza Rodriguez, Electronic Frontier Foundation [Peru, ES]

Rapporteurs:
Eva Galperin, Electronic Frontier Foundation [United States, EN/ES/PT]

Report: Demonstrating Surveillance

Hanni Fakhoury, Electronic Frontier Foundation [United States, EN]

Report: Compelled Disclosure of Communications, Subscriber Information & Cryptographic Keys

Beatriz Busaniche, Fundación Vía Libre [Argentina, ES]

Report: What Data is Most Private? What Surveillance is Most Invasive? Should Laws Treat Different Data Differently?

8:30 pm Dinner

DAY 2: Challenges and Mapping Out Possible Solutions
8:55 - 9:00 Welcome

Plenary: Surveillance in Latin America
9:00 - 10:20

Chair: Camila Marques, Lawyer, ARTIGO 19 [Brazil, PT]

Surveillance in Colombia
Carlos Eduardo Huertas, Semana [Colombia, ES]

Surveillance in Cuba
“Mario Hernandez” [Cuba, ES]

Surveillance in the Northern Triangle
Renata Avila, Global Voices [Guatemala, ES]

Surveillance in Peru
Yonsi Solis, Global Voices [Peru, ES]

Surveillance in Mexico
Caracol Azul, [Mexico, ES]
This session will have simultaneous interpretation from Spanish to English and Portuguese

Keynote: Challenges Posed By Electronic Surveillance

10:20 - 10:40
Frank La Rue, United Nations Special Rapporteur on Freedom of Expression [Guatemala, ES]
Increasing pressure (legal and political) on private parties to help carry out the state’s surveillance mandate.

Simultaneous interpretation from Spanish to English and Portuguese

10:40 - 11:00 Coffee Break

Plenary: International Surveillance & Human Rights Principles: Challenges and Opportunities in Latin America

11:00 - 11:50

Chair: Carly Nyst, Privacy International [Australia/UK, EN]
Simultaneous interpretation from English to Spanish and Portuguese.

Explanation of the Principles: Background, purpose, need, challenges and opportunities

Chilean and Latin American perspectives

Alberto Cerda, Derechos Digitales [Chile, ES]
Simultaneous interpretation from Spanish to English and Portuguese

Expansion of Brazilian law enforcement powers to access users’ digital information

Pablo Ortellado, GPOPAI [Brasil, PT/EN]
Simultaneous interpretation from Portuguese to Spanish and English

Surveillance and regional human rights standards

Juan Camilo Rivera, Comisión Colombiana de Juristas [Colombia, ES]
Simultaneous interpretation from Spanish to English and Portuguese

Workshops: Round III

11:50 - 1:00

Workshop 1: International surveillance and human rights principles: Perspectives from Latin America

Facilitator:
Alberto Cerda, Derechos Digitales [ES] & Carly Nyst, Privacy International [UK, EN]

Rapporteur:
Juan Camilo Rivera, Comisión Colombiana de Juristas [Colombia, ES]

Workshop 2: Technical community activism
What is the technology community doing to defend privacy?

Facilitators:

Enrique Chaparro, Fundación Vía Libre [Argentina, ES ]
João Carlos Caribé, Movimento Mega (aka Mega Não) [Brazil, PT/EN]

Rapporteur:
Eva Galperin, Electronic Frontier Foundation [USA, EN]

Plenary: Hands-on Activism

2:40 - 3:50 p.m.

Chair: Rebecca Bowe, Electronic Frontier Foundation [United States, EN]

Simultaneous interpretation from English to Spanish and Portuguese.

What is meant by Hands-On Activism? As you’ll learn from our panelists, there are many strategies that can be utilized to push back against a surveillance practice or proposal. We’ll cover the most effective ways to obtain public records; strategies for generating interest in digital rights issues; fresh and extraordinary approaches to creative campaigning, and tactics used by an international nonprofit to tackle privacy issues with online campaigns.

Raising digital awareness in Peru

Marco Sifuentes, Instituto Prensa y Sociedad [Peru, ES]

Peru has a very active and influential online community. It can affect the course of elections, prove the president wrong and stop law projects. It can work very well on "real world" matters. But when it comes to online issues, it's been hard to raise awareness on the Peruvian general public and even on the media. What went wrong? However, in the past year, some digital topics have received a lot of coverage. Some not. What changed? I’ll share Peru's experience in the hope that every participant can compare it with his or her own country's situation.

Online organizing for human rights

Fabiola Carrion, Access [Peru, ES/EN]

A recent addition to the Access Team, Fabiola will begin her presentation by talking about her own experiences in organizing and advocacy, arguing that the struggle for human rights is increasingly moving online. She will discuss new tools of organizing, and the importance of combining technology, policy, and grassroots advocacy tactics to affect holistic change in internet policy debates. Her presentation will include a series of short case studies from around the world where Access, along with its various allies, have successfully campaigned for a free and open internet. Her presentation will conclude with a discussion of lessons learned and best practices for online organizing, particularly around issues of surveillance and due process.

Surveillance and secrecy: Strategy and tactics - Using the law to uncover abuse of LEAs’ surveillance powers

Geoff King, Lawyer [United States, EN]

Open government laws, though riddled with exemptions, are powerful tools for shedding light on the governmental operations. One way in which these laws can be used is to uncover the existence of law enforcement surveillance, as well details about the tools used to achieve such surveillance. This portion of the presentation will explore how journalists and activists can employ successful transparency strategies in the face of various procedural pitfalls. It will also give concrete examples of how such strategies have paid off in the recent past.
Presentation Materials

Creative campaigning: tactical media mashup
Vladan Joler, Share Foundation [Serbia, EN]

Explore the beautiful world of tactical media as a creative tool for getting your message out there.
From creative campaigning during Serbian protests in the 90s to “lo fi” media interventions, protests inside computer games, media pranks and parasite media tactics to social media bots and Twitter bombs.
Presentation Materials

Simultaneous interpretation from English to Spanish and Portuguese Return to Top

3:50 - 4:10 Coffee Break

Workshops: Round IV

4:10 - 5:10

Workshop 1: What the international surveillance and human rights principles are asking the governments to do?

This session will be used to call out exactly what the International Surveillance and Human Rights Principles are asking governments to change or legislative/policy actions they are asking governments to take. This will hopefully be useful in helping individuals and organizations understand what aspects to highlight and push when proposing the principles and why.

Facilitators:

Katitza Rodriguez, Electronic Frontier Foundation [Peru, ES]
Elonnai Hickok, Center for Internet & Society India [India, EN]

Rapporteur:
Graciela Selaimen, NUPEF [Brasil, EN/ES/PT]

Workshop 2: Creative campaigning: tactical media mashup & anti-surveillance campaigns

What are activists around the world doing to counter surveillance proposals and practices? And what could they be doing, with just a little more knowledge and inspiration? At this session, workshop facilitators will share stories about successful campaigns launched around the world in response to government surveillance. How did a humorous Twitter hashtag about a proponent of surveillance legislation rise to “trending” status on Twitter? How did a small team of digital rights activists in Argentina manage to position themselves as one of the most trusted media sources on issues relating to privacy in the digital realm? How did a small group of activists manage to reach biggest world media and how are activists creating their own media? We’ll then open it up for a group discussion in which participants can share their own stories of effective tactics from around the world, and explore ideas for collaborating and harnessing the knowledge gleaned from our collective experiences.

Facilitators:

Rebecca Bowe, Electronic Frontier Foundation [United States, EN]
Vladan Joler, Share Foundation [Serbia, EN]

Rapporteur:
Hisham Almiraat, Global Voices Advocacy [Morocco, EN]

Reporting Back Session & Closing Remarks

5:10 - 6:00

Chair:
Katitza Rodriguez, Electronic Frontier Foundation [Peru, ES]

Rapporteurs:
Graciela Selaimen, NUPEF [Brasil, EN/ES/PT]

Renzo Lavin, Asociación Civil por la Igualdad y la Justicia [Argentina, ES]
Hisham Almiraat, Global Voices Advocacy [Morocco, EN]

Each breakout session will have one designated rapporteur, one note-taker, and a module to work around.

For more details visit https://cis-india.org/news/state-surveillance-and-human-rights-camp

Centre for Internet and Society

January 2013 Bulletin

National Resource Kit for Persons with Disabilities

Pervasive Technologies

Other Openness Updates

HasGeek

Internet Access – Knowledge Repository

Follow us elsewhere

Support Us

Request for Collaboration

Data Retention in India

The Debate around Data Retention

Data Retention vs. Data Preservation

Data Retention in India

ISP License

UASL License

RTI Request to BSNL and MTNL

BSNL Response

MTNL Response

Conclusion

Surveillance Camp: Privatized State Surveillance

Voluntary Agreements Between Law Enforcement and Private Companies

Canada

Law Enforcement Approaching Service Providers Without Legally-Required Authorization

Chile

Governments Pressure Private Sector

Brazil

Foreign Governments Access To Individuals’ Data in the Cloud

Conclusion

Five Frequently Asked Questions about the Amended ITRs

Cyber security, surveillance and the right to privacy: country perspectives

Is freedom of expression under threat in the digital age?

Draft International Principles on Communications Surveillance and Human Rights

Third South Asian Meeting on the Internet and Freedom of Expression

Agenda

January 14, 2013

January 15, 2013

List of Participants

I & P Partners Meeting at Rio

Clash of the cyberworlds

Malice and freedom of speech

Indian government websites: Gold mine for cybercriminals

State Surveillance and Human Rights Camp: Summary

Summary of the Draft International Principles on Communications Surveillance and Human Rights

Types of Data

Ways of Accessing Data

Access and Technology

Access and Legislation

December 2012 Bulletin

Feedback

Media Coverage

Blog Entry

Event Organised

Research for the Global Congress

Event Report

Events Participated

Events Organised

Blog Entries

News / Media Coverage

Videos

Upcoming Event

Analysis of Central Motor Vehicle Rules

Columns/Op-eds

Event Organised

Upcoming Events

Events Participated

Blog Entries

Video

Media Coverage

Newspaper Column

Book Review

Media Coverage

Bangalore CryptoParty!

Hosts

Details

We Will Provide

You need to bring

Intro

Show and tell

State Surveillance and Human Rights Camp