Centre for Internet and Society

Comment by CIS at ACE on Presentation on French Charter on the Fight against Cyber-Counterfeiting

pranesh — 2011-12-01T11:59:45Z

The seventh session of the World Intellectual Property Organization's Advisory Committee on Enforcement is being held in Geneva on November 30 and December 1, 2011. Pranesh Prakash responded to a presentation by Prof. Pierre Sirinelli of the École de droit de la Sorbonne, Université Paris 1 on 'The French Charter on the Fight against Cyber-Counterfeiting of December 16, 2009' with this comment.

Thank you, Chair. I speak on behalf of the Centre for Internet and Society. First, I would like to congratulate you on your re-election.

And I would like to congratulate Prof. Sirenelli on his excellent presentation.

I would like to flag a few points, though:

One of the benefits of normal laws, as opposed to the soft/plastic laws, which he champions, is that normal laws are bound by procedures established by law, due process requirements, and principles of natural justice. Unfortunately, the soft/plastic laws, which in essence are private agreements, are not.
The report of the UN Special Rapporteur on the Freedom of Expression and Opinion made it clear in his report to the UN Human Rights Council that the Internet is now an intergral part of citizens exercising their right of freedom of speech under national constitutions and under the Universal Declaration of Human Rights. That report highlights that many initiatives on copyright infringement, including that of the French government with HADOPI and the UK, actually contravene the Universal Declaration of Human Rights
The right of privacy is also flagged by many as something that will have to be compromised if such private enforcement of copyright is encouraged.

I'd like to know Prof. Sirinelli's views on these three issues: due process, right of freedom of speech, and the right to privacy.

For more details visit https://cis-india.org/a2k/blogs/ace-7-french-charter-cis-comment

Clear and Present Danger: Attempts to Change Internet Governance and Implications for Press Freedom

praskrishna — 2012-06-29T03:59:39Z

The event was organised by National Endowment for Democracy in Washington, D.C., on June 26, 2012. Emma Llansó, Rebecca MacKinnon, Emin Milli, Susan Morgan and Katitza Rodriguez were the speakers.

Pranesh Prakash participated in the event. Susan Morgan from Global Network Initiative was the moderator.

More details are published on the National Endowment for Democracy website.

For more details visit https://cis-india.org/news/clear-and-present-danger

Clash of the cyberworlds

praskrishna — 2013-01-15T06:57:48Z

In an increasingly digital world, the issue of Internet freedom and governance has become hugely contested. Censorship and denial of access occur across the political spectrum of nations, even in liberal democracies.

The article by Latha Jishnu, Dinsa Sachan and Moyna was published in Down to Earth magazine's January 15, 2013 issue. Pranesh Prakash is quoted.

In run-up to the just-concluded World Conference on International Telecommunications in Dubai, there was a frenzied campaign to ensure that governments kept their hands off the Internet. It was feared the International Telecommunications Union, a UN body, was aiming to take control of the Internet. That hasn’t happened. But the outcome in Dubai has highlighted once again the double speak on freedom by countries that claim to espouse it and by corporations interested in protecting their interests, says Latha Jishnu, who warns that the major threat to the Internet freedom comes from the wide-ranging surveillance measures that all governments are quietly adopting. Dinsa Sachan speaks to institutions and officials to highlight the primacy of cyber security for nations, while Moyna tracks landmark cases that will have a bearing on how free the Net remains in India.

For months now a little-known UN agency, the International Telecommunication Union (ITU), has been looming large in cyberspace, portrayed as an evil force plotting to take over the Internet and threatening to destroy its freedom by rewriting archaic regulations. ITU, set up in 1865, is primarily a technical body that administers a 24-year-old treaty, International Telecommunication Regulations (ITRs), which are basic principles that govern the technical architecture of the global communication system.

	How did the 193-nation ITU, which regulates radio spectrum, assigns satellite orbits and generally works to improve telecom infrastructure in the developing world, turn into everyone’s favourite monster in the digital world? The provocation was ITU’s World Conference on International Telecommunications (WCIT) in Dubai, where ITRs were proposed to be revised. Leaked documents of the proposals made to ITU had shown that statist countries like Russia and China, known for their crackdown on Internet freedom, had put forward proposals to regulate digital “crime” and “security” aspects that are currently not regulated at the global level for want of consensus on balancing enforcement with protection of individual rights.

Other proposals were about technical coordination and the setting up of standards that enable all the devices, networks and software across the Internet to communicate and connect with one another. Although ITU secretary general Hamadoun I Touré had emphasised that the Dubai WCIT was primarily attempting to chart “a globally agreed-upon roadmap that offers future connectivity to all, and ensures sufficient communications capacity to cope with the exponential growth in voice, video and data”, there was widespread scepticism among developed countries.

Online subversion in India AT the seventh annual meeting of the Internet Governance Forum in Baku, Azerbaijan, last November, Minister for Communications and Information Technology Kapil Sibal was a star turn. He made an elevating speech about the need to put in place a “collaborative, consultative, inclusive and consensual” system for dealing with policies involving the Internet. India, with 125 million Internet users—a number that “is likely to grow to about half a billion over the next few years”—would be a key player in the cyberworld of tomorrow, he promised. According to the minister, Internet governance was an oxymoron because the concept of governance was for dealing with the physical world and had no relevance in cyberspace. These were high sounding words that crashed against the reality of India’s paranoia over online subversion. For starters, Sibal flew into a media blitz over Google’s transparency Report which ranked India second globally in accessing private details of its citizens. Even if it was a far second behind the US, it was an embarrassing revelation for the government which appears to have been rather enthusiastic in seeking information on the users of its various services. Such user data would include social networking profiles, complete gmail accounts and search terms used. In the first half of 2012, India made 2,319 requests related to 3,467 users compared with 7,969 requests by the US. Globally, Google clocked a total of 20,938 requests for user data. A few days down the line there was a public explosion over the arrest of two young women in Palghar, near Mumbai, for posting a prosaic comment on Facebook over Bal Thackeray’s death. Thanks to the deliberately vague wording of Section 66A of the IT Act, such arrests have become common and Rajya Sabha devoted a whole afternoon to discuss the impugned legislation and seek its withdrawal. Sibal’s response has been to issue guidelines on the use of this Section which civil society organisations say will do nothing to sort out matters. Then there are the IT (Intermediaries Guidelines) Rules, 2011, issued under Section 79 of the IT Act, which have been used indiscriminately by business interests to shut down websites, resulting in unbridled censorship of the Internet time and again. Although a motion for its annulment was moved in Parliament by Rajya Sabha member P Rajeeve, it was withdrawn after Sibal promised to talk to all stakeholders. A host of MPs have termed the rules a violation of right to freedom of speech besides going against the laws of natural justice. The promised meeting of stakeholders has not yielded any results and censorship on grounds of possible online piracy continues. In this regard, India is more restrained than the US which has pulled down huge numbers of domains on the ground they were violating intellectual property by selling pirated goods.

Western global powers, behemoth Internet companies, private telecom corporations and almost the entire pack of civil liberties organisations came together in a frenzied campaign to ensure that ITU kept its hands off the Internet. Massive online petitions were launched, backed by Internet companies such as search engine Google and social networking service Facebook. The Internet, they said, should not become an ITU remit because it would change the multi-stakeholder approach, which currently marks the way the Internet is governed, and replace it with government control that would curb digital freedom. Not only did the US administration oppose the revision of ITRs, the US Congress also passed a rare unanimous resolution against the WCIT proposals.

In the end, it was an anti-climax: nothing much came of these proposals. Although WCIT was marked by high drama—a walkout by the US and six European countries, a show of hands on a contested but innocuous resolution and an unexpected vote—the “final acts” (http://www.itu.int/en/wcit-12/Documents/final-acts-wcit-12.pdf) or the changes in ITRs make no mention of the I word. Not once. The 30-page document states at the outset that “these regulations do not address the content-related aspects of telecommunications” —an indirect reference to the Internet.

	Ultimately, it was a triumph of the US-led position even if 89 of the 144 eligible countries signed it. Most of the developed countries refused to sign it. Nor, unexpectedly, did India, and thereby hangs a curious tale. Officials who were privy to the negotiations told Down To Earth that India was all set to sign the new ITRs when its delegation got last-minute instructions from Delhi not to endorse them. “It was unexpected and a let-down for India and our global allies,” confesses an official of the Ministry of Communications & IT. “There was nothing in the final document that we had objections to.” According to the grapevine, Minister for Communications and Information Technology Kapil Sibal was facing pressure from two sides: the US Administration and domestically from civil society, Internet service providers and the private telecom players who had objected to India’s proposals on ITRs. The US is known to be keeping a close eye on what India decides to do on the new treaty which it can still ratify. In the Dubai treaty, the only ITR that does impinge on the Net is (Article 5B) on unsolicited bulk electronic communications or spam. But even here, what it merely states is that member-states should endeavour to take necessary measures to prevent the “propagation of unsolicited bulk electronic communications and minimize its impact on international telecommunication services.”

In many ways, what took place during the hectic days before and during the December 3-14 WCIT was in a broad sense a replay of the Cold War scenario of the good (freedom-loving countries) versus evil (authoritarian or autocratic regimes), although alliance may have shifted in the two blocs. What is clear is that a larger geopolitical fight is playing out with the Internet as disputed terrain. American analysts themselves have pointed out that the “US got most of what it wanted. But then it refused to sign the document and left in a huff.”

Even the innocuous Article 5A, which calls on members “to ensure the security and robustness of international telecommunication networks”, was interpreted by US delegation head Terry Kramer as a means that could be used by some governments to curb free speech!

As an outraged Saudi delegate said, “It is unacceptable that one party to the conference gets everything they want and everybody else must make concessions. And after having made many concessions, we are then asked to suppress the language which was agreed to. I think that that is dangerous. We are on a slippery slope.” The final outcome: all the contentious issues were relegated to resolutions, which have no legal basis.

Indeed, the US has managed to get its way on most issues: protecting the mammoth profits of its Internet companies and ensuring that control of the Internet address system, now done by a group based in the US, will not be shared with other ITU members. And, the likes of Google (2011 profit: $37.9 billion) and Facebook will not have to pay telecom companies for use of their networks to deliver content.

Challenges of securing cyberworld

E-commerce in India, where every tenth person is online, is on the rise—and, consequently, crime on the Internet. In 2011, the country’s nodal agency for handling cyber crime, Indian Computer Emergency Response Team, tackled 13,301 incidences of security breach. The incidents ran the gamut from website intrusions, phishing to network probing and virus attacks. Further, in 2009, 2010, 2011 and 2012 (until October), there were 201, 303, 308 and 294 cyber attacks respectively on sites owned by the Indian government. Most notably, hacker group Anonymous defaced the website of Union Minister of Communications and Information Technology, Kapil Sibal.

To beef up cyber security, the Union ministry plans to pump in Rs 45 crore in 2012-13. It also put up a draft cyber security policy for public comments in 2011. Currently, cases involving cyber security and crime are handled under the IT Act of 2000 (Amendment 2008) and the Indian Penal Code.

But will the government go about its business of securing the Net in a responsible manner? There is scepticism. Section 69 of the Act gives any government agency the right to “intercept, monitor or decrypt” information online. Chinmayi Arun, assistant professor of law at National Law University in Delhi, said at the Internet Governance Conference held at FICCI in October that crimes like defamation are not on the same page as cyber terrorism, and “we have to question whether they warranty invasion of privacy”. She added that the workings of the surveillance system has to be made more open to build public trust.

Pranesh Prakash, policy director at Centre for Internet and Society (CIS) in Bengaluru, draws attention to a fundamental flaw in the section. “Government is allowed to wire tap under the Telegraph Act, 1885. But the Act lays out specific guidelines for such an action. For example, you can only tap phones in the case of a ‘public emergency’ or ‘public safety’ situation. The IT Act does not put such limitations on interception of information,” he says.

Cyber security and ITU

A few months prior to the controversial World Conference on International Telecommunications in Dubai, countries, including Russia and Arab states, had proposed measures that would, through International Telecommunication Union (ITU), grant disproportional power to countries to control the Internet in the name of security measures. Several proposals, most notably those of India and Arab States, explicitly stated in the proposed Article 5A that countries should be able to “undertake appropriate measures, individually or in cooperation with other Member States” to tackle issues relating to “confidence and security of telecommunications/ICTs”. It raised alarm among civil society. US-based think tank Center for Democracy and Technology (CDT) said in its report dated September, 2012, that cyber security does not fall under the ambit of International Telecom Regulations, and some countries would misuse such privileges for “intrusive or repressive measures”.

The proposal by African member states recommended that nations should “harmonise their laws” on data retention. In other words, intermediaries would have to retain public data for a long period so that governments can access it whenever they please. With regard to this, CDT noted, “Not only do national laws on data retention vary greatly, but there is ongoing controversy about whether governments should impose data retention mandates at all.”

A clause in the Arab proposal on routing said, “A Member State has the right to know how its traffic is routed.” Currently, the way Internet works, senders and recipients do not know how data between their computers travels or is routed. However, enabling countries to have control over routing has its dangers. CDT notes, “(This) would simply not work and could fundamentally disrupt the operation of the Internet.” Internet traffic travels over an IP network. While travelling, it is fragmented into small packets. Packets generally take a different path across interconnected networks in many different countries before reaching the recipient’s computer. CDT notes providing routing information to countries would require “extensive network engineering changes, not only creating huge new costs, but also threatening the performance benefits and network efficiency of the current system”. Although routing was not part of India’s proposal, Ram Narain, deputy director general at the department of telecommunications, told Down To Earth it was one of the country’s concerns.

However, to civil society’s partial relief, such draconian cyber security clauses were not adopted in the new itr treaty. Two clauses added to the treaty, Article 5A and 5B, address some cyber security concerns. Titled “Security and robustness of networks”, Article 5A urges countries to “individually and collectively endeavour to ensure the security and robustness of international telecommunication networks”. Article 5B talks about keeping tabs on spam.

Prasanth Sugathan, senior advocate with Software Freedom Law Centre, an international network of lawyers, says while he would have preferred that the two clauses were kept out of the new treaty, they do not seem harmful. “They are a much toned down version of what Arab states and Russia had suggested,” he says.

This is one reason India, Brazil and other democracies from the developing world also want a change in ITRs. They want the Internet behemoths to pay for access to their markets so that such revenues can be used to build their own Internet infrastructure.

In the furious debate on keeping the Net free of international control even hawk-eyed civil society organisations prefer to ignore the monetary aspects of Net control. Some analysts believe that maintaining the status quo is not so much about protecting the values of the Internet as about safeguarding interests, both monetary and hegemonistic. Such an assessment may not be wide of the mark if one joins the dots. Google, says a Bloomberg report of December 10, “avoided about $2 billion in worldwide income taxes in 2011 by shifting $9.8 billion in revenues into a Bermuda shell company, almost double the total from three years before”. It also said that the French, Italian, British and Australian governments are probing Google’s tax avoidance in its borderless operations.

	What is clear, however, is that a number of countries for reasons springing from different motivations, appear determined to undermine America’s control of the outfits that now define how the Internet works. Although the US maintains that ICANN (Internet Corporation for Assigned Names and Numbers) is a private, non-profit corporation, it is overseen by the US Commerce Department. According to People’s Daily, what the US spouts about Net freedom is so much humbug. In an August 2012 report, the leading Chinese daily claimed the US “controls and owns all cyberspaces in the world, and other countries can only lease Internet addresses and domain names from the US, leading to American hegemonic monopoly over the world’s Internet”. It also highlighted a fact that has slipped below the radar. During the Iraq invasion, the US government asked ICANN to terminate services to Iraq’s top-level domain name “.iq” and thereafter all websites with the domain name “.iq” disappeared overnight. It charges the US with having “taken advantage of its control over the Internet to launch an invisible war against disobedient countries and to intimidate and threaten other countries”. While this may be true, the irony is that China, with its great firewall of censorship, is in no shape to position itself as a champion of freedom. Like other authoritarian countries, it will do everything to police the Net and control it.

The right of countries and peoples to access the Net was highlighted in Dubai when some African countries raised the issue of US control of the global Internet. Some of these, such as Sudan, have long been complaining about Washington’s sanctions that entail denial of Internet services. ITU officials point out that Resolution 69, first passed in the 2008 meeting, invoked again in 2010 and dusted off once again for the WCIT negotiations, invoked “human rights” to argue for “non-discriminatory access to modern telecom/ ICT facilities, services and applications”. Says Paul Conneally, head of Communications & Partnership Promotion at ITU, “The real target of these resolutions are US sanctions imposed on nations that are deemed bad actors. These sanctions mean that people in those countries—not just the government, mind you, but everyone, innocent and guilty alike—are denied access to Internet services such as Google, Sourceforge, domain name registrars such as GoDaddy, software and services from Oracle, Windows Live Messenger, etc.”

The catalogue of Sudan’s complaints shows at least 27 instances in 2012 when companies from Google to Microsoft and Paypal to Oracle cut off their services to the African country. This might explain why major companies would be opposed to the resolution on a right to access Internet services. Such a right would allow countries to use ITRs to compel them to provide services they might otherwise have preferred not to. But so far all such sanctions appear to have been a decision of the US Administration.

The problem of the digital divide, in fact, did not get the headlines it should have. Africa accounts for just 7 per cent of the 2.4 billion people who use the Net worldwide and penetration in the region is just 15.6 per cent of the population. Compare this with North America where over 78 per cent are linked to the digital world and Touré’s logic about the ITU’s mandate appears reasonable.

When Apple censors the drone war NETIZENS know that the Internet suffers from the depredations of government, hackers and viruses. But not many are aware that companies are as prone to taking legitimate stuff off the Net on the flimsiest grounds. In the case of Apple it could have been misplaced patriotism or plain business sense that prompted it to block an app which monitors drone strike locations in November last year. The App Store rejected the product, calling it “objectionable and crude”. Drones+ (see photo) is an application that simply adds a location to a map every time a drone strike is reported in the media and added to a database maintained by the UK’s Bureau of Investigative Journalism. Josh Begley, a graduate student at New York University, who developed the app, says it shows no visuals of war or classified information. All it does is to keep its users informed about when and where drone attacks are taking place in Pakistan and Afghanistan. “This is behavior I would expect of a company in a repressive country like China, not an iconic American company in the heart of Silicon Valley,” says a petition to the company CEO. Did Apple’s censorship have anything to do with the fact that it received huge contracts from the Pentagon? US legislators have joined the protests against Apple. The most brazen act of corporate censorship occurred in August 2012 with NASA’s livestream coverage of the Curiosity rover’s landing on Mars in the space agency’s $2.5 billion mission. A news agency, Scripps, coolly claimed as its own the public domain video posted on NASA’s official YouTube channel that documented the epic landing (see our opening visuals). “This video contains content from Scripps Local News, who has blocked it on copyright grounds. Sorry about that,” said a message on NASA’s blackened screen. So much for the strict US laws aimed at curbing online piracy!

Touré noted that the revised ITRs would see greater transparency in global roaming charges, lead to “more investment in broadband infrastructure” and help those with disabilities. But he was hopeful that the new treaty signed in Dubai would make it possible for the 4.5 billion people still offline to be connected. “When all these people come online, we hope they will have enough infrastructure and connectivity so that traffic will continue to flow freely,” Touré said.

But should ITU govern the Net? Not in its entirety, according to experts. For one, ITU until the Dubai meeting was far from being transparent and does not allow participation of civil society or other stakeholders in its negotiations unless they are part of the official delegation of the member-states. In fact, even critics of the current system, who think the system is lopsided and hypocritical, believe ITU needs to reform itself and confine to the carrier/infrastructure layer of the Internet. Nor should it get into laying down standards which is done by Internet Engineering Task Force (IETF) and the naming and numbering that is managed by ICANN.

But Conneally counters this by asking what would happen if the US decided to deny domain name root zone to Iran because of its bad human rights record. “Suppose it ordered Verisign to remove .IR from the DNS root and make it non-functional. Would we want ICANN/the Internet governance regime to be used as a political/strategic tool to reform Iran? What happens to global interoperability when the core infrastructure gets used in that way?”

Who then should ensure that the Internet is run in a free and open manner? Should it be the Internet Governance Forum (IGF)? But IGF is to be an open consultative forum that cannot by itself govern. It brings in participation for any or all Internet-related policy processes but it by itself was never supposed to do policy or governance.

Parminder Jeet Singh, executive director of ItforChange, says whoever governs is the government for that purpose. “This truism is significant in the present context, because there is an attempt by those who really control/ govern the Internet at present, largely through illegitimate and often surreptitious ways, to confuse issues around Internet governance in all ways possible, including through abuse of established language and political principles and concepts.”

ITforChange is a Bengaluru institution working on information society theory and practice, especially from the standpoint of equity, social justice and gender equality, and it is that perspective which informs Singh’s suggestions. “What we need are safeguards as, for instance, with media regulation. The Internet, of course, is much more than media. It is today one of the most important factors that can and will influence distribution of economic, social and political power. Without regulation it will always be that those who currently dominate it will take away the biggest pie.

Surveillance club

Eight Indian companies are among the 700 members of European Telecommunications Standards Institute. The group works with government and law enforcement agencies to integrate surveillance capabilities into communications infrastructure. It also hosts regular meetings on lawful interception

Wipro Technologies	Associate Service Providers
• HCL Technologies Limited	• Associate Consultancy for Co./Partnership
• Accenture Services Pvt Ltd	• Observers
• CEWiT	• Associate Research Body
• Saankhya Labs Pvt Ltd	• Associate Manufacturers
• Sasken Communication	• Associate Manufacturers
• Technologies
• SmartPlay Technologies	Associate Consultancy for Co./Partnership
• TEJAS NETWORKS LTD	• Associate Manufacturers

Other critics of the current system concede that bringing governments on board, especially authoritarian and statist powers which the digital world threatens, would give them perverse incentives to control it. But this threat should be met not by insisting that the Internet needs no governance or regulation, but by safeguards that ensure equitable access and benefits, Singh stresses.

While the jury is out on the question whether the new ITRs will make any material difference to the way, and if at all, the Net will come under added government oversight and intervention, developments elsewhere show that ITU is not the main threat to digital freedom.

The irony is that while cyber security is contentious in ITU, other international organisations, such as the UN Office on Drugs and Crime (UNODC) and a clutch of influential telecom industry associations, are pushing for surveillance programmes that ensure policing of a high order with sophisticated infrastructure to monitor online communications. A host of countries already have such systems in place and are pressuring countries like India to fall in line.

A UNODC report, titled ‘The use of the Internet for terrorist purposes’, has detailed how countries can and should use new technology for online surveillance—all in the name of anti-terrorism. The report discusses sensitive issues such as blocking websites and using spyware to bypass encryption and also urges countries to cooperate on an agreed framework for data retention.

At the same time, powerful industry bodies, such as ATIS (Alliance for Telecommunications Industry Solutions) and the European Telecommunications Standards Institute (ETSI), are reported to be working with government and law enforcement agencies to integrate surveillance capabilities into communications infrastructure, according to Future Tense, a project which looks at emerging technologies and how these affect society, policy and culture. It says India is under pressure from another industry organisation, the Telecommunications Industry Association (TIA), “to adopt global standards for surveillance”, calling on the country’s government to create a “centralized monitoring system” and “install state-of-the-art legal intercept equipment”.

TIA is a Washington-based trade group which brings together companies such as Nokia, Siemens Networks and Verizon Wireless, and is focused on issues related to electronic surveillance and is developing standards for intercepting VOIP and data retention alongside with ETSI and ATIS. At least seven Indian companies are members of ETSI, which is said to hold international meetings on data interception thrice a year.

Add to this chilling list the International Chamber of Commerce. It is reported to be seeking the establishment of surveillance centre hubs of several countries to help governments intercept communications and obtain data that is stored in cloud servers in foreign jurisdictions. Given this backdrop why are the US and its cohorts creating a ruckus on ITRs?

It would also mean that by focusing on ITRs and ITU as a major threat to Internet freedom civil society may be jousting at windmills.

Malice and freedom of speech

Two suits highlight the challenge of treading between the two

Among the many legal cases in India related to the use and misuse of the world wide web, two stand out for involving web giants and provoking sharp reaction. These are the cases registered in Delhi district courts in December 2011, objecting to chunks of content—portraying prominent political figures and religious places among others in a certain light—hosted on websites. One was filed by a Delhi journalist, Vinai Rai, requesting the court to press criminal charges against 21 web agencies, including Google, Facebook and Yahoo! India. The other, filed by a social activist, M A A Qasmi, was a civil suit requesting action against 22 web agencies. Both mentioned that the content on the websites was inflammatory, threat to national integrity, unacceptable, and created enmity, hatred and communal discord.

A year on, tangible impact has not been much. The number of accused in the civil case has come down to seven web agencies and in the criminal case the government is yet to issue summons to the companies concerned (see ‘The case so far’). However, these litigations are seen as landmarks in the recent history of the Internet and its interaction with societies and governments. The cases—especially off-the-record comments by the judiciary suggesting blanket ban and pre-screening of all content—provoked a debate on the freedom of expression and Indian cyber laws.

The case so far

JANUARY 13, 2012: Delhi High Court dismisses petition by Google and Facebook asking to be absolved of criminal charges filed in district court

JANUARY 20: High Court asks for reply from Delhi Police in response to plea by Yahoo! India challenging district court summons

FEBRUARY 16: Court refuses to stay proceedings against Facebook and Google but allows them to be represented by counsel

MARCH: Court dismisses criminal charges against Yahoo! India and Microsoft but says the charges can be revived if new evidence comes to light. Sets aside summons

Malicious content exists on the web and may even need to be taken down, but the laws used to remove malicious content can also be used to curb political speech, thus, infringing on the right to freedom of expression, says Prasanth Sugathan, senior advocate with Software Freedom Law Centre, an international network of lawyers.

Some like Pranesh Prakash of non-profit Centre for Internet and Society believe the IT Rules are at odds with the IT Act and give powers for censorship. He explains that the IT Act, 2000, provides for protection of intermediaries; web browsers, social networking sites and websites cannot be held responsible for what a third party publishes on their forums—“similar to the way in which we cannot sue a telephone agency or a post office for someone else making use of these platforms to harass or defame another person”. But the IT rules of 2011 watered down this protection.

Supreme Court advocate and cyber law expert Pavan Duggal explains how. The Act states once a complaint is made against certain content, the web agency hosting it must notify the person who put up the content, verify the content and judge whether it needs to be removed. But the rules state that once the web agency is notified it must remove the content within 36 hours or it could be prosecuted for not acting on the complaint. The rules have gone beyond the Act’s scope, especially vis-a-vis privacy and data protection, leaving no scope for hearing out the accused, he says.

The disjunct between the Act and the rules is being contested in various spheres, including Parliament. But there is a bright side too. Duggal believes the cases have brought pertinent issues, like free speech and privacy concerns, into the public domain. Ramanjeet Chima, policy adviser for Google, says freedom of expression is paramount for Google but the recognition of local sentiments is also being given equal weightage.

Senior advocate Sidharth Luthra, who was representing Facebook in the Delhi High Court, wonders whether the existing Indian laws are in tune with the ever-changing online world. Unwilling to comment on the case, he says the law is limited in its scope, while technology is not. Refusing to comment on the cases, the Google adviser emphasised the need to use the existing provisions of big web agencies to address grievances regarding content.

The Internet “is not the wild wild west”; all content, users and viewers can be traced, Duggal cautions. Since the Internet can impact political issues government is increasingly looking for ways to control it. “There is no ideal solution but it is evident that some monitoring and regulation are required, and in all parts of the world all regimes are in the process of addressing this,” he says.

For more details visit https://cis-india.org/news/down-to-earth-latha-jishnu-dinsa-sachan-moyna-january-15-2013-clash-of-the-cyber-worlds

CIS’ Comments to the Christchurch Call

Tanaya Rajwade, Elonnai Hickok, and Raouf Kundil Peedikayil — 2019-11-04T14:13:13Z

In the wake of the Christchurch terror attacks, the Prime Minister of New Zealand, Jacinda Ardern, and the President of France, Emmanuel Macron co-chaired the Christchurch Call to Action in May 2018 to “bring together countries and tech companies in an attempt to bring to an end the ability to use social media to organise and promote terrorism and violent extremism.”

Fifty one supporters, including India, and eight tech companies have jointly agreed to a set of non-binding commitments and ongoing collaboration to eliminate violent and extremist content online. Facebook, Microsoft, Twitter, Google, and Amazon are all among the online service provider signatories that released a joint statement welcoming the call and committing to a nine-point action plan.

The Call has been hailed by many as a step in the right direction, as it represents the first collaboration between governments and the private sector companies to combat the problem of extremist content online at this scale. However, the vagueness of the commitments outlined in the Call and some of the proposed mechanisms have raised concerns about the potential abuse of human rights by both governments and tech companies.

This response is divided into two parts - Part One examines the call through the lens of human rights, and Part Two thinks through the ways in which India can adhere to the commitments in the Call, and compares the current legal framework in India with the commitments outlined in the Call.

Click to read the comments here. The comments were prepared by Tanaya Rajwade, Elonnai Hickok, and Raouf Kundil Peedikayil and edited by Gurshabad Grover and Amber Sinha.

For more details visit https://cis-india.org/internet-governance/blog/tanaya-rajwade-elonnai-hickok-and-raouf-kundil-peedikayil-october-31-2019-comments-to-christchurch-call

CIS's Comments on the Draft Geospatial Information Regulation Bill, 2016

pranesh — 2016-06-05T15:06:09Z

The Centre for Internet and Society is alarmed by the Draft Geospatial Information Regulation Bill, 2016, and has recommended that the proposed law be withdrawn in its entirety. It offered the following detailed comments as its submission.

Comments on the Draft Geospatial Information Regulation Bill, 2016

by the Centre for Internet and Society

1. Preliminary

1.1. This submission presents comments and recommendations by the Centre for Internet and Society (“CIS”) on the draft Geospatial Information Regulation Bill, 2016 (“the draft bill” / “the proposed bill” / “the bill”).

2. Centre for Internet and Society

2.1. The Centre for Internet and Society is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from the perspectives of policy and academic research. The areas of focus include accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfiguration of social processes and structures through the internet and digital media technologies, and vice versa.

2.2. This submission is consistent with CIS’ commitment to safeguarding the public interest, and particularly the representing the interests of ordinary citizens and consumers. The comments in this submission aim to further the principles of people’s right to information regarding their own country, openness-by-default in governmental activities, freedom of speech and expression, and the various forms of public good that can emerge from greater availability of open (geospatial) data created by both public and private agencies, and the innovations made possible as a result.

3. Comments

3.1. General Remarks

3.1.1. While CIS welcomes the intentions of the government to prevent use of geospatial information to undermine national security, the proposed bill completely fails to do so, infringes upon Constitutional rights, harms innovation, undermines the national initiatives of Digital India and Startup India, is completely impractical and unworkable, and it will lead to a range of substantial harms if the government actually seeks to enforce it.

3.1.2. There are already laws in place that prevent the use of geospatial information to undermine national security. For instance, the Official Secrets Act, 1923 (“OSA”) already contains provisions — sections 3(2)(a), (b), and (c) — all of which would prevent a person from creating maps that undermine national security and would penalise their doing so. Section 5 of the OSA contains multiple provisions that penalise the possession and communication of maps that undermine “national security.” The penalties under the OSA range from imprisonment of up to 3 years all the way to imprisonment up to 14 years. Given this, there is absolutely no need to create yet another law to deal with maps that undermine “national security.” Indeed, it is the government’s stated policy to reduce the number of laws in India, whereas the proposed bill introduces a redundant new law that adds multiple layers of bureaucracy.

3.1.3. The National Mapping Policy, 2005, already puts in place restrictions on wrongful depictions of India’s international boundaries, and as we explain below in section 3.4 of this document, even the National Mapping Policy is over-broad. Even if the government wishes to provide statutory backing to the policy, it should be a very different law that is far more limited in scope, and restricts itself to criminalising those who misrepresent India’s international boundary with an intention to mislead people into thinking that that is the official boundary of India as recognised by the Survey of India. CIS would support a law of such limited scope and mandate, provided it has an appropriate penalty.

3.1.4. There would be much utility in a law that creates a duty on the Survey of India to make available, in the form of an open standard, an official electronic version of the maps that it creates, and expressly allows and encourages citizens and startups to reuse such official maps, however the Ministry of Home Affairs would not be the nodal ministry for such a law.

3.1.5. We recommend that the proposed law be scrapped in its entirety.

3.1.6. We additionally provide an alternative manner of reducing the harms caused by this bill, in our comments below. By no means should these further comments be seen as a repudiation of our above position, since we do not feel the proposed bill, even with the inclusion of all of our recommendations, would truly further its stated aims. All our below recommendations would do is to reduce the bill’s harmful, and often unintended, consequences.

3.2. Definition of “Geospatial Information” is over-broad, all- encompassing

3.2.1. The second part of the definition of “geospatial information” refers to all “graphic or digital data depicting natural or man-made physical features, phenomenon or boundaries of the earth or any information related thereto” that are “referenced to a co-ordinate system and having attributes.” (Section 2(1)(e)) As per the definition, this will include all geo-referenced information, and data, that is produced by everyday users as an integral part of various everyday uses of digital technologies. This will also include geo-referenced tweets and messages, location of public and private vehicles shared in the real-time with agencies tracking their location (from public transport authorities, to insurance agencies, etc.), location data of mobile phones collected and used by telecommunication service providers, location of mobile phones shared by the user with various kinds of service providers (from taxi companies to delivery agencies), etc.

3.2.2. We recommend that instead of regulating all kinds of geospatial information, and giving rise to a range of possible harms, the draft bill be revised to specifically address “sensitive geospatial information,” defined as geospatial information related to the “Prohibited Places” as defined in the Official Secrets Act 1923 (section 2(8)) which will allow the bill to effectively respond to its key stated concerns of ensuring “security, sovereignty and integrity of India.” Since the National Map Policy defines “Vulnerable Points” and “Vulnerable Areas” (para 3(b)) as the two main types of geospatial units associated with “Prohibited Places”, these terms should also be referred to in the revised version of the draft bill.

3.3. Unreasonable regulation of acquiring and end-use of geospatial information

3.3.1. Section 3 of the draft bill states that “[s]ave as otherwise provided in this Act, rules or regulations made thereunder, or with the general or special permission of the Security Vetting Authority, no person shall acquire geospatial imagery or data including value addition” and “[e]very person who has already acquired any geospatial imagery or data ... including value addition prior to coming of this Act into effect, shall within one year from the commencement of this Act, make an application alongwith requisite fees to the Security Vetting Authority.” This effectively makes it illegal to acquire and maintain ownership of geospatial information that has not been subjected to security vetting.

3.3.2. This draft bill doesn’t apply just to geospatial information that may undermine national security but covers all manners of geospatial information and modern geospatial technologies embedded in everyday digital devices and intimately connected to various electronic products and services, from cars to mobile phones, result in the creation and acquiring of various kinds of geo-referenced information, ranging from the geo-referenced photographs to locations shared with friends. Even ordinary users who are unknowingly looking at maps that contain sensitive geospatial information, which are illegal under the Official Secrets Act, are committing an illegal act under the draft bill, because the users temporarily acquires such sensitive geospatial information in her/his digital device, as part of the very act of browsing the map concerned. This clearly cannot be the intention of the bill. Thus we recommend deletion of the word “acquire.”

3.3.3. Further, the insertion of the phrase “including value addition” in both Section 3(1) and 3(2) appears to suggest that all users who have created derivative products using geospatial information that includes sensitive data (that is data related to Prohibited Places) may be held liable under this draft bill, even if these users have not themselves collected or created such sensitive geospatial information, which was part of the original geospatial information published by the source map agency. This too cannot be the intention of the bill. Thus, we recommend deletion of the phrase “including value addition.”

3.3.4. In the definition of the “Security Vetting of Geospatial Information” itself, it is mentioned that the process will include “screening of the credentials of the end-users and end-use applications, with the sole objective of protecting national security, sovereignty, safety and integrity.” (Section 2(1)(o)) This appears to indicate that all end-users of all electronic and analog services and products using geospatial information will have to be individually vetted before such services and products are used, which would cover a large proportion of the Indian population. This imposes an enormous and impractical burden on the Indian digital economy in particular, and the entire national economy in general, without improving national security. This too cannot be the intention of the draft bill. Thus, we recommend deletion of this phrase, and ensure that end users are not covered by the law.

3.3.5. Given these specific characteristics of how modern geospatial technologies work, and how they provide a basis for various kinds of everyday use of electronic products and services, we would like to submit that the regulatory focus should be on large-scale and/or commercial dissemination, publication, or distribution of geospatial information, and not on the acts of acquiring, possessing, sharing, and using geospatial information. Further, the regulation in general should be aimed at the party owning the geospatial information in question, and not at the parties involved in its dissemination (say, Internet Service Providers) or in its generation or use (say, end-users).

3.4. Removal of journalistic, political, artistic, creative, and speculative depictions of India from the scope of Section 6

3.4.1. Section 6 of the draft bill states that “[n]o person shall depict, disseminate, publish or distribute any wrong or false topographic information of India including international boundaries through internet platforms or online services or in any electronic or physical form.” Section 15 imposes a penalty for such wrong depiction of maps of India.

3.4.2. Depictions of India, which do not purport to accurately represent the international boundaries as recognised by the Indian government should not be penalised. For instance, a map published in a newspaper article about India’s border disputes that shows the incorrect claims that the Chinese government has made over Indian territory would also be penalised as “wrong or false topographic information of India”, since there is a clear intention to depict the boundary as claimed by China. Criminalising such journalism cannot be the legitimate intent of such a provision.

3.4.3. There are numerous instances which have been willfully depicting inaccurate and inauthentic maps of India with international borders for political ends. For instance, there are often depictions of India which show territories within present day Pakistan, Bangladesh, Bhutan, Nepal and Sri Lanka as part of an “Akhand Bharat.” Depictions of this sort should not be penalised. In doing so, would contradict the freedom of expression guaranteed under Article 19(1)(a) without being a reasonable restriction under Article 19(2).

3.4.4. Even depictions of India for purposes of speculative fiction would be penalised under this proposed bill unless they depict the official borders. This is clearly undesirable and would not be allowed as a reasonable restriction under Article 19(2).

*3.4.5.* Even geography students in schools and colleges who mis-draw the official map of India would be liable to penalties under the draft bill. This plainly, cannot be the intention of the drafters of this bill. The creator of a rough and inaccurate tourist map of an Indian city can also be identified as committing a criminal act under the proposed bill as she would be depicting “… wrong or false topographic information of India …”

3.4.6. In brief: Merely depicting, disseminating, publishing or distributing any “wrong or false topographic information of India” should not be penalised. unless a person publishes and widely circulates an incorrect map of India while claiming that that represents the official international boundaries of India, such should not be penalised.

3.4.7. CIS recommends that the bill should instead state: “No person shall depict, disseminate, publish, or distribute any topographic information purporting to accurately depict the international boundaries of India as recognised by the Survey of India unless he is authorised to do so by the Surveyor General of India; provided that usage by any person of the international boundaries as is electronically and in print made available by the Survey of India shall deemed to be usage that is authorised by the Surveyor General of India.”

3.5. Absence of Publicly Available and Openly Reusable Standardised National Boundary of India

3.5.1. Given the lack of an reusable versions of maps of India, including of India’s official boundary as recognised by the Survey of India, it becomes impossible for people to accurately depict the boundary of India. We recommend that the bill requires the Survey of India to publish all “Open Series Maps,”as defined in the National Mapping Policy, 2005, including maps depicting the official international and subnational political and administrative boundaries of India, using open geospatial standards and under an open licence allowing such geospatial data to be used by citizens and all companies.

3.6. Remove Requirement for Prior License for Acquire, Dissemination, Publication, or Distribution of Geospatial Information

3.6.1. Section 9 of the draft bill refers to “any person who wants to acquire, disseminate, publish, or distribute any geospatial information of India” (emphasis added), which can be interpreted as the need for a prior license before any person decides to acquire (including creation, collection, generation, and buying) geospatial information. This creates at least two problems:

modern digital geospatial technologies have enabled everyday digital devices (like smartphones) to instantaneously acquire, disseminate, publish, and distribute geospatial information all the time when the person holding that device is looking at online digital maps, say Google Maps, or sharing location with their friends, online platforms and services and service providers (both local and foreign); and
the requirement of prior license involves payment of a “requisite fees” to the Security Vetting Authority, which may act as an arbitrary (since the fee might be based upon the volume of geospatial information to be acquired that one may not know fully determine before acquiring) and effective barrier to acquiring, dissemination, publication, or distribution of geospatial information even if it does not violate the concerns of “security, sovereignty, and integrity” in any manner. This requirement also impedes competition in the market, because new entrants to the geospatial industry may not have enough upfront capital to procure licenses.

3.6.2. Further, the requirement of necessary prior license for acquiring geospatial information does not seem to be a crucial component of the security vetting process, since the geospatial information, once acquired by the agency concerned, is in any case directed to be shared with the Security Vetting Authority for undertaking necessary expunging of sensitive or incorrect information.

3.6.3. We recommend revision of this section so that no prior license and/or permission is required for collection, acquiring, distribution, and/or use of geospatial information; instead, a framework may be established for monitoring of published geospatial information for purposes of ensuring geospatial information pertaining to “Prohibited Places,” as defined under the Official Secrets Act, is not made available to the general public by any person or entity under Indian jurisdiction, including, for instance, Indian subsidiaries and branches of foreign corporations.. Such a framework must not address the end-user of such geospatial information, but its publishers.

3.7. Unenforceable jurisdictional scope

3.7.1. Section 5 of the draft bill states “[s]ave as otherwise provided in any international convention, treaty or agreement of which India is signatory or as provided in this Act, rules or regulations made thereunder, or with the general or special permission of the Security Vetting Authority, no person shall, in any manner, make use of, disseminate, publish or distribute any geospatial information of India, outside India, without prior permission from the Security Vetting Authority.”

3.7.2. In compliance with this section, domestic and foreign companies and platforms will be required to obtain permission from the Security Vetting Authority of India prior to publishing, distributing etc. geospatial information. Similarly in the preliminary, the draft bill holds in person who commits an offence beyond India under the scope of the bill. The bill is thus proposing extraterritorial applicability of its provisions, yet the extent and method of enforcement of the same on other jurisdictions are kept unclear.

3.8. Negative implications for rights of citizens

3.8.1. There are a number of sections in the draft bill which have negative implications for the rights of all users and potentially impinge on the constitutional rights of Indian citizens. These include:

a. Section 18(2) which empowers the Enforcement Authority to conduct a search without a judicial search order;

b. Section 17(3) which empowers the Enforcement Authority to conduct undefined surveillance and monitoring to enforce the Act;

c. Chapter (V) which penalises individuals with Rs. 1-100 Crores and/or seven years in prison for an offence under the act;

d. Section 22 which allows the government to take ownership of a person’s land if a financial penalty has not been paid;

e. Section 30(1) which holds, in the case of the offense being committed by a company, every person in charge of and responsible for the conduct of business of the company, guilty and liable.

3.9. Overly broad powers and responsibilities of the Apex Committee and Enforcement Authority, and lack of adequate oversight

3.9.1. Section 7(2) states that “[t]he Apex Committee shall do all such acts and deeds that may be necessary or otherwise desirable to achieve the objectives of the Act, including the following functions:...” The wording in this section is broad and open ended, and allows for the responsibilities of the Apex Committee to be expanded without clear oversight of such expansion.

3.9.2. Similarly, section 17 established an “Enforcement Authority” for the purpose of carrying out surveillance and monitoring for enforcement of the draft bill. The Authority has been given a number of powers including the power of inquiry, the power to adjudicate, and the power to give directions. These powers have direct implications on the rights of individuals, yet the Authority is not subject to oversight or accountability requirements.

3.9.3. We recommend that the powers and responsibilities of the Apex Committee and Enforcement Authority are narrowly defined in the draft bill itself, limited by the principle of necessity, and subject to independent oversight and accountability requirements.

3.10. Remove the Security Vetting Authority’s power of delegation

3.10.1. Section 8(3) allows the Security Vetting Authority to delegate to any constituent member of the Authority, other subordinate committee, or officer powers and functions as it may deem necessary except the power to grant a licence. In practice, this will allow security vetting to be done by another institution and risks potential involvement of private agencies and/or quasi-governmental bodies.

3.10.2. We recommend that the power of delegation should not be granted to the Security Vetting Authority.

3.11. Negative implications for innovation and India’s digital economy

3.11.1. Section 3 of the draft bill states “[s]ave as otherwise provided in this Act, rules or regulations made thereunder, or with the general or special permission of the Security Vetting Authority, no person shall acquire geospatial imagery or data including value addition of any part of India either through any space or aerial platforms such as satellite, aircrafts, airships, balloons, unmanned aerial vehicles or terrestrial vehicles, or any other means whatsoever”. This effectively ensures that each and every user of geospatial data, products, services, and solutions — since all of these either include or are derivatives of geospatial information — would require prior permission from the Security Vetting Authority. This will substantially affect the existing and emerging digital economy in particular, and the entire economy in general.

3.11.2. Further, Section 9 of the draft bill mandates that any person submitting an application for geospatial information to be vetted must pay a fee. As the provisions of the bill mandate that users approach the Security Vetting Authority for license to use geospatial information, this will impose an immense burden on all users of digital devices in and outside of India. CIS submits that imposition of this fee for security vetting be removed.

3.12. Disproportionate penalty for acquisition of geospatial information

3.12.1. Section 12 states that “[p]enalty for illegal acquisition of geospatial information of India.- Whoever acquires any geospatial information of India in contravention of section 3, shall be punished with a fine ranging from Rupees one crore to Rupees one hundred crore and/or imprisonment for a period upto seven years.” Seven years in prison is disproportionate to the offense of acquiring geospatial information without vetting by the authority concerned. This is particularly true given the broad and all-encompassing definition of “geospatial information” in the draft bill, and the fact that the bill applies to individuals and companies both within and outside of India.

3.13. Improper and inconsistent usage of terms in the draft bill

3.13.1. Section 4 of the draft bill regulates the visualization, publication, dissemination and distribution of geospatial information of India, while section 5 regulates use, dissemination, publication, and distribution of geospatial information outside of India. The definition of “visualization” remains unclear, and the act is only regulated in section 4. The section 6 of the draft bill uses the term ‘depict’, which is undefined as well. We submit that in this context terms are interchangeable, and the draft bill should either define them expressly to avoid ambiguity in interpretations, or consistently use only one throughout the draft bill.

3.13.2. Section 11 (3) of the draft bill requires licensees to “[d]isplay the insignia of the clearance of the Security Vetting Authority on the security-vetted geospatial information by appropriate means such as water-marking or licence as relevant, while disseminating or distributing of such geospatial information.” We observe that geospatial information includes graphical representation, location coordinates, inter alia. While the former may be represented visually on an “as is” basis after the completion of the vetting, the latter may be used to perform other complex functions at the “back-end” (i.e., vendor-facing side) in various technologies. Water-marking and/or displaying of insignia would place undue burden on the licensee, depending on the kind of platform, service, or individual.

3.14. Lack of reference to technical implementation guidance

3.14.1. The regulation, harmonisation, and standardisation of the collection, generation, dissemination etc. of geospatial information is a complex process that goes beyond a process of security vetting and that will require extensive technical implementation guidance from the government. At a minimum this could include quality assurance considerations and standard operating procedures, yet the draft bill makes no reference to the need for technical standards or guidance.

Comments prepared by Sumandro Chattapadhyay, Adya Garg, Pranesh Prakash, Anubha Sinha, and Elonnai Hickok. Submitted by the Centre for Internet and Society, on June 3, 2016.

For more details visit https://cis-india.org/internet-governance/blog/comments-draft-geospatial-information-regulation-bill-2016

CIS Welcomes Standing Committee Report on IT Rules

pranesh — 2013-04-03T10:54:52Z

The Centre for Internet and Society welcomes the report by the Standing Committee on Subordinate Legislation, in which it has lambasted the government and has recommended that the government amend the Rules it passed in April 2011 under section 79 of the Information Technology Act.

Click to read the Parliamentary Standing Committee Report on the IT Rules. A modified version was published in CiOL on March 27, 2013.

These rules have been noted by many, including CIS, Software Freedom Law Centre, and Society for Knowledge Commons, and many eminent lawyers, as being unconstitutional. The Standing Committee, noting this, has asked the government to make changes to the Rules to ensure that the fundamental rights to freedom of speech and privacy are safeguarded, and that the principles of natural justice are respected when a person’s freedom of speech or privacy are curtailed.

Ambiguous and Over-reaching Language

The Standing Committee has noted the inherent ambiguity of words like "blasphemy", "disparaging", etc., which are used in the Intermediary Guidelines Rules, and has pointed out that unclear language can lead to harassment of people as has happened with Section 66A of the IT Act, and can lead to legitimate speech being removed. Importantly, the Standing Committee recognizes that many categories of speech prohibited by the Intermediary Guidelines Rules are not prohibited by any statute, and hence cannot be prohibited by the government through these Rules. Accordingly, the Standing Committee has asked the government to ensure "no new category of crimes or offences is created" by these Rules.

Government Confused Whether Rules Are Mandatory or Advisory

The Standing Committee further notes that there is a discrepancy in the government’s stand that the Intermediary Guidelines Rules are not mandatory, and are only "of advisory nature and self-regulation", and that "it is not mandatory for the Intermediary to disable the information, the rule does not lead to any kind of censorship". The Standing Committee points out the flaw in this, and notes that the language used in the rules is mandatory language (“shall act” within 36 hours). Thus, it rightly notes that there is a "need for clarity on the aforesaid contradiction". Further, it also notes that there is "there should be safeguards to protect against any abuse", since this is a form of private censorship by intermediaries."

Evidence Needed Against Foreign Websites

The government has told the Standing Committee that "foreign websites repeatedly refused to honour our laws", however, it has not provided any proof for this assertion. The government should make public all evidence that foreign web services are refusing to honour Indian laws, and should encourage a public debate on how we should tackle this problem in light of the global nature of the Internet.

Cyber Cafes Rules Violate Citizens’ Privacy

The Standing Committee also pointed out that the Cyber Cafe Rules violated citizens’ right to privacy in requiring that "screens of the computers installed other than in partitions and cubicles should face open space of the cyber café". Unfortunately, the Standing Committee did not consider the privacy argument against retention of extensive and intrusive logs. Under the Cyber Cafe Rules, cyber cafes are required to retain (for a minimum of one year) extensive logs, including that of "history of websites accessed using computer resource at cyber café" in such a manner that each website accessed can be linked to a person. The Committee only considered the argument that this would impose financial burdens on small cybercafes, and rejected that argument. CIS wishes the Committee had examined the provision on log maintenance on grounds of privacy as well."

Government’s Half-Truths

In one response, the government notes that "rules under Section 79 in particular have undergone scrutiny by High Courts in the country. Based on the Rules, the courts have given reliefs to a number of individuals and organizations in the country. No provision of the Rules notified under Sections 43A and 79 of the IT Act, 2000 have been held ultra vires."

What the government says is a half-truth. So far, courts have not struck down any of the IT Rules. But that is because none of the High Court cases in which the vires of the Rules have been challenged has concluded. So it is disingenuous of the government to claim that the Rule have "undergone scrutiny by High Courts". And in those cases where relief has been granted under the Intermediary Guidelines, the cases have been ex-parte or have been cases where the vires of the Rules have not been challenged. The government, if it wants to defend the Rules, should point out to any case in which the vires of the Rules have been upheld. Not a single court till date has declared the Rules to be constitutional when that question was before it.

Lack of Representation of Stakeholders in Policy Formulation

Lastly, the Standing Committee noted that it is not clear whether the Cyber Regulatory Advisory Committee (CRAC), which is responsible for policy guidance on the IT Act, has "members representing the interests of principally affected or having special knowledge of the subject matter as expressly stipulated in Section 88(2) of the IT Act". This is a problem that we at CIS also noted in November 2012, when the CRAC was reconstituted after having been defunct for more than a decade.

CIS hopes that the government finally takes note of the view of legal experts, the Standing Committee on Delegated Legislation, the Parliamentary motion against the Rules, and numerous articles and editorials in the press, and withdraws the Intermediary Guidelines Rules and the Cyber Cafe Rules, and instead replaces them with rules that do not infringe our constitutional rights.

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness, and engages in academic research on digital natives and digital humanities. It was among the organizations that submitted evidence to the Standing Committee on Subordinate Legislation on the IT Rules.

For more details visit https://cis-india.org/internet-governance/blog/cis-welcomes-standing-committee-report-on-it-rules

CIS Submission to TRAI Consultation on Regulatory Framework for Over-the-Top Services

pranesh — 2016-03-25T17:59:56Z

For more details visit https://cis-india.org/internet-governance/resources/net-neutrality/2015-03-27_cis_trai-submission_regulation-OTTs

CIS Response to ICANN's proposed renewal of .org Registry

akriti — 2019-04-28T02:16:40Z

We thank ICANN for the opportunity to comment on this issue of its proposed renewal of the .org Registry Agreement with the operator, Public Interest Registry (PIR). Supporting much of the community , we too find severe issues with the proposed agreement. These centre around the removal of price caps and imposing obligations being currently deliberated in an ongoing Policy Development Process (PDP).

Presumption of Renewal

CIS has, in the past, questioned the need for a presumption of renewal in registry contracts and it is important to emphasize this within the context of this comment as well. We had, also, asked ICANN for their rationale on having such a practice with reference to their contract with Verisign to which they responded saying:

“Absent countervailing reasons, there is little public benefit, and some significant potential for disruption, in regular changes of a registry operator. In addition, a significant chance of losing the right to operate the registry after a short period creates adverse incentives to favor short term gain over long term investment.”

This logic can presumably be applied to the .org registry, as well, yet a re-auction of ,even, legacy top-level domains can only serve to further a fair market, promote competition and ensure that existing registries do not become complacent.

These views were supported in the course of the PDP on Contractual Conditions - Existing Registries in 2006 wherein competition was seen useful for better pricing, operational performance and contributions to registry infrastructure. It was also noted that most service industries incorporate a presumption of competition as opposed to one of renewal.

Download the file to access our full response.

For more details visit https://cis-india.org/internet-governance/blog/akriti-bopanna-april-28-2019-cis-response-to-icanns-proposed-renewal-of-org-registry

CIS Para-wise Comments on Intermediary Due Diligence Rules, 2011

pranesh — 2012-07-11T10:27:26Z

On February 7th 2011, the Department of Information Technology, MCIT published draft rules on its website (The Information Technology (Due diligence observed by intermediaries guidelines) Rules, 2011) in exercise of the powers conferred by Section 87(2)(zg), read with Section 79(2) of the Information Technology Act, 2000. Comments were invited from the public before February 25th 2011. Accordingly, Privacy India and Centre for Internet and Society, Bangalore have prepared the following para-wise comments for the Ministry’s consideration.

A. General Objections

A number of the provisions under these Rules have no nexus with their parent provision, namely s.79(2). Section 79(1) provides for exemption from liability for intermediaries. Section 79(2) thereupon states:

79. Intermediaries not to be liable in certain cases—

(2) The provisions of sub-section (1) shall apply if—

(a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hasted; or

(b) the intermediary does not—

(i) initiate the transmission,

(ii) select the receiver of the transmission, and

(iii) select or modify the information contained in the transmission;

(c) the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf.

Therefore, by not observing any of the provisions of the Rules, the intermediary opens itself up for liability for actions of its users. However, many of the provisions of the Rules have no rational nexus with due diligence to be observed by the intermediary to absolve itself from liability.

B. Specific Objections

Rule 2(b), (c), and (k)

(b) “Blog” means a type of website, usually maintained by an individual with regular entries of commentary, descriptions of events, or other material such as graphics or video. Usually blog is a shared on-line journal where users can post diary entries about their personal experiences and hobbies;

(c) “Blogger” means a person who keeps and updates a blog;

(k) “User” means any person including blogger who uses any computer resource for the purpose of sharing information, views or otherwise and includes other persons jointly participating in using the computer resource of intermediary

Comments

It is unclear why it is necessary to specifically target bloggers as users, leaving out other users such as blog commenters, social network users, microbloggers, podcasters, etc. It makes the rules technologically non-neutral.

Recommendation

We recommend that these 3 sub-rules be deleted.

Rule 3(2)

3. Due Diligence observed by intermediary.— The intermediary shall observe following due diligence while discharging its duties.

(2) The intermediary shall notify users of computer resource not to use, display, upload, modify, publish, transmit, update, share or store any information that : —

(a) belongs to another person;

(b) is harmful, threatening, abusive, harassing, blasphemous, objectionable, defamatory, vulgar, obscene, pornographic, paedophilic, libellous, invasive of another’s privacy, hateful, or racially, ethnically or otherwise objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever;

(c) harm minors in any way;

(d) infringes any patent, trademark, copyright or other proprietary rights;

(e) violates any law for the time being in force;

(f) discloses sensitive personal information of other person or to which the user does not have any right to;

(g) causes annoyance or inconvenience or deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature;

(h) impersonate another person;

(i) contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer resource;

(j) threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or or public order or causes incitement to the commission of any cognizable offence or prevents investigation of any offence or is insulting any other nation.

Comments

Firstly, such ‘standard’ terms of use [1] might make sense for one intermediary, but not for all. For instance, an intermediary such as site with user-generated content (e.g., Wikipedia) would need different terms of use from an intermediary such as an e-mail provider (e.g., Hotmail), because the kind of liability they accrue are different. This is similar to how the liability that a newspaper publisher accrues is different from that accrued by the post office. However, forcing standard terms of use negates this difference. Thus, these are impractical.

Secondly, read with the legal obligation of the intermediary to remove such information (contained in rule 3(3)), they vest an extraordinary power of censorship in the hands of the intermediary, which could easily lead to the stifling of the constitutionally guaranteed freedom of speech online. Analogous restrictions do not exist in other fields, e.g., against the press in India or against courier companies, and there is no justification to impose them on content posted online. Taken together, these provisions make it impossible to publish critical views about anything without the risk of being summarily censored.

Thirdly, while it is possible to apply Indian law to intermediaries, it is impracticable to require all intermediaries (whether in India or not) to have in their terms of use India-specific clauses such as rule 3(2)(j). Instead, it is better to merely require them to ask their users to follow all relevant laws.

Individual instances of how these rules are overly broad are contained in an appendix to this submission.

Recommendation

We strongly recommend the deletion of this sub-rule, except clause (e).

Rule 3(3)

(3) The intermediary shall not itself host or publish or edit or store any information or shall not initiate the transmission, select the receiver of transmission, and select or modify the information contained in the transmission as specified in sub-rule (2).

Comments

This sub-rule is ultra vires s.79 of the IT Act, which does not require intermediaries not to “host or publish or edit or store any information”. If fact, s.79(2) merely states that by violating the provisions of s.79(2), the intermediary loses the protection of s.79(1). It does not however make it unlawful to violate s.79(2), as rule 3(3) does. This makes rule 3(3) ultra vires the Act.

Recommendation

This sub-rule should be deleted.

Rule 3(4)

(4) The intermediary upon obtaining actual knowledge by itself or been brought to actual knowledge by an authority mandated under the law for the time being in force in writing or through email signed with electronic signature about any such information as mentioned in sub-rule (2) above, shall act expeditiously to work with user or owner of such information to remove access to such information that is claimed to be infringing or to be the subject of infringing activity. Further the intermediary shall inform the police about such information and preserve the records for 90 days

Comments

This rule is also ultra vires s.69A of the IT Act as well as the Constitution of India. Section 69A states all the grounds on which an intermediary may be required to restrict access to information [2]. It does not allow for expansion of those grounds, because it has been carefully worded to maintains its constitutional validity vis-a-vis Articles 19(1)(a) and 19(2) of the Constitution of India. The rules framed under s.69A prescribe an elaborate procedure before such censorship may be ordered. The rules under s.69A will be rendered nugatory if any person could get content removed or blocked under s.79(2).

This rule requires an intermediary to immediately take steps to remove access to information merely upon receiving a written request from “any authority mandated under the law”. Thus, for example, any authority can easily immunize itself from criticism on the internet by simply sending a written notice to the intermediary concerned. This is directly contrary to, and completely subverts the legislative intent expressed in Section 69B which lays down an elaborate procedure to be followed before any information can be lawfully blocked.

If any person is aggrieved by information posted online, they may seek their remedies—including the relief of injunction—from courts of law, under generally applicable civil and criminal law. Inserting a rule such as this one would take away the powers of the judiciary in India to define the line dividing permissible and impermissible speech, and vest it instead in the whims of each intermediary. This can only have a chilling effect on debates in the public domain (of which the Internet is a part) which is the foundation of any democracy.

Recommendation

This rule should modified so that an intermediary is obliged to take steps towards removal of content only when (a) backed by an order from a court or (b) a direction issued following the procedure prescribed by the rules framed under Section 69A.

Rule 3(5) & (7) & (8) & (10)

(5) The Intermediary shall inform its users that in case of non-compliance with terms of use of the services and privacy policy provided by the Intermediary, the Intermediary has the right to immediately terminate the access rights of the users to the site of Intermediary;

(7) The intermediary shall not disclose sensitive personal information;

(8) Disclosure of information by intermediary to any third party shall require prior permission or consent from the provider of such information, who has provided such information under lawful contract or otherwise;

(10) The information collected by the intermediary shall be used for the purpose for which it has been collected.

Comments

These sub-rules have no nexus with intermediary liability or non-liability under s.79(2). For instance, it is unreasonable to say that an intermediary may be held liable for the actions of its users if it does not inform its users about its right to terminate access by the user to its services. Furthermore, not all intermediaries need be websites, as sub-rule 5 assumes. An intermediary can even be an “internet service provider” or a “cyber cafe” or a “telecom service provider”, as per rule 2(j) read with s.2(1)(w) of the IT Act.

The requirements under sub-rules (7), (8), and (10) are rightfully the domain of s.43A and the rules made thereunder, and not s.79(2) nor these rules.

Recommendation

These sub-rules should be deleted, and sub-rules (7), (8), and (10) may placed instead in the rules made under s.43A.

Rule 3(9)

(9) Intermediary shall provide information to government agencies who are lawfully authorised for investigative, protective, cyber security or intelligence activity. The information shall be provided for the purpose of verification of identity, or for prevention, detection, investigation, prosecution, cyber security incidents and punishment of offences under any law for the time being in force, on a written request stating clearly the purpose of seeking such information.

Comments

This provision is ultra vires ss.69 and 69B. Rules have already been issued under ss.69 and 69B which stipulate the mechanism and procedure to be followed by the government for interception, monitoring or decrypting information in the hands of intermediaries. Thus under the Interception Rules 2009 framed under Section 69, permission must first be obtained from a “competent authority” before an intermediary can be directed to provide access to its records and facilities. The current rule completely removes the safeguards contained in s.69 and its rules, and would make intermediaries answerable to virtually any request from any government agency. This is contrary to the legislative intent expressed in Section 69.

Recommendation

We recommend this sub-rule be deleted.

Rule 3(12)

(12) The intermediary shall report cyber security incidents and also share cyber security incidents related information with the Indian Computer Emergency Response Team.

Comments

The rules relating to how and when the Indian Computer Emergency Response Team may request for information from intermediaries is rightfully the subject matter of s.70B(5) [3] and the rules made thereunder by virtue of the rule making power granted by s.87(2)(yd). The subject matter of rule 3(12) is not liability of intermediaries for third-party actions, hence there is no nexus between the rule-making power, and the rule.

Recommendations

We recommend that this sub-rule be deleted.

Rule 3(14)

(14) The intermediary shall publish on its website the designated agent to receive notification of claimed infringements.

Comments

It is unclear what “infringements” are being referred to in this sub-rule. Neither s.79 nor these rules provide for “infringements”. The same reasoning applied for rule 3(4) would also apply here. It would be better to require the intermediary to publish on its website a method of providing judicial notice.

Recommendations

Delete, and replace with a requirement for the intermediary to publish on its website a method of providing judicial notice.

Footnotes

For instance, the Section B(1) of the World of Warcraft Code of Conduct “When engaging in Chat, you may not: (i) Transmit or post any content or language which, in the sole and absolute discretion of Blizzard, is deemed to be offensive, including without limitation content or language that is unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, hateful, sexually explicit, or racially, ethnically or otherwise objectionable.
It is only “in the interest of sovereignty and integrity of India. defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above” that intermediaries may be issued directions to block access to information.
70B(5) sates that the The manner of performing functions and duties of the agency referred to in sub-section (1) shall be such as may be prescribed.

For more details visit https://cis-india.org/internet-governance/blog/intermediary-due-diligence

Chilling Effects and Frozen Words

Lawrence Liang — 2012-04-30T07:32:17Z

What if the real danger is not that we lose our freedom of speech and expression but our sense of humour as a nation? Lawrence Liang's op-ed was published in the Hindu on April 30, 2012.

While freedom of speech and expression is an individual right, its actualisation often relies on a vast infrastructure of intermediaries.

In the offline world, this includes newspapers, television channels, public auditoriums, etc. It is often assumed that the internet has created a more robust public sphere of speech by doing away with many structural barriers to free speech. But the fact of the matter is that even if the internet enables a shift from a ‘few to many' to a ‘many to many' model of communication, intermediaries continue to remain important players in facilitating free speech. Can one imagine free speech on the internet being the same without Twitter, social networks or Youtube?

One way of thinking of the infrastructure of communication is in terms of ecology, and in the ecology of speech — as in the environment — an adverse impact on any component threatens the well-being of all. The idea of cyberspace as a commons is a much cherished myth and in the early days of the internet we were perhaps given a glimpse into its utopian possibility. But we would be deluding ourselves if we believed that the problems that plague free speech in the offline world (including ownership of the avenues of speech) are absent in cyberspace. Recall in recent times that one of the most effective ways in which various governments retaliated to the leaking of official secrets on WikiLeaks was by freezing Julian Assange's PayPal account.

Direct & Indirect Controls

It may be useful to distinguish between direct controls on free speech and indirect or structural controls on free speech. India has had a long history of battling direct and indirect controls on free speech and with a few exceptions the interests of the press have often coincided with the interests of a robust public sphere of debate and criticism.

In the late 1950s and early 1960s, a number of large media houses battled restrictions imposed on the press by way of control of the number of pages of a newspaper, regulation of the size of advertisements and the price of imported newsprint. On the face of it, some of these restrictions may have seemed like commercial disputes but the Supreme Court rightly recognised that indirect controls could adversely impact the individual's right to express himself or herself as well as to receive information freely.

In the online context, there has also been a similar recognition of the role of intermediaries in providing platforms of speech and it is with this view in mind that a number of countries have incorporated safe harbour provisions in their information technology laws.

Section 79 of the Information Technology Act is one such safe harbour provision in India which provides that intermediaries shall not be liable for any third party action if they are able to prove that the offence or contravention was committed without their knowledge or that they had exercised due diligence to prevent the commission of such offence or contravention. But this safe harbour has effectively been undone with the passing of the Information Technology (Intermediaries guidelines) Rules, 2011.

The rules clarify what standard of due diligence has to be met by intermediaries and Sec. 3(2) of the rules obliges intermediaries to have rules and conditions of usage which ensure that users do not host, display, upload, modify, publish, transmit, update or share any information that is in contravention of the Section. This includes the all too familiar ones (defamatory, obscene, pornographic content) but also a whole host of new categories which could be invoked to restrict speech (“grossly harmful,” “blasphemous,” “harassing,” “hateful”).

As is well known, any restriction on speech in India has to comply with both the test of reasonableness under Article 19(2) of the Constitution, as well as ensuring that the grounds of censorship are located within 19(2). Even though there are laws regulating hate speech in India, blasphemy is not a category under Art. 19(2) and has hitherto not been a part of Indian law. Some of the other categories such as “grossly harmful” suggest the people who drafted the rules seem to have taken a constitutional nap at the drafting board.

Sec. 3(4) of the rules provides that any intermediary who receives a notice by an aggrieved person about any violation of sub rule (2) will have to act within 36 hours and where applicable will ensure that the information is disabled. In the event that it fails to act or to respond, the intermediary cannot claim exemption for liability under Sec. 70 of the IT Act. It is worth noting that most intermediaries receive from hundreds to thousands of requests from individuals on a daily basis asking for the removal of objectionable material. The Centre for Internet and Society conducted a “sting operation” to determine whether the criteria, procedure and safeguards for administration of the takedowns as prescribed by the Rules lead to a chilling effect on free expression.

In the course of the study, frivolous takedown notices were sent to seven intermediaries and their response to the notices was documented. Different policy factors were permuted in the takedown notices in order to understand at what points in the process of takedown, free expression is being chilled. The takedown notices which were sent by the researcher were intentionally defective as they did not establish how they were interested parties, did not specifically identify and discuss any individual URL on the websites, or present any cause of action, or suggest any legal injury. Of the seven intermediaries to which takedown notices were sent, six over-complied with the notices, despite the apparent flaws in them.

Caution

Even in cases where the intermediaries challenged the validity of the takedowns, they erred on the side of caution and took down the material. While a number of intermediaries would see themselves as allies in the fight against censorship, more often than not intermediaries are also large commercial organisations whose primary concern is the protection of their business interests. In the face of any potential legal threat, especially from the government, they prefer to err on the side of caution. The people whose content was removed were not told, nor was the general public informed that the content was removed.

The procedural flaws (subjective determination, absence of the right to be heard, the short response time) coupled with the vague grounds on which such takedowns can be claimed, clearly point to a highly flawed situation in which we will see many more trigger happy demands for offending materials to be taken down.

We have already slipped into a state of being a republic of over sensitivity where any politician, religious group or individual can claim their sentiments have been hurt or they have been portrayed disparagingly, as evidenced by the recent attack and subsequent arrest of Professor Ambikesh Mahapatra of Jadavpur University for posting cartoons lampooning Mamata Banerjee.

Nervous State

In the era of global outsourcing it was inevitable that the state censorship machinery would also learn a lesson or two from the global trends and what better way of ensuring censorship than outsourcing it to individuals and to corporations. The renowned anthropologist, Michael Taussig, once compared the state to a nervous system and it seems that the Intermediary rules live up to the expectations of a nervous state ever ready to respond to criticism and disparaging cartoons.

What if the real danger is not even that we lose our freedom of speech and expression but we lose our sense of humour as a nation?

The evident flaws of the rules have been acknowledged even by lawmakers, with P. Rajeeve, the CPI(M) M.P., introducing a motion for the annulment of the rules. The annulment motion is going to be debated in the coming weeks and one hopes that the parliamentarians will seriously reconsider the rules in their current form.

When faced with conundrums of the present it is always useful to turn to history and there is reason to believe that while censorship has a very respectable genealogy in Indian thought, it has also been accompanied in equal measure by a tradition of the right to offend.

In his delightful reading of the Arthashastra, Sibaji Bandyopadhay alerts us to the myriad restrictions that existed to control Kusilavas (the term for entertainers which included actors, dancers, singers, storytellers, minstrels and clowns). These regulations ranged from the regulation of their movement during monsoon to prohibitions placed on them, ensuring that they shall not “praise anyone excessively nor receive excessive presents”. While some of the regulations appear harsh and unwarranted, Bandyopadhay says that in contrast to Plato's Republic, which banished poets altogether from the ideal republic, the Arthashastra goes so far as to grant to Kusilavas what we could now call the right to offend. Verse 4.1.61 of the Arthashastra says, “In their performances, [the entertainers] may, if they so wish, make fun of the customs of regions, castes or families and the practices or love affairs (of individuals)”. One hopes that our lawmakers, even if they are averse to reading the Indian Constitution, will be slightly more open to the poetic licence granted by Kautilya.

Click for the original published in the Hindu on April 30, 2012. Lawrence Liang is a lawyer and researcher based at Alternative Law Forum, Bangalore. He can be contacted at lawrence@altlawforum.org

For more details visit https://cis-india.org/internet-governance/chilling-effects-frozen-words

Charting the Charter: Internet Rights and Principles Online

praskrishna — 2013-10-21T07:03:53Z

This workshop is being organised by IRP Coalition on October 22 in Bali Nusa Dua Convention Centre. Pranesh Prakash is participating as a panelist.

The Internet Governance Forum 2013 is being held at Bali from October 22 to 25. The overarching theme for the 2013 IGF meeting is: "Building Bridges"- Enhancing Multistakeholder Cooperation for Growth and Sustainable Development".

Read the original published on the IGF website

Theme: Human Rights / Freedom of Expression on the Internet

Since the Charter of Internet Rights and Principles was developed dialogue about diverse internet related human rights issues have emerged in various UN human rights mechanisms e.g. racism/racial discrimination, human rights defenders, women's human rights, freedom of association, business and human rights, protection of cultural heritage. The workshop will map the issues under discussion in the UNHRC against those in the Charter of Human Rights and Principles for the Internet (‘IRP Charter’) and explore multistakeholder perspectives and best practice examples of adherence to the Charter and human rights standards from diverse regions.

The focus is on progress, opportunities and challenges to monitor and advocate for the IRP Charter provisions particularly for marginalised groups e.g. rural and indigenous peoples, disabled people, urban poor as the second part of the two workshops put forward by the IRP Coalition and partners. Wider questions that the workshop looks to cover include: How are understandings about the interrelationship of internet governance and human rights standards developing at the Human Rights Council? Aside from freedom of expression and the right to Privacy, what other human rights are important in relation to the internet? How can the Charter be used to broaden the engagement of the Human Rights Council in internet governance issues? How does the work of the HRC inform the Charter, and other internet policy documents and mechanisms?

Since the 2009 IGF, the Internet Rights and Principles Coalition has organised a range of workshops and Coalition meetings looking at the application of human rights standards (primarily those espoused in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights and the International Covenant on Economic, Social and Cultural Rights) to the Internet. In 2010 the previous draft of the IRP Charter (http://internetrightsandprinciples.org/site/charter/) was launched with a rigorous discussion about what correct interpretation of existing standards is and the role of different stakeholders in relation to these.

In 2011 the IRP Charter was distilled down to 10 key advocacy points, the Ten Internet Rights and Principles (http://internetrightsandprinciples.org/site/campaign/). These were debated as the Coalition undertook a closer analysis of the issue of copyright protection and how it interrelated with human rights on the internet. In 2012 the Coalition looked at how the Charter was feeding in to a derivative initiative at the Council of Europe to create a user-friendly Compendium of rights of internet users. The Coalition made a close analysis of the issue of anonymity online. This year we want to focus on human rights which, while contained in the Charter, have not received high levels of attention. We also want to loop in the work of Coalition members working on human rights, women’s rights, social, cultural and economic rights as well as the recent work of the Human Rights Council (which is the most authoritative global body applying human rights to the Internet) to incorporating human rights as an integral part of the internet governance field.

Has the proponent organised a workshop with a similar subject during past IGF meetings?
Yes

Indication of how the workshop will build on but go beyond the outcomes previously reached
The IRP Coalition launched the IRP Charter and Ten Principles in 2010/2011 (www.internetrightsandprinciples.org). These launches started a vigorous and productive chain of discussions and outreach initiatives in and around IGF Meetings. These were followed up in 2011 and 2012 with IGF workshops that focused in specific issues such as copyright, access as a right, and existing rights of internet users. This year we focus on human rights which, while contained in the Charter, have not received high levels of attention. We also want to loop in the work of Coalition members working on human rights, women’s rights, social, cultural and economic rights as well as the recent work of the Human Rights Council (which is the most authoritative global body applying human rights to the Internet) to incorporating human rights as an integral part of the internet governance field. Recent events underscore that the moment has come to ground human rights principles in internet governance practice as this affects everyday life, work, and government.

Background Paper

Download Background Paper

Session Type: Roundtable

Co-organisers

Ms. Dixie Hawtin, Global Partners and Associates, Private Sector, Western Europe and Others Group - WEOG
Ms. Joy Liddicoat, Association for Progressive Communications, Civil Society, New Zealand, Asia-Pacific Group
Ms. Marianne Franklin, Goldsmiths (University of London, UK)/ IRP Coalition), Civil Society, United Kingdom, Western Europe and Others Group - WEOG

Have the Proponent or any of the co-organisers organised an IGF workshop before?
Yes

The link(s) to the workshop report(s)

Panelists

Please click on the biography to view the profile of the panelists:

Joy Liddicoat, Association for Progressive Communications, Female, Civil Society, New Zealand, Western Europe and Others Group – WEOG
Biography
Frank La Rue, United Nations, Male, Civil Society, Guatemala, Latin American and Caribbean Group - Grulac
Asif Kabani, Ministry of Finance, Male, Government, Pakistan, Asia-Pacific Group
Biography
Carl Fredrik Wettermark, Ministry of Foreign Affairs, Male, Government, Sweden, Western Europe and Others Group – WEOG
Biography
Marianne Franklin, (IRP Coalition/Goldsmiths (University of London, UK), Female, Civil Society, New Zealand, Asia-Pacific Group
Biography
Pranesh Prakash, Centre for Internet and Society, Male, Civil Society, India, Asia-Pacific Group
Biography
Cornelia Kutterer, Microsoft, Female, Private Sector, BELGIUM, Western Europe and Others Group – WEOG
Biography
Michael Rotert, eco-German Internet Industry, Male, Technical Community, Germany, Western Europe and Others Group – WEOG
Biography

Moderator

Dixie Hawtin, Global Partners and Associates

Remote Moderator

Rebecca Zausmer, Global Partners and Associates

Agenda

This round table session explores the opportunities and challenges for upholding human rights standards on the internet using the IRP Charter of Human Rights and Principles for the Internet (http://internetrightsandprinciples.org/site/charter/). In tandem with the session on Disabilities and Indigenous rights this session aims to:

Address a number of human rights – moving beyond freedom of expression and privacy - to consider the IRP Charter provisions for socio-economic rights, education, women’s rights and rights of the visually impaired in the online environment.
Provide an assessment of the implementation of human rights standards on the internet o date.
Feed recommendations in to the IRP Coalition initiative to create a final version of the IRP Charter (in terms of substance, process, and uses of the document in practice)

The session will start by focusing on a selection of concrete examples (such as, the PRISM revelations, the Marrakesh Treaty on exceptions and limitations to copyright for the blind, racial discrimination, education rights online) before opening to a wider discussion. It brings together diverse perspectives on the relationship between human rights and internet policy, where the human rights movement needs to engage more or more effectively, and how the IRP Charter should be developed to assist this process. The outcomes of the workshop will feed into the IRP Coalition Meeting, ‘Towards the IRP Charter 2.0’.

Inclusiveness of the Session

Panellists will make short initial statements of up to 3 minutes, each will be tasked with a particular perspective to bring and enable several rounds of the table. It will also allow ample time for audience questions and comments. The audience will be invited to ask questions, and to answer questions which the moderators will pose to the floor.

Suitability for Remote Participation

Both the IRP and the APC have a good track record of marketing their workshops across a range of email lists, websites and social media to ensure that potential remote participants know about the workshop and can participate. Remote participants will be engaged by the remote moderator who will pose questions to them and facilitate an active remote conversation alongside the conversation in situ– making links between the two wherever possible.

Questions or Comments

Please note that Mr Frank La Rue has been invited. As his office needs some time to respond we have included his name as an unconfirmed participant for the time being.

Also a note on the number of participants:
As this is a roundtable, open discussion format there are more than five speakers in order to generate the range and depth needed for this sort of interactive and dynamic discussion. The IRP Coalition has taken the lead in instigating these sorts of discussion formats in multistakeholder meetings such as the UNESCO WSIS+10 event and the Lisbon EuroDIG. The session moderator is experienced for this format and the participants aware that long speeches are not required.

For more details visit https://cis-india.org/news/igf-2013-workshop-99-charting-the-charter-internet-rights-and-principles-online

Centre blocks 32 websites for security reasons, restores some later

praskrishna — 2015-01-02T14:13:03Z

The Centre on Wednesday asked Internet Service Providers (ISP) to block 32 websites citing national security concerns, especially from terror group ISIS.

The article by S. Ronendra Singh was published in the Hindu Businessline on December 31, 2014. Pranesh Prakash gave his inputs.

The move created a flutter on social networking sites, as most of the Web sites, such as archive.org, vimeo.com, github.com, pastebin.com, codepad.org and paste2.org, were being used by global communities like application developers for free movies and books, coders and text sharing.

By late evening, some sites were restored.

Sources in the Ministry of Telecommunications and Information Technology confirmed the development and told BusinessLine: “It was based on some national security issues, and we cannot compromise with our nation’s security….”

A senior official from the Department of Telecommunications (DoT) said the directive had come from a Mumbai court after the Maharashtra Anti-Terrorism Squad (ATS) had approached it to block some Web sites carrying anti-India content.

The matter came to light after a circular, purportedly sent by DoT to ISPs, showed up on social networking sites, listing the sites, along with some screen shots. Incidentally, the said circular had edited out the letter head, date and the signature below. The ruling Bharatiya Janata Party’s IT cell head, Arvind Gupta, tweeted saying ‘the Web sites that have been blocked were based on an advisory by the Anti-Terrorism Squad, and were carrying anti-India content from ISIS’.

However, later in the evening, Gupta, in his tweet said, some of the Web sites such as vimeo.com have been restored because they have removed ‘objectionable content and/or cooperated with the on going investigations’.

However, the blocked Web sites raised a furore in the social media wherein people said the Government should amend the laws than do such things.

“The problem isn’t just about the specific sites that are blocked; the problem is always about the bad law + process relating to #GoIBlocks,” Pranesh Prakash, Policy Director at Centre for Internet and Society tweeted. He said the 69A Rules (of the IT Act 2000) does not allow for transparency, accountability and time-limits on blocks, so it is easily misused by the Government, the courts and individuals.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-businessline-december-31-2015-s-ronendra-singh-

Censorship makes India fall two places on global internet freedom chart

praskrishna — 2012-09-27T10:37:47Z

A recently released global report on the internet freedom rated India 39th in 2012, a slip from two places last year.

The article by Dilnaz Boga was published in DNA on September 27, 2012.

The report titled, Freedom on the net 2012 (FOTN): A global assessment of internet and digital media by Freedom House, a Washington-based monitoring group conducted a comprehensive study of internet freedom in 47 countries.

Quoting Bangalore-based Centre for Internet and Society, the report said 309 specific items (URLs, Twitter accounts, img tags, blog posts, blogs, and a handful of websites) have been blocked by the government. But officially, the government has admitted to blocking 245 web pages for inflammatory content hosting of provocative content.

Ketan Tanna, India analyst for Freedom House told DNA, “A reflection of the downward spiral in the freedom on the net that Indians enjoy is evident in the upward revision of scores for India in the FOTN 2012 report. India was one of the only 4 of the 20 countries that “recently experienced declines” and are democracies. The other three are Mexico, Turkey and South Korea.”

Internet usage in India continues to increase, with tens of millions of new users getting online each year. According to the International Telecommunications Union, internet penetration was 10% — or about 120 million people at the end of 2011. Among internet users, 90 million were ‘active,’ accessing it at least once a month (70 million urban and 20 million rural).

The report has mentioned that in India, “amid several court cases regarding intermediaries’ responsibility for hosting illegal content, much evidence has surfaced that intermediaries are taking down content without fully evaluating or challenging the legality of the request”.

Citing an example, Tanna said in December 2011, the website Cartoons against Corruption was suspended by its hosting company after a complaint filed with the Mumbai police alleged that the site’s cartoons ridiculed parliament and national emblems. “As a result of such dynamics, large swaths of online content are disappearing, and the losses are far more difficult to reverse than the mere blocking of a website,” he added.

More common than website blocking is the removal of content based on judicial orders, government directives, and citizen complaints. This phenomenon that has increased in recent years and in some cases, targeted content on political, social, and religious topics, the report said.

The Indian authorities had submitted 68 removal requests covering 358 items between January and June 2011. According to Google, 255 items related to what it categorised as “government criticism,” while 39 involved defamation and 8 pertained to hate speech.

In January, responding to a freedom of information request, the home ministry reported that the government orders 7,500 to 9,000 phone interceptions per month, the report disclosed. Criticising this practice and the government’s disregard for the Constitution, the data revealed, “Established guidelines regulate the ability of state officials to intercept communications, but India lacks an appropriate legal framework and procedures to ensure proper oversight of Intelligence agencies’ growing surveillance and interception capabilities, opening the possibility of misuse and unconstitutional invasion of citizens’ privacy.”

As another method of controlling speech and activism online, governments have imposed temporary shutdowns of the internet or mobile phone networks during protests or other sensitive times. Localised internet shutdowns and mobile phone shutdowns occurred in India due to security concerns, the report said.

For more details visit https://cis-india.org/news/dna-india-sep-27-2012-dilnaz-boga-censorship-makes-india-fall-two-places-on-global-internet-freedom-chart

Censorship — A Death Knell for Freedom of Expression Online

praskrishna — 2011-12-19T10:12:46Z

On December 8, 2011, NDTV aired an interesting discussion on internet censorship. Shashi Tharoor, Soli Sorabjee, Shekhar Kapoor, Ken Ghosh and Sunil Abraham participated in this discussion with NDTV's Sonia Singh.

Sunil said that we need to reflect upon the limitations of freedom of expression which was listed out by Soli Sorabjee and then ask the question whether they are the same limitations in the IT Act. If one reads section 66A, one comes to the conclusion that the IT Act places many additional limitations on the freedom of expression (annoying speech, speech harmful to minors, inconvenient speech) and these are limitations that don’t have existing definitions either in the IT Act or any other statute or case laws.

Sunil further said that through section 79 which is the intermediary liability regime, the government places together a private censorship regime. We did some research at CIS. We sent fraudulent take down notices to seven large international and national intermediaries and through our empirical research we can demonstrate that these intermediaries over-comply with these fraudulent take down notices. So there is already (since the amended IT Act and the notification of the Rules in April this year) a huge chilling effect on the internet thanks to post facto censorship and what the minister is now calling for is preemptive or pro-active censorship which is really going to be the death knell for freedom of expression online.

VIDEO

For more details visit https://cis-india.org/news/internet-censorship

Can India Trust Its Government on Privacy?

pranesh — 2013-07-15T10:35:33Z

In response to criticisms of the Centralized Monitoring System, India’s new surveillance program, the government could contend that merely having the capability to engage in mass surveillance won’t mean that it will. Officials will argue that they will still abide by the law and will ensure that each instance of interception will be authorized.

Pranesh Prakash's article was published in the New York Times on July 11, 2013.

In fact, they will argue that the program, known as C.M.S., will better safeguard citizens’ privacy: it will cut out the telecommunications companies, which can be sources of privacy leaks; it will ensure that each interception request is tracked and the recorded content duly destroyed within six months as is required under the law; and it will enable quicker interception, which will save more lives. But there are a host of reasons why the citizens of India should be skeptical of those official claims.

Cutting out telecoms will not help protect citizens from electronic snooping since these companies still have the requisite infrastructure to conduct surveillance. As long as the infrastructure exists, telecom employees will misuse it. In a 2010 report, the journalist M.A. Arun noted that “alarmingly, this correspondent also came across several instances of service providers’ employees accessing personal communication of subscribers without authorization.” Some years back, K.K. Paul, a top Delhi Police officer and now the Governor of Meghalaya, drafted a memo in which he noted mobile operators’ complaints that private individuals were misusing police contacts to tap phone calls of “opponents in trade or estranged spouses.”

India does not need to have centralized interception facilities to have centralized tracking of interception requests. To prevent unauthorized access to communications content that has been intercepted, at all points of time, the files should be encrypted using public key infrastructure. Mechanisms also exist to securely allow a chain of custody to be tracked, and to ensure the timely destruction of intercepted material after six months, as required by the law. Such technological means need to be made mandatory to prevent unauthorized access, rather than centralizing all interception capabilities.

At the moment, interception orders are given by the federal Home Secretary of India and by state home secretaries without adequate consideration. Every month at the federal level 7,000 to 9,000 phone taps are authorized or re-authorized. Even if it took just three minutes to evaluate each case, it would take 15 hours each day (without any weekends or holidays) to go through 9,000 requests. The numbers in Indian states could be worse, but one can’t be certain as statistics on surveillance across India are not available. It indicates bureaucratic callousness and indifference toward following the procedure laid down in the Telegraph Act.

In a 1975 case, the Supreme Court held that an “economic emergency” may not amount to a “public emergency.” Yet we find that of the nine central government agencies empowered to conduct interception in India, according to press reports — Central Board of Direct Taxes, Intelligence Bureau, Central Bureau of Investigation, Narcotics Control Bureau, Directorate of Revenue Intelligence, Enforcement Directorate, Research & Analysis Wing, National Investigation Agency and the Defense Intelligence Agency — three are exclusively dedicated to economic offenses.

Suspicion of tax evasion cannot legally justify a wiretap, which is why the government said it had believed that Nira Radia, a corporate lobbyist, was a spy when it defended putting a wiretap on her phone in 2008 and 2009. A 2011 report by the cabinet secretary pointed out that economic offenses might not be counted as “public emergencies,” and that the Central Board of Direct Taxes should not be empowered to intercept communications. Yet the tax department continues to be on the list of agencies empowered to conduct interceptions.

India has arrived at a scary juncture, where the multiple departments of the Indian government don’t even trust each other. India’s Department of Information Technology recently complained to the National Security Advisor that the National Technical Research Organization had hacked into National Informatics Center infrastructure and extracted sensitive data connected to various ministries. The National Technical Research Organization denied it had hacked into the servers but said hundreds of e-mail accounts of top government officials were compromised in 2012, including those of “the home secretary, the naval attaché to Tehran, several Indian missions abroad, top investigators of the Central Bureau of Investigation and the armed forces,” The Mint newspaper reported. Such incidents aggravate the fear that the Indian government might not be willing and able to protect the enormous amounts of information it is about to collect through the C.M.S.

Simply put, government entities have engaged in unofficial and illegal surveillance, and the C.M.S. is not likely to change this. In a 2010 article in Outlook, the journalist Saikat Datta described how various central and state intelligence organizations across India are illegally using off-the-air interception devices. “These systems are frequently deployed in Muslim-dominated areas of cities like Delhi, Lucknow and Hyderabad,” Mr. Datta wrote. “The systems, mounted inside cars, are sent on ‘fishing expeditions,’ randomly tuning into conversations of citizens in a bid to track down terrorists.”

The National Technical Research Organization, which is not even on the list of entities authorized to conduct interception, is one of the largest surveillance organizations in India. The Mint reported last year that the organization’s surveillance devices, “contrary to norms, were deployed more often in the national capital than in border areas” and that under new standard operating procedures issued in early 2012, the organization can only intercept signals at the international borders. The organization runs multiple facilities in Mumbai, Bangalore, Delhi, Hyderabad, Lucknow and Kolkata, in which monumental amounts of Internet traffic are captured. In Mumbai, all the traffic passing through the undersea cables there is captured, Mr. Datta found.

In the western state of Gujarat, a recent investigation by Amitabh Pathak, the director general of police, revealed that in a period of less than six months, more than 90,000 requests were made for call detail records, including for the phones of senior police and civil service officers. This high a number could not possibly have been generated from criminal investigations alone. Again, these do not seem to have led to any criminal charges against any of the people whose records were obtained. The information seems to have been collected for purposes other than national security.

India is struggling to keep track of the location of its proliferating interception devices. More than 73,000 devices to intercept mobile phone calls have been imported into India since 2005. In 2011, the federal government asked various state governments, private corporations, the army and intelligence agencies to surrender these to the government, noting that usage of any such equipment for surveillance was illegal. We don’t know how many devices were actually turned in.

These kinds of violations of privacy can have very dangerous consequences. According to the former Intelligence Bureau head in the western state of Gujarat, R.B. Sreekumar, the call records of a mobile number used by Haren Pandya, the former Gujarat home minister, were used to confirm that it was he who had provided secret testimony to the Citizens’ Tribunal, which was conducting an independent investigation of the 2002 sectarian riots in the state. Mr. Pandya was murdered in 2003.

The limited efforts to make India’s intelligence agencies more accountable have gone nowhere. In 2012, the Planning Commission of India formed a group of experts under Justice A.P. Shah, a retired Chief Justice of the Delhi High Court, to look into existing projects of the government and to suggest principles to guide a privacy law in light of international experience. (Centre for Internet and Society, where I work was part of the group). However, the government has yet to introduce a bill to protect citizens’ privacy, even though the governmental and private sector violations of Indian citizens’ privacy is growing at an alarming rate.

In February, after frequent calls by privacy activists and lawyers for greater accountability and parliamentary oversight of intelligence agencies, the Centre for Public Interest Litigation filed a case in the Supreme Court. This would, one hopes, lead to reform.

Citizens must also demand that a strong Privacy Act be enacted. In 1991, the leak of a Central Bureau of Investigation report titled “Tapping of Politicians’ Phones” prompted the rights groups, People’s Union of Civil Liberties to file a writ petition, which eventually led to a Supreme Court of India ruling that recognized the right to privacy of communications for all citizens as part of the fundamental rights of freedom of speech and of life and personal liberty. However, through the 2008 amendments to the Information Technology Act, the IT Rules framed in 2011 and the telecom licenses, the government has greatly weakened the right to privacy as recognized by the Supreme Court. The damage must be undone through a strong privacy law that safeguards the privacy of Indian citizens against both the state and corporations. The law should not only provide legal procedures, but also ensure that the government should not employ technologies that erode legal procedures.

A strong privacy law should provide strong grounds on which to hold the National Security Advisor’s mass surveillance of Indians (over 12.1 billion pieces of intelligence in one month) as unlawful. The law should ensure that Parliament, and Indian citizens, are regularly provided information on the scale of surveillance across India, and the convictions resulting from that surveillance. Individuals whose communications metadata or content is monitored or intercepted should be told about it after the passage of a reasonable amount of time. After all, the data should only be gathered if it is to charge a person of committing a crime. If such charges are not being brought, the person should be told of the incursion into his or her privacy.

The privacy law should ensure that all surveillance follows the following principles: legitimacy (is the surveillance for a legitimate, democratic purpose?), necessity (is this necessary to further that purpose? does a less invasive means exist?), proportionality and harm minimization (is this the minimum level of intrusion into privacy?), specificity (is this surveillance order limited to a specific case?) transparency (is this intrusion into privacy recorded and also eventually revealed to the data subject?), purpose limitation (is the data collected only used for the stated purpose?), and independent oversight (is the surveillance reported to a legislative committee or a privacy commissioner, and are statistics kept on surveillance conducted and criminal prosecution filings?). Constitutional courts such as the Supreme Court of India or the High Courts in the Indian states should make such determinations. Citizens should have a right to civil and criminal remedies for violations of surveillance laws.

Indian citizens should also take greater care of their own privacy and safeguard the security of their communications. The solution is to minimize usage of mobile phones and to use anonymizing technologies and end-to-end encryption while communicating on the Internet. Free and open-source software like OpenPGP can make e-mails secure. Technologies like off-the-record messaging used in apps like ChatSecure and Pidgin chat conversations, TextSecure for text messages, HTTPS Everywhere and Virtual Private Networks can prevent Internet service providers from being able to snoop, and make Internet communications anonymous.

Indian government, and especially our intelligence agencies, violate Indian citizens’ privacy without legal authority on a routine basis. It is time India stops itself from sleepwalking into a surveillance state.

For more details visit https://cis-india.org/internet-governance/blog/new-york-times-july-11-2013-can-india-trust-its-government-on-piracy