Centre for Internet and Society

Introduction: About the Privacy and Surveillance Roundtables

manoj — 2014-11-27T13:34:56Z

The Privacy and Surveillance Roundtables is a Centre for Internet and Society (CIS) initiative, in partnership with the Cellular Operators Association of India (COAI), as well as local partners. The Roundtable will be closed-door deliberation involving multiple stakeholders. Through the course of these discussions we aim to deliberate upon the current legal framework for surveillance in India, and discuss possible frameworks for surveillance in India.

The provisions of the draft CIS Privacy Bill 2013, the International Principles on the Application of Human Rights to Communication Surveillance, and the Report of the Group of Experts on Privacy will be used as background material and entry points into the discussion. The recommendations and dialogue from each roundtable will be compiled and submitted to the Department of Personnel and training.

The third Privacy and Surveillance Roundtable was held in New Delhi at the India International Centre by the Centre for Internet and Society in collaboration with the Cellular Operators Association of India and Vahura, legal Partner on the 1^st of September, 2014.

The aim of the discussion was to gain inputs on what would constitute an ideal surveillance regime in India working with theCIS Draft Privacy Protection Bill, the Report of the Group of Experts on Privacy prepared by the Justice Shah committee, and the International Principles on the Application of Human Rights to Communications Surveillance.

Background and Context: Privacy and Surveillance in India

The discussion began with the chair giving an overview of the legal framework that governs communications interception under Indian Law in the interest of the participants since many were there for the first time.

The legal system to govern the manner in which communications are intercepted in India are defined under three main acts

1. Interception of Telephonic Calls : The Telegraph Act 1885

2. Interception of Posts : The Indian Post Office Act,1898

3. Interception of Electronic communication like e-mails etc :The IT Act, 2000

While the interception of postal mail is governed by Section 26 of the Post Office Act, 1898, the interception of modern forms of communication that use electronic information and traffic data are governed under Sections 69 and 69B of the Information Technology Act, 2000, while interception of telephonic conversations are governed by section 5(2) of the Indian Telegraph Act 1885 and subsequent rules under section 419A.

The main discussion of the meeting revolved around the Telegraph Act since it is the main Act which covers the interception of telecommunications. In 1968 the 30th Law Commission Report studying Section 5(2) of this Act came to the conclusion that the standards in the Act may be unconstitutional given factors such as 'public emergency' & 'public safety' were too wide in nature and called for a relook at the provision.

Objective of Round Table Meetings

The objective of the round table meetings is to, be prepared with the proposals on the Privacy Bill which the new government intends to split into separate Bill for Surveillance and Data privacy. Thus these submissions once out in the public domain would further deliberate more discussion and shape the course of the Bill.

Discussion

Authorisation

The chair initiated the discussion continuing from the last meeting about the two models of authorisation for Interception 1. The Judiciary & 2. The Executive

The chair explained why the earlier proposed Judiciary based model, based on the efficient experience of separation of power, would not fit into the Indian context. The main reason for this being that the lower judiciary in India is not competent enough to take decisions of this nature. Providing examples, the chair explained how in many cases the lower Judiciary overlooks essential human rights in their decisions, and such rights are only addressed when the case is appealed in Higher courts. While participants felt that High Court judges would be favourable, it was expressed that the immense backlog at the High Court level and the lack of judges is a challenge and risks being inefficient. Thus an additional responsibility for the High Court would not be a feasible model. Furthermore, adopting a judicial based model would mean that the existing model of executive would need to be entirely replaced. Owing to these practical implementation issues consensus was built over adoption of the existing executive model, but with more safeguards.

Safeguards proposed:

1. A redressal tribunal: Establishing a tribunal for the redressal of interception complaints. The tribunal could be a non-active body. Such a model would be different from other models adopted around the world - for example e in UK a designated tribunal suo-motu reviews cases on a regular basis. The tribunal could also have judicial review authority, to which one of the participants raised an issue that the tribunals usually will not have the power of Judicial review, however the chair assured him that the delegation of Judicial review to a tribunal does exist in Indian law.

2. A review commission: Establishing a commission to review the interceptions carried out on the orders of home secretary. For such an overseeing body, the commissioner should be appointed independently. The commissioner must be a Judge or a senior Lawyer and should report to the Parliament.

Content data and Metadata

In the next session the chair explained the difference between content data and metadata while initiating discussion on provisions addressing them in the proposed Bill. Content data, also called as payload data, is the actual content of the communication which takes place between X and Y.

Example 1: In the VOIP call the voice is packetized and sent in different packets to the destination, the content of that packet is the content data whereas the information of this content i.e the header, footer and checksum of the packet is the metadata.

Example 2: In the serial communication of the normal phone call the content data will be what the communication happened between two or more people over the call and the metadata will be who were involved in the call, on what date and time the call was made from which place, and under which tower.

It was noted that generally it is easier to intercept metadata than content data. In the proposed bill, section 2 (C) refers to the definition of content data and section 2(E) to metadata.

Participants also pointed out that often it is with metadata that concerned governmental authorities are able to carry out tracking. Thus, when determining procedural safeguards for surveillance - and specifically for interception - the question of whether or not content data and meta data should be treated the same under law must be addressed. Participants suggested looking into German laws, which have procedure to deal with this question. Despite differences over the exact level of protection meta data should legally be afforded, participants agreed that a higher authority should be responsible for the interception, collection, and access to metadata and content data.

In India, because the existing legal framework in India has different standards for different modes of communication, it is proposed that a uniform legal framework be created by harmonizing the three Acts through amendments or overriding existing legislation regulating surveillance in India, and establishing a new framework under a Privacy legislation.

Big Data, Cloud & OTT

In this session a participant raised the issue of Big data and Cloud services, and asked whether the CIS Privacy Protection Bill or the draft Privacy Bill from the government addresses this issue. This question was of particular relevance because a number of the cloud data centres are located in locations outside India. Thus a question of jurisdiction arises. The participant opined that in the coming years and with the new government's vision to have space for every citizen in cloud and data localisation being priority, he stressed that the Bill should clearly address issues related to the cloud, big data, outsourcing, and questions of jurisdiction. Responding to this the chair was of the view that the crimes committed outside the territory of India come under Extra-territorial law, section 4 of IPC and Section 188 Cr. P.C. But it was noted that due to the fact that the crime is committed outside the territory of India, despite the provision, it is practically not implementable unless there is a contract between countries or a treaty signed. The solution could be data localisation, hosting the cloud servers in India, but that again has its own pros & cons. In response participants indicated that if a choice had to be made about data localization - the best option would be one that would be economical for Indian business and the government.

OTT (Over the Top) Services

Another participant brought to the notice of the meeting that most of the networks of service provider's are adopting IP (Internet Protocol). In the context of surveillance, this means that for an interception to take place, Deep Packet Inspection (DPI) must be adopted by service providers. This is currently placing a burden on service providers, as it is costly and the connection time of the calls for the number under surveillance increases - though not enough to be noticed by customers.

Telephone Tapping Process

In India the process of intercepting telephones can be broken down into the following three steps:

1. Authorization

a. The Home Secretary issues an authorization for an interception request.

b. The Authorization is handed over to Police Officer in charge of the investigation.

c. The Police Officer serves the order to the nodal officer in the relevant service provider.

2. The service provider conducts the interception.

3. The intercepted data is handed over to the Police officer.

Under Rule 419A, a committee to review the authorization exists, comprising of officials such as the Cabinet Secretary, Secretary of the Department of Telecommunications, Secretary of the Department of Law and Justice and the Secretary of Information Technology and Communication ministry at the Centre and the Chief Secretary, the Law Secretary and an officer not below the rank of a Principal secretary at the State level.

Since the current infrastructure of telecom and broadband is with private service providers, the government is dependent on service providers to carry out surveillance. As national security is a concern of the government and because in the past intercepted material has been leaked by various sources, the government has proposed to replace the existing system. In this regard the government has proposed to set up a Central Monitoring System (CMS) for the interception of voice and data communications.

It is proposed that the CMS infrastructure will be positioned at the service provider's facilities, and will allow governmental agencies to directly intercept traffic on the network of service providers - thus there would no longer be a need for the government to reply on service providers to carry out interception requests. During the meeting it was discussed how this system has pros & cons

Pros

1. For private companies it eliminates an entire level of compliance.

2. It will reduce the possibility of unlawful, extra legal, & fraudulent authorizations of interception requests.

3. The interception carried out would be maintained in a log, which would clearly recorded, making the interception process becomes accountable.

Cons

1. Even though the existing system gives room for leaks, ironically it is the only way through which a person who is tapped will come to know, hence accounting for some transparency eg: Nira Radia & Amar Singh phone Tap case.

2. CMS will be built upon an existing interception framework, which is not procedurally fair - because of issues such as Internal Authorization, Adhoc procedure, that it is not under the ambit of RTI etc. This will result in a system with no transparency and accountability.

To this last point the Chair noted that in 2011 there were 7.5 Lakh phone taps by a single agency which was reportedly illegal. In an attempt to minimize such brazen violations a Privacy Bill is mooted and the round table conference is a step towards making it possible.

Immunity to TSP's & ISP's

Participants also raised the issue of difficulties that TSPs face while engaged in the process of interception, as they are caught between the customers and government authorities and subjected to harassment sometimes. This places service providers in a position where they must often make a number of compromises as they are expected to store traffic data for a specified period of time, but sometimes a judge might ask for access to data that is dated past the specific retention period. In such a scenario, service providers must provide it by accessing backup data.

The question of who should be the custodian of intercepted data was raised by participants as well as who should be held accountable if intercepted data is leaked into the public domain. The chair responded that the officers investigating the case should be held accountable for the intercepted data. This would be analogous to the system under the Right to Information Act whereby the Information officer is named and held accountable for the data or information he provides. Similarly, for the case of intercepted material, an officer should be named and held accountable for the data and ensuring that it reaches those that it is legally intended to.

It was also expressed that a market regulator, responsible for the safeguarding the interest of communication service providers, could be appointed for handling the personal data. Such a role could be merged with the traditional role of a Data Protection Authority and could be the first step towards an information security and assurance regime.

Legal immunity given to service providers was also discussed, as there was a general concern about the position service providers find themselves in - being held legally liable for not complying with orders from the government and being taken to court by citizens.

Format of Interception Orders and Interception as a service

A question was also posed to participants about what information ideally - apart from the intended duration of the order - should be incorporated into interception orders. Participants suggested that the order should be as specific and precise as possible, which the existing format to a large extent confirms. On the topic, a participant noted that in some cases, despite DoPT guidelines, interception orders are issued in regional languages. This can pose as a problem as the nodal officer might not know the language, thus leading to possible ambiguity & misinterpretation of the order. Participants suggested that orders should be in English.

Participants also pointed out that in most European countries - like France and Italy - a fee for the compliance cost arising out of implementing an interception order is paid to service providers by the government. In India, huge costs are involved in carrying out interceptions which service providers presently have to bare. As law enforcement and security agencies ask for more and more accuracy in surveillance, the charges of carrying out surveillance. To address this, participants suggested that interception as a service should be accommodated in the proposed Bill.

Conclusion

The discussions in the Surveillance and Privacy Roundtable in New Delhi mainly revolved around the authorization model and the process of interception. Overall, participants agreed on an organised executive model with an established accountability and review system. Also discussed was how to ensure that service providers are legally protected from disproportionate and unwarranted penalties. Towards this, the interception process should be viewed as a service rather than an obligation.

For more details visit https://cis-india.org/internet-governance/blog/introduction-about-the-privacy-and-surveillance-roundtables

Privacy, security and surveillance: tackling international dilemmas and dangers in the digital realm

praskrishna — 2014-12-15T12:56:49Z

Pranesh Prakash was a panelist in the session "Beyond the familiar: how do other countries deal with security and surveillance oversight?" The event was organized by Wilton Park between November 17 and 19, 2014.

Complete details of the programme can be accessed here.

For more details visit https://cis-india.org/internet-governance/news/wilton-park-november-17-19-privacy-security-surveillance

Privacy vs. Transparency: An Attempt at Resolving the Dichotomy

sunil — 2015-03-08T06:26:21Z

The right to privacy has been articulated in international law and in some national laws. In a few countries where the constitution does not explicitly guarantee such a right, courts have read the right to privacy into other rights (e.g., the right to life, the right to equal treatment under law and also the right to freedom of speech and expression).

With feedback and inputs from Sumandro Chattapadhyay, Elonnai Hickok, Bhairav Acharya and Geetha Hariharan. I would like to apologize for not providing proper citation to Julian Assange when the first version of this blog entry was published. I would also like to thank Micah Sifry for drawing this failure to his attention. The blog post originally published by Omidyar Network can be read here. Also see http://newint.org/features/2015/01/01/privacy-transparency/

In other countries where privacy is not yet an explicit or implicit right, harm to the individual is mitigated using older confidentiality or secrecy law. After the Snowden affair, the rise of social media and the sharing economy, some corporations and governments would like us to believe that “privacy is dead”. Privacy should not and cannot be dead, because that would mean that security is also dead. This is indeed the most dangerous consequence of total surveillance as it is technically impossible to architect a secure information system without privacy as a precondition. And conversely, it is impossible to guarantee privacy without security as a precondition.

The right to transparency [also known as the right to information or access to information] – while unavailable in international law – is increasingly available in national law. Over the last twenty years this right has become encoded in national laws – and across the world it is being used to hold government accountable and to balance the power asymmetry between states and citizens. Independent and autonomous offices of transparency regulators have been established. Apart from increasing government transparency, corporations are also increasingly required to be transparent as part of generic or industry specific regulation in the public interest. For instance, India’s Companies Act, 2013, requires greater transparency from the private sector. Other areas of human endeavor such as science and development are also becoming increasingly transparent though here it is still left up to self-regulation and there isn’t as much established law. Within science and research more generally, the rise of open data accompanied the growth of the Open Access and citizen science movement.

So the question before us is: Are these two rights – the right to transparency and the right to privacy – compatible? Is it a zero-sum game? Do we have to sacrifice one right to enforce the other? Unfortunately, many privacy and transparency activists think this is the case and this has resulted in some conflict. I suggest that these rights are completely compatible when it comes to addressing the question of power. These rights do not have to be balanced against one another. There is no need to settle for a sub-optimal solution. Rather this is an optimization problem and the solution is as follows: privacy protections must be inversely proportionate to power and as Julian Assange says transparency requirements should be directly proportionate to power.[*]

In most privacy laws, the public interest is an exception to privacy. If public interest is being undermined, then an individual privacy can be infringed upon by the state, by researchers, by the media, etc. And in transparency law, privacy is the exception. If the privacy of an individual can be infringed, transparency is not required unless it is in the public interest. In other words, the “public interest” test allows us to use privacy law and transparency law to address power asymmetries rather than exacerbate them. What constitutes “public interest” is of course left to courts, privacy regulators, and transparency regulators to decide. Like privacy, there are many other exceptions in any given transparency regime including confidentiality and secrecy. Given uneven quality of case law there will be a temptation by the corrupt to conflate exceptions. Here the old common-law principle of “there is no confidence as to the disclosure of iniquity” – which prevents confidentiality law from being used to cover malfeasance or illegality – can be adopted in appropriate jurisdictions.

Around 10 years ago, the transparency movement gave birth to yet another movement – the open government data movement. The tension between privacy and transparency is most clearly seen in the open government data movement. The open government data movement in some parts of the world is dominated by ahistorical and apolitical technologists, and some of them seem intent on reinventing the wheel. In India, ever since the enactment of the Right to Information Act, 2003, 30 transparency activists are either killed, beaten or criminally intimidated every year. This is the statistic from media coverage alone. Many more silently suffer. RTI or transparency is without a doubt one of the most dangerous sectors within civil society that you could choose to work in. In contrast, not a single open data activist has ever been killed, beaten or criminally intimidated. I suspect this is because open data activists do not sufficiently challenge power hierarchies. Let us look a little bit closely at their work cycle. When a traditional transparency activist asks a question, that is usually enough to get them into trouble. When an open data activist publishes an answer [a dataset nicely scrubbed and machine readable, or a visualization, or a tool] they are often frustrated because nobody seems interested in using it. Often even the activist is unclear what the question is. This is because open data activist works where data is available. Open data activists are obsessed with big datasets, which are easier to find at the bottom of the pyramid. They contribute to growing surveillance practices [the nexus between Internet giants, states, and the security establishment] rather that focusing on sousveillance [citizen surveillance of the state, also referred to as citizen undersight or inverse surveillance]. They seem to be obsessed only with tools and technologies, rather than power asymmetries and injustices.

Finally, a case study to make my argument easier to understand – Aadhaar or UID, India’s ambitious centralized biometric identity and authentication management system. There are many serious issues with its centralized topology, proprietary technology, and dependence on biometrics as authentication factors – all of which I have written about in the past. In this article, I will explain how my optimization solution can be applied to the project to make it more effective in addressing its primary problem statement that corruption is a necessary outcome of power asymmetries in India.

In its current avatar – the Aadhaar project hopes to assign biometric-based identities to all citizens. The hope is that, by doing authentication in the last mile, corruption within India’s massive subsidy programmes will be reduced. This, in my view, might marginally reduce retail corruption at the bottom of the pyramid. It will do nothing to address wholesale corruption that occurs as subsidies travel from the top to the bottom of the pyramid. I have advocated over the last two years that we should abandon trying to issue biometric identities to all citizens, thereby making them more transparent to the state. Let us instead issue Aadhaar numbers to all politicians and bureaucrats and instead make the state more transparent to citizens. There is no public interest in reducing privacy for ordinary citizens – the powerless – but there are definitely huge public interest benefits to be secured by increasing transparency of politicians and bureaucrats, who are the powerful.

The Indian government has recently introduced a biometric-based attendance system for all bureaucrats and has created a portal that allows Indian citizens to track if their bureaucrats are arriving late or leaving early. This unfortunately is just bean counting [for being corrupt and being punctual are not mutually exclusive] and public access to the national portal was turned off because of legitimate protests from some of the bureaucrats. What bureaucrats do in office, who they meet, and which documents they process is more important than when they arrive at or depart from work. The increased transparency or reduced privacy was not contributing to the public interest.

Instead of first going after small-ticket corruption at the bottom of the pyramid, maximization of public interest requires us to focus on the top, for there is much greater ROI for the anti-corruption rupee. For example: constructing a digital signature based on audit trails that track all funds and subsidies as they move up and down the pyramid. These audit trails must be made public so that ordinary villagers can be supported by open data activists, journalists, social entrepreneurs, and traditional civil society in verification and course correction.

I hope open data activists, data scientists, and big data experts will draw inspiration from the giants of the transparency movement in India. I hope they will turn their attention to power, examine power asymmetries and then ask how the Aadhaar project can be leveraged to make India more rather than less equal.

Videos

Open Up? 2014: Risky Business: Transparency, Technology, Security, and Human Rights

Open Up? 2014: Data Collection and Sharing: Transparency and the Private Sector

The videos can also be watched on Vimeo:

[*].http://prospect.org/article/real-significance-wikileaks “Transparency should be proportional to the power that one has.”

Read the presentation on Risky Business: Transparency, Technology, Security and Privacy made at the Pecha Kucha session here. (ODP File, 35 kb)

Disclaimer: The views, opinions, and positions expressed by the author(s) of this blog are theirs alone, and do not necessarily reflect the views, opinions, or positions of Omidyar Network. We make no representations as to accuracy, completeness, timeliness, suitability or validity of any information presented by individual authors of the blogs and will not be liable for any errors, omissions, or delays in this information or any losses, injuries or damages arising from its display or use.

For more details visit https://cis-india.org/openness/blog-old/privacy-v-transparency

Getting Strategic about Openness and Privacy

praskrishna — 2014-11-09T09:19:23Z

This blog post by Tim Davies, Open Data Research Lead at Web Foundation was published in Open Up? on November 3, 2014.

Click to read the original post here. Sunil Abraham gave his inputs.

Information is powerful. And in a world where the amount of information generated, captured and stored has grown exponentially in recent decades, getting hold of the information you need, when you need it, relies upon having access to the data that describes it. That makes the control of data especially powerful.

Modern transparency initiatives, promoting the idea of open data, have been seeking to break the data-monopoly of privileged actors within the state — unlocking key datasets and making them available for public scrutiny and reducing the information inequalities that undermine open public discourse. Opening up government data is *one* way in which citizens can reclaim some power and reestablish the principle that “they work for us”. Open government data gives us power to know how the government is spending money, what companies are getting public sector contracts and licenses, who owns these companies, what profits they make and what royalties and taxes they pay. Yet, progress has been slow, and we have faced substantial challenges in securing reliable and standardised flows of public data that can be joined-up to give a true picture of how public resources are being used, and key decisions made. Although millions of public datasets have been placed online, the most politically salient are often lacking. The 2013 Open Data Barometer found fewer than 1 in 10 accountability datasets were truly open.

At the same time, advocates of building a more open government need to grapple with three other trends that are shaping discussions of data, power and the state:

Firstly, and most important, the revelations brought to our attention by whistleblower Edward Snowden have confirmed the extent of the secret state and the profound imbalance of power between citizens and their state created through mass surveillance. Whilst projects to disclose even basic data on the state like public spending are underfunded and ad hoc, billions of dollars are poured into tools and technologies that violate basic human rights and that threaten trust and security on the Web. Fundamentally the problem with secret mass surveillance is that it destroys the checks and balances that are meant to limit the power of the state over citizens.
Secondly, and in part due to the discussion spared by Snowden, public awareness of the data, and consequently power, held by corporations has grown. The Web has become increasingly centralised, and large companies now harvest large amounts of data on any individual technology user. In parallel, in some countries such as the UK, governments have sought to use open data agendas as cover for increased proprietary sharing of public data with private firms, seeking to go around established principles of consent to share publicly held health, tax or student records with profit-making firms. Such data-sharing is not inherently wrong if there are public benefits, but building citizen trust in the state’s stewardship of personal data, and ensuring safeguards are in place to warrant that trust, is a major challenge.
Thirdly, concerns have been raised that some of the data released through open data initiatives may also affect the privacy of citizens. Some aggregated and anonymised datasets can be combined with other data to reverse engineer identifiable information. Although early calls for “raw data now” were clear that they were not calling for open personal information, in practice the divide between personal and public can be a narrow one.

So, do these trends mean we should be more cautious about opening up? Should the balance swing back towards a focus on protecting privacy? Ultimately, a simple opposition of privacy and openness is a false dichotomy. The question is not should we focus on openness, or should we protect privacy: but is Who should be open? And how? And whose privacy should be protected, and how?

Sunil Abraham, of the Centre for Internet and Society in Bangalore, has offered a key solution in the idea that:

“Transparency should be proportional to power, privacy inversely so.”

It is on this basis that organisations working for a fairer future, with more vibrant public discourse, greater freedom, and better governments, can campaign for both privacy and openness together. Those who occupy public office, own companies, or tender for public contracts must accept that there is a legitimate public interest in information about their activities in these roles, whilst independent citizens must be afforded space to form views and live lives without constant state surveillance. Companies should not be considered to have a right to privacy: their interests are already protected by other laws and provisions.

To deliver effective openness through open data, the Web Foundation is working to understand how data gets used on the ground in different settings across the world, and, with Omidyar support, is working on the creation of inclusive open data standards for public contracting data. Standards like the Open Contracting Data Standard are part of building a new infrastructure of open governance, making it possible to join-up data from different places, helping tilt the balance of power towards citizens when it comes to scrutinising governments and corporations. Through the Open Data Barometer we keep track of the availability of key datasets that can be used for accountability, and we’re co-chairing the Open Government Partnership Open Data Working Group, seeking to set high standards for relevant and usable data disclosures by governments.

By focussing on the civic use of data, we can better identify those datasets that must be in the public domain. And by thinking about relative power when considering privacy we can address genuine privacy concerns, whilst not allowing corporations claiming privacy rights, or public figures trying to hide their financial interests, from diminishing the power of data to enable accountability.

At the same time, the Web Foundation leads the Web We Want campaign, challenging mass surveillance and seeking to secure a Web where individuals have the right to privacy, and the tools to secure it. And increasingly transparency of what the state and companies do with personal data can help increase the capacity of citizens to respond to threats to their autonomy, and can increase oversight and safeguards on state or corporate capacity.

Ultimately, our ongoing efforts to open up, and to protect individual freedoms, have to be strategic. And keeping an analysis of power, and Sunil’s maxim, in mind, provides a good starting point to guide the strategy.

For more details visit https://cis-india.org/internet-governance/news/open-up-tim-davies-november-3-2014-getting-strategic-about-openness-and-privacy

Ubiquity, Mobility, Globality: Charting Directions in Mobile Phone Studies

praskrishna — 2014-12-04T16:27:26Z

Nehaa Chaudhari made a presentation at the Ubiquity, Mobility, Globality : Charting Directions in Mobile Phone Studies Conference. This was organized by the Center for Global Communication Studies at the Annenberg School for Communication, University of Pennsylvania, Philadelphia on November 6 and 7, 2014. Nehaa was on a panel titled Mobile and its Effects on Global Markets and made a presentation on Pervasive Technologies: Access to Knowledge in the Workplace.

Nehaa Chaudhari's presentation can be downloaded here (PDF, 518 KB). Click here for the full programme. Download the agenda here.

Mobile phones are tools for activism and civic participation, surveillance and repression, market making and market disruption. In Ithiel de Sola Pool’s memorable phrase, there have been few “technologies of freedom” that match the consequences of these new instruments and the infrastructure that supports them. This conference examines dimensions of the social, political, and economic effects of the global ubiquity of mobile phones:

What are the affordances and limitations of mobile phones in development?
What is the impact of mobile phones on socio-political change?
How do mobile phones continue to shape our civil liberties?
What are the geo-political consequences of these mobilities?
How does mobile phone adoption challenge and support market innovation?

To tackle these questions, this conference brings together voices from the academy, civil society, and industry—all to examine the heterogeneous sources and consequences of mobility’s diffusion. The goal of this conference is to further interdisciplinary and comparative approaches to the understanding of the mobile phenomenon and to chart directions in mobile phone studies. The conference is funded by the Provost’s Global Engagement Fund, the Center for Global Communication Studies, and the Project for Advanced Research in Global Communication and the program reflects the input of several Schools at Penn, including the Annenberg School for Communication, Wharton, Law, and the School of Arts and Sciences.

For more details visit https://cis-india.org/a2k/news/center-for-global-communication-studies-november-6-2014-ubiquity-mobility-globality-charting-directions-in-mobile-phone-studies

Good Intentions, Recalcitrant Text – II: What India’s ITU Proposal May Mean for Internet Governance

geetha — 2014-11-03T07:07:16Z

The UN's International Telecommunications Union (ITU) is hosting its Plenipotentiary Conference (PP-14) this year in South Korea. At PP-14, India introduced a new draft resolution on ITU's Role in Realising Secure Information Society. The Draft Resolution has grave implications for human rights and Internet governance. Geetha Hariharan explores.

Disclaimer and update (2 November 2014): India's Draft Resolution was discussed during the meeting of the Ad Hoc Working Group on Internet-related Resolutions at the ITU Plenipot on the evening of November 1, 2014 (KST). After the discussion, India revised the text of the resolution, seeking to address concerns raised by ITU member states. The revised resolution may be found here. However, this blog post was written with reference to the original text of India's Draft Resolution.

***

As I mentioned in my last post, India’s Draft Resolution on ‘ITU’s Role in Realising Secure Information Society’ raises security and equity concerns. The Draft Resolution has 3 security concerns: (i) security weaknesses in the network architecture that permit “camouflaging the identity of the originator of the communication” and make “tracing of communication difficult”; (ii) non-systematic, non-contiguous allocation of naming, numbering and addressing resources on the Internet, which makes it difficult to identify both the users and what states the IP addresses are located in; (iii) non-local routing and address resolution relating to traffic originating and terminating in the same country. Op. §§1, 3-7 seek to address these. It also identifies the present system of allocation of naming, numbering and addressing resources as inequitable, unfair, unjust and undemocratic (Op. §2 of the Draft Resolution offers a solution). I discussed some human rights implications of India’s Draft Resolution in my last post.

In this post, I explore the implications of the Draft Resolution for Internet governance and multi-stakeholder approaches (most notably, an equal footing model).[1] Given the uncertainties around defining multi-stakeholderism for Internet governance, this is rather ambitious. So I will try to point to concerns with certain textual interpretations of the Draft Resolution, map that against the positions India’s representatives have taken on Internet governance in the past, and the motivations/concerns that underlie the tabling of the Draft Resolution. This Resolution may not be the best way to allay India's concerns, for there are technical and rights implications. But the concerns it raises are worth discussion and knowledge, and at forums where concerns are heard, acknowledged and discussed collectively. The text of the Draft Resolution and its attendant implications are not, then, the sole subjects of this post.

The Draft Resolution and Internet governance:

The text of the Draft Resolution is problematic. Many of its clauses may be seen as taking positions against multi-stakeholder approaches to Internet governance. Introducing such a resolution at the ITU may itself bring back memories of the controversies surrounding Resolution 3 of the World Conference on International Telecommunications (WCIT), 2012.[2] In 3 ways, the text of the Draft Resolution has indications for multi-stakeholder approaches.

First, the Draft Resolution frames issues primarily from the perspective security. In its preamble, the Draft Resolution makes several references to security threats posed by and on the Internet. For instance, it points to the ability of the network to “camouflage the identity of the originator of the communication” (Pream. §(e) [recognizing]), as well as national security concerns in the present-day system of routing Internet traffic through multiple countries (Pream. §§(f) and (g), [recognizing]). The apparent difficulty in tracing IP addresses, due to their random allocation, is another concern (Pream. §(h), [recognizing]). Among the “significant public policy issues” identified in telecom/ICT management, “security and safety of the Telecom/ICTs” is specifically noted (Pream. §(i) [considering]). In the Context note to the Draft Resolution and in several places in the Preamble, there are references to ITU Resolution 130 (‘Strengthening the role of ITU in building confidence and security in the use of information and communication technologies’) and ITU’s Cyber-security Agenda. Given the (legitimate or otherwise) disproportionate involvement of governments and not other stakeholders in matters of cyber-security, the framing of issues from a security perspective may lend itself to worries for multi-stakeholderism. Specifically, the Draft Resolution notes: “ensuring security of ICT networks is sovereign right of Member States” (Pream. §(b) [recognizing]).

Second, the Draft Resolution emphasizes the sovereign right of states to regulate and control telecom/ICT. It says, for instance, “it is the sovereign right of each state to regulate its telecommunication” (Pream. §(b) [considering]). With regard to the Internet, the Context note to the Draft Resolution (page 1) considers the Internet to be synonymous with telecom/ICTs: “the Telecom/ICTs, which in common lexicon is used interchangeably many times as Internet…”. Public telecom networks managed by telecom service providers, interconnected with other networks, are necessary for “proper functioning of a telecom network resources namely, among others, naming, numbering and addressing” (Pream. §(k) [considering]). It is worth noting that the sovereign authority of states over Internet public policy issues is settled text from §35 of the Tunis Agenda, though expressing it as synonymous with telecom may lead to possibilities of licensing and registration, which Bulgaria, for instance, does not do.

Third, the Draft Resolution identifies issues of equity and fairness in the allocation of Internet resources such as naming, numbering and addressing (Pream. §(g) [consdering], Op. §2). It states that to correct this inequity, “facilitation and collaboration among international, inter-governmental organizations and individual member states to ensure planning, implementation, monitoring and cooperation in its policies” is required (Pream. §(g) [considering]). In operative paragaphs, our Draft Resolution calls for collaboration with “all the concerned stakeholders including International and intergovernmental organizations to develop policies for allocation, assignment and management of IP resources including naming, numbering and addressing which is systematic, equitable, fair, just, democratic and transparent” (Op. §2). One may pay attention to the oversight over implementation and the necessity of inter-governmental involvement in planning and monitoring as problematic to iterations of multi-stakeholderism.

These concerns are valid and legitimate, and it is desirable that the text of the resolution be altered to address them. The text should also be altered to address the human rights concerns I point out in my previous post. But human rights enforcement or implementation is within the domain of states, though civil society may be a careful watchdog. The Draft Resolution's text, most certainly, will face certain oppositions: for instance, that it is outside the scope and mandate of the ITU. That the ITU does not deal with content regulation – and this issue touches upon content – will be mentioned. That Internet governance is already being discussed and performed in multiple other multi-stakeholder fora, such as ICANN, the NRO and RIRs, IGF and WSIS, will be emphasized. That the Draft Resolution implicates national security concerns will be mentioned as well. But as an aside, on national security: under international law, states always mention their prerogative over national security, and so as a matter of international custom, national security is outside the scope of agreements unless expressly surrendered.

At the same time, debates around the role of ITU in Internet governance are not new, and those familiar will remember the ITU’s views right before the creation of ICANN (also see Mueller, Ruling the Root 145-48 (2002)), Resolution 3 of the WCIT, and the constant tug-of-war since then. The new Secretary-General of the ITU, Mr. Houlin Zhao, wrote a note in October 2004, before the Tunis phase of the WSIS, justifying ITU’s involvement in Internet governance, advocating that IPv6 address blocks be allocated to countries. Mr. Zhao describes, with specific examples, ITU's role in the development and widespread growth of the Internet. He takes the examples of standards developed within the ITU and ITU's policy role in liberalisation and spread of telecommunications (such as Articles 4 & 9 of the 1988 ITRs).

Mr. Zhao’s concrete proposals are rendered inapplicable by the creation of the NRO and RIRs, and the growth and entrenchment of ICANN. But it may be argued that his principled justifications for ITU involvement remain. It is these that India hopes to highlight, I was told, along with the inequities in resource allocation (IPv4 was spoken of), and the disproportionate weight some states enjoy in Internet governance. Her concerns are, I am told, also shared by some other states. Given that the text exhibits a less-than-friendly approach to multi-stakeholderism, India's previous positions on the issue are of interest. While this would not correct the snags in the Draft Resolution's text, allaying these concerns may be ideal to craft an inclusive and transparent multi-stakeholder model for Internet governance.

India and Multi-stakeholderism in Internet Governance:

India’s position on multi-stakeholder models for Internet governance is a matter of some obscurity. Statements at various forums exhibit a certain disagreement – or at the least, lack of engagement – among India’s ministries on our position on multi-stakeholder approaches, particularly the Ministry of External Affairs (MEA), the Department of Telecommunications (DOT) and the Department of Electronics and Information Technology (DeitY), both within the Ministry of Communications and Information Technology (MCIT). While both the MEA and DOT have been cautious supporters of a diluted form of multi-stakeholderism (they have repeatedly emphasized §35 of the Tunis Agenda), DeitY has been more open in entertaining multi-stakeholder approaches for Internet governance.

At the 66^th session of UN General Assembly, Mr. Dushyant Singh, Member of India’s Parliament from the Bharatiya Janata Party, presented our proposal for a Committee on Internet-related Policies. The proposal sought the establishment of a UN committee comprising 50 member-states, with advisory groups including the private sector and civil society, to deal with Internet-related matters.[3] Though India was not opposed to multi-stakeholder advisories in its CIRP proposal, it was less than inviting in this regard.

At NETmundial (April 2014), the Indian government’s contribution document highlighted §35 of the Tunis Agenda, which delineates ‘roles and responsibilities’ of ‘respective stakeholders’ – i.e., governments (with whom reside “sovereign policy authority”), the private sector (technical and economic development of the Internet) and civil society (grassroots participation). At NETmundial, Mr. Vinay Kwatra of the MEA echoed this, also noting the lack of consensus on what multi-stakeholderism means for Internet governance (page 64).

Admittedly, this is a legitimate concern. Internet governance at various fora does not seem to have a clear answer on what multi-stakeholderism means. The debate was/is alive, for instance, at NETmundial 2014, the ICANN-convened IANA transition process, the World Economic Forum’s new NETmundial Initiative, and in the many calls and suggestions (pages 38-46) made over the years on strengthening the IGF (see also, Malcolm, Multi-stakeholder Governance and the IGF (2008), chapter 6). It is hardly surprising then, that India and other states raise this as a concern.

With regard to multi-stakeholderism, the DeitY in India has been the outlier. Speaking at the 2014 IGF in Istanbul, Mr. R.S. Sharma, Secretary (DeitY), expressed “no doubt that Internet Governance mechanism require the involvement of all the stakeholders, since the evolution of Internet has been a product of many different diverse groups working together in a loosely coordinated manner”, advocating strengthening of the IGF and pointing to India’s proposed India-IGF as an example of multi-stakeholderism at home. Most interestingly, Mr. Sharma did not focus on international Internet-related policies being the “sovereign policy authority of states”. Also in the transcripts of the four meetings of the Working Group on Enhanced Cooperation under the Committee for Science, Technology and Development (CSTD), I have been unable to find outright rejections of multi-stakeholder approaches, though India has not advocated multi-stakeholderism unequivocally either.

But this – the emphasis on “sovereign policy authority of states” in Internet governance – has been a consistent position for India, especially the MEA and DOT. Here at the ITU PP-14 as well, members of the Indian delegation also emphasized states’ sovereign monopoly over policy matters. “Why not take this to the ITU”, I was asked, as “many governments are uncomfortable” with the way Internet governance is being conducted at other fora. There are grave concerns, I was told, about the possibility of excessive control some governments have over both user and government data of other states (government-speak, of course, for the Snowden revelations).

These are, of course, concerns similar to those of authoritarian governments, or those reluctant to open up to multi-stakeholderism and looking for excuses to retain/increase government control. But it is equally possible that these concerns need not be limited only to such states. Perhaps for developing countries as well, these are real concerns. In conversation with members of the Indian delegation at the ITU Plenipot, I was able to discern 3 broad concerns. First, the definition of multi-stakeholderism in Internet governance. India has not shown herself comfortable with an all-out endorsement of multi-stakeholderism. This is troubling. Civil society and the private sector in India will attest to the difficulties in engaging with our government at all levels. For instance, seeking a place on India's delegation for the Plenipot proved a disheartening exercise for some members of India's civil society.

But there are also conflicting indications. India is in the process of instituting an India-IGF, and CIS' Executive Director, Sunil Abraham, is on the MAG. India expressed agreement, at least in informal conversation, to opening up ITU documents to the public on grounds of public interest. The Law Commission of India recently conducted a multi-stakeholder consultation on media laws in India, and Telecom Regulatory Authority of India (TRAI) regularly conducts consultations, though the private sector is more active there. What is lacking in India, however, is a set of clear procedures and processes for multi-stakeholder engagement, particularly on Internet issues. Clear, public, accessible, foreseeable and predictable set of rules or processes on participation from civil society, private sector and academia would make a world of difference to multi-stakeholderism within India. But this lack should not blind states or other stakeholders to the genuineness of privacy/security or equity concerns - for instance, of the protection of our information from mass surveillance or the feasibility and actual participation of developing countries at many Internet governance fora.

Second, members of the delegation expressed concern over inequalities in the allocation of naming, numbering and addressing resources. While I am uncertain how IPv6 allocation falls within this concern, the inequalities of IPv4 allocations are well documented. To gather a sense of this, it would be useful to read chapter 5 of Professor DeNardis’ Protocol Politics, and to glance at Figure 5.7 (page 173). Africa controls, for instance, a mere 1% of all available IPv4 addresses, while North America and Europe control about 63%. A study on engagement from the Asia-Pacific in Internet standards organisations shows, for instance, greater participation from Western countries and from some states like Japan.[4] India and other states from Asia and Africa have lesser participation. Even at ICANN, with efforts to increase participation, meaningful engagement is still from a majority of Western countries. Perhaps states and other stakeholders on the other side of the table can address these concerns through clear, inclusive, non-discriminatory commitments and implementation.

Third, India emphasized how the Draft Resolution does not propose that ITU be involved in content management or resources control, but only seeks to systematize allocation by asking the ITU Secretary General to collaborate and coordinate with other Internet governance organisations to create a set of principles for fair, equitable, transparent and democratic - as well as secure - allocation of resources. ITU Resolution 101 already instructs the Secretary General to collaborate with relevant Internet governance organisations, and the Draft Resolution merely seeks to spell out his tasks. However, as I pointed out in my previous post, the text of the Draft Resolution is at odds with this intention of India's. By dint of its drafting, it gravely implicates human rights, as well as touching upon resource allocation oversight ("needs to be adhere to" in Op. §2). To reflect the above stated intention, the Draft Resolution would need to be redrafted.

Finally, the text of the Draft Resolution exhibits, unfortunately, a certain disregard for existing network architecture and efficiency within the Internet, and to the principles of a free, open and inter-operable and unified Internet, when it seeks to develop a network architecture that facilitates (domestic) localization of traffic-routing, address resolution and allocation of naming, numbering and addressing. An argument may, of course, be made in favour of efficiency and costs, including reduced latency. But it is clear that this has the potential to increase domestic surveillance capabilities and government censorship of content. In any case, traffic localization (if not local address resolution) can be achieved without ITU coordination: through Internet Exchange Points, and through more efficient and better-negotiated peering and transit arrangements (pages 14-17). Internationally coordinated rules for localized traffic routing is not necessary; you just need to have a more efficient Internet Exchange Point. How to get more ISPs to interconnect through India’s National Internet Exchange (NIXI) is one of the very questions that India’s Telecom Regulatory Authority has taken up in its recent consultation on expanding broadband access (page 49). So it is possible that India's concerns could be addressed without ITU involvement, though I am unsure of its impact on the global Internet.

The Draft Resolution will be discussed at the ITU Plenipot today. The discussion will allow India and sympathetic countries to raise several of their concerns relating to the present system of Internet governance, and the direction of its progress. I will report on these discussions upon their completion.

A Note on Limitations:

The aim of this post is to clarify. I would caution against its being the last word on anything, much less India’s positions on Internet governance. An issue as important as this needs far greater access to and confirmation from India’s government – and a more in-depth understanding of the politics – than I do, at the moment.

At the same time, India has not been a model for civil society engagement, as illustratively, the Narmada Bachao Andolan and/or P. Sainath’s evaluation of government policies in Everybody Loves a Good Drought reveal. It has been harder to effectively engage with India’s government than in many states in North America, Latin America and Europe. But I believe the complex dynamics of that is not unique to India. The NSA and GCHQ revelations (as an example of governmental trust deficit of unmatched proportions) have shown that where governments want to keep everyone out and oblivious, they do it well.

I am not in favour of a purely multilateral approach to Internet governance. But at the same time, I share concerns over definition and the evolution of processes as well, as I am sure others in civil society also do. Particularly on the issue of Internet governance and multi-stakeholderism, evidence reveals inconsistency among India’s various ministries. Until this is addressed by our government (hopefully in consultation with all concerned stakeholders), an open mind would probably be the best thing we - including states - could keep.

Acknowledgements: I would like to thank Sunil Abraham, Pranesh Prakash, Rishabh Dara, Arun Sukumar, Anja Kovacs and Parminder Jeet Singh for the freedom to bounce ideas, feedback and the many discussions about multi-stakeholder approaches and Internet governance. I also wish to acknowledge Samir Saran’s article in CFR, which offers an interesting perspective on India’s Draft Resolution.

[1] For this post, I will use ‘multi-stakeholder approaches’ as an umbrella term, but would urge readers to keep in mind the many uncertainties and disagreements about defining multi-stakeholderism for Internet governance. These disagreements exist among and within all stakeholders, including government and civil society. In addition to various iterations of the ‘equal footing model’, the model proposed in §35 of the Tunis Agenda is also multi-stakeholder, albeit in a different – and for many in civil society, less desirable – sense.

[2] For those unacquainted with WCIT, see Mueller, ITU Phobia: Why WCIT was derailed, Internet Governance Blog (18 December 2012), http://www.internetgovernance.org/2012/12/18/itu-phobia-why-wcit-was-derailed/; Kleinwächter, WCIT and Internet governance: Harmless resolution or Trojan horse?, CircleID Blog (17 December 2012), http://www.circleid.com/posts/20121217_wcit_and_internet_governance_harmless_resolution_or_trojan_horse/.

[3] For a commentary, see Mueller, A United Nations Committee for Internet-related Policies? A Fair Assessment, Internet Governance Blog (29 October 2011), http://www.internetgovernance.org/2011/10/29/a-united-nations-committee-for-internet-related-policies-a-fair-assessment/.

[4] Contreras, Divergent Patterns of Engagement in Internet Standardization: Japan, Korea and China. I am unable to find this paper online. Please email me for information.

For more details visit https://cis-india.org/internet-governance/blog/good-intentions-recalcitrant-text-2013-ii-what-india2019s-itu-proposal-may-mean-for-internet-governance

October 2014 Bulletin

praskrishna — 2014-11-23T16:40:23Z

Welcome to the tenth issue of the newsletter (October 2014).

We at the Centre for Internet & Society (CIS) welcome you to the tenth issue of the newsletter (October 2014). Archives of our newsletters can be accessed at: http://cis-india.org/about/newsletters

Highlights

CIS sent its comments and recommendations on the Rights of Persons with Disabilities Bill, 2014. It was submitted to the Parliamentary Standing Committee in October 2014.
CIS has published the Central Guidelines and Schemes.
CIS was one of the signatories of a letter sent to the Prime Minister of India Shri Narendra Modi sharing its concerns on India's position on intellectual property, particularly in the context of bilateral relations between the United States of America and India. The letter was sent on October 22, 2014.

In 2013, the Indian Patent Office released Draft Guidelines for the Examination of Computer Related Inventions, in an effort to clarify some of the ambiguity. Shashank Singh analyses the various responses by the stakeholders to these Guidelines and highlights the various issues put forth in the responses.

Subhashish Panigrahi wrote an op-ed in the Samaja (Odia daily) on the hurdles that the Odia language has been facing and the potential aspects of the language including it being used massively on the Internet, Wikipedia and other media platforms.

International Telecommunications Union is hosting its Plenipotentiary Conference this year in South Korea. India introduced a new draft resolution on ITU's Role in Realising Secure Information Society. The Draft Resolution has grave implications for human rights and Internet governance. Geetha Hariharan analyses this.

Vipul Kharbanda analyses the possible implications of the public interest litigation that has been placed before the Supreme Court petitioning for the establishment of a DNA database in respect to unidentified bodies in his latest blog entry.
In a blog post published in Lila Interactions P.P.Sneha explores the possibilities of redefining the idea of access through the channels of education and learning.

►Job

Programme Officer (Access to Knowledge - Institutional Partnerships): CIS is seeking applications for the post of Programme Officer for its Access to Knowledge (A2K) Programme. The position will be based in its Bangalore office. Programme Officer will collaboratively work with the A2K Team and would report to the Programme Director, Access to Knowledge at CIS.

Accessibility and Inclusion

Under a grant from the Hans Foundation we are doing two projects. The first project is on creating a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India. CIS in partnership with CLPR (Centre for Law and Policy Research) compiled the National Compendium of Policies, Programmes and Schemes for Persons with Disabilities (29 states and 6 union territories). The updated draft is being reviewed by the Office of the Chief Commissioner for Persons with Disabilities. The draft chapters and the quarterly reports can be accessed on the project page. The second project is on developing text-to-speech software for 15 Indian languages. The progress made so far in the project can be accessed here.

►NVDA and eSpeak

Monthly Update

October 2014 Report (Suman Dogra; October 31, 2014).

►Other

Submission

Comments to the Rights of Persons with Disabilities Bill , 2014 (Nirmita Narasimhan and Anandhi Viswanathan; October 30, 2014).

Blog Entries

Central Guidelines and Schemes (Anandhi Viswanathan, October 14, 2014).
The Legal Framework for Enforcement of Rights of Persons with Disabilities (CLPR; October 14, 2014).

Media Coverage

Communication technology opens 'doors' for everyone, not only people with disabilities (John D. Kemp and Brandon M. Macsata, The Hill, October 13, 2014).

Access to Knowledge

As part of the Access to Knowledge programme we are doing two projects. The first one (Pervasive Technologies) under a grant from the International Development Research Centre (IDRC) is for research on the complex interplay between pervasive technologies and intellectual property to support intellectual property norms that encourage the proliferation and development of such technologies as a social good. The second one (Wikipedia) under a grant from the Wikimedia Foundation is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

Blog Entries

Letter to the Prime Minister on Indo-US Bilateral Relations on Intellectual Property (Nehaa Chaudhari; October 22, 2014).
Guidelines for Examination of Computer Related Inventions: Mapping the Stakeholders' Response (Shashank Singh; October 29, 2014).

►Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Blog Entries

ଓଡ଼ିଆ ଭାଷା ବିକାଶରେ ପ୍ରତିବନ୍ଧକ ଓ ସମ୍ଭାବନା (Subhashish Panigrahi, Samaja; October 13, 2014).
Bharat Majhi Writings Now Available Under a Creative Commons License (Subhashish Panigrahi; October 14, 2014).
More Than 40 Million People Await the Launch of Odia Wikisource (Subhashish Panigrahi, Global Voices and Wikimedia Blog; October 21, 2014).
Odia Littérateur Ramakrushna Nanda's 4 Books Now Available Under a Creative Commons License (Subhashish Panigrahi; October 22, 2014).
Open Access Platform to Save the Odia Indian Language (Subhashish Panigrahi, Opensource.com; October 22, 2014).
Odia Wikisource Goes Live! (Subhashish Panigrahi; October 26, 2014).
Samskrita Vaibhavam (Sanskrit Wiki Outreach Program) (Shubha and Sayant Mahato; October 30, 2014).
Tulu Wikipedia Workshop cum Editathon at Udupi (Dr. U.B.Pavanaja, October 31, 2014). The event was covered by V4News.com and Mangalore Today.
Converting from nonUnicode (Nudi, Baraha, ...) font encoding to Unicode Kannada (Dr. U.B.Pavanaja; October 31, 2014).

Events Co-organized

Sangeet Baithak: A Hindustani Music Resource Donation Event in Mumbai (Organized by CIS-A2K and Khayal Trust; Shivaji Park, Dadar, Mumbai; October 7, 2014).
Indian Women in Science Wiki edit-a-thon (Organized by IndoBioScience and CIS-A2K; Centre for Ecological Sciences, Indian Institute of Science, Bangalore; October 11, 2014).
Ada Lovelace Edit-a-thon 2014 (Organized by IndoBioScience and CIS-A2K; Urban Solace; October 14, 2014).

News and Media Coverage

CIS-A2K team gave its inputs to the following media coverage:

Enliven the Tulu Viki Fidia first and then add Tulu to the 8th Schedule : Dr.UG Pavanaja, Bangalore Rep. in Udupi (V4News.com; October 15, 2014).
Wikipedia can establish Tulu in a wider way (Mangalore Today; October 17, 2014).
Pushing women scientists (Renuka Phadnis; Hindu; October 19, 2014).
Wiki Media Foundation keen on developing Urdu Wikipedia (Nisar Ahmed Syed; October 22, 2014).
Wiki Media Foundation keen on developing Urdu Wikipedia (Siasat Daily; October 24, 2014).

Participation in Event

Barcamp Bangalore (Organized by SAP Labs; Bangalore; October 12, 2014). Dr. U.B.Pavanaja and Rahmanuddin Shaik took part in the event.

Internet Governance

►Privacy

As part of our Surveillance and Freedom: Global Understandings and Rights Development (SAFEGUARD) project with Privacy International we are engaged in enhancing respect for the right to privacy in developing countries. We have produced the following outputs during the month although these may not be part of the SAFEGUARD project:

Blog Entries

The Gujarat High Court Judgment on the Snoopgate Issue (Vipul Kharbanda; October 27, 2014).
DNA Database for Missing Persons and Unidentified Dead Bodies (Vipul Kharbanda; October 31, 2014).

Upcoming Event

CPDP 2015 : The eighth international conference on computers, privacy and data protection will be held in Brussels from January 21 to 23, 2015. CIS is a moral supporter of CPDP.

Participation in Events

Training for Internet Governance Activists (Organized by Global Partners Digital, UK; Cambridge; September 23 - 24, 2014). Geetha Hariharan attended the event. The event was held in September and the details published in October.
The India Conference on Cyber Security and Cyber Governance (Organized by FICCI and CYFY; October 15 - 17, 2014; New Delhi). CIS was a knowledge partner. Sunil Abraham was a panelist in the session "Privacy is Dead".
Expert Consultation on Cyber Security, Justice and Governance (Organized by Hague Institute for Global Justice, Observer Research Foundation and STIMSON; October 18, 2014). Sunil Abraham was a speaker in the session "Internet Access, Freedom Online, and Development in the Global South".

►Free Speech

Good Intentions, Recalcitrant Text - I: Why India's Proposal at the ITU is Troubling for Internet Freedoms (Geeta Hariharan; October 28, 2014).
Good Intentions, Recalcitrant Text - II: What India's ITU Proposal May Mean for Internet Governance (Geeta Hariharan; November 1, 2014).

News & Media Coverage

CIS gave its inputs to the following media coverage:

Is India the next frontier for Facebook? (Rama Lakshmi; Washington Post; October 9, 2014).
If MNCs make early inroads, they will keep market share: Sunil Abraham, CIS (J.Anand; Financial Express; October 23, 2014).

Digital Humanities

CIS is building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia:

Blog Entry

Rethinking Conditions of Access (P.P.Sneha, Lilainteractions; October 15, 2014).

About CIS

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

► Follow us elsewhere

Twitter: https://twitter.com/CISA2K
Facebook group: https://www.facebook.com/cisa2k
Visit us at: https://meta.wikimedia.org/wiki/India_Access_To_Knowledge
E-mail: a2k@cis-india.org

► Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration:

We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, atsunil@cis-india.org or Nishant Shah, Director - Research, at nishant@cis-india.org. To discuss collaborations on Indic language Wikipedia, write to T. Vishnu Vardhan, Programme Director, A2K, at vishnu@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/october-2014-bulletin

Good Intentions, Recalcitrant Text - I: Why India’s Proposal at the ITU is Troubling for Internet Freedoms

geetha — 2014-11-02T15:13:45Z

At the 2014 Plenipotentiary Conference (‘PP-14’ or ‘Plenipot’) of the International Telecommunications Union (ITU), India has tabled a draft proposal on “ITU’s Role in Realising Secure Information Society” [Document 98, dated 20 October 2014] (“Draft Resolution”). India’s proposal has incited a great deal of concern and discussion among Plenipot attendees, governments and civil society alike. Before offering my concerns and comments on the Draft Resolution, let us understand the proposal.

Our Draft Resolution identifies 3 security concerns with exchange of information and resource allocation on the Internet:

First, it is troubling for India that present network architecture has “security weaknesses” such as “camouflaging the identity of the originator of the communication”;[1] random IP address distribution also makes “tracing of communication difficult”;[2]
Second, India is concerned that under the present allocation system of naming, numbering and addressing resources on the Internet, it is impossible or at the very least, cumbersome to identify the countries to which IP address are allocated;[3]
Third, India finds it insecure from the point of view of national security that traffic originating and terminating in the same country (domestic traffic) often routes through networks overseas;[4] similarly, local address resolution also routes through IP addresses outside the country or region, which India finds troubling.[5]

In an effort to address these concerns, the Draft Resolution seeks to instruct the ITU Secretary General:

First, to develop and recommend a ‘traffic routing plan’ that can “effectively ensure the traceability of communication”;[6]
Second, to collaborate with relevant international and intergovernmental organisations to develop an “IP address plan” which facilitates identification of locations/countries to which IP addresses are allocated and coordinates allocation accordingly;[7]
Third, to develop and recommend “a public telecom network architecture” that localizes both routing[8] as well as address resolution[9] for local/domestic traffic to “within the country”.

Admittedly, our Draft Resolution is intended to pave a way for “systematic, fair and equitable allocation” of, inter alia, naming, numbering and addressing resources,[10] keeping in mind security and human rights concerns.[11] In an informal conversation, members of the Indian delegation echoed these sentiments. Our resolution does not, I was told, raise issues about the “concentration of control over Internet resources”, though “certain governments” have historically exercised more control. It also does not, he clarified, wish to make privacy or human rights a matter for discussion at the ITU. All that the Draft Resolution seeks to do is to equip the ITU with the mandate to prepare and recommend a “roadmap for the systematization” of allocation of naming, numbering and addressing resources, and for local routing of domestic traffic and address resolution. The framework for such mandate is that of security, given the ITU’s role in ‘building confidence and security in the use of ICTs’ under Action Line C5 of the Geneva Plan of Action, 2003.

Unfortunately, the text of our Draft Resolution, by dint of imprecision or lack of clarity, undermines India’s intentions. On three issues of utmost importance to the Internet, the Draft Resolution has unintended or unanticipated impacts. First, its text on tracing communication and identity of originators, and systematic allocation of identifiable IP address blocks to particular countries, has impacts on privacy and freedom of expression. Given Edward Snowden’s NSA files and the absence of adequate protections against government incursions or excesses into privacy,[12] either in international human rights law or domestic law, such text is troublesome. Second, it has the potential to undermine multi-stakeholder approaches to Internet governance by proposing text that refers almost exclusively to sovereign monopolies over Internet resource allocation, and finally, displays a certain disregard for network architecture and efficiency, and to principles of a free, open and unified Internet, when it seeks to develop global architecture that facilitates (domestic) localization of traffic-routing, address resolution and allocation of naming, numbering and addressing.

In this post, I will address the first concern of human rights implications of our Draft Resolution.

Unintended Implications for Privacy and Freedom of Expression:

India’s Draft Resolution has implications for individual privacy. At two different parts of the preamble, India expresses concerns with the impossibility of locating the user at the end of an IP address:

Pream. §(e): “recognizing… that the modern day packet networks, which at present have many security weaknesses, inter alia, camouflaging the identity of originator of the communication”;
Pream. §(h): “recognizing… that IP addresses are distributed randomly, that makes the tracing of communication difficult”.

The concerns here surround difficulties in tracking IP addresses due to the widespread use of NATs, as also the existence of IP anonymisers like Tor. Anonymisers like Tor permit individuals to cover their online tracks; they conceal user location and Internet activity from persons or governments conducting network surveillance or traffic analysis. For this reason, Tor has caused much discomfort to governments. Snowden used Tor while communicating with Laura Poitras. Bradley (now Chelsea) Manning of Wikileaks fame is reported to have used Tor (page 24). Crypto is increasingly the safest – perhaps the only safe – avenue for political dissidents across the world; even Internet companies were coerced into governmental compliance. No wonder, then, that governments are doing all they can to dismantle IP anonymisers: the NSA and GCHQ have tried to break Tor; the Russian government has offered a reward to anyone who can.

Far be it from me to defend Tor blindly. There are reports suggesting that Tor is being used by offenders, and not merely those of the Snowden variety. But governments must recognize the very obvious trust deficit they face, especially after Snowden’s revelations, and consider the implications of seeking traceability and identity/geolocation for every IP address, in a systematic manner. The implications are for privacy, a right guaranteed by Article 17 of the International Covenant on Civil and Political Rights (ICCPR). Privacy has been recognized by the UN General Assembly as applicable in cases of surveillance, interception and data collection, in Pream. §4 of its resolution The Right to Privacy in the Digital Age. But many states do not have robust privacy protections for individuals and data. And while governments may state the necessity to create international policy to further effective criminal investigations, such an aim cannot be used to nullify or destroy the rights of privacy and free speech guaranteed to individuals. Article 5(1), ICCPR, codifies this principle, when it states that States, groups or persons may not “engage in any activity or perform any act aimed at the destruction of any of the rights and freedoms recognized herein…”.

Erosion of privacy has a chilling effect on free speech [New York Times v. Sullivan, 376 U.S. 254], so free speech suffers too. Particularly with regard to Tor and identification of IP address location and users, anonymity in Internet communications is at issue. At the moment, most states already have anonymity-restrictions, in the form of identification and registration for cybercafés, SIM cards and broadband connections. For instance, Rule 4 of India’s Information Technology (Guidelines for Cyber Cafe) Rules, 2011, mandates that we cannot not use computers in a cybercafé without establishing our identities. But our ITU Draft Resolution seeks to dismantle the ability of Internet users to operate anonymously, be they political dissidents, criminals or those merely acting on their expectations of privacy. Such dismantling would be both violative of international human rights law, as well as dangerous for freedom of expression and privacy in principle. Anonymity is integral to democratic discourse, held the US Supreme Court in McIntyre v. Ohio Elections Commission [514 U.S. 334 (1995)].[13] Restrictions on Internet anonymity facilitate communications surveillance and have a chilling effect on the free expression of opinions and ideas, wrote Mr. Frank La Rue, Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression (¶¶ 48-49).

So a law or international policy for blanket identification and traceability of IP addresses has grave consequences for and prima facie violates privacy, anonymity and freedom of speech. But these rights are not absolute, and can be validly restricted. And because these human rights are implicated, the ITU with its lack of expertise in the area may not be the adequate forum for discussion or study.

To be valid and justified interference, any law, policy or order interfering with privacy and free speech must meet the standards of reasonableness and proportionality, even if national security were the government’s legitimate aim, laid down in Articles 19(3) and 17 of the Covenant on Civil and Political Rights (CCPR) [Toonen v. Australia, Communication No. 488/1992, U.N. Doc CCPR/C/50/D/488/1992 (1994), ¶6.4]. And as the European Court of Human Rights found in Weber & Saravia v. Germany [Application no. 54934/00, 29 June 2006 (ECHR), ¶95], law or executive procedure that enables surveillance without sufficient safeguards is prima facie unreasonable and disproportionate. Re: anonymity, in Delfi AS v. Estonia [Application no. 64569/09, 17 February 2014, ¶83], while considering the liability of an Internet portal for offensive anonymous comments, the ECHR has emphasized the importance of balancing freedom of expression and privacy. It relied on certain principles such as “contribution to a debate of general interest, subject of the report, the content, form and consequences of the publication” to test the validity of government’s restrictions.

The implications of the suggested text of India’s Draft Resolution should then be carefully thought out. And this is a good thing. For one must wonder why governments need perfect traceability, geolocation and user identification for all IP addresses. Is such a demand really different from mass or blanket surveillance, in scale and government tracking ability? Would this not tilt the balance of power strongly in favour of governments against individuals (citizens or non-citizens)? This fear must especially arise in the absence of domestic legal protections, both in human rights, and criminal law and procedure. For instance, India’s Information Technology Act, 2000 (amended in 2008) has Section 66A, which criminalizes offensive speech, as well as speech that causes annoyance or inconvenience. Arguably, arrests under Section 66A have been arbitrary, and traceability may give rise to a host of new worries.

In any event, IP addresses and users can be discerned under existing domestic law frameworks. Regional Internet Registries (RIR) such as APNIC allocate blocks of IP addresses to either National Internet Registries (NIR – such as IRINN for India) or to ISPs directly. The ISPs then allocate IP addresses dynamically to users like you and me. Identifying information for these ISPs is maintained in the form of WHOIS records and registries with RIRs or NIRs, and this information is public. ISPs of most countries require identifying information from users before Internet connection is given, i.e., IP addresses allocated (mostly by dynamic allocation, for that is more efficient). ISPs of some states are also regulated; in India, for instance, ISPs require a licence to operate and offer services.

If any government wished, on the basis of some reasonable cause, to identify a particular IP address or its user, then the government could first utilize WHOIS to obtain information about the ISP. Then ISPs may be ordered to release specific IP address locations and user information under executive or judicial order. There are also technical solutions, such as traceroute or IP look-up that assist in tracing or identifying IP addresses. Coders, governments and law enforcement must surely be aware of better technology than I.

If we take into account this possibility of geolocation of IP addresses, then the Draft Resolution’s motivation to ‘systematize’ IP address allocations on the basis of states is unclear. I will discuss the implication of this proposal, and that of traffic and address localization, in my next post.

[1] Pream. §(e), Draft Resolution: “recognizing… that the modern day packet networks, which at present have many security weaknesses, inter alia, camouflaging the identity of originator of the communication”.

[2] Pream. §(h), Draft Resolution: “recognizing… that IP addresses are distributed randomly, that makes the tracing of communication difficult”.

[3] Op. §1, Draft Resolution: “instructs the Secretary General… to collaborate with all stakeholders including International and intergovernmental organizations, involved in IP addresses management to develop an IP address plan from which IP addresses of different countries are easily discernible and coordinate to ensure distribution of IP addresses accordingly”.

[4] Pream. §(g), Draft Resolution: “recognizing… that communication traffic originating and terminating in a country also many times flows outside the boundary of a country making such communication costly and to some extent insecure from national security point of view”.

[5] Pream. §(f), Draft Resolution: “recognizing… that even for local address resolution at times, system has to use resources outside the country which makes such address resolution costly and to some extent insecure from national security perspective”.

[6] Op. §6, Draft Resolution: “instructs the Secretary General… to develop and recommend a routing plan of traffic for optimizing the network resources that could effectively ensure the traceability of communication”.

[7] Op. §1, Draft Resolution; see note 3.

[8] Op. §5, Draft Resolution: “instructs the Secretary General… to develop and recommend public telecom network architecture which ensures that effectively the traffic meant for the country, traffic originating and terminating in the country remains within the country”.

[9] Op. §4, Draft Resolution: “instructs the Secretary General… to develop and recommend public telecom network architecture which ensures effectively that address resolution for the traffic meant for the country, traffic originating and terminating in the country/region takes place within the country”.

[10] Context Note to Draft Resolution, ¶3: “Planning and distribution of numbering and naming resources in a systematic, equitable, fair and just manner amongst the Member States…”

[11] Context Note to Draft Resolution, ¶2: “…there are certain areas that require critical attention to move in the direction of building the necessary “Trust Framework” for the safe “Information Society”, where privacy, safety are ensured”.

[12] See, for instance, Report of the Office of the High Commission for Human Rights (“OHCHR”), Right to Privacy in the Digital Age, A/HRC/27/37 (30 June 2014), ¶34-35, http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf. See esp. note 30 of the Report, ¶35.

[13] Many thorny political differences exist between the US and many states (including India and Kenya, who I am told has expressed preliminary support for the Draft Resolution) with regard to Internet governance. Irrespective of this, the US Constitution’s First Amendment and judicial protections to freedom of expression remain a yardstick for many states, including India. India, for instance, has positively referred to the US Supreme Court’s free speech protections in many of its decisions; ex. see Kharak Singh v. State of Uttar Pradesh, 1963 Cri. L.J. 329; R. Rajagopal v. State of Tamil Nadu, AIR 1995 SC 264.

For more details visit https://cis-india.org/internet-governance/blog/good-intentions-going-awry-i-why-india2019s-proposal-at-the-itu-is-troubling-for-internet-freedoms

The Gujarat High Court Judgment on the Snoopgate Issue

vipul — 2014-10-27T04:40:17Z

Pranlal N. Soni v. State of Gujarat, C/SCA/14389/2014

In the year 2013 the media widely reported that a female civil services officer was regularly spied upon in 2009 due to her acquaintance with the then Chief Minister of Gujarat (and current Prime Minister of India) Mr. Narendra Modi. It was reported that the surveillance was being supervised by the current president of the BJP, Mr. Amit Shah at the behest of Mr. Modi. The case took another twist when the officer and her father said that they had no problems with such surveillance, and had repeatedly conveyed to various statutory authorities including the National Commission for Women, the State Commission for Women, as also before the Hon’ble Supreme Court of India, that they never felt that their privacy was being interfered with by any of the actions of the State Authorities. Infact, para 3.5 of the petition indicated that it was at the behest of the father of the female officer that the State government had carried out the surveillance on his daughter as a security measure.

Inspite of the repeated claims of the subject of surveillance and her father, the Gujarat Government passed a Notification under the Commissions of Inquiry Act, 1952 appointing a two member Commission of Inquiry to enquire into this incident without jeopardizing the identity or interest of the female officer. This Notification was challenged in the Gujarat High Court by the very same female officer and her father on the ground that it violated their fundamental right to life and liberty. The petitioners claimed that they had to change their residential accommodation four times in the preceding few months due to the constant media glare. The print, electronic and social media, so called social workers and other busybodies constantly intruded into the private life of the petitioners and their family members. The petitioner's email accounts were hacked and scores of indecent calls were received from all over. Under the guise of protecting the petitioner's privacy, every action undertaken by the so called custodians for and on behalf of the petitioners resulted into a breach of privacy of the petitioners, making life impossible for them on a day to day basis.

After hearing the arguments of the petitioners, including arguments on technical points the Court struck down the Notification issued by the State government to enquire into the issue of the alleged illegal surveillance. However the Court also briefly touched upon the issue of violation of the privacy of the female officer in this whole episode. However, instead of enquiring into whether there was any breach of privacy in the facts of the case, the Court relied upon the statement made by the female officer that whatever surveillance was done did not cause any invasion into her privacy, rather it was the unwelcome media glare that followed the revelations regarding the surveillance which had caused an invasion of her privacy.

Thus we see that even though the whole snoopgate episode started out as one of “alleged” unwarranted and illegal surveillance this particular judgment is limited only to challenging the validity of the Inquiry Commission appointed by the State Government. In order to challenge the Notification in a PIL the female officer had to show that some fundamental right of hers was violated and in such circumstances privacy is the most obvious fundamental right which was violated.

Although this judgment talks about privacy, it does not have enough legal analysis of the right to privacy to have any significant ramifications for how privacy is interpreted in the Indian context. The only issue that could possibly be of some importance is that the we could interpret the Court’s reliance on the statement of the female officer that there was no breach of privacy rather than its own examination of facts to mean that in cases of breach of privacy, if the person whose privacy has been breached did not feel his or her privacy to have been invaded then the Courts would rely on the person’s statements rather than the facts. However this is only an interpretation from the facts and it does not seem that the Court has spent any significant amount of time to examine this issue, therefore it may not be prudent to consider this as establishing any legal principle.

Note: The details of the case as well as the judgment can be found at http://gujarathc-casestatus.nic.in/gujarathc/tabhome.jsp

For more details visit https://cis-india.org/internet-governance/blog/gujarat-high-court-judgment-on-snoopgate-issue

If MNCs make early inroads, they will keep market share: Sunil Abraham, CIS

praskrishna — 2014-10-24T15:03:03Z

The article by J. Anand was published in the Financial Express on October 23, 2014. Sunil Abraham gave his inputs.

The recent visits of the high-profile CEOs of internet/technology companies have made it clear that India, with its 200-million internet users, is increasingly becoming important for the multinational corporations (MNCs). Bangalore-based Centre for Internet and Society (CIS) is a bit skeptical and feels some of these companies are trying to influence the internet policy-making of the country. Sunil Abraham, executive director of CIS, talks to FE’s Anand J regarding the government’s use of social media, the regulations and the plan for a Digital India. Edited excerpts:

We see a heightened interest in India from technology/internet companies, with their top CEOs visiting the country. What do you think is the reason?

In India, with little domestic competition, if these companies make early inroads, they will be able to keep the market share. The other reason is, the Indian government has made several proposals such as data localisation, mandatory data routing and so on, which have been demonised by the West as something that will balkanise the internet. Because India represents a big market, companies might be indulging in some amount of tokenism in the form of data centres. This is to show the government that they are willing to listen and lead the conversation to an agenda item that they are comfortable with and block some of the more dramatic proposals. The third reason could be that internet penetration might grow dramatically in the country and if the policy levers are moved appropriately, it will grow even more.

What is your stand on the government proposals?

In some ways, I agree with MNCs that some of the government proposals could break the architecture of internet. But then there are other proposals that are completely kosher. The domestic routing of an email if it travels within India is good as it will be difficult for the NSA to intercept then. From an internet design perspective, more fibre is good.

Data localisation though will result in balkanisation and might not yield desirable results. For instance, if you are watching a YouTube video, all the information about the user is stored by Google and all of that is stored outside the country. They might store some of this information as cache in a Google server temporarily. From a surveillance perspective, this user data called metadata is what the NSA might want. Even when it is collected in a local server, it might still be sent upstream.

What about the Indian government doing surveillance then?

There are different views on the surveillance capabilities of the Indian government. Some think that today the Indian government has the capability of engaging in mass surveillance. Others like me think that it can only do targeted surveillance and not mass surveillance. It does not have the infrastructure to pull that off and if it is doing targeted surveillance, it is mostly in compliance with the local laws.

Is the increasing use of social media by the government for its communication with citizens a concern?

If the government uses this private infrastructure to communicate with its citizens, there could be a variety of challenges and complications. First, all of these government communications must be mirrored on the government infrastructure as well. Otherwise, there is a concern around data retention. The government needs to have a copy in case a person goes to RTI for all the government communications to citizens. Secondly, the government is unwittingly becoming the salesperson for these global corporations.

Mark Zuckerberg has said that internet is a human right. Do you agree?

Internet is not a human right according to the UN. TV and Radio were never rights. All the basic human rights are to be protected irrespective of the communication medium of choice and will be legitimate even 100 years from now. The success of telecommunication and internet is market generated. If it becomes a human right, the companies are not delivering a service, but a human right and this complicates the issue. There will be new demands from citizens and litigations by citizens. If everybody demands 1GB every month, state does not have those resources.

India is a phone internet market. Indian internet is tied to Google now. Does the Android dominance — with a market share of around 90% — concern you?

It is hugely worrisome and yet another monopoly. It is not “free” software. From a privacy and national security perspective, it is a terrible development. Considering that it is based on Linux, there should have been several national and international competitors.

Has the era of hetergeneous internet with a million websites passed?

Internet is no longer decentralised; 80% of users’ time is now spent on a few products. And anywhere on internet, ad networks are tracking you. We ended up with the world’s biggest surveillance machine and surveillance is the business model of internet. It is very difficult to change this as we face the inertia of user behaviour.

What do you think of the government’s Digital India plan?

The government can use the billions from the Universal Service Obligation fund for broadband connectivity. The markets cannot handle back haul infrastructure and in most countries, some amount of state investment is necessary. Some of the open access details have to be worked out. The government seems to have a monopoly position in execution. We agree with the vision that every Indian should have a smartphone by 2019 and have a broadband connection too.

What are the regulations you want to see in place in India?

Internet users are currently overregulated with restrictions on what you can say. Let what is illegal offline be illegal online too. And government needs to think of enforceability.

The regulatory infrastructure for the government is limited. We want powerful companies to be regulated and follow global norms. The regulatory best practices are emerging from Europe in terms of competition, privacy, data protection, etc, and we need to follow them.

For more details visit https://cis-india.org/internet-governance/news/financial-express-october-23-2014-j-anand-if-mncs-make-early-inroads-they-will-keep-market-share

CYFY 2014 Event Programme

praskrishna — 2014-10-13T06:59:09Z

For more details visit https://cis-india.org/internet-governance/blog/cyfy-2014-event-programme.pdf

Training for Internet Governance Activists

praskrishna — 2014-11-07T00:38:55Z

Geetha Hariharan attended a training session for Internet rights activists in Cambridge, organised by Global Partners Digital, UK on September 23 and 24, 2014.

Day 1. Final session was on privacy, surveillance and data protection by Mike Rispoli and Alexandrine Pirlot de Corbion from PI. Got caught up in the discussion, so no notes from that. Of interest is session on communication by Mike - a nine-step process he's outlined (in bold at the very end), and the problem tree and stakeholder mapping approach that Alex spoke of.

Day 2. Great session on the ITU and on lobbying by lobbyist Matthew McDermott of Access Partners. The ITU is a complex beast with activity at multiple levels and different levels of effectiveness at different levels. From conversations, I gathered that any effective strategy for any policy change in Internet governance at the ITU will involve lobbying national governments, and then at sub-regional, regional and global levels.

Day 3. Tim Maurer's session on cyber security. Issues of terminology and politicisation discussed. Also info on in what forums cyber security debate is taking place. The Netherlands is hosting the Global Conference on Cyber Space in April 2015.

Resources

Unedited notes from the meeting can be downloaded here (Zip File, 739 Kb)

For more details visit https://cis-india.org/internet-governance/news/training-for-internet-governance-activists

Big Data and Positive Social Change in the Developing World

praskrishna — 2014-10-01T03:49:58Z

For more details visit https://cis-india.org/internet-governance/blog/big-data-and-positive-social-change.pdf

CPDP 2015

praskrishna — 2014-09-30T09:52:52Z

The eighth international conference on computers, privacy and data protection will be held in Brussels from January 21 to 23, 2015. The Centre for Internet and Society is a moral supporter of CPDP.

CPDP is a non-profit platform originally founded in 2007 by research groups from the Vrije Universiteit Brussel, the Université de Namur and Tilburg University and has grown into a platform carried by 20 academic centers of excellence from the EU, the US and beyond. As a world-leading multidisciplinary conference CPDP offers the cutting edge in legal, regulatory, academic and technological development in privacy and data protection. Within an atmosphere of independence and mutual respect, CPDP gathers academics, lawyers, practitioners, policy-makers, computer scientists and civil society from all over the world in Brussels offering them an arena to exchange ideas and discuss the latest emerging issues and trends. This unique multidisciplinary formula has served to make CPDP one of the leading data protection and privacy conferences in Europe and around the world. CPDP2014 welcomed 854 guests including 343 speakers from 43 different countries dispersed over more than 60 panels which took place during three full days. It attracted another 500 people in several public evening events including debates, a pecha kucha evening and an art exhibition. CPDP2015 aims to repeat the success of last year and will stage panels within the following main topical themes: Data Protection Reform: European and Global Developments, Mobility (mobile technologies, wearable technologies, border surveillance), EU-US developments concerning the regulation of government surveillance, Health, privacy and data protection, Love and lust in the digital age, Internet governance and privacy.

In 2015 CPDP will take place from January 21 to 23, 2015 in the Halles de Schaerbeek, Brussels, Belgium. Registrations are already open: http://www.cpdpconferences.org/Registration.html. For more details see here.

For more details visit https://cis-india.org/internet-governance/news/cpdp-2015

Fighting battles online

praskrishna — 2014-09-16T04:19:55Z

Internet policy maverick Sunil Abraham feels that accessibility is key to democratising the Internet space.

The article by Nikhil Varma was published in the Hindu on September 2, 2014.

Forty-year-old Sunil Abraham essays many roles, of a social entrepreneur, free software advocate and as policy director of the Bangalore-based Centre for Internet and Society that focuses on accessibility, access to knowledge, internet governance, telecom and digital humanities.

When he finished his engineering degree and was job hunting in Bangalore, the internet was an entity he had heard about, but never worked on.

“Family constraints meant that I had to look for jobs that paid me more than the salaries offered by industries for a 9 to 6 job. I decided to knock doors in the non profit sector. I met T. Pradeep, who ran Samuha, an NGO in Northern Karnataka that focused on integrated rural development.

Sunil says, “He offered me a job provided I learnt to work on the Internet. My job was to set up the organisation’s website. By 1998, I became the head of the IT department. Many spinoffs from Samuha were also becoming very successful. Pradeep gave us Rs.14 lakh and asked us to spin off and create a new organisation called Mahiti, with a mandate to serve non profits and provide them with affordable IT services. I just came into the picture to fulfil someone else’s dream. We provided email services to non-profit organisations at affordable rates. We ran a bulletin board service and also offered a free webpage for select NGOs.”

In 99, Sunil was offered an Ashoka fellowship. “It is a US non-profit that that supports social entrepreneurs. The idea that won me the fellowship was exploring the democratic potential of the internet. It is very similar to the work that I do at the CIS. The internet remains a tool that can be used for empowering and disempowering purposes that could have hegemonic implications for society. I also worked with the UNDP, after giving a speech about free and open software at one of their meetings. I was hired as a consultant.”

Till June 07’, Sunil worked with the UNDP, managing the open-source network spanning 42 countries. “I cut my policy teeth in the UN and learnt to work with governments and had a better idea of free software and open content. I made a lot of contacts in the course of my work.”

It was at the end of the UN stint that philanthropist Anurag Dikshit decided to set up the Centre for Internet and society in India and Sunil decided to take up the assignment. “Anurag has been a great help from the start. His funds have been very vital for the organization.”

CIS deals with a host of issues, ranging from making the internet and mobile phones disabled friendly to creating more Wikipedia pages in Indic languages and enhancing internet penetration in rural India. The organization is also

With government surveillance taking on newer dimensions in the internet Sunil says, “Surveillance is like adding salt in cooking. It is essential in small quantities, but counter productive even if it is slightly in excess. While surveillance may be a good idea to keep public servants occupying high office under scrutiny, employing mass surveillance on everybody may not work well.”

He adds, “A rational approach is needed. We believe that privacy is inversely proportional to the power a person yields, while transparency is directly proportional to the power a person yields.”

Sunil is deeply apprehensive about some of the steps governments take to stem the flow of information. “A couple of years ago, the government had banned text messages beyond a certain limit to prevent rumours from circulating. This resulted in people moving to Whatsapp, which is more difficult to monitor. The government agencies ended up being the actual losers. The more unrestricted surveillance, better chances that it could be compromised.”

Another vital issue that plagues our times are the limits to free speech and expression. “Different countries have different sets of laws and traditions that govern all aspects of life. We have not managed to arrive on a consensus on food habits, mankind is a long way from developing a uniform policy about internet usage. In India, there are some limits on free speech.”

He says, “If something is illegal offline, it is bound to illegal online. I do not think we need specific laws to police the internet. If you try to ban something, it may end up getting more consumed. It happened in the case of Wendy Doniger’s book being withdrawn by Penguin. The sales of the book skyrocketed when it was published by another publisher.”

Sunil adds, “It is an important that good laws are made and these laws have been enforced properly. Enforceability must also be taken into account during framing laws.”

A scanned version of the article published in the newspaper can be found below:

For more details visit https://cis-india.org/internet-governance/news/the-hindu-nikhil-varma-september-2-2014-fighting-battles-online