Centre for Internet and Society

The (in)Visible Subject: Power, Privacy and Social Networking

rebecca — 2011-08-18T05:06:52Z

In this entry, I will argue that the interplay between privacy and power on social network sites works ultimately to subject individuals to the gaze of others, or to alternatively render them invisible. Individual choices concerning privacy preferences must, therefore, be informed by the intrinsic relationship which exists between publicness/privateness and subjectivity/obscurity.
The Architecture of Openness

Through a Google search or a quick scan of Facebook, people today are able to gain “knowledge” on others in a way never once possible. The ability to search and collect information on individuals online only continues to improve as online social networks grow and search engines become more comprehensive. Social networks, and the social web more broadly, has worked to fundamentally alter the nature of personal information made available online. Social networking services today enable the average person, with web access, to publish information through a “social profile”. Personal information made available online is now communicative, narrative and biographic. Consequentially, social profiles have become rich containers of personal information that can be searched, indexed and analyzed.

The architecture of the social web further encourages users to enclose volumes of personally identifiable information. Most social network sites embrace the “ethos of openness” as, by default, most have relaxed privacy settings. While most sites give users relative control over the disclosure of personal information, services such as MySpace, Facebook and Live Journal are far ahead of the black and white public/private privacy models of sites such as Bebo and Orkut. Bebo, for example, only allows users to disclose information to “friends” or “everyone”, granting little granularity for diverse privacy preferences. MySpace and Facebook, on the other hand, have made room for “friends of friends”, among other customizable group preferences. All networking sites also consider certain pieces of basic information publicly available, without privacy controls. On most sites, this includes name, photograph, gender and location, and list of friends. Okrut, however, considers far more information to public—leaving the political views and religions of its’ members public. This openness leaves the individual with little knowledge or control over how their information is viewed, and subsequently used.

Search functionality has also increased the visibility of individuals outside their immediate social network. For example, sites such Facebook and LinkedIn index user profiles through Google search. Furthermore, all social network sites index their users, effectively allowing profiles to be searched by other users through basic registration data, such as first and last name or registered email address. While most services allow users to remove their profiles from external search engines, they are often not able to effectively control internal searches. Orkut, for example, does not allow users to disable internal searches according to their first and last names. LinkedIn and MySpace also maintains that users be searchable by their email addresses.

Through this open architecture and search functionality, social network sites have rendered individuals more “visible” vis-à-vis one another. The social web has effectively altered the spatial dimensions of our social lives as grounded, embodied experience becomes ubiquitous and multiply experienced. Privacy, in the online social milieu, assumes greater fluidity and varied meaning—transcending spatially constructed understandings of the notion.

While the architecture of social networking sites encourages users to be more “public”, heightened control, or “more privacy” is generally suggested as the panacea to privacy concerns. However, the public/private binary of privacy talk often fails to capture the complex nexus which exists between privacy and power in the networked ecosystem. Privacy preferences on social networks, and the consequences thereof, are effectively shaped and influenced by structures of power. In this entry, I will argue that the interplay between privacy and power works ultimately to expose individuals to the subjective gaze of others, or to render them invisible. In this respect, individual choices concerning privacy preferences must be informed by the intrinsic relationship between notions of publicness/privateness and subjectivity/obscurity.

Power and Subjectivity

The searchable nature of the social profile allows others to quickly and easily aggregate information on one another. As privacy scholar Daniel Solve notes, social searching may be of genuine intent – individuals use social networking services to locate old friends, and to connect with current colleagues. However, curiosity does not always assume such innocence, as fishing expeditions for personal information may serve the purpose of judging individuals based perception of the social profile. The relatively power of search and open information can be harnessed to weed out potential job applicants, or to rank college applicants. Made possible through the architecture of the web and social constructions of power, individuals may be subjected to the deconstructive gaze of superiors.

The architecture of social networking sites significantly compliments this nexus between privacy and power. As individual behavior and preferences become more transparent, the act of surveillance is masked behind the ubiquity and anonymity of online browsing. Drawing on Foucault’s panopticism, social networks make for the “containerization” of social space –allowing the powerful to subjectively hierarchize and classify individuals in relation to one another [1]. This practice becomes particularly troublesome online, as individuals are often unable to control how they are constructed by others in cyberspace.

Perfect control is difficult to guarantee in an ecosystem where personal information is easily searched, stored, copied, indexed, and shared. In this respect, the privacy controls of social networking sites are greatly illusory. Googling an individual’s name, for example, may not reveal the full social profile of an individual, but may unveil dialogue involving the individual in a public discussion group. The searchable nature of personal information on the web has both complicated and undesirable consequences for privacy of the person for, what I believe, to be two main reasons.

The first point refers to what Daniel J. Solve describes as the “virtue of knowing less”. Individuals may be gaining more “information” on others through the internet, but this information is often insufficient for judging one’s character as it only communicates one dimension of an individual. In her work, Helen Nissenbaum emphasizes the importance contextual integrity holds for personal information. When used outside its intended context, information gathered online may not be useful for accurately assessing an individual. In addition, the virtual gaze is void of the essential components of human interaction necessary to effectively understand and situate each other. As Solve notes, certain information may distort judgment of another person, rather than increasing its accuracy.

Secondly, the act of surveillance through social networks work to undermine privacy and personhood, as individuals seek to situate others as “fixed texts” [2]. Due to the complex nature of the social self, such practice is undesirable. Online social networks are socially constructed spaces, with diverse meanings assigned by varied users. One may utilize a social network service to build and maintain professional relationships, while another may use it as an intimate space to share with close friends and family. James Rachels’ theory of privacy notes that privacy is important, as it allows individuals to selectively disclose information and to engage in behaviors appropriate and necessary for maintaining diverse personal relationships. Drawing on the work of performance theorists such as Judith Butler, we can assert that identity is not fixed or unitary, but is constituted by performances that are directed at different audiences [3]. Sociologist Erving Goffman also notes that we “live our lives as performers… [and] play many different roles and wear many different masks” [4]. Individuals, therefore, are inclined to perform themselves online according to their perceived audiences. It is the audience, or the social graph, which constructs the context that, in turn, informs individual behavior.

Any attempt to situate and categorize the individual becomes particularly problematic in the context of social networks, where information is often not intended for the purpose for which it is being used. Due to the complex nature of human behavior, judgments of character based on online observation only effectively capture one side of the “complicated self”. As Julie Cohen writes, the “law often fails to capture the mutually constitutive interactions between self and culture, the social constructions of systems of knowledge, and the interplay between systems of knowledge and systems of power”. Because the panoptic gaze is decentralized and anonymous in the networked ecosystem, individuals will often bear little knowledge on how their identities are being digitally deconstructed and rewired. Most importantly, much of this judgment will occur without individual consent or knowledge—emphasizing the transparent nature of the digital self.

Power and (in)visibility

In response to the notion that the architecture of the social web may render individuals transparent to the gaze of others, the need for more “control” over privacy on social network sites has captured the public imagination. Facebook’s abrupt privacy changes, for example, have received widespread attention in the blogosphere and even by governments. While popular privacy discourse often continues to fixate on the public/private binary—Facebook’s questionable move towards privacy decontrol has raised important questions of power and privilege.

A recent blog post by danah boyd nicely touches upon the dynamics of power, public-ness, and privilege in the context of online social networking. As she notes, “Public-ness has always been a privilege… but now we've changed the equation and anyone can theoretically be public… and seen by millions. However, there are still huge social costs to being public…the privileged don’t have to worry about the powerful observing them online…but most everyone else does –forcing people into the public eye doesn’t dismantle the structures of privilege and power, but only works to reinforce them” (emphasis added).

This point touches upon an important idea —that publicity has value. This nexus between visibility and power is one which unfolds quite clearly in the social media ecosystem. One’s relevance or significance could, arguably, be measured relative to online visibility. Many individuals who are seen as “leaders” within their own professional or social circles often maintain public blogs, maintain a herd of followers on Twitter, and often manage large numbers of connections on social network sites. The more information written by or on an individual online, arguably, the more relevant they appear to in the eyes of their peers and superiors alike.

Power and privilege, however experienced, will be mirrored in the online context. While the participatory and decentralized nature of Web 2.0 arguably works challenge traditional structures of power, systemic hierarchies and are often reinforced online –as Facebook’s privacy blunders clearly illustrates. The privileged need not worry about the subjective gaze of their superiors, as boyd notes. Those who may be compromised due to the lack of privateness, however, do. As boyd goes on to argue, “the privileged get more privileged, gaining from being exposed… and those struggling to keep their lives together are forced to create walls that are constantly torn down around them”. As public exposure may over often equate to power, we must critically challenge the assumption that the move towards more privacy control on social networks will best empower its members.

If publicity can potentially have great value for the individual, the opposite also rings true. Privacy, as polemic to publicness, alternatively works to diminish the presence of the individual, rendering them invisible or irrelevant within hyper-linked networks. With greater personal protectionism online, an individual may go unnoticed or unrecognized, fizzling out dully behind their more public peers. Drawing on social network theory, powerful people can be understood as “supernodes” as they connect more peripheral members of a network. As Lior Strahilevitz notes, supernodes tend to be better informed than the peripherals, and are most likely to be perceived as “leaders”.

As the power of the supernode relates to privacy, Strahilevitz states that that “supernodes maintain their privileged status by continuing to serve as information clearinghouses….and, in certain contexts, become supernodes based in part on their willingness to share previously private information about themselves”. It is within the context of visibility and power that the idea of (in)visibility and powerlessness online unfold. Those who have most at risk by going public, may chose not to do so. Those with in comfortable positions with considerably less to lose by going public may be inclined to “open up”. Heightened privacy controls on social network services, therefore, can work to reinforce the very structures of power they seek to dismantle.

This is not to argue, however, that more privacy is necessarily bad, and that less privacy is good, or that users shouldn’t be selective in their disclosures – to the contrary. As personal information has become ubiquitous and tools for aggregating information improve, maintaining privacy online becomes more pertinent than ever. However, the concept of privacy will only continue to become increasingly complex as digital networks continue to deconstruct and reconfigure the spatial dimensions of the public and private. How are we to effectively understand privacy in a social environment which values openness and publicity? Can the fluid and dynamic self gain visibility online without becoming subject to the gaze of superiors? Will those who selectively choose friends and carefully disclose personal information fizzle out, while the powerful and less inhibited continue to reassert privilege? The interplay between power and privacy on the social web is a multiply constitutive and reinforcing synergy –understanding how to effectively strike balance between the right to privacy and self-determination is the challenge ahead.

1. see “Foucault in Cyberspace” by James Boyle

2. Julie Cohen

3. Cohen citing Butler

4. Solve citing Goffman

Document Actions

For more details visit https://cis-india.org/openness/blog-old/the-in-visible-subject-power-privacy-and-social-networking

That’s the unkindest cut, Mr Sibal

sunil — 2011-12-12T04:59:00Z

There’s Kolaveri-di on the Internet over Kapil Sibal’s diktat to social media sites to prescreen users’ posts. That diktat goes far beyond the restrictions placed on our freedom of expression by the IT Act. But, says Sunil Abraham of the Centre for Internet and Society, India is not going to be silenced online.

Thanks to leaked reports about unpublicised meetings that communications minister Kapil Sibal had with social media operators – or Internet intermediaries, to use legalese — such as Facebook, Google and Indiatimes.com, censorship policy in India has gained public attention, and caused massive outrage.

According to The New York Times India Ink reportage, quoting unnamed sources from the Internet intermediaries, Mr Sibal demanded proactive and pre-emptive screening of posts that people make on social media sites, ostensibly to filter out or remove “offensive” content and hate speech. In a television interview, however, the minister denied he wanted to censor what Indians thought and shared with others online.

One is tempted to believe him. He was, after all, the amicus for the landmark People’s Union of Civil Liberties (PUCL) wiretapping judgment of 1996, which is pivotal to protecting our civil liberties when using communication technology in India.

Last week, though, Mr Sibal came out in public with his demands, saying that there was a lot of content that risked hurting the sensibilities of people and could lead to violence. “It was brought to my notice some of the images and content on platforms like Facebook, Twitter and Google are extremely offensive to the religious sentiments of people ...”We will not allow Indian sentiments and religious sentiments of large sections of the community to be hurt,” he said.

There was even a threat of state action if Internet companies did not comply with demands to screen content before it was posted online.

The NYT blogpost said, however, quoting executives from the Internet companies Mr Sibal had reportedly met, that the minister showed them a Facebook page that maligned Congress president Sonia Gandhi and told them, “This is unacceptable.”

Google responded to Mr Sibal by releasing its Transparency Report, saying that out of 358 items that it had been requested to remove between January and June 2011, only eight requests pertained to hate speech, while as many as 255 complaints were against “government criticism”.

Indian netizens raged against Mr Sibal, and very quickly #IdiotKapil Sibal was ‘trending’ on Twitter, with thousands posting comments against attempts to ‘censor’ Internet content. Much has changed, in Mr Sibal’s reckoning, between 1996 and 2011.

So, what’s all the fuss over ‘pre-screening’ and what’s at stake here? Critics of Mr Sibal say, our freedom of speech and expression is under threat. They see a pattern in the way the government has sought to impose rules and restrictions on Internet and telecommunications players, with demands on BlackBerry-maker RIM to give it access to its users’ email and messenger content, on telecom players to install electronic surveillance equipment and let the government eavesdrop as it sees fit, and on the likes of Google and Yahoo to part with email content and users’ details.

It all started with the amendments to the Information Tech-nology Act 2000 in 2008. Together, they constitute damaging consequences for citizens, including the creation of a multi-tier blanket surveillance regime, inappropriate security recommendations, and undermining freedom of speech and expression.

The amendments passed in 2008 — without any discussion in Parliament – did solve some existing policy concerns, but simultaneously introduced new ones. For instance, Section 66, introduced during this amendment, criminalises sending offensive messages through any ICT-based communication service.

Offensive messages are described as “grossly offensive, menacing character..... or causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will.” These terms are not defined in the IT Act or in any other existing law, rules or case-law, except for a couple of exceptions such as what constitutes “criminal intimidation”. These limits on the freedom of expression go well beyond Article 19(2) of the Constitution, which only permits “reasonable restrictions...in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality or in relation to contempt of court, defamation or incitement to an offence.”

If Mr Sibal himself were to don his lawyer’s coat again and launch a legal challenge to Section 66, in all likelihood, courts in India would strike it down as unconstitutional.

Section 79, which was amended, brought into being an intermediary liability regime. This was in part precipitated by the arrest of Avnish Bajaj, the former CEO of bazee.com in December 2004 for the infamous Delhi Public School MMS clip which was being sold on his e-commerce platform. Policy-makers were, however, convinced to follow international best practices and grant intermediaries immunity under certain conditions.

Just as the postal department is not considered liable for the content of letters or telecom operators liable for the content of phone conversations, Internet intermediaries, too, were to be considered “dumb pipes” or “common carriers” of content produced and distributed by users. Intermediaries therefore earned immunity from legal action so long as they acted upon take-down notices, or written requests for deletion of illegal content.

Section 79 was further clarified in April this year when the Intermediaries Guidelines Rules were notified. Stakeholders from the technology industry, media and civil society had sent feedback to the Department of Information Technology under the Ministry of Communication and Information Technology in February, but DIT choose to ignore the feedback and finalised rules with serious flaws in them. For one, a standardised “Terms of Service” that focused on limits on free expression had to be implemented by all intermediaries – forcing a one-size-fits-all approach.

Content that was 'harmful to minors' was not permissible regardless of the target market of the website. All intermediaries were supposed to act upon take-down notices within 36 hours, something that a Google may be able to do, but an average blogger could not.

Two, the vague terms introduced in Section 66A were left undefined. Intermediaries were asked to sit on judgment on the question of whether an article, image or video was causing 'inconvenience'.

Three, all principles of natural justice were ignored – the person responsible for posting the content would not be informed, s/he would not be given an opportunity to file a counter-notice to challenge the intermediary’s decision in court.

Four, the rules left it open for economically or politically motivated actors to seriously damage opponents online using fraudulent take-down notices, instead of treating abuse of the take-down notice system as an offence.

How the take-down system terrorises free expression on the Internet was illustrated when the Centre for Internet and Society, where this author works, undertook a research project. A pro-bono independent researcher who led the exercise sent fraudulent take-down notices to seven Internet companies in India. These included some of the largest and most popular Indian and foreign search engines, news portals and social media platforms.

Although they all employ the most competent lawyers in the country, six of the seven intermediaries over-complied, confirming our worst fears. In one case, a news portal deleted not just the specific comment that was mentioned in the take-down notice but 14 other comments as well. Most importantly, it must be pointed out, the comment identified in the take-down notice was itself an excellent piece of writing that could not be construed as “offensive” by any stretch!

In the single exception to the rule, one e-commerce portal refused to act upon a take-down notice trying to prevent the sale of diapers on the grounds that it was “harmful to minors”, rightly dismissing the notice as frivolous. But that exception simply proved a rule: Private intermediaries use their best lawyers to protect their commercial interests, but are highly risk-averse and do not value freedom of expression, unless it affects their bottomline.

Proactive and pre-emptive screening of social media content, as Mr Sibal has demanded, will only further compromise online civil liberties in what’s already a dismal situation. In short, we move from a post-facto to a pre-emptive censorship regime.

In fact, given the magnitude of the task of pre-screening in a nation with a 100 million Internet users and growing, such an intense censorship regime will mean not only that what Indian citizens say or post will be censored by private companies, but those private companies will, in turn, use machines to screen what humans are saying and doing! After all, otherwise, companies would require armies of human censors to screen the millions of posts that are made on Twitter and Facebook every minute.

But the Supreme Court has held that even the executive arm of government cannot engage in censorship prior to publication, let alone ordering private companies to do so. In any case, it’s a policy that’s bound to fail, for both technical reasons and for its failure to take into account human motivations.

Machines, as we know, continue to be poor judges of the nuances of human expression and will likely cause massive damage to the idea of public debate. Humans, on the other hand, will begin to circumvent machine filters – for example, content labelled as PRON instead of PORN will go through.

Draconian crackdown on certain types of fringe content is likely to have the counterproductive result of the general society developing an unhealthy obsession for exactly such content. Despite the comprehensive censorship controls in Saudi Arabia, for instance, pornography consumption is rampant, usually accessed via pirated satellite TV and circulated using personal computing devices and mobile phones.

But all is not lost yet, perhaps. Faced with the barrage of criticism, Mr Sibal has now called for public consultations on the issue of pre-screening content. There’s hope yet for freedom of speech and expression in India. Thanks to the Internet, a throwback to 1975 simply does not look possible.

Sunil Abraham is executive director of the Centre for Internet and Society, Bengaluru. He wrote this article in the Deccan Chronicle on December 11, 2011. Read the original here

For more details visit https://cis-india.org/internet-governance/unkindest-cut-mr-sibal

Ten Indian government agencies can now snoop on people’s internet data

Admin — 2018-12-25T00:33:47Z

In a significant attack on online privacy, India’s Home Affair’s Ministry has authorised no fewer than ten different central government agencies to intercept, monitor, and decrypt “any information generated, transmitted, received or stored in any computer”.

The blog post by David Spencer was published by VPN Compare on December 24, 2018. Pranesh Prakash was quoted.

The move has angered many Indian internet users, with the number of Indians turning to VPNs like ExpressVPN to protect their online privacy is expected to rise significantly.

Extending powers under and old law

The authorisation has been made under Section 69 (1) of the Information Technology Act, 2000 and Rule 4 of the Information Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) Rules.

While these laws have been in place for almost a decade, it is only now that the Ministry has decided to use them toenable the decryption and access of online data.

The agencies that can now look at what every single Indian citizen is doing online include the Intelligence Bureau, the Narcotics Control Bureau, the Enforcement Directorate, the Central Board of Direct Taxes, and the Directorate of Revenue Intelligence.

Other which will also be permitted to hack into people’s devices are the Central Bureau of Investigation; National Investigation Agency, the Cabinet Secretariat (R&AW), the Directorate of Signal Intelligence (only for the service areas of Jammu & Kashmir and North-East and Assam) and the Delhi Commissioner of Police.

The laws do notionally limit the circumstances in which these agencies can access private internet data, but as is so often the case, the definition of these circumstances are so vague as to render the restrictions almost meaningless.

Permissible circumstances include cases thought to be “in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any recognizable offence relating to above or for investigation of any offence.”

Indian lawyers have said that all of the above agencies will still have to comply with Rule 3 of Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

This requires permission from either the union home secretary or the secretary of the Home Affair’s Ministry before interception can take place.

The new powers could be illegal

The new permissions also raise the interesting prospect that all previous interception of data by these agencies could be both unconstitutional and illegal, according to one Indian technology policy analyst, Pranesh Prakash.

He also told The Wire that he believed “Section 69 and 69B of the IT Act are unconstitutional for being over-broad in what they allow interception and monitoring for, in demanding decryption from accused persons, and the punishments that they prescribe.”

The New Delhi based Internet Freedom Foundation echoed this opinion, releasing a statement which said, “the decision to authorise electronic snooping is unconstitutional and in breach of the telephone tapping guidelines, the Privacy Judgement and the Aadhaar judgement.”

Opponents of the Indian President, Narendra Modi, have argued that this latest decision is further evidence that he is turning India into a surveillance state.

Congress Party chief, Rahul Gandhi, said this move showed Modi is “an insecure dictator”, while others have argued that that this increased surveillance will have a “chilling effect” on democratic debate and dissent in India.

Srinivas Kodali, an independent security researcher in Hyderabad, told Al Jazeera the new powers would “make data collection from critics and political opponents easier [and] facilitate targeted raids against the opposition and critics.”

For their part, the Indian Government have used the age-old argument about the new powers helping them to combat “terrorism”.

VPN use expected to rise in India

For innocent India internet users, the reality is that their rights to online privacy have been significantly undermined by the new powers. There are now multiple central government agencies with the power to intercept, decrypt, and access their private online data, with minimal safeguards in place to protect their rights.

For most Indians, the new powers are a step to far, as has been seen by the angry response on social media.

It seems highly likely that the move will see more and amore Indian’s turning to a VPN to protect their online privacy. By connecting to a VPN, such as ExpressVPN, they are able to ensure all of their online data is encrypted by state-of-the-art encryption and also effectively anonymised.

It means that no government agency will be able to see what they are doing online and it will be almost impossible for their online activity to be traced back to them.

Using a VPN should protect internet users from the erosion of online rights the Indian Government is trying to implement. But it seems unlikely that it will stop the Modi administration from trying.

For more details visit https://cis-india.org/internet-governance/news/vpn-compare-david-spencer-december-24-2018-ten-government-agencies-can-now-snoop-on-peoples-internet-data

Technology in Government and Topics in Privacy

praskrishna — 2013-12-27T10:20:33Z

Malavika Jayaram is a speaker at an event organized by Data Privacy Lab at CGIS Cafe, Cambridge Street, Harvard University Campus. She will speak on Biometrics in Beta – India's Identity Experiment on December 9, 2013.

Technology in Government (TIG) and Topics in Privacy (TIP) consist of weekly discussions and brainstorming sessions on all aspects of privacy (TIP) and uses of technology to assess and solve societal, political, and government problems (TIG). Discussions are often inspired by a real-world problems being faced by the lead discussant, who may be from industry, government, or academia. Practice talks and presentations on specific techniques and topics are also common.

Abstract of the Talk

India's identity juggernaut - the Unique Identity (UID) project that has registered around 450 million people and is yet to be fully realized - is already the world's largest biometrics identity scheme. Based on the premise that centralized de-duplication and authentication will establish uniqueness and eliminate fraud, it is hailed as a game changer and a silver bullet that will solve myriad problems and improve welfare delivery, yet its conception and architecture raise significant concerns. In addition to the UID project, there is a slew of "Big Brother" systems that together form a matrix of identity and surveillance schemes: the UID is intended as a common identifier across this matrix as well as other public and private databases. Indian authorities frame Big Data as a panacea for fraud, corruption and abuse, without apprehending the further fraud, corruption and abuse that joined up databases can themselves engender. The creation of a privacy-invading technology layer not simply as a barrier to online participation but to social participation writ large is not fully appreciated by policy makers. Malavika will provide an overview of the identity landscape including the implications for privacy and free speech, and more broadly, democracy and openness.

Malavika Jayaram

Malavika is a Fellow at the Berkman Center for Internet and Society at Harvard, focusing on privacy, identity and free expression, especially in the context of India's biometric ID project. A Fellow at the Centre for Internet and Society, Bangalore, she is the author of the India chapter for the Data Protection & Privacy volume in the Getting the Deal Done series. She is one of 10 Indian lawyers in The International Who's Who of Internet e-Commerce & Data Protection Lawyers directory. In August 2013, she was voted one of India's leading lawyers - one of only 8 women to be featured in the "40 under 45" survey conducted by Law Business Research, London. In a different life, she spent 8 years in London, practicing law with global law firm Allen & Overy in the Communications, Media & Technology group, and as VP and Technology Counsel at Citigroup. During 2012-2013, She was a Visiting Scholar at the Annenberg School for Communication, University of Pennsylvania.

Click to read more on the event originally published by Data Privacy Lab here.

For more details visit https://cis-india.org/news/technology-in-government-and-topics-in-privacy

Technological Protection Measures in the Copyright (Amendment) Bill, 2010

pranesh — 2012-05-17T16:51:38Z

In this post Pranesh Prakash conducts a legal exegesis of section 65A of the Copyright (Amendment) Bill, 2010, which deals with the stuff that enables 'Digital Rights/Restrictions Management', i.e., Technological Protection Measures. He notes that while the provision avoids some mistakes of the American law, it still poses grave problems to consumers, and that there are many uncertainties in it still.

Technological Protection Measures are sought to be introduced in India via the Copyright (Amendment) Bill, 2010. This should be quite alarming for consumers for reasons that will be explained in a separate blog post on TPMs that will follow shortly.

In this post, I will restrict myself to a legal exegesis of section 65A of the Bill, which talks of "protection of technological measures". (Section 65B, which talks of Right Management Information will, similarly, be tackled in a later blog post.)

First off, this provision is quite unnecessary. There has been no public demand in India for TPMs to be introduced, and the pressure has come mostly from the United States in the form of the annual "Special 301" report prepared by the United States Trade Representative with input coming (often copied verbatim) from the International Intellectual Property Alliance. India is not a signatory to the WIPO Copyright Treaty (WCT) which requires technological protection measures be safeguarded by law. That provision, interestingly, was pushed for by the United States in 1996 when even it did not give legal sanctity to TPMs via its copyright law (which was amended in 2000 by citing the need to comply with the WCT).

TPMs have been roundly criticised, have been shown to be harmful for consumers, creators, and publishers, and there is also evidence that TPMs do not really decrease copyright infringement (but instead, quite perversely through unintended consequences, end up increasing it). Why then would India wish to introduce it?

Leaving that question aside for now, what does the proposed law itself say?

65A. Protection of Technological Measures

    (1) Any person who circumvents an effective technological measure applied for the purpose of protecting any of the rights conferred by this Act, with the intention of infringing such rights, shall be punishable with imprisonment which may extend to two years and shall also be liable to fine.

    (2) Nothing in sub-section (1) shall prevent any person from:

        (a) doing anything referred to therein for a purpose not expressly prohibited by this Act:

          Provided that any person facilitating circumvention by another person of a technological measure for such a purpose shall maintain a complete record of such other person including his name, address and all relevant particulars necessary to identify him and the purpose for which he has been facilitated; or

        (b) doing anything necessary to conduct encryption research using a lawfully obtained encrypted copy; or

        (c) conducting any lawful investigation; or

        (d) doing anything necessary for the purpose of testing the security of a computer system or a computer network with the authorisation of its owner; or

        (e) operator; or [sic]

        (f) doing anything necessary to circumvent technological measures intended for identification or surveillance of a user; or

        (g) taking measures necessary in the interest of national security.

Implications: The Good Part

This provision clearly takes care of two of the major problems with the way TPMs have been implemented by the Digital Millennium Copyright Act (DMCA) in the United States:

In s.65A(1) it aligns the protection offered by TPMs to that offered by copyright law itself (since it has to be "applied for the purpose of protecting any of the rights conferred by this Act"). Thus, presumably, TPMs could not be used to restrict access, only to restrict copying, communication to the public, and that gamut of rights.
In s.65A(1) and 65A(2) it aligns the exceptions granted by copyright law with the exceptions to the TPM provision. Section 65A(1) states that the act of circumvention has to be done "with the intention of infringing ... rights", and s.52(1) clearly states that those exceptions cannot be regarded as infringement of copyright. And s.65A(2)(a) states that circumventing for "a purpose not expressly prohibited by this Act" will be allowed.

A third important difference from the DMCA is that

It does not criminalise the manufacture and distribution of circumvention tools (including code, devices, etc.). (More on this below.)

Implications: The Bad Part

This provision, despite the seeming fair-handed manner in which it has been drafted, still fails to maintain the balance that copyright seeks to promote:

TPM-placers (presumably, just copyright holders, because of point 1. above) have been given the ability to restrict the activities of consumers, but they have not been given any corresponding duties. Thus, copyright holders do not have to do anything to ensure that the Film & Telivision Institute of India professor who wishes to use a video clip from a Blu-Ray disc can actually do so. Or that the blind student who wishes to circumvent TPMs because she has no other way of making it work with her screen reader is actually enabled to take advantage of the leeway the law seeks to provide her through s.52(1)(a) (s.52(1)(zb) is another matter!). Thus, while there are many such exceptions that the law allows for, the technological locks themselves prevent the use of those exceptions. Another way of putting that would be to say:
The Bill presumes that every one has access to all circumvention technology. This is simply not true. In fact, Spanish law (in Article 161 of their law) expressly requires that copyright holders facilitate access to works protected by TPM to beneficiaries of limitations of copyright. Thus, copyright holders who employ TPMs should be required to:
- tell their customers how they can be contacted if the customer wishes to circumvent the TPM for a legitimate purpose
- upon being contacted, aid their customer in making use of their rights / the exceptions and limitations in copyright law
How seriously can you take a Bill that has been introduced in Parliament that includes a provision that states: "Nothing in sub-section (1) shall prevent any person from operator; or" (as s.65A(2)(e), read in its entirety, does)?

Uncertainties

As mentioned above, the provisions are not all that clear regarding manufacture and distribution of circumvention tools. Thus, the proviso to s.65A(2)(a) deserves a closer reading. What is clear is that there are no penalties mentioned for manufacture or dissemination of TPMs, and that only those who circumvent are penalised in 65A(1), and not those who produce the circumvention devices. However:

On "shall maintain" and penalties

In the proviso to s.65B(2)(a), there is an imperative ("shall maintain") requiring "any person facilitating circumvention" to keep records. It is unclear what the implications of not maintaining such records are.

The obvious one is that the exemption contained in s.65(1)(a) will not apply if one were facilitated without the facilitator keeping records. Thus, under this interpretation, there is no independent legal (albeit penalty-less) obligation on facilitators. This interpretation runs into the problem that if this was the intention, then the drafters would have written "Provided that any person facilitating circumvention ... for such a purpose maintain/maintained a complete record ...". Instead, shall maintain is used, and an independent legal obligation seems, thus, to be implied. But can a proviso create an independent legal obligation? And is there any way a penalty could possibly be attached to violation of this proviso despite it not coming within 65A(1)?

On "facilitating" and remoteness

The next question is who all can be said to "facilitate", and how remote can the connection be? Is the coder who broke the circumvention a facilitator? The distributor/trafficker? The website which provided you the software? Or is it (as is more likely) a more direct "the friend who sat at your computer and installed the circumvention software" / "the technician who unlocked your DVD player for you while installing it in your house"?

While such a record-keeping requirement is observable by people those who very directly help you (the last two examples above), it would be more difficult to do so the further up you get on the chain of remoteness. Importantly, such record-keeping is absolutely not possible in decentralized distribution models (such as those employed by most free/open source software), and could seriously harm fair and legitimate circumvention.

More uncertainties

It is slightly unclear which exception the bypassing of Sony's dangerous "Rootkit" copy protection technology would fall under if I wish to get rid of it simply because it makes my computer vulnerable to malicious attacks (and not to exercise one of the exceptions under s.52(1)). Will such circumvention come under s.65A(2)(a)? Because it does not quite fall under any of the others, including s.65(2)(b) or (f).

On "purpose" as a criterion in 65A(2)(a)

A last point, which is somewhat of an aside is that 65A(2)(a) states:

Nothing in sub-section (1) shall prevent any person from doing anything referred to therein for a purpose not expressly prohibited by this Act.

There's something curious about the wording, since the Copyright Act generally does not prohibit any acts based on purposes (i.e., the prohibitions by ss.14 r/w s.51 are not based on why someone reproduces, etc., but on the act of reproduction). In fact, it allows acts based on purposes (via s.52(1)). The correct way of reading 65A(2)(a) might then be:

Nothing in sub-section (1) shall prevent any person from doing anything referred to therein for a purpose expressly allowed by this Act.

But that might make it slightly redundant as s.65A(1) covers that by having the requirement of the circumvention being done "with the intention of infringing such right" (since the s.52(1) exceptions are clearly stated as not being infringements of the rights granted under the Act).

Conclusion

It would be interesting to note how leading copyright lawyers understand this provision, and we will be tracking such opinions. But it is clear that TPMs, as a private, non-human enforcement of copyright law, are harmful and that we should not introduce them in India. And we should be especially wary of doing so without introducing additional safeguards, such as duties on copyright holder to aid access to TPM'ed works for legitimate purposes, and remove burdensome record-keeping provisions.

For more details visit https://cis-india.org/a2k/blogs/tpm-copyright-amendment

Tech companies like Gmail, WhatsApp may be asked to store user information

praskrishna — 2016-10-14T01:12:14Z

The government is moving to formulate rules that will require technology ‘intermediaries’— including email services like Gmail, chat apps such as WhatsApp and Snapchat or even ecommerce firms like Amazon — to retain user information, a development that is expected to be met with determined opposition.

The article by Surabhi Agarwal was published in Economic Times on October 14, 2016. Pranesh Prakash was quoted.

What the government is looking to do now is draft rules for Section 67C of the Information Technology Act, and this will be done by a committee that has been set up for the purpose. The rules — whose drafting has been waiting since 2008 — will spell out what type of data has to be stored, in which format, and for how long, according to three members of the newly-formed committee. All this so that law-enforcement agencies can access the information if they need it.

Sharing of information between foreign firms and the Indian government has been a contentious issue, and experts said the mandate may be impossible to implement for firms such as WhatsApp that promise end-to-end encryption. Or for Snapchat – a chat app where messages disappear within seconds and are not even stored on the company’s servers.

Firms may also oppose the diktat, especially since most of them are not governed by Indian laws and also due to the high cost of data retention.

The committee is headed by additional secretary in the ministry of electronics and IT (MEITY), Ajay Kumar, and has one representative each from the ministry of home affairs, department of telecom, department of personnel and training, Nasscom, Internet Service Provider Association of India (ISPAI), along with an advocate specialising in cyber law and a few officers from MEITY. The first meeting of the committee took place in the last week of September.

“This is a fairly complex issue, compounded by the general lack of understanding of mobile apps and over the top service providers,” said a person on the committee who did not wish to be identified. This person said that most technology players are based in the United States and they have always been at loggerheads about sharing of information with the government. “Even if it is for national security reasons, how much are these companies answerable to the Indian security establishment? And we do know how Apple refused to unlock the phone even for FBI."

Google and Facebook did not respond to requests for comment.

‘Huge balancing act’

Supreme Court lawyer and cyber law expert Pavan Duggal said the section has been drafted in very “broad” terms and the move may be driven by the realisation that these companies are huge data repositories – some of which might be relevant to law enforcement investigations. “It will have to be a huge balancing act and will be interesting to see what this committee decides,” added Duggal.

While Section 67C refers to the obligation of the service providers to retain information, the nature of the data to be retained and the time period is not specified. Companies which do not comply with the law can be levied fine and its officers sent to jail.

Another member on the committee said the ambit of this task is huge. “In the last meeting we argued that the rules should be the same for everybody and there should be no differential treatment for foreign companies such as Google or Microsoft,” he said. This person said that ambiguity is rampant as various government arms have different sets of rules for data retention.

For instance, the Department of Telecommunications (DoT) asks for data to be stored for six months, while the Registrar of Companies mandates some information to be retained for one year while the income-tax rules mandate data storage for six-seven years. “There has only been one meeting so far. It is a long procedure and will require several rounds of consultation,” said a third person on the committee.

Privacy activists like Pranesh Prakash of the Centre for Internet and Society said that one of the principles that’s frequently cited while discussing international practices on surveillance is that data retention should not be required of service providers.

And internationally too, there is no standard on this issue. “There were norms at the European Union-level regarding data retention, but they were struck down in 2014 by the European Court of Justice as being violative of human rights,” he said.

For more details visit https://cis-india.org/internet-governance/news/economic-times-october-14-2016-surabhi-agarwal-tech-companies-like-gmail-whatsapp-may-be-asked-to-store-user-information

Tata Photon unblocks Wordpress.com

praskrishna — 2012-09-03T01:53:47Z

As of yesterday, the Tata Photon service of the Internet service provider (ISP) Tata Teleservices seems to have lifted the block it had put on the Wordpress.com domain for over a week.

The post was published in tech2 on August 30, 2012. Pranesh Prakash is quoted in it.

Tech2 had reported on Saturday that the free platform of Wordpress was put under a blanket ban across India by the ISP following government orders to block around 309 URLs carrying disruptive or inflammatory content. Directives issued by the Department of Telecommunications (DoT) to ISPs between August 18 and 21 state that only the URLs mentioned be blocked, not entire domains. Users could neither view Wordpress blogs nor edit or post new content on them, the first instance of which was noticed by us on August 20.

Our repeated efforts to contact Tata Teleservices' officials drew a blank. Numerous users who contacted customer service did not receive any replies or resolution. Through the course of the blockade, the ISP did not even display any message to Wordpress visitors that the domain was blocked, nor did it notify the owners of Wordpress blogs about it. Puzzled users tried resetting their Internet connections, clearing DNS caches, and calling the customer service helpline only to realise that they were experiencing an ISP-level block.

The reactions of Wordpress users ranged from annoyance to distress. Human rights activist and lawyer Kamayani Bali Mahabal commented on Tech2, "Yes, my wordpress blog is blocked and I have 4 blogs...have also written to TATA. I can access through [an] anonymous browser but I cannot log in, edit and do admin functions, I can do about 50 percent work on my blog. Dashboard not accessible[,] barely manage to post, will be suing TATA soon". In a blog post, she has described her experience of the block.

Blogger Shantanu Adhicary who goes by the nom de blog Tantanoo says, "My blogs are self-hosted [on Wordpress] so I was not affected. But it was annoying that I was unable to access, read or comment on other Wordpress blogs, especially in the absence of any message whatsoever that this site has been blocked".

The move by Tata Teleservices is being seen as ham handed; around 25 million Wordpress blogs were made inaccessible to deal with a few rotten eggs. Blogger and social media consultant Prateek Shah opines, "Blanket bans on domains because content on some of their pages is objectionable are akin to jailing a certain section of society just because some people from the community broke the law. Wordpress plays an extremely important role on the Internet and if such a site were to go down even for a few hours, it would mean mayhem for bloggers as well as readers who count on the platform to get the latest updates and information. ISPs need to mature and grow up to the fact that one can't put millions of people in jeopardy when apparently trying to protect the interests of some".

In June, the Madras High Court had granted relief to netizens in India by urging that there be no more John Doe orders. “The order of interim injunction dated 25/04/2012 is hereby clarified that the interim injunction is granted only in respect of a particular URL where the infringing movie is kept and not in respect of the entire website. Further, the applicant is directed to inform about the particulars of URL where the interim movie is kept within 48 hours.”

Pranesh Prakash, Policy Director at Centre for Internet and Society (CIS), agrees the move was wrong but shares insights about the position of the ISPs. He says, "It was obviously wrong. It contravenes the government's orders to not block the base URL but individual pages. Action should be taken against them for causing inconvenience to users. This is not the first time an ISP has gone overboard in implementing censorship, be it copyright issues, piracy or inflammatory content. In 2006, the government had chastised ISPs for over-censoring content and blocking unintended websites and pages. Having said that, ISPs have numerous grouses against the government. They do not possess the technical capabilities to implement the government's orders, at times, whether about surveillance or censorship".

ISPs that are also telecom services providers, find themselves unable to decipher government notifications about shutting off content on the Internet or introducing curbs on mobile communication. Prakash's analysis of the 300-odd URLs blocked by the Indian government reveals glaring mistakes in the government directives "that made blocking pointless and effectual". When asked to opine about what ISPs and telcos should do when the orders from the government were not crystal clear, Prakash said, "They should ask for clarifications from the government. The operators sought clarifications from the Ministry of Telecommunications about the recent orders to ban bulk text messages and MMSes. The ministry was unable to resolve them, and in turn, sought further clarifications from the Home Ministry. The government should coordinate better".

Tata Teleservices was not the only ISP guilty of throwing the baby out with the bathwater. Sify too reportedly imposed a blanket block on the Wordpress domain. Airtel went overboard by temporarily blocking Youtu.be URLs last week citing orders by the court or the DoT.

For more details visit https://cis-india.org/news/tech-2-in-com-aug-30-2012-tata-photon-unblocks-wordpress

Targeting surveillance

praskrishna — 2014-12-30T14:10:58Z

In the fall of 2005, Scotland Yard raided a flat in west London and arrested a suspected al-Qaeda militant known by a teasing Arabic nickname, Irhabi (“Terrorist”) 007.

The article by Ajai Sreevatsan was published in the Hindu on December 28, 2014. Sunil Abraham gave his inputs.

The similarities between Irhabi 007, later identified as Younis Tsouli, and India’s Mehdi Masoor Biswas are uncanny.

Neither participated in any terror attack. Their reputation stems from an alleged involvement as cyber propagandists for proto-terror groups — Irhabi was distributing manuals and teaching online seminars on behalf of the emerging al-Qaeda faction in Iraq, while Mehdi is alleged to be an IS sympathiser. Both in their early 20s with cover identities during the day, and separated by a decade in technological evolution.

Such expertise within terror groups is hardly surprising, says Sunil Abraham of the Centre for Internet and Society. “Any organisation engaged in a war for hearts and minds and oil fields will exploit contemporary technology to its fullest potential,” he says.

Irhabi currently serves a 16-year jail term, while Mehdi awaits his trial. What their cases highlight is that the phenomenon of young, tech-savvy armchair radicals is nothing new.

Research done at Israel’s Haifa University, which tracks the proliferation of terrorist websites, shows that the number of such sites went up from fewer than 100 in the late-1990s to more than 4,800 in just a decade. There is also credible evidence that an al-Qaeda website posted a sketched-out proposal for the 2004 Madrid bombings three months before the attack. Another macabre example is the crowd-sourcing effort launched in 2005 by the Victorious Army Group to build its website. By the competition’s rules, the winner would get to fire a rocket at an American base.

As Indian agencies gear up to respond to similar online threats in this part of the world, Mr. Abraham says India should not repeat the mistakes made by the West over the previous decade. “We should not get caught up in big data surveillance,” he says.

“Surveillance is like salt. It could be counter-productive even if slightly in excess. Ideally, surveillance must be targeted. Indiscriminate surveillance just increases the size of the haystack, making it difficult to find the needles,” Mr. Abraham says.

“Even in the case of Mehdi, his identity was uncovered not by online spying but by Channel 4 which did some old-fashioned detective work,” he says.

In any case, recent events show that the threat of online terror propaganda might be overblown. Much like online activism, it is subject to the law of diminishing returns.

A set of letters sent by newly recruited volunteers of IS was leaked to the French newspaper Le Figaro earlier this month and it shows youngsters complaining about being made to do the dishes or the Iraqi winter. One of them wrote: “I’m fed up to the back teeth. My iPod no longer works out here. I have got to come home.” Of the estimated 1,100 young French who are believed to have joined the IS, more than 100 have already returned.

The IS may have Twitter on its side. But the harsh realities of Iraq and the gruesome ideology behind the slick doctrinal videos are a lot harder to sell.

Mr. Abraham says there is no such thing as a Twitter revolution or a social media terror group. “Such statements underestimate the role of ideology and human beings,” he says.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-december-28-2014-ajai-sreevatsan-targeting-surveillance

Talk by Anubha Sinha on Open Access in JNU

praskrishna — 2017-03-29T05:12:05Z

For more details visit https://cis-india.org/openness/files/talk-by-anubha-sinha-on-open-access-in-jnu

Taking Stock: Emerging Issues - Internet Surveillance

praskrishna — 2013-11-09T06:31:57Z

This session was held at the IGF in Bali on October 25. Pranesh Prakash made intervention in this session.

Read the original transcript published on the IGF website here.

The following is the output of the real-time captioning taken during the Eigth Meeting of the IGF, in Bali, Indonesia. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.

>> MARKUS KUMMER: Good morning, ladies and gentlemen. Please take your seat. We are about to start our session on surveillance. We are organising ourselves a bit on the fly. The room is already set for the Closing Ceremony this afternoon, but this makes a little bit of a distant feeling. We're up here and you're far away and there are not that many people in the room so what we intend to do is to move down from the podium for the discussion. We've already set up the Chairs on the first row where the panelists will sit and interact with the audience to make it a little bit more often interactive and positive atmosphere for discussion.

We have originally we have reserved 90 minutes for this session but then we thought maybe more time will be needed so we can move on. We have 3 hours at our disposal but we don't need to fill the three hours. If we run out of steam we can conclude earlier, as some people have indicated already that they have to be leaving, so we take it improvise a little bit. But please leave free the very first, as we intend to move down there.

Before asking our Session Chair to introduce the meeting, I'll make a few preliminary remarks, and I would also like to ask the Secretariat to put up the policy questions.

We have had a process when the mandate of the IGF was renewed to look at IGF improvements. There was a special Working Group set up and the Working Group made recommendations and one of the recommendations was that each situation should address some policy questions that would help shape the discussion, and we would also ask to reach out to the community and we did so. We asked for public input and we got the input and these policy questions we received are available on the IGF website, and they will be made available on the screen.

But for better comprehension, I will read them out and our moderators will bear them in mind.

Okay. On Internet surveillance, the first question was the need to prevent mass surveillance carried out in the guise of targeted surveillance. The second question was balancing cybersecurity and privacy. The third question, principles of open Internet/net neutrality.

Fourth question: One of the emerging issues is on Internet regulation. Regulation versus self‑regulation where the Internet is concerned. How can countries that have questions on Internet regulation versus self‑regulation be aided to work on a level playing field that assist the best industry practices being adopted, best practices that make the Internet and thus countries and institutions safer from harm.

Fifth question: Better channels of cooperation between stakeholders especially in areas such as cybersecurity. 6, agreement on fundamental minimum principles for Internet Governance and multistakeholder cooperation.

7, priorities for the IGF, the Internet community, and multistakeholder governance post‑2015.

And with that I hand over to our session Chair, Dr. Setyanto Santosa, you have the Chair.

>> SETYANTO SANTOSA: Thank you. Good morning, everybody. I hope you enjoy the dinner last night. You can also look at the Balinese dancers, the modern dancer and also the original Balinese dancers.

10 years ago I was the permanent Secretary of the Ministry of Tourism and culture. At that time we had Indonesian tourism. The result was at the time surprise me when a question to the foreign tourists deliver most of them said that what actually the question is what actually was is the strength of Indonesian tourism?

They said, the people. And then following the second question, which part of the people that make you attractive? They say the smile. So at the time, I just realized that Indonesia is a country with the highest smile per capita in the world. And you prove already the last 6 days and you can find the Indonesian people with a smile.

So with this introduction, I don't take much time and the issue also very attractive is as Markus just mentioned, regarding the emerging issues.

So I look to deliver the floor to our moderator. So please, Madam.

>> MARKUS KUMMER: Please introduce yourself.

>> ANNE-RACHEL INNE: Thank you, Markus. Thank you, Mr. Chairman. Good morning, ladies and gentlemen. My name is Anne‑Rachel Inne, the Chief Operations Officer the AfriNIC, the Internet registry for the African region, so we're happy to be here. I will let Jovan introduce himself later on when he takes the floor.

We're happy to be here with you today to moderate this session on emerging issues. As panelists we will have this morning Scott Busby, the Director of Office of Multilateral and Global Affairs in the Bureau of Democracy, Rights and Labor at the United States State Department. Then we will have Ross LaJeunesse. He's the global head, free expression and international policy. The then we're having Jari Arkko, who is an expert on Internet architecture with Ericsson Research, and also the Chair of the Internet Engineering Task Force, which is IETF.

And then we have Johann Hallenborg from the Swedish Government. And our last and not least panelist will be Joana Varon. I'll pass to Jovan now. We actually will have commentators. When we finish presentations here, we'll come down to the floor so that everybody will be seated and we'll hopefully have a more convivial atmosphere than talking down to you there.

We'll have commenters from the floor, Bertrand de La Chapelle, the head of Internet and jurisdiction process in France. We will have Megi Margioyono from Civil Society. Nick Ashton‑Hart from CCIA from Switzerland, and Ambassador Fonseca from Brazil. So thank you very much for joining us all, and I'll pass on to Jovan now.

>> JOVAN KURBALIJA: Thank you, Anne‑Rachel. I'm the Director of DiploFoundation, a Swiss Foundation working on inclusive and effective diplomacy and global governance. First of all, I would like to thank Raul Echeberria and the group that he led which propose this topic to be discussed at the emerging session. And as we know, this topic has already emerged on the various diplomatic agendas worldwide. Therefore it is quite important issues to be addressed during the Internet Governance Forum.

It also is the proof of the relevance of the Internet Governance Forum in talking about issues which are of high importance for international community in general and Internet community in particular. Markus already outlined the main questions that were discussed in the preparation for the session and they will be some sort of architecture of our session.

We will tackle these questions in five main baskets and we'll organise five main baskets in 20 minutes time slot. The first basket will be on the question of infrastructure and basic functionality of the Internet, and we'll have expertise in each basket, both on the floor and in the room.

The second basket will deal with the Human Rights issues, question of privacy protection and the other Human Rights issues related to the Internet surveillance.

The third basket will focus on security, and the situations when surveillance is justified and under what conditions.

Fourth basket will deal with Data Protection and the economic model.

And fifth, the last basket, will wrap up the discussion within the general framework of Internet Governance Forum which is ethics. We will address the question of trust on the Internet and impact of Internet surveillance on trust.

The underlying issues which will be appearing in our discussion are issues of the law enforcement procedures and international law. Therefore, this is a general infrastructure and we plan to proceed with 20 minutes dedicated to each basket after we hear from our panelists introductory remarks, which they will also relate to these five main issues.

I think this is the general entry I would like to invite Scott Busby to provide his introductory remarks on the question of Internet surveillance. Scott, please.

>> SCOTT BUSBY: Thank you, Jovan. Well, I'm very happy to be here as all of us from the United States Government are. We had some drama in our country with our Government shutdown, which put in doubt whether or not we would be able to come here. And I'm pleased to say that even had the shutdown continued through this week, we had approval from the White House and other senior officials in our Government for us to attend the IGF because we recognize how important this Forum is to our own policy, as well as the overall policies relating to the Internet.

The United States comes to the Internet Governance Forum every year to stand by our commitment to an open, interoperable and secure Internet. We recognize the importance of the issue of surveillance to the international community, and are grateful for this opportunity to engage with all of you here today on it.

As President Obama has said, the United States welcomes a discussion about privacy and security, and we are right now intensively having that discussion in the United States, as well with all of you in the international community.

We know that many of you, as well as many people in the world, have questions and concerns stemming from the recent reports about alleged U.S. intelligence practices, and we look forward to engaging with you today on them.

When it comes to those practices, I can say that the United States gathers intelligence of the type gathered by all nations. All Governments are involved in efforts to protect their countries from real threats and harm, and all Governments collect information concerning such threats. As we undertake those practices, we remain committed to protecting the American people, as well as our friends in the international community, and those friends include not only Governments, but the private sector and Civil Society.

This commitment relies on robust intelligence capabilities to identify threats to our National interests, and to advance our foreign policy, which includes our commitment to Human Rights. At the same time, we also acknowledge that such intelligence efforts must be fully informed by our international commitments, our Democratic principles, our respect for Human Rights, and the privacy concerns of people around the world.

Consistent with the terms of open debate and the democratic process, President Obama has initiated an effort to review and reform our intelligence practices, and ensure that they are appropriate in light of our commitments and our principles. In terms of reform, the President has already ordered the Director of National intelligence to declassify and make public as much information as possible about certain sensitive intelligence collection programmes undertaken under the authority of the Foreign Intelligence Surveillance Act, otherwise known as FISA. Numerous documents including decisions if the Foreign Intelligence Surveillance Court have been released as part of this effort.

Furthermore, the President has appointed a group of outside experts to advise him on how, in light of advancements in technology, the United States can employ its technical collection capabilities in a way that optimally protects our National Security, and advances our foreign policy, while taking into account other policy considerations, such as our commitment to privacy and to Civil Liberties.

This group has begun its work and is expected to produce its recommendations by the end of this year. We look forward to those recommendations.

Consistent with our normal practice of not commenting on specific allegations of intelligence activities, I cannot say more than this about such allegations. But I can say a few things generally about our commitment to Human Rights and to an open Internet.

First, I would like to emphasize that the United States does not use intelligence collection for the purpose of repressing the citizens of any country for any reason, including their political, religious, or other beliefs. Thus, for instance, we do not use our intelligence capabilities to persecute anyone for ideas that they express online.

Let me also assure you that the United States takes privacy seriously, both that of Americans and of individuals around the world. That commitment to privacy is reaffirmed in the President's international strategy for cyberspace, which states that, quote, individuals should be protected from arbitrary or unlawful State interference with their privacy when they use the Internet, close quote.

As President Obama has recently said, America's not interested in spying on ordinary people. Our intelligence is focused, above all, on finding the information that's necessary to protect our people, and in many cases protect our allies, close quote.

Furthermore, the United States will continue to uphold its longstanding commitments to defend and advance Human Rights in our diplomacy. This includes preserving the consensus reflected in Human Rights Council Resolution 20/8, that the same rights people have online also apply offline. Sorry, rights that apply offline also apply online.

United States will also stay actively engaged in the Freedom Online Coalition, a group of 21 Governments that works with Civil Society and the private sector in a multistakeholder approach to support the ability of individuals to exercise their Human Rights and fundamental freedoms online. As several people have suggested over the course of this week, this Coalition may be a very good Forum in which to continue the discussion on balancing the need for security with Human Rights, and to identify an appropriate way ahead on these tough issues.

I will be hosting the next Ministerial meeting of the Coalition on April 28th and 29th in Tallinn. We will also continue to advance Internet freedom through our programmes. Since 2008, the United States has committed over $100 million to Internet freedom programmes around the world. We intend to maintain that robust level of support for such programmes. On Internet Governance, the United States remains steadfast in our support for a multistakeholder model that supports international trade and commerce, strengthens International security and fosters free expression and innovation. We strongly believe that proposals to centralize control over the Internet through a top‑down intergovernmental approach which is slow the pace of innovation and economic development and could lead to unprecedented control over what people say and do online. Such proposals play into the hands of repressive regimes that wish to legitimize inappropriate state control of content.

We also believe the current multistakeholder system should be strengthened and sustained, particularly through broader multistakeholder participation from the developing world. Through our programmes, we have sought to make such participation possible.

We are aware that some Governments seek to take advantage of the debate initiated by the recent disclosures to draw attention away from their repression of their citizens, or the need for democratic reforms in their countries. The acts of these Governments include for example arresting opponents for what they say or intimidating them into silence and stealing intellectual property for the benefit of their economies. We therefore want to emphasize how important it is not to let Governments that do not share a commitment to Human Rights and fairness to exploit the current debate to their benefit. We should not allow them to gloss over the very important differences between their Internet monitoring activities and those of countries like the United States that conduct intelligence activities to enable responsible state craft. We hope that the discussion today will reflect the fact that the issue of surveillance is a global one and will take into account the views and practices of everyone around the world. We intend to listen closely so that we can take account the many comments and recommendations from you and ensure that they are incorporated into our own Governmental deliberations. Thank you.

>> JOVAN KURBALIJA: Thank you, Scott. Our discussions will result in useful insights for the process that you indicated started in the United States and I will say reflections are going on all over the world as we will hear from the other interventions. Our next speaker is Ross LaJeunesse from Google, and we'll hear something more about the business perspective.

>> ROSS LaJEUNESSE: Thank you very much. It's a pleasure to be here. Am I all set to go? Oh, sorry.

Hi, I'm Ross LaJeunesse from Google, and it is a sincere pleasure to be here. There's been obviously a lot of discussion and debate about this issue, and that is of course a very good thing, and it's very necessary. But in order to have a discussion about this, a discussion based on reality and based on facts, I just want to start by providing a few clarifications so that we're all operating from the same understanding.

The first is that Google does not provide direct access for any Government to our data, our servers, our infrastructure and it never has. And you can use any term you like to try and describe that accusation, a back door, a side door, a trap door, anything like it, but the fact of the matter is that we simply don't do it.

We also don't accept large, blanket‑like Government requests for user data. We are subject to the law, so when we receive a Government request for user data, we look at each and every one of them very carefully. We have a team of lawyers at Google whose sole purpose is to do exactly that. They ensure that the request is valid, is legal, follows due process, and is as limited in scope as possible. And very often, we push back, and we sometimes refuse to comply. And you can see this if you go to our transparency report online, which lists the number of Government requests we receive, how many of them we comply with, and we do that around the world wherever we have services.

Now, on the issue of transparency, we believe this is a critical element to the debate. And we're not newcomers to this issue. We've published our first transparency report. We're the first country, first company, in the world to do so about three years ago, because we recognized long before the Snowden revelations that this is a critical part of our responsibility to our users.

Every 6 months we release an updated transparency report that is better and more granular and I'm glad to see that now many companies are doing the same. We're continuing this work by working with NGOs around the world to publish National transparency reports and we've released one in Estonia this year and we've highlighted another in Hong Kong and that work will continue.

So transparency of course isn't a cure‑all but we really believe you can't have a meaningful debate on the path forward, you can't have a debate on this issue, if you don't have the facts, which is why we're suing the U.S. Government right now to get them to reveal more information about the number of National Security requests and demands that they make on companies, and we're also on a separate track supporting key legislation in the United States Congress sponsored by Senator Franken and another Bill by Representative Lofgren to do the same thing.

Now, I want to emphasize that it would be much easier for us and much easier for any company to simply comply with Government requests for user data. But we don't. And we don't do that because we're a company built on the idea that if you put your user first, everything else will follow. We don't do that because we take our responsibility to our users very seriously, and that's both a matter of principle and a matter of good business.

We're very aware that if our users don't trust us, they won't use our products, and they'll go somewhere else. So again, this debate is good and absolutely necessary, but I also want to echo a point made by Scott and made by Mike Harris at the Index on Censorship, which is this: I'm all for holding the United States Government and Western countries to the highest of standards. We need to do that. But I don't want us to do that at the expense of not focusing on other countries, countries where their surveillance programmes are just as bad or worse. Countries where journalists are beaten, bloggers are imprisoned and activists are killed.

The Expression Online Initiative just released a very important report on Azerbaijan where we held last year's IGF and how horrible things have gotten there over the past year. So I'm all for this discussion about the alleged hypocrisy of the United States and Western Governments but let's not do so in a way that discounts or damages the ability of those Governments to continue their otherwise excellent work which they've long done in supporting Internet and journalist freedom, in supporting Human Rights around the world, and let's not attack them to the point where it undercuts their very important support for the multistakeholder model of Internet Governance. Thanks very much.

>> JOVAN KURBALIJA: Thank you, Ross. Our next speaker is Jari Arkko from IETF from Finland but currently Chairing IETF. Jari, please.

>> JARI ARKKO: Thank you. And thank you for the opportunity to talk, and also this is my first IGF and I really enjoyed all the discussions this week so thank you all for that, on this topic and many other topics.

And then onto this topic so obviously, the Internet community, all of us here, care deeply about how much we trust the commonly used Internet services and products that all these services are based on so the reports about large scale monitoring obviously disturb us.

Interception of targeted individuals and intelligence activities have of course been well known but I think many people are concerned about the scale. And if Internet technology itself is vulnerable to wholesale monitoring, that is also a big concern, and we take that very seriously at the IETF, as the people at least partially in charge of technical aspects of the Internet.

But I wanted to put these events in perspective. Maybe you can consider this talk as the "do not panic" message. These are hard times but we can also work on the problem, and we should.

The first observation that I would make is that surveillance is probably a wider problem in the world than what you would believe just by reading the most recent newspaper headlines. If you live in a glass house, be careful of throwing stones, and if it weren't true before, I'm sure there are many intelligence agencies in the world who have a bad case of NSA envy today.

Secondly, surveillance is not a new issue. Even we at the IETF have had to deal with some issues around that historically. In 1994, we articulated the view that encryption is an important tool to protect the privacy of communications, but at the time, big parts of the world considered encryption a dangerous tool and wanted to limit its availability.

In 2002 we decided that the IETF standard protocols must include appropriate strong security mechanisms. At the time various nations wanted to employ weaker security mechanisms. Now we are facing a new situation and once again Internet technology needs to evolve to match today's challenges.

We need to deprecate the encryptions that are considered weak and that is by the way something we do all the time with new information from research community and others. We also need to consider a bigger update to the security of the Internet. On Tuesday I talked about the by default security model. Maybe that's something we can pursue but technology alone is obviously not a solution. Even if we had a perfect communications security system, you would still need to trust the entity you're communicating with.

If the peer leaks your conversation it was not helpful. So let me talk a little bit about some of the other areas of work where some things might be useful.

First, network operations and buildout. We've seen some proposals to build more Internet exchange points and add more connectivity. Those are excellent things for many reasons. They will keep traffic more local. They will increase speed, lower costs and enable local Internet businesses to grow but an Internet that is more densely connected is a good thing.

Second, the open source community. Open source solutions are useful to assure ourselves about the reliability of our tools, whatever they might be. On some areas it may be that we should actually consider doing more than we have than so far so let us all support additional efforts in this area.

And there's more. Research community and analysis of security vulnerabilities, the attention on the matter will surely make it possible to have political and legal discussions. Maybe the transparency we just talked about, that's a good thing.

Finally, I wanted to say that I really do wish that we keep the ideals of the Internet clear in all of our minds, and not compromise them. We still need a global and open Internet, one where we can all work together across borders, with us not fragmenting the Internet and we still need an Internet that is open to innovation and new applications without asking for anybody's permission to create those conversations. And we still need an Internet that is managed and expanded. Thank you.

>> JOVAN KURBALIJA: Thank you, Jari, for this brief introduction. You give us more time for discussion later on. And our next speaker is Johann Hallenborg from the Swedish Government. Johann, please.

>> JOHANN HALLENBORG: Thank you very much. My name is Johann. I work with the Department of International law and Human Rights at the Foreign Ministry in Stockholm. Thank you very much for inviting us and me to this panel. We're happy to accept. We've been engaging with the IGF for many years, and we continue to really support this important institution.

And the reason why we're engaging is partly because we believe that the integration of a Human Rights perspective in the discussions on Internet and Internet's future is crucial. So that is part of the reasons why we're engaging so much in the IGF.

So the ultimate goal is actually to make sure that the promise on securing Human Rights online as well as offline is realized. We cannot forget that last year, we had an affirmation by consensus in the UN in the Resolution 28 that Human Rights, they do apply in the offline environment ‑‑ online environment, as well as offline.

This was also something that the entire community agreed to. The Resolution was put forward by Sweden, the U.S., Brazil, Tunisia, Turkey, and Nigeria, and it received support by 87 co‑sponsors, and then adoption by consensus. We need to remember that this is a great success, and we need to make this reality.

Governments have a duty to respect and protect Human Rights. This is a central part of our obligations. And security is needed to secure individuals' rights and freedoms and also ultimately it is to protect the open and democratic societies in which we live.

But it's important to remember that there is no tradeoff between Human Rights and security. It is not about balancing. It is about securing the respect for Human Rights, but doing it in a way that is secure.

In providing security, the Government will address several aspects. One important aspect is certainly to protect rights and freedoms of individuals from abuse of others. But equally important is to ensure the State itself does not violate rights and freedoms, in other words setting the limits for State power.

This is why the rule of law is so critically important. The Constitutional framework includes rules on legality, transparency and accountability and provides the fundamentals for what the State can do, to what extent it can utilize its powers in order to secure the well being of people.

In providing security, access to electronic communication has become an important tool for law enforcement agencies to combat crime, and for security agencies to improve security to the public. Swedish legislation makes a distinct separation between surveillance of electronic communication by law enforcement agencies on the one hand, and intelligence collection by security agencies on the other.

This separation is critical since the operational mandates and objectives for law enforcement and security agencies are indeed very different. We are now at the point in time where trust in the Internet is challenged. Therefore, to Governments all over the world, it's crucial to strengthen the relationship with Civil Society and the trust with people. Governments simply cannot afford to lose legitimacy.

But to strengthen trust, we must reinforce the principles of rule of law, transparency, and also respect for Human Rights. This is done through a deeper dialogue with all stakeholders. Therefore, initiatives that come out of the Civil Society are important, and should be taken seriously.

The necessary and proportionate principles, they represent such an important initiative, and it deserves attention from us. Therefore, in recent months, we have arranged two consultations in Geneva and in New York with the International Civil Society Steering Committee and other Governments on these issues and principles. And as a result, foreign Minister Carl Bildt at the recent Seoul Conference on Cyberspace last week presented several fundamental principles that should apply to maintain respect for Human Rights when carrying out surveillance of electronic communications and these 7 principles, they are about legality, legitimate aim, necessity and adequacy, proportionality, judicial authority, transparency, and public oversight.

This is now the foundation where we would like to continue the discussions with all. We welcome a continued deeper dialogue with all stakeholders, and we're willing to engage with you. One such example is the work in the Freedom Online Coalition in which we will continue to engage deeply.

I conclude here, Mr. Chairman. Thank you very much for giving me the word.

>> JOVAN KURBALIJA: Thank you, Johann. I just realized we breached the diplomatic protocol by putting Joana at the end of the table. Joana Varon from Brazil, please go on.

>> JOANA VARON: Thank you for the invitation. Thank you all of you for being here, hearing us and discussing. What I want to highlight here is that the emerging details of the U.S. National Security Agency, mass surveillance programmes have painted a picture of pervasive mass cross‑border surveillance of unprecedented reach and scope, and a scope that's far wider than any reason that could be related to the enforcement of National Security, nothing to do with real threats or harms.

The scope of approved surveillance was broad as it involved tapping communications of the President of countries like Brazil, which could be considered a friendly nation, and as wide as it assessed sensitive strategic business communications, such as communications from our Royal company. This scenario is not only unacceptable for leaders of states but for all Human Rights defenders. It doesn't matter if this data was used or not. The simple collection of our data and our metadata already represents a complete disrespect to the privacy rights from citizens from all over the world and a disrespect of the provisions internationally agreed on international conventions and Treaties addressing fundamental Human Rights.

And it's also a bit hypocritical as all this surveillance was performed by countries that used to pose themselves as defenders for an open and free Internet, and I'm not saying that in order to promote any polarization between different countries that could be posed as good or evil, but I'm saying that to highlight the need that every country shall assume that we still need to work a lot in order to ensure that Human Rights are protected online and offline.

Significant changes are indeed needed. The scenario that we live now is the scenario in which trust among Governments and in the major ICT and Telecom companies is completely broken but it's time to move forward and I agree with the table here, and we need to think about solutions and engage on how to implement them.

As a response to this scenario, I'm happy to see that Brazil has been proactive and has been taking actions in many different levels, as a Brazilian, I'm happy with that. International scenario we have declared urgency to approve Marco Civil, our Civil Rights based framework for the Internet. Inspired by principles suggested through a multistakeholder mechanism incorporated by or promoted by our Internet Steering Committee, Marco Civil, as it's written today, became a model in terms of both content and process, as it was developed through a wide inclusive process of online and offline consultations and resulted in a draft that protects privacy, freedom of expression, and other digital rights. I think we could all learn about this process to think in international scenario, as well.

Also in the National scenario thinking about long‑term solutions, Brazil is now promoting incentives for research, development, and innovation of our ICT Sector. And particularly for building a mail service with encryption by design. But of course, the Internet is global and is meant to remain global, and we would not address this issue only with National policies.

So what I want to highlight here is that the actions taken at the international scenario. So besides delivering a very strong statement at the UN General Assembly, which highlighted all the principles from CGI.br and all the principles that are now drafted in Marco Civil and which are committed to Human Rights, our President now has proposed for us to engage in a multistakeholder fashion, and to develop a Summit, a Summit that in my view shall be bounded by the principles addressed by the President in her statement at the UN General Assembly.

And this could be an opportunity to address all those issues, and I believe that these issues on surveillance should be addressed in both ways, changing the way the companies are operating in order to ensure transparency, but also protection of these users, for instance, by promoting encryption by design, but on the other hand, states should review their practices.

It's good that the U.S. is willing to reform its intelligence practices, so I take this opportunity to ask the U.S. Government to refer and analyze the International Principles on the Application of Human Rights to Communications Surveillance which have been endorsed to date by over 280 international organisations, and represent an attempt to highlight and address some of these concerns.

These principles provide a framework in which to assess whether surveillance laws and practices are consistent with Human Rights standards in the current digital environment. As Johann has related, they focus on legality, legitimate aim, necessity, adequacy, proportionality, competent judicial authority, and due process. They also consider user notification, transparency, and public oversight.

I welcome the initiative from the Swedish Government to consider these principles, and invite other Governments from all over the world to do the same. As I've mentioned, it's time to reassess our practices in order to be sure they're drawing respect for Human Rights with a deep dialogue with all the States that care for the Internet. Thank you.

>> JOVAN KURBALIJA: Thank you, Joana. Thank you panelists for the initial intervention and I think the underlying point is that we can recognize and all panelists recognize the severity of the problem and the need for some action and solution as soon as possible, because it is affecting activities of Governments, business Sector and all Internet users, and there were a few underlying and interesting points that could trigger some discussion in your reflections.

As Scott mentioned, there is a need to observe international law and the existing rules. There is a need to achieve certain balancing acts between the security and Human Rights but we had later on slightly different view from Johann had it's possible to have win‑win solution and not necessarily to create the balancing act and that could be an interesting point of discussion between about balancing act between security and Human Rights.

Ross rightly indicated the need for evidence based policy making, moving from the general reflections to evidence based on the concrete issues, and transparency. Jari highlighted the importance of not only technological but also policy solutions. Technology is not enough.

Johann also indicated the importance of rule of law, institutional separation between electronic communication agency, if I'm correct, and intelligence agencies. Therefore, this is one aspect that we should tackle today, procedural checks and balances as a structural design that could help us to avoid this situation in the future.

And Joana listed an excellent summary on Human Rights, question of necessity ‑‑ necessary and proportional reaction, and the question of using existing international legal tools. And this is important. We have existing international tool that could be applied to this field, including International Covenant on the Civil and Political Rights, and it was clearly indicated throughout the discussion and it is position of all major players, including the United States, that existing international rules should be observed.

With this quick wrapup and ideas for discussion I pass the floor to Anne‑Rachel.

>> ANNE-RACHEL INNE: Thank you very much, Jovan. I think we're going to go directly to our commenters from the floor, so I am going to give the floor to Ambassador Benedicto Fonseca Filho from Brazil to respond to some of the ‑‑ do we have microphones somewhere?

>> JOVAN KURBALIJA: A microphone is coming, yes.

>> ANNE-RACHEL INNE: Thank you.

>> BENEDICTO FONSECA FILHO: Thank you very much. I'd like to start by doing something that usually we do in intergovernmental setting at the UN. For example, I served at the UN a few years ago, and we used to initiate our talk by saying we align our statement with the statement that was delivered before by some Regional Group or some larger setting so I'd like maybe to innovate in the context of IGF, and say that I'd like to align my statement with the one that was delivered by Joana Varon on behalf of Civil Society because I think she expressed in a very clear way most of the things I was prepared to say, and so she made my life much easier, so I'd like to align my statement to what she has expressed and also to a large extent as well to what has been stated by the representative of Sweden, we share also the view that it is not inconsistent to pursue Human Rights dimension and examine the surveillance context and the disclosures in the context of enhancing the Human Rights dimension. It's not inconsistent with the fact that we all and some of us we are very firmly committed to Human Rights.

We are not diverting the discussion. We are not ignoring that this discussion could serve the purposes which are not our own, but at the same time, we do not think it is ‑‑ it would be a good thing to, because of this, to ignore the situation, try to improve on the situation we have.

So the 7 principles that were spelled out by Minister Carl Bildt at the Seoul Conference also I'd say very much express the kind of approach we'd like to take in that regard.

Having said that, and referring to the speech that was delivered by our President at the United Nations, at the opening of the general debate of this year's United Nations General Assembly, I'd like to highlight that the protection of Human Rights, privacy, freedom of expression ‑‑ women's rights, and it's those two specific manifestations, are at the core of the concern of President Dilma. She has clearly indicated that from the Brazilian perspective, there is a clear need that at the international level we should devise and launch a process that would lead us as international community to achieve principles and norms that would guide use and operation of Internet. And these should be guided by a vision inspired by the multistakeholderism approach, and also be firmly grounded on Human Rights and other principles she spelled out.

So we see no inconsistency in pursuing these, and not taking into account the larger picture that we want to be very careful about.

And in that sense, it is very important as has been highlighted by Joana, that we view the Summit, we intend to hold in Brazil, as a follow‑up of the speech that was presented by President Dilma and of course we came to this setting, our Minister of Communication came here, and he was mandated by the President to further discussion and collect views, and I would say that without deviating from our main subject, that the Summit in Brazil today will also incorporate other dimensions of discussion, not only focusing on principles and norms, but this is indeed one of the very clear parameters for us for the meeting that will enable to engage in other aspects of the discussion as a result of the consultations we have held here.

But the clear focus on the necessity as international community working in a multistakeholder environment to develop principles and norms is clearly one of the main objectives we have in mind.

And if I can just clarify one point that has been the object of some misunderstanding in the course of this meeting, when President Dilma delivered her speech at the UN, she referred to a multilateral framework, civil framework, with the support, full support and full involvement of Civil Society, private sector and other stakeholders, and later on when we came to this meeting, our Minister was in contact with her, and as a result of the information he provided, she made clear that she meant what she really meant was referring to multistakeholder, not only multilateral.

And I was just reviewing the news from Brazil, and I saw that yesterday, President Dilma referred again to this, and again she used the word "multilateral," so I know this in the heads of Many people will maybe lead to a confusing reflection on the situation, and say: Well, Brazil is a swing state. Doesn't know if it wants to be multilateral, multistakeholder, or what is the situation.

What I would say, that even, first of all, President Dilma, she has interpreted what she has said, and we maintain there's no contradiction what she said in those circumstances. From the point of your Government, and this is a very important thing that has been discussed here in some panels, that we should be very careful about the concept, the language we use.

Sometimes from the point of view of Government, when the word "multilateral" is used, what is meant primarily is that this is, we use in opposition to unilateral, more than meaning it's something to be done on a purely intergovernmental setting. I think this was the meaning she wanted to convey when she delivered the speech at the UN, that we want a framework that would be indeed done by many parties, not only reflecting the view of one single party or a restricted group of parties.

And she explained that this certainly does not convey the idea of excluding any stakeholder, so I would just maybe, and I apologize for taking so much time, but to clarify that we need maybe not to pay too much attention to particular statement on a particular setting, responding to a journalist that made some question, but having into account the larger picture, and the larger picture, the President interpreted as meaning "multistakeholder."

And when she mentioned the civil framework as a reference for her speech at the United Nations, she used the word, as Joana has spelled out, this was developed in a multistakeholder setting. The principles developed by the Commission are a multistakeholder way are clearly inspired President Dilma's speech, so when she was referring that we need international level such an instrument, clearly there is a linkage to the multistakeholder dimension, even if there is not the word there.

So I just want to caution that sometimes from the part of Government, at that level of leaders maybe we should not be too much vigilant about any particular word, but see the larger picture and what is the real intent.

So I just wanted to take this opportunity to thank all stakeholders we have been meeting in the course of this IGF on the part of Government, Civil Society, private sector. We have seen an overwhelming support for the idea to develop, to go in the direction that was indicated by ‑‑ proposed by President Dilma, but also building on contributions that will add to the process, and it was very stimulating for us to see that there is a willingness to mobilize different stakeholders, to come forward with proposals, to be involved in the preparation for this meeting that we intend to be truly multistakeholder from its outset from the agenda setting, from the kind of outcomes. And we see it as a contribution to the processes that are existing processes.

We wanted to be respectful of the existing process and not compete or overlap or supersede any of the existing processes that exist. And maybe a final word, that is Brazil is a very firm defendant of Human Rights. We have been as was spelled out at the core group that drafted these landmark Human Rights Council Resolution, that gave this very clear message that Human Rights offline should be also respected online.

We are ready to uphold Human Rights in many settings, and in settings that would be global, that would be constructive, that would lead to stimulate countries and provide for positive incentives for Human Rights to be upheld on a worldwide basis. Thank you. Thank you very much.

>> ANNE-RACHEL INNE: Thank you very much, Ambassador Fonseca. I'll go directly now to Bertrand.

We have remote interventions.

>> Yes, there are ‑‑

>> ANNE-RACHEL INNE: Hold on a second Bertrand. We're going to start with remote questions. Go ahead.

>> SUBI CHATURVEDI: Thank you, Anne. There are two questions from Peter Hellman, and we have interaction as well, so that's a wonderful thing. Peter has a question for the U.S. representative, and he wants to know: Does defending U.S. foreign policy interests include surveillance of the phones of heads of Governments, of countries that are friends of the USA?

And there is a question for the representative from Google: There have been reports that U.S. cloud business can expect loss of business from non‑U.S. customers in the coming 3 years to the tune of about 30 billion U.S. dollars and that the overall negative impact for the IT industry over the next three years could be up to 180 billion U.S. dollars because of a loss of trust. What do you intend to do to restore that trust so that people feel that they can trust cloud providers to keep their data private and secure?

The Tweet also relates to the same theme of proportionate and necessary steps that governments can take on the theme of surveillance vis‑a‑vis security.

>> ANNE-RACHEL INNE: Thanks so much, Subi. So now we'll go to Bertrand while our panelists can reflect on what they want to say later. Thank you.

>> BERTRAND DE LA CHAPELLE: Thank you, Anne‑Rachel. Again I'm Bertrand de la Chapelle, the Director of the Internet and Jurisdiction Project. And following the discussion before, I wanted to highlight that this debate on surveillance actually can be placed in a larger framework of issues and I'd like to tackle quickly three. The first word is "sovereignty."

What we're talking about here among others things is the exercise of sovereignty in the digital age. The traditional exercise of sovereignty is on the National territory. And the advent of the Internet is introducing an incredible new capacity for National decisions for better or worse to have a transboundary impact on other ‑‑ on citizens of other countries. The fact that operators are based in one country allows by definition in any country the authorities of that country to exercise sovereignty on those operators and impact decisions that have consequences for actors on another territory.

This is a potential extraterritorial extension of sovereignty, and it reduces and balances among the different countries depending on the number of actors located on their soil.

But the reverse is true, as well. Following what has been named the recent events and the revelation of the Snowden affair, a large number of actors and countries in particular have taken positions in reaction in order to defend their sovereignty and have pushed forward for instance the notion of data sovereignty, requiring or intending to require the location of the data regarding their citizens on the territory.

This is a reintroduction potentially of physical frontiers in a certain way, in a technical infrastructure that was intended from the onset as a cross‑border architecture, not necessarily a completely borderless but a cross‑border architecture.

This is a challenge because the traditional notion of the international system is based on the separation of sovereignties and most international organisations are based on the principle of non‑interference in the affairs of some other country. The current situation is challenging this, and is putting in front of Governments an incredible challenge, which is: How do you cooperate to manage shared online spaces? That's the first point. This is a new type of challenge.

The second word that I would like to highlight, and this goes to what Joana was mentioning, is the notion of due process, of fair process, or any kind of element that ensures that the procedures for issues related to surveillance but also to law enforcement related to freedom of expression, privacy and so on, any kind of process that deals with Human Rights and the rights of citizens and Internet users have to be done according to a set of rules that are fair and en sure due process.

This is particularly difficult when you deal with transborder relations. When something is done in one country across the Internet and you have to obtain data, take down content, have to ask for the removal of a website. There is currently a lack of procedures to handle this and fair process mechanisms to handle the relationship between states, platforms, end users in a fair process manner across borders. And this question is reflection also of what happens here in this debate on surveillance because what we've been talking about is the implementation fair process, oversight, and that's the main issue. Because principles in themselves are not sufficient to ensure the protection of Human Rights. They are necessary but not sufficient.

If the procedures are not appropriate, if the National frameworks are not sufficiently protective, it is not enough. And even when the framework is present, the actual implementation of the framework may be faulty sometimes. And oversight is an important element.

Finally, the third word that I would like to use is the law of unintended consequences. The trend that we're seeing today, in reaction to the recent events and the debate on surveillance, is a very troublesome one for everybody. The notion that in reaction and by legitimate concern regarding the protection of their citizens, Governments are thinking about establishing rules regarding so‑called data sovereignty is something that we should explore with extreme caution. There are extreme technical challenges to do this, and there is a great likelihood that if you want to sort in the databases of large global corporations which users are from one given country or located in one given country, you might end up having to do a larger breach of privacy than the protection you want to establish, or the things you want to correct.

And the second element, and this was very present in a meeting that we organised in Delhi in the Internet jurisdiction project where the industry in India, not the foreign companies, the industry in India, was explicitly saying to the government, be careful what you wish for., because if the principle of data sovereignty is pushed too far you're harming the potential of the local industry to be an actor, a major actor, in the global cloud business.

So without elaborating, the challenge is we are in a situation where because there is no sufficient international frameworks for discussion, among the different stakeholders on those issues of sovereignty in the digital age, and due process, we run the risk of having a large number of uncoordinated actions by different Governments and different private actors that will look perfectly natural as a first step, but what was a communative effect will be harmful to everyone, which leads me to this my conclusion which is this meeting of the IGF has proved beyond doubt the benefit of addressing those issues in a multistakeholder format.

The fact that the whole environment has triggered an event that is likely to take place in Brazil is providing an opportunity to address some of those issues, and to probably hold a little on some of the National decisions that are under discussions until there is a certainty that the communative effect is not harmful. The Brazil meeting will be important. There are other processes. The meeting of the Freedom Online Coalition has been mentioned. There's been a great effort and I'm sure somebody in the audience will refer to on a set of principles called necessary and proportionate. There are not enough but that will certainly be part of the discussion.

And I want to highlight a final element regarding the Council of Europe recommendation two years ago that established the principle of no transboundary harm, i.e., the responsibility of States from the decisions at the National level that may have an impact across borders.

So those elements are aspects that require a lot of caution in the individual actions that the different Governments are contemplating to make sure that they're collectively for the benefit of an open and unified Internet.

>> JOVAN KURBALIJA: Thank you, Bertrand. Before we continue with the other commentators and remote participants I'd like to invite Jari who has to leave in about 10 minutes to reflect on the discussion so far especially from the point of view of the infrastructure and basic functionality of the Internet. Please, Jari.

>> JARI ARKKO: Thank you. Apologies for being forced to leave. I had another commitment in another room in a moment. And of course, much of the discussion has been at the different level not so much about the infrastructure perhaps or the technical things. I wanted to highlight a couple of things I've heard in the discussion so far. I really wholeheartedly agree with Ross about a fact based approach to this. This is really crucial.

The other thing that is important that was highlighted by many people, or almost everyone, is transparency, and the rule of law. Those are very good things, and worthwhile to work towards.

And then I kind of wanted to return also to the important principle question, and many of you had these points, as well, to look after Human Rights, multistakeholder model, decentralized nature of the Internet, in particular the multistakeholder model is really key for us to have an open, well‑functioning Internet that balances the different concerns, and I with pleasure noted the comments from Ambassador Fonseca Filho and others on how important the multistakeholder model is and there's consensus at least here on multistakeholder being the way forward. And I think it was Johann who commented also that the Internet needs to stay global. That really is true.

Sort of the only thing that I gathered from all of the discussions so far that kind of relates to infrastructure or technical things was this possible demand for keeping data local and I just wanted to raise an issue from the technical community perspective that sometimes we may have conflicting desires or requirements, and we need to be careful what we wish for.

I think a blanket requirement for data to be local within a country would probably harm innovation in the Internet. Because if I'm a small enterprise that comes up with a great idea, and I will invite users from all over the world, I don't necessarily immediately have an ability to build out facilities all over the place. I need to be able to innovate without too much burden.

And this is just one example of the kinds of things that we may run into, but we need to be careful about setting too many demands on how the network actually runs. The management and buildout needs to be possible still, and cheap. That's a key, and the innovation needs to continue.

So those were the short remarks that I have at the moment.

>> JOVAN KURBALIJA: Thank you, Jari. You gave us quite comprehensive overview of the infrastructure and technical aspects of the Internet, and a few warnings that we don't go too far with some prescriptions but more guiding principles, and nudging towards useful solution and leave everything as to develop more spontaneously.

>> ANNE-RACHEL INNE: Thanks, Jovan, and thanks very much Jari for joining us so far. I know that Joana had another commitment. You're still okay? Great. Fantastic.

So I'm first going to go to the remote participation people, and then I will come back to Nick Ashton‑Hart.

>> SUBI CHATURVEDI: Thank you, Anne. There's a question from Monika Arnett, who is a freelance reporter and a journalist from Germany. And her question is to U.S. and Sweden representatives. She wishes to know: do the more mighty technical tools oblige us to fundamentally reconsider intelligence legislation? Because we otherwise face a state within the State which blinds public trust, oversight, erodes democratic control, and starts to possibly blackmail those elected to govern. Thank you.

>> ANNE-RACHEL INNE: Thanks, Subi. So up to Nick now. Thank you.

>> NICK ASHTON-HART: Thank you very much. The Computer and Communications Industry Association is made up of many of the Internet's more successful business to consumer companies, so of course we have a strong interest in this, though I would say that our comments stand on their own and our members including Google, who are here, have made their own statements, and you shouldn't conflate the two.

I think fundamentally we're facing a problem that is not technical or an Internet problem even though the Internet has made ‑‑ the tools of the Internet has made it possible and many aspects cannot be solved by legislating, especially at the National level, about the Internet, such as Johann put on hosting. We have a paradigm where we're common digital citizens but also common digital foreigners, by which I mean that in the analog past, our nationally protected rights of privacy were protected because each country could only post, frankly, so many cultural attaches in their foreign embassies before countries would say: No, that's too many spies. You have to get out.

So you could only spy in the analog world frankly on a fairly limited number of non‑nationals. Unfortunately now that situation is inverted and it is now ‑‑ the lack of any legal prohibition on countries spying on other countries' nationals means that we're all in some way fair game for an almost unlimited amount of surveillance by countries, except the one we live in.

And so in previous debates about ACTA in Europe, SOPA, PIPA in the United States, we saw a strong reaction against using the Internet in a way that was harmful to the Internet itself, to solve a specific issue for the benefit for stakeholder or stakeholders, and in a way we can argue we have the same dynamic here where technology is being employed by security services to facilitate information gathering with few limits, especially on non‑nationals, thanks to technology, yet at the same time, the Internet relays on trust. Without trust, people simply will use services less. They will say less. They will fear more.

And right now, we have a debate that is largely focused I think on negative incentives, characterized by a lack of trust, an increase of suspicion, and a fairly continuous stream of revelations which I think we all realize will continue for quite some time. It's understandable that this would generate a lot of unhappiness.

But I think it also obscures a few fundamental things that we share in common, which is that we all would want to trust the online world more rather than less for social and for commercial purposes, that the further development and spread of the Internet, for those who have yet to go online, which is more than half the human family, is a shared goal, so efforts which make that more expensive or more difficult are not welcome.

That legitimate law enforcement efforts as relates to crime of whatever nature, that societies decide need to be interdicted, is a reasonable activity. That fundamental transparency in Government operations is important even if there is a tension about the relative level of transparency in some respects of Government activity.

We want our National Constitutional protections of rights to privacy and the like to have real meaning, online and offline. We want to enjoy the internationally protected Human Rights that are pretty universally accepted, even if they're not always universally observed as we would like.

These are profound common shared needs, and perhaps we can find a way to use them as a basis for a constructive conversation about the role of security services and law enforcement online as it relates in particular to the everyday lives of individuals especially those who are not employed by the Government or in Government service.

The debate we have right now, I don't think leads to a positive end for the Internet community, and especially for the Internet. But as a community, we have the knowledge and the incentive to work to change that debate. I hope that can be another shared interest that we can build on, recognizing of course that criticism of Government behavior is a fundamental right of all, and there must be room for such criticism.

But to return to my original point governments have a responsibility not to allow surveillance of their nationals to get out of control and ironically in a digital age, for those National protections to mean anything, that responsibility really cannot end at your National border because if it does, the result counter‑intuitively is that if everyone but you is spying on your nationals, how can you say that your National Constitutional protections have meaning name? They have even less meaning because you have no idea who knows what and is doing what in relation to you. In that vein I think the explanations we've heard from Ambassador Fonseca of the Brazilian initiative are welcome.

A conversation about what we share, the beliefs we share, is not something we should fear. It's I think essential if we're to meet this conundrum of an analog past meeting a digital future in terms of surveillance.

>> JOVAN KURBALIJA: Thank you very much for your excellent intervention. We'll try to tap this enormous expertise in the room, experience, expertise and knowledge and we will like to ask you for your comments and questions. I think there is one person in the room who comes from the organisation that can help us to address these balancing acts in the surveillance issues. We already heard about Human Rights aspect, security aspect, and Data Protection. And Council of Europe is organisation which has under its one roof three conventions and three institutional mechanisms for covering cybersecurity, Data Protection, Human Rights. I don't know if somebody from Council of Europe, Jan Malinowski, is here. Could you give us a quick remark, a few points, how to address this balancing act between different aspects? It has been underlying theme throughout the discussion, please.

>> JAN MALINOWSKI: The Council of Europe approach I think mirrors in many respects the different dimensions that have been mentioned here already, and I wouldn't go into that. I think that in substantive terms, what Johann Hallenborg has said is valid and it does exemplify the different responses of the Council of Europe.

But the Council of Europe approach I think can be described as multistakeholder. One has to listen in order to deliver good governance, one has to listen to the different voices and leave whoever is responsible for something to take the decisions, but taking into account everything that others have to say.

The Council of Europe response is multidisciplinary. There are different issues that need to be expressed in one topic and we see there are issues relating to National Security, to privacy, to freedom of expression, to crime, to rule of law. All of them need to be taken into account, and that requires a broad vision.

There are in the Council of Europe multiple responses. There are in addition to dialogue, there are responses that go through the intergovernmental negotiation line, with soft law, with recommendations, Bertrand de la Chapelle mentioned some of them. There are a host of others that would apply to this and there is hard law. There is international Treaty law as well. We have the cybercrime Convention that's been mentioned. We have the Data Protection Convention and above all we have the European Convention on Human Rights that encompasses all of it. It goes all the range from freedom of expression to others.

And we have multiple accountability responses, as well. We have political accountability. We have legal accountability in the court. We have discussions in the specialized Committees, in the Data Protection Committee, in the cybercrime Committee and so on.

In connection with the Snowden case in particular, the Council of Europe does not have a response or has not given or attempted to give a response at this stage but there are two things that I would like to draw your attention to in that respect.

Already from the '70s, the European Court of Human Rights has made it clear that a system of mass surveillance can undermine or destroy democracy under the cloak of protecting it. I think that's a very important statement. As I said, it relates to cases well before Snowden, well before the Internet.

And the other aspect which is very relevant to the Snowden affair is that the Council of Europe cares about whistleblowers. Whistleblowers who disclose information in the public interest should be protected, and I think that the discussions that we are having demonstrate that Snowden has made revelations and disclosures that are in the public interest. Thank you very much.

>> JOVAN KURBALIJA: Thank you for addressing this main dilemma if you have in the same room people from cyber security, data collection community and Human Rights community, what is the way to address the question of intersurveillance? And we will be facing it more and more, that interprofessional dialogue.

I saw some hands over there. Khaled, please. And over there, yes.

>> KHALED FATTAL: Thank you, Jovan. Can everybody hear me? Yes? Okay, thank you. My name is Khaled Fattal, Chairman of the Multilingual Internet Group. The issue that I see in front of us here is not about alleged or not alleged. It's really goes to the core and to the values of what multistakeholderism stands for.

Many who attend ICANN would remember that I took the lead on making this a topic that needs to be addressed by ICANN, by the international community during the ICANN Durban. Raising the issue that unless we deal squarely with the issue of surveillance, we are not giving the true value of how damaging it is to multistakeholderism.

This is like a cancer scare to the trust of the multistakeholderism we all believe in. We believe many of us believe in multistakeholderism from an altruistic point of view, and we believe in privacy, freedom online. I'm a Syrian American, and nobody needs to lecture me on the importance of democracy and privacy and freedom of expression. But when the values are being challenged of what this stands for, I think it's time to come to terms with greater acknowledgment of what damage has been done, and how to fix it is required.

In emerging markets, we're embarking on major events in emerging markets. This is the subject matter that people want to talk about at many levels of society. And unless we deal with it very, very squarely, very ‑‑ at a high priority level, we will not be able to diffuse the situation, because so far all I see is an attempt to diffuse, that people get it off their chest. The values of what we stand for is really what's at stake.

I'll just close with this one remark: The war against terror was angled at our values versus theirs. The war against terrorism is our values versus theirs.

What does it say that in pushing towards a free and open Internet, we discover we are spying on the rest of the world? It's again going back to the values. Please take note, a cancer scare does not get treated with an aspirin. It needs an acknowledgment of what had happened, and a desire and a genuine desire and process put in place to show this is being addressed and fixed, rather than just being an attempt to diffuse.

This is my recommendation, because all of us who believe in this do not want to see this multistakeholderism damaged. I will close with that remark. Thank you.

>> JOVAN KURBALIJA: Thank you, Khaled, contributing to the fifth basket on ethics and trust, importance of trust and values in addressing internet surveillance and we will try to organise our discussion along these main five lines. Please could you introduce yourself, Sir?

>> REN YISHENG: Thank you, Mr. Chairman. I believe we have ‑‑

>> JOVAN KURBALIJA: Could you introduce yourself?

>> REN YISHENG: Yes, okay. My name is Ren Yisheng. I'm from the Foreign Ministry of China. I was going to introduce myself in my mother tongue Chinese because I believe we have interpretation in the room so please put on your earphones.

Let me start by making my intervention in English while you are getting your earphones. I have a couple of points to make. Number one, we all have consensus on the common values of the universality or universal value of Human Rights. On the other hand, that we would also like to stress that Human Rights concept is an integral concept, it's a whole concept that we should not neglect the other parts or elements of Human Rights, which is to say that we have two sets of rights, civil political rights, economic, social and cultural rights, and in fact the right to development.

On the other hand, also there is a check and balance of rights. We have rights. On the other hand, we have our obligations, responsibilities. Our obligation, our responsibilities to the society, to respect the rights of others. This is the first point I want to make.

The second point is on Internet. I think that we have so many elements, so many factors that we need to look at. There is at least in my view that we have many elements that we need to look at. For example, the right to access. I think this is a very important issue for many countries, the developing countries in particular.

I'm glad that you're getting your earphones so that I can switch back to my mother tongue language, Chinese.

Since all of you have earphones right now, I'm going to switch back to my mother tongue. Over the past two days, few days, IGF discussed many important issues in relation to Internet development including the stability of Internet, the resource allocation issues of the Internet, and the Internet crime issues, spam e‑mails, as well as how to enhance the trust of the public to Internet.

Meanwhile today, the issues we're discussing and issues we discuss over the past few days is that some individual country carrying out largescale surveillance over other countries, like other Delegations of other countries, we are very surprised, very much concerned over this issue. We believe massive surveillance no matter over the individual citizens or other politicians of other countries is a infringement of sovereignty, National interest, and privacies of other countries, and also it poses as a threat to the safe operation, secure operation, of Internet operation.

Meanwhile, this conduct seriously damaged the public trust of Internet. Last but not least, I'd like to say to discuss the principle of Internet Governance, several points are extremely important, such as transparency, inclusiveness, participatory principles, and cooperation. And so on and so forth. Therefore, we're very much in favor of the points made by the Brazilian Ambassador, the governance of Internet is something that we have to work very hard on the basis of multistakeholder, no matter be it the Government or Internet companies, academic circle, Civil Society, no part should be excluded from this process.

We believe all people should participate. If you exclude any stakeholder in the course of Internet Governance, it's not good. Thank you very much, Mr. Chairman.

>> JOVAN KURBALIJA: Thank you for your patience with our technical facilities and readiness to address us in English, and I think you reiterated quite a few important principles for our discussion, and elements of trust, Human Rights, in comprehensive way, question of sovereignty and I think we have quite a few interesting points. We have intervention here.

>> SUBI CHATURVEDI: Thank you. Am I on? Hi. Is the mic working? Okay. My name is Subi Chaturvedi, and I teach communication and new media technology at a University in India. It's a women's college, and we run a Foundation called media for change. The issues that we primarily look at is how the Internet and new media technologies can empower developing countries. I thank Raul once again for organising this session because we're looking at some of the most important questions that go to the heart of the matter. At the core of the Internet is trust.

The fact that we can trust this wonderful empowering technology which data which is immensely and increasingly private, personal and confidential. I do want to raise a couple of points here. When we start talking about situations such as these, I'm reminded of a story and we all grew up reading Sherlock Holmes and one of the stories was about why the dog didn't bark.

And this was about how we've decided to keep quiet at moments such as these, and when we are faced with uncomfortable situations, we decide to take positions. This is an important moment, and I can't agree more with what Khaled had to say. This is about trust but this is also about working in a space which is collaborative and I do not believe that cybersecurity and concerns around sovereignty can exist in isolation without the consideration for individual rights of States and citizens.

And I do want to reiterate that this journey from being the slave to the citizen has been a long one, and when we come to this point, of data collection by Governments for what purpose, by whom, and for how long, and where is it going to be kept? When we create honey pots such as these, these are questions that we worry about, not just from the Human Rights perspective. And I come from India. We have laws to protect children and women, and vulnerable communities in particular and we have just had two 18‑year‑old girls go to jail for updating a status, because they decided to voice their dissent.

And this is all for our own good, which is what I hear increasingly more often from Governments across the world, but I do want to say that two wrongs don't make a right, but what we have with us is a wonderful process which is bottoms‑up, inclusive and multistakeholder. Yes, there might be problems in the current system but that does not mean that we privilege one stakeholder which is largely the Government and most of us do not know then when these conversations take place, whether our voices would be heard.

Democracy is a wonderful thing and a participatory democracy is an even better one but it's not the same as multistakeholderism. I think we've got a solution. We have a platform. Let's acknowledge this, let's take it from here, and let's keep working with this platform. But let us work to reinforce the system that we have in multistakeholderism.

I think that is the only way forward. Thank you, Chair. Thank you for giving me this opportunity.

>> JOVAN KURBALIJA: Thank you for bringing Sherlock Holmes into our discussion, as well.

>> May I? My very brief question is for Mr. Scott Busby. I was really pleased to hear a changed statement or a changed tone from the U.S. Government, and I would hope and I believe that it is a reflection of the changed mindset within the U.S. Government towards surveillance, and Human Rights and privacy.

And if that's indeed the case, I would like to ask you that at the center of this whole ‑‑ at the center of these developments is a man called Snowden, whom Mr. Obama has referred to as a traitor. Is that still the position? Or has that position changed? Is this changed tone from the U.S. reflective also of the position on Snowden?

Because it's an important Human Rights issue. Snowden as a cause and Snowden as an individual, I'm talking about Snowden as an individual, what does the U.S. Government want to do with him? That's my very brief question and I would like that answer. Thank you.

>> JIMMY SCHULZ: May I? Okay. My name is Jimmy Schulz and I was a member of the German Parliament until Tuesday and the Committee for Internal Affairs and Home. And I've been taking care of the issue since it occurred.

It was said the whole thing of surveillance is not new. It was said that others do that, too. That's true. That doesn't make it better, and that's no excuse.

A question to Google: You said you don't give direct access, which sounds a little bit like Keith Alexander said in last year's Defcon, we don't spy on every American. That doesn't mean we don't give direct access. Is there any indirect access?

Because you've talked about legal interception, are you forced by any law not to tell us everything? That's a question to Google.

To the U.S. Representative: Keith Alexander said earlier this year those who encrypt are treated as potential terrorists, wherefore I am a potential terrorist. Do you think I am a potential terrorist?

And you also said some countries are taking advantage of the situation. Does this apply to Germany? Because I think the whole thing is an earthquake in our relationship. Friends don't do that.

And you said you're taking recommendations. I give you something that is not a recommendation: Stop surveillance now. But to be more coming to the point, I think we have to take three steps. First of all, I expect and I think we need complete transparency, complete transparency which means you have to tell us everything, and everyone has to be open on that issue.

Second, what we need are international contracts that friends don't spy on friends. And, third ‑‑ and this is a thing we really should do ‑‑ is encrypt all our communication so surveillance won't work. Thank you.

[ Applause ]

>> Thank you very much. Yes?

>> EVERTON LUCERO: Hello. So I'm with the Brazilian Government. I think we are dealing with a situation now that requires clarity in terms of what we need to address in the future, so as we avoid that it will ever happen again.

I mean, the unprecedented mass surveillance and un authorized monitoring of communications of millions of citizens worldwide by one intelligence Agency of one single country has naturally revealed something. First, I agree that it reveals we do not have a technological gap to fill in. This is an ethical and a political question. We have an institutional gap clearly. Because the only way that we will avoid there to happen again is if we agree in a set of principles and norms, and an institutional framework that would on the one hand recognize legitimate multistakeholder processes, and on the other hand, create an ethical ground for every actor to behave in the future in a way that will not damage Human Rights and privacy of any citizen in the world based on any grounds.

In particular, when it comes to National Security, I believe this argument does not stand for it any longer since you may hardly conceive a situation in which normal Brazilian citizens or companies or authorities are violated in their privacy. Is that done in the name of National Security? And how come? Does that mean that there is a suspicion that millions of Brazilian citizens and Brazilian companies and authorities are somehow involved with terrorism or any other activity that may be harmful to National Security of other countries?

As a Brazilian citizen and as a Brazilian public servant, to me, these are questions that are still to be answered. And the only thing we can proceed with this in order to create a new vision is to get together all the stakeholders and think deeply about how to make sure that we will agree on a minimum core set of rules and principles that will become the norm, and that will be observed from now on, so that this situation will not repeat itself. Thank you.

>> ANNE-RACHEL INNE: Thank you very much, Mr. Lucero. I'm going to ask for you forgiveness for a few minutes. Given what Everton said I would like to call on our commenter, Megi. Megi is a special consultant with the right of Internet users so we'd like to hear from him now. Thank you.

>> MEGI MARGIYONO: Thank you, moderators and Chairman. As I am an Information Technology lawyer, so my comments will be on the legal aspects. I think our discussions should move forward, not just track a debate whether the surveillance are accepted or not accepted, but on how to make Internet still free and open despite surveillance activities. One of the issues is striking the balance of rights, the rights of security and the rights of privacy and freedom of expressions.

However, to make globally accepted set of standards, principles, and rule to striking the balance of those rights seems difficult, because despite Human Rights is accepted as universal rights, but the applications of Human Rights differs from places to places.

Also on the threat of security issues also different from countries to countries. Freedom of expression in the U.S. is regarded as quote, unquote, the most important right, because protected under First Amendment, but privacy in the U.S. is not clearly whether it's protected under U.S. Constitution. At least it's not written on the U.S. Constitution, despite there are some interpretations that privacy is Constitutional right in the U.S.

On the contrary, in European countries, privacy is most important and there are some sets of limitations of the applications of freedom of expression. We know there are margins of appreciations that apply and applications of the freedom of expressions in European countries.

In Asia, privacy and freedom of expression seems not a strong right, and not strongly protected. Government of Asia like Indonesia pay more attention on security than freedom of expression, also privacy. Some say that privacy don't have cultural rules in Asia like Indonesia.

So regarding to the matter of facts, it seems difficult to set up a globally accepted rule to striking the balance of these rights.

Sorry. However, democratic on the surveillance activity is very important. Maybe the surveillance activity have to be commissioned by Parliament to make sure the surveillance technology is not abused by Government. It's important because technology of surveillance has been proved to be abused by some Governments of Emirates Arab Union and Bahrain. According to a report, surveillance technology provided by United Kingdom company named Gamma Group International is misused to monitor journalists, bloggers and activists in those countries. That is also a report that militia use surveillance technology to monitor the activities of opposition parties prior to the general election last year.

And Indonesia just signed a contract with Gamma Group International on September this year and we should make sure that Indonesian Government don't use this surveillance technology to monitor the opposition activities on the election next year.

>> JOVAN KURBALIJA: Thank you. For our next speakers while they're queuing, a few ideas I can think of. One is this question of balancing act ‑‑ and we just heard that balancing act is not the same in Europe, Asia, United States and other places ‑‑ between security and privacy. Second point, we have the rules on privacy protection and international Government on civil and political rules, and as I've already indicated, there is a question how to apply it, what are the mechanisms.

>> One more point, please.

>> JOVAN KURBALIJA: How we can make the next ‑‑ while you're waiting in the queues think about these two issues: Balancing act in different regions and how we can move from applying the general rules to the problem that exists. Thank you.

>> RAUL ECHEBERRIA: My name is Raul Echeberria. I'm the CEO of LACNIC. I think that some consensus seems to be emerging from the discussion. One thing is that it seems that all of us agree that massive surveillance is something bad. It is something that should not be done, no matter who does it and no matter what are the motivations for doing it. There is also a kind of consensus that some kind of investigations should be permitted using technology but that this kind of use of technology should be done based on the respect of Human Rights given the due process warranted to everybody.

And I have heard many people speaking, using almost the same words about principles, and that any use of technologies for this kind of purpose should be done in the framework of certain principles so here is my question for all of the panelists, because it seems that the speech of the representative of the Swedish Government was very interesting, and it seems to me that they are applying this concept. So my question for all the panelists is: Could be what the Swedish Government is doing a basis for continuing to develop this concept and trying to get a solution in the future? I'm not expecting to have a full agreement today about the principles.

But probably we can get a kind of common view in this session about that this is the path forward. Thank you.

>> MATTHEW SHEARS: Thank you. My name is Matthew Shears with the Center for Technology and Democracy. A couple of comments on what we've heard so far. Let's not trivialize this discussion. I've heard others are worse, NSA envy, alleged hypocrisy. When we use the sentence "others are worse," that's no justification for our own mass surveillance. When we say NSA envy, that's pretty serious stuff, because there are countries out there who are exactly saying that, this is not a joke.

And it is hypocrisy. It's not alleged so let's be clear on this.

Second, thank you to the representative from the Government of Sweden for saying there is no balancing act. We've waited a long time for someone to say, there is no balancing act. Respecting Human Rights increases security, diminishing Human Rights diminishes security.

Three, Frank La Rue, to paraphrase him ‑‑ I'm sure very poorly ‑‑ says that mass surveillance not only makes a mockery of Human Rights, but threatens the very foundations of our societies and the rule of law. Let's remember that. It's very important.

And finally, I don't know about everybody else here, but I have not lost my trust in the Internet. Let's stop saying that. I've lost my trust in the institutions that use the Internet for the purposes of undermining my fundamental rights. Thank you.

[ Applause ]

>> PINDAR WONG: Good morning. I am Pindar Wong from Hong Kong. Hong Kong has been where Snowden chose to make his revelations. My question really was a question is about forgiveness. Partly because as a long time Internet participant, I think what's been demonstrated is spying on an open network or surveillance on a network are low hanging fruit. We really shouldn't be surprised. What we are surprised on about is the scale. So I'll echo what Jimmy Schulz's intervention in terms of full disclosure.

Those of us who have kids know that kids make mistakes, and although the Internet is in its adolescence, looking forward clearly there's been a mistake that has been made. So a starting point really is that full disclosure. It may be naive to ask it. I'm not saying who discloses to whom, but it is a basis of recognizing that you've made a mistake, coming clean, and then going forward.

But what is that going forward? What is that vision? I don't agree with the previous intervention by the CTD guy. There is no balancing act. At least I have a very clear vision of the future that we wish to build, and I think I would suggest that whilst there's a temptation to fall within our National boundaries, to go back to what I would call a pre‑internet era, let's not forget the opportunity before us, the opportunity to really build trade.

And let us view things in positive terms. The next 1.5 billion people perhaps will be coming on the Internet through their mobile phones, making payment over that mobile network. So let's not also look at the issue of routing money over the Internet.

So trade, money, these are all very important issues and those issues if we have a vision of our future, I would hope we can find forgiveness because I'm not surprised of the surveillance, I'm surprised about the scale but let's find mechanisms to reestablish trust and let's look at how we can do so through the old '70s concept: Peace through trade. Thank you.

>> MARKUS KUMMER: Just a quick correction to the scribes. Please correct in the final version the name of the gentleman who just spoke as Pindar Wong. Thank you.

>> MIKE GURSTEIN: Mike Gurstein from the Community Informatics Network from Canada. It's a global network. About a month ago I wrote a blog post arguing or pointing out that the Internet was in fact a two‑way system, and that the National Security Agency while drawing information from the Internet, was also fully capable of putting information into the Internet, and having significant impacts in many of the places, if not most of the places, where it was drawing information from.

In the meantime, we've had confirmation of that, direct confirmation, one being the fact that Mr. Cheney's heart pacer was made hacker‑proof because of fears that using the Internet, it was possible to interfere with his pacemaker and assassinate him in that way. That came out recently.

The second was the use of the Internet and Internet surveillance as a direct input into the drone wars that's being conducted in various parts of the world as guidance systems and as direction systems for these drone wars.

I guess my observation, it's not really a question, is that I think we're dealing with something far more serious than simply surveillance. I think we're dealing with the potential for the active intervention in spurious and potentially dangerous ways into whatever elements of the Internet that we use for whatever purposes that we choose to in our daily lives, including our banking, our health records, our internal organisational communications, our financial communications, and so on and so forth, so that whatever response that's developed into the issues of surveillance also have to take into account the issues of aggressive and offensive actions by those who are in a position to undertake this kind of surveillance. Thank you.

>> And the speaker's name was Michael Gurstein. Thank you.

>> WOUT DE NATRIS: Good morning. I'm here on behalf of NLIGF and reporting back on discussions we had which were relevant. I think one of the main things that came up in the two panels that we did is that Internet is becoming more and more a part of our lives and isn't it time to start acting towards the Internet as if it is normal and not something which is far away from us and unseeable. So in other words if that is true, then what goes on in regular life also goes for Internet life so that would mean there's a triangle of economic development on the one side and the other side is security and the last part is freedom. So in other words, if you treat it like that, then economic development becomes possible, and the Internet becomes safer because there are so many best practices we heard of that it's about time that we stop talking and start to act upon those best practices.

And I won't recall which ones they are but they're in the transcripts. You heard some excellent ones.

And some things that really came forward is that would if Governments want the Internet to be safer, then start showing leadership through showing the best practice. So we did a head count saying who actually orders software off the shelf, or who says, I wanted to have this, this or these qualities before you can sell it to me? And only the commercial parties showed their hands saying, we're doing these sort of demands on software and all the Governments were looking, what are we talking about?

So in other words if you want leadership on security for the Internet, then start showing it yourself by demanding security before you buy something from the Internet.

And the last comment I would like to make is that we tried to envision how large this table should be if you want to have all parties discussing Internet Governance, and we probably have a table as long as this hall up and down and still not enough. And about 50% of the people know each other and still they're responsible for making the same products. So how do you get these sort of people at the table? Maybe never. But let's start with software developers, because they're hardly here in the IGF discussion, they're hardly ever there so Governments can show leadership in security by bringing the right people to the room in your country or regionally or internationally, and start discussing security with the right people, because that's the only way to make the Internet more secure.

And that was one of the comments made by the IETF, which I think made some excellent comments during this IGF, and I was happy to hear them.

>> JOVAN KURBALIJA: The last two presentations brought the broader context for this issue and importance of this issue of surveillance also for individuals, and the way they use the Internet. Now we have the next speaker.

>> JOHN LAPRISE: Good morning. My name is John Laprise. I'm a Professor at Northwestern University. As a scholar and historian, I'm surprised so many States are so surprised by the scope of the NSA surveillance, and I'd just like to offer to those States that perhaps you better take a better look at your intelligence‑gathering entities in your own countries, because they're either demonstrating incompetence in terms of not seeing the history of intelligence gathering or they know about it and are not saying anything, in which case they're guilty of collusion. Either way you have a few problems to remedy in your own countries for your own intelligence organisations. Thank you.

>> JOVAN KURBALIJA: Thank you. Nothing new under the sun.

>> NORBERT BOLLOW: Thank you. My name is Norbert Bollow, speaking in personal capacity right now as a human being who cares about my Human Rights. I start by echoing some remarks that have been made. We should not try to balance Human Rights and security. We need security that protects our Human Rights, our ability to fully experience our Human Rights.

We already have a good set of international Human Rights standards. What we need is the ability to effectively enforce them. This requires, as it has been said, full transparency. And I think it requires an international Treaty of sorts to deal with these widespread transborder Human Rights violations that we have experienced.

And perhaps most importantly, we need to get serious about looking at the technical side of metadata encryption. This is much more difficult technically than encrypting communications content. I am absolutely convinced it can be done, but it requires a fundamental rethinking of the architecture that we use for communicating via the Internet, so I propose the creation of a Dynamic Coalition of metadata privacy protection. Thank you.

>> JOVAN KURBALIJA: Thank you. We have the last two comments and then we'll pass the floor to the panelists, last three comments, I'm sorry.

>> MALCOLM HUTTY: My name is Malcolm Hutty. I work for the London Internet Exchange, and my comments are informed by this, but I'm speaking entirely on my own behalf. I think we've heard a great deal of "can't" about the surveillance issue. It is plainly and always has been the proper purpose of intelligence agencies to gather information about foreign countries, and their activities, insofar as they affect the essential National business and the proper business of security services to identify and do something about those that would cause us harm.

What has changed however is that it is now being said that these proper purposes can only be purr sized if the intelligence and security agencies essentially know everything about everyone. This has never been previous approach of anything except totalitarian societies. And if the Heads of Intelligence and security services cannot be persuaded their mission can be pursued in other fashion I hope that the political leaders will understand that the reaction that's being built around the world here shows that it's worth more than the beliefs of the appropriate way to pursue their mission on the part of those authorities. It is undermining our friends and allies.

Secondly and finally, the activity that work to undermine the protective security mechanisms, in particular undermining fundamental encryption standards, do not merely help the intelligence and security agencies identify those that would do us harm, but generally advance the interests of those who would penetrate information systems and undermine those who would protect them. Fundamentally this is a poor tradeoff for the National Security interests. I would urge you to consider the consequences to business, as well as to citizens, of making flaws generally available as they are becoming generally available to those that would penetrate information systems whether they be states or not state actors. This is an owned goal. Thank you for your attention.

>> PRANESH PRAKASH: My name is Pranesh Prakash. I work with the Center for The Internet Society in India and with the Yale Information Society project. While issues of Human Rights privacy and surveillance will be dealt with at the National level, and there are some indications that in some cases they are being dealt and reforms are ‑‑ will be attempted at least, we need to agree that privacy is a right that belongs not just to the citizens of one country or another, but no one country should be able to deny me the right of being human that privacy is indeed a human right and a country can't escape its international Human Rights obligations by saying that we are safeguarding the privacy of our own citizens and only our own citizens.

Second point I wanted to make is that mass surveillance at the level of Internet infrastructure and architecture as is being done by countries like our friends in the West and India, are contrary to the UDHR and ICCPR and its non‑targeted, non‑proportionate, non‑reasonable nature makes it an arbitrary or unlawful interference in the enjoyment of privacy, that this is contained in itself in International Human Rights Doctrine that mass surveillance of the sort that we are seeing today, especially at the level of the Internet infrastructure, just is not legal. Thank you very much.

>> FURIYANI AMALIA: Thank you very much. My name is Furiani Amalia. I'm from Indonesia. During the last few days we have heard and listened to many challenges that portrayed by multistakeholders in the Internet field. However, we also come up with the common views that trust and cooperation are important issues that we should address. We have a problem of trust there but we cannot stop just right there.

So we need to think what IGF as one of maybe the most Forum that involve many various multistakeholder worldwide. That we need to think what IGF could offer in the future, what IGF can do in the future in leading the role of setting out the principles or norms that are agreeable by all stakeholders, because in this multistakeholder Forum, it's not only to speak up what your interests are. It's not only a Forum to tell everybody else what your concerns are but we need to understand what other interests are so therefore IGF should be a bridge for all stakeholders to be a Forum where everybody can understand each others. Thank you.

>> ANDRES AZPURUA: My name is Andres. I come from Venezuela as part of ISOC Ambassadors Programme. My country is a relatively small country with Human Rights problems makes completely no sense in making the decision if you have Human Rights problems or challenges as they like to be said here.

It doesn't make any sense distinguishing if they're online or offline so I would like to put my perspective on many of the subjects we've been talking in this IGF from the perspective of small countries that are not frequently represented in this Forum or that their issues are not usually commented too much. It's a little sad when Governments defend their actions by saying that they only target foreigners as if they were not subject to Human Rights, and the international Declaration of Human Rights.

I'm also really sad to see that the U.S. who had a very strong agenda in pushing it throughout the world now lacks the moral authority to keep doing that. I think it's time for other countries to step up if they decide not to change their policies.

Mass surveillance and other advanced persistent threats that are more targeted are being used not only by big Governments, also by small ones. In the case of these Governments, usually the controls and oversights are even more weak than in the famous case we've all been discussing. So it would be of much help for countries like mine to actually know what's getting into our countries, because most of this technology doesn't come from our own industries or our own tech industries. It comes from developed nations or nations with stronger IT industries.

So more controls and transparency in those important experts would definitely help activists like myself.

So as I said I'm not a lawyer. I'm just an activist with a tech background. And for me, it's obviously clear that mass surveillance should be treated as a huge Human Rights transgression. So I hope that in the meantime, we learn to use encryption correctly to protect ourselves, our colleagues, and our work. I hope that for next IGF or next meetings of this kind we'll see a lot more PGP fingerprint keys on business cards so that we could start to share the knowledge on how to communicate effectively and securely. Thank you.

>> ANNE-RACHEL INNE: Thanks very much. We're going to go to the online remote participation. Subi?

>> SUBI CHATURVEDI: Yes, we have a question, there's one from Twitter that talks about what Government can do another from the same team about ethics and trust, and this is a question to European Governments. Sweden, as a representative of Europe regarding the individual Snowden issue who has done a great service to the global public in making this information accessible, do European countries consider him to be a whistleblower who needs to be protected? Or is he to be considered a traitor who should not receive protection?

Would any European country, any member of the Council of Europe, now be willing to grant Snowden asylum?

>> ANNE-RACHEL INNE: That's very much. So I think we're going to wrap up a little bit Jovan and then we're going to give the floor to our panelists to respond to some of the questions that we've had. Jovan?

>> JOVAN KURBALIJA: There were ‑‑ I think there was quite high level of consensus of both problems and main issues and controversies, and here are a few points.

There is agreement about the severity of the problems. I think it was equaled in all intervention comments. And also highlighted that there is a question of trust, fundamental trust, as underlying element for the success in the future development of the Internet.

Second point, I think we agreed that there are existing rules in international law that cover this issue, and there is Article 17 of the International Covenant on Political and Civil Rights saying clearly that no one should be suggested to arbitrarily or unlawful interference with his privacy and so on. The international law exists. As we know, international law is sometimes not easily applicable and then we come to the next point which was raised in many comments from Bertrand, how to apply international law. What are the procedures? And here the key words were: Checks and balances, introduce checks and balances, careful transparency, use due process, observe the rule of the law, and have institutional division as Johann from Sweden mentioned between different players in this field.

That will be the main challenge, and one can argue that maybe some new reporting mechanism of existing conventions should be introduced, or it should be introduced in universal periodical review in the work of the UN Council of Human Rights. We're speaking about the way how to implement existing rules.

There was a bit of ‑‑ there are quite a few different views about possibility of having win‑win solution or balancing act. We should act and we should aim for win‑win solution by achieving Human Rights protection through more security. But we should be equally ready to have some balancing acts, because it is reality of political life.

What are the next steps? First, we are waiting for the results of the review process in the United States. In the meantime, there are quite a few international initiatives in the UN Human Rights Council, and it will be moving on especially on the issues on protection of privacy and Data Protection.

And we should start exploring some National models like Swedish model for tackling these issues and these delicate balances between security, Human Rights and Data Protection and it was clear from all interventions the topic is extremely important and the IGF should find ways and means to continue discussion including proposal to create Dynamic Coalition dealing with these issues.

I hope it reflected in a few Tweets what was ‑‑ were underlying messages. Please.

>> I think there is one important issue that I should address, it's the liability and responsibility of technology providers. Technology providers should ensure that technology, they provide not be misused by Government so there should be any legal remedy if the technology used to suppress or to monitor the activity of activists or journalists. So there is the contract between the technology providers and Government should be cover an Article saying that the Government only use this technology for legitimate purposes, not misuse et cetera.

>> JOVAN KURBALIJA: We'll start now with our panelists answering the questions and commenting on overall discussion and also this underlying elements for possible summary of our discussion.

I think we had the most questions addressed to Scott. Scott, could you start, please?

>> SCOTT BUSBY: Thank you, Jovan.

>> JOVAN KURBALIJA: It's not surprising.

>> SCOTT BUSBY: I'm not sure I'll be able to answer them all, but I'll do my best. First of all I want to thank my Fellow panelists, commentators as well as the audience for all of your many thoughtful comments and questions. The United States Government is here in force. There are over 10 of us here. On the heels of a Government shutdown, mind you, which there was travel restrictions on virtually every U.S. Government Agency, and I hope that demonstrates to all of you not only the seriousness with which we take the IGF, but the seriousness with which we take this issue.

We intend to take back your comments, your questions, to report back to our senior leadership on what we've heard here, with the goal of ensuring that those views are taken account of in the deliberations that are now taking place in the United States.

Second of all, to Khaled who first made this point but the woman from India, as well, about the seriousness or potential lack of seriousness with which we take this issue, I don't think that President Obama and the rest of the U.S. Government is not taking this issue seriously, is trying to deflect. The President has taken extraordinary action in setting up this review Board of independent experts to give him their best advice on how the U.S. should move ahead on this issue.

As I just mentioned, the U.S. Government has come here in force knowing this issue was going to be at the heart of the discussions at this IGF and willing to engage with you, to hear you out, on this issue. So we take very seriously this issue.

With regards to transparency, which several commentators mentioned, the President has already ordered that as much transparency about what the NSA has been doing, the judicial orders relating to the NSA activities, that those be released, and indeed, you can find those online. If anyone wants to know the site where they can be found, I'd be happy to send that to them.

On Edward Snowden, I don't have anything to say on that beyond what President Obama has already said, so I would refer the questioner to what President Obama has said.

On China, on our intervention from a colleague from China, I would simply ask anyone who has questions about the Human Rights situation in China and the Human Rights situation in the United States to look at any independent Human Rights report on these issues, and draw their own conclusions. One of the best reports I think is the Freedom on the Net report issued by Freedom House. We have Freedom House here. There are copies of that report here. That report is critical of the United States, I would mind you. It's not often that a Government official refers people to a report that's critical of the United States.

I would urge people to look at that report, and draw their own conclusions.

To the Indonesian representative, the lawyer here, who asked about privacy in the United States, so interesting story here in the United States, for good or worse, we have a very old Constitution in the United States, older than most countries, and the concept of privacy actually post‑dates the creation of our Constitution.

So, yes, the concept of privacy is covered by our Constitution, but it's covered through legal interpretations of that Constitution by our Supreme Court. And there are a slew of decisions in the last century that essentially create this concept of privacy and indeed it is now considered a Constitutional right.

And lastly, there were several questions about the NSA and sort of the NSA out of control, being a state within a state. I would just urge folks to look at what the President has said. The NSA and these activities are subject to judicial review. They are subject to legislative review, and the NSA finally is subject to the command and control of our Commander in Chief, namely, the President of the United States.

So the President has said what he intends to do in this area. He has empowered a review panel to look at these issues, and we will be considering the recommendations of that review panel going forward. Thank you.

>> ANNE-RACHEL INNE: Thank you very much, Scott. Now we go on to Ross.

>> ROSS LaJEUNESSE: Thanks very much. I want to echo Scott's sentiments that I've enjoyed today's panel, and particularly enjoy hearing questions from all of you. And so I've taken a couple notes. I don't think I was as thorough as you were, Scott.

But to Jimmy's question, I appreciated that very much, about direct access versus access. It's a very good point. When I meant we don't provide direct access, what I meant is that we really don't provide access to the infrastructure. I was trying to draw distinction between that and the process I outlined that when we get a legal request from the Government, we look at it thoroughly, and so it is possible for the U.S. Government to get user data, but only through that process that I outlined in my remarks. So thank you for that clarification.

There was a comment or question from a remote participant about user trust. And that is something that we are very focused on. It really is what drives everything we do at Google, so we're incredibly concerned about the impact of users' trust on us from the Snowden revelations. It drives everything we do. It's why we spend the resources that we do on our security infrastructure, on our encryption, with search encrypted by design and Gmail being encrypted and I would make the point that I feel the cloud is certainly more secure than alternative models as Bertrand characterized it, data sovereignty, data localization. The cloud is much more secure than that model.

But this issue of user trust drives much more than our security infrastructure and our technology. It drives the work we do on Internet Governance, our membership, our founding membership in GNI, which is a third party which audits the practices of companies. It drives our development of things like Project Shield, which allows independent news sites and similar sites to take advantage of Google's own security infrastructure for those sites that have been subject to DDoS attacks and the like, and it drives our sponsorship of Civil Society and our work which we do really in each and every country in which we have an office on free expression from issues like intermediary liability in Thailand and India, to even more challenging situations in parts of Southeast Asia.

Finally, to Matthew's intervention from CDT, as Matthew well knows, we are a strong partner of CDT for pushing for greater transparency in the United States, and we see I think very clearly eye to eye on that and so I wanted to clarify Matthew's point. When I said that others are doing it too I thought I made it fairly clear about five or six times in my comments but I'm happy to say it again, I'm not trying to excuse or trivialize in any way the revelations that have come about, about U.S. surveillance but I am making the point that this is not just a U.S. issue. That this is happening everywhere around the world and I think it would be unwise of us to focus solely on the U.S. surveillance programme, and not focus on the very real challenges that are occurring everywhere else around the world.

So that was may point and I thank Matthew for giving me the opportunity to clarify that. And I think as I'm checking my notes, that was it. But someone correct me if I'm wrong.

>> ANNE-RACHEL INNE: Thanks very much, Ross. Next on our panel is Johann.

>> JOHANN HALLENBORG: Okay. Thank you very much. A couple of points from me, as well. There was a question about the powerful tools and resources if that has prompted any change in our society and any legislation. And the answer in my country is: Yes, it certainly has because that has created an all‑new way of looking at this, of course.

And around 10 years ago, discussions intensified in my country on how to find the right legislative framework for this, an area which largely were unregulated before, and so after long negotiations, a draft law was presented. It was thrown out of Parliament, wasn't approved, back to Government. Again the second draft wasn't approved, because of the Parliament felt that the protections for privacy were not good enough.

And the third draft eventually was approved in 2009. This law applies equally to everyone, every citizen. There was a question about not making a difference between different nationalities. It applies equally to Swedes and non‑Swedes. And it includes a fair amount of special mechanisms to protect individuals' privacy. Amongst other things, it includes a special court which takes a decision in every case of signals surveillance.

This law is now being put to the test in the European court of Human Rights. It's being challenged, and we welcome this of course. We welcome to hear if the court in Strasbourg finds it lives up to the standards of the European Convention on Human Rights.

There was a comment on Article 17 of the ICCPR. It is true, it establishes the fundamental right to respect for private life, which is I believe the accurate wording. We believe there may very well be reasons to look at Article 17 and see how we can increase our understanding of how Article 17 should be interpreted.

There are a number of different ways to do that, and we're currently engaging in Geneva and in New York to find ways of promoting the best way forward.

Finally, a few comments were made on the Swedish model. I'm not sure I really know what that would be, but if it refers to the fundamental principles that my Minister outlined last week, we are more than happy to discuss on the basis of those the way to go forward. And indeed, those principles are integrated in our law and in our framework, so in a way, it will ‑‑ I suppose it does represent the Swedish model.

Finally, I am not representing any other country than may own country here on this panel, so I am not in a position to speak on behalf of Council of Europe Member States or European Union Member States when it comes to Edward Snowden. I can just conclude that his Human Rights should be respected, period, regardless of the label that you give him. Thank you very much.

>> ANNE-RACHEL INNE: Thank you, Johann. Joana, you've heard most of the comments. Would you like to say something more?

>> JOANA VARON: I just would like to make some remarks for us to include the comments on Mr. Bollow in this panel report because I believe it's an important Human Rights issue and we're only here debating surveillance because of them. And I'd like to ask Scott and the U.S. Government to give further thoughts about this. That it seems penalties for whistleblowers are getting worse and worse, and I'm not referring only to Snowden.

A person who leaked the information about the war in Iraq is in jail with a 35‑year sentence after remaining for three years without a sentence and according to notes from The Guardian that I quote here, "Manning’s three‑and‑a‑half‑decades jail term is unprecedentedly long for someone convicted of leaking U.S. government documents. Compare, for example, the ten years received by Charles Graner, the most severely punished of those held responsible for the Abu Ghraib torture in Iraq." So the jail is not only talking in Russia.

These people had normal importance for the countries we believe today are being severely punished and in a dilemma between being traitor to a nation and providing openness and important information to the world, I think that most of people here with good faith and will would go for traitor. So that's it.

>> ANNE-RACHEL INNE: Thanks, Joana. So we've heard quite a few things, and I think we're going to give a few seconds to ‑‑ minutes to our commenters to respond. And we're going to start with Ambassador Fonseca. Is the mic around?

>> BENEDICTO FONSECA FILHO: Thank you. And very briefly much has been said and I don't have much to add, just also in reaction to what was proposed and the question that was formulated by Raul Echeberria from LACNIC, I would like to comment that the Swedish model, not the Swedish model, but the points that were raised by your Minister of External Relations at the civil conference really provide a very good basis for our work in regard to the issue of privacy in relation to security, which is of course one of the focus areas and core areas of the speech our President delivered at the United Nations. So we'd be comfortable in working within this framework.

But just to recall that we have proposed and the President has proposed we should aim at having a larger set of principles, and taking into account a huge amount of work that has already been done in that regard within different contexts, it has been mentioned the Council of Europe, we could refer to our OECD so we have a different set of principles but of limited in scope of participation so we are aiming at something of global nature that would encapsulate the core norms and agreed principles that should guide us through.

And just reiterate the invitation and the call for participation in the Brazilian meeting to be held next year. And if you allow me just a very brief comment in regard to this, I was referring before to the kind of misunderstandings that sometimes occur, and the President has termed this meeting as a "Summit," and it must be understood that from the point of view of Government, what we are aiming at is at a very high‑level event that would wishfully be able to make kind of decision that could impact on the work we are doing.

So this is the meaning of saying a "Summit." It should not be interpreted as meaning it's something exclusively for Governments. I think this is the kind of conceptual difference that sometimes must be spelled out. When we say "Summit," we mean a meeting that will be ‑‑ will have authority enough to make decisions. And at the same time, the President clearly also spelled out that she would expect Civil Society, private society, all stakeholders to be represented, and I would dare to say on an equal level as regard any decision‑making process that might be ‑‑ might take place at that point, which we aim of course at some kind of consensus.

So this is just very briefly to reiterate something I said before, and to specify that as we go back, our President is due in the next few days to make an announcement on the basis of everything we heard and the very important inputs we have received and ideas that were presented here. I would not at this point like to anticipate anything the President will say. I think sometimes we like to interpret what she has meant. I think it's as a disciplined civil servant I would prefer the President herself to spell out.

Of course, this will not be a decision or anything made in isolation but fully taking into account the multistakeholder aspect we want. But as the host of the meeting, I think it would be the President's prerogative to decide for example on the Summit aspect or not and this is something we will invite all to be there, and again the announcement to be made in next few days. Thank you very much.

>> JOVAN KURBALIJA: We'll have a few treats if it is possible Nick and Bertrand and we have one comment. We're closing the Plenary Session and the comments, we're wrapping up and if it is of relevance for the wrapping up comments that we will hear.

Please.

>> BERTRAND DE LA CHAPELLE: Thank you, Jovan. I wanted to reaffirm one element that after this panel, it is clear that the answer to excessive surveillance cannot be the proliferation of National frameworks establishing data sovereignty but rather increased oversight and increased due process respect and assessment of the impact of transboundary action or impact assessment for any National measures that has a transboundary action. Thank you.

>> JOVAN KURBALIJA: Nick, please.

>> NICK ASHTON-HART: Thank you also for inviting me to speak in general. One thing that struck me here is that I think we have many different National approaches to surveillance and the protection of individuals in relation to it, but very little have I found published that actually spells out and contrasts the different choices countries have made, and the reasons why they have made them.

I know in Latin America, recent very serious Human Rights violations by security services in living memory have made this issue particularly sensitive in that region, for example, and in Switzerland I know we had a similar scandal in the '90s that has greatly changed the way surveillance is conducted by Switzerland and we've heard a bit about the Swedish protections.

Perhaps it would be useful to have more clarity and be able to compare different systems and understand the choices that they made, and I would say also, the interparliamentary Union in Geneva, the home of the world's Parliaments, perhaps should discuss this issue to see if the world's Parliaments can share information, understand each other better, and perhaps that would help.

>> JOVAN KURBALIJA: Thank you, Nick. We'll have a Chinese colleague, and after that we'll be closing discussion. Otherwise I will be declared persona non grata by the IGF Organising Committee. I just received a letter from Markus. Please.

>> REN YISHENG: Thank you very much, Mr. Chairman, for giving me the floor for the second time. I'll be very brief. First of all, I'd like to clarify. This morning we discussed issues on surveillance, so the Chinese Delegation while making the point quoted a well‑known case, but I don't know why the U.S. speaker is so sensitive to our intervention. He's not here. If he's here, he has to explain to us why he's so sensitive to that.

Secondly, the Human Rights condition situation in China is well known by the Chinese. The Chinese has every right to explain that. Other country has no right to comment on China's Human Rights. The universality of Internet in China, we have almost 600 million netizens in China, much more than the population of the U.S. We have more than 300 millions of users of social media. It's almost the same population of U.S.

Every day, people are posting things on microblogs, blogs. More than 200 million people doing that. Therefore, Chinese also enjoy a full freedom of speech, but any information shall not infringe the society. You have to abide the basic code of conduct, moral conduct, and also you are not allowed to spread any information that will harm National Security. Also, you are not allowed to spread groundless rumors online.

Last but not least, let me say one thing: Every year, U.S. Government publish Human Rights situation or status of more than 200 countries in the world. He recommend us to read that. However, he neglected one thing: The U.S. Government never published Human Rights status report of its own country, but the Chinese Government has done that for the U.S. Government, and for free.

China's state Council's information office publish annual report of U.S. Human Rights status. You're welcome to access. All the information are collected publicly from the U.S. media.

>> JOVAN KURBALIJA: ‑‑ periodical review which is useful mechanism to comparing various situations worldwide when it comes to the Human Rights as what we heard.

We are ‑‑ well, just a half Tweet.

>> ALEX COMNINOS: My name is Alex. I'm from the Internet. It seems people in this room are concerned about eaves dropping so I would just like to point out if you registered online to attend the IGF, you have leaked your personal information including date of birth, ID number or passport number, and residential address, e‑mail address, full name. So defenses against these type of things really do start at home. You can see it on the APC website, APC.org. Thank you kindly. Bye.

>> ANNE-RACHEL INNE: Thank you very much.

>> My name is Juan Carlos. I'm from Brazil. Everyone is still under the perplexity of the size and the rich of American intelligence and many are making decisions in the heart of emotion and it's this that worries me. Decisions that are taken so passionately, decisions under the scenario generally does not so passionate and generally are hurting our hearts. I'm definitely not wanting to give away any right in exchange for security. That's all.

>> JOVAN KURBALIJA: Closing the session with a poem, an artistic expression of overall discussion.

>> ANNE-RACHEL INNE: So what we're going to do right now, I think we're going to have Jovan remained us a little bit some of the points that were raised here in answering if you remember some of the questions that we had that Markus read that the session was also supposed to address.

And I would like to simply say that I think this session is one that is again Building Bridges. This is the start of discussions and I know that I've seen a few Tweets where people are saying we're not satisfied because there aren't really answers. And I don't think anybody expected really that we would have answers here this morning.

But at least conversations have started. You know, the start of a bridge is being built as Ambassador Fonseca said, one of our next meetings will be in Brazil, and that could be a place where at least some general principles could be agreed upon, and then it will be up to all of us to actually just like the other general and global principles that we have, to make sure that we adhere to those. Jovan?

>> JOVAN KURBALIJA: With the risk of confronting Twitter community which is not a wise thing to do, I have to admit that there were quite a few answers and quite a few useful insights. We heard about experiences within Brazil, quite a few suggestions.

There is agreement that there are international rules that cover these issues, and quite a few concrete suggestions how we can implement these rules, through due process checks and balances.

Therefore, I would say that I personally feel quite comfortable with advancement of our discussion, much more than expected before the session. And as you know, these problems are complex and they're so called big problems. You don't have a quick fix. There are many aspects, security, Human Rights, ethical, business that should be addressed. Markus gave us 7 questions at the beginning of the session which were questions posed through the public consultation.

And we answered all of those questions, and even added quite a few more questions. Therefore, we will be having an interesting discussion. And if I can conclude with one point with a famous quote, don't waste a crisis. It seems we're not going to waste this crisis and that at least based on your inputs and panelist inputs, there is a serious determination and responsibility to do something useful for Internet as a whole, and for humanity, first of all to avoid the situation like this one with NSA case, but also to prevent similar situations happening worldwide.

Therefore, there is an opportunity that we shouldn't miss, and I think quite a few players around the world are moving in that direction, to create space, ideas, and proposals that could make Internet even more powerful tool for enabling of the social and economic development worldwide.

Thank you.

>> MARKUS KUMMER: Let me just add a quick word: I think the discussion, A, was certainly very interesting. This is a sensitive issue on top of the agenda. And I think again, the IGF proved its value and its worth, and this kind of discussion clearly is best held in a multistakeholder setting.

And I think it will not be over and we will revisit it at the next IGF. With that, Mr. Chairman, over to you to close the meeting.

>> SETYANTO SANTOSA: Thank you, Markus. Thank you also, Madam Anne‑Rachel and Jovan, for moderating this opening discussion on emerging issues with focusing mainly on approaching the role of security, surveillance, transparency and privacy issues. If I may value this session, it's really the top of the top session of the IGF 2013. If you look at the response from the floor and also they say all the ideas.

As a piece of information that Indonesia also aware of positive impact of Internet as a means of economic development. However, it has become increasingly concerned over the impact of access of information and has demonstrated an interest in increasing its control of offensive online content, particularly pornographic and anti‑Islam online content. The government regulates such content through legal and regulatory framework and through partnership with the ISP, Internet service provider and also the Internet cafe. Meanwhile the telecommunication 99 also prohibit the wire tapping of communication necessary for obtaining evidence for criminal investigation. So ladies and gentlemen, this is my first IGF engagement, with more especially in Bali 2013 from 109 countries so let us wait for our next IGF 2014, wherever it will be held. I think we should come and really I enjoyed this familihood circumstances and it's really a kind of the spirit of multistakeholder cooperation of world community. With a statement I would like to conclude this meeting and again thank you for excellent moderating, and thank you also to our panelists and all participants for this valuable discussion. I hope you enjoy your stay in Bali, Indonesia. For those of you who will leave before the Closing Ceremony, I wish you have a pleasant and safe trip back home.

Please join me to give a big hand to all the panelists and moderators.

[ Applause ]

I return the floor to Mr. Markus Kummer.

>> MARKUS KUMMER: Nothing to add. We resume at 2:30 for the open microphone "Taking Stock" session.

[ End of session ]

For more details visit https://cis-india.org/news/igf-2013-october-25-taking-stock-emerging-issues

Taking Cognisance of the Deeply Flawed System That Is Aadhaar

praskrishna — 2017-05-19T14:52:58Z

Aadhaar and its many connotations have grown to be among the most burning issues on the Indian fore today, that every citizen aware of their rights should be taking note of.

The article by Shreyashi Roy was published in the Wire on May 10, 2017.

With the leak of 130 million Aadhaar numbers recently coming to light, several activists, lawyers and ordinary citizens are up in arms about what is increasingly being viewed as a government surveillance system. Keeping this in mind, on Tuesday, May 9, Software Freedom Law Centre India (SFLC) hosted an event that brought together a panel to clearly articulate the dangers of Aadhaar and to discuss whether the biometric identification system is capable of being reformed.

SFLC is a donor-supported legal services organisation that calls itself a protector of civil liberties in the digital age.

Titled ‘Revisiting Aadhaar: Law, Tech and Beyond’, the discussion, with several eminent personalities who have in-depth knowledge of Aadhaar and its working, threw light on the various problems that have cropped up with regard to India’s unique identification system. The discussion was moderated by Saikat Datta, policy director at Centre for Internet and Society, which published the report that studied the third-party leaks of Aadhaar numbers and other personal data.

The leaks

The discussion took off from the point of the leaks, with Srinivas Kodali, a panelist and one of the authors of the report, explaining his methodology for the study that proved that the Aadhaar database lacked the security required when dealing with private information of people. He highlighted the fact that during the course of his research, he had noticed several leaks from government websites and notified the Unique Identification Authority of India (UIDAI) about the same. Yet, at every step, UIDAI continued to deny and reject the possibility of this happening. Kodali says, however, that he had noticed that the websites that were unknowingly leaking data were, in fact, fixing the leaks after being notified without acknowledging that the leak had happened in the first place. Kodali reiterated at the discussion, as in his report, that a simple tweaking of URL query parameters of the National Social Assistance Programme website could unmask and display private information. Unfortunately, UIDAI cannot be brought to task for unknowingly leaking information because there is no such provision.

He also addressed the question of the conflict of interest that existed in the entire system of building Aadhaar, which was created by developers who later left the UIDAI and built their own private companies, monetising the mine of private information that they were sitting on. Kodali blames UIDAI for this even being allowed, since the developers, though clearly lacking ethics, were in fact, merely volunteers.

The system

One of the glaring issues with the technology behind Aadhaar is that the software is not open source. Anivar Aravind, a panelist, called it “defected by design” and “bound to fail” because not only is the technology completely untested but there are very obvious leaks that are taking place. Moreover, UIDAI does not allow any third-party audits or any other persons to look at the technology. Datta pointed to the fact that this is unheard of in other nations, where software is routinely subjected to penetration testing and hacking experts are called upon to check how secure a database is.

Anupam Saraph, another panelist and future designer, illuminated the creation of the Aadhaar database, pointing out that this is a system less about identification and more about verification. All of the verification, moreover, has been done by private parties, making the database itself suspect and leaving everyone’s private information loose at the time of enrolment. In addition, Aadhaar was meant for all residents and not just citizens. But now there is a mix of both, creating confusion in many aspects. Saraph also brought up how one rogue agency with access to all this information could pose an actual national security threat, unlike all the requests for information on breaches that the government keeps pointing fingers at. Referring to Nandan Nilekani’s statement about Aadhaar not being like AIDS, Saraph pointed out that it was exactly like it because much like the body, which cannot distinguish between an invasion and itself, the Aadhaar system is not being able to distinguish between aliens and citizens and has begun denying the latter benefits.

The Supreme Court has declared time and again that Aadhaar cannot be made mandatory, but the government continues to – in complete disregard of the apex court’s judgment – insist on Aadhaar for a multitude of schemes. More and more schemes are being made unavailable without the existence of an Aadhaar number as the government continues to function in a complete lack of cognisance of the fact that the poor are losing out on something as basic as their food because of a number. Prasanna S., an advocate and a panelist, called it a “voluntary but mandatory” system that is becoming an evidence collection mechanism. Moreover, everything is connected through this one number, making many options like financial fraud, selective treatment of citizens and other horrors possible. The collection of all this information is not dangerous, screams the government. Maybe not in the hands of this one. But what of the next? What of rogues?

The legal aspect

One of the panelists was Shyam Divan, a senior advocate of the Supreme Court, who has represented petitioners fighting against Aadhaar. Divan spoke about how along with a group of advocates he has been trying to get the apex court to rule on the issue but has been met with long queues before a ruling can be procured. He addressed the right to privacy aspect of the system and the recent declaration that the citizen does not have the absolute right to the body. He emphasised that the government cannot own the body and that for a free and democratic society, a limited government, instead of an all-knowing and all-seeing government, is essential. Unfortunately for India, there is no express right to privacy in the constitution, but that does not mean that rights can be taken away in exchange for a fingerprint. It is the government’s duty to respect privacy. For him, Aadhaar has become an instrument of oppression and exclusion, a point that Prasanna also agreed with, calling it a “systematic attack on consent”.

There is complete agreement that there has been a railroading of consent in this entire matter if Aadhaar being passed forcibly through the Lok Sabha as a money bill is anything to go by. If parliament’s consent can be disregarded in that fashion, what is an ordinary citizen to do in the face of this complete imbalance of power in the state’s hand?

Usha Ramanathan, a legal researcher and a long-time critic of Aadhaar, spoke about how India has turned into a state where there are more restrictions than fundamental rights, rather than the other way around. She related how there was no clarity at the beginning of Aadhaar of how it would be a card or a number and was never a government project in the first place. This is a private sector ambition that the government has jumped on board with, without considering that the private sector does not concern itself with civil liberties. As other panelists also pointed out, the private sector cannot and will not protect public interest. This is the job of the government, especially in an age of digitisation. But Aadhaar compromises the ability of the state to stand up for its citizens.

With June 30 approaching fast, many of those who have so far abstained from enrolling in the system are considering giving up their rebellion and going like sheep to get themselves registered in the database. In the words of Divan, they will have to “volunteer compulsorily for an Aadhaar”. The government is probably counting on this. Turning to the Supreme Court has been of no help, although a verdict can be hoped for in a couple of weeks. But what can we do if they rule for the government?

Some of the panelists are on board with the idea of a civil disobedience movement, a kind of a rebellion against Aadhaar. Some suggested thinking of out-of-the-box ways to register one’s protest and dissent against what is clearly becoming the architecture of a surveillance state. Saraph was particularly vehement about the need to completely destroy the Aadhaar database – “shred it”.

What all the panelists emphasised repeatedly was that there can be no improvements to a system that is so deeply flawed and that has had so many “teething problems” that are making millions suffer. The main takeaway from the discussion was that Aadhaar must see a speedy demise because it cannot be saved and cannot persist in its current state.

For more details visit https://cis-india.org/internet-governance/news/the-wire-may-10-2017-shreyashi-roy-taking-cognisance-of-the-deeply-flawed-system-that-is-aadhaar

Symposium on Human Rights and the Internet in India

praskrishna — 2015-02-07T00:50:00Z

On January 17, 2015 the Center for Communication Governance at National Law University, Delhi in collaboration with the UNESCO Chair on Freedom of Communication and Information at the University of Hamburg hosted a pubic symposium on “Human Rights and Internet in India” as a Network of Centers (NoC) regional event. Bhairav Acharya was a panelist.

See the concept note here.

The event convened a diverse group of collaborators working on issues of Privacy, Surveillance, Data Protection, Freedom of Expression and Intermediary Liability in India, the surrounding region, and internationally.

Agenda | Saturday, January 17 | Public Symposium

Opening words
Prof. (Dr.) Ranbir Singh, Vice Chancellor, National Law University, Delhi
Prof. (Dr.) Wolfgang Schulz, Director, Alexander von Humboldt Institute for Internet & Society

17:45 – 19:00 Panel I: Surveillance & Databases: Experiences & Privacy
The panel will explore how surveillance in India might become more consistent with international human rights standards and Indian constitutional values. It will also discuss the consequences of ubiquitous database programs for citizens’ human rights. This will include comparative perspectives around similar problems and a discussion of privacy-compatible practices in other countries.

Panelists:
Dr. Usha Ramanathan, Independent Law Researcher

Mr. Bhairav Acharya, Lawyer, Supreme Court of India and Adviser Centre for Internet & Society, Bangalore

Mr. Saikat Datta, Editor (National Security), Hindustan Times

Professor KS Park, Former Commissioner, Korea Communications Standards Commission and Professor, Korea University Law School

19:00 – 20:15 Panel II: Unpacking the Intermediary Liability Debate in India
The panel will focus on the legal framework governing Internet platforms in India, especially with regard to online content and its implications for rights of the citizens. It has been argued that the current legal framework creates incentives for online intermediaries to take down content even when no substantive notice or legitimate reasons have been offered. The panel will consider the debate around intermediary liability in India in light of the ongoing litigation at the Supreme Court. It will reflect on the international experience with intermediary liability legislation and discuss how to ensure that laws support an innovative and competitive environment for intermediaries, while ensuring that they prioritize the preservation of their users’ human rights.

Panelists:
Dr. Joris van Hoboken, Fellow, Information Law Institute at NYU School of Law

Professor (Dr.) Wolfgang Schulz, Director, Alexander von Humboldt Institute for Internet & Society (HIIG)

Mr. Raman Jit Singh Chima, Lawyer

Chinmayi Arun and Sarvjeet Singh, Centre for Communication Governance at National Law University, Delhi

For more details visit https://cis-india.org/internet-governance/news/symposium-on-human-rights-and-internet-in-india

Symposium on Data Privacy and Citizen's Rights

Admin — 2018-09-18T15:18:37Z

Shweta Mohandas was a panelist at the Symposium on Data Privacy and Citizen's Rights on September 9, 2018. The Symposium was organised by the Tech Law Forum of NALSAR University of Law, Hyderabad.

Concept Note

The National Academy of Legal Studies and Research (NALSAR) University of Law, Hyderabad is organising a Symposium on DATA PRIVACY AND CITIZEN’S RIGHTS to provide multiple stakeholders one platform to discuss and deliberate on the BN Srikrishna Committee Report and Draft Bill.

The Committee headed by Retd. Justice BN Srikrishna released its Report and Draft Bill on the 27th of July, 2018. It comes at a time when there is increasing discussion about the individual privacy and surveillance by both private organisations and state authorities. Especially in light of the 9-judge Puttaswamy judgment affirming the Fundamental Right to Privacy, there was a need to concretise the right in the form of a statute. The Bill proposes an elaborate data protection framework by utilising concepts such as anonymisation, pseudonymisation, data localisation, guardian data fiduciary, among others. While the Bill has been lauded for providing a data protection framework largely similar to the one proposed by civil society, there are several areas of concern with the Bill such as the amendments suggested to the RTI Act, the impact of the Bill on Free Speech and the lack of substantial provisions regarding surveillance. There has been further criticism that the discussions regarding these issues have been conducted in silos, with little to no dialogue taking place between the various stakeholders and experts in the field.

We believe that there is a need to provide a common forum for these stakeholders to interact with each other in providing suggestions that are representative in nature and nuanced in their expression.

Themes

Privacy and Free Speech This interaction aims to examine the juxtaposition of the constitutional right to free speech and the now constitutionally affirmed right to privacy. Will a new data protection law impact the publication of leaked documents or sting operations like the Radia tapes or Tehelka’s ‘Operation Westend’? If so, how can journalists mitigate the risk of getting sued for breach of privacy? While the jurisprudence concerning the right to privacy is in its most nascent state, it becomes important for us to explore its contours in light of already established constitutional guarantees.

Right to Information and Right to Privacy How does the right to privacy impact the right to information? The guarantee of these two rights arise from diametrically opposite ideologies, in that privacy aims to shield from the public domain information and data concerning individuals and institutions while the right to information aims to promote transparency and disclosure of information held by the state. However, the question remains, is the existence of these two rights necessarily mutually exclusive? Will a new data protection law make it difficult to promote transparency under the Right to Information Act? Is there is a possibility of a clash between the Information Commissions and the proposed Data Protection Authority? This panel would analyze the co-existence and competitive nature of these two rights in the context of the Indian legal space.

Surveillance - As we move towards a form of governance that is increasingly capable of surveilling individual movements and actions, it becomes extremely necessary for us to understand the nature of surveillance. Can data privacy be compromised for surveillance that may be necessary for increased safety in our physical and virtual living spaces? Are there any provisions that protects data in cases of it becoming exploitable? What is the interaction of international statutes (like ICCPR) and the latest Indian statute in terms of its recognition of necessity of surveillance in contrast to the necessity of protection of data.

For more details visit https://cis-india.org/internet-governance/news/symposium-on-data-privacy-and-citizens-rights

Syllabus: “Policy and regulation conducive to rapid ICT sector growth in Myanmar: An introductory course”

praskrishna — 2013-10-24T03:56:31Z

A five-day course is being offered by LIRNEasia in collaboration with Myanmar ICT Development Organization, with support from the Open Society Foundation and the International Development Research Centre of Canada in Myanmar from September 28 to October 5, 2013.

Sunil Abraham will be supporting Prof. Samarajiva on the last optional day of this course in Yangon. Read about the Introductory course on “Policy and regulation conducive to rapid ICT sector growth in Myanmar”

Goal

To enable members of Myanmar civil-society groups (including academics and those from the media) to marshal available research and evidence for effective participation in policy and regulatory processes, thereby improving policy processes and helping achieve the government’s objective of providing ICT access to all.

Outcomes

The objective of the course is to produce discerning and knowledgeable consumers of research who are able to engage in an informed manner in ICT policy and regulatory processes in Myanmar. The course will benefit those working in government and operators as well.

At the end of the course attendees will:

Have an understanding of telecom policy and regulatory processes
Be able to find and assess relevant research & evidence
Be able to summarize the research in a coherent and comprehensive manner
Have the necessary tools to improve their communication skills

- Have some understanding of how media functions and how to effectively interact with media

Assignments

Participants will be formed into teams on Day1. Each group will work on an assignment that addresses both substantive and procedural aspects of law, policy and regulation. Teams will be assigned topic areas that are being developed into regulations under the new Act. They will have to make presentations on what the desirable provisions should be. We will emphasize the procedural aspects as well as the substantive. Disciplined and focused team presentations, preferably using slides, are required.

It is necessary to use the Internet for the assignments. All who have laptops are encouraged to bring them. Arrangements will be made for Internet connectivity at the hotel.

Tentative topic areas

Licensing and authorization regulations
Essential facilities and anti-competitive practices
Universal service policy
Price and quality regulation
Independence of regulatory agency

Course schedule

	Day 1 (September 28)	Day 2 (September 29)	Day 3 (September 30)	Day4 (October 1)	Day 5 (October 2) (optional)
09:00-10:30	S1 Introduction to course: What have been the results of reform & rationale for regulation. Rohan Samarajiva (RS)	S5 Regulatory legitimacy, including procedural legitimacy (RS)	S10 Challenges of monitoring complex license commitments (HG)	S14 How does the Internet work? (TBA)	S16 Internet governance The big picture. Sunil Abraham (SA)
10:30-11:00	Break	Break	Break	Break
11:00-12:00	S2 Interrogating supply-side indicators & research based on them. Helani Galpaya (HG)	S6 Current status of telecom law and policy in Myanmar (RS)	S11 How evidence is used in policy & regulation (panel discussion, KS, RS	S15 The art of media interaction (RS)	S17 Economic & technical interface with telecom industry (RS)
12:00-13:00	S3 Finding information on the web. Roshanthi Lucas Gunaratne (RLG)	S7 Presenting evidence in slides & written submissions (HG)	S12 Essential facilities and anti-competitive practices (RS)	A3 Mock public hearing (RS & panel)	S18 How Internet is governed within India (SA)
13:00-14:00	Lunch	Lunch	Lunch	Lunch
14:00-15:00	A1 Group formation; Assignment explained (HG and RLG)	S8 Licensing and authorization (RS)	A2 Midpoint check on assignment/group work (HG and RLG)	A4 Mock public hearing & critique (RS & panel)	S19 Content regulation (TBA)
15:00-15:30	Break	Break	Break
15:30-17:00	S4 Demand-side research (RS)	S9 Price and quality regulation (RS & HG)	S13 Universal service subsidies: Theory & practice (RS & KS)	Reflection on the course	S20 Surveillance & privacy (SA & RS)
17:00	Group work	Group work	Group work
19:00	Welcome dinner Speaker: TBA

Faculty

Sunil Abraham is the Executive Director of CIS. He is also a social entrepreneur and Free Software advocate. He founded Mahiti in 1998 which aims to reduce the cost and complexity of Information and Communication Technology for the Voluntary Sector by using Free Software. Today, Mahiti employs more than 50 engineers and Sunil continues to serve on the board as a board member. Sunil was elected an Ashoka fellow in 1999 to 'explore the democratic potential of the Internet' and was granted a Sarai FLOSS fellowship in 2003. Between June 2004 and June 2007, he managed the International Open Source Network, a project of the UNDP's Asia-Pacific Development Information Programme serving 42 countries in the Asia-Pacific region. Between September 2007 and June 2008, he also managed ENRAP, an electronic network of International Fund for Agricultural Development projects in the Asia-Pacific facilitated and co-funded by International Development Research Centre, Canada.

Helani Galpaya is LIRNEasia’s Chief Executive Officer. Helani leads LIRNEasia’s 2012-2014 IDRC funded research on improving customer life cycle management practices in the delivery of electricity and e-government services using ICTs. She recently completed an assessment of how the poor in Bangladesh and Sri Lanka use telecenters to access government services. For UNCTAD and GTZ she authored a report on how government procurement practices can be used to promote a country’s ICT sector and for the World Bank/InfoDev Broadband Toolkit, a report on broadband strategies in Sri Lanka. She has been an invited speaker at various international forums on topics ranging from m-Government to ICT indicators to communicating research to policy makers. Prior to LIRNEasia, Helani worked at the ICT Agency of Sri Lanka, implementing the World-Bank funded e-Sri Lanka initiative. Prior to her return to Sri Lanka, she worked in the United States at Booz & Co., Marengo Research, Citibank, and Merrill Lynch. Helani holds a Masters in Technology and Policy from the Massachusetts Institute of Technology, and a Bachelor’s in Computer Science from Mount Holyoke College, USA.

Roshanthi Lucas Gunaratne is a Research Manager at LIRNEasia and is currently managing the Ford Foundation Funded project on Giving Broadband Access to the Poor in India. She is also contributing to the IDRC Customer Lifecycle Management Practices Project by conducting research on customer lifecycle management practices in telecommunication sector in Bangladesh. Before joining LIRNEasia, Roshanthi worked at the Global Fund to fight AIDS, Tuberculosis and Malaria, Geneva, Switzerland as a Strategic Information Officer. She contributed to the process of defining the Global Fund Key Performance Indicators, and also worked on improving the performance measurements of their grants. Prior to that, she worked as a telecom project manager at Dialog Telecom, and Suntel Ltd in Sri Lanka. As Suntel she managed the design and implementation of corporate customer projects. She holds a MBA from the Judge Business School, University of Cambridge, UK and a BSc. Eng (Hons) specializing in Electronics and Telecommunication from the University of Moratuwa, Sri Lanka.

Rajat Kathuria, PhD

Rohan Samarajiva, PhD, is founding Chair of LIRNEasia, an ICT policy and regulation think tank active across emerging Asian and Pacific economies. He was Team Leader at the Sri Lanka Ministry for Economic Reform, Science and Technology (2002-04) responsible for infrastructure reforms, including participation in the design of the USD 83 million e-Sri Lanka Initiative. He was Director General of Telecommunications in Sri Lanka (1998-99), a founder director of the ICT Agency of Sri Lanka (2003-05), Honorary Professor at the University of Moratuwa in Sri Lanka (2003-04), Visiting Professor of Economics of Infrastructures at the Delft University of Technology in the Netherlands (2000-03) and Associate Professor of Communication and Public Policy at the Ohio State University in the US (1987-2000). Dr. Samarajiva was also Policy Advisor to the Ministry of Post and Telecom in Bangladesh (2007-09).

Koesmarihati Sugondo

Resource Material

infodev, ICT regulation toolkit. http://www.ictregulationtoolkit.org/en/Index.html

infoDev. Broadband strategies toolkit. http://broadbandtoolkit.org/en/toolkit/contents

infoDev (2011). Tenth anniversary telecom regulation handbook. http://www.infodev.org/En/Publication.1057.html

ITU (2011). The role of ICT in advancing growth in least developed countries: Trends, challenges and opportunities. Geneva: ITU. http://www.itu.int/ITU-D/ldc/turkey/docs/The_Role_of_ICT_in_Advancing_Growth_in_LDCs_Trends_Challenges_and_Opportunities.pdf

Samarajiva, Rohan (2000). The role of competition in institutional reform of telecommunications: Lessons from Sri Lanka, Telecommunications Policy, 24(8/9): 699-717. http://www.comunica.org/samarajiva.html

Samarajiva, Rohan (2002). Why regulate?, chapter 2 of Effective regulation: Trends in Telecommunication Reform 2002. Geneva: International Telecommunication Union.

Samarajiva, Rohan (2006). Preconditions for effective deployment of wireless technologies for development in the Asia-Pacific, Information Technology and International Development, 3(2): 57-71. http://itidjournal.org/itid/article/view/224/94

Samarajiva, Rohan & Zainudeen, Ayesha (2008). ICT infrastructure in emerging Asia: Policy and regulatory roadblocks, New Delhi & Ottawa: Sage & IDRC http://www.idrc.ca/en/ev-117916-201-1-DO_TOPIC.html

For more details visit https://cis-india.org/news/policy-and-regulation-conducive-to-rapid-ict-growth-in-myanmar

Surveillance: Privacy Vs Security

praskrishna — 2013-08-19T05:32:55Z

The Foundation for Media Professionals is organizing a debate at the India International Centre, New Delhi on August 17, 2013. Shri Kapil Sibal will give the opening speech. Natgrid chief Raghu Raman is one of the debaters. Pranesh Prakash is participating in this event as a panelist.

This was published by the Foundation for Media Professionals on their website. Also read the blog post by Vivian Fernandes and Ninglun Hanghal.

In the backdrop of the recent disclosures by US defense contractor Edward Snowden about the activity of the National Security Agency (NSA) and reports that NSA may have collaborated with India on surveillance program in the country that have raised concerns about privacy and right of citizens, Foundation for Media Professionals (FMP) in partnership with Friedrich Ebert Stiftung (FES) invited Pranesh Prakash to a panel discussion on "Surveillance: Privacy vs. Security".

Guest Speaker
Kapil Sibal, Union Minister for Communications and Information Technology, Govt. of India

Panelists

Pranesh Prakash, Policy Director, Centre for Internet and Society

Dr. Usha Ramanathan, Independent Law Researcher
Saikat Datta, Resident Editor, DNA
Capt. Raghu Raman, National Intelligence Grid (Natgrid)

Moderator

Paranjoy Guha Thakurta

For more details visit https://cis-india.org/news/foundation-for-media-professionals-august-17-2013-surveillance-privacy-v-security

Centre for Internet and Society

The (in)Visible Subject: Power, Privacy and Social Networking

Bookmark & Share:

Document Actions

That’s the unkindest cut, Mr Sibal

Ten Indian government agencies can now snoop on people’s internet data

Extending powers under and old law

The new powers could be illegal

VPN use expected to rise in India

Technology in Government and Topics in Privacy

Abstract of the Talk

Malavika Jayaram

Technological Protection Measures in the Copyright (Amendment) Bill, 2010

Implications: The Good Part

Implications: The Bad Part

Uncertainties

On "shall maintain" and penalties

On "facilitating" and remoteness

More uncertainties

On "purpose" as a criterion in 65A(2)(a)

Conclusion

Tech companies like Gmail, WhatsApp may be asked to store user information

Tata Photon unblocks Wordpress.com

Targeting surveillance

Talk by Anubha Sinha on Open Access in JNU

Taking Stock: Emerging Issues - Internet Surveillance

Taking Cognisance of the Deeply Flawed System That Is Aadhaar

Symposium on Human Rights and the Internet in India

Agenda | Saturday, January 17 | Public Symposium

Symposium on Data Privacy and Citizen's Rights

Concept Note

Syllabus: “Policy and regulation conducive to rapid ICT sector growth in Myanmar: An introductory course”

Goal

Outcomes

Assignments

Course schedule

Faculty

Resource Material

Surveillance: Privacy Vs Security