Centre for Internet and Society

UK’s Interception of Communications Commissioner — A Model of Accountability

joe — 2014-07-24T06:08:53Z

The United Kingdom maintains sophisticated electronic surveillance operations through a number of government agencies, ranging from military intelligence organizations to police departments to tax collection agencies. However, all of this surveillance is governed by one set of national laws outlining specifically what surveillance agencies can and cannot do.

The primary law that governs government investigations is the Regulation of Investigatory Powers Act 2000, abbreviated as RIPA 2000.

To ensure that this law is being followed and surveillance operations in the United Kingdom are not conducted illegally, the RIPA 2000 Part I establishes an Interception of Communications Commissioner, who is tasked with inspecting the surveillance operations, assessing their legality, and compiling an annual report to for the Prime Minister.

On April 8, 2014 the current Commissioner, Rt Hon. Sir Anthony May, laid the 2013 annual report before the House of Commons and the Scottish Parliament. In its introduction, the report notes that it is responding to concerns raised as a result of Edward Snowden’s actions, especially misuse of powers by intelligence agencies and invasion of privacy. The report also acknowledges that the laws governing surveillance, and particularly RIPA 2000, are difficult for the average citizen to understand, so the report includes a narrative outline of relevant provisions in an attempt to make the legislation clear and accessible. However, the report points out that while the Commissioner had complete access to any documents or investigative records necessary to construct the report, the Commissioner was unable to publish surveillance details indiscriminately, due to confidentiality concerns in a report being issued to the public. (It is worth noting here that though the Commissioner is one man, he has an entire agency working under him, so it is possible that he himself did not do or write all of that the report attributes to him). As a whole, the report outlines a series of thorough audits of surveillance operations, and reveals that the overwhelming majority of surveillance in the UK is conducted entirely legally, and that the small minority of incorrectly conducted surveillance appears to be unintentional. Looking beyond the borders of the United Kingdom, the report represents a powerful model of a government initiative to ensure transparency in surveillance efforts across the globe.

The Role of the Commissioner

The report begins in the first person, by outlining the role of the Commissioner. May’s role, he writes, is primarily to audit the interception of data, both to satisfy his own curiosity and to prepare a report for the Prime Minister. Thus, his primary responsibility is to review the lawfulness of surveillance actions, and to that end, his organization possesses considerable investigative powers. He is also tasked with ensuring that prisons are legally administrated, though he makes this duty an afterthought in his report.

Everyone associated with surveillance or interception in the government must disclose whatever the commissioner asks for. In short, he seems well equipped to carry out his work. The Commissioner has a budget of £1,101,000, almost all of which, £948,000 is dedicated to staff salaries.

The report directly addresses questions about the Commissioner’s ability to carry out his duties. Does the Commissioner have full access to whatever materials or data it needs to conduct its investigations, the report asks, and it answers bluntly, yes. It is likely, the report concludes, that the Commissioner also has sufficient resources to adequately carry out his duties. Yes, the Commissioner is fully independent from other government interests; the commissioner answers his own question. Finally, the report asks if the Commissioner should be more open in his reports to the public about surveillance, and he responds that the sensitivity of the material prohibits him from disclosing more, but that the report adequately addresses public concern regardless. There is a degree to which this question and answer routine seems self-congratulatory, but it is good to see that the Commissioner is considering these questions as he carries out his duties.

Interception of Communications

The report first goes into detail about the Commissioner’s audits of communications interception operations, where interception means wiretapping or reading the actual content of text messages, emails, or other communications, as opposed to the metadata associated with communications, such as timestamps and numbers contacted. In this section, the report outlines the steps necessary to conduct an interception, outlining that an interception requires a warrant, and only a Secretary of State (one of five officials) can authorize an interception warrant. Moreover, the only people who can apply for such warrants are the directors of various intelligence, police, and revenue agencies. In practice, the Secretaries of State have senior staff that read warrant applications and present those they deem worthy to the Secretary for his or her signature, as their personal signature is required for authorization.

For a warrant to be granted, it must meet a number of criteria. First, interception warrants must be necessary in the interests of national security, to prevent or detect serious crime, or to safeguard economic wellbeing of the UK. Additionally, a warrant can be granted if it is necessary for similar reasons in other countries with mutual assistance agreements with the UK. Warrants must be proportionate to the ends sought. Finally, interception warrants for communications inside the UK must specify either a person or a location where the interception will take place. Warrants for communications outside of the UK require no such specificity.

In 2013, 2760 interception warrants were authorized, 19% fewer warrants than in 2012. The Commissioner inspected 26 different agencies and examined 600 different warrants throughout 2013. He gave inspected agencies a report on his findings after each inspection, so they could see whether or not they were following the law. He concluded that the agencies that undertake interception “do so lawfully, conscientiously, effectively, and in our national interest.” Thus, all warrants adequately meet the application and authorization requirements outlined in RIPA 2000.

Communications Data

The report goes on to discuss communications data collection, where communications data refers to metadata–not the content of the communications itself, but data associated with it, such as call durations, or a list of email recipients. The Commissioner explains that metadata is easier to obtain than an interception warrant. Designated officials in their respective surveillance organization read and grant metadata warrant applications, instead of one of the Secretaries of State who could grant interception warrants. Additionally, the requirements for a metadata warrant are looser than for interception warrants. Metadata warrants must still be necessary, but necessary for a broader range of causes, ranging from collecting taxes, protecting public health, or for any purpose specified by a Secretary of State.

The relative ease of obtaining a metadata warrant is consistent with a higher number of warrants approved. In 2013, 514,608 metadata warrants were authorized, down from 570,135 in 2012. Local law enforcement applied for 87.5% of those warrants while intelligence agencies accounted for 11.5%. Only a small minority of requests was sent from the revenue office or other departments.

The purposes of these warrants were similarly concentrated. 76.9% of metadata warrants were issued for prevention or detection of crime. Protecting national security justified 11.4% of warrants and another 11.4% of warrants were issued to prevent death or injury. 0.2% of warrants were to identify people who had died or otherwise couldn’t identify themselves, 0.11% of warrants were issued to protect the economic wellbeing of the United Kingdom, and 0.02% of warrants were associated with tax collection. The Commissioner identified less than 0.01% of warrants as being issued in a miscarriage of justice, a very low proportion.

The Commissioner inspected metadata surveillance efforts, conducting 75 inspections in 2013, and classified the practices of those operations inspected as good, fair or poor. 4% of operations had poor practices. He noticed two primary errors. The first was that data was occasionally requested on an incorrect communications address, and the second was that he could not verify that some metadata was not being stored past its useful lifetime. May highlighted that RIPA 2000 does not give concrete lengths for which data should be stored, as Section 15(3) states only that data must be deleted “as soon as there are no longer grounds for retaining it as necessary for any of the authorized purposes.” He noted that he was only concerned because some metadata was being stored for longer periods than associated interception data. As May put it, “I have yet to satisfy myself fully that some of these periods are justified and in those cases I required the agencies to shorten their retention periods or, if not, provide me with more persuasive reasons.” The Commissioner seems determined that this practice will either be eliminated or better justified to him in the near future.

Indian Applications

The United Kingdom’s Interception of Communications Commissioner has similar powers to the Indian Privacy Commissioner suggested by the Report of the Group of Experts on Privacy. Similar to the United Kingdom, it is recommended that a Privacy Commissioner in India have investigative powers in the execution of its charter, and that the Privacy Commissioner represent citizen interests, ensuring that data controllers are in line with the stipulated regulations. The Report also broadly states that “with respect to interception/access, audio & video recordings, the use of personal identifiers, and the use of bodily or genetic material, the Commissioner may exercise broad oversight functions.” In this way, the Report touches upon the need for oversight of surveillance, and suggests that this responsibility may be undertaken by the Privacy Commissioner, but does not clearly place this responsibility with the Privacy Commissioner. This raises the question of if India should adopt a similar model to the United Kingdom – and create a privacy commissioner – responsible primarily for overseeing and enforcing data protection standards, and a separate surveillance commissioner – responsible for overseeing and enforcing standards relating to surveillance measures. When evaluating the different approaches there are a number of considerations that should be kept in mind:

Law enforcement and security agencies are the exception to a number of data protection standards including access and disclosure.
There is a higher level of ‘sensitivity’ around issues relating to surveillance than data protection and each needs to be handled differently.
The ‘competence’ required to deliberate on issues related to data protection is different then the ‘competence’ required deliberating on issues related to surveillance.

Additionally, this raises the question of whether India needs a separate regulation governing data protection and a separate regulation governing surveillance.

Allegations of Wrongdoing

It is worth noting that though May describes surveillance operations conducted in compliance with the law, many other organizations have accused the UK government of abusing their powers and spying on citizens and internet users in illegal ways. The GCHQ, the government’s communications surveillance center has come under particular fire. The organization has been accused indiscriminate spying and introducing malware into citizen’s computers, among other things. Led by the NGO Privacy International, internet service providers around the world have recently lodged complaints against the GCHQ, alleging that it uses malicious software to break into their networks. Many of these complaints are based on the information brought to light in Edward Snowden’s document leaks. Privacy International alleges that malware distributed by GCHQ enables access to any stored content, logging keystrokes and “the covert and unauthorized photography or recording of the user and those around him,” which they claim is similar to physically searching through someone’s house unbeknownst to them and without permission. They also accuse GCHQ malware of leaving devices open to attacks by others, such as identity thieves.

Snowden’s files also indicate a high level of collaboration between GCHQ and the NSA. According to the Guardian, which analyzed and reported on many of the Snowden files, the NSA has in past years paid GCHQ to conduct surveillance operations through the US program called Prism. Leaked documents report that the British intelligence agency used Prism to generate 197 intelligence reports in the year to May 2012. Prism is not mentioned at all in the Interception of Communications Commissioner’s report. In fact, while the report’s introduction explains that it will attempt to address details revealed in Snowden’s leaked documents, very little of what those documents indicate is later referenced in the report. May ignores the plethora of accusations of GCHQ wrongdoing.

Thus, while May’s tone appears genuine and sincere, the details of his report do little to dispel fears of widespread surveillance. It is unclear whether May is being totally forthcoming in his report, especially when he devotes so little energy to directly responding to concerns raised by Snowden’s leaks.

Conclusion

May wrapped up his report with some reflections on the state of surveillance in the United Kingdom. He concluded that RIPA 2000 protects consumers in an internet age, though small incursions are imaginable, and especially lauds the law for it’s technological neutrality. That is, RIPA 2000 is a strong law because it deals with surveillance in general and not with any specific technologies like telephones or Facebook, use of which changes over time. The Commissioner also was satisfied that powers were not being misused in the United Kingdom. He reported that there have been a small number of unintentional errors, he noted, and some confusion about the duration of data retention. However, any data storage mistakes seemed to stem from an unspecific law.

Despite May’s report of surveillance run by the books, other UK groups have accused GCHQ, the government’s communications surveillance center, of indiscriminate spying and introducing malware into citizen’s computers. Privacy International has submitted a claim arguing that a litany of malware is employed by the GCHQ to log detailed personal data such as keystrokes. The fact that May’s report does little to disprove these claims casts the Commissioner in an uncertain light. It is unclear whether surveillance is being conducted illegally or, as the report suggests, all surveillance of citizens is being conducted as authorized.

Still, the concept of a transparency report and audit of a nation’s surveillance initiatives report is a step towards government accountability done right, and should serve as a model for enforcement methods in other nations. May’s practice of giving feedback to the organizations he inspects allows them to improve, and the public report he releases serves as a deterrent to illegal surveillance activity. The Interception of Communications Commissioner–provided he reports truthfully and accurately–is what gives the safeguards built into the UK’s interception regime strength and accountability. In other nations looking to establish privacy protections, a similar role would make their surveillance provisions balanced with safeguards and accountability to ensure that the citizens fundamental rights–including the right to privacy–are not compromised.

For more details visit https://cis-india.org/internet-governance/blog/uk-interception-of-communications-commissioner-a-model-of-accountability

Rethinking Privacy: The Link between Florida v. Jardines and the Surveillance of Nature Films

praskrishna — 2014-07-28T05:51:48Z

Bhairav Acharya gave a talk on "Rethinking Privacy" at an event organized by the Indian Institute of Technology, Madras (IIT-M) on July 11, 2014.

In a 2010 article in Continuum: Journal of Media & Cultural Studies, Brett Mills proposed that animals have a right to privacy and that wildlife documentaries, specifically BBC's Nature's Great Events (2009), invaded this right without an examination of animal conservation ethics. In the 2013 Florida v. Jardines decision, the Supreme Court of the United States re-examined the constitutional validity of 'dog sniff laws' that permitted police animals to enter the threshold of private property to conduct 'minimally invasive warant-less searches' and 'Terry stops'; this was the latest in a long line of Fourth Amendment cases that examine the ethics of conserving and protecting public order. I attempt to draw links between the two scenarios that highlight the dissonance between sociological and jurisprudential constructions of privacy.

For more details visit https://cis-india.org/news/rethinking-privacy

Information Influx Conference

praskrishna — 2014-07-28T06:31:40Z

Malavika Jayaram was a speaker at the event organized by the Institute for Information Law, University of Amsterdam from July 2 to 4, 2014.

Click to read the full details here.

When IViR set up its research 25 years ago, the digital transition was just starting to gather speed. Since then, our societies have been undergoing enormous changes in the modes of expression, organization and (re)use of information. Traditional roles of producers, intermediaries, users and governments blur and are recast. Information is the central building block of market economies. New ways of creating, disseminating and using it impact the workings of democracy, of science and education, creativity and culture.

Information Influx will bridge disciplines, regions and institutional perspectives to confront the major challenges of developing the rules that govern the expression, organization and re(use) of information in our society – as the central aspects of IViR’s Research Programme.

Wednesday 2 July

13.00 – 16.30

Information Influx Young Scholars Competition:

13.00 – 15.00

Welcome by Prof. Mireille van Eechoud & Dr. L. Guibault

Catherine Doldirina (Joint Research Centre EC) – Open data and Earth observations: the case of opening access to and use of EO through the Global Earth Observation System of Systems
Comments by Prof. Mark Perry

Jenny Metzdorf (University of Luxembourg) – The implementation of the Audiovisual Media Services Directive by national regulatory authorities – National reponses to regulatory challenges
Comments by Dr. Tarlach McGonagle

Harry Halpin (MIT/W3C) – No Safe Haven: The Storage of Data Secrets
Comments by Dr. Philippe Aigrain

15.00 – 15.15
Refreshments break

15.15 – 16.30

Ellen Wauters (ICRI – University of Leuven) – Social Networking Sites’ Terms of Use: addressing imbalances in the user-provider relationship through ex ante and ex post mechanisms
Comments by Dr. Chantal Mak

Nicolo Zingales (Tilburg University) – Virtues and perils of anonymity: should intermediaries bear the burden?
Comments by Prof. Joel Reidenberg

Closing remarks

17.00 – 18.30

Information Influx public opening:

Welcome Louise Gunning-Schepers (University of Amsterdam), Edgar du Perron (University of Amsterdam) and Bernt Hugenholtz (Institute for Information Law)
Keynote – Degrees of Freedom: Sketches of a political theory for an age of deep uncertainty and persistent imperfection – prof. Yochai Benkler (Harvard Law School)
Young Scholars Award ceremony
Speech by Neelie Kroes (Vice-President of the European Commission) – Our Single Market is Crying out for Copyright Reform!

19.00 – 22.00

IViR 25th birthday soirée – by invitation

Thursday 3 July

9.00 – 10.00

Keynote – Governance, Function and Form – prof. Deirdre Mulligan (University of California, Berkeley)

As data and technology to wield it become pervasive, privacy protection must take new forms. Traditional models of governance centered on state actors, and human oversight do not scale to today’s challenges. Drawing from several research projects Mulligan suggests that focusing on roles and functions, rather than traditional forms and actors, can assist us in leveraging the potential of a range of human and technical actors towards privacy’s protection.

10.30 – 12.30

Parallel sessions:

12.30 – 13.45

Lunch

13.45 – 14.30

Julian Oliver & Danja Vasiliev

14.30 – 16.30

Parallel sessions:

17.00 – 18.00

Keynote – Copyright as Innovation Policy – Fred von Lohmann (Google)

Copyright has historically been concerned with encouraging commercial cultural production. Thanks to digital technology, however, copyright law today finds itself called upon to take on additional unfamiliar roles, including fostering technological innovation and encouraging amateur creative expression. The talk will suggest some ways that copyright can successfully grow into these new roles.

19.00 – 22.00

Conference Dinner

Friday 4 July

9.00 – 10.00

Keynote – Datafication, dataism and dataveillance – prof. José van Dijck (University of Amsterdam)

The popularization of datafication as a neutral paradigm is carried by a widespread belief and supported by institutional guardians of trust. That notion of trust becomes problematic when it leads to dataveillance by a number of institutions that handle people’s (meta)data. The interlocking of government, business, and academia in the adaptation of this ideology (“dataism”) prompts us to look more critically at the entire ecosystem of connective media.

10.30 – 12.30
Parallel sessions:

12.30 – 14.00

Buffet Lunch, plus: Brown bag lunch with Rob Frieden – Net Neutrality: One step beyond

14.00 – 15.00

Keynote – Intellectual Property: Two Pasts and A Future – prof. James Boyle (Duke Law School)

Twenty years from now, will our children look up from their digital devices and ask “Daddy, did anyone ever own a book”? In his keynote speech, James Boyle will trace the past lives of intellectual property, the battles fought, the technologies regulated. Can we find hints of the future in the battles of our past? Boyle’s answer is yes, and that answer should give us pause.

15.30 – 17.30

Parallel sessions:

17.30 – 18.30

Farewell drinks

Parallel sessions

Rights in the mix

Among amateur and professional creators alike there is a manifest need to not only share but also remix existing works. The panel discusses how adequately open content licensing systems support these needs. It also looks to how well this licensing system fits in the wider legal framework.

prof. Séverine Dusollier (University of Namur) (moderator)
Paul Keller (Kennisland)
prof. Daniel Gervais (Vanderbilt Law School)
prof. Volker Grassmuck (Lüneburg University)

Behavioural targeting – If you cannot control it, ban it?

The discussion about the potential pitfalls of behavioural targeting practices and the problems it may create for users and user rights continues in full force. The growing evidence of the ineffectiveness of the existing informed-consent-approach to regulation can no longer be ignored. Is it time for the regulator to move to more drastic means and ban certain behavioural targeting practices, and if so, which practices?

prof. Chris Hoofnagle (University of California, Berkeley) (moderator)
prof. Neil Richards (Washington University)
Frederik Borgesius (Institute for Information Law)
prof. Joseph Turow (University of Pennsylvania)
prof. Mireille Hildebrandt (University of Nijmegen)
dr. Tal Zarsky (University of Haifa)

Tomorrow’s news: bright, mutualized and open?

As public debate becomes more diversified, crowded, interactive, noisy and technology-dependent than ever before, what survival strategies are being devised for the news as we know it? Are existing expressive and communicative rights, and related duties and responsibilities, fit-for-purpose in increasingly digitized and networked democratic societies? Will tomorrow’s news still be worth tuning into?

dr. Tarlach McGonagle (Institute for Information Law) (moderator)
dr. Susanne Nikoltchev (European Audiovisual Observatory)
Aidan White (Ethical Journalism Network)
dr. Luís Santos (University of Minho)
dr. Eugenia Siapera (Dublin City University)
Gillian Phillips (The Guardian)

Filtering away infringement: copyright, injunctions and the role of ISPs

Can technology solve the problem of intermediary liability for online copyright infringement? If so, should technology be allowed to determine law? This panel shall focus on the issue of injunctions imposed on online intermediaries to force them to adopt measures that filter or block copyright infringements by third parties on their websites.

prof. Bernt Hugenholtz (Institute for Information Law) (moderator)
prof. Dirk Visser (University of Leiden)
Remy Chavannes (Brinkhof)
Fred von Lohmann (Google)
Sir Richard Arnold (High Court UK)
prof. Niva Elkin-Koren (University of Haifa)
prof. Reto Hilty (Max Planck Institute)

Mass-digitization and the conundrum of online access

Cultural heritage institutions face difficulties providing online access to digitized materials in their collections. This session examines a number of pressing issues, taking a trans-Atlantic perspective. When does digitization in public-private partnerships pose a threat to access to public domain materials? What ways are there to manage rights clearance of copyrighted materials and deal with territoriality?

prof. Martin Senftleben (VU University Amsterdam) (moderator)
prof. Pamela Samuelson (University of California, Berkeley)
dr. Elisabeth Niggemann (Deutsche Nationalbibliothek)
prof. Martin Kretschmer (Glasgow University)

The algorithmic public: towards a normative framework for automated media

In the online media, decisions about what users get to see (or not to see) are increasingly automated, through the use of smart algorithms and extensive data about users’ preferences and online behaviour. This raises a number of fundamental questions about freedom of expression, editorial integrity and user autonomy. Leading thinkers will debate algorithmic decision-making in online media and explore the contours of a much needed normative framework for automated media.

prof. Natali Helberger (Institute for Information Law) (moderator)
dr. Joris van Hoboken (New York University)
prof. Wolfgang Schulz (Hans-Bredow-Institut)
prof. Niva Elkin-Koren (University of Haifa)
dr. Bernhard Rieder (University of Amsterdam)

Accountability and the public sector data push

Initiatives to make governments more ‘transparent’ abound. Freedom of information laws are reconfigured to push out ever more information to citizens and businesses. Promises of benefits abound too: better accountability and increased participation, as well as efficiency gains and new business opportunities. Can and should the next generation of freedom of information laws serve both political-democratic objectives and economic ones?

prof. Mireille van Eechoud (Institute for Information Law) (moderator)
Chris Taggart (Open Corporates)
Helen Darbishire (Access Info)
prof. Deirdre Curtin (University of Amsterdam)
dr. Ben Worthy (Birkbeck University College London)
Jonathan Gray (Open Knowledge Foundation / University of London)

A new governance model for communications security?

Today, the vulnerable state of electronic communications security dominates headlines across the globe, while money and power increasingly permeate the policy arena. 2013 has seen no less than five sweeping legislative initiatives in the E.U., while the U.S. seems to trust in the market to deliver. Amidst these diverging approaches, how should communications security be regulated?

Axel Arnbak (Institute for Information Law) (moderator)
prof. Deirdre Mulligan (University of California, Berkeley)
prof. Ian Brown (Oxford University)
prof. Michel van Eeten (Delft university of technology)
Amelia Andersdotter (European Parliament)
Ashkan Soltani (independent researcher)

Global information flows and the nation state

Information flows contest the physical spaces in which the nation state has been deemed a sovereign for almost five centuries. This tension dominates nearly all areas of information law, from data protection and IP enforcement to mass surveillance by national intelligence agencies. This session reflects on the broader challenges that territoriality presents for information law today.

prof. Urs Gasser (Harvard) (moderator)
prof. Joel Reidenberg (Fordham Law School)
prof. Graeme Dinwoodie (Oxford University)
Malavika Jayaram (Harvard)
Hielke Hijmans (Vrije Universiteit Brussel)

United in diversity – the future of the public mission

Digital technologies and the information economy create fascinating new opportunities but also pose fundamental challenges to the fulfilment of the public mission of the media, public archives and libraries alike. This panel is a step towards establishing a dialogue between the three institutions: to explore the congruence between their missions, and their responses to critical issues such as technological convergence, the changing habits of users, the growing abundance of content and their relationship to new information intermediaries, such as search engines, social networks or content platforms.

prof. Natali Helberger (Institute for Information Law) (moderator)
prof. Klaus Schönbach (University of Vienna)
prof. Frank Huysmans (University of Amsterdam)
prof. Egbert Dommering (Institute for Information Law)
Maarten Brinkerink (Netherlands Institute for Sound and Vision)
Richard Burnley (European Broadcasting Union)

Legalizing file-sharing: an idea whose time has come – or gone?

Alternative compensation systems are designed to legalize and monetize online copyright restricted acts of distributing and consuming content. Empirical evidence shows that end-users strongly support paying flat-rate fees for the ability to legally download and share content. So what prevents us from introducing such schemes? The group of experts convened debates the future of alternative compensation systems in light of current legal, business and technology trends.

prof. Bernt Hugenholtz (Institute for Information Law) (moderator)
prof. Neil Netanel (University of California, Los Angeles)
prof. Alexander Peukert (University of Frankfurt)
dr. Philippe Aigrain (Quadrature du Net)
prof. Séverine Dusollier (University of Namur)

Assembly (Information influx)

Taking legal cases and controversies involving intellectual property, art collective Agency composes a growing list of “Things” that resist the split between “nature” and “culture”, a split that intellectual property relies upon. From the list of over a 1,000 Things, Agency calls forth Thing 002094, the copyright controversy Être et Avoir, to jointly speculate upon. The purpose is less to re-enact the judgment and more to prolong hesitation.

Agency
Severine Dusollier
Wilco Kalff
Sanne Rovers
Margot van de Linde
Arnisa Zeqo

Big brother is back

The debate about the pervasive surveillance of the online environment is roaring. Considering what we know now, what better metaphor is there than to conclude that we live in the world of Big Brother? This session will bring together leading thinkers and doers related to power and control in the communication environment, who will provide critical input on the way we think and speak about information freedom and control. Should we aspire to tame Big Brother or should we think differently about the problem?

Axel Arnbak (Institute for Information Law) (moderator)
dr. Joris van Hoboken (New York University) (moderator)
John McGrath (National Theatre of Wales)
dr. Seda Gürses (New York University)
Hans de Zwart (Bits of Freedom)

Who owns the World Cup? The case for and against property rights in sports events

Sports have important economic, social and cultural dimensions. What is the optimal form of legal protection of sports events considering the public-private nature of sports? The focus of debate will be on football because of its major relevance in Europe in terms of diffusion, commercial exploitation, and social impact; but we can expect many insights to hold true for other sports as well.

prof. Bernt Hugenholtz (Institute for Information Law) (moderator)
prof. Lionel Bently (University of Cambridge)
prof. Dirk Voorhoof (Ghent University)
prof. Peter Jaszi (American University Washington)
prof. Graeme Dinwoodie (Oxford University)
prof. Egbert Dommering (Institute for Information Law)
prof. Alan Bairner (Loughborough University)

Associated events

Invitation only:
Wednesday 2 July: Big Breakfast with Joseph Turow & Tal Zarksy – Ethical, normative, social and cultural implications of profiling & targeting in an era of big data – towards a research agenda, Institute for Information Law (IViR) & Amsterdam School of Communication Research (ASCoR), East India House, room E0.02, 09.00-12.00 a.m.

Public event:

Friday 4 July: Lecture James Boyle & Marjan Hammersma about cultural heritage and the public domain
More information and registration at:
Cultural heritage institutions as guardians of public domain works in the digital environment, Rijksmuseum & Kennisland in cooperation with IViR, Rijksmuseum Auditorium, 18.00-20.00 p.m.

About IViR

The Institute for Information Law (IViR) is a centre of excellence in academic research which consistently seeks to further our understanding of how legal norms reflect and shape the creation, dissemination and use of information in our societies. That is the ambition at the heart of the many research initiatives IVIR has undertaken since its foundation in 1989. The urgency of taking an interdisciplinary and international approach has only grown in the past decades. It is crucial if we want to understand and evaluate the rapidly evolving complex and myriad legal norms that govern information relations in markets, in social and in political spaces. With over 30 researchers, teachers and support staff based in our offices in the historic centre of Amsterdam, we have the critical mass to broach key regulatory challenges of today’s information society.

Our focus on information relations deliberately cuts across traditional boundaries in legal scholarship. We bring together insights from constitutional law, human rights, public administration, intellectual property, contract and property law, and competition law. Our functional approach enables fruitful collaboration with experts from an array of academic disciplines, in information and communications technology, economics, media studies, political science and the arts.

Continuing a long Dutch tradition of openness towards the world, our work has a strong international orientation. It shows in the topics we study, the strong global network of affiliations we have in academia and the wonderful dynamic mix of upcoming and experienced researchers from all over Europe and beyond that make up IViR.

With each consecutive research programme we prioritize legal developments that fascinate us, and translate them into a variety of research projects. This includes doctoral research, research for policymakers at national, European and international level, and projects funded through national and European research grant programmes. Our current research programme and an overview of research projects can be found here. Doctoral dissertations, journal articles, books, case comments, studies, reports, lectures, debates, workshops, conferences and summer schools are the staple means of communicating what we do. Browse our publications here.

Media reports and conference outputs will be posted on the IViR website

For more details visit https://cis-india.org/news/information-influx-conference

ICT Awareness Program for Myanmar Parliamentarians in Yangon

praskrishna — 2014-07-29T09:37:26Z

Myanmar ICT for Development Organization-MIDO conducted ICT policy training for multi- party parliamentarian representatives in Yangon on July 26 and 27, 2014. Sunil Abraham presented on Innovation Ecosystem and Thinking about Internet Regulation.

Sunil's Presentations

Schedule

Day 1	Topic	Resource Person
0930-1030	What is the significance of ICTs to legislators?	Rohan Samarajiva (RS)
1030-1115	Stories from the field: What do poor people do with ICTs?	Helani Galpaya (HG)
1115-1145	Break
1145-1245	Legislation, policies, plans, strategies, regulation	RS
1245-1330	Modalities of making and implementing ICT policy	RS and HG
1330-1430	Lunch	Videos
1430-1530	What is independent regulation? Why is it needed for sector growth	RS
1530-1600	Break
1600-1700	Panel discussion: How social media can be used in public life	Sunil Abraham (SA), RS & Charitha Herath (CH)
Day 2
930-1030	Regulation of online speech	Nay Phone Latt (NPL)
1030-1100	Break
1100-1200	How to think about Internet policy	SA; counterpoint by CH
1200-1300	Hope in the heart and money in the pocket: Results of effective policy	RS
1300-1400	Lunch	Videos

We plan to have simultaneous interpretation. There will be time for discussion within each session.

Brief descriptions of sessions

What is the significance of ICTs to legislators?

Rohan Samarajiva

This is the introduction, wherein we bring out the economic, social and political significance of ICTs. Why legislators should pay attention to the subject.

Stories from the field: What do poor people do with ICTs?

Helani Galpaya

Here we present the findings of how the poor use ICTs, using demand-side data (both quant and quality) from Myanmar and countries in similar circumstances.

Legislation, policies, plans, strategies, regulation

In this session, a former policy advisor/regulator will present a perspective on the important distinctions between legislation, policies, plans, strategies, and regulation.

Modalities of making and implementing ICT policy

RS and HG

Here we will delve into the practical details of making policy and of implementing policy, using examples.

What is independent regulation? Why is it needed for sector growth

Progress in electronic connectivity is the foundation that will reduce the frictions in the Myanmar economy, create jobs and exports and enable social, political and economic innovations. This requires massive investments, most of which will be private and most of which will come from outside the country. What legislators need to know about creating an environment that will attract and retain foreign investment in a globalized economy will be discussed.

How social media can be used in public life

Sunil Abraham, RS and Charitha Herath

In the panel discussion, SA will pose questions to a policy advisor who has used social media in a political campaign and a social media savvy current government official.

How to think about Internet policy

SA; counterpoint by CH

A leading advocate of enlightened Internet policy, Sunil Abraham of the Center for Internet and Society in Bangalore, India, will present his ideas, highlighting the international dimension of Internet policy. CH will share his perspectives as a serving government official.

Regulation of online speech

Nay Phone Latt

Here, Myanmar’s leading blogger and founder of MIDO will discuss the current concerns with legislation that seeks to control online speech.

Hope in the heart and money in the pocket: Results of effective policy

Results of effective policy implementation will be discussed with reference to specific country experiences.

Resource persons

Rohan Samarajiva, PhD, (program director) is founding Chair of LIRNEasia, an ICT policy and regulation think tank active across emerging Asian and Pacific economies. He was Team Leader at the Sri Lanka Ministry for Economic Reform, Science and Technology (2002-04) responsible for infrastructure reforms, including participation in the design of the USD 83 million e-Sri Lanka Initiative. He was Director General of Telecommunications in Sri Lanka (1998-99). In this capacity, he established the Telecom Regulatory Commission of Sri Lanka; conducted the first public hearing and public notice proceedings; successfully concluded a license-violation proceeding; and laid the foundation for a competitive market. He was also a founder director of the ICT Agency of Sri Lanka (2003-05), Honorary Professor at the University of Moratuwa in Sri Lanka (2003-04), Visiting Professor of Economics of Infrastructures at the Delft University of Technology in the Netherlands (2000-03) and Associate Professor of Communication and Public Policy at the Ohio State University in the US (1987-2000). Dr. Samarajiva was also Policy Advisor to the Ministry of Post and Telecom in Bangladesh (2007-09).

Sunil Abraham is the Executive Director of Bangalore based research organization, the Centre for Internet and Society. He founded Mahiti in 1998, a company committed to creating high impact technology and communications solutions. Today, Mahiti employs more than 50 engineers. Sunil continues to serve on the board. Sunil was elected an Ashoka fellow in 1999 to 'explore the democratic potential of the Internet' and was also granted a Sarai FLOSS fellowship in 2003. Between June 2004 and June 2007, Sunil also managed the International Open Source Network, a project of United Nations Development Programme's Asia-Pacific Development Information Programme serving 42 countries in the Asia-Pacific region.

Helani Galpaya is LIRNEasia’s Chief Executive Officer. Helani leads LIRNEasia’s 2012-2014 IDRC funded research on improving customer life cycle management practices in the delivery of electricity and e-government services using ICTs. She recently completed an assessment of how the poor in Bangladesh and Sri Lanka use telecenters to access government services. For UNCTAD and GTZ she authored a report on how government procurement practices can be used to promote a country’s ICT sector and for the World Bank/InfoDev Broadband Toolkit, a report on broadband strategies in Sri Lanka. She has been an invited speaker at various international forums on topics ranging from m-Government to ICT indicators to communicating research to policy makers. Prior to LIRNEasia, Helani worked at the ICT Agency of Sri Lanka, implementing the World-Bank funded e-Sri Lanka initiative. Prior to her return to Sri Lanka, she worked in the United States at Booz & Co., Marengo Research, Citibank, and Merrill Lynch. Helani holds a Masters in Technology and Policy from the Massachusetts Institute of Technology, and a Bachelor’s in Computer Science from Mount Holyoke College, USA.

Charitha Herath has served as Secretary, Ministry of Mass Media and Information in the Government of Sri Lanka since 2012. Prior to his present appointment, he was the Chairman of the Central Environment Authority. Currently on secondment for national services from his permanent academic position as a Senior Lecturer in the Department of Philosophy and Psychology at the University of Peradeniya in Sri Lanka, he continues to work on his academic research, specializing in governments and politics in Asia, ethnic studies, cultural psychology, social and political philosophy, with his main focus on political psychology. More detail at http://charithaherath.wordpress.com/about-2/

Nay Phone Latt is the Co-founder and Executive Director of Myanmar ICT Development Organization (MIDO). He graduated from Yangon Technological University with a civil engineering degree in 2004. He co-founded the Myanmar Blogger Society in 2007. Award winner of PEN Barbara Goldsmith Award and RFS’s Cyber Dissidents Award. Former Political Prisoner. CEC Member of Myanmar Journalists Association(MJA) Chief Editor of ThanLwinAinMat Online Magazine (www.thanlwin.com). Member of Board of Directors of House of Media & Entertainment (HOME).

For more details visit https://cis-india.org/news/ict-awareness-program-for-myanmar-parliamentarians-yangon

We the goondas

praskrishna — 2014-08-04T15:06:18Z

You can now be arrested in Karnataka even before you commit an offence under the IT Act. You could be in jail under the Goonda Act even if not guilty under the Indian Copyright Act. If govt thinks you are planning to send a 'lascivious' photo to a WhatsApp group, or forwarding a copyrighted song, you can be arrested.

The article by Shyam Prasad was published in the Bangalore Mirror on August 4, 2014. Sunil Abraham gave his inputs.

Have a smartphone? Run for cover. Bizarre as this might sound, the cops are going to come after you if you so much as forward a song to a friend. Forget actually doing it, any plans to do so could land you in serious trouble too. You could be labelled a 'goonda' in the eyes of the State and find yourself behind bars.

In a completely unfathomable move, Karnataka has brought most offences under the Information Technology Act, 2000, and Indian Copyright Act, 1957, under the ambit of the Goonda Act. Until now, people with a history of offences like bootlegging, drug offences and immoral trafficking could be taken into preventive custody. But the government, in its enthusiasm, while adding acid attackers and sexual predators to the law, has also added 'digital offenders'. While it was thought to be against audio and video pirates, Bangalore Mirror has found it could be directed at all those who frequent FB, Twitter and the online world, posting casual comments and reactions to events unfolding around them.

So if you are planning a digital 'offence' — which could be an innocuous opinion like the young girls' in Mumbai after the bandh declared on Bal Thackeray's death — that could attract the provisions of the Information Technology Act. You can even be taken into preventive custody like a 'goonda'. Even those given exceptions under the Indian Copyright Act can find themselves in jail for a year without being presented before a magistrate. Technically, if you are even planning to forward 'lascivious' memes and images to a WhatsApp group or forwarding a song or 'copyrighted' PDF book, you can be punished under the Goondas Act.

The law-makers clearly did not dwell much on the implications while bringing the majority of the populace within the ambit of this law. On July 28, the Karnataka Legislature passed (it took barely a minute from tabling to voice vote), 'The Karnataka Prevention of Dangerous Activities of Bootleggers, Drug-offenders, Gamblers, Goondas, Immoral Traffic Offenders, Slum-grabbers and Video or Audio Pirates, (Amendment) Bill, 2014'. The amendment adds, "Acid attackers, Depradator of Environment, Digital Offenders, Money Launderers and Sexual Predators", to the title. In common parlance, this law is known as the 'Goonda Act'.

The move has come as a shock to the legal community which has slammed it, terming it an attempt by the state to usurp central powers. The government had earlier included 'piracy' under the Goonda Act. But it was applicable only to those pirating film DVDs. Now, this will include books, film songs, music, software or anything big corporates and multinationals claim they have copyright on.

Sunil Abraham, executive director, Centre for Internet and Society, is left in no doubt that the new law is "a terrible thing". "It is a sad development. It is not just bringing the provisions of the IT Act, but also the Copyright Act, that will hurt the common man," he said.

'Digital Offenders' means "any person who knowingly or deliberately violates, for commercial purposes, any copyright law in relation to any book, music, film, software, artistic or scientific work and also includes any person who illegally enters through the identity of another user and illegally uses any computer or digital network for pecuniary gain for himself or any other person or commits any of the offences specified under sections 67, 68, 69, 70, 71, 72, 73, 74 and 75 of the Information Technology Act, 2000."

Section 67 of the IT Act will be the most dangerous for the common man with a smartphone in hand now. The section, "Publishing of information which is obscene in electronic form," includes "any material which is lascivious or appeal to the prurient interest." This could have a very broad interpretation.

Advocate Nagendra Naik says, "The Goonda Act provides for preventive arrest. In the Information Technology Act and The Copyright Act, you have to commit the offence to be arrested. But here, you can be taken into preventive custody even before you commit the said offences. In normal arrests, you can straightaway apply for bail. But under the Goonda Act, you cannot. There is a long process of review and you will be in custody at least till then. The third impact is, you can have a history sheet started against you by the police. Technically, your slips on WhatsApp will attract the Goonda Act against you."

Supreme Court advocate KV Dhananjay said the Goonda Act is a draconian piece of legislation and it necessarily mocks at the institution of courts and lawyers. "After the passage of the various amendments to the Goonda Act, Karnataka now looks like a mini North Korea where police mood swings will decide whether the ordinary citizen has any right at all," he said.

Advocate Shyam Sundar, says, "What if your smartphone has a list of repeated material sent out over days or weeks. Most people do not even know if their phones are affected by viruses which could be sending out such material. Another example is of Facebook. There are so many FB pages with pornographic content. If someone who has subscribed to such a page sends you a friend request and you accept it, that content will surface on your page. It will have a history of repetition. The amendment clearly opens up huge problems for the common people. There is no doubt of the law being grossly misused and the amendment to include provisions of the IT Act has been done without application of mind. What is lascivious appeal in the first place? A porn star has been made a film star in India. Is this not lust? Are there enough filters in place to secure your smartphone from online abuse?"

The new law will in all probability create more corruption than anything else, say experts. Dhananjay says, "Until last week, police postings in Bangalore and other bigger cities were selling for tens of lakhs. Thanks to these amendments, some postings that enforce the Goonda Act will now sell for a couple of crores. The public will not feel safe due to this draconian legislation. Those who enforce the Goonda Act, however, will become richer through corruption, thanks to the fear created by these new amendments."

One year in jail for the innocent too

Sunil Abraham gives two examples by which the amended Goonda Act will become a ruthless piece of legislation. "If I publish an image of a naked body as part of a scientific article about the human body, is it obscene or not? It will not be obscene and, if I am arrested under the IT Act, I will be produced before the magistrate within 24 hours and can explain it to him. But now, I will be arrested under the Goonda Act and need not be produced before a magistrate for 90 days. It can be extended to one year. So for one year, I will be in jail even if I have not committed any wrong. Another example pertains to bringing offences under the Copyright Act under the Goonda Act. In the Copyright Act, there is an exception for reporting, research, educational and people with disability. A visually impaired person, for example, can, without paying royalty, convert a book into another format like Braille or audio and share it with another visually impaired person on a non-profit basis. But if he is arrested under Goonda Act, he will be in jail for one year, even before he does it."

HAVE THEY READ STATUTE?
Supreme Court advocate KV Dhananjay says, "The definition of a 'digital offender' is simply laughable. I do not think that whoever asked the state government to include 'digital offence' under the Goonda Act has carefully read the Constitution of India. Under the Constitution, both copyright and telecommunications are exclusive central subjects. This means that states simply cannot make any law on these subjects." Dhananjay gives the example of payment of income tax. "You know already that only the central government can demand and collect your income taxes. Can any state government say that it will create a new law to punish its resident who defaults in payment of income tax? You would simply laugh at any such law. This new definition of 'digital offender' is no less amusing. Offences under the Information Technology Act, 2000, are exclusively punishable by the central government only. State governments have no power to say that an Act shall become an offence when it does not even have the power to regulate such an Act."

CRIMINAL LAW EXPERTS SAY
Senior designate advocate, MT Nanaiah: "This law will be too harsh. There are MLAs who do not know the meaning of cyber crime. We (advocates) will be kept busy at the cost of innocent people because of this step. It provides for arresting anyone who would allegedly be planning to do something. Finding him guilty or otherwise comes later. What happens if your phone is lost or somebody sends something from your phone without your knowledge? For the first few years, innocents will go to jail. Then the courts will probably intervene and call for modifying what is at best a bad law. A similar situation arose with Section 498(A) of IPC and Sections 3 and 4 of Dowry Prohibition Act. It was misused to such an extent that courts had to step in." Senior designate advocate and former State Public Prosecutor HS Chandramouli : "Even social legislations have been misused. And, in this case, most people are illiterate about what cyber crime is. It is mostly teenagers and college students who will feel the heat. These are the people who mostly forward material considered obscene. It is necessary to educate people through discussions, workshops in the bar associations, law college and with experts. The amendment has been passed in the Legislature without discussion, which is a tragedy. At least now, before it is gazetted, people should be warned about what is being brought into the Goonda Act. I do not know how fair adding 'digital offenders' in the Goonda Act will be to the public, but the chances of misuse are more. There are no riders or prosecution for misuse. And how many policemen know about cyber crimes? During the infamous 'kidney' case (where people were cheated and their kidneys removed) many policemen did not know the difference between kidneys and testicles."

ONE YEAR IN JAIL WITHOUT CHANCE OF BAIL FOR..

Forwarding a song from your phone
Forwarding an e-book from your email
A nude photo which the govt thinks is obscene
Any software that a company says it owns
A movie which a company says it has copyright on

For more details visit https://cis-india.org/news/bangalore-mirror-shyam-prasad-august-4-2014-we-the-goondas

July 2014 Bulletin

praskrishna — 2014-08-11T05:46:53Z

Seventh issue of the newsletter (July 2014) below:

We at the Centre for Internet & Society (CIS) welcome you to the seventh issue of the newsletter (July 2014). Archives of our newsletters can be accessed at: http://cis-india.org/about/newsletters

------------------------------
Highlights
------------------------------

Nehaa Chaudhari participated in the 28^th session of the World Intellectual Property Organisation Standing Committee on Copyright and Related Rights (WIPO-SCCR) held in Geneva from June 30 to July 4, 2014. The Centre for Internet and Society (CIS) gave its statements on the Limitations and Exceptions for Libraries and Archives and Proposed Treaty for the Protection of Broadcasting Organizations.
India became the first country to ratify the Marrakesh Treaty and the Accessible Books Consortium was launched. Nehaa Chaudhari who participated in the 28^th session of the WIPO-SCCR reports on this in a blog entry.
Vikrant Narayan Vasudeva produced a research paper on patent valuation and license fee determination as part of the Pervasive Technologies project.
Our grant application to the Wikimedia Foundation was approved. CIS has been awarded Rs. 12,000,000 for the next one year for the Access to Knowledge (Wikipedia) project.
CIS and the University of Mysore organized the Open Knowledge day in Mysore on July 15, 2014. Six volumes of Kannada Vishwakosha was re-released under the Creative Commons (CC license).
We helped the Ministry of Science and Technology draft the Open Access Policy for the DST/DBT.
The first of the seven proposed roundtable meetings on “Privacy and Surveillance” conducted by CIS in collaboration with the Cellular Operators Association of India and the Council for Fair Business Practices was held in Mumbai on June 28, 2014. Anandini K. Rathore has blogged on this.
Bedavyasa Mohanty has produced a blog entry that analyses the nuances of interception of communications under the Indian Telegraph Act and the Indian Post Office Act.
Vinayak Mithal has written a blog entry on the Constitutionality of Indian surveillance law that analyses ICANN's reactive transparency mechanism, comparing it with freedom of information best practices. He describes the DIDP and its relevance for the Internet community.
Nishant Shah speaks on the right to freedom of speech and expression in the latest interview conducted as part of the Cybersecurity series being done with a grant from the International Development Research Centre (IDRC), Ottawa.
Nishant Shah’s peer reviewed article “Asia in the Edges: A Narrative Account of the Inter-Asia Cultural Studies Summer School in Bangalore” was published in Inter-Asia Cultural Studies Journal, Volume 15, Issue 2, on July 3, 2014. Nishant gives a narrative account of the experiments and ideas that shaped the second Summer School, “The Asian Edge” hosted in Bangalore, India, in 2012.
CIS recruited two new staff members in its Bangalore office. Rohini Lakshane joined as a Program Officer in the Pervasive Technologies project and K.N. Medini joined as a Senior Accounts Officer. Their profiles can be accessed at http://cis-india.org/about/people/our-team.

----------------------------------------------
Accessibility and Inclusion
----------------------------------------------
Under a grant from the Hans Foundation we are doing two projects. The first project is on creating a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India. We compiled the National Compendium of Policies, Programmes and Schemes for Persons with Disabilities (29 states and 6 union territories). We will be publishing this soon. The draft chapters along with the quarterly reports can be accessed on the project page. The second project is on developing text-to-speech software for 15 Indian languages. The progress made so far in the project can be accessed here.

►NVDA and eSpeak

Monthly Update

Work Report for July (by Suman Dogra, July 31, 2014).

Blog Entry

India's Ratification of the Marrakesh Treaty Celebrated; Accessible Books Consortium Launched (by Nehaa Chaudhari, July 1, 2014): India became the first country to ratify the Marrakesh Treaty.

Media Coverage

SpicyIP Tidbit: India ratifies the Marrakesh Treaty for the Visually Impaired (by Thomas J. Vallianeth, Spicy IP, July 1, 2014).

-----------------------------------------------------------
Access to Knowledge
-----------------------------------------------------------
As part of the Access to Knowledge programme we are doing two projects. The first one (Pervasive Technologies) under a grant from the International Development Research Centre (IDRC) is for research on the complex interplay between pervasive technologies and intellectual property to support intellectual property norms that encourage the proliferation and development of such technologies as a social good. The second one (Wikipedia) under a grant from the Wikimedia Foundation is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►WIPO

Participation in Event and Statements
Nehaa Chaudhari participated in the 28^th session of WIPO-SCCR held in Geneva from June 30 to July 4, 2014. The following have been the outputs from the event:

Statement on the Proposed Treaty for the Protection of Broadcasting Organizations at WIPO SCCR 28 (by Nehaa Chaudhari, July 2, 2014).
Opening Comments by India on Limitations and Exceptions for Libraries and Archives at WIPO SCCR 28 (posted by Nehaa Chaudhari, July 7, 2014). This was the statement made by the Indian delegation at WIPO-SCCR 28^th session on July 2, 2014.
Statement on the Limitations and Exceptions for Libraries and Archives at WIPO SCCR 28 (by Nehaa Chaudhari, July 3, 2014).
28th Session of the WIPO SCCR: Report on the Proposed Treaty for the Protection of Broadcasting Organizations (by Nehaa Chaudhari, July 29, 2014).

► Pervasive Technologies

Research Papers

Patent Valuation and License Fee Determination in Context of Patent Pools (by Vikrant Narayan Vasudeva, July 9, 2014). Vikrant has produced research that examines patent valuation and license fee determination in detail.
Grounds for Compulsory Patent Licensing in United States, Canada, China, and India (by Maggie Huang, July 29, 2014). In her research paper Maggie tries to answer questions about the grounds of compulsory licensing in international treaties with specific examples from America and Asia.

►Wikipedia
As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Announcement
Our grant application to the Funds Dissemination Committee (FDC) of the Wikimedia Foundation was approved by its board which met in Frankfurt from May 21 to 24, 2014. CIS had requested a grant of Rs. 18,406,454 and were awarded Rs. 12,000,000 for the next one year.

The following were done this month:

Articles / Blog Entries

Aircel & Wikimedia Foundation announce Wikipedia Zero (by Dr. U.B.Pavanaja, Prajavani, July 3, 2014). As per this, users of Aircel need not pay for data for accessing Wikipedia.
ଇଣ୍ଟରନେଟରେ ଓଡ଼ିଆ ଅକ୍ଷରସଜ୍ଜା (by Subhashish Panigrahi, Samaja, July 4, 2014).
State of Odia Language in Computing and Future Steps (by Subhashish Panigrahi, Sovereign, July 7, 2014).
ଓଡ଼ିଆ ଭାଷା ବିକାଶର ରାସ୍ତା (by Subhashish Panigrahi, The Sambad, July 23, 2014).
University of Mysore Re-releases Kannada Vishwakosha (Encyclopaedia) under Creative Commons Free License (by Dr. U.B.Pavanaja, July 24, 2014). Leading English and Kannada dailies like Andolana Kannada, City Today, Deccan Herald, Hosa Diganta, Kannada Jana Mana, Kannada Prabha, Rajya Dharma, Samyukta Karnataka, The Hindu, The New Indian Express, Udayavani, Vijaya Karnataka, and Vijaya Vani published about this. Scanned versions of the published articles can be downloaded here.
Wiki Loves Pride 2014 and Adding Diversity to Wikipedia (by Dorothy Howard, Wikimedia Blog, July 25, 2014).
Doctors and Translators Are Working Together to Bridge Wikipedia's Medical Language Gap (by Subhashish Panigrahi, Global Voices, July 27, 2014). This was re-published on the Wikimedia Blog, July 30, 2014.
Classical Odia Language in the Digital Age (by Subhashish Panigrahi, Odisha Review, posted on July 28, 2014). The essay was published in the magazine’s June edition.

Event Organized

Open Knowledge Day (co-organized by Mysore University and CIS-A2K, Kuvempu Institute of Kannada Studies, University of Mysore, July 15, 2014). The event coincided with the Open Knowledge Festival in Berlin from July 15 to 17. Dr. U.B.Pavanaja conducted the event. On this occasion Mysore University released six volumes of Kannada Vishwakosha under the Creative Commons (CC) license.

Participation in Events

National Level Seminar on Computer Application and Odia Language (organized by Institute of Odia Studies and Research, July 6, 2014). Subhashish Panigrahi was a panelist.
Open Knowledge Festival 2014 (organized by Google, Omidyar, et.al., Berlin, July 15 – 17, 2014). Subhashish Panigrahi represented India as the India Ambassador of OpenGLAM local and made a presentation.
#NAMA: The Future of Indic Languages (organized by Medianama, The Oberoi Hotel, Bangalore, July 24, 2014). Subhashish Panigrahi participated in the event.

News and Media Coverage
CIS-A2K team gave its inputs to the following media coverage:

Wikipedia edit-a-thons to add content on LGBTs (by Renuka Phadnis, The Hindu, July 7, 2014).
Font problem hits Odia (by Bibhuti Barik, The Telegraph, July 7, 2014).
Four volumes of Kannada Encyclopaedia digitised (by R. Krishna Kumar, The Hindu, July 12, 2014).
‘ಕನ್ನಡ ವಿಶ್ವಕೋಶ’ಕ್ಕೆ ಇನ್ನು ಲೈಸೆನ್ಸ್ ಹಂಗಿಲ್ಲ (Prajavani, July 14, 2014).
Soon, all 14 volumes of Kannada encyclopaedia to be online (by R. Krishna Kumar, The Hindu, July 15, 2014).
ವಿಕಿಪಿಡಿಯಾಗೆ ಕನ್ನಡ ವಿಶ್ವಕೋಶ (Kannada Prabha, July 15, 2014).
ಕನ್ನಡ ವಿಶ್ವಕೋಶದ ಆರು ಸಂಪುಟ ವಿಕಿಪೀಡಿಯಾಗೆ (Udayavani, July 15, 2014).
ವಿಕಿಪೀಡಿಯಾದಲ್ಲಿ kannada ವಿಶ್ವಕೋಶ : ಈಗ ಆನ್ ಲೈನ್ ನಲ್ಲಿ 6 ಸಂಪುಟಗಳು ಮುಕ್ತ…ಮುಕ್ತ……( Just Kannada, July 15, 2014).
Six Kannada encyclopaedias released (Webindia 123, July 15, 2014).
150 Rare Books Get New Lease of Life Online, Courtesy Students (by Anila Backer, New Indian Express, July 15, 2014).
Open Access: Students help revive and digitize rare books for Malayalam Wiki Library (Spicy IP, July 15, 2014).
'Trolled' from US Congress, Wikipedia bans edits (by Narayan Lakshman, The Hindu, July 25, 2014).
Telugu Wikipedia struggles to stay afloat (by Renuka Phadnis, The Hindu, July 27, 2014).
The joys of being a Wikipedian (by Svetlana Lasrado, New Indian Express, July 29, 2014).
Kannada Wikipedia Presentation (Vijayavani, July 30, 2014).
Kannada Wikipedia Presentation for Kannada Science Writers (Prajavani, July 31, 2014).

►Openness

Blog Entries

Mozilla brings Indian Communities together Twice in One Month (by Subhashish Panigrahi, Mozilla Website, July 8, 2014).
Mozilla Brings Indian Communities Together (by Subhashish Panigrahi, Opensource.com, July 13, 2014).
Department of Biotechnology and Department of Science, Ministry of Science and Technology, Government of India, release Open Access Policy (by Anubha Sinha, July 18, 2014). We have also been acknowledged in the policy.

HasGeek Event

The Fifth Elephant (NIMHANS Convention Centre, July 25-26, 2014). CIS was a community outreach partner.

Media Coverage

Plan for open access to science research (by Renuka Phadnis, The Hindu, July 22, 2014).
Indian Govt looks to provide free access to publicly-funded research works (by Riddhi Mukherjee, Medianama, July 23, 2014).

-----------------------------------------------
Internet Governance
-----------------------------------------------

►Freedom of Expression

As part of our project on Freedom of Expression (funded through a grant from the MacArthur Foundation) to study the restrictions placed on freedom of expression online by the Indian government and contribute to the debates around Internet governance and freedom of expression at forums like ICANN, ITU, IGF, WSIS, etc., we bring you the following outputs:

Blog Entries

ICANN’s Documentary Information Disclosure Policy – I: DIDP Basics (by Vinayak Mithal, July 1, 2014).
Reading the Fine Script: Service Providers, Terms and Conditions and Consumer Rights (by Jyoti Panday, July 2, 2014).
Facebook and its Aversion to Anonymous and Pseudonymous Speech (by Jessamine Mathew, July 4, 2014).
Free Speech and Surveillance (by Gautam Bhatia, July 7, 2014).
Delhi High Court Orders Blocking of Websites after Sony Complains Infringement of 2014 FIFA World Cup Telecast Rights (by Anubha Sinha, July 8, 2014).
GNI and IAMAI Launch Interactive Slideshow Exploring Impact of India's Internet Laws (by Jyoti Panday, July 17, 2014).

FOEX Live

We are also posting a selection of news from across India implicating online freedom of expression and use of digital technology: July 7, 2014.

►Privacy

As part of our Surveillance and Freedom: Global Understandings and Rights Development (SAFEGUARD) project with Privacy International we are engaged in enhancing respect for the right to privacy in developing countries. We have produced the following outputs during the month:

Blog Entries

Models for Surveillance and Interception of Communications Worldwide (by Bedavyasa Mohanty, July 2, 2014).
The Constitutionality of Indian Surveillance Law: Public Emergency as a Condition Precedent for Intercepting Communications (by Bedavyasa Mohanty, July 4, 2014).
UK’s Interception of Communications Commissioner — A Model of Accountability (by Joe Sheehan, July 24, 2014).

Event Report

First Privacy and Surveillance Roundtable (by Anandini K Rathore, July 18, 2014).

Article

Private Censorship and the Right to Hear (by Chinmayi Arun, The Hoot, July 17, 2014). The article was also mirrored on the website of the Centre for Communication Governance.

Participation in Events

Information Influx Conference (organized by the Institute for Information Law, University of Amsterdam, July 2 – 4, 2014). Malavika Jayaram was a speaker.
Consultation to Frame Rules under the Whistle Blowers Protection Act, 2011 (organized by National Campaign for People's Right to Information and Centre for Communication Governance, National Law University, New Delhi, July 5, 2014). Bhairav Acharya participated in the event.
Best Practices Meet (organized by DSCI, Hotel Leela Palace, Bangalore, July 9, 2014). Sunil Abraham was a panelist.
Rethinking Privacy: The Link between Florida v. Jardines and the Surveillance of Nature Films (organized by Indian Institute of Technology, Madras, July 11, 2014). Bhairav Acharya gave a talk.
Region as Frame: Politics, Presence, Practice (organized by International Association for Media and Communication Research, Hyderabad, July 18, 2014). Sunil Abraham was a speaker for these panels: Governing Digital Spaces: Issues of Access, Privacy and Freedom, UNESCO panel debate, and Special Session on Research Paths In and Outside of the Academy.
ICT Awareness Program for Myanmar Parliamentarians (organized by Myanmar ICT for Development Organization, July 26 – 27, 2014, Yangon). Sunil Abraham participated in the event as a speaker and presented on Innovation Ecosystem and Thinking about Internet Regulation.

--------------------------------------
News & Media Coverage
--------------------------------------
CIS gave its inputs to the following media coverage:

Cyber-crimes shoot up 52% in India over last year (by K.V.Kurmanath, Hindu Businessline, July 2, 2014).
COAI, Centre for Internet & Society to hold pan-India meetings on privacy issues (IANS, July 4, 2014). The news was mirrored in the Times of India , NDTV, Business Standard , Economic Times , and World News.
Living in a Fish Bowl (by Shuma Raha, The Telegraph, July 16, 2014).
Terror recruiters target Indians on internet (by Sandhya Soman, July 18, 2014).
The trouble with trolls (by Vishal Mathur, Livemint, July 22, 2014).
India’s dedicated Cryptology centre gets Rs. 115 crore funding (by Harichandan Arakali, SearchSecurity.in, July 28, 2014).

►Cyber Stewards
As part of its project on mapping cyber security actors in South Asia and South East Asia with the Citizen Lab, Munk School of Global Affairs, University of Toronto and the International Development Research Centre, Canada, CIS conducted 2 new interviews. With this it has finished a total of 19 interviews:

Video Interviews

Lobsang Gyatso Sither (July 31, 2014).

Lobsang Sangay (July 31, 2014).

--------------------------------
Digital Humanities
--------------------------------
CIS is building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia:

Peer Reviewed Article

Asia in the Edges: A Narrative Account of the Inter-Asia Cultural Studies Summer School in Bangalore (by Nishant Shah, Inter-Asia Cultural Studies Journal, Volume 15, Issue 2, July 3, 2014). This is the narrative account of the experiments and ideas that shaped the second Summer School, “The Asian Edge” which was hosted in Bangalore, India, in 2012.

Blog Entry

Reading from a Distance — Data as Text (by P.P. Sneha, July 23, 2014).

-----------------------------------------------------
About CIS
-----------------------------------------------------
The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

► Follow us elsewhere

Twitter: https://twitter.com/CISA2K
Facebook group: https://www.facebook.com/cisa2k
Visit us at: https://meta.wikimedia.org/wiki/India_Access_To_Knowledge
E-mail: a2k@cis-india.org

► Support Us
Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

► Request for Collaboration:
We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, atsunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org. To discuss collaborations on Indic language Wikipedia, write to T. Vishnu Vardhan, Programme Director, A2K, at vishnu@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/july-2014-bulletin

Identity and Databases

praskrishna — 2014-08-07T08:32:16Z

The Centre for Internet and Society (CIS) and the Say No to UID Campaign invite you to a discussion identity, databases and facilitating technologies that explores the use of personal identifiers across databases and the potential violations of privacy on August 9, 2014 (10.30 a.m. to 1.00 p.m.) at the CIS office in Bangalore.

The discussions will specifically focus on the UID and the NPR and seek to answer:

What information is being collected and databased by each scheme?
What type of technology is needed to collect and database this information?
How and where is this information being databased?
What are the potential risks to the databasing of this information?
Are there legal safeguards protecting against misuse of this information, and if not, what safeguards are needed?
Is there a difference between the state collecting, storing, and using this information and a private entity?

For more details visit https://cis-india.org/events/identity-and-databases

Learning to Forget the ECJ's Decision on the Right to be Forgotten and its Implications

divij — 2014-08-19T05:24:00Z

“The internet never forgets” is a proposition which is equally threatening and promising.

The phrase reflects the dichotomy presented by the extension on the lease of public memory granted by the internet – as information is more accessible and more permanent, letting go of the past is becoming increasingly difficult. The question of how to govern information on the internet – a space which is growing increasingly important in society and also one that presents a unique social environment - is one that persistently challenges courts and policy makers. A recent decision by the European Court of Justice, the highest judicial authority of the European Union, perfectly encapsulates the way the evolution of the internet is constantly changing our conceptions of individual privacy and the realm of information. On the 13^th of May, 2014, the ECJ in its ruling in Google v Costeja,[1] effectively read a “right to be forgotten” into existing EU data protection law. The right, broadly, provides that an individual may be allowed to control the information available about them on the web by removing such information in certain situations - known as the right to erasure. In certain situations such a right is non-controversial, for example, the deletion of a social media profile by its user. However, the right to erasure has serious implications for the freedom of information on the internet when it extends to the removal of information not created by the person to whom it pertains.

Privacy and Perfect Memory

The internet has, in a short span, become the biggest and arguably the most important tool for communication on the planet. However, a peculiar and essential feature of the internet is that it acts as a repository and a reflection of public memory – usually, whatever is once made public and shared on the internet remains available for access across the world without an expiry date. From public information on social networks to comments on blog posts, home addresses, telephone numbers and candid photos, personal information is disseminated all across the internet, perpetually ready for access - and often without the possibility of correcting or deleting what was divulged. This aspect of the internet means that the internet is a now an ever-growing repository of personal data, indexed and permanently filed. This unlimited capacity for information has a profound impact on society and in shaping social relations.

The core of the internet lies in its openness and accessibility and the ability to share information with ease – most any information to any person is now a Google search away. The openness of information on the internet prevents history from being corrupted, facts from being manipulated and encourages unprecedented freedom of information. However, these virtues often become a peril when considering the vast amount of personal data that the internet now holds. This “perfect memory” of the internet means that people are perpetually under the risk of being constantly scrutinized and being tied to their pasts, specifically a generation of users that from their childhood have been active on the internet.[2] Consider the example of online criminal databases in the United States, which regularly and permanently upload criminal records of convicted offenders even after their release, which is accessible to all future employers;[3] or the example of the Canadian psychotherapist who was permanently banned from the United States after an internet search revealed that he had experimented with LSD in his past; [4] or the cases of “revenge porn” websites, which (in most cases legally) publically host deeply private photos or videos of persons, often with their personal information, for the specific purpose of causing them deep embarrassment. [5]

These examples show that, due to the radically unrestricted spread of personal data across the web, people are no longer able to control how and by whom and in what context their personal data is being viewed. This creates the vulnerability of the data collectively being “mined” for purposes of surveillance and also of individuals being unable to control the way personal data is revealed online and therefore lose autonomy over that information.

The Right to be Forgotten and the ECJ judgement in Costeja

The problems highlighted above were the considerations for the European Union data protection regulation, drafted in 2012, which specifically provides for a right to be forgotten, as well as the judgement of the European Court of Justice in Google Spain v Mario Costeja Gonzalves.

The petitioner in this case, sought for the removal of links related to attachment proceedings for his property, which showed up upon entering his name on Google’s search engine. After refusing to remove the links, he approached the Spanish Data Protection Agency (the AEPD) to order their removal. The AEPD accepted the complaints against Google Inc. and ordered the removal of the links. On appeal to the Spanish High Court, three questions were referred to the European Court of Justice. The first related to the applicability of the data protection directive (Directive 95/46/EC) to search engines, i.e. whether they could be said to be “processing personal data” under Article 2(a) and (b) of the directive,[6] and whether they can be considered data controllers as per Section 2(d) of the directive. The court found that, because the search engines retrieve, record and organize data, and make it available for viewing (as a list of results), they can be said to process data. Further, interpreting the definition of “data controller” broadly, the court found that ‘ It is the search engine operator which determines the purposes and means of that activity and thus of the processing of personal data that it itself carries out within the framework of that activity and which must, consequently, be regarded as the ‘controller’ ’[7] and that ‘ it is undisputed that that activity of search engines plays a decisive role in the overall dissemination of those data in that it renders the latter accessible to any internet user making a search on the basis of the data subject’s name, including to internet users who otherwise would not have found the web page on which those data are published.’[8] The latter reasoning highlights the particular role of search engines, as indexers of data, in increasing the accessibility and visibility of data from multiple sources, lending to the “database” effect, which could allow the structured profiling of an individual, and therefore justifies imposing the same (and even higher) obligations on search engines as on other data controllers, notwithstanding that the search engine operator has no knowledge of the personal data which it is processing.

The second question relates to the territorial scope of the directions, i.e. whether Google Inc., being the parent company based out of the US, came within the court’s jurisdiction – which only applies to member states of the EU. The court held that even though it did not carry on the specific activity of processing personal data, Google Spain, being a subsidiary of Google Inc. which promotes and sells advertisement for the parent company, was an “establishment” in the EU and Google Inc., and, because it processed data “in the context of the activities” of the establishment specifically directed towards the inhabitants of a member state (here Spain), came under the scope of the EU law. The court also reaffirmed a broad interpretation of the data protection law in the interests of the fundamental right to privacy and therefore imputed policy considerations in interpreting the directive. [9]

The third question was whether Google Spain was in breach of the data protection directive, specifically Articles 12(b) and 14(1)(a), which state that a data subject may object to the processing of data by a data controller, and may enforce such a right against the data controller, as long as the conditions for their removal are met. The reasoning for enforcing such a claim against search engines in particular can be found in paragraphs 80 and 84 of the judgement, where the court holds that “(a search engine) enables any internet user to obtain through the list of results a structured overview of the information relating to that individual that can be found on the internet — information which potentially concerns a vast number of aspects of his private life and which, without the search engine, could not have been interconnected or could have been only with great difficulty — and thereby to establish a more or less detailed profile of him.” and that “ Given the ease with which information published on a website can be replicated on other sites and the fact that the persons responsible for its publication are not always subject to European Union legislation, effective and complete protection of data users could not be achieved if the latter had to obtain first or in parallel the erasure of the information relating to them from the publishers of websites.” In fact, the court seems to apply a higher threshold for search engines due to their peculiar nature as indexes and databases. [10]

Under the court’s conception of the right of erasure, search engines are mandated to remove content upon request by individuals, when the information is deemed to be personal data that is “ inadequate, irrelevant or excessive in relation to the purposes of the processing, that they are not kept up to date, or that they are kept for longer than is necessary unless they are required to be kept for historical, statistical or scientific purposes,” [11] notwithstanding that the publication itself is lawful and causes no prejudice to the data subject. The court reasoned that when the data being projected qualified on any of the above grounds, it would violate Article 6 of the directive, on grounds of the data not being processed “ fairly and lawfully’, that they are ‘collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes’, that they are ‘adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed’, that they are ‘accurate and, where necessary, kept up to date’ and, finally, that they are ‘kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed’.” [12] Therefore, the court held that, due to the nature of the information, the data subject has a right to no longer have such information linked to his or her name on a list of results following a search made on their name. The grounds laid down by the court, i.e. relevancy, inadequacy, etc. are very broad, yet such a broad conception is necessary in order to effectively deal with the problems of the nature described above.

The judgement of the ECJ concludes by applying a balancing test between the rights of the data subject and both the economic rights of the data controller as well as the general right of the public to information. It states that generally, as long as the information meets the criteria laid down by the directive, the right of the data subject trumps both these rights. However, it adds an important caveat – such a right is inapplicable “ the in specific cases, on the nature of the information in question and its sensitivity for the data subject’s private life and on the interest of the public in having that information, an interest which may vary, in particular, according to the role played by the data subject in public life.” This crucial point on the balancing of two rights directly hit by the judgement was only summarily dealt with by the ECJ, without effectively giving any clarity as to what standards to apply or laying down any specific guidelines for the application of the new rule. [13] Doing so, it effectively left the decision to determine what was in the public interest and how the rights are to be balanced to the search engines themselves. Delegating such a task to a private party takes away from the idea of the internet as a common resource which should be developed for the benefit of the larger internet community as a whole, by allowing it to be governed and controlled by private stakeholders, and therefore paves an uncertain path for this crucial aspect of internet governance.

Implications of the ECJ ruling

The decision has far reaching consequences on both privacy and on freedom of information on the internet. Google began implementing the decision through a form submission process, which requires the individual to specify which links to remove and why, and verifies that the request comes from the individual themselves via photo identification, and has also constituted an expert panel to oversee its implementation (similar to the process for removing links which infringe copyright law).[14] Google has since received more than 91,000 requests for removal, pertaining to 328,000 links of which it has approved more than half.[15] In light of such large volumes of data to process, the practical implementation of the ruling has been necessarily problematic. The implementation has been criticized both for implicating free speech on the internet as well as disregarding the spirit of the right to be forgotten. On the first count, Google has been criticized for taking down several links which are clearly are in public interest to be public, including several opinion pieces on politicians and corporate leaders, which amounts to censorship of a free press.[16] On the second count, EU privacy watchdogs have been critical of Google’s decision to notify sources of the removed content, which prompts further speculation on the issue, and secondly, privacy regulators have challenged Google’s claim that the decision is restricted to the localised versions of the websites, since the same content can be accessed through any other version of the search engine, for example, by switching over to “Google.com”.[17]

This second question also raises complicated questions about the standards for free speech and privacy which should apply on the internet. If the EU wishes for Google Inc. to remove all links from all versions of its search engine, it is, in essence, applying the balancing test of privacy and free speech which are peculiar to the EU (which evolved from a specific historical and social context, and from laws emerging out of the EU) across the entire world, and is radically different from the standard applicable in the USA or India, for example. In spirit, therefore, although the judgement seeks to protect individual privacy, the vagueness of the ruling and the lack of guidelines has had enormous negative implications for the freedom of information. In light of these problems, the uproar that has been caused in the two months since the decision is expected, especially amongst news media sites which are most affected by this ruling. However, the faulty application of the ruling does not necessarily mean that a right to be forgotten is a concept which should be buried. Proposed solutions such as archiving of data or limited restrictions, instead of erasure may be of some help in maintaining a balance between the two rights.[18] EU regulators hope to end the confusion through drafting comprehensive guidelines for the search engines, pursuant to meetings with various stakeholders, which should come out by the end of the year. [19] Until then, the confusion will most likely continue.

Is there a Right to be Forgotten in India?

Indian law is notorious for its lackadaisical approach towards both freedom of information and privacy on the internet. The law, mostly governed by the Information Technology Act, is vague and broad, and the essence of most laws is controlled by the rules enacted by non-legislative bodies pursuant to various sections of the Act. The “right to be forgotten” in India can probably be found within this framework, specifically under Rule 3(2) of the Intermediary Guideline Rules, 2011, under Section 79 of the IT Act. Under this rule, intermediaries are liable for content which is “invasive of another’s privacy”. Read with the broad definition of intermediaries under the same rules (which includes search engines specifically) and of “affected person”, the applicable law for takedown of online content is much more broad and vague than the standard laid down in Costeja. It remains to be seen whether the EU’s interpretation of privacy and the “right to be forgotten” would further the chilling effect caused by these rules.

[1] Google Spain v Mario Costeja Gonzalves, C‑131/12, Available at http://curia.europa.eu/juris/document/document.jsf?text=&docid=152065&pageIndex=0&doclang=en&mode=req&dir=&occ=first&part=1&cid=264438.

[2] See Victor Mayer-Schonberger, Delete: The Virtue of Forgetting in the Digital Age, (Princeton, 2009).

[3] For example, See http://mugshots.com/; and http://www.peoplesearchpro.com/resources/background-check/criminal-records/

[4] LSD as Therapy? Write about It, Get Barred from US, (April, 2007) available at

http://thetyee.ca/News/2007/04/23/Feldmar/

[5] It’s nearly impossible to get revenge porn of the internet, (June, 2014), available t http://www.vox.com/2014/6/25/5841510/its-nearly-impossible-to-get-revenge-porn-off-the-internet

[6] Article 2(a) - “personal data” shall mean any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

Article 2(b) - “ processing of personal data” (“processing”) shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;

[7] ¶36, judgment.

[8] The court also recognizes the implications on data profiling through the actions of search engines organizing results in ¶37.

[9] ¶74 judgment.

[10] In ¶83, the court notes that the processing by a search engine affect the data subject additionally to publication on a webpage; ¶87 - Indeed, since the inclusion in the list of results, displayed following a search made on the basis of a person’s name, of a web page and of the information contained on it relating to that person makes access to that information appreciably easier for any internet user making a search in respect of the person concerned and may play a decisive role in the dissemination of that information, it is liable to constitute a more significant interference with the data subject’s fundamental right to privacy than the publication on the web page.

[11] ¶92, judgment.

[12] ¶72, judgment.

[13] ¶81, judgment.

[14] The form is available at https://support.google.com/legal/contact/lr_eudpa?product=websearch

[15] Is Google intentionally overreacting on the right to be forgotten? (June, 2014), available at http://www.pcpro.co.uk/news/389602/is-google-intentionally-overreacting-on-right-to-be-forgotten.

[16] Will the right to be forgotten extend to Google.com?, (July, 2014), available at http://www.pcpro.co.uk/news/389983/will-right-to-be-forgotten-extend-to-google-com.

[17] The right to be forgotten is a nightmare to enforce, (July, 2014), available at http://www.forbes.com/sites/kashmirhill/2014/07/24/the-right-to-be-forgotten-is-a-nightmare-to-enforce.

[18] Michael Hoven, Balancing privacy and speech in the right to be forgotten, available ati http://jolt.law.harvard.edu/digest/privacy/balancing-privacy-and-speech-in-the-right-to-be-forgotten#_edn15

[19] EU poses 26 questions on the right to be forgotten, (July, 2014), available at http://www.cio-today.com/article/index.php?story_id=1310024135B0

For more details visit https://cis-india.org/internet-governance/blog/learning-to-forget-ecj-decision-on-the-right-to-be-forgotten-and-its-implications

Oyo Hotels’ Real-Time Digital Record Database Sparks Privacy Fears

Admin — 2019-01-18T02:26:50Z

Oyo Hotels’ pilot to maintain a real-time digital database of guests and plan to share it with law-enforcement agencies has triggered privacy concerns.

The article by Nishant Sharma was published by Bloomberg Quint on January 16, 2019. Pranesh Prakash was quoted.

The digital check-in and check-out database of guests will do away with the conventional arrival and departure registers, Aditya Ghosh, chief executive India and South Asia at the hotel chain said at a CII event, according to a report in Business Standard. That will make the process efficient and transparent and the SoftBank-backed startup has received acceptance from governments of Haryana, Rajasthan and Telangana for the proposed digitisation of guest entry and departure records, the report said quoting Ghosh.

That triggered an outrage on social media, with users calling it invasion of privacy.

Oyo, in an emailed statement to BloombergQuint, said it will provide information to the law-enforcement agencies about who is staying only after an information order is issued by the police. The company said it will create “stronger data security net”. Oyo, however, didn't clarify who will maintain the data centres.

Centralisation of data of any kind isn't good and will make data more fragile, Sunil Abraham, founder of research think tank Center for Internet and Society, told BloombergQuint. “If someone manages to break into the police data, or where the data is stored then they will be able to have the access to the data. It is always good to store data locally.”

Just last year, Marriott International Inc. reported a hack in which passport numbers, emails and mailing addresses of 327 million of its 500 million Starwood guests was leaked.

To be sure, police always have access to data of customers staying at hotels, one way or the another. As per existing regulations, all hotels, bed and breakfasts and guest-houses have to make an entry of guests checking in and out in a register. This can be checked by the local police when an information order is presented.

Chances of manipulating information in such a register is high, and at times police go through the data without having an information order as well, said an industry executive requesting anonymity.

Srinivas Kodali, a cybersecurity expert, said such a centralised database makes business sense for Oyo because they will get access to data not just of people who booked through them but also of others who checked in without booking online. “Because there is no law, the entities can do it.”

Pranesh Prakash, a technology policy analyst and affiliated fellow at CIS, sees this as an invasion of privacy in the absence of law. Digitisation of data can be allowed only after there’s a law on what happens in the case it’s misused. There is no legal framework about how and where the data will be used, he said.

For more details visit https://cis-india.org/internet-governance/news/bloomberg-quint-nishant-sharma-january-16-2019-oyo-hotels-real-time-digital-record-database-sparks-privacy-fears

A Privacy Round Table in Chennai

praskrishna — 2013-05-06T10:01:45Z

The Centre for Internet and Society, Data Security Council of India and the Federation of Indian Chambers of Commerce and Industry cordially invite you to a "Privacy Round Table" at the Residency Towers in Chennai on Saturday, May 18, 2013, 10.30 a.m. to 4.00 p.m.

To discuss the "Report of the Group of Experts on Privacy" by the Justice AP Shah Committee, the text of the "Citizens' Privacy (Protection) Bill 2013", drafted by the Centre for Internet and Society, and "Strengthening Privacy Protection through Co-regulation" by DSCI.

The discussions and recommendations from the meeting will be published into a compilation, and presented at the Internet Governance meeting planned for October 2013.

Draft Agenda for the Roundtable Discussion

Time	Detail
10.30 a.m.	Overview, explanation, and discussion: The Report of the Group of Experts on Privacy
11.30 a.m.	Overview, explanation, and discussion: Strengthening Privacy Protection through Co-regulation
12.15 p.m.	Tea
12.30 p.m.	Overview, explanation, and discussion: The Citizens Privacy (Protection) Bill 2013
1.15 p.m.	Lunch
2.15 p.m.	In depth discussions: The Citizens Privacy (Protection) Bill 2013
4.15 p.m.	Tea

Confirmations and RSVP

Please send your email confirmations for attending the Chennai Privacy Roundtable on May 18th, 2013, to Snehashish Ghosh at snehashish@cis-india.org, mobile no. +91- 9902763325,latest by end-of-business 5:30 p.m. on Monday May 13, 2013. As the conference is a roundtable dialogue, we request that attendees submit a brief introduction about themselves and their interest in the topic.

For more details visit https://cis-india.org/internet-governance/events/privacy-round-table-chennai

Google Policy Fellowship Programme: Call for Applications

praskrishna — 2013-05-17T01:01:47Z

The Centre for Internet & Society (CIS) is inviting applications for the Google Policy Fellowship programme. Google is providing a USD 7,500 stipend to the India Fellow, who will be selected by July 1, 2013.

The Google Policy Fellowship offers successful candidates an opportunity to develop research and debate on the fellowship focus areas, which include Access to Knowledge, Openness in India, Freedom of Expression, Privacy, and Telecom, for a period of about ten weeks starting from July 7, 2013 upto October 1, 2013. CIS will select the India Fellow. Send in your applications for the position by June 15, 2013.

To apply, please send to google.fellowship@cis-india.org the following materials:

Statement of Purpose: A brief write-up outlining about your interest and qualifications for the programme including the relevant academic, professional and extracurricular experiences. As part of the write-up, also explain on what you hope to gain from participation in the programme and what research work concerning free expression online you would like to further through this programme. (About 1200 words max).
Resume
Three references

Fellowship Focus Areas

Access to Knowledge: Studies looking at access to knowledge issues in India in light of copyright law, consumers law, parallel imports and the interplay between pervasive technologies and intellectual property rights, targeted at policymakers, Members of Parliament, publishers, photographers, filmmakers, etc.

Openness in India: Studies with policy recommendations on open access to scholarly literature, free access to law, open content, open standards, free and open source software, aimed at policymakers, policy researchers, academics and the general public.

Freedom of Expression: Studies on policy, regulatory and legislative issues concerning censorship and freedom of speech and expression online, aimed at bloggers, journalists, authors and the general public.

Privacy: Studies on privacy issues like data protection and the right to information, limits to privacy in light of the provisions of the constitution, media norms and privacy, banking and financial privacy, workplace privacy, privacy and wire-tapping, e-governance and privacy, medical privacy, consumer privacy, etc., aimed at policymakers and the public.

Telecom: Building awareness and capacity on telecommunication policy in India for researchers and academicians, policymakers and regulators, consumer and civil society organisations, education and library institutions and lay persons through the creation of a dedicated web based resource focusing on knowledge dissemination.

Frequently Asked Questions

What is the Google Policy Fellowship program?

The Google Policy Fellowship program offers students interested in Internet and technology related policy issues with an opportunity to spend their summer working on these issues at the Centre for Internet and Society at Bangalore. Students will work for a period of ten weeks starting from June 1, 2013. The research agenda for the program is based on legal and policy frameworks in the region connected to the ground-level perceptions of the fellowship focus areas mentioned above.

I am an International student can I apply and participate in the program? Are there any age restrictions on participating?

Yes. You must be 18 years of age or older by January 1, 2013 to be eligible to participate in Google Policy Fellowship program in 2013.

Are there citizenship requirements for the Fellowship?

For the time being, we are only accepting students eligible to work in India (e.g. Indian citizens, permanent residents of India, and individuals presently holding an Indian student visa. Google cannot provide guidance or assistance on obtaining the necessary documentation to meet the criteria.

Who is eligible to participate as a student in Google Policy Fellowship program?

In order to participate in the program, you must be a student. Google defines a student as an individual enrolled in or accepted into an accredited institution including (but not necessarily limited to) colleges, universities, masters programs, PhD programs and undergraduate programs. Eligibility is based on enrollment in an accredited university by January 1, 2013.

I am an International student can I apply and participate in the program?

In order to participate in the program, you must be a student (see Google's definition of a student above). You must also be eligible to work in India (see section on citizen requirements for fellowship above). Google cannot provide guidance or assistance on obtaining the necessary documentation to meet this criterion.
I have been accepted into an accredited post-secondary school program, but have not yet begun attending. Can I still take part in the program?

As long as you are enrolled in a college or university program as of January 1, 2013, you are eligible to participate in the program.
I graduate in the middle of the program. Can I still participate?

As long as you are enrolled in a college or university program as of January 1, 2013, you are eligible to participate in the program.

Payments, Forms, and Other Administrative Stuff

How do payments work?

Google will provide a stipend of USD 7,500 equivalent to each Fellow for the summer.

Accepted students in good standing with their host organization will receive a USD 2,500 stipend payable shortly after they begin the Fellowship in June 2013.
Students who receive passing mid-term evaluations by their host organization will receive a USD 1,500 stipend shortly after the mid-term evaluation in July 2013.
Students who receive passing final evaluations by their host organization and who have submitted their final program evaluations will receive a USD 3,500 stipend shortly after final evaluations in August 2013.

Please note: Payments will be made by electronic bank transfer, and are contingent upon satisfactory evaluations by the host organization, completion of all required enrollment and other forms. Fellows are responsible for payment of any taxes associated with their receipt of the Fellowship stipend.

*While the three step payment structure given here corresponds to the one in the United States, disbursement of the amount may be altered as felt necessary.

What documentation is required from students?

Students should be prepared, upon request, to provide Google or the host organization with transcripts from their accredited institution as proof of enrollment or admission status. Transcripts do not need to be official (photo copy of original will be sufficient).

I would like to use the work I did for my Google Policy Fellowship to obtain course credit from my university. Is this acceptable?

Yes. If you need documentation from Google to provide to your school for course credit, you can contact Google. We will not provide documentation until we have received a final evaluation from your mentoring organization.

Host Organizations

What is Google's relationship with the Centre for Internet and Society?

Google provides the funding and administrative support for individual fellows directly. Google and the Centre for Internet and Society are not partners or affiliates. The Centre for Internet and Society does not represent the views or opinions of Google and cannot bind Google legally.

Important Dates

What is the program timeline?

June 15, 2013	Student Application Deadline. Applications must be received by midnight.
July 1, 2013	Student applicants are notified of the status of their applications.
July 2013	Students begin their fellowship with the host organization (start date to be determined by students and the host organization); Google issues initial student stipends.
August 2013	Mid-term evaluations; Google issues mid-term stipends.
October 2013	Final evaluations; Google issues final stipends.

For more details visit https://cis-india.org/internet-governance/blog/google-policy-fellowship-call-for-applications-2013

Porn. Panic. Ban: A Conversation on Sexual Expression, Pornography, Sexual Exploitation, Consent

praskrishna — 2015-11-29T07:36:58Z

Point of View and the Internet Democracy Project organized a conference to hold and facilitate an informed conversation on sexual expression, pornography, sexual exploitation and consent. Rohini Lakshané was a speaker. Tanveer Hasan also attended this conference held in New Delhi from October 28 to 30, 2015.

The conference was a first attempt to have an in-depth civil society conversation - among activists, lawyers, researchers working on either gender, sexuality or internet rights, or at their intersections. For more information on the event visit the Internet & Democracy website. Rohini presented her research on online amateur pornography and consent.

For more details visit https://cis-india.org/internet-governance/news/porn-panic-ban-a-conversation-on-sexual-expression-pornography-sexual-exploitation-consent

The Short-lived Adventure of India’s Encryption Policy

bhairav — 2015-11-29T09:03:42Z

Written for the Berkeley Information Privacy Law Association (BIPLA).

During his recent visit to Silicon Valley, Indian Prime Minister Narendra Modi said his government was “giving the highest importance to data privacy and security, intellectual property rights and cyber security”. But a proposed national encryption policy circulated in September 2015 would have achieved the opposite effect.

The policy was comically short-lived. After its poorly-drafted provisions invited ridicule, it was swiftly withdrawn. But the government has promised to return with a fresh attempt to regulate encryption soon. The incident highlights the worrying assault on communications privacy and free speech in India, a concern compounded by the enormous scale of the telecommunications and Internet market.

Even with only around 26 percent of its population online, India is already the world’s second-largest Internet user, recently overtaking the United States. The number of Internet users in India is set to grow exponentially, spurred by ambitious governmental schemes to build a ‘Digital India’ and a country-wide fiber-optic backbone. There will be a corresponding increase in the use of the Internet for communicating and conducting commerce.

Encryption on the Internet

Encryption protects the security of Internet users from invasions of privacy, theft of data, and other attacks. By applying an algorithmic cipher (key), ordinary data (plaintext) is encoded into an unintelligible form (ciphertext), which is decrypted using the key. The ciphertext can be intercepted but will remain unintelligible without the key. The key is secret.

There are several methods of encryption. SSL/TLS, a family of encryption protocols, is commonly used by major websites. But while some companies encrypt sensitive data, such as passwords and financial information, during its transit through the Internet, most data at rest on servers is largely unencrypted. For instance, email providers regularly store plaintext messages on their servers. As a result, governments simply demand and receive backdoor access to information directly from the companies that provide these services. However, governments have long insisted on blanket backdoor access to all communications data, both encrypted and unencrypted, and whether at rest or in transit.

On the other hand, proper end-to-end encryption – full encryption from the sender to recipient, where the service provider simply passes on the ciphertext without storing it, and deletes the metadata – will defeat backdoors and protect privacy, but may not be profitable. End-to-end encryption alarms the surveillance establishment, which is why British Prime Minister David Cameron wants to ban it, and many in the US government want Silicon Valley companies to stop using it.

Communications privacy

Instead of relying on a company to secure communications, the surest way to achieve end-to-end encryption is for the sender to encrypt the message before it leaves her computer. Since only the sender and intended recipient have the key, even if the data is intercepted in transit or obtained through a backdoor, only the ciphertext will be visible.

For almost all of human history, encryption relied on a single shared key; that is, both the sender and recipient used a pre-determined key. But, like all secrets, the more who know it, the less secure the key becomes. From the 1970s onwards, revolutionary advances in cryptography enabled the generation of a pair of dissimilar keys, one public and one private, which are uniquely and mathematically linked. This is asymmetric or public key cryptography, where the private key remains an exclusive secret. It offers the strongest protection for communications privacy because it returns autonomy to the individual and is immune to backdoors.

For those using public key encryption, Edward Snowden’s revelation that the NSA had cracked several encryption protocols including SSL/TLS was worrying. Brute-force decryption (the use of supercomputers to mathematically attack keys) questions the integrity of public key encryption. But, since the difficulty of code-breaking is directly proportional to key size, notionally, generating longer keys will thwart the NSA, for now.

The crypto-wars in India

Where does India’s withdrawn encryption policy lie in this landscape of encryption and surveillance? It is difficult to say. Because it was so badly drafted, understanding the policy was a challenge. It could have been a ham-handed response to commercial end-to-end encryption, which many major providers such as Apple and WhatsApp are adopting following consumer demand. But curiously, this did not appear to be the case, because the government later exempted WhatsApp and other “mass use encryption products”.

The Indian establishment has a history of battling commercial encryption. From 2008, it fought Blackberry for backdoor access to its encrypted communications, coming close to banning the service, which dissipated only once the company lost its market share. There have been similar attempts to force Voice over Internet Protocol providers to fall in line, including Skype and Google. And there is a new thrust underway to regulate over-the-top content providers, including US companies.

The policy could represent a new phase in India’s crypto-wars. The government, emboldened by the sheer scale of the country’s market, might press an unyielding demand for communications backdoors. The policy made no bones of this desire: it sought to bind communications companies by mandatory contracts, regulate key-size and algorithms, compel surrender of encryption products including “working copies” of software (the key generation mechanism), and more.

The motives of regulation

The policy’s deeply intrusive provisions manifest a long-standing effort of the Indian state to dominate communications technology unimpeded by privacy concerns. From wiretaps to Internet metadata, intrusive surveillance is not judicially warranted, does not require the demonstration of probable cause, suffers no external oversight, and is secret. These shortcomings are enabling the creation of a sophisticated surveillance state that sits ill with India’s constitutional values.

Those values are being steadily besieged. India’s Supreme Court is entertaining a surge of clamorous litigation to check an increasingly intrusive state. Only a few months ago, the Attorney-General – the government’s foremost lawyer – argued in court that Indians did not have a right to privacy, relying on 1950s case law which permitted invasive surveillance. Encryption which can inexpensively lock the state out of private communications alarms the Indian government, which is why it has skirmished with commercially-available encryption in the past.

On the other hand, the conflict over encryption is fueled by irregular laws. Telecoms licensing regulations restrict Internet Service Providers to 40-bit symmetric keys, a primitively low standard; higher encryption requires permission and presumably surrender of the shared key to the government. Securities trading on the Internet requires 128-bit SSL/TLS encryption while the country’s central bank is pushing for end-to-end encryption for mobile banking. Seen in this light, the policy could simply be an attempt to rationalize an uneven field.

Encryption and freedom

Perhaps the government was trying to restrict the use of public key encryption and Internet anonymization services, such as Tor or I2P, by individuals. India’s telecoms minister stated: “The purport of this encryption policy relates only to those who encrypt.” This was not particularly illuminating. If the government wants to pre-empt terrorism – a legitimate duty, this approach is flawed since regardless of the law’s command arguably no terrorist will disclose her key to the government. Besides, since there are very few Internet anonymizers in India who are anyway targeted for special monitoring, it would be more productive for the surveillance establishment to maintain the status quo.

This leaves harmless encrypters – businesses, journalists, whistle blowers, and innocent privacy enthusiasts. For this group, impediments to encryption interferes with their ability to freely communicate. There is a proportionate link between encryption and the freedom of speech and expression, a fact acknowledged by Special Rapporteur David Kaye of the UN Human Rights Council, where India is a participating member. Kaye notes: “Encryption and anonymity are especially useful for the development and sharing of opinions, which often occur through online correspondence such as e-mail, text messaging, and other online interactions.”

This is because encryption affords privacy which promotes free speech, a relationship reiterated by the previous UN Special Rapporteur, Frank La Rue. On the other hand, surveillance has a “chilling effect” on speech. In 1962, Justice Subba Rao’s famous dissent in the Indian Supreme Court presciently connected privacy and free speech:

The act of surveillance is certainly a restriction on the [freedom of speech]. It cannot be suggested that the said freedom…will sustain only the mechanics of speech and expression. An illustration will make our point clear. A visitor, whether a wife, son or friend, is allowed to be received by a prisoner in the presence of a guard. The prisoner can speak with the visitor; but, can it be suggested that he is fully enjoying the said freedom? It is impossible for him to express his real and intimate thoughts to the visitor as fully as he would like. To extend the analogy to the present case is to treat the man under surveillance as a prisoner within the confines of our country and the authorities enforcing surveillance as guards. So understood, it must be held that the petitioner’s freedom under [the right to free speech under the Indian] Constitution is also infringed.

Kharak Singh v. State of Uttar Pradesh (1964) 1 SCR 332, pr. 30.

Perhaps the policy expressed the government’s discomfort at individual encrypters escaping surveillance, like free agents evading the state’s control. How should the law respond to this problem? Daniel Solove says the security of the state need not compromise individual privacy. On the other hand, as Ronald Dworkin influentially maintained, the freedoms of the individual precede the interests of the state.

Security and trade interests

However, even when assessed from the perspective of India’s security imperatives, the policy would have had harmful consequences. It required users of encryption, including businesses and consumers, to store plaintext versions of their communications for ninety days to surrender to the government upon demand. This outrageously ill-conceived provision would have created real ‘honeypots’ (originally, honeypots are decoy servers to lure hackers) of unencrypted data, ripe for theft. Note that India does not have a data breach law.

The policy’s demand for encryption companies to register their products and give working copies of their software and encryption mechanisms to the Indian government would have flown in the face of trade secrecy and intellectual property protection. The policy’s hurried withdrawal was a public relations exercise on the eve of Prime Minister Modi’s visit to Silicon Valley. It was successful. Modi encountered no criticism of his government’s visceral opposition to privacy, even though the policy would have severely disrupted the business practices of US communications providers operating in India.

Encryption invites a convergence of state interests between India and US as well: both countries want to control it. Last month’s joint statement from the US-India Strategic and Commercial Dialogue pledges “further cooperation on internet and cyber issues”. This innocuous statement masks a robust information-gathering and -sharing regime. There is no guarantee against the sharing of any encryption mechanisms or intercepted communications by India.

The government has promised to return with a reworked proposal. It would be in India’s interest for this to be preceded by a broad-based national discussion on encryption and its links to free speech, privacy, security, and commerce.

Click to read the post published on Free Speech / Privacy / Technology website.

For more details visit https://cis-india.org/internet-governance/blog/the-short-lived-adventure-of-india2019s-encryption-policy

Shopping on apps raise privacy and security concerns

praskrishna — 2017-03-21T14:56:26Z

The recently concluded online Diwali sales frequently offered consumers hefty discounts on merchandise if they shopped via store app, a move that experts say increases security risks for internet users.

The article by Vivek Ananth was published by the Softcopy, an IIJNM Web Publication on November 23, 2015. Sunil Abraham gave inputs.

“It makes the security much worse because of increased complexity from the user perspective,” said Sunil Abraham, executive director at Centre for Internet and Society.

“User will have to install multiple apps and then worry about the security implications arising from each app. From the e-commerce corporation perspective it might reduce effort but for users this is a nightmare.”

Do apps increase security risks?

The degree of risk depends on the specific app and can only be determined after a detailed security audit, Abraham said.

“Unfortunately there aren't many organisations doing such audits and making their results available to the public,” he added.

There are some users who say that privacy on the internet isn’t an option.

“Once you are online your privacy is kind of gone,” said Hasmit Trivedi of Mumbai. “I mean you are vulnerable.”

“That (browsing history being used to target advertisements) does concern me, but not to the extent that I'll stop using these websites,” said Sweta Rajan, a lawyer from Mumbai.

“Google has done this forever," said Dinoo Muthappa.“I don't even care if they use my search to place advertisements of what they think I need while browsing.”

Comfort and Convenience trumps privacy

“I don't really shop for things I'm not comfortable allowing the world to know. I'm ok with them using this (usage pattern and browsing information) for commercial reasons,” Rajan said.

“We live in a world where the cost of convenience is our privacy. Take my user preferences,” said Dinoo Muthappa, a lawyer from Delhi.“If it means you'll make money and somehow reflect as a discount to me later, that's fine,” she added.

“I frankly don't have a problem with it in principle,” said Akshara Kumar Chitoor, a lawyer from Bengaluru, about companies mining data to target advertisements at her. “I don't think it's very different from how certain TV channels carry certain advertisements because they know the audiences.I mean, you get Rin and Horlicks ads on Zee and Sony but not Romedy Now or Comedy Central.”

“The convenience of having it come home when I want and not having to face the guy who I know is ripping me off; these guys can use and sell my information,” Muthappa said.

“With my work timings I literally do not find time to go to a store and shop,”Rajan said. “I buy everything online. It's very convenient and time saving.”

“Personally, I think just browsing stuff to buy is much easier on your computer,” said Sreenath Unnikrishnan, a product developer from Singapore. “However, I do think apps are more convenient for payment. As in your card information is normally stored and can be accessed without having to log in and all. I can do that on a computer too, but it's less secure. At least that's what I think.”

Google and Facebook have their advertisement norms disclosed.

Twitter also follows a similar model using the email ids that their users have associated with their twitter handles.

“If the service is free - then as many have said before - you are the product, said Sunil Abraham executive director at Centre for Internet and Society. “Your personal information is being sold to marketers and advertisers. As Bruce Schneier puts it ‘surveillance is the business model of the Internet’".

The terms and conditions are sometimes very long and use difficult language.

“Transparency and Informed Consent are principles in most jurisdictions that have data protection law modelled on the EU Data Protection Directive,” Abraham said.“Part of the transparency principle is the accessibility of the language.”

The user though still has an option to opt out of the above process where their data is collected by these companies.
Privacy policies of internet companies are legal documents. These are required under data protection laws. This makes them complicated, said Abraham.

The users don’t care that their usage data is being mined by businesses till they have a bad experience, Abraham said.

For more details visit https://cis-india.org/internet-governance/news/the-soft-copy-vivek-ananth-november-23-2015-shopping-on-apps-raise-privacy-and-security-concerns

Take-away from the I&J Project Workshop at the UN Internet Governance Forum 2015

praskrishna — 2015-11-30T14:09:57Z

The Internet & Jurisdiction Project organized the workshop “Transnational due process: A case study in multi-stakeholder cooperation” at the Internet Governance Forum convened by the United Nations on November 13, 2015.

This was published on Internet & Jurisdiction website.

The 4-day conference convened over 2000 high-level participants from states, major global Internet companies, technical Internet operators, international organizations, civil society groups and academia.

Video

The workshop organized by the I&J Project discussed how to address the tension between the cross-border nature of the Internet and a patchwork of national jurisdictions by enabling multi-stakeholder cooperation. Sunil Abraham, the Director of CIS India, stressed the limits of traditional modes of inter-state legal cooperation on the Internet:

The MLAT system is completely broken […] both from the demand side and also from the supply side.

The US Cyber Coordinator of the State Department, Christopher Painter, stated the need to streamline procedures of Mutual Legal Assistance Treaties, but also highlighted the importance of pursuing in parallel more innovative approaches, such as the Internet & Jurisdiction process:

MLATS are not always the right answer. There are other answers between law enforcement channels in terms of joint investigations and there are also creative solutions that might take some of the burden off that MLAT process and I think that those are worthy of exploration.

Representing the Canadian ccTLD .ca, Mark Bull reflected upon how to develop such solutions to maintain the global nature of the Internet.

We are talking about incredibly complex issues here and I believe that complexity necessitates a multi-stakeholder process to identify solutions. And that is what I think the beauty of the Internet & Jurisdiction Project is. And it’s why because of the multi-stakeholder structure, that’s why we believe it is the best and the most effective form for discussing issues this complex.

Panelist Eileen Donahoe, the Director of Global Affairs at Human Rights Watch applauded the progress the Internet & Jurisdiction process made since 2012:

Let me say that the work of the I&J Project has been relentless and it is really important. This is one of the most complex spaces in Internet governance

The jurisdiction topic has become one of the most pressing Internet governance challenges, as I&J Project Director and Co-Founder Bertrand de La Chapelle pointed out:

There is a real element of urgency. The jurisdiction issue is at the core of many Internet governance problems. And it has been said in many workshops here in the IGF, but also outside of it. The problem is really getting worse. The jurisdiction problem is probably one of the biggest threats to the fabric of the Internet as we know it.

The objective of the workshop was to gather participants in the global Internet & Jurisdiction process from different stakeholder groups to report on progress and achievements. Furthermore, the workshop deepened the understanding of how to address jurisdictional tensions around the Internet and establish innovative legal cooperation mechanisms to prevent its fragmentation along national territorial boundaries.Council of Europe’s Elvana Thaci reminded participants of the importance to develop harmonized procedures across borders, as

Harmonization of substance is very difficult because the understanding of unlawfulness of content is very diverse.

Facebook’s Head of Policy Development, Matt Perault, talked about the need for appropriate procedures:

I am here because I believe the I&J Project is devoted to figuring out how to think about mechanisms for a race to the top on the issue of jurisdiction.

The pioneering Internet & Jurisdiction process has engaged more than 100 key entities around the world, creating a unique neutral space to build trust and catalyze operational solutions. As Will Hudson, Google’s Senior Advisor for International Policy, said:

We need to find solutions that work for all parties. It is one of the great strengths of the I&J Project, that it is looking at this challenge head on. We need to do things in this multi-stakeholder manner, and talk as a community because everyone has a stake in this and we cannot do this alone.

Participants

ANNE CARBLANC, Head of Division, Directorate for Science, Technology and Industry, OECD
BYRON HOLLAND, President and CEO, CIRA (Canadian ccTLD)
CHRISTOPHER PAINTER, Coordinator for Cyber Issues, US Department of State
EILEEN DONAHOE, Director Global Affairs, Human Rights Watch
EVANA THACI, Administrator, Council of Europe
MATT PERAULT, Head of Policy Development, Facebook
SUNIL ABRAHAM, Executive Director, CIS India
WILL HUDSEN, Senior Advisor for International Policy, Google

For more details visit https://cis-india.org/internet-governance/news/take-away-from-the-i-j-project-workshop-at-the-un-internet-governance-forum-2015