Centre for Internet and Society

CIS Funding 2008 - 2018

pranesh — 2018-07-07T01:17:05Z

For more details visit https://cis-india.org/internet-governance/files/cis-funding-2008-2018.xlsx

Comments on Technical Standards for Interoperability Framework for E-Governance in India (Phase II)

pranesh — 2012-02-29T09:44:07Z

The e-Governance Standards Division has called for public comments on the draft of the Technical Standards IFEG Phase II. We from the Centre for Internet and Society have given our comments.

The present document is — as the draft IFEG Phase I document was — an excellent step in the right direction, following very ably the policy guidelines laid down in the National Policy on Open Standards for e-Governance.

The Expert Committee and other contributors have made excellent choices as to the 29 standards that have been laid down in this phase of the IFEG. It is praiseworthy that the majority of these (20) are designated as mandatory, and only nine are designated as interim standards. Furthermore, the system has been quite transparent with the selection of standards, providing concise descriptions for each.

That said, the document could be improved by providing greater detail for those standards which are said to violate the National Open Standards Policy. In the current document, every interim standard is said to violate “clause 2”, rather than providing the more specific details (sub-clause, one-line explanation) about the violation.

It is unfortunate that yet again accessibility-related standards have been passed over in the presentation and archival domain.

As we have mentioned in earlier feedback, many other governmental interoperability frameworks are going beyond merely listing technical standards. Some governments, such as Germany and the EU, go beyond technical interoperability, and also have documents dealing with organizational, informational, and legal interoperability. These are equally important components of an interoperability framework. Other governments also also lay down best practice guides, and other aids to implementation, sometimes even including application recommendations. Further, there are many which lay out standards for the the semantic layer, business services layer, etc.

We at the Centre for Internet and Society are currently advising the government of Iraq on development of their e-Governance Interoperability Framework, and would be glad to extend any support that the Department of IT may require of us, including comments on all further phases.

Section-specific Comments

Section 5.2.8

It is unclear whether by IEEE 802.11-2007, the base version is being referred to or the amended version, since IEEE 802.11-2007 has been amended by IEEE 802.11n-2009 to include the IEEE 802.11n standard. As IEEE 802.11n has also become an established standard, it is suggested that section 5.2.28 make it clear that the amended standard is being referred to.

Section 5.2.13

It is recommended that IMAP v4rev1 (IETF RFC 3501, updated by RFCs 4466, 4469, 4551, 5032, 5182, 5738, 6186, supplemented by RFCs 2177, 4550) be used instead of POP3 (IETF RFC 1939). It is critical that governmental messages be preserved on government servers, and should not simply be downloaded and then deleted as is the default with POP3 implementations. IMAP allows for downloading and offline access to mails as well. Any deletion on the server from the client would be recorded in the server logs, hence allowing for transparency. Given this, and the more advanced features available in IMAP, it should be preferred to POP3. In other government interoperability frameworks where an e-mail access protocol is specified, including those of Germany, Malaysia, and Hong Kong, IMAP is provided as a standard and never is POP3 provided as the sole standard.

Section 5.2.15

SAML 2.0 is a standard for exchanging authentication and authorization data between security domains, and is not a ‘Wireless LAN Authentication’ standard. Indeed, section 5.2.8 (IEEE 802.11-2007) talks about ‘Wireless LAN Security’.

Section 5.2.23

WML v1.3, as noted, is a declining standard that is deprecated due to the recommendation by W3C of XHTML Basic v1.1. If it is at all included, it should be included not as “Mandatory – Watchlist”, but as “Additional Standard”, as it is a direct competitor to XHTML Basic v1.1.

For more details visit https://cis-india.org/openness/interoperability-framework-for-e-governance

Response to TRAI Consultation Paper on Regulatory Framework for Over-the-Top (OTT) Services

pranesh — 2015-05-09T11:27:15Z

The Centre for Internet and Society (CIS) sent a joint response to the TRAI Consultation Paper on Regulatory Framework for Over-the-top (OTT) Services with scholars from Indian Institute of Management, Ahmedabad. The response was sent on March 27, 2015.

Executive Summary

The principle objective of net neutrality is that “all the Internet traffic has to be treated equally without any discrimination”; but this has had different interpretations over varied contexts. While the discourse in India has often treated net neutrality as a singular policy construct, we break down net neutrality to its various components. We then individually contextualise each component to the unique characteristics of the Indian telecommunications industry such as dependence on wireless internet access, the fragmented and non-contiguous distribution of spectrum, high competition between TEL-SPs and low digital literacy. The evolving nature of markets and networks are also considered while taking into account various public policy perspectives.

In this submission, we also argue for the need to introduce reasonable regulatory parity between functionally equivalent communications services provided by OTT-SPs and TEL-SPs. We compare the regulations for OTT-SPs under the Information Technology Act 2000 (as amended) with the regulations for TEL-SPs under the Telegraph Act 1885 (as amended), the license agreements (UL, UASL, ISP-L) and TRAI Regulations. Based on an analysis of the current laws and regulations, we suggest how TRAI needs to intervene to create this regulatory parity (for example in areas such as privacy, spam/UCC, interception etc.).

Through the above analysis, we recommend an overall regulatory framework that should be adopted by the Government. The framework takes a nuanced approach to various components of net neutrality, contextualised to India, and also attempts to bring reasonable regulatory parity. Instead of compartmentalising TEL-SPs and OTT-SPs as two distinct actors, the recommended framework considers a two-layered approach which recognises that there is an overlap between TEL-SPs and OTT-SPs. The first layer comprises of network and infrastructure (collectively called the network layer) and the second layer comprises of services and applications (collectively called the service layer).

The framework further divides the service layer into “Non-IP Services”, “Specialised Services” and “Internet Based Services”. The concept of “Specialised Services”, which is borrowed from the European Union, refers to traditional services that have migrated to an IP architecture such as facilities-based VoIP calls to PSTN and IPTV, and are either logically distinct from the Internet or have special needs which the “best efforts” delivery of the general Internet cannot satisfy. This concept helps in applying different evaluation criteria to functionally equivalent “Non-IP Services”, “Specialised Services” and “Internet Based Services”. In the framework, “Specialised Services” are also recognised as an exception to net neutrality. The concept of “Specialised Services” also helps to create an incentive for continued investment in underlying infrastructure by TEL-SPs.

This framework has helped us to bring a more balanced approach from the perspective of both TEL-SPs and OTT-SPs, while also taking into account technological convergence. It has also helped us to bring a more nuanced approach to various issues comprising net neutrality such as zero rating, paid prioritisation etc. We have considered best practices from different international regimes and the pros and cons during implementation in order to determine the exceptions and boundaries of net neutrality that should be adopted in India.

Download the full text of the Response

For more details visit https://cis-india.org/telecom/blog/joint-response-to-trai-consultation-paper-on-regulatory-framework-for-over-the-top-services

Definition of Net Neutrality should be flexible: Pranesh Prakash

pranesh — 2015-06-19T01:43:04Z

Critics argue that Facebook’s Internet.org violates the principle of Net Neutrality.

The article by Sanjay Vijaykumar was published in the Hindu on May 10, 2015. Pranesh Prakash is extensively quoted.

The definition of Net Neutrality should be flexible enough to allow for experimentation with different models of providing cheaper Internet access and such experimentation needs to be regulated by the telecom regulator, Telecom and Regulatory Authority of India (TRAI) according to Internet expert Pranesh Prakash.

Mr. Prakash was reacting to the business model of Boston-based start-up Jana, which said it had figured out a way to offer billions of people in the emerging world free access to the Internet, without violating the web’s open nature. The firm has launched Jana Loyalty, a product that seeks to reward its smartphone users in two ways. One, it reimburses users the cost of downloading and using an app of Jana’s clients. Two, it gives free additional data with which the user can access any content online.

“While Jana is like Internet.org, since it is Internet service-specific zero-rating, Jana Loyalty is what my colleague Sunil Abraham dubs a ‘leaky walled garden’. The walled garden (site-specific access) exists, but you also get free access to the whole of the Web in return. Given that there is no one universal definition of Net Neutrality, and given India currently doesn’t have a definition, I can’t answer if this is a violation of Net Neutrality,” said Mr. Prakash, who is Policy Director at The Centre for Internet and Society (CIS), a Bangalore-based, non-profit, research and policy advocacy.

Facebook’s attempts to provide a limited version of the Internet free has been attracting criticism from supporters of Net Neutrality, especially in India. Critics argue that Facebook’s Internet.org, which offers users free access to a bouquet of pre-selected Web sites, violates the principle of Net Neutrality by choosing what is accessible and what isn’t. Facebook has reacted to this by opening up Internet.org to all developers who meet its guidelines. Mr. Prakash said the definition of Net Neturality should be flexible enough to allow for experimentation with different models of providing cheaper Internet access, including Jana Loyalty.

“However, such experimentation ought to be regulated by the telecom regulator. To minimise harm, they should be allowed on a case-by-case basis after the regulator has had an opportunity to conduct risk-benefit analysis against four goals it should seek to promote — universal and affordable access; effective competition; protection of consumers against harm; and diversity that arises from the openness and interconnectedness of the Internet,” he added.

Net neutrality is a principle that says Internet Service Providers (ISPs) should treat all traffic and content on their networks equally.

Why now?

Late last month, Trai released a draft consultation paper seeking views from the industry and the general public on the need for regulations for over-the-top (OTT) players such as Whatsapp, Skype, Viber etc, security concerns and net neutrality. The objective of this consultation paper, the regulator said, was to analyse the implications of the growth of OTTs and consider whether or not changes were required in the current regulatory framework.

What is an OTT?

OTT or over-the-top refers to applications and services which are accessible over the internet and ride on operators' networks offering internet access services. The best known examples of OTT are Skype, Viber, WhatsApp, e-commerce sites, Ola, Facebook messenger. The OTTs are not bound by any regulations. The Trai is of the view that the lack of regulations poses a threat to security and there’s a need for government’s intervention to ensure a level playing field in terms of regulatory compliance.

For more details visit https://cis-india.org/internet-governance/news/the-hindu-sanjay-vijaykumar-may-10-2015-pranesh-prakash-on-definition-of-net-neutrality

India launches crackdown on online porn

pranesh — 2015-08-05T01:21:12Z

India has launched a crackdown on internet pornography, banning access to more than 800 adult websites, including Playboy and Pornhub.

The article by James Crabtree published in Financial Times on August 3, 2015 quotes Pranesh Prakash.

The restrictions followed a ruling from India’s telecoms ministry ordering internet service providers, including international telecoms groups operating in the country such as the UK’s Vodafone, to block 857 such sites.

Prime Minister Narendra Modi’s government provided no public justification for the unexpected ban when it came into effect at the weekend. However, on Monday India’s telecoms ministry said that the order, issued under India’s Information Technology Act, had been prompted by comments made by a supreme court judge during a hearing in July.

The ministry said that the restrictions were temporary and did not amount to a “blanket” ban, arguing that internet users running virtual private networks, which can be used to access blocked sites, could still view the material. “It isn’t that they are being banned lock, stock and barrel,” the ministry said. “The justice noted that free and open access to these websites.... should be controlled, but these sites will continue to be available through the mechanism of a VPN.”

The crackdown is set to raise fresh concerns about sudden and sweeping legal restrictions in India, after the introduction of a ban on the sale of beef earlier this year in the western state of Maharashtra, a move that was supported by Mr Modi’s government. The ruling also drew criticism from legal experts following broader concerns about a recent rise in poorly-targeted internet rules, including some restrictions on global social media sites such as Facebook and Twitter.

Pranesh Prakash of the Bangalore-based Centre for Internet and Society think-tank questioned the basis of the ruling, describing it as a further example of a “clumsy” approach to online regulation.

“There is no proper justification that they have given for banning all porn, rather than child porn or revenge porn or something like that,” he said. “The reaction is heavy handed, and has been done under the cloak of secrecy.” The remarks by a judge cited by India’s government as a rationale for the ban were a comment made in court rather than a legal ruling, Mr Prakash added, casting further doubt on the basis for the restrictions.

India’s mix of strict regulation and conservative public morals mean explicit sexual content is almost unheard of in mainstream media, where Bollywood films seldom featuring more than a chaste on-screen embrace.However India’s fast-growing internet population of about 300m is now both the world’s second largest after China, and an increasingly important sources for traffic for global pornographic websites.

Pornhub, which is the world’s 66th most visited website according to ranking service Alexa, said Indians were the fourth largest national users of its content during 2014.

For more details visit https://cis-india.org/internet-governance/news/financial-times-james-crabtree-august-3-2015-india-launches-crackdown-on-online-porn

Global Censorship: Shifting Modes, Persisting Paradigms

pranesh — 2015-08-14T11:22:11Z

'Global Censorship: Shifting Modes, Persisting Paradigms' is a book edited by Pranesh Prakash, Nagla Rizk, and Carlos Affonso Souza, and published by the Access to Knowledge Global Academy as part of its Access to Knowledge Research Series.

For more details visit https://cis-india.org/a2k/a2kga-global-censorship

Clearing Misconceptions: What the DoT Panel Report on Net Neutrality Says (and Doesn't)

pranesh — 2015-07-21T12:36:26Z

There have been many misconceptions about what the DoT Panel Report on Net Neutrality says: the most popular ones being that they have recommended higher charges for services like WhatsApp and Viber, and that the report is an anti-Net neutrality report masquerading as a pro-Net neutrality report. Pranesh Prakash clears up these and other incorrect notions about the report in this brief analysis.

Background of the DoT panel

In January 2015, the Department of Telecommunication (DoT) formed a panel to look into "net neutrality from public policy objective, its advantages and limitations," as well the impact of a "regulated telecom services sector and unregulated content and applications sector". After spending a few months collecting both oral and written testimony from a number of players in this debate, and analysing it, on July 16 that panel submitted its report to the DoT and released it to the public for comments (till August 15, 2015). At the same time, independently, the Telecom Regulatory Authority of India (TRAI) is also considering the same set of issues. TRAI received more than a million responses in response to its consultation paper — the most TRAI has ever received on any topic — the vast majority of of them thanks in part to the great work of the Save the Internet campaign. TRAI is yet to submit its recommendations to the DoT. Once those recommendations are in, the DoT will have to take its call on how to go ahead with these two sets of issues: regulation of certain Internet-based communications services, and net neutrality.

Summary of the DoT panel report

The DoT panel had the tough job of synthesising the feedback from dozens of people and organizations. In this, they have done an acceptable job. Although, in multiple places, the panel has wrongly summarised the opinions of the "civil society" deponents: I was one of the deponents on the day that civil society actors presented their oral submissions, so I know. For instance, the panel report notes in 4.2.9.c that "According to civil society, competing applications like voice OTT services were eroding revenues of the government and the TSPs, creating security and privacy concerns, causing direct as well as indirect losses." I do not recall that being the main thrust of any civil society participant's submission before the panel. That having been said, one might still legitimately claim that none of these or other mistakes (which include errors like "emergency" instead of "emergence", "Tim Burners Lee" instead of "Tim Berners-Lee", etc.) are such that they have radically altered the report's analysis or recommendations.

The report makes some very important points that are worth noting, which can be broken into two broad headings:

On governmental regulation of OTTs

Internet-based (i.e., over-the-top, or "OTT") communications services (like WhatsApp, Viber, and the like) are currently taking advantage of "regulatory arbitrage": meaning that the regulations that apply to non-IP communications services and IP communications services are different. Under the current "unified licence" regime, WhatsApp, Viber, and other such services don't have to get a licence from the government, don't have to abide by anti-spam Do-Not-Disturb regulations, do not have to share any part of their revenue with the government, do not have to abide by national security terms in the licence, and in general are treated differently from other telecom services. The report wishes to bring these within a licensing regime.
The report distinguishes between Internet-based voice calls (voice over IP, or VoIP) and messaging services, and doesn't wish to interfere with the latter. It also distinguishes between domestic and international VoIP calls, and believes only the former need regulation. It is unclear on what bases these distinctions are made.
OTT "application services" do not need special telecom-oriented regulation.
There should a separation in regulatory terms between the network layer and the service layer. While this doesn't mean much in the short-term for Net neutrality, it will be very important in the long-term for ICT regulation, and is very welcome.

On Net neutrality

The core principles of Net neutrality — which are undefined in the report, though definitions proposed in submissions they've received are quoted — should be adhered to. In the long-run, these should find place in a new law, but for the time being they can be enforced through the licence agreement between the DoT and telecom providers.
On the contentious issue of zero-rating, a process that involves both ex-ante and ex-post regulation is envisaged to prevent harmful zero-rating, while allowing beneficial zero-rating. Further, the report notes that the supposed altruistic or "public interest" motives of the zero-rating scheme do not matter if they result in harm to competition, distort consumer markets, violate the core tenets of Net neutrality, or unduly benefit an Internet "gatekeeper".

Where does the DoT panel report go wrong?

The proposal by the DoT panel of a licensing regime for VoIP services is a terrible idea. It would presumptively hold all licence non-holders to be unlawful, and that should not be the case. While it is in India's national interest to want to hold VoIP services to account if they do not follow legitimate regulations, it is far better to do this through ex-post regulations rather than an ex-ante licensing scheme. A licensing scheme would benefit Indian VoIP companies (including services like Hike, which Airtel has invested in) over foreign companies like Viber. The report also doesn't say how one would distinguish between OTT communication services and OTT application services, when many apps such as food ordering apps, including text chat facilities. Further, VoIP need not be provided by a company: I run my own XMPP servers, which is a protocol used for both text and video/voice. Will a licensing regime force me to become a licence-holder or will it set a high bar? The DoT panel report doesn't say. Will there be a revenue-sharing mechanism, as is currently the case under the Unified Licence? If so, how will it be calculated in case of services like WhatsApp? These questions too find no answer in the report. All in all, this part of the report's analysis is found to be sadly wanting.
Many important terms are left undefined, and many distinctions that the report draws are left unexplained. For instance, it is unclear on what regulatory basis the report distinguishes between domestic and international VoIP calls — which is an unenforceable (not to mention regulatorily unimportant) distinction — or between regulation of messaging services and VoIP services, or what precisely they mean by "application-agnostic" and "application-specific" network management (since different scholars on this issue mean different things when they say "application").

What does the DoT panel report mean for consumers?

Not too much currently, since the DoT panel report is still just a set of recommendations by an expert body based on (invited) public consultations.
Does it uphold Net neutrality? The DoT panel report is clear that they strongly endorse the "core principles of Net neutrality". On the issue of "zero-rating", the panel proposes some sound measures, saying that there should be a two-part mechanism for ensuring that harmful zero-rating doesn't go through: First, telecom services need to submit zero-rating tariff proposals to an expert body constituted by DoT; and second consumers will be able to complain about the harmful usage of zero-rating by any service provider, which may result in a fine. What constitutes harm / violation of Net neutrality? The panel suggests that any tariff scheme that may harm competition, distorts the consumer market, or violates the core principles of Net neutrality is harmful. This makes sense.
Will it increase cost of access to WhatsApp and Viber? Well, one the one hand, zero-rating of those services could decrease the cost of access to WhatsApp and Viber, but that might not be allowed if the DoT panel recommendations are accepted, since that would possibly be judged to harm competition and distort the consumer markets. The DoT panel has also recommended bringing such services within a licensing framework to bridge the "regulatory arbitrage" that they are able benefit from (meaning that these services don't have to abide by many regulations that a telecom provider has to follow). Whether this will lead to WhatsApp and similar services charging depends on what kinds of regulations are placed on them, and if any costs are imposed on them. If the government decides to take the approach they took to ISPs in the late 90s (essentially, charging them Re. 1 as the licence fee), doesn't impose any revenue sharing (as they currently require of all telecom services), etc., then there needn't be any overly burdensome costs that WhatsApp-like services will need to pass on to consumers.

What misunderstandings do people have?

There are multiple news reports that the DoT panel has recommended increased charges for domestic VoIP calls, or that ISPs will now be able to double-charge. Both of these are untrue. The DoT panel's recommendations are about "regulatory arbitrage" and licensing, which need not be related to cost.
There is a fear that the exception from net neutrality of "managed services and enterprise services" is a "loophole", or that exceptions for "emergency services" and "desirable public or government services" are too vague and carry the potential of misuse. If one goes by the examples that the panel cites of managed services (e.g., services an ISP provides for a private company separately from the rest of the Internet, etc.), these fear seems largely misplaced. We must also realize the the panel report is a report, and not legislation, and the rationale for wanting exemptions from Net neutrality are clear.
The DoT panel has given the go-ahead for zero-rating. Once again, this is untrue. The panel cites instances of zero-rating that aren't discriminatory, violative of Net neutrality and don't harm competition or distort consumer markets (such as zero-rating of all Internet traffic for a limited time period). Then it goes on to state that the regulator should not allow zero-rating that violates the core principles of Net neutrality.

What's missing in the Net neutrality debate is nuance. It's become a debate in which you are either for Net neutrality or against it. However, none of the underlying components of Net neutrality — a complex mix of competition policy, innovation policy, the right to freedom of expression, etc. — are absolutes; therefore, it is clear that Net neutrality cannot be an absolute either.

For more details visit https://cis-india.org/internet-governance/blog/clearing-misconceptions-dot-panel-net-neutrality

The Online Video Environment in India: A Survey Report

pranesh — 2010-12-21T07:31:30Z

Report on online for the Open Video Alliance, Centre for Internet and Society, and iCommons by Siddharth Chadha, Ben Moskowitz and Pranesh Prakash.

For more details visit https://cis-india.org/openness/publications/content-access/online-video-india-survey-v1

ALF's Position Paper on Draft Patent Manual

admin — 2008-09-21T14:40:56Z

ALF's draft position paper on the draft patent manual.

For more details visit https://cis-india.org/openness/publications/software-patents/ALF%20Position%20Paper%20Draft%20Patent%20Manual.pdf

Representation by Knowledge Commons

admin — 2008-09-21T14:40:57Z

Representation by Knowledge Commons to the Patent Office.

For more details visit https://cis-india.org/openness/publications/software-patents/Representation%20by%20Knowledge%20Commons.pdf

Open Government Data Study: India

pranesh — 2011-08-23T02:43:49Z

For more details visit https://cis-india.org/openness/publications/open_data_india_final.pdf

Draft Report on Open Government Data in India (v2)

pranesh — 2011-08-23T02:47:22Z

For more details visit https://cis-india.org/openness/publications/ogd-draft-v2

Section 79 of the Information Technology Act

pranesh — 2012-11-19T14:55:02Z

79. INTERMEDIARIES NOT TO BE LIABLE IN CERTAIN CASES

(1) Notwithstanding anything contained in any law for the time being in force but subject to the provisions of sub-sections (2) and (3), an intermediary shall not be liable for any third party information, data, or communication link made available or hasted by him.

(2) The provisions of sub-section (1) shall apply if—

(a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hasted; or

(b) the intermediary does not—

(i) initiate the transmission,

(ii) select the receiver of the transmission, and

(iii) select or modify the information contained in the transmission;

(c) the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf.

(3) The provisions of sub-section (1) shall not apply if—

(a) the intermediary has conspired or abetted or aided or induced, whether by threats or promise or othorise in the commission of the unlawful act;

(b) upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.

Explanation.—For the purposes of this section, the expression “third party information” means any information dealt with by an intermediary in his capacity as an intermediary.

For more details visit https://cis-india.org/internet-governance/resources/section-79-information-technology-act

Information Technology (Intermediaries Guidelines) Rules, 2011

pranesh — 2012-01-26T17:33:38Z

The Information Technology (Intermediaries Guidelines) Rules, 2011, as notified on April 11, 2011. All errors are in the original notification.

THE GAZETTE OF INDIA : EXTRAORDINARY
[ PART II-SEC. 3(i)]
NOTIFICATION
New Delhi, the 11th April, 2011

G.S.R. 314(E).— In exercise of the powers conferred by clause (zg) of subsection (2) of section 87 read with sub-section (2) of section 79 of the Information Technology Act, 2000 (21 of 2000), the Central Government hereby makes the following rules, namely.-

1. Short title and commencement —

(1) These rules may be called the Information Technology (Intermediaries guidelines) Rules, 2011.

(2) They shall come into force on the date of their publication in the Official Gazette

2. Definitions —
        (1) In these rules, unless the context otherwise requires,--
                (a) "Act" means the Information Technology Act, 2000 (21 of 2000);
                (b) "Communication link” means a connection between a hyperlink or graphical element (button, drawing, image) and one or more such items in the same or different electronic document wherein upon clicking on a hyperlinked item, the user is automatically transferred to the other end of the hyperlink which could be another document website or graphical element.
                (c) "Computer resource” means computer resources as defined in clause (k) of sub-section (1) of section 2 of the Act;
                (d) "Cyber security incidnt” means any real or suspected adverse event in relation to cybersecurity that violates an explicity or implicity applicable security policy resulting in unauthotrised access, denial of service or disruption, unauthorised use of a computer resource for processing or storage of information or changes to data, information without authorisation;
                (e) "Data" means data as defined in clause (o) of sub-section (1) of section 2 of the Act;
                (f) "Electronic Signature" means electronic signature as defined in clause (ta) of sub-section (1) of section 2 of the Act;
                (g) "Indian Computer Emergency Response Team” means the Indian Computer Emergency Response Team appointed under sub section (1) section 70 (B) of the Act;
                (h) “Information” means information as defined in clause (v) of sub-section (1) of section 2 of the Act;
                (i) “Intermediary” means an intermediary as defined in clause (w) of sub-section (1) of section 2 of the Act;
                (j) "User" means any person who access or avail any computer resource of intermediary for the purpose of hosting, publishing, sharing, transacting, displaying or uploading information or views and includes other persons jointly participating in using the computer resource of an intermediary.

(2) Ail other words and expressions used and not defined in these rules but defined in the Act shall have the meanings respectively assigned to them in the Act.

3. Due diligence to he observed by intermediary —
The intermediary shall observe following due diligence while discharging his duties, namely : —

(1) The intermediary shall publish the rules and regulations, privacy policy and user agreement for access-or usage of the intermediary's computer resource by any person.

(2) Such rules and regulations, terms and conditions or user agreement shall inform the users of computer resource not to host, display, upload, modify, publish, transmit, update or share any information that —
(a) belongs to another person and to which the user does not have any right to;

(b) is grossly harmful, harassing, blasphemous defamatory, obscene, pornographic, paedophilic, libellous, invasive of another's privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever;

(d) infringes any patent, trademark, copyright or other proprietary rights;

(e) violates any law for the time being in force;

(f) deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature;

(g) impersonate another person;

(h) contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer resource;

(i) threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or public order or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting any other nation.

(3) The intermediary shall not knowingly host or publish any information or shall not initiate the transmission, select the receiver of transmission, and select or modify the information contained in the transmission as specified in sub-rule (2):
provided that the following actions by an intermediary shall not amount to hosing, publishing, editing or storing of any such information as specified in sub-rule: (2) —

(a) temporary or transient or intermediate storage of information automatically within the computer resource as an intrinsic feature of such computer resource, involving no exercise of any human editorial control, for onward transmission or communication to another computer resource;
(b) removal of access to any information, data or communication link by an intermediary after such information, data or communication link comes to the actual knowledge of a person authorised by the intermediary pursuant to any order or direction as per the provisions of the Act;

(4) The intermediary, on whose computer system the information is stored or hosted or published, upon obtaining knowledge by itself or been brought to actual knowledge by an affected person in writing or through email signed with electronic signature about any such information as mentioned in sub-rule (2) above, shall act within thirty six hours and where applicable, work with user or owner of such information to disable such information that is in contravention of sub-rule (2). Further the intermediary shall preserve such information and associated records for at least ninety days for investigation purposes,

(5) The Intermediary shall inform its users that in case of non-compliance with rules and regulations, user agreement and privacy policy for access or usage of intermediary computer resource, the Intermediary has the right to immediately terminate the access or usage lights of the users to the computer resource of Intermediary and remove non-compliant information.

(6) The intermediary shall strictly follow the provisions of the Act or any other laws for the time being in force.

(7) When required by lawful order, the intermediary shall provide information or any such assistance to Government Agencies who are lawfully authorised for investigative, protective, cyber security activity. The information or any such assistance shall be provided for the purpose of verification of identity, or for prevention, detection, investigation, prosecution, cyber security incidents and punishment of offences under any law for the time being in force, on a request in writing staling clearly the purpose of seeking such information or any such assistance.

(8) The intermediary shall take all reasonable measures to secure its computer resource and information contained therein following the reasonable security practices and procedures as prescribed in the Information Technology (Reasonable security practices and procedures and sensitive personal Information) Rules, 2011.

(9) The intermediary shall report cyber security incidents and also share cyber security incidents related information with the Indian Computer Emergency Response Team.

(10) The intermediary shall not knowingly deploy or install or modify the technical configuration of computer resource or become party to any such act which may change or has the potential to change the normal course of operation of the computer resource than what it is supposed to "perform thereby circumventing any law for the time being in force:
provided that the intermediary may develop, produce, distribute or employ technological means for the sole purpose of performing the acts of securing the computer resource and information contained therein.

(11) The intermediary shall publish on its website the name of the Grievance Officer and his contact details as well as mechanism by which users or any victim who suffers as a result of access or usage of computer resource by any person in violation of rule 3 can notify their complaints against such access or usage of computer resource of the intermediary or other matters pertaining to the computer resources made available by it. The Grievance Officer shall redress the complaints within one month from the date of receipt of complaint.

[F. No. 11(3)/2011-CLFE]
N. RAVI SHANKER, Jt. Secy.

For more details visit https://cis-india.org/internet-governance/resources/intermediary-guidelines-rules

CIS Submission to TRAI on Differential Pricing

pranesh — 2016-02-09T08:52:31Z

For more details visit https://cis-india.org/internet-governance/resources/net-neutrality/2016-01-07_cis_trai-submission_differential-pricing