Centre for Internet and Society

The Internet Has a New Standard for Censorship

jyoti — 2016-01-30T09:17:54Z

The introduction of the new 451 HTTP Error Status Code for blocked websites is a big step forward in cataloguing online censorship, especially in a country like India where access to information is routinely restricted.

The article was published in the Wire on January 29, 2016. The original can be read here.

Ray Bradbury’s dystopian novel Fahrenheit 451 opens with the declaration, “It was a pleasure to burn.” The six unassuming words offer a glimpse into the mindset of the novel’s protagonist, ‘the fireman’ Guy Montag, who burns books. Montag occupies a world of totalitarian state control over the media where learning is suppressed and censorship prevails. The title alludes to the ‘temperature at which book paper catches fire and burns,’ an apt reference to the act of violence committed against citizens through the systematic destruction of literature. It is tempting to think about the novel solely as a story of censorship. It certainly is. But it is also a story about the value of intellectual freedom and the importance of information.

Published in 1953, Bradbury’s story predates home computers, the Internet, Twitter and Facebook, and yet it anticipates the evolution of these technologies as tools for censorship. When the state seeks to censor speech, they use the most effective and easiest mechanisms available. In Bradbury’s dystopian world, burning books did the trick; in today’s world, governments achieve this by blocking access to information online. The majority of the world’s Internet users encounter censorship even if the contours of control vary depending on the country’s policies and infrastructure.

Online censorship in India

In India, information access blockades have become commonplace and are increasingly enforced across the country for maintaining political stability, for economic reasons, in defence of national security or preserving social values. Last week, the Maharashtra Anti-terror Squad blocked 94 websites that were allegedly radicalising the youth to join the militant group ISIS. Memorably, in 2015 the NDA government’s ham-fisted attempts at enforcing a ban on online pornography resulted in widespread public outrage. Instead of revoking the ban, the government issued yet another vaguely worded and in many senses astonishing order. As reported by Medianama, the revised order delegates the responsibility of determining whether banned websites should remain unavailable to private intermediaries.

The state’s shifting reasons for blocking access to information is reflective of its tendentious attitude towards speech and expression. Free speech in India is messily contested and normally, the role of the judiciary acts as a check on the executive’s proclivity for banning. For instance, in 2010 the Supreme Court upheld the Maharashtra High Court’s decision to revoke the ban on the book on Shivaji by American author James Laine, which, according to the state government, contained material promoting social enmity. However, in the context of communications technology the traditional role of courts is increasingly being passed on to private intermediaries.

The delegation of authority is evident in the government notifying intermediaries to proactively filter content for ‘child pornography’ in the revised order issued to deal with websites blocked as result of its crackdown on pornography. Such screening and filtering requires intermediaries to make a determination on the legality of content in order to avoid direct liability. As international best practices such as the Manila Principles on Intermediary Liability point out, such screening is a slow process and costly and intermediaries are incentivised to simply limit access to information.

Blocking procedures and secrecy

The constitutional validity of Section 69A of the Information Technology Act, 2008 which grants power to the executive to block access to information unchecked, and in secrecy was challenged in Shreya Singhal v. Union of India. Curiously, the Supreme Court upheld S69A reasoning that the provisions were narrowly-drawn with adequate safeguards and noted that any procedural inconsistencies may be challenged through writ petitions under Article 226 of the Constitution. Unfortunately as past instances of blocking under S69A reveal the provisions are littered with procedural deficiencies, amplified manifold by the authorities responsible for interpreting and implementing the orders.

Problematically, an opaque confidentiality criteria built into the blocking rules mandates secrecy in requests and recommendations for blocking and places written orders outside the purview of public scrutiny. As there are no comprehensive list of blocked websites or of the legal orders, the public has to rely on ISPs leaking orders, or media reports to understand the censorship regime in India. RTI applications requesting further information on the implementation of these safeguards have at best provided incomplete information.

Historically, the courts in India have held that Article 19(1)(a) of the Constitution of India is as much about the right to receive information as it is to disseminate, and when there is a chilling effect on speech, it also violates the right to receive information. Therefore, if a website is blocked citizens have a constitutional right to know the legal grounds on which access is being restricted. Just like the government announces and clarifies the grounds when banning a book, users have a right to know the grounds for restrictions on their speech online.

Unfortunately, under the present blocking regime in India there is no easy way for a service provider to comply with a blocking order while also notifying users that censorship has taken place. The ‘Blocking Rules’ require notice “person or intermediary” thus implying that notice may be sent to either the originator or the intermediary. Further, the confidentiality clause raises the presumption that nobody beyond the intermediaries ought to know about a block.

Naturally, intermediaries interested in self-preservation and avoiding conflict with the government become complicit in maintaining secrecy in blocking orders. As a result, it is often difficult to determine why content is inaccessible and users often mistake censorship for technical problem in accessing content. Consequently, pursuing legal recourse or trying to hold the government accountable for their censorious activity becomes a challenge. In failing to consider the constitutional merits of the confidentiality clause, the Supreme Court has shied away from addressing the over-broad reach of the executive.

Secrecy in removing or blocking access is a global problem that places limits on the transparency expected from ISPs. Across many jurisdictions intermediaries are legally prohibited from publicising filtering orders as well as information relating to content or service restrictions. For example in United Kingdom, ISPs are prohibited from revealing blocking orders related to terrorism and surveillance. In South Korea, the Korean Communications Standards Commission holds public meetings that are open to the public. However, the sheer volume of censorship (i.e. close to 10,000 URLs a month) makes it unwieldy for public oversight.

As the Manila Principles note, providing users with an explanation and reasons for placing restrictions on their speech and expression increases civic engagement. Transparency standards will empower citizens to demand that companies and governments they interact with are more accountable when it comes to content regulation. It is worth noting, for conduits as opposed to content hosts, it may not always be technically feasible for to provide a notice when content is unavailable due to filtering. A new standard helps improve transparency standards for network level intermediaries and for websites bound by confidentiality requirements. The recently introduced HTTP code for errors is a critical step forward in cataloguing censorship on the Internet.

A standardised code for censorship

On December 21, 2015, the Internet Engineering Standards Group (IESG) which is the organisation responsible for reviewing and updating the internet’s operating standards approved the publication of 451-’An HTTP Status Code to Report Legal Obstacles’. The code provides intermediaries a standardised way to notify users know when a website is unavailable following a legal order. Publishing the code allows intermediaries to be transparent about their compliance with court and executive orders across jurisdictions and is a huge step forward for capturing online censorship. HTTP code 451 was introduced by software engineer Tim Bray and the code’s name is an homage to Bradbury’s novel Fahrenheit 451.

Bray began developing the code after being inspired by a blog post by Terence Eden calling for a censorship error code. The code’s official status comes after two years of discussions within the technical community and is a result of campaigning from transparency and civil society advocates who have been pushing for clearer labelling of internet censorship. Initially, the code received pushback from within the technical community for reasons enumerated by Mark Nottingham, Chair of the IETF HTTP Working Group in his blog. However, soon sites began using the code on an experimental and unsanctioned basis and faced with increasing demand for and feedback, the code was accepted.

The HTTP code 451 works as a machine-readable flag and has immense potential as a tool for organisations and users who want to quantify and understand censorship on the internet. Cataloguing online censorship is a challenging, time-consuming and expensive task. The HTTP code 451 circumvents confidentiality obligations built into blocking or licensing regimes and reduces the cost of accessing blocking orders.

The code creates a distinction between websites blocked following a court or an executive order, and when information is inaccessible due to technical errors. If implemented widely, Bray’s new code will help prevent confusion around blocked sites. The code addresses the issue of the ISP’s misleading and inaccurate usage of Error 403 ‘Forbidden’ (to indicate that the server can be reached and understood the request, but refuses to take any further action) or 404 ‘Not Found’ (to indicate that the requested resource could not be found but may be available again in the future).

Adoption of the new standard is optional, though at present there are no laws in India that prevent intermediaries doing so. Implementing a standardised machine-readable flag for censorship will go a long way in bolstering the accountability of ISPs that have in the past targeted an entire domain instead of the specified URL. Adoption of the standard by ISPs will also improve the understanding of the burden imposed on intermediaries for censoring and filtering content as presently, there is no clarity on what constitutes compliance. Of course, censorious governments may prohibit the use of the code, for example by issuing an order that specifies not only that a page be blocked, but also precisely which HTTP return code should be used. Though such sanctions should be viewed as evidence of systematic rights violation and totalitarian regimes.

In India where access to software code repositories such as Github and Sourceforge are routinely restricted, the need for such code is obvious. The use of the code will improve confidence in blocking practices, allowing users to understand the grounds on which their right to information is being restricted. Improving transparency around censorship is the only way to build trust between the government and its citizens about the laws and policies applicable to internet content.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-jyoti-panday-january-29-2016-internet-has-a-new-standard-for-censorship

The Infrastructure Turn in the Humanities

sneha-pp — 2016-06-30T05:07:06Z

An extended survey of digital initiatives in arts and humanities practices in India was undertaken during the last year. Provocatively called 'mapping digital humanities in India', this enquiry began with the term 'digital humanities' itself, as a 'found' name for which one needs to excavate some meaning, context, and location in India at the present moment. Instead of importing this term to describe practices taking place in this country - especially when the term itself is relatively unstable and undefined even in the Anglo-American context - what I chose to do was to take a few steps back, and outline a few questions/conflicts that the digital practitioners in arts and humanities disciplines are grappling with. The final report of this study will be published serially. This is the fourth among seven sections.

Sections

01. Digital Humanities in India?

02. A Question of Digital Humanities

03. Reading from a Distance – Data as Text

04. The Infrastructure Turn in the Humanities

05. Living in the Archival Moment

06. New Modes and Sites of Humanities Practice

07. Digital Humanities in India – Concluding Thoughts

In an article in the Digital Humanities Quarterly describing the emergence of the term cyberinfrastructure, Patrik Svensson speaks of an ‘infrastructure turn’ in the humanities, pointing towards a seemingly new found interest and investment in resources and tools for humanities research, pedagogy and publication in many universities and other knowledge institutions (Svensson 2011). Though the term has not been significantly used otherwise, it is interesting to note the implications of such a statement in the context of other such important ‘turns’ in the history of ideas, such as the linguistic or cultural turn. Particularly in the predominant debates around digital humanities, which are largely Anglo-American, infrastructure is an important and inherent component of any thinking around this area, as it derives many of its theoretical and practical concerns from a history of humanities computing. A lot of early work in DH was done in in the area of digital archives and knowledge repositories, such as The Walt Whitman Archive, Rossetti and Blake archives (Gold and Groom 2011, Drucker 2011), where digitization and algorithmic querying were important developments in terms of imagining and opening up the archive. From there to seemingly complex projects on data mapping, visualization, distant reading and cultural analytics, which require parsing through a huge corpora of humanities data, the growth of infrastructure has been a key aspect of these developments, although this many not be emphasized in the early literature about the field. The use of computational methods and the move towards the use of big data in the humanities has been an important change in terms of objects of the enquiry and methodology, and infrastructure is an essential condition of both these changes.

Like with other disciplines the nature of infrastructure and resources available to the humanities – in the form of galleries, archives, libraries, museums and now online repositories, language laboratories, and bibliographic, writing and editing tools and software – have also in some manner influenced the nature or scope of questions that could be asked of an object or text. It is therefore useful to explore the influence of infrastructure at a very conceptual level, in terms of what new ways of enquiry have been made possible with digital technologies and the internet. Now with new tools that can parse many pages of text at a go, or an algorithm that can derive patterns from a data set of images, video or other cultural artifacts, the scope of the enquiry seems to have increased exponentially, as much literature around DH suggests (Berry 2011). Indeed this point is also a bone of contention for many traditional humanities scholars, as it not only seems to be a technologically deterministic notion, but also one that takes away from more conventional methods of humanities research, which are based on close reading and interpretation of texts. In the Indian context however, these possibilities still seem distant owing to several gaps in terms of requirements of infrastructure, resources and material. In many institutions, the lack of basic infrastructure and resources in the form of libraries, classroom teaching-learning resources and access to the internet and other digital tools for the humanities continues to remain a problem. Existing institutional infrastructure is lesser that what is required, and mostly outdated.

This conflict over whether new tools and resources for the humanities is taking away or adding to humanities research is better understood in the light of how the concept of infrastructure has been understood, and specifically in the context of communication and research. Brian Larkin (2008) describes infrastructures as “institutionalized networks that facilitate the flow of goods in a wider cultural as well as physical sense”. He talks about both technical (such as transport, telecommunications, urban planning, energy and water) and ‘soft’ infrastructure such as the knowledge of a language, or cultural style and religious learnings. He therefore defines infrastructure as “this totality of both technical and cultural systems that create institutionalized structures whereby goods of all sorts circulate, connecting and binding people into collectivities.” This definition opens out the understanding of the term a little more, for it brings within the ambit different kinds of goods – such as knowledge, and proposes that infrastructure has the power to bind people within collectivities, thus emphasizing both its limitations as well as potentialities.

The notion of infrastructure as not being neutral to culture is further emphasized when Larkin talks about its mediating capacities, brought about by a layering of new technologies over old ones. "Infrastructures…mediate and shape the nature of economic and cultural flows and the fabric of urban life. One powerful articulation of this mediation is the monumental presence of infrastructures themselves" (Ibid.: 6). Thus the understanding of infrastructures as merely a means of the execution of ideas is one of the obstacles in terms of imagining them as more central to the work of the humanities. Often, the notion of infrastructure has been understood in terms of the institutional infrastructure in place, and not in terms of the smaller networks, tools or resources that build it, which are often located at the level of individuals. Ownership is a key aspect of the problem here, because the ownership of such infrastructure is largely with the state or large corporate entities, and not something within the ambit of small and private institutions or even individuals, and this often mandates the manner of their use. Indeed in the case of DH, there are certain kinds of technologies and resources that cannot be replicated easily at all, as such it is something that needs investment from the state and large knowledge institutions such as the university. Another problem, as rightly identified by Svensson is that the imagination of research infrastructures has been primarily in terms of the needs of the natural sciences, as a result of which resources, tools and materials for the humanities often end up being inadequate, in terms of financial and intellectual investment. Thus not only is there a challenge in terms of the availability of infrastructure, but also with respect to the optimum utilization of what is available.

Some of the practitioners and scholars interviewed as part of this mapping have also repeatedly brought up a number of concerns about (or the lack of) infrastructure they have had to use, modify and develop as part of their projects and research. Dr. Indira Chowdhury, historian and Founder-Director of the Centre for Public History (CPH) at the Srishti School of Art, Design and Technology, Bangalore finds it rather ironic that a city like Bangalore, with so much infrastructure at its disposal has such little thinking in the humanities. There are of course several reasons for this, she says, and in many places infrastructure development is restricted for certain reasons, like for example in Kashmir, where the use of internet and mobile phones is regulated strictly due to security concerns. The key question of course is to have more of a dialogue between places to ensure that they are not functioning in isolation. She also emphasizes that the problems are also at a more basic level, like with transcription for example [1]. The advent of the digital has brought with it several new possibilities, but she also talks about the many misconceptions that seem to be prevalent with regard to the digital, particularly in terms of preservation and storage capacity. The question of format is of great importance and a determining factor in much of research that mobilizes digital technologies. As part of her work on archiving oral histories, she has often had to emphasize that there are specific formats for a digital oral archive. As she says:

You should not switch to say MP3 just because it’s cheaper, more convenient and a lighter file. I often have people arguing that I just bought a recorder, it gives me a clear recording [in the MP3 format] etc. If you were to archive that file you would find that within a few years you begin to lose data on that file. The digital archive has also made people think a lot more about what they are preserving, in what format. These are things you then teach yourself, you do not archive in certain formats, or rely on an archive of MP3 files, because every time you copy them onto something it would have lost a little bit of its description. So these are things that make the historian more oriented, you think a lot more about what you are doing.

She therefore warns against these presumptions that a digital archive will resolve completely problems of space and preservation, as a change in format can easily render your data inaccessible and essentially useless. The idea of ‘loss of data’ and lack of space is something easily missed, as there a notion of the digital being an endless space, but that too comes at a cost. As Jonathan Sterne (2013) explains in his work on the MP3 as a cultural artifactiv, it is a format that works through compression and elimination of excess sound, which eventually greatly affects the quality of the sound object itself. The notion of the digital rendering a certain quality of sound, and by implication generating a ‘better’ digital artifact itself, is therefore highly debatable.

There are other considerations to bear in mind as well. As Padmini Ray Murray, another faculty member at the CPH points out, the context of such work in the global south is very different, and lack of good infrastructure is definitely one of the major problems. There are issues of bandwidth, problems such as surveillance, and issues with regulation of internet access, now the issue of network neutrality and so on, all of which have implications for possible digital humanities work and specifically work on digital archives. A significant challenge she sees is that we don't have mechanisms to translate between/ from Indian languages. She says that:

It would be amazing to have an archive metadata tool that can work with different Indian languages which at the moment is an impossibility. This is where a place like Bangalore comes into the picture... We need to pull on resources that are being pioneered in places like the IITs, or institutions here working with natural language processing...technologies that we cannot in a humanities context create, but pull those in to use them for humanities research. But the questions that we are asking are necessarily quite different, from what we have in the West.

The problem with Indian languages brings out the problems that are specific to the global south and therefore the infrastructure needs of humanities research work. Padmini Murray mentions Bichitra, the online variorum of the works of Rabindranath Tagore developed by the School of Cultural Texts and Records at Jadavpur University as an effective illustration of the challenges faced by researchers working in languages other than English. She explains “The very level of creating the code for Bichitra was different, because it had to be done from scratch. Finding a set of reliable Bangla characters is difficult because the ligatures get mixed up, so they created a character set from scratch to create Bichitra, and for Prabhed [the collation software] which works within it.” The problem of a lack of standardization for Indic language inputs is therefore an immediate practical concern for archival work in different languages in India [2].

Indiancine.ma [3], an online archive of Indian film, has similarly been experimenting with different ways of reading and annotating film text, with a focus right now on films that are out of copyright. It uses an open-source platform named Pandor/a [4] for media archives, which helps to organise and manage large, decentralized collections of video, to collaboratively create metadata and time-based annotations, and to archive as a desktop-class web application. The editing tool enables a user to pause, cut and annotate a particular scene or sequence in the film according to a time code, thus creating enormous new possibilities in terms of how we engage with the film text at several levels. The different ways of organising content through different filters also helps map content in unique ways and read them. According to Jan Gerber and Sebastian Lutgert, who are part of the team that developed the archive and its predecessor Pad.ma [5], Indiancine.ma is a work in progress, and it will always be, so as to allow new opportunities to present themselves with every change in the software and tools being used. They are particular about the archive being open to a variety of users and uses – that is, it is not only a tool or space of publication for humanities researchers, but is also a software project, a resource for a film fan club, and many other things as it is open to interpretation. It is meant for people to build together and have conversations across domains and disciplines. In their work with people from both the humanities and sciences, they do see a void or gap between domains, and reiterate that it is very difficult for people to have a conversation across their disciplinary moorings. Infrastructure development has also become divided across these lines, and suffers from a kind of tunnel vision which often prevents it from being developed in response to the needs of the communities it is meant to address. As Sebastian recollects the experience of creating Pad.ma, a similar online video archive using the same platform, Pandor/a, he speaks of collaborating with people from a non-technology background, at the artists collective CAMP in Mumbai [6], and how the lack of a hierarchy between technologists and non-technologists only contributed to making these projects better. A lot of the early software projects in India suffered due to this distance between people from technology and non-technology backgrounds, and the lack of a common language for them to communicate. Both Sebastian and Jan themselves come with training and experience in diverse areas, ranging from philosophy and visual arts to software development, and believe that their contribution to this archive is more conceptual than technological. They also see the Free and Open Source Software (FOSS) culture, then a rather incipient movement in India when they had just begun work on these projects, as one that can foster more conversations and collaborative work in technology and research in India. When they had started out of course, it was very difficult to convince people to use free and open source software, or even get filmmakers to release their footage for an open access platform like Pad.ma. CAMP was one of the few spaces then that had this open source culture, and it encouraged people to collaborate extensively, across areas of expertise. As Sebastian says “You deal with a relatively complex informatics system, but you are fully aware that you can modify and change things, and deal with them in a transparent way, which is great.” Both claim that nobody owns Pad.ma or Indiancine.ma, but everybody looks after it in a way, because they all use it differently depending on their interests, and this nurtures and builds the platform in different ways. The availability of this somewhat outside/alternate space for collaboration, and working within the open source context has been instrumental in the growth of these two online open access archives.

The computational aspects of Pad.ma and Indiancine.ma, and even Bichitra to some extent is may be something to look forward to for researchers interested in exploring the possibilities of such research with these platforms. Given that both are essentially large corpora of material, introducing new algorithmic tools to work with them is not a distant possibility, something that has also been the core of a lot of DH work in the Anglo-American context. Jan and Sebastian have tried this already with one of their earlier projects, 0xdb [7], which is another online archive of cinema, by running a color recognition algorithm on it. There is an instance of face detection and speech recognition software that could be run on this platform, with interesting results. The existing filters on Indiacine.ma also make it possible to search for images or sequences based on colour and object recognition. For instance, an interesting experiment is to search for ‘telephone’ in the archive, which pulls up images containing telephones from across the entire corpus, outlining an interesting trajectory of the use of the instrument. While helpful in terms of querying and searching over a large corpus, they also emphasize the need to be able to make sense of it in a meaningful way. As Jan says “Most of this software is developed really as a means of control, in the area of surveillance etc., and not for exploring; it is more of a content identifying tool rather than to discover things. Clustering or referencing credits are other possibilities, but its more statistical analysis of the footage; are they really adding anything qualitative to cinema studies is still an open question”. Given this disjuncture in what these tools are developed for and how they are finally used, a point of concern is whether the research questions are also driven by the possibilities and limitations of the software itself. While that remains a broader question, Sebastian feels that more than a software, this is a new digital eco-system itself, and using these platforms in different ways, in fact even beyond what they were imagined for, will drive the technology in new directions. The limitation of computational tools as he sees now is really the speed, and given the expenses involved, they may not be feasible to implement and expect results anytime soon.

Both the above platforms demonstrate a certain ability to read texts both closely, as well as from a distance through the use of algorithmic tools, thus demonstrating the possibilities of analysis afforded by the infrastructure it has been built with. More importantly, they also highlight the limits of such tools and resources due to several challenges posed by the material itself. In the case of Bichitra, the problems of developing a code for Bengali characters has put forth a number of technological challenges; a pointer towards one among many problems for archiving materials in Indian languages. Indiancine.ma and Pad.ma are more symptomatic of the context in which new technologies can develop today given the support and space for collaboration and conversations across domains of expertise. The problems of format and technological obsolescence brought up by scholars at CPH is an important one; while colluding with proprietary software is inevitable in some cases, as suggested by the practitioners and researchers behind these platforms, keeping back-ups of material and being able to migrate out of a digital platform at any given point is also extremely essential. Such flexibility of material, and immense interoperability – across domains, formats and social-cultural contexts including language is something that researchers in DH, or for that matter in any field that actively engages with the internet and digital technologies would look for in the infrastructure that they build for research, scholarship and pedagogy. Infrastructure continues to remain a critical aspect knowledge production and dissemination, and it is imperative now more than ever, that it is addressed at the conceptual level of any research intervention involving digital technologies and knowledge production.

Notes

[1] See section on Archives for a more detailed discussion on this issue: http://cis-india.org/raw/living-in-the-archival-moment.

[2] See the section on Reading from a Distance – Data as Text for more on this: http://cis-india.org/raw/reading-from-a-distance-data-as-text.

[3] See: http://indiancine.ma/

[4] See: https://pan.do/ra

[5] See: http://pad.ma/

[6] See: http://studio.camp/

[7] See: https://0xdb.org/

References

Berry, D.M. "The Computational Turn", Culture Machine. Vol 12, 2011. http://www.culturemachine.net/index.php/cm/article/viewArticle/440.

Drucker, Johanna, "Humanistic Theory and Digital Scholarship" In Debates in the Digital Humanities. Minneapolis: University of Minnesota Press, 2012, http://dhdebates.gc.cuny.edu/debates/text/34.

Gold, Matthew K. and Jim Groom. "Looking for Whitman: A Grand, Aggregated Experiment". In Debates in the Digital Humanities. Minneapolis: University of Minnesota Press, 2012, http://dhdebates.gc.cuny.edu/debates/text/5.

Larkin, Brian. "Introduction". In Signal and Noise: Media, Infrastructure and Urban Culture in Nigeria. London: Duke University Press, 2008

Sterne, Jonathan, 'The MP3 as Cultural Artifact,' New Media and Society. Vol. 18(5):825–842, 2006

Svensson, Partrik, "From Optical Fibre to Conceptual Cyberinfrastructure" In' Digital Humanities Quarterly, Vol.5, No.1, 2011. http://www.digitalhumanities.org/dhq/vol/5/1/000090/000090.html.

For more details visit https://cis-india.org/raw/the-infrastructure-turn-in-the-humanities

The India Privacy Monitor Map

maria — 2013-10-09T16:26:14Z

The Centre for Internet and Society has started the first Privacy Watch in India! Check out our map which includes data on the UID, NPR and CCTNS schemes, as well as on the installation of CCTV cameras and the use of drones throughout the country.

In a country of twenty-eight diverse states and seven union territories, it remained unclear to what extent surveillance, biometric and other privacy-intrusive schemes are being implemented. We are trying to make up for this by mapping out data in every single state in India on the UID, CCTNS and NPR schemes, as well as on the installation of CCTV cameras and the use of Unmanned Aerial Vehicles (UAVs), otherwise known as drones.

In particular, the map in its current format includes data on the following:

UID: The Unique Identification Number (UID), also known as AADHAAR, is a 12-digit unique identification number which the Unique Identification Authority of India (UIDAI) is currently issuing for all residents in India (on a voluntary basis). Each UID is stored in a centralised database and linked to the basic demographic and biometric information of each individual. The UIDAI and AADHAAR currently lack legal backing.

NPR: Under the National Population Register (NPR), the demographic data of all residents in India is collected on a mandatory basis. The Unique Identification Authority of India (UIDAI) supplements the NPR with the collection of biometric data and the issue of the AADHAAR number.

CCTV: Closed-circuit television cameras which can produce images or recordings for surveillance purposes.

UAV: Unmanned Aerial Vehicles (UAVs), otherwise known as drones, are aircrafts without a human pilot on board. The flight of a UAV is controlled either autonomously by computers in the vehicle or under the remote control of a pilot on the ground or in another vehicle. UAVs are used for surveillance purposes.

CCTNS: The Crime and Criminal Tracking Networks and Systems (CCTNS) is a nationwide networking infrastructure for enhancing efficiency and effectiveness of policing and sharing data among 14,000 police stations across India.

Our India Privacy Monitor Map can be viewed through the following link: http://cis-india.org/cisprivacymonitor

This map is part of on-going research and will hopefully expand to include other schemes and projects which are potentially privacy-intrusive. We encourage all feedback and additional data!

For more details visit https://cis-india.org/internet-governance/blog/india-privacy-monitor-map

The Huawei bogey

gurshabad — 2019-06-05T03:38:19Z

India needs to prove company aids Chinese government, or risk playing into US hands.

The article by Gurshabad Grover was published in Indian Express on May 30, 2019.

The Trump administration has not only passed orders restricting the US government and its departments from procuring networking equipment from Chinese companies, but is exerting considerable pressure on other countries to follow suit. The fear that Huawei and ZTE will aid Chinese espionage and surveillance operations has become common even though there has been no compelling evidence to suggest that Huawei’s equipment is substantively different from its competitors.

These events have also sparked a larger debate about the security of India’s communications infrastructure, an industry powered by foreign imports. Commentators have not shied away from suggesting that India ban the import of network equipment. C Raja Mohan, in ‘The tech wars are here’ (IE, December 11, 2018), expressed these concerns and asked whether Chinese telecom equipment manufacturers should be allowed to operate in India. A larger point was made by D S Hooda in his piece, ‘At digital war’ (IE, October 25, 2018). He pointed out threats that arise from using untrusted software and hardware all over the stack: From Chinese networking middleboxes to American operating systems and media platforms. As a method to establish trust in ICT infrastructure, Hooda recommends “indigenis[ing] our cyber space”.

The path towards indigenised manufacturing of networking equipment is an expensive, elaborate process. Restricting certain foreign companies from operating in the country without evidence would be a knee-jerk reaction solely based on cues from US policy, and would undermine India’s strategic autonomy.

At the heart of threats from untrusted software or hardware, lies an information asymmetry between the buyer and seller. It is not always possible to audit the functioning of every product that you purchase. Open technical standards, developed by various standards development organisations (SDOs), govern the behaviour of networking software, and remove this information asymmetry: They allow buyers to glean or implicitly trust operational and security aspects of the equipment.

It is clear that various governments including India have repeatedly failed to advance privacy and security in the 5G standards, which are developed at the 3rd Generation Partnership Project (3GPP) — the organisation developing standards for telephony. Government and industry dominance at the 3GPP has ensured that telecom technologies include security vulnerabilities that are euphemistically termed as “lawful interception”. From an architectural perspective, 5G does not contain any significant vulnerabilities that were absent in older telecom standards. Unfortunately, these vulnerabilities are indifferent to those who exploit them: A security exception for law enforcement is tantamount to a security vulnerability for malicious actors. As the report from UK’s Huawei Cyber Security Evaluation Centre Oversight Board confirmed, there is perhaps no technical way to mitigate the security risks that 5G poses now. But there is still no evidence to suggest that Huawei is operating differently from say Ericsson or Nokia.

India needs to establish that Huawei is aiding the Chinese government through their products (5G or otherwise) before reacting. That Chinese companies are rarely insulated from Beijing’s influence is indisputable. However, the legal requirements placed on Chinese companies by Beijing are equivalent to de facto practices of countries like the US, which has a history of intercepting equipment from American companies to introduce vulnerabilities, or directly compelling them to aid intelligence operations. Such influence should be fought back by pushing for international norms that prevent states from acquiring data from companies en masse, and domestic data protection legislation.

In the long term, the Indian government and its defence wings would benefit from understanding the argument Lawrence Lessig has made since the 1990s: Decisions of technical architecture have far-reaching regulatory effects. A long-term strategy that focuses on advancing security at technical SDOs will prove more effective in ensuring the security of India’s critical infrastructure than the economically expensive push for indigenisation.

For more details visit https://cis-india.org/telecom/blog/indian-express-may-30-2019-gurshabad-grover-the-huawei-bogey

The High Level Privacy Conclave — Conference Report

natasha — 2012-04-30T09:46:12Z

Privacy India, the Centre for Internet and Society and the Society in Action Group, with support from IDRC and Privacy International, have spent 18 months studying the state of privacy in India, and conducting consultations across India in Kolkata, Bangalore, Ahmedabad, Guwahati, Chennai, and Mumbai. On February 3, 2012, a high-level conclave was held in New Delhi with representatives from government, industry, media, and civil society participating in the event. At the conclave the discussions were focused on Internet Privacy, National Security & Privacy, and the future of Privacy in India.

Rajan Gandhi, CEO, Society in Action Group, opened the conference with an explanation of the mandate of Privacy India, which is to raise awareness, spark civil action, and promote democratic dialogue around privacy challenges and violations in India. He raised the question of whether Indians are concerned about privacy, while citing examples of banking institutions and telecom service providers, who ask for information more than required, such as marital status, financial status, etc. Lastly, he stressed the need for legislation and awareness about right to privacy.

Panel 1: National Security and Privacy

Malavika Jayaram (Advocate, Bangalore) moderated the first panel discussion on “National Security and Privacy”. The panel comprised of Manish Tewari (Member of Parliament, Ludhiana), PK Hormis Tharakan (Former Chief of Research and Analysis Wing, Government of India), Gus Hosein (Executive Director, Privacy International, UK), Vakul Sharma (Advocate, Supreme Court), Eric King (Human Rights and Technology Advisor, Privacy International, UK), Amol Sharma (Journalist, Wall Street Journal).

Malavika Jayaram started the discussion by posing the question as to what in their view is ‘national security’ and when can it be cited by the government to intrude upon our privacy? In response, the panel gave multiple views while agreeing that it is an abstract term. Gus Hosein, in response said that national security does not only mean protecting the national border of a nation, but also protecting the rights of the citizen. He also noted that national security is always implemented in a top-down manner. Thus, unfortunately national security has become the stick, which is used to beat down on people’s right.
PK Hormis Tharakan defined national security as the security of people and property. National security includes all the efforts of the government to raise poor above the poverty line. He also stated that anything that hinders the process of alleviating poverty is a matter of ‘national security’.

Manish Tewari stated that there is a need for legislation to address the various issues of violation of privacy. Specifically, he addressed the need of an independent oversight committee to put a check on the unrestricted powers of the law enforcement and intelligence agencies and the practice of intercepting communications on the grounds of national security. He pointed out that the rules, formulated by the Supreme Court in PUCL v. Union of India on interception of communication, are rarely implemented, and the guidelines are implemented more as an exception rather than a rule. The interception of communication by intelligence agencies should be regulated for a larger national interest.

Manish Tewari also observed that there is a nationwide lack of understanding about new technologies and judges are very rarely technologically literate. This has created a situation in which the government's efforts to fight crime and terrorism by intercepting communications has horribly backfired. By building backdoors into communications systems to allow lawful access, and by restricting cryptography to a 40-bit limit, the authorities have created serious vulnerabilities in India's communications system that can be easily exploited by any malicious third party or foreign government.

Privacy Protection

The panel discussion then moved on to the various tools for protecting privacy such data encryption. Amol Sharma referred to the process followed in the USA for interception of communication. Surveillance in the United States can be carried out by government agencies only on the basis of a court order or a warrant. He noted that in the US regime there is at least an independent body that gives orders of interception of communication. In comparison, in India, the power to authorize wiretaps lies with the government.

Amol Sharma also pointed out that, there are at least 5000-7000 interception requests from the government, out of which only three to five per cent requests for interception of communication are for white-collar crime. He cited the example of the government asking Research in Motion to provide their encryption keys and also provide a room in their offices for the purpose of interception of communication. He stated that he was very skeptic that terrorists will be using Blackberry services for communication, considering that there are many more convenient and untraceable means available to them such as Skype. He asserted that there is need of legislation for regulation and restricting invasion of privacy. He said, “National security is not a free ticket for any kind of wiretap”.

Concerns about Third Party Intrusion

Eric King noted that national security exists so that individuals can protect themselves from any kind of intrusion. Interception of communication is not only limited to government, equipment for interception of mobile phone calls are easily available and also affordable. So any individual can intercept calls. The notion that interception is only limited to the state is not true, it can be carried out by individuals as well. Heavily criticizing the restriction on encryption in India, he said that the people should be given the power to protect their own privacy. He also harped on the possibility that not only citizens are at risk also government high officials and military personnel can be targeted due to the low level of encryption.

Contributing to the conversation, Manish Tewari pointed out that while trying to intercept the mobile phone calls of an individual, the State could listen in to anyone’s conversation within the vicinity; hence there are gross privacy violations.

Gus Hosein added that the problem lies at a more basic level. Governments generally order telecom companies to build back door for the purposes of interception. These vulnerabilities in the system are not only used by the government, but also may be misused by third parties. He cited an incident in Greece, where the government asked a telecom service provider to build backdoors into the system. A third party was able to access the back door, during the Athens Olympics, when security was of utmost importance. He also said, “If you build a system that allows the state to listen in to communications, you build national security vulnerability”. This was followed by a Question & Answer session. The issues raised during the Q&A session were:

Nature of consent given by the user to the telecom service provider. Taking into consideration that service providers have a duty to disclose the user data to the government on request. A situation which gives rise to a binary choice, either use the services or do not use it at all.
At the wake of breaches in cyber-security, the use of general consumer e-mails by high government officials causes serious threat to nation’s security.
Lack of technical know-how among the government officials.
If government is inept in handling technology, then are there any concerns about public private partnership and outsourcing of governmental duties. (For example, UID).
Collection and collation of information by organizations such as NATGRID. Are they vulnerable to misuse?

In the concluding statement of the first panel discussion, Gus Hosein, made the argument that there cannot be a balance between right to privacy and national security, as the former is an individual right and the latter a community right. Community interest will always take precedence over individual right. National security is always the excuse given by government for invading individual privacy.

Panel 2: Internet and Privacy

Sunil Abraham (Executive Director, The Centre for Internet and Society, Bangalore) moderated the second panel discussion on “Internet and Privacy”. The panel comprised of Deepak Maheshwari (Director, Corporate Affairs, Microsoft), Amitabh Das (General Counsel, Yahoo! India), Ramanjit Singh Chima (Sr. Policy Analyst, Google), Talish Ray (Board Member, Software Freedom Law Center), and Vinayak Godse (Director- Data Protection, DSCI).

Defining Privacy

Sunil Abraham asked the panel questions with respect to defining privacy in the context of physical privacy and spatial privacy. In response, Amitabh Das said that the right to privacy of individuals should be protected in a similar fashion online, as it is protected offline. Referring to safeguards under PUCL v. Union of India (SC, 1996), he observed that communication and behavior on the Internet should be free from monitoring and interception. The procedural safeguards offline should be also present online.

Key Escrow Regime

Deepak Maheshwari talked about the inconsistencies in the encryption standards in India. For example, in case of ISP licensees, there is a 40-bit restriction (symmetric key). In case of adopting higher-level encryption, the ISP has to take permission from the government and deposit both the keys to the government.

He also pointed that online railway ticket booking services use 128-bit encryption. RBI mandates 128-bit encryption for online banking transaction. SBI recommends 64-128 bit encryption. The multiple regulations make it impossible to abide by the rules.

Anonymity and Pseudonymity

Sunil Abraham, while setting the context to India, where the government has taken stringent measures to cut down on anonymity and pseudonymity, asked the question whether such a step is welcomed by the internet users as well as intermediaries. Ramanjit Singh Chima, in reply said that for any business, it is necessary to give what the user wants. Real identity provides a better platform for discussion. He also discussed the choices provided by Google, mainly search without login, encrypted searches so it gives the user to be anonymous. He also noted that there are legal as well as technical restraints as to anonymity on the Internet. He also cited the example of Korea, where the government mandated real name verification process for posting comments on the Internet. Google was not able to comply with this request and had to disable comment section in Korea.

Data Privacy

Vinayak Godse analyzed the issue of data privacy in detail. He stressed upon the need of data privacy law in the country for the outsourcing industries. The European Union (EU) data protection laws govern most of the clients of firms that outsource. EU considers India is not a data safe country due to lack of data privacy legislation. He suggested that the data privacy law should be pragmatic, light touch and should allow industry self-regulation.

Conclusion

The High Level Privacy Conclave discussed various issues related to Internet and privacy and national security and privacy. The various concerns raised by the stakeholders were helpful in understanding the problems related to privacy. The main concerns raised by the first panel were about the interaction and relation of national security to privacy. The major concerns around national security and privacy were of data encryption vis-à-vis surveillance by the State and third party intrusion. There was also an attempt made to understand and define national security in the context of its ambit and when can it be used by the State to access private information. The second panel discussed various aspects of privacy on the Internet. The panel included discussions on anonymity and data privacy on the Internet.

We thank the moderators, panelists and participants for making High Level Privacy a constructive and a fruitful session on privacy and it also gave us insight to understand the problems related privacy and a way forward for possible solutions.

Download the PDF (195 Kb)

Click for the agenda and speakers profile.

For more details visit https://cis-india.org/internet-governance/high-level-privacy-report

The Gujarat High Court Judgment on the Snoopgate Issue

vipul — 2014-10-27T04:40:17Z

Pranlal N. Soni v. State of Gujarat, C/SCA/14389/2014

In the year 2013 the media widely reported that a female civil services officer was regularly spied upon in 2009 due to her acquaintance with the then Chief Minister of Gujarat (and current Prime Minister of India) Mr. Narendra Modi. It was reported that the surveillance was being supervised by the current president of the BJP, Mr. Amit Shah at the behest of Mr. Modi. The case took another twist when the officer and her father said that they had no problems with such surveillance, and had repeatedly conveyed to various statutory authorities including the National Commission for Women, the State Commission for Women, as also before the Hon’ble Supreme Court of India, that they never felt that their privacy was being interfered with by any of the actions of the State Authorities. Infact, para 3.5 of the petition indicated that it was at the behest of the father of the female officer that the State government had carried out the surveillance on his daughter as a security measure.

Inspite of the repeated claims of the subject of surveillance and her father, the Gujarat Government passed a Notification under the Commissions of Inquiry Act, 1952 appointing a two member Commission of Inquiry to enquire into this incident without jeopardizing the identity or interest of the female officer. This Notification was challenged in the Gujarat High Court by the very same female officer and her father on the ground that it violated their fundamental right to life and liberty. The petitioners claimed that they had to change their residential accommodation four times in the preceding few months due to the constant media glare. The print, electronic and social media, so called social workers and other busybodies constantly intruded into the private life of the petitioners and their family members. The petitioner's email accounts were hacked and scores of indecent calls were received from all over. Under the guise of protecting the petitioner's privacy, every action undertaken by the so called custodians for and on behalf of the petitioners resulted into a breach of privacy of the petitioners, making life impossible for them on a day to day basis.

After hearing the arguments of the petitioners, including arguments on technical points the Court struck down the Notification issued by the State government to enquire into the issue of the alleged illegal surveillance. However the Court also briefly touched upon the issue of violation of the privacy of the female officer in this whole episode. However, instead of enquiring into whether there was any breach of privacy in the facts of the case, the Court relied upon the statement made by the female officer that whatever surveillance was done did not cause any invasion into her privacy, rather it was the unwelcome media glare that followed the revelations regarding the surveillance which had caused an invasion of her privacy.

Thus we see that even though the whole snoopgate episode started out as one of “alleged” unwarranted and illegal surveillance this particular judgment is limited only to challenging the validity of the Inquiry Commission appointed by the State Government. In order to challenge the Notification in a PIL the female officer had to show that some fundamental right of hers was violated and in such circumstances privacy is the most obvious fundamental right which was violated.

Although this judgment talks about privacy, it does not have enough legal analysis of the right to privacy to have any significant ramifications for how privacy is interpreted in the Indian context. The only issue that could possibly be of some importance is that the we could interpret the Court’s reliance on the statement of the female officer that there was no breach of privacy rather than its own examination of facts to mean that in cases of breach of privacy, if the person whose privacy has been breached did not feel his or her privacy to have been invaded then the Courts would rely on the person’s statements rather than the facts. However this is only an interpretation from the facts and it does not seem that the Court has spent any significant amount of time to examine this issue, therefore it may not be prudent to consider this as establishing any legal principle.

Note: The details of the case as well as the judgment can be found at http://gujarathc-casestatus.nic.in/gujarathc/tabhome.jsp

For more details visit https://cis-india.org/internet-governance/blog/gujarat-high-court-judgment-on-snoopgate-issue

The Geopolitics of Information Controls: A Presentation by Masashi Crete-Nishihata

praskrishna — 2013-06-26T09:56:01Z

Masashi Crete-Nishihata will give a talk on Citizen Lab's activities and present its approach to the study of information controls through recent research and case studies. The talk will be held on June 19, 2013 at TERI Auditorium in Bangalore, 5 p.m. to 7.30 p.m.

The Citizen Lab

The Citizen Lab is an interdisciplinary research group based at the University of Toronto. It explores the intersection of
information technology, global security, and human rights through technical, policy, and legal research.

A central focus of Citizen Lab's research analyzes the prevalence, operation, and impact of information controls. Information controls can be conceptualized as actions conducted in and through the Internet and other information and communication technologies. Such controls seek to deny (as with Internet filtering), disrupt (as in denial-of-service
attacks), or monitor (such as passive or targeted surveillance) information for political ends.

Masashi Crete-Nishihata

Masashi is the research manager of the Citizen Lab at the Munk School of Global Affairs, University of Toronto. He has published work on information controls during the 2008 Russia-Georgia conflict, cyber security research ethics, cyber attacks against Burmese media groups, and the psychosocial impacts of lifelogging technologies. His research interests include technology policy, information controls, and human computer interaction.

Relevant Links

http://citizenlab.org

http://citizenlab.org/publications/

https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferation-2/

Please RSVP as seats are limited.
RSVP: Purba Sarkar (purba@cis-india.org)

Video

For more details visit https://cis-india.org/internet-governance/events/geo-politics-of-information-controls

The Geopolitics of Cyberspace: A Compendium of CIS Research

arindrajit — 2021-11-15T14:48:49Z

Cyberspace is undoubtedly shaping and disrupting commerce, defence and human relationships all over the world. Opportunities such as improved access to knowledge, connectivity, and innovative business models have been equally met with nefarious risks including cyber-attacks, disinformation campaigns, government driven digital repression, and rabid profit-making by ‘Big Tech.’ Governments have scrambled to create and update global rules that can regulate the fair and equitable uses of technology while preserving their own strategic interests.

With a rapidly digitizing economy and clear interests in shaping global rules that favour its strategic interests, India stands at a crucial juncture on various facets of this debate. How India governs and harnesses technology, coupled with how India translates these values and negotiates its interests globally, will surely have an impact on how similarly placed emerging economies devise their own strategies. The challenge here is to ensure that domestic technology governance as well as global engagements genuinely uphold and further India’s democratic fibre and constitutional vision.

Since 2018, researchers at the Centre for Internet and Society have produced a body of research including academic writing, at the intersection of geopolitics and technology covering global governance regimes on trade and cybersecurity, including their attendant international law concerns, the digital factor in bilateral relationships (with a focus on the Indo-US and Sino-Indian relationships). We have paid close focus to the role of emerging technologies in this debate, including AI and 5G as well as how private actors in the technology domain, operating across national jurisdictions, are challenging and upending traditionally accepted norms of international law, global governance, and geopolitics.

The global fissures in this space matter fundamentally for individuals who increasingly use digital spaces to carry out day to day activities: from being unwitting victims of state surveillance to harnessing social media for causes of empowerment to falling prey to state-sponsored cyber attacks, the rules of cyber governance, and its underlying politics. Yet, the rules are set by a limited set of public officials and technology lawyers within restricted corridors of power. Better global governance needs more to be participatory and accessible. CIS’s research and writing has been cognizant of this, and attempted to merge questions of global governance with constitutional and technical questions that put individuals and communities centre-stage.

Research and writing produced by CIS researchers and external collaborators from 2018 onward is detailed in the appended compendium.

Compendium

Global cybersecurity governance and cyber norms

Two decades since a treaty governing state behaviour in cyberspace was mooted by Russia, global governance processes have meandered along. The security debate has often been polarised along “Cold War” lines but the recent amplification of cyberspace governance as developmental, social and economic has seen several new vectors added to this debate. This past year two parallel processes at the United Nations General Assembly’s First Committee on Disarmament and International Security-United Nations Group of Governmental Experts (UN-GGE) and the United Nations Open Ended Working Group managed to produce consensus reports but several questions on international law, norms and geopolitical co-operation remain. India has been a participant at these crucial governance debates. Both the substance of the contribution, along with its implications remain a key focus area for our research.

Edited Volumes

Karthik Nachiappan and Arindrajit Basu India and Digital World-Making, Seminar 731, 1 July 2020 (featuring contributions from Manoj Kewalramani, Gunjan Chawla, Torsha Sarkar, Trisha Ray, Sameer Patil, Arun Vishwanathan, Vidushi Marda, Divij Joshi, Asoke Mukerji, Pallavi Raghavan, Karishma Mehrotra, Malavika Raghavan, Constantino Xavier, Rajen Harshe' and Suman Bery)

Long-Form Articles

Arindrajit Basu and Elonnai Hickok, Cyberspace and External Affairs: A Memorandum for India (Memorandum, Centre for Internet and Society, 30 Nov 2018)
The Potential for the Normative Regulation of Cyberspace (White Paper, Centre for Internet and Society, 30 July 2018)
Arindrajit Basu and Elonnai Hickok Conceptualizing an International Security Architecture for cyberspace (Briefings of the Global Commission on the Stability of Cyberspace, Bratislava, Slovakia, May 2018)
Sunil Abraham, Mukta Batra, Geetha Hariharan, Swaraj Barooah, and Akriti Bopanna, India's contribution to internet governance debates (NLUD Student Law Journal, 2018)

Blog Posts and Op-eds

Arindrajit Basu, Irene Poetranto, and Justin Lau, The UN struggles to make progress in cyberspace, Carnegie Endowment for International Peace, May 19th, 2021
Andre’ Barrinha and Arindrajit Basu, Could cyber diplomacy learn from outer space, EU Cyber Direct, 20th April 2021
Arindrajit Basu and Pranesh Prakash, Patching the gaps in India’s cybersecurity, The Hindu, 6th March 2021
Arindrajit Basu and Karthik Nachiappan, Will India negotiate in cyberspace?, Leiden Security and Global Affairs blog,December 16, 2020
Elizabeth Dominic, The debate over internet governance and cybercrimes: West vs the rest?, Centre for Internet and Society, June 08, 2020
Arindrajit Basu, India’s role in Global Cyber Policy Formulation, Lawfare, Nov 7, 2019
Pukhraj Singh, Before cyber norms,let's talk about disanalogy and disintermediation, Centre for Internet and Society, Nov 15th, 2019
Arindrajit Basu and Karan Saini, Setting International Norms of Cyber Conflict is Hard, But that Doesn’t Mean that We Should Stop Trying, Modern War Institute, 30th Sept, 2019
Arindrajit Basu, Politics by other means: Fostering positive contestation and charting red lines through global governance in cyberspace (Digital Debates, Volume 6, 2019)
Arindrajit Basu, Will the WTO Finally Tackle the ‘Trump’ Card of National Security? (The Wire, 8th May 2019)

Policy Submissions

Arindrajit Basu, CIS Submission to OEWG (Centre for Internet and Society, Policy Submission, 2020)
Aayush Rathi, Ambika Tandon, Elonnai Hickok, and Arindrajit Basu. “CIS Submission to UN High-Level Panel on Digital Cooperation.” Policy submission. Centre for Internet and Society, January 2019.
Arindrajit Basu,Gurshabad Grover, and Elonnai Hickok. “Response to GCSC on Request for Consultation: Norm Package Singapore.” Centre for Internet and Society, January 17, 2019.
Arindrajit Basu and Elonnai Hickok. Submission of Comments to the GCSC Definition of ‘Stability of Cyberspace (Centre for Internet and Society, September 6, 2019)

Digital Trade and India's Political Economy

The modern trading regime and its institutions were born largely into a world bereft of the internet and its implications for cross-border flow and commerce. Therefore, regulatory ambitions at the WTO have played catch up with the technological innovation that has underpinned the modern global digital economy. Driven by tech giants, the “developed” world has sought to restrict the policy space available to the emerging world to impose mandates regarding data localisation, source code disclosure, and taxation - among other initiatives central to development. At the same time emerging economies have pushed back, making for a tussle that continues to this day. Our research has focussed both on issues of domestic political economy and data governance,and the implications these domestic issues have on how India and other emerging economies negotiate at the world stage.

Long-Form articles and essays

Arindrajit Basu, Elonnai Hickok and Aditya Chawla, T he Localisation Gambit: Unpacking policy moves for the sovereign control of data in India (Centre for Internet and Society, March 19, 2019)
Arindrajit Basu,Sovereignty in a datafied world: A framework for Indian diplomacy in Navdeep Suri and Malancha Chakrabarty (eds) A 2030 Vision for India’s Economic Diplomacy (Observer Research Foundation 2021)
Amber Sinha, Elonnai Hickok, Udbhav Tiwari and Arindrajit Basu, Cross Border Data-Sharing and India (Centre for Internet and Society, 2018)

Blog posts and op-eds

Arindrajit Basu, Can the WTO build consensus on digital trade, Hinrich Foundation,October 05,2021
Amber Sinha, The power politics behind Twitter versus Government of India, The Wire, June 03, 2021
Karthik Nachiappan and Arindrajit Basu, Shaping the Digital World, The Hindu, 30th July 2020
Arindrajit Basu and Karthik Nachiappan, India and the global battle for data governance, Seminar 731, 1st July 2020
Amber Sinha and Arindrajit Basu, Reliance Jio-Facebook deal highlights India’s need to revisit competition regulations, Scroll, 30th April 2020
Arindrajit Basu and Amber Sinha, The realpolitik of the Reliance-Jio Facebook deal, The Diplomat, 29th April 2020
Arindrajit Basu, The Retreat of the Data Localization Brigade: India, Indonesia, Vietnam, The Diplomat, Jan 10, 2020
Amber Sinha and Arindrajit Basu, The Politics of India’s Data Protection Ecosystem, EPW Engage, 27 Dec 2019
Arindrajit Basu and Justin Sherman, Key Global Takeaways from India’s Revised Personal Data Protection Bill, Lawfare, Jan 23, 2020
Nikhil Dave,“Geo-Economic Impacts of the Coronavirus: Global Supply Chains.” Centre for Internet and Society , June 16, 2020.

International Law and Human Rights

International law and human rights are ostensibly technology neutral, and should lay the edifice for digital governance and cybersecurity today. Our research on international human rights has focussed on global surveillance practices and other internet restrictions employed by a variety of nations, and the implications this has for citizens and communities in India and similarly placed emerging economies. CIS researchers have also contributed to, and commented on World Intellectual Property Organization negotiations at the intersection of international Intellectual Property (IP) rules and the human rights.

Long-form article

Arindrajit Basu, Extra Territorial Surveillance and the incapacitation of international human rights law, 12 NUJS LAW REVIEW 2 (2019)
Gurshabad Grover and Arindrajit Basu, ”Internet Blockage”(Scenario contribution to NATO CCDCOE Cyber Law Toolkit,2021)
Arindrajit Basu and Elonnai Hickok, Conceptualizing an international framework for active private cyber defence (Indian Journal of Law and Technology, 2020)
Arindrajit Basu,Challenging the dogmatic inevitability of extraterritorial state surveillance in Trisha Ray and Rajeswari Pillai Rajagopalan (eds) Digital Debates: CyFy Journal 2021 (New Delhi:ORF and Global Policy Journal,2021)

Blog Posts and op-eds

Arindrajit Basu, “Unpacking US Law And Practice On Extraterritorial Mass Surveillance In Light Of Schrems II”, Medianama, 24th August 2020
Anubha Sinha, “World Intellectual Property Organisation: Notes from the Standing Committee on Copyright Negotiations (Day 1, Day 2, Day 3 and 4)”, July 2021
Raghav Ahooja and Torsha Sarkar,How (not) to regulate the internet:Lessons from the Indian Subcontinent,Lawfare,September 23,2021,

Bilateral Relationships

Technology has become a crucial factor in shaping bilateral and plurilateral co-operation and competition. Given the geopolitical fissures and opportunities since 2020, our research has focussed on how technology governance and cybersecurity could impact the larger ecosystem of Indo-China and India-US relations. Going forward, we hope to undertake more research on technology in plurilateral arrangements, including the Quadrilateral Security Dialogue.

Arindrajit Basu and Justin Sherman, The Huawei Factor in US-India Relations,The Diplomat, 22 March 2021
Aman Nair, “TIkTok: It’s Time for Biden to Make a Decision on His Digital Policy with China,” Centre for Internet and Society, January 22, 2021,
Arindrajit Basu and Gurshabad Grover, India Needs a Digital Lawfare Strategy to Counter China, The Diplomat, 8th October 2020
Anam Ajmal, The app ban will have an impact on the holding companies...global power projection begins at home, Times of India, July 7th, 2020 (Interview with Arindrajit Basu)
Justin Sherman and Arindrajit Basu, Trump and Modi embrace, but remain digitally divided, The Diplomat, March 05th, 2020

Emerging Technologies

Governance needs to keep pace with the technological challenges posed by emerging technologies, including 5G and AI. To do so an interdisciplinary approach that evaluates these scientific advances in line with the regimes that govern them is of utmost importance. While each country will need to regulate technology through the lens of their strategic interests and public policy priorities, it is clear that geopolitical tensions on standard-setting and governance models compels a more global outlook.

Long-Form reports

Anoushka Soni and Elizabeth Dominic, Legal and Policy implications of Autonomous weapons systems (Centre for Internet and Society, 2020)
Aayush Rathi, Gurshabad Grover, and Sunil Abraham, Regulating the internet: The Government of India & Standards Development at the IETF (Centre for Internet and Society, 2018)

Blog posts and op-eds

Aman Nair, Would banning Chinese telecom companies make India 5G secure in India? Centre for Internet and Society, 22nd December 2020
Arindrajit Basu and Justin Sherman, Two New Democratic Coalitions on 5G and AI Technologies, Lawfare, 6th August 2020
Nikhil Dave, The 5G Factor: A Primer, Centre for Internet and Society, July 20, 2020.
Gurshabad Grover, The Huawei bogey Indian Express, May 30th, 2019
Arindrajit Basu and Pranav MB, What is the problem with 'Ethical AI'?:An Indian perspective, Centre for Internet and Society, July 21, 2019

(This compendium was drafted by Arindrajit Basu with contributions from Anubha Sinha. Aman Nair, Gurshabad Grover, and Pranav MB reviewed the draft and provided vital insight towards its conceptualization and compilation. Dishani Mondal and Anand Badola provided important inputs at earlier stages of the process towards creating this compendium)

For more details visit https://cis-india.org/internet-governance/blog/arindrajit-basu-september-24-2021-the-geopolitics-of-cyberspace-compendium-of-cis-research

The generation of e-Emergency

sunil — 2015-06-29T16:40:54Z

The next generation of censorship technology is expected to be ‘real-time content manipulation’ through ISPs and Internet companies.

The article was published in Livemint on June 22, 2015.

Censorship during the Emergency in the 1970s was done by clamping down on the media by intimidating editors and journalists, and installing a human censor at every news agency with a red pencil. In the age of both multicast and broadcast media, thought and speech control is more expensive and complicated but still possible to do. What governments across the world have realized is that traditional web censorship methods such as filtering and blocking are not effective because of circumvention technologies and the Streisand effect (a phenomenon in which an attempt to hide or censor information proves to be counter-productive). New methods to manipulate the networked public sphere have evolved accordingly. India, despite claims to the contrary, still does not have the budget and technological wherewithal to successfully pull off some of the censorship and surveillance techniques described below, but thanks to Moore’s law and to the global lack of export controls on such technologies, this might change in the future.

First, mass technological-enabled surveillance resulting in self-censorship and self-policing. The coordinated monitoring of Occupy protests in the US by the Department of Homeland Security, the Federal Bureau of Investigation (FBI) counter-terrorism units, police departments and the private sector showcased the bleeding edge of surveillance technologies. Stingrays or IMSI catchers are fake mobile towers that were used to monitor calls, Internet traffic and SMSes. Footage from helicopters, drones, high-res on-ground cameras and the existing CCTV network was matched with images available on social media using facial recognition technology. This intelligence was combined with data from the global-scale Internet surveillance that we know about thanks to the National Security Agency (NSA) whistle-blower Edward Snowden, and what is dubbed “open source intelligence” gleaned by monitoring public social media activity; and then used by police during visits to intimidate activists and scare them off the protests.

Second, mass technological gaming—again, according to documents released by Snowden, the British spy agency, GCHQ (Government Communications Headquarters), has developed tools to seed false information online, cast fake votes in web polls, inflate visitor counts on sites, automatically discover content on video-hosting platform and send takedown notices, permanently disable accounts on computers, find private photographs on Facebook, monitor Skype activity in real time and harvest Skype contacts, prevent access to certain websites by using peer-to-peer based distributed denial of service attacks, spoof any email address and amplify propaganda on social media. According to The Intercept, a secret unit of GCHQ called the Joint Threat Research Intelligence Group (JTRIG) combined technology with psychology and other social sciences to “not only understand, but shape and control how online activism and discourse unfolds”. The JTRIG used fake victim blog posts, false flag operations and honey traps to discredit and manipulate activists.

Third, mass human manipulation. The exact size of the Kremlin troll army is unknown. But in an interview with Radio Liberty, St. Petersburg blogger Marat Burkhard (who spent two months working for Internet Research Agency) said, “there are about 40 rooms with about 20 people sitting in each, and each person has their assignments.” The room he worked in had each employee produce 135 comments on social media in every 12-hour shift for a monthly remuneration of 45,000 rubles. According to Burkhard, in order to bring a “feeling of authenticity”, his department was divided into teams of three—one of them would be a villain troll who would represent the voice of dissent, the other two would be the picture troll and the link troll. The picture troll would use images to counter the villain troll’s point of view by appealing to emotion while the link troll would use arguments and references to appeal to reason. In a day, the “troika” would cover 35 forums.

The next generation of censorship technology is expected to be “real-time content manipulation” through ISPs and Internet companies. We have already seen word filters where blacklisted words or phrases are automatically expunged. Last week, Bengaluru-based activist Thejesh GN detected that Airtel was injecting javascript into every web page that you download using a 3G connection. Airtel claims that it is injecting code developed by the Israeli firm Flash Networks to monitor data usage but the very same method can be used to make subtle personalized changes to web content. In China, according to a paper by Tao Zhu et al titled The Velocity of Censorship: High-Fidelity Detection of Microblog Post Deletions, “Weibo also sometimes makes it appear to a user that their post was successfully posted, but other users are not able to see the post. The poster receives no warning message in this case.”

More than two decades ago, John Gilmore, of Electronic Frontier Foundation, famously said, “the Net interprets censorship as damage and routes around it.” That was when the topology of the Internet was highly decentralized and there were hundreds of ISPs that competed with each other to provide access. Given the information diet of the average netizen today, the Internet is, for all practical purposes, highly centralized and therefore governments find it easier and easier to control.

For more details visit https://cis-india.org/internet-governance/blog/livemint-june-22-2015-sunil-abraham-the-generation-of-e-emergency

The Future of the Internet, Who Should Govern It and What is at Stake for You?

praskrishna — 2014-02-12T11:12:54Z

Internet and Mobile Association of India, Cellular Operators Association of India, Internet Democracy project, Media for Change, SFLC and the Centre for Internet Society is organizing a Multi-stakeholder Dialogue on the future of internet on January 29, 2014 at Multipurpose Hall, India International Center (IIC).

Snehashish Ghosh will participate in the event as a speaker.

Schedule

10.00 - 10.30: Registration
10.30 -13.30: Discussion and Open House
13.30: Lunch

The meeting seeks to address, among others, the following questions:

The issue of governing the internet through a multistakeholder mechanism (including government, business, civil society, academia and the technical community) versus a multilateral one (or an intergovernmental one, including only governments in a decision making role) is leading the global discourse.

What is multistakeholderism? How is it practiced? How is it different from multilateralism or intergovernmental decision making? Why has multistakeholderism assumed such an important role in internet governance?
Moderator – Subi Chutervedi

Several of the arguments are based in a framework document known as ‘Tunis Agenda 2005’.
What is the role of the Tunis Agenda in these debates? Since its formulation 9 years ago, is it still relevant? What does “stakeholders in their respective roles” mean in 2014 and beyond?
Moderator – Subi Chaturvedi

The positions taken by the Government of India at international fora are linked to its cyber security concerns.
Will India’s position of multilateral/intergovernmental governance of the Internet actually address these cyber security concerns?
Moderator – Anja Kovacs

Since the Snowden revelations, mass surveillance by governments has assumed center stage and is driving the recent discourse.
Will a multilateral/inter-governmental mechanism adequately address serious concerns of government surveillance and intrusion into the privacy of internet users and citizens?
Moderator – Anja Kovacs

Innovation, freedom of speech and expression and privacy rights are critical to a free and open internet. How are these impacted under a multistakeholder vis-à-vis a multilateral/inter-governmental mechanism?
Moderator- Chinmayi Arun

Internet governance has both a domestic and a global angle. In 2014, what should be the process of policy making involving stakeholders? Should there be consultation and what should be the process, quality and outcome of such consultation, especially as it relates to Internet Governance?

What process should the government adopt before taking a position internationally and while formulating domestic policy related to internet governance?
Moderator Chinmayi Arun

For more details visit https://cis-india.org/events/future-of-internet-january-29-2014

The freedom of expression debate: The State must mend fences with The Web

praskrishna — 2013-01-07T10:30:21Z

A fortnight after her arrest, Renu Srinivasan spends her free time singing Ashley Tisdale's number Suddenly. The lyrics - Suddenly people know my name, suddenly, everything has changed - resonate with the story of her life ever since she 'liked' and 'shared' her friend, Shaheen Dhada's, 21, controversial post regarding Shiv Sena chief Bal Thackeray's funeral on Facebook on November 18 and got arrested for it.

The article by Rahul Jayaram was published in India Today on December 18, 2012. Pranesh Prakash is quoted.

She's now flooded with "hundreds" of messages on FB; some congratulatory, others abusive and gets at least a dozen friend requests on the social networking site. When Renu went to the doctor last week, two constables accompanied her.

"All of a sudden, there's too much attention on me," says the Botany graduate from Dandekar College and a budding singer who is making new friends in the virtual world. There's, however, a word from caution from her father P.A. Srinivasan: "Don't comment on controversial issues you don't understand."

Bloggers are careful. Krish Ashok, a well-known blogger is disappointed with the government's lack of engagement with India's surging online community. In a blog post in August 2010, he made fun of the Ramayana and the fact that women couldn't enter the Sabarimala temple in Kerala. A group called Hindu Janajagruti Samiti threatened to take him to court. Ashok spoke to his lawyer.

"I was amazed. She said no individual could take action against me. But a group or organisation could," he says. Since then, he has become more aware of his Internet rights.

Gursimran Khamba, who has over 30,000 followers on Twitter, kept his cool during Thackeray's death and funeral. When all the media went gaga over him, televising his family photo albums, Khamba, re-tweeted reports and accounts of the Shiv Sena's role during the Mumbai riots of 1992-93. "In my head, I am not courageous to say anything about it myself," he says. He didn't want to incite. He'd rather help his followers get a more nuanced picture of a venerated leader.

Palghar and after, has made Ashok think. "I would reduce the number of provocative posts I might make," he says. Khamba says he will stick to comedy and doesn't believe in offence for the sake of offending although "taking offence is our national sport."

It is a shame, for the Internet is growing in India like nobody's business. It's the medium of the age.

According to comScore, a company that measures Internet trends, India is the fastest growing online market in the last 12 months among BRIC nations. There were 44.5 million unique visitors in July 2011 and in July 2012 there were 62.6 million unique visitors. That is, a growth of 44 per cent in one year. The total Internet usage of 124.7 million users in July 2012, that is, a 41 per cent growth from last year (July 2011).

With 124 million users as of July 2012, India has an Internet penetration of 10 per cent. 75 per cent of India's online users are below the age of 35 making it one of the youngest Net-connected populations. 39.3 per cent of India's Internet population consists of females. It has the highest growth seen among 15 to 24 male and female segments. India has 56.2 million Facebook users and 4.1 million Twitter users. Facebook had 35.3 million users in July 2011 and it jumped to 52.1 million in July 2012. That's a growth of 47% in just one year!

Growth of the Internet is one thing. Freedom of the Internet is another. Freedom House, an American organisation that tracks political and civil liberties worldwide, is blunt in its assessment. India is third in terms of Internet penetration, after the United States and China. Before November 2008, government control over the Internet was limited. All that changed after the November 2008 Mumbai attacks.

Since then it says, "The need, desire, and ability of the Indian government to monitor, censor, and control the communication sector have grown. Given the range of security threats facing the country, many Indians feel that the government should be allowed to monitor personal communications such as telephone calls, email messages, and financial transactions. It is in this context that Parliament passed amendments to the Information Technology Act (ITA) in 2008, expanding censorship and monitoring capabilities. This trend continued in 2011 with the adoption of regulations increasing surveillance in cyber cafes. Meanwhile, the government and non-state actors have intensified pressure on intermediaries, including social media applications, to remove upon request a wide range of content vaguely defined as "offensive" and potentially pre-screen user-generated content. Despite new comprehensive data protection regulations adopted in 2011, the legal framework and oversight surrounding surveillance and interception remains weak, and several instances of abuse have emerged in recent years."

Over this year we have had the cases of cartoonist Aseem Trivedi being put in jail and later released in September. In April, Ambikesh Mahaptra of Jadavpur University in Kolkata was arrested for a cartoon poking fun at West Bengal chief minister Mamta Banerjee and Railway Minister Mukul Roy. In October, Ravi, owner of plastic packaging material factory was arrested and let off on bail for joking about Finance Minister P. Chidambaram's son, Karti. The list gets longer. The Web and the State are at loggerheads. Why?

Lawyers and bloggers haul up Internet laws. And for such a community, we have laws like Section 66 (A) of the Information Technology Act of 2000. The law states that "any person who sends by means of a computer resource or a communication device, any information that is grossly offensive or has menacing character," can be booked for online crime.

Legal experts think Section 66 (A) and the whole of the IT Act of 2000, needs revisiting. According to cyber lawyer Pavan Duggal, Section 66 (A) "is a vanilla provision that can be used for anything online."

Section 66(A) seeks to empower the police and the complainant. "The words 'grossly offensive' and 'menacing character' of Section 66 (A) have no definition given. Normal, legitimate bona fide conversation between boyfriend and girlfriend at noble times online is fine. Once relationship sours, and they are gone."

"It's not clear what the purpose of Section 66A is. It's like having a single provision covering murder, assault, intimidation, and nuisance, and prescribing the same penalty for all of them," says Pranesh Prakash of the Center for Internet and Society, Bangalore. Terminology and the law's purpose are massive concerns.

"The extent of the ambiguity of Section 66A is worrying. Laws need to be very clear about what they want to achieve. If it is murder, then it must say murder. If its attempted murder, it must be clear it is attempted murder. Section 66 A is trying to do too many things at the same time. Its canvas is too vast," says Rajeev Chandrasekar.

As a country, we look to imitate the West, and often copy it badly. Some wonder if we need to mime the West. Pranesh Prakash thinks the Indian Constitution is stronger on free speech grounds than the (unwritten) UK Constitution, and the judiciary has wide powers of judicial review of statutes (i.e., the ability of a court to strike down a law passed by Parliament as 'unconstitutional').

Judicial review of statutes does not exist in the UK (with review under its EU obligations being the exception) as they believe that Parliament is supreme, unlike India. Putting those two aspects together, a law that is valid in the UK might well be unconstitutional in India for failing to fall within the eight octagonal walls of the reasonable restrictions allowed under Article 19(2).

Rajeev Chandrasekar thinks the Brits got it right. During the London riots of June 2011, "the UK government kept a tab on social media networking sites so as to check incitement, he says. It was a good example of clear legislation and effective execution, in an extreme scenario." To defuse online paranoia he wants the government to have a multi-stakeholder arrangement in fixing IT laws. This must involve users, IT companies, cyber cafe owners and the government. The State must mend fences with the Web.

For more details visit https://cis-india.org/news/india-today-rahul-jayaram-december-18-2012-the-freedom-of-expression-debate

The Four Parts of Privacy in India

bhairav — 2015-08-23T13:02:28Z

For more details visit https://cis-india.org/internet-governance/blog/four-parts-of-privacy.pdf

The Four Parts of Privacy in India

bhairav — 2015-08-23T13:04:50Z

Privacy enjoys an abundance of meanings. It is claimed in diverse situations every day by everyone against other people, society and the state.

Traditionally traced to classical liberalism’s public/private divide, there are now several theoretical conceptions of privacy that collaborate and sometimes contend. Indian privacy law is evolving in response to four types of privacy claims: against the press, against state surveillance, for decisional autonomy, and in relation to personal information. The Indian Supreme Court has selectively borrowed competing foreign privacy norms, primarily American, to create an unconvincing pastiche of privacy law in India. These developments are undermined by a lack of theoretical clarity and the continuing tension between individual freedoms and communitarian values.

This was published in Economic & Political Weekly, 50(22), 30 May 2015. Download the full article here.

For more details visit https://cis-india.org/internet-governance/blog/economic-and-political-weekly-bhairav-acharya-may-30-2015-four-parts-of-privacy-in-india

The Five Monkeys & Ice-cold Water

sunil — 2012-10-30T10:43:38Z

The Indian government provides leadership, both domestically and internationally, when it comes to access to knowledge.

This article by Sunil Abraham was published in Deccan Chronicle on September 16, 2012.

Our domestic patent policy ensures that generic medicines are available and largely affordable not only within India but also in Africa and elsewhere. It also allows Indians to consume a wide range of technological innovations without worrying about legal bans that are an otherwise common feature in the developed countries, thanks to phenomena such as the ongoing mobile phone patent wars.

Copyright policy, including the last amendment of the copyright act, has ensured that fair dealing and the rights of students, researchers, disabled, etc., are protected. Texts, audio and video for education and entertainment are relatively affordable, especially in comparison to other countries in the Asia-Pacific.

Even at the World Intellectual Property Organisation, other developing countries look to India for guidance. The interventions of the copyright registrar G.R. Raghavender and the Indian team won praise during the most recent round of negotiations for the Treaty for the Visually Impaired. An excellent example of India's soft power protecting public interest at home and abroad.

In diametrical contrast, India has a terrible track record when it comes to freedom of expression, especially expression mediated by networked technologies such as telecommunications and the Internet.

Our policy-makers seem determined to extinguish the privacy of communications and also anonymous/pseudonymous speech through such devices as Know Your Customer (KYC) and data retention requirements for accessing the Internet through cyber-cafes, mobile phones, dial-up or broadband, ban on open wi-fi networks, plans to tie together Aadhaar and NATGRID and Central Monitoring System (CMS) to track a citizen using his/her UID across devices, networks and intermediaries, and requiring real-time interception equipment to be installed at all network and data centres.

All these without any horizontal privacy law or a data protection law that is compliant with international best practices. Security hawks argue that this pervasive, multi-tiered surveillance regime helps thwart criminal and terrorist attacks, but its poor design extracts a terrible price in terms of freedom of expression.

Citizens who cannot express themselves anonymously and privately begin to censor themselves, seriously undermining our democracy, which is most importantly founded on an anonymous expression, the electoral ballot.

In addition, in April 2011, rules under the amended IT Act were notified for intermediaries that have a chilling effect on free speech via unclear and unconstitutional limits on freedom of expression, encouragement of private censorship without any notice to those impacted, missing procedure for redress, and lack of penalties for those who abuse the rules to target legitimate speech. This was followed by calls for proactive censorship of social media, which caused much outrage amongst the twitterati.

Even when the government had legitimate grounds (the recent exodus of North-East Indians) to censor free speech, it overreached and acted incompetently, cracking down on parody accounts on social media rather than carefully configuring the text message ban. As if that weren't enough, the government beats up a cartoonist and jails him for sedition.

There’s a plan behind such attacks on free speech. The powerful in India, with their fragile egos, can afford expensive lawyers who can ensure that for those who dare to speak their mind, “the process is the punishment”, as Lawrence Liang of the Alternative Law Forum put it. Needless to say, cartoonists and others that dare to speak their mind cannot usually afford the time and expense of courts.

An experiment featuring monkeys, bananas and ice-cold water, commonly attributed to the late American psychologist Harry Harlow, explains what’s being attempted by those who attack free speech. First, five monkeys are put in a cage with bananas hanging from the top that can be reached by climbing a ladder. Every time one of the monkeys try to climb the ladder, ice-cold water is thrown on all of them. Soon, the monkeys learn not to climb the ladder.

Then, one of them is replaced with a monkey that has never been drenched with ice-cold water. When the new monkey tries to climb the ladder, the other four monkeys attack it and prevent it from reaching the banana. This is continued till all the original monkeys are replaced with new ones.

When that’s done, although none of the monkeys left in the cage has ever been drenched with ice-cold water, they continue to enforce the regulation on themselves. This is what has happened in China. This is what is being attempted here – to social engineer the Indian netizen.

For more details visit https://cis-india.org/internet-governance/www-deccan-chronicle-sep-16-2012-sunil-abraham-the-five-monkeys-and-ice-cold-water

The Fight for Digital Sovereignty

sunil — 2013-10-25T07:29:22Z

It is time to incorporate free software principles to address the issue of privacy. Thanks to the revelations of Edward Snowden, a former contractor to the United States (US) National Security Agency (NSA) who leaked secrets about the agency’s surveillance programmes, a 24-year-old movement aimed at protecting the rights of software users and developers has got some fresh attention from policymakers.

The article was published in the Economic & Political Weekly, Vol-XLVIII No. 42, October 19, 2013

The free and open source software movement (often collectively labelled as FOSS or sometimes FLOSS, with the “l” standing for “libre”) guarantees four freedoms through a copyright licence – the freedom to use for any purpose, the freedom to study the code, the freedom to modify it and the freedom to distribute the modified code gratis or for a fee. Free software principles have permeated the world in the form of movements around open standards, open content, open access and open data. The second freedom is the most critical in an open society. Privacy, security and integrity are best achieved through the transparency guaranteed by free software rather than the opacity of proprietary software.

Free software is directly useful in deciding on the software required for your device operating system and applications. NSA’s surveillance programme covered operating system vendors like Microsoft and Apple, and application vendors like Skype. The concerns raised by such surveillance programmes are best addressed by shifting to free software. Increasingly, this is possible on mobile devices because of the availability of Android derivatives that keep Google’s nose out of your business and on other personal computing devices through GNU/Linux distributions such as Ubuntu. Ideally, this should be accomplished by a mandate for government and public infrastructure in specific areas where free software alternatives are on par with proprietary competitors. Two other policy options remain outside procurement policies for hardware – code escrow and independent audits. Firms that are willing to share code with the government should be preferred over those that do not, thereby encouraging proprietary software companies to provide for the second freedom in free software within a limited context. Code escrow could improve the quality of the independent audit.

Unfortunately, open hardware based on free software principles is still a fringe phenomenon in terms of market share. The Indian government cannot afford bans on foreign products, unlike the intelligence and military of Australia, the US, Britain, Canada and New Zealand, which recently prohibited the use of Lenovo machines in “secret” and “top secret” networks. Last October, the US government banned US telecos from using equipment from Huawei and ZTE. Both these bans are not based on any credible public evidence regarding back doors in any of the products manufactured by these Chinese companies. The Indian government, using funds like the Universal Service Obligation Fund, should support competitive research to reverse-engineer and analyse all foreign and indigenous hardware to ensure that there is no national security threat or infringement on the individual’s right to privacy. One example would be a research project to determine whether China-manufactured phones call home when they are used on Indian telecom networks.

Cloud and other online services run by corporations could also completely undermine privacy and security. This again can be partially addressed through the transparency enabled by free software and open standards. To begin with, the government must ban the use of Google, Yahoo, Hotmail, etc, for official purposes by those in public office, law enforcement and the military, while simultaneously mandating the use of cryptography for all sensitive material and communication. It should not, however, mandate the use of National Informatics Centre (NIC) infrastructure as it may be a single point of failure; instead, a variety of open-standards-compliant and free-software-based infrastructure for all public sector information communication technology (ICT) requirements should be encouraged. This procurement bias will result in the growth of domestic server administration and security competence, thus creating and contributing towards the establishment of a market for affordable privacy and security-enhanced services that ordinary citizens and private sector organisations can access.

The end objective through means such as free software, open hardware, code escrow and independent audits is sovereignty over software, hardware, cloud and network infrastructure. However, the state, the private sector, the consumer and the citizen may disagree on the details. Apart from law enforcement and national security concerns that may require targeted surveillance, there are other occasions when technological possibilities may have to be curtailed through policy to protect human rights and the public interest. For example, to implement the internationally accepted privacy principle of notice on electronic recording devices, some jurisdictions may require that video recorders display a blinking red light and that digital cameras make an audible click sound just like analog cameras. This was first initiated in South Korea to reduce the incidence of “upskirt photography”. This type of law may become more commonplace when technologies like Google Glass become more popular. In other words, absolute digital sovereignty may need to be curtailed in order to protect human rights in certain circumstances. But code could be used to resist regulation through law, thereby converting both the software and hardware layers of devices and networks into a battleground for sovereignty between the free software hacker and the state.

For more details visit https://cis-india.org/a2k/blogs/epw-vol-xlviii-42-october-19-2013-sunil-abraham-the-fight-for-digital-sovereignty