Centre for Internet and Society

Ubiquity, Mobility, Globality: Charting Directions in Mobile Phone Studies

praskrishna — 2014-12-04T16:27:26Z

Nehaa Chaudhari made a presentation at the Ubiquity, Mobility, Globality : Charting Directions in Mobile Phone Studies Conference. This was organized by the Center for Global Communication Studies at the Annenberg School for Communication, University of Pennsylvania, Philadelphia on November 6 and 7, 2014. Nehaa was on a panel titled Mobile and its Effects on Global Markets and made a presentation on Pervasive Technologies: Access to Knowledge in the Workplace.

Nehaa Chaudhari's presentation can be downloaded here (PDF, 518 KB). Click here for the full programme. Download the agenda here.

Mobile phones are tools for activism and civic participation, surveillance and repression, market making and market disruption. In Ithiel de Sola Pool’s memorable phrase, there have been few “technologies of freedom” that match the consequences of these new instruments and the infrastructure that supports them. This conference examines dimensions of the social, political, and economic effects of the global ubiquity of mobile phones:

What are the affordances and limitations of mobile phones in development?
What is the impact of mobile phones on socio-political change?
How do mobile phones continue to shape our civil liberties?
What are the geo-political consequences of these mobilities?
How does mobile phone adoption challenge and support market innovation?

To tackle these questions, this conference brings together voices from the academy, civil society, and industry—all to examine the heterogeneous sources and consequences of mobility’s diffusion. The goal of this conference is to further interdisciplinary and comparative approaches to the understanding of the mobile phenomenon and to chart directions in mobile phone studies. The conference is funded by the Provost’s Global Engagement Fund, the Center for Global Communication Studies, and the Project for Advanced Research in Global Communication and the program reflects the input of several Schools at Penn, including the Annenberg School for Communication, Wharton, Law, and the School of Arts and Sciences.

For more details visit https://cis-india.org/a2k/news/center-for-global-communication-studies-november-6-2014-ubiquity-mobility-globality-charting-directions-in-mobile-phone-studies

UAS License Agreement Amendment regarding the Central Monitoring System (CMS)

maria — 2014-01-30T12:43:56Z

For more details visit https://cis-india.org/internet-governance/blog/uas-license-agreement-amendment

Two Tales of Transparency!

sunil — 2012-04-11T12:09:01Z

In a single week, two global Internet giants announce transparency efforts that have direct implications for privacy and free speech.

One, Google replaces 60 odd privacy policies with a single one across its products apparently to provide a unified experience for consumers, advertisers and law enforcement agencies. Google says that it is trying to make its privacy policy more accessible and transparent to its users and that nothing has changed. This is indeed true, as the respective privacy policies were modified when Google acquired these products. Google spent USD 1.9 billion acquiring 79 companies in 2011. This year's company filings state "we expect our current pace of acquisitions to continue.” Their multi-year acquisition spree has spawned 60 odd products that collect personal information. And beyond Google core offerings like Search, News, YouTube and Orkut – their advertising networks Adsense and Double Click keep tabs on you as you visit millions of other websites. This advertiser cum share-holder sweet spot has been created by centrally storing 9 months of comprehensive logs tied to IP address and other device details for all accounts. A blanket surveillance dream-come-true for rogue state actors. Even in most democratic regimes this far exceeds legally mandated data retention requirements. Fans will point out that Google's transparency record on user information requests, data retention and data portability is unmatched across the industry. But that is just saying that you are less evil than Microsoft and Facebook. In June 2007, Google reduced data retention from 24 to 18 months and in a letter to the European Commission privacy regulators it said “we ... firmly reject any suggestions that we could meet our legitimate interests in security, innovation and anti-fraud efforts with any retention period shorter than 18 months.” But come August 2008, Google reduces data retention from 18 months to 9 months in what it called an attempt to address regulatory concerns. Like Europeans, Indian citizens could also benefit if our law makers were to enact horizontal privacy statute and establish the office of the privacy commissioner. In an ideal world, a pro-consumer or pro-citizen Indian privacy commissioner would create evidence based policy and reduce data retention to say 6 weeks. If unfortunately, we go by the precedent set by multi-tiered blanket surveillance provisions in the IT Act, it looks like policy-makers have bought the flawed “more is better” argument emerging from business press cheerleaders of the global surveillance industry.

Two, Twitter announces technical capabilities to censor tweets using geo-location to be in compliance with legal orders from different jurisdictions. Again very little has changed. Twitter has in the past complied with legal orders. In terms of transparency – Twitter has adopted pretty high standards. It will notify the author about the removal and other users from that country with message stating that the tweet has been withheld. Which some predict will precipitate a Streisand effect. In addition, Twitter has expanded its partnership with ChillingEffects.org to publicly archive these legal orders. Some activists wonder if Twitter's role in the Arab Spring would have been undermined if it implemented legal orders from the Mubarak regime. Unfortunately for Twitter, initial praise for this comes from China's state-run newspaper and from the Thai government. But to be fair, unlike Google above, Twitter is sticking to absolute legal minimum. The use of the US jurisdiction in the past, as a free speech haven did benefit activists in authoritarian regimes but perhaps SOPA and PIPA signals the end of that. In India, given the draconian IT Act this could result in blocking of heavy metal tweets on account of them being “blasphemous” or Twitpics of Cartoons against Corruption for being an “annoyance”. Both offenses which are significant dilutions from the previous standards of “incitement of hatred” or “defamation”. There are two part to the solution here, one, Twitter giving the best fight it can to protect free speech and two, Indian citizens petitioning their MPs for the amendment of the IT Act.

For more details visit https://cis-india.org/internet-governance/two-tales-of-transparency

Transparent Government, via Webcams in India

praskrishna — 2011-07-21T05:41:53Z

THIRUVANANTHAPURAM, India — Little Brother is watching you. That is the premise for the webcam that a top government official here has installed in his office, as an anticorruption experiment. Goings-on in his chamber are viewable to the public, 24/7.

The chief minister of Kerala state in India has installed a webcam in his office and puts the feed online as an anticorruption measure.

In an India beset by kickback scandals at the highest reaches of government, and where petty bribes at police stations and motor vehicle departments are often considered a matter of course, Oommen Chandy is making an online stand.

"Instead of taking action against corruption, I believe that we have to create an atmosphere where everything should be in a transparent way," Mr. Chandy, who recently became chief minister of Kerala state after his coalition won a close election, said in an interview in his office. "The people must know everything."

About 100,000 visitors logged in to the video feed on the day it began, July 1. And through last Friday afternoon, it had been visited by 293,586 users.

The chief minister — equivalent to an American governor — gave the interview during a break in negotiations with leaders of the state’s private colleges over the fees they can charge students.

Although the proceedings were being streamed on his office’s Web site, as with everything captured by the webcam there was no audio. (The minister says he wants visitors and aides to speak freely when they meet him.)

Sunil Abraham, the executive director of the Center for Internet and Society in Bangalore, said he applauded Mr. Chandy’s webcams, even if the effort amounted to no more than tokenism.

"This type of tokenism is also quite useful," said Mr. Abraham, predicting it might check the behavior of not only the chief minister, but also his underlings and the powerful executives and politicians who come to visit him.

Of course, he noted, if people are intent on paying bribes, they could probably still do it outside the office.

Mr. Abraham said webcams might be a far more powerful tool if installed in police stations, drivers’ licenses offices, welfare agencies and other places where Indians interact with officials who sometimes demand bribes to do routine work. A few agencies around the country have started such surveillance, he said, but most have not.

Mr. Chandy’s effort comes as India has been racked by one corruption scandal after another. A former federal telecommunications minister is sitting in jail on charges that he gave cellphone licenses to favored companies, costing the government as much as $40 billion. Several corporate executives, an official involved in planning the Commonwealth Games and the scion of a political family are also behind bars while being tried on various corruption charges.

But transparency is tedious. For most of the day, as the videos stream from the Chandy chambers, the chief minister is either out of the office or sitting with aides and other politicians. The video from a second camera, trained on the outside chamber, shows aides at their desks answering phones or staring into their computer screens.

A career politician and a member of the ruling Congress party, Mr. Chandy, 67, had a webcam in his office when he was chief minister for two years from 2004 to 2006. But his successor, the leader of a communist coalition government, removed the device when he took over. Now in the opposition, the communists deride the webcams as a publicity stunt.

But others see virtue in such efforts, even if the details are still being refined.

In Bangalore, the top executive of a government-owned electricity utility has been using a webcam in his office. The official, P. Manivannan, said he was now installing a "hemispheric" camera that would capture the goings-on in his entire office rather than just show his visitors.

But he said he would no longer broadcast the video stream to the Web site of the Bangalore Electricity Supply Company.

"I have been getting a lot of brickbats because of the cameras,” Mr. Manivannan said in a telephone interview. "My colleagues were telling me, 'What are you trying to prove — that you are the only honest one?' "

Once the new camera is installed, Mr. Manivannan said it would record everything. But anyone interested in viewing segments of the video would have to request the clips, at no cost. That should ease tension in the office, he said, while still keeping things on the up and up.

He said he had success with a similar camera when he was in the city government and some politicians threatened to call a strike unless he reinstated a fired employee. The politicians backed off, Mr. Manivannan said, when he threatened to give a recording of their meeting to local television stations.

"I definitely believe that putting a camera helps you prove that you are accountable," he said. "I would be very happy if tomorrow the government of India decided you must have a camera."

A version of this article appeared in print on July 18, 2011, on page B3 of the New York edition with the headline: Transparent Government, Via Webcams in India.

This news by Vikas Bajaj was published in the New York Times on 17 July 2011. It can be read here. (Photo of Oommen Chandy, the Chief Minister of Kerala taken by Sanjit Das for the New York Times)

The above news was published in other languages as well:

Read the news in wprost here [Polish]
Read the news in ictnews here [Vietnamese]
Read the news in@rret sur images here [French]

For more details visit https://cis-india.org/news/transparent-government-india

Transparency Reports — A Glance on What Google and Facebook Tell about Government Data Requests

prachi — 2013-09-13T09:44:53Z

Transparency Reports are a step towards greater accountability but how efficacious are they really?

Prachi Arya examines the transparency reports released by tech giants with a special focus on user data requests made to Google and Facebook by Indian law enforcement agencies.

The research was conducted as part of the 'SAFEGUARDS' project that CIS is doing with Privacy International and IDRC.

According to a recent comScore Report India has now become the third largest internet user with nearly 74 million citizens on the Internet, falling just behind China and the United States. The report also reveals that Google is the preferred search engine for Indians and Facebook is the most popular social media website followed by LinkedIn and Twitter. While users posting their photos on Facebook can limit viewership through privacy settings, there isn’t much they can do against government seeking information on their profiles. All that can be said for sure in the post-Snowden world is that large-scale surveillance is a reality and the government wants it on their citizen’s online existence. In this Orwellian scenario, transparency reports provide a trickle of information on how much our government finds out about us.

The first transparency report was released by Google three years ago to provide an insight into ‘the scale and scope of government requests for censorship and data around the globe’. Since then the issuance of such reports is increasingly becoming a standard practice for tech giants. An Electronic Frontier Foundation Report reveals that major companies that have followed Google’s lead include Dropbox, LinkedIn, Microsoft and Twitter with Facebook and Yahoo! being the latest additions . Requests to Twitter and Microsoft from Indian law enforcement agencies were significantly less than requests to Facebook and Google. Twitter revealed that Indian law enforcement agencies made less than 10 requests, none of which resulted in sharing of user information. Out of the 418 requests made to Microsoft by India (excluding Skype), 88.5 per cent were complied with for non-content user data. The Yahoo! Transparency Report revealed that 6 countries surpassed India in terms of the number of user data requests. Indian agencies requested user data 1490 times from 2704 accounts for both content and non-content data and over 50 per cent of these requests were complied with.

The following is a compilation of what the latest transparency reports issued by Facebook and Google.

Google

"The information we share on the Transparency Report is just a sliver of what happens on the internet"
Susan Infantino, Legal Director for Google

Beginning from December 2009, Google has published several biannual transparency reports:

It discloses traffic data of Google services globally and statistics on removal requests received from copyright owners or governments as well as user data requests received from government agencies and courts. It also lays down the legal process required to be followed by government agencies seeking data.

There was a 90 per cent increment in the number of content removal requests received by Google from India. The requests complied with included:
- Restricting videos containing clips from the controversial movie “Innocence of Muslims” from view.
- Many YouTube videos and comments as well as some Blogger blog posts being restricted from local view for disrupting public order in relation to instability in North East India.
For User Data requests, the Google report details the number of user data requests and users/accounts as well as percentage of requests which were partially or completely complied with. In India the user data requests more than doubled from 1,061 in the July-December 2009 period to 2,431 in the July-December 2012 period. The compliance rate decreased from 79 per cent in the July-December 2010 period to 66 per cent in the last report.
Jurisdictions outside the United States can seek disclosure using Mutual Legal Assistance Treaties or any ‘other diplomatic and cooperative arrangement’. Google also provides information on a voluntary basis if requested following a valid legal process if the requests are in consonance with international norms, U.S. and the requesting countries' laws and Google’s policies.

Facebook

"We hope this report will be useful to our users in the ongoing debate about the proper standards for government requests for user information in official investigations."
Colin Stretch, Facebook General Counsel

Facebook inaugurated its first ever transparency report last Tuesday with a promise to continue releasing these reports.

The ‘Global Government Requests Report’ provides information on the number of requests received by the social media giant for user/account information by country and the percentage of requests it complied with. It also includes operational guidelines for law enforcement authorities.

The report covers the first six months of 2013, specifically till June 30. In this period India made 3,245 requests from 4,144 users/accounts and half of these requests were complied with.

Jurisdictions outside the United States can seek disclosure by way of mutual legal assistance treaties requests or letter rogatory. Legal requests can be in the form of search warrants, court orders or subpoena. The requests are usually made in furtherance of criminal investigations but no details about the nature of such investigations are provided.

Broad or vague requests are not processed. The requests are expected to include details of the law enforcement authority issuing the request and the identity of the user whose details are sought.

The Indian Regime

Section 69 and 69 B of the Information Technology (Amended) Act, 2008 prescribes the procedure and sets safeguards for the Indian Government to request user data from corporates. According to section 69, authorized officers can issue directions to intercept, monitor or decrypt information for the following reasons:

Sovereignty or integrity of India,
Defence of India,
Security of the state,
Friendly relations with foreign states,
Maintenance of public order,
Preventing incitement to the commission of any cognizable offence relating to the above, or
For investigation of any offence.

Section 69 B empowers authorized agencies to monitor and collect information for cyber security purposes, including ‘for identification, analysis and prevention of intrusion and spread of computer contaminants’. Additionally, there are rules under section 69 and 69 B that regulate interception under these provisions.

Information can also be requested through the Controller of Certifying Authority under section 28 of the IT Act which circumvents the stipulated procedure. If the request is not complied with then the intermediary may be penalized under section 44.

The Indian Government has been increasingly leaning towards greater control over online communications. In 2011, Yahoo! was slapped with a penalty of Rs. 11 lakh for not complying with a section 28 request, which called for email information of a person on the grounds of national security although the court subsequently stayed the Controller of Certifying Authorities' order. In the same year the government called for pre-screening user content by internet companies and social media sites to ensure deletion of ‘objectionable content’ before it was published. Similarly, the government has increasingly sought greater online censorship, using the Information Technology Act to arrest citizens for social media posts and comments and even emails criticizing the government.

What does this mean for Privacy?

The Google Transparency Report has thrown light on an increasing trend of governmental data requests on a yearly basis. The reports published by Google and Facebook reveal that the number of government requests from India is second only to the United States. Further, more than 50 per cent of the requests from India have led to disclosure by nearly all the companies surveyed in this post, with Twitter being the single exception.

Undeniably, transparency reports are important accountability mechanisms which reaffirm the company’s dedication towards protecting its user’s privacy. However, basic statistics and vague information cannot lift the veil on the full scope of surveillance. Even though Google’s report has steadily moved towards a more nuanced disclosure, it would only be meaningful if, inter alia, it included a break-up of the purpose behind the requests. Similarly, although Google has also included a general understanding of the legal process, more specifics need to be disclosed. For example, the report could provide statistics for notifications to indicate how often user’s under scrutiny are not notified. Such disclosures are important to enhance user understanding of when their data may be accessed and for what purposes, particularly without prior or retrospective intimation of the same. Till such time the report can provide comprehensive details about the kind of surveillance websites and internet services are subjected to, it will be of very limited use. Its greatest limitation, however, may lie beyond its scope.

The monitoring regime envisioned under the Information Technology Act effectively lays down an overly broad system which may easily lead to abuse of power. Further, the Indian Government has become infamous for their need to control websites and social media sites. Now, with the Indian Government’s plan for establishing the Central Monitoring System the need for intermediaries to conduct the interception may be done away with, giving the government unfettered access to user data, potentially rendering corporate transparency of data requests obsolete.

For more details visit https://cis-india.org/internet-governance/blog/what-google-and-facebook-tell-about-govt-data-requests

Transparency in Surveillance

vipul — 2016-01-23T15:11:18Z

Transparency is an essential need for any democracy to function effectively. It may not be the only requirement for the effective functioning of a democracy, but it is one of the most important principles which need to be adhered to in a democratic state.

Introduction

A democracy involves the state machinery being accountable to the citizens that it is supposed to serve, and for the citizens to be able to hold their state machinery accountable, they need accurate and adequate information regarding the activities of those that seek to govern them. However, in modern democracies it is often seen that those in governance often try to circumvent legal requirements of transparency and only pay lip service to this principle, while keeping their own functioning as opaque as possible.

This tendency to not give adequate information is very evident in the departments of the government which are concerned with surveillance, and merit can be found in the argument that all of the government's clandestine surveillance activities cannot be transparent otherwise they will cease to be "clandestine" and hence will be rendered ineffective. However, this argument is often misused as a shield by the government agencies to block the disclosure of all types of information about their activities, some of which may be essential to determine whether the current surveillance regime is working in an effective, ethical, and legal manner or not. It is this exploitation of the argument, which is often couched in the language of or coupled with concerns of national security, that this paper seeks to address while voicing the need for greater transparency in surveillance activities and structures.

In the first section the paper examines the need for transparency, and specifically deals with the requirement for transparency in surveillance. In the next part, the paper discusses the regulations governing telecom surveillance in India. The final part of the paper discusses possible steps that may be taken by the government in order to increase transparency in telecom surveillance while keeping in mind that the disclosure of such information should not make future surveillance ineffective.

Need for Transparency

In today's age where technology is all pervasive, the term "surveillance" has developed slightly sinister overtones, especially in the backdrop of the Edward Snowden fiasco. Indeed, there have been several independent scandals involving mass surveillance of people in general as well as illegal surveillance of specific individuals. The fear that the term surveillance now invokes, especially amongst those social and political activists who seek to challenge the status quo, is in part due to the secrecy surrounding the entire surveillance regime. Leaving aside what surveillance is carried out, upon whom, and when - the state actors are seldom willing and open to talk about how surveillance is carried out, how decisions regarding who and how to target, are reached, how agency budgets are allocated and spent, how effective surveillance actions were, etc. While there may be justified security based arguments to not disclose the full extent of the state's surveillance activities, however this cloak of secrecy may be used illegally and in an unauthorized manner to achieve ends more harmful to citizen rights than the maintenance of security and order in the society.

Surveillance and interception/collection of communications data can take place under different legal processes in different countries, ranging from court-ordered requests of specified data from telecommunications companies to broad executive requests sent under regimes or regulatory frameworks requiring the disclosure of information by telecom companies on a pro-active basis. However, it is an open secret that data collection often takes place without due process or under non-legal circumstances.

It is widely believed that transparency is a critical step towards the creation of mechanisms for increased accountability through which law enforcement and government agencies access communications data. It is the first step in the process of starting discussions and an informed public debate regarding how the state undertakes activities of surveillance, monitoring and interception of communications and data. Since 2010, a large number of ICT companies have begun to publish transparency reports on the extent that governments request their user data as well as requirements to remove content. However, governments themselves have not been very forthcoming in providing such detailed information on surveillance programs which is necessary for an informed debate on this issue.[1] Although some countries currently report limited information on their surveillance activities, e.g. the U.S. Department of Justice publishes an annual Wiretap Report (U.S. Courts, 2013a), and the United Kingdom publishes the Interception of Communications Commissioner Annual Report (May, 2013), which themselves do not present a complete picture, however even such limited measures are unheard of in a country such as India.

It is obvious that Governments can provide a greater level of transparency regarding the limits in place on the freedom of expression and privacy than transparency reports by individual companies. Company transparency reports can only illuminate the extent to which any one company receives requests and how that company responds to them. By contrast, government transparency reports can provide a much greater perspective on laws that can potentially restrict the freedom of expression or impact privacy by illustrating the full extent to which requests are made across the ICT industry. [2]

In India, the courts and the laws have traditionally recognized the need for transparency and derive it from the fundamental right to freedom of speech and expression guaranteed in our Constitution. This need coupled with a sustained campaign by various organizations finally fructified into the passage of the Right to Information Act, 2005, (RTI Act) which amongst other things also places an obligation on the sate to place its documents and records online so that the same may be freely available to the public. In light of this law guaranteeing the right to information, the citizens of India have the fundamental right to know what the Government is doing in their name. The free flow of information and ideas informs political growth and the freedom of speech and expression is the lifeblood of a healthy democracy, it acts as a safety valve. People are more ready to accept the decisions that go against them if they can in principle seem to influence them. The Supreme Court of India is of the view that the imparting of information about the working of the government on the one hand and its decision affecting the domestic and international trade and other activities on the other is necessary, and has imposed an obligation upon the authorities to disclose information.[3]

The Supreme Court, in Namit Sharma v. Union of India,[4] while discussing the importance of transparency and the right to information has held:

"The Right to Information was harnessed as a tool for promoting development; strengthening the democratic governance and effective delivery of socio-economic services. Acquisition of information and knowledge and its application have intense and pervasive impact on the process of taking informed decision, resulting in overall productivity gains .

……..

Government procedures and regulations shrouded in the veil of secrecy do not allow the litigants to know how their cases are being handled. They shy away from questioning the officers handling their cases because of the latters snobbish attitude. Right to information should be guaranteed and needs to be given real substance. In this regard, the Government must assume a major responsibility and mobilize skills to ensure flow of information to citizens. The traditional insistence on secrecy should be discarded."

Although these statements were made in the context of the RTI Act the principle which they try to illustrate can be understood as equally applicable to the field of state sponsored surveillance. Though Indian intelligence agencies are exempt from the RTI Act, it can be used to provide limited insight into the scope of governmental surveillance. This was demonstrated by the Software Freedom Law Centre, who discovered via RTI requests that approximately 7,500 - 9,000 interception orders are sent on a monthly basis.[5]

While it is true that transparency alone will not be able to eliminate the barriers to freedom of expression or harm to privacy resulting from overly broad surveillance,, transparency provides a window into the scope of current practices and additional measures are needed such as oversight and mechanisms for redress in cases of unlawful surveillance. Transparency offers a necessary first step, a foundation on which to examine current practices and contribute to a debate on human security and freedom.[6]

It is no secret that the current framework of surveillance in India is rife with malpractices of mass surveillance and instances of illegal surveillance. There have been a number of instances of illegal and/or unathorised surveillance in the past, the most scandalous and thus most well known is the incident where a woman IAS officer was placed under surveillance at the behest of Mr. Amit Shah who is currently the president of the ruling party in India purportedly on the instructions of the current prime minister Mr. Narendra Modi.[7] There are also a number of instances of private individuals indulging in illegal interception and surveillance; in the year 2005, it was reported that Anurag Singh, a private detective, along with some associates, intercepted the telephonic conversations of former Samajwadi Party leader Amar Singh. They allegedly contacted political leaders and media houses for selling the tapped telephonic conversation records. The interception was allegedly carried out by stealing the genuine government letters and forging and fabricating them to obtain permission to tap Amar Singh's telephonic conversations. [8] The same individual was also implicated for tapping the telephone of the current finance minister Mr. Arun Jaitely.[9]

It is therefore obvious that the status quo with regard to the surveillance mechanism in India needs to change, but this change has to be brought about in a manner so as to make state surveillance more accountable without compromising its effectiveness and addressing legitimate security concerns. Such changes cannot be brought about without an informed debate involving all stakeholders and actors associated with surveillance, however the basic minimum requirement for an "informed" debate is accurate and sufficient information about the subject matter of the debate. This information is severely lacking in the public domain when it comes to state surveillance activities - with most data points about state surveillance coming from news items or leaked information. Unless the state becomes more transparent and gives information about its surveillance activities and processes, an informed debate to challenge and strengthen the status quo for the betterment of all parties cannot be started.

Current State of Affairs

Surveillance laws in India are extremely varied and have been in existence since the colonial times, remnants of which are still being utilized by the various State Police forces. However in this age of technology the most important tools for surveillance exist in the digital space and it is for this reason that this paper shall focus on an analysis of surveillance through interception of telecommunications traffic, whether by tracking voice calls or data. The interception of telecommunications actually takes place under two different statutes, the Telegraph Act, 1885 (which deals with interception of calls) as well as the Information Technology Act, 2000 (which deals with interception of data).

Currently, the telecom surveillance is done as per the procedure prescribed in the Rules under the relevant sections of the two statutes mentioned above, viz. Rule 419A of the Telegraph Rules, 1951 for surveillance under the Telegraph Act, 1885 and the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 for surveillance under the Information Technology Act, 2000. These Rules put in place various checks and balances and try to ensure that there is a paper trail for every interception request. [10] The assumption is that the generation of a paper trail would reduce the number of unauthorized interception orders thus ensuring that the powers of interception are not misused. However, even though these checks and balances exist on paper as provided in the laws, there is not enough information in the public domain regarding the entire mechanism of interception for anyone to make a judgment on whether the system is working or not.

As mentioned earlier, currently the only sources of information on interception that are available in the public domain are through news reports and a handful of RTI requests which have been filed by various activists.[11] The only other institutionalized source of information on surveillance in India is the various transparency reports brought out by companies such as Google, Yahoo, Facebook, etc.

Indeed, Google was the first major corporation to publish a transparency report in 2010 and has been updating its report ever since. The latest data that is available for Google is for the period between January, 2015 to June, 2015 and in that period Google and Youtube together received 3,087 requests for data which asked for information on 4,829 user accounts from the Indian Government. Out of these requests Google only supplied information for 44% of the requests.[12] Although Google claims that they "review each request to make sure that it complies with both the spirit and the letter of the law, and we may refuse to produce information or try to narrow the request in some cases", it is not clear why Google rejected 56% of the requests. It may also be noted that the number of requests for information that Google received from India were the fifth highest amongst all the other countries on which information was given in the Transparency Report, after USA, Germany, France and the U.K.

Facebook's transparency report for the period between January, 2015 to June, 2015 reveals that Facebook received 5,115 requests from the Indian Government for 6,268 user accounts, out of which Facebook produced data in 45.32% of the cases.[13] Facebook's transparency report claims that they respond to requests relating to criminal cases and "Each and every request we receive is checked for legal sufficiency and we reject or require greater specificity on requests that are overly broad or vague." However, even in Facebook's transparency report it is unclear why 55.68% of the requests were rejected.

The Yahoo transparency report also gives data from the period between January 1, 2015 to June 30, 2015 and reveals that Yahoo received 831 requests for data, which related to 1,184 user accounts from the Indian Government. The Yahoo report is a little more detailed and also reveals that 360 of the 831 requests were rejected by Yahoo, however no details are given as to why the requests were rejected. The report also specifies that in 63 cases, no data was found by Yahoo, in 249 cases only non content data[14] was disclosed while in 159 cases content [15] was disclosed. The Yahoo report also claims that "We carefully scrutinize each request to make sure that it complies with the law, and we push back on those requests that don't satisfy our rigorous standards."

While the Vodafone Transparency Report gives information regarding government requests for data in other jurisdictions, [16] it does not give any information on government requests in India. This is because Vodafone interprets the provisions contained in Rule 25(4) of the IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 (Interception Rules) and Rule 11 of the IT (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009 as well as Rule 419A(19) of the Indian Telegraph Rules, 1954 which require service providers to maintain confidentiality/secrecy in matters relating to interception, as being a legal prohibition on Vodafone to reveal such information.

Apart from the four major companies discussed above, there are a large number of private corporations which have published transparency reports in order to acquire a sense of trustworthiness amongst their customers. Infact, the Ranking Digital Rights Project has been involved in ranking some of the biggest companies in the world on their commitment to accountability and has brought out the Ranking Digital Rights 2015 Corporate Accountability Index that has analysed a representative group of 16 companies "that collectively hold the power to shape the digital lives of billions of people across the globe".

Suggestions on Transparency

It is clear from the discussions above, as well as a general overview of various news reports on the subject, that telecom surveillance in India is shrouded in secrecy and it appears that a large amount of illegal and unauthorized surveillance is taking place behind the protection of this veil of secrecy. If the status quo continues, then it is unlikely that any meaningful reforms would take place to bring about greater accountability in the area of telecom surveillance. It is imperative, for any sort of changes towards greater accountability to take place, that we have enough information about what exactly is happening and for that we need greater transparency since transparency is the first step towards greater accountability.

Transparency Reports

In very simplistic terms transparency, in anything, can best be achieved by providing as much information about that thing as possible so that there are no secrets left. However, it would be naïve to say that all information about interception activities can be made public on the altar of the principle of transparency, but that does not mean that there should be no information at all on interception. One of the internationally accepted methods of bringing about transparency in interception mechanisms, which is increasingly being adopted by both the private sector as well as governments, is to publish Transparency Reports giving various details of interception while keeping security concerns in mind. The two types of transparency reports that we require in India and what that would entail is briefly discussed below:

By the Government

The problem with India's current regime for interception is that the entire mechanism appears more or less adequate on paper with enough checks and balances involved in it to prevent misuse of the allotted powers. However, because the entire process is veiled in secrecy, nobody knows exactly how good or how rotten the system has become and whether it is working to achieve its intended purposes. It is clear that the current system of interception and surveillance being followed by the government has some flaws, as can be gathered from the frequent news articles which talk about incidents of illegal surveillance. However, without any other official or more reliable sources of information regarding surveillance activities these anecdotal pieces of evidence are all we have to shape the debate regarding surveillance in India. It is only logical then that the debate around surveillance, which is informed by such sketchy and unreliable news reports will automatically be biased against the current mechanism since the newspapers would also only be interested in reporting the scandalous and the extraordinary incidents. For example, some argue that the government undertakes mass surveillance, while others argue that India only carries out targeted surveillance, but there is not enough information publicly available for a third party to support or argue against either claim. It is therefore necessary and highly recommended that the government start releasing a transparency report such as the one's brought out by the United States and the UK as mentioned above.

There is no need for a separate department or authority just to make the transparency report and this task could probably be performed in-house by any department, but considering the sector involved, it would perhaps be best if the Department of Telecommunications is given the responsibility to bring out a transparency report. These transparency reports should contain certain minimum amount of data for them to be an effective tool in informing the public discourse and debate regarding surveillance and interception. The report needs to strike a balance between providing enough information so that an informed analysis can be made of the effectiveness of the surveillance regime without providing so much information so as to make the surveillance activities ineffective. Below is a list of suggestions as to what kind of data/information such reports should contain:

Reports should contain data regarding the number of interception orders that have been passed. This statistic would be extremely useful in determining how elaborate and how frequently the state indulges in interception activities. This information would be easily available since all interception orders have to be sent to the Review Committee set up under Rule 419A of the Telegraph Rules, 1954.
The Report should contain information on the procedural aspects of surveillance including the delegation of powers to different authorities and individuals, information on new surveillance schemes, etc. This information would also be available with the Ministry of Home Affairs since it is a Secretary or Joint Secretary level officer in the said Ministry which is supposed to authorize every order for interception.
The report should contain an aggregated list of reasons given by the authorities for ordering interception. This information would reveal whether the authorities are actually ensuring legal justification before issuing interception or are they just paying lip service to the rules to ensure a proper paper trail. Since every order of interception has to be in writing, the main reasons for interception can easily be gleaned from a perusal of the orders.
It should also reveal the percentage of cases where interception has actually found evidence of culpability or been successful in prevention of criminal activities. This one statistic would itself give a very good review of the effectiveness of the interception regime. Granted that this information may not be very easily obtainable, but it can be obtained with proper coordination with the police and other law enforcement agencies.
The report should also reveal the percentage of order that have been struck down by the Review Committee as not following the process envisaged under the various Rules. This would give a sense of how often the Rules are being flouted while issuing interception orders. This information can easily be obtained from the papers and minutes of the meetings of the Review Committee.
The report should also state the number of times the Review Committee has met in the period being reported upon. The Review Committee is an important check on the misuse of powers by the authorities and therefore it is important that the Review Committee carries out its activities in a diligent manner.

It may be noted here that some provisions of the Telegraph Rules, 1954 especially sub-Rules 17 and 18 of Rule 419A as well as Rules 22, 23(1) and 25 of the Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009 may need to be amended so as to make them compliant with the reporting mechanism proposed above.

By the Private Sector

We have already discussed above the transparency reports published by certain private companies. Suffice it to say that reports from private companies should give as much of the information discussed under government reports as possible and/or applicable, since they may not have a large amount of the information that is sought to be published in the government reports such as whether the interception was successful, the reasons for interception, etc. It is important to have ISPs provide such transparency reports as this will provide two different data points for information on interception and the very existence of these private reports may act as a check to ensure the veracity of the government transparency reports.

As in the case of government reports, for the transparency reports of the private sector to be effective, certain provisions of the Telegraph Rules, 1954 and the Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009, viz. sub-Rules 14, 15 and 19 of Rule 419A of the Telegraph Rules, 1954 and Rules 20, 21, 23(1) and 25 of the Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009.

Overhaul of the Review Committee

The Review Committee which acts as a check on the misuse of powers by the competent authorities is a very important cog in the entire process. However, it is staffed entirely by the executive and does not have any members of any other background. Whilst it is probably impractical to have civilian members in the Review Committee which has access to potentially sensitive information, it is extremely essential that the Committee has wider representation from other sectors specially the judiciary. One or two members from the judiciary on the Review Committee would provide a greater check on the workings of the Committee as this would bring in representation from the judicial arm of the State so that the Review Committee does not remain a body manned purely by the executive branch. This could go some ways to ensure that the Committee does not just "rubber stamp" the orders of interception issued by the various competent authorities.

Conclusion

It is not in dispute that there is a need for greater transparency in the government's surveillance activities in order to address the problems associated with illegal and unauthorised interceptions. This paper is not making the case that greater transparency in and by itself will be able to solve the problems that may be associated with the government's currency interception and surveillance regime, however it is not possible to address any problem unless we know the real extent of it. It is essential for an informed debate and discussion that the people participating in the discussion are "informed", i.e. they should have accurate and adequate information regarding the issues which are being discussed. The current state of the debate on interception is rife with individuals using illustrative and anecdotal evidence which, in the absence of any other evidence, they assume to be the norm.

A more transparent and forthcoming state machinery which regularly keeps its citizens abreast of the state of its surveillance regime would be likely to get better suggestions and perhaps less criticisms if it does come out that the checks and balances imposed in the regulations are actually making a difference to check unauthorized interceptions, and if not, then it is the right of the citizens to know about this and ask for reforms.

[1] James Losey, "Surveillance of Communications: A Legitimization Crisis and the Need for Transparency", International Journal of Communication 9(2015), Feature 3450-3459, 2015.

[2] Id.

[3] Namit Sharma v. Union of India, http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=39566.

[4] http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=39566 . Although the judgment was overturned on review, however this observation quoted above would still hold as it has not been specifically overturned.

[5] http://sflc.in/wp-content/uploads/2014/09/SFLC-FINAL-SURVEILLANCE-REPORT.pdf .

[6] James Losey, "Surveillance of Communications: A Legitimization Crisis and the Need for Transparency", International Journal of Communication 9 (2015), Feature 3450-3459, 2015.

[7] http://gulail.com/the-stalkers/ .

[8] http://timesofindia.indiatimes.com/india/Amar-Singh-phone-tap-accused-tracked-Arun-Jaitleys-mobile/articleshow/18582508.cms .

[9] http://ibnlive.in.com/news/arun-jaitley-phonetapping-case-all-accused-get-bail/394997-37-64.html .

[10] For a detailed discussion of the Rules of interception please see Policy Paper on Surveillance in India, by Vipul Kharbanda, http://cis-india.org/internet-governance/blog/policy-paper-on-surveillance-in-india .

[11] As an example please see http://cis-india.org/internet-governance/resources/rti-on-officials-and-agencies-authorized-to-intercept-telephone-messages-in-india .

[12] https://www.google.com/transparencyreport/userdatarequests/countries/ .

[13] https://govtrequests.facebook.com/country/India/2015-H1/ .

[14] Non-content data (NCD) such as basic subscriber information including the information captured at the time of registration such as an alternate e-mail address, name, location, and IP address, login details, billing information, and other transactional information (e.g., "to," "from," and "date" fields from email headers).

[15] Data that users create, communicate, and store on or through Yahoo. This could include words in a communication (e.g., Mail or Messenger), photos on Flickr, files uploaded, Yahoo Address Book entries, Yahoo Calendar event details, thoughts recorded in Yahoo Notepad or comments or posts on Yahoo Answers or any other Yahoo property.

[16] https://www.vodafone.com/content/sustainabilityreport/2014/index/operating_responsibly/privacy_and_security/law_enforcement/country_by_country.html .

For more details visit https://cis-india.org/internet-governance/blog/transparency-in-surveillance

Trans Pacific Partnership and Digital 2 Dozen: Implications for Data Protection and Digital Privacy

Shubhangi Heda — 2016-07-12T07:56:24Z

In this essay, Shubhangi Heda explores the concerns related to data protection and digital privacy under the Trans Pacific Partnership (TPP) agreement signed recently between United States of America and eleven countries located around the pacific ocean region, across South America, Australia, and Asia. TPP is a free trade agreement (FTA) that emphasises, among other things, the need for liberalising global digital economy. The essay also analyses the critical document titled ‘Digital 2 Dozen’ (D2D), which compiles the key action items within TPP addressing liberalisation of digital economy, and sets up the relevant goals for the member nations.

1. Introduction

2. Analysis of TPP and D2D

2.1. Trans Pacific Partnership (TPP)

2.2. Digital 2 Dozen (D2D)

3. Major Criticisms of the Digital Agenda of TPP

3.1. Data Protection

3.2. Digital Privacy

4. Implications of TPP for RCEP

5. Implications of TPP in the Context of EU Safe Harbour Judgement

6. Implications of TPP for India after US-India Cyber Relationship Agreement

7. Conclusion

8. Endnotes

9. Author Profile

1. Introduction

This essay explores the concerns related to data protection and digital privacy under the Trans Pacific Partnership (TPP) agreement signed recently between United States of America and eleven countries located around the pacific ocean region, across South America, Australia, and Asia [1]. TPP is a free trade agreement (FTA) that emphasises, among other things, the need for liberalising global digital economy. The essay also analyses the critical document titled ‘Digital 2 Dozen’ (D2D), which compiles the key action items within TPP addressing liberalisation of digital economy, and sets up the relevant goals for the member nations. TPP requires the member countries to facilitate unhindered digital data flow across nations, for commercial and governmental purposes, which evidently have major implications for national and regional data protection and privacy regimes. These implications must also be seen in the context the recent judgement by the EU Court of Justice against the validity of the EU-USA data transfer agreement of 2000. Further, the essay discusses the potential impacts that TPP/D2D might have on India, in the context of the ongoing USA-India Cyber Relationship dialogue. If the privacy concerns are not raised right now TPP might act as a model framework for future FTAs which will fail to encompass proper data protection and digital privacy regime within it.

2. Analysis of TPP and D2D

2.1. Trans Pacific Partnership (TPP)

Trans Pacific Partnership (TPP) is a large multi-partner free trade agreement amongst twelve Asia-Pacific countries, which is closely led by geo-political and economic strategies of the USA. Countries started the negotiation of TPP in 2008 when USA joined Pacific Four (P-4) negotiations and in 2015 negotiations of TPP was concluded and text was released. Ministers from the member countries signed the agreement on February 4, 2016 [2]. The main aim of TPP is to liberalise trade and investment beyond what is provided for within the WTO. It is also considered to be a strategic move by the US to counter the trade linkages that are being established in the Asian region. TPP largely covers topics of market access, and rules on various related issues such as intellectual property rights, labour laws, and environment standards [3].

Between 1992 -2012 there has been an upsurge in bilateral trade agreements being signed in Asia from 25 to 103 and the effect of these FTAs is called the ‘noodle bowl effect’. TPP is seen as framework which will replace these FTAs which are causing the ‘noodle bowl effect’.While these FTAs are being replaced but with TPP being signed there are various bilateral arrangements signed along with TPP. USA has also stated that TPP will not affect the already existing NAFTA [4]. While TPP is being concluded there is another free trade agreement being negotiated between USA and EU , which is Trans Trade and Investment Partnership (TTIP). Both TPP and TTIP and are considered to be serving similar objective which is to deal with new and modern trade issues. Also both the agreements are US led and since negotiation for TPP are now finalised it may have a significant impact on TTIP [5].

TPP is one of the first document which deals specifically with digital economy and applies across borders. The main aims of TPP are to promote free flow of data across borders without data localisation. It aims to remove national clouts and regional internets. It also includes provisions to combat theft of trade secrets. It allows you to create transparent regulatory process with inputs from various stakeholders. It also aims to provide access to tools and procedures for conduct of e-commerce [6].

Some of the major criticism to TPP were regarding the issues related to [7]:

environment, wherein it does not address the issue of climate change and the language used in the agreement is very weak;
labour rights provision mandates parties to adhere to the ILO provision but it does not seem to provide for effective framework and might not bring the desired change;
investment chapter is seen to be controversial because of the investor state dispute settlement clause which will allow foreign investor to sue government over policies that might cause harm to them;
e-commerce and telecommunication chapter raises major privacy concerns;
intellectual property chapter wherein it includes controversial rules regarding pharmaceutical companies and data exclusivity apart from the privacy concerns.

2.2 Digital 2 Dozen (D2D)

D2D is set of rules and aims which is specifically drafted to be followed for the trade agreements related to open internet and digital economy. More specific aims of TPP as provided within the ‘Digital 2 Dozen,’ aiming for more liberalised trade in digital goods and services, are [8]:

promoting free and open internet,
prohibiting digital custom duties,
securing basic non-discrimination principles,
enabling cross-border data flows,
preventing localization barriers,
barring forced technology transfers,
advancing innovative authentication methods,
delivering enforceable consumer protections,
safeguarding network competition,
fostering innovative encryption products, and
building an adaptable framework.

Strategic goal of the US in introducing D2D as goals of TPP has been to set up a trend within Asian region for all the trade agreements. It is expected to ensure that if TPP is a success, similar goals and policy frameworks will be followed for other trade agreements as we. For example, the USA-India partnership also enshrines similar aims and so does the USA-Korea partnership. Hence while India is not part of TPP, USA is nonetheless trying to get India into a partnership which is similar to the TPP. The language proposed by the USA in TPP negotiations has always been supportive for cross border data flows as it claims that companies have mechanism to keep a privacy check and privacy would not be undermined, but countries like New Zealand and Australia which have strong privacy protection laws nationally have raised concerns which will be discussed in further sections [9]. Also not only in privacy rights but Digital Dozen initiative also affects other digital rights related to - excessive copyright terms TPP proposed to extend the term of copyright to hundred years which deprive access to knowledge; as in the U.S motive to give more power to private entities , the ISP obligations enumerated within TPP which puts freedom of expression and privacy at risk as ISPs are allowed to check for copyright infringement and TPP does not put any privacy restriction in this regard; introduction of new fair use rules; ban on circumvention of digital locks or DRMs; no compulsory limitation for persons with disabilities; lack of fair use for journalistic right; while net neutrality is major issue is many developing nations in Asia no effective provision for net neutrality is aimed at in the D2D initiative; prohibits open source mandates which puts barrier for countries which want to release any software as open source as a policy decision [10].

3. Major Issues Related to Data Protection and Privacy in the TPP

3.1. Data Protection

One of the major concern raised against TPP is regarding data protection provisions that have been integrated within the E- Commerce chapter of the agreement. Article 14.11 and Article 14 .13 are the ones that deal with data flow related to consumer information.Article 14.11 in the agreement puts a requirement on the member states to allow transfer of data across border and Article 14.13 does not allow the companies to host data on local servers. Concerns were raised in few member states for instance, Australian Privacy Foundation raised concerns over Article 14.11 which requires transfers to be allowed in context of business activities of service suppliers. It claimed that exception to this provision is very narrow and the repercussion for not following the exception is that investor state dispute settlement proceedings can be initiated, which is not sufficient to protect privacy. Also, it highlighted the issue that with the narrow exception provided under Article 14.13 which relates to prohibition on data localisation, it might have adverse effect on the implementation of national privacy laws within Australia [11].

Another provision which is of major concern is Article 14.13 which prohibit data localisation. It will raise problems for countries like Indonesia and China which will have to change their local laws to implement the provision [12]. Since there already has been a major concern with regard to USA- EU Safe Harbour Agreement which was later made subject to the ECJ’s ruling on data protection, which invalidated any arrangement which provides voluntary enterprises responsibility to enforce privacy. But both the USA and EU are in process of renegotiating the agreement.The major concern was that in EU data protection is a fundamental right while in USA data protection is more consumer centric. When similar concerns were raised in TPP negotiations, they were rebutted as USA claimed that FTA does not concern itself with data protection [13].

In 2012 Australia proposed an alternative language to TPP which allowed countries to place restriction on data flow as long as it was not a barrier to trade. U.S responded to concerns raised by the Australia through a side letter which ensured Australia that U.S and Australia have a mutual understanding in relation to privacy and U.S will ensure the privacy of data with regards to Australia. While Australia’s concern was given acknowledgement other countries which raised similar issues were not given any assurances [14]. US instead proposed ad- hoc strategy that gave private companies power to form privacy policy with implementation through state machinery [15].

3.2. Digital Privacy

Article 14.8 in the E- Commerce chapter of the agreement states that countries can form legal framework for the protection of rights but the kind of ‘legal framework’ is not defined. Also, nowhere it states that the privacy protection or data protection laws are expressly exempted, rather it states that any such policy implemented by member states will be put under review of TPP standards. The standards which TPP proposes to follow are based on the underlying idea that any such policy should not hinder free trade in any way. This test will be applied by tribunals which are experts in trade and investment and not on data protection or human rights [16]. While Article 14.8 provides for protection of private information of consumers but the footnote to the provision renders it ineffective. The footnote states that member countries can adopt legal framework for the protection of data which can be done by self-regulation by industry and does not provide for any comprehensive data protection obligation upon the member states [17]. Similar to this Article 13.4 of the telecommunications chapter under TPP also states that the countries can apply regulation regarding confidentiality of the messages as long as it is not “a means of arbitrary or unjustifiable discrimination or a disguised restriction on trade in services" [18].

Another chapter which raises major concerns about the privacy rights is intellectual property. It affects privacy through the provisions related to technological protective measures and the provision that regulate ISP’s liability. Regarding the TPM provision, the TPP follows the DMCA model whereby the exception to anti- circumvention provision is very narrow and does not apply to anti- trafficking provision. The exception allows user to circumvent TPM if it affect the user's privacy in any way, although this provision does not apply to ant- trafficking of TPM. The provision regarding ISP’s liability states that there should be cooperation between ISPs and rights holders and it does not prohibit ISPs to monitor its users. Also TPP proposes the notice for takedown and identification of the infringer by the ISP but this provision is not in consonance with laws of member states, like that of Peru which does not have any copyright law on ISP . Also many countries have tried to introduce proper privacy laws along with implementation of ISP liability but that is not done within the TPP [19]. TPP as whole aims to give greater power to private regulators without providing for minimum standard for protection of privacy.

Although TPP is not a data protection agreement but it consequently deals with various aspects of data protection, hence it is prospective model for privacy and data protection practices in future trade agreements. If positive obligations are included within the free trade agreements it will have an advancing impact on the data protection regime.

4.Implications of TPP for RCEP

While TPP has such lacunas similar provision are proposed in RCEP to which India is a party and which will have serious implication as many of the countries have inadequate data protection laws nationally and with the introduction of such an FTA the exploitation of privacy rights will be rampant [20]. To avoid this EU directive on data protection should be taken into consideration in the negotiations of such FTAs. But for the RCEP negotiations are still going on and in India many companies like Flipkart, Snapdeal etc. have started preparing for the changing norms. The government claims that it is going to accept best practices in the region which indicates that it is going to have same policies as that of TPP. Although people from industry have raised concerns that while there are national laws but it is difficult to check third party involvement within the business and it is becoming increasingly difficult to keep the consumer data confidential [21].

5. Implications of TPP in the Context of EU Safe-Harbour Judgement

Mr. Maximillian Schrems, an Austrian National residing in Austria, has been a user of the Facebook social network since 2008. Any person residing in EU who wishes to use Facebook is required to conclude, at the time of his registration, a contract with Facebook Ireland (a subsidiary of Facebook Inc. which itself is established in Unites States). Some or all of the personal data of the Facebook Ireland’s users who residing in EU is transferred to servers belonging to Facebook Inc. that are located in United States, where it undergoes processing. On 25 June 2013 Mr Schrems made a complaint to the commissioner by which he in essence asked the latter to exercise his statutory powers by prohibiting Facebook Ireland from transferring his personal data to Unites States, and this led to the Maximillian Schrems v Data Protection Commissioner case [22]. He contended that in his complaint that the law and practice in force in that country did not ensure adequate protection of the personal data held in its territory against the surveillance activities that were engaged in thereby by the public authorities. Mr Schrems referred in this regard to the revelations made by Edward Snowden concerning the activities of the United States intelligence services, in particular those of the NSA.(para 26, 27, 28). The case came in the court ruled that “that a third country which ensures an adequate level of protection, does not prevent a supervisory authority of a Member State, within the meaning of Article 28 of the EU 94/46 directive as amended, from examining the claim of a person concerning the protection of his rights and freedoms in regard to the processing of personal data relating to him which has been transferred from a Member State to that third country when that person contends that the law and practices in force in the third country do not ensure an adequate level of protection. The ruling implies that personal data cannot be transferred to third country which does not provide adequate level of protection.

EU safe harbour judgment and EU directive on privacy provide contrasting rules related to privacy. While TPP gives power to private entities to formulate rules regarding privacy while the recent ECJ judgment invalidated giving such power to private entities under EU-US Safe Harbour Agreement. Also in context of the same judgment Hamburg’s Commissioner for Data Privacy And Freedom of Information announced an investigation into the data transfer taking place through Facebook and Google to U.S. Hence in the light of the recent judgment member states within EU are not allowed to permit cross border data flow, in contrast to this one of the main goals of TPP is to maintain free flow of data across border [23]. EU is this regard has also set forth the proposal to introduce General Data Protection Regulation. (GDPR). Although U.S and EU are trying to renegotiate the agreement but the privacy concerns raised cannot be ignored. Hence following the same model as was invalidate under the ECJ judgment lets US exploit privacy of member states under TPP. Similar concerns as raised within the judgment are also raised in India as it also following the same model within U.S-India Cyber Relationship Agreement and in RCEP negotiations.

6. Implications of TPP in the context of USA-India Cyber Relationship

While India is not part of TPP but it might have an effect on the U.S India Cyber Relationship Agreement. In August 2015 there was re- initiation of the India-U.S cyber dialogue to address common concerns related to cybersecurity and to develop better partnerships between public and private sector for betterment of digital economy [24]. One of the key aim of this agreement is free flow of information between two nations, which suffers from similar problem that it will put privacy of the citizens at risk. Also India does not have any bilateral treaty which ensures cyber data protection in such a scenario the only solution is data localisation, but this agreement will put data at risk [25]. Hence while the TPP negotiations were going on and also RCEP is being discussed the concerns about privacy and data protection need to be raised as mention in earlier section regarding implications of TPP on RCEP, the USA-India Cyber Relationship also faces the same implications..Although the aim of USA-India Cyber Relationship is to ensure cybersecurity. After the cases of Muzaffarnagar riots, upheaval in North -Eastern states and Gujarat riots, India has realised it is important to ensure compliance from the social media companies. India sees the USA-India Cyber Relationship as an opportunity to achieve this goal. The Google Transparency Report states that that India made around three thousand requests to Google for user data [26], which indicate at the country's interest in having a common data understanding with the major social media companies (almost all of which are located in USA) about requesting and sharing of user activity data. While this concern is being addressed through the agreement, it is difficult to ignore the clause related to free flow of information, and if the meaning of the term is extended and adopted from TPP itself will put digital privacy of Indian citizens at risk [27].

7. Conclusion

Even though TPP negotiation are completed but the ratification of the agreement is still underway. TPP is being seen as one of a kind trade agreement because it is the first time that countries across the globe have come together as a whole to address concerns of modern trade. Although it fails to address some of the key concerns related to privacy and data protection which are becoming increasingly important. Data protection and privacy issues cannot be seen in isolation and needs to merged within the modern day trade agreements. The D2D component by the USA is strategic move to have trade dominance in Asia and to compete with China’s growth . TPP has privacy and data protection lacunae within the e- commerce , telecommunications and intellectual property discussion.Although it might have serious implications on RCEP negotiation and USA- India Cyber Relationship Dialogue. Similar concern regarding data protection has already been addressed by ECJ judgment invalidating USA-EU Safe Harbour Agreement but the similar ad - hoc strategy has been incorporated within TPP. Since TPP might be considered as best practice model for future FTAs in the Asian region it is important to raise and address these privacy concerns now.

8. Endnotes

[1] The signatory countries include Australia, Canada, Japan, Malaysia, Mexico, Peru, United States of America, Vietnam, Chile, Brunei, Singapore, New Zealand. "The Trans-Pacific Partnership," http://www.ustr.gov/tpp (last visited Jul 7, 2016).

[2] "The Origins and Evolution of the Trans-Pacific Partnership (TPP)," Global Research, http://www.globalresearch.ca/the-origins-and-evolution-of-the-trans-pacific-partnership-tpp/5357495 (last visited Jul 7, 2016).

[3] Fergusson, Ian F., Mark A. McMinimy & Brock R. Williams, "The Trans-Pacific Partnership (TPP): In Brief," (2015), http://digitalcommons.ilr.cornell.edu/key_workplace/1477/ (last visited Jul 1, 2016).

[4] Gajdos, Lukas, The Trans-Pacific Partnership and its impact on EU trade, Policy Department, Directorate-General for External Policies, Policy Briefing (2013), http://www.europarl.europa.eu/RegData/etudes/briefing_note/join/2013/491479/EXPO-INTA_SP(2013)491479_EN.pdf.

[5] Twining, Daniel, Hans Kundnani & Peter Sparding, Trans-Pacific Partnership: geopolitical implications for EU-US relations, Policy Department, Directorate-General for External Policies, June 24 (2016), http://www.europarl.europa.eu/RegData/etudes/STUD/2016/535008/EXPO_STU(2016)535008_EN.pdf.

[6] USTR, "Remarks by Deputy U.S. Trade Representative Robert Holleyman to the New Democrat Network," https://ustr.gov/about-us/policy-offices/press-office/speechestranscripts/2015/may/remarks-deputy-us-trade (last visited Jul 4, 2016).

[7] Murphy, Katharine, "Trans-Pacific Partnership: four key issues to watch out for," The Guardian, November 6, 2015, https://www.theguardian.com/business/2015/nov/06/trans-pacific-partnership-four-key-issues-to-watch-out-for (last visited Jul 7, 2016).

[8] USTR, "The Digital 2 Dozen" (2016), https://ustr.gov/sites/default/files/Digital-2-Dozen-Final.pdf (last visited Jul 1, 2016).

[9] Fergusson, Ian F.m Mark A. McMinimy & Brock R. Williams, "The Trans-Pacific Partnership (TPP) negotiations and issues for congress," (2015), http://digitalcommons.ilr.cornell.edu/key_workplace/1412/ (last visited Jul 8, 2016).

[10] "How the TPP Will Affect You and Your Digital Rights," Electronic Frontier Foundation (2015), https://www.eff.org/deeplinks/2015/12/how-tpp-will-affect-you-and-your-digital-rights (last visited Jul 7, 2016).

[11] Australian Privacy Foundation (APF), Trans Pacific Partnership Agreement (2016), https://www.privacy.org.au/Papers/Parlt-TPP-160310.pdf.

[12] Greenleaf, Graham, "The TPP & Other Free Trade Agreements: Faustian Bargains for Privacy?," SSRN (2016), http://papers.ssrn.com/sol3/Papers.cfm?abstract_id=2732386 (last visited Jul 1, 2016).

[13] "GED-Project: Transatlantic Data Flows and Data Protection," GED Blog (2015), https://ged-project.de/topics/competitiveness/transatlantic-data-flows-and-data-protection-the-state-of-the-debate/ (last visited Jul 1, 2016).

[14] Geist, Michael, "The Trouble with the TPP, Day 14: No U.S. Assurances for Canada on Privacy," (2016), http://www.michaelgeist.ca/2016/01/the-trouble-with-the-tpp-day-14-no-u-s-assurances-for-canada-on-privacy/ (last visited Jul 4, 2016).

[15] Aaronson, Susan Ariel, "What does TPP mean for the Open Internet?" From Policy Brief on Trade Agreements and Internet Governance Prepared for the Global Commission on Internet Governance (2015), https://www.gwu.edu/~iiep/events/DigitalTrade2016/TPPPolicyBrief.pdf (last visited Jul 5, 2016).

[16] Lomas, Natasha, "TPP Trade Agreement Slammed For Eroding Online Rights," TechCrunch, http://social.techcrunch.com/2015/11/05/tpp-vs-privacy/ (last visited Jun 30, 2016).

[17] "Q&A: The Trans-Pacific Partnership," Human Rights Watch (2016), https://www.hrw.org/news/2016/01/12/qa-trans-pacific-partnership (last visited Jul 1, 2016).

[18] "TPP Full Text Released," People Over Politics (2015), http://peopleoverpolitics.org/2015/11/07/tpp-just-as-bad-as-you-thought/ (last visited Jul 7, 2016).

[19] "Right to Privacy in Trans-Pacific Partnership (TPP ) Negotiations," Knowledge Ecology International, http://keionline.org/node/1164 (last visited Jul 1, 2016).

[20] Asian Trade Centre, "E-Commerce and Digital Trade Proposals for RCEP (2016)," http://static1.squarespace.com/static/5393d501e4b0643446abd228/t/575a654c86db438e86009fa1/1465541967821/RCEP+E-commerce+June+2016.pdf (last visited Jul 1, 2016).

[21] "E-commerce companies like Flipkart, Snapdeal to beef up data security to meet RCEP norms," The Economic Times, http://economictimes.indiatimes.com//articleshow/49068419.cms (last visited Jul 1, 2016).

[22] ECLI:EU:C:2015:650 (C -362/14)

[23] King et al., "Privacy law, cross-border data flows, and the Trans Pacific Partnership Agreement: what counsel need to know," Lexology, http://www.lexology.com/library/detail.aspx?g=b5c0b400-8161-4439-a4b7-131552ad5209 (last visited Jul 4, 2016).

[24] "U.S.-India Business Council Applauds Resumption of Cybersecurity Dialogue," U.S.-India Business Council (2015), http://www.usibc.com/press-release/us-india-business-council-applauds-resumption-cybersecurity-dialogue (last visited Jul 5, 2016).

[25] Sukumar, Arun Mohan, "India Is Coming up Against the Limits of Its Strategic Partnership With the United States," The Wire (2016), http://thewire.in/40403/india-is-coming-up-against-the-limits-of-its-strategic-partnership-with-the-united-states/ (last visited Jul 4, 2016).

[26] Countries – Google Transparency Report, https://www.google.com/transparencyreport/userdatarequests/countries/ (last visited Jul 8, 2016).

[27] Sukumar, Arun Mohan, "A case for the Net’s Ctrl+Alt+Del," The Hindu, September 5, 2015, http://www.thehindu.com/opinion/op-ed/a-case-for-the-nets-ctrlaltdel/article7616355.ece (last visited Jul 5, 2016).

9. Author Profile

Shubhangi Heda is a Student of Jindal Global Law School, O.P Jindal Global University. She has completed her fourth year. She gives due importance to popular culture in her life and loves to read fiction and like to watch TV-shows, her favorite being 'White Collar'.

For more details visit https://cis-india.org/internet-governance/blog/tpp-and-d2-implications-for-data-protection-and-digital-privacy

Training for Internet Governance Activists

praskrishna — 2014-11-07T00:38:55Z

Geetha Hariharan attended a training session for Internet rights activists in Cambridge, organised by Global Partners Digital, UK on September 23 and 24, 2014.

Day 1. Final session was on privacy, surveillance and data protection by Mike Rispoli and Alexandrine Pirlot de Corbion from PI. Got caught up in the discussion, so no notes from that. Of interest is session on communication by Mike - a nine-step process he's outlined (in bold at the very end), and the problem tree and stakeholder mapping approach that Alex spoke of.

Day 2. Great session on the ITU and on lobbying by lobbyist Matthew McDermott of Access Partners. The ITU is a complex beast with activity at multiple levels and different levels of effectiveness at different levels. From conversations, I gathered that any effective strategy for any policy change in Internet governance at the ITU will involve lobbying national governments, and then at sub-regional, regional and global levels.

Day 3. Tim Maurer's session on cyber security. Issues of terminology and politicisation discussed. Also info on in what forums cyber security debate is taking place. The Netherlands is hosting the Global Conference on Cyber Space in April 2015.

Resources

Unedited notes from the meeting can be downloaded here (Zip File, 739 Kb)

For more details visit https://cis-india.org/internet-governance/news/training-for-internet-governance-activists

Towards an Equitable and Just Internet

praskrishna — 2014-02-17T11:20:19Z

IT for Change is organizing an international meeting to formulate a progressive response to issues of global governance of the Internet. Bhairav Acharya will be participating in this event to be held in New Delhi on February 14 and 15.

The Internet is emerging as a central feature of contemporary human life. We use it to access and disseminate information, to communicate and build community, to transact business and to practise democracy. Ever increasing dimensions of our social, economic, cultural and political life are tied to the Internet.

However, the benefits of the Internet - knowledge and power, wealth and influence, are distributed unevenly. A technology built on the egalitarian peer-to-peer principle, ironically, is emerging as a key axis of inequality, an instrument perpetuating and reinforcing longstanding social, economic, cultural and political injustices. Snowden's dramatic exposé of a deep nexus between the US government and a few global corporations to enable global surveillance, confirmed just one aspect of the problem. The truth about the Internet and how its socio-technical architecture is being shaped is considerably more complex and insidious. The rapid colonisation of the Internet by a few monopolizing global corporations, and its governance being subject, in a highly disproportionate manner, to the laws and policy priorities of one country, impacts not just privacy, but a huge range of very important social, economic, cultural and political issues. (To a lesser extent, policy frameworks developed by clubs of rich countries like the the OCED also impact the emerging shape of the Internet.)

Questions of democracy, social justice and equity need to become central to how the Internet, and how an Internet-mediated society, are evolving. The smokescreen of technical-neutrality has prevented for too long a critical, political examination of the social underpinnings of the Internet, its normative boundaries and legalinstitutional frames. In addition, self-serving formulations like 'Multistakeholderism' and 'Internet Freedom', are employed by the status quo to maintain a facade of legitimacy. Beyond the rhetoric, it is clear that the Internet – in its dominance by the powerful, is neither genuinely multi-stakeholder nor genuinely free.

There are foundational questions to be pursued, in this regard : How is the Internet redistributing power and resources? How does this impact those at the margins, those on the peripheries of an increasingly globalised world? How is such redistribution connected to the socio-technical architecture of the Internet? What kind of Internet would promote social justice and equity? What needs to be done to make it more just, more egalitarian? Who governs the Internet, and how can its governance be democratized? From the standpoint of global justice, two urgent priorities lie ahead of us.

A progressive conception and vision of the Internet, and
A common global ownership of the Internet that protects and promotes its public-ness, and its evolution as a 'global commons'. The Internet was envisaged as a decentralized network, with control from the peripheries. This characteristic of the network is rapidly eroding, What is urgently needed is a recasting of this technical principle into a socio-political framework for a truly people-owned and people-controlled Internet, and one that works for all. The global governance of the Internet requires a proper institutionalization and legal framework incorporating the true spirit of participatory democracy. It should inter alia serve to insulate the Internet both from corporatist and from statist dominations.

An international meeting, entitled 'Towards a Just and Equitable Internet', is envisaged to address the key issues identified above. It will be held in New Delhi, India, on February 14th and 15th, 2013. The meeting will bring together actors engaged in social justice movements and ICT, communication and media rights advocacy to dialogue with some of those already engaged with Internet governance issues, with a view to chart a progressive response to issues related to global governance of the Internet.

Potential outcomes from the meeting include:

A 'charter for Internet justice and equity';
Specific proposals for democratizing the global governance of the Internet as contributions to the 'Global Multistakeholder Meeting on the Future of Internet Governance' being hosted by Brazilian government in April, 2013, the UN Working Group on Enhanced Cooperation and the WSIS + 10 process.

For more details visit https://cis-india.org/news/towards-an-equitable-and-just-internet

Too Clever By Half: Strengthening India’s Smart Cities Plan with Human Rights Protection

vanya — 2016-03-22T13:49:32Z

The data involved in planning for urbanized and networked cities are currently flawed and politically-inflected. Therefore, we must ensure that basic human rights are not violated in the race to make cities “smart”.

The article was published in the Wire on March 21, 2016

As Indian cities reposition themselves to play a significant role in development due to urban transformation, the government has envisioned building 100 smart cities across the country. Due to the lack of a precise definition as to what exactly constitutes a smart city, the mutual consensus that has evolved is that modern technology will be harnessed, which will lead to smart outcomes.

Here, Big Data and analytics will play a predominant role by the way of cloud, mobile technology and other social technologies that gather data for the purpose of ascertaining and accordingly addressing concerns of people.

Role of Big Data

Leveraging city data and using geographical information systems (GIS) to collect valuable information about stakeholders are some techniques that are commonly used in smart cities to execute emergency systems, creating dynamic parking areas, naming streets, and develop monitoring. Other sources which would harness such data would be from fire alarms, in disaster management situations and energy saving mechanisms, which would sense, communicate, analyze and combine information across platforms to generate data to facilitate decision making and manage services.

According to the Department of Electronics and Information Technology, the government’s plan to develop smart cities in the country could lead to a massive expansion of an IoT (Internet of Things) ecosystem within the country. The revised draft IoT policy aims at developing IoT products in this domain by using Big Data for government decision-making processes. For example, in India a key opportunity that has been identified is with regard to traffic management and congestion. Here, collecting data during peak hours, processing information in real time and using GPS history from mobile phones can give insight into the routes taken and modes of transportation preferred by commuters to deal with traffic woes. The Bengaluru Transport Information System (BTIS) was an early adopter of big data technology which resorted to aggregating data streams from multiple sources to enable planning of travel routes by avoiding traffic congestions, car-pooling, etc.

Challenges

The idea of a data-driven urban city has drawn criticism as the initiative tends to homogenize Indian culture and change the fabric of cities by treating them alike in terms of their political economy, culture, and governance.

Despite basing the idea of a smart city on the assumption that technology-based solutions and techniques would be a viable solution for city problems in India, it is pertinent to note that the collection of personal real-time data may blur the line between personal data with the large data collected from multiple sources, leaving questions around privacy considerations, use and reuse of such data, especially by companies and businesses involved in providing services in legally and morally grey areas.

Privacy concerns cloud the dependence on big data for functioning of smart cities as it may lead to erosion of privacy in different forms, for example if it is used to carry out surveillance, identification and disclosures without consent, discriminatory inferences, etc.

Apart from right to privacy, a number of rights of an individual like the right to access and security rights would be at risk as it may enable practices of algorithmic social sorting (whether people get a loan, a tenancy, a job, etc.), and anticipatory governance using predictive profiling (wherein data precedes how a person is policed and governed). Dataveillance raises concerns around access and use of data due to increase in digital footprints (data they themselves leave behind) and data shadows (information about them generated by others). Also, the challenges and the realities of getting access to correct and standardized data, and proper communication seem to be a hurdle which still needs to be overcome.

The huge, yet untapped, amount of data available in India requires proper categorization and this makes a robust and reliable data management system prerequisite for realization of the country’s smart city vision. Cooperation between agencies in Indian cities and a holistic technology-based approach like ICT and GT (geospatial technologies) to resolve issues pertaining to wide use of technology is the need of the hour. The skills to manage, analyze and develop insights for effective policy decisions are still being developed, particularly in the public sector. Recognizing this, Nasscom in India has announced setting up a Centre of Excellence (CoE) to create quality workforce.

Though it is apparent that data will play a considerable role in smart city mission, the peril is lack of planning in terms of policies to govern the big data mechanics and use of data. This calls for development of suitable standards and policies to guide technology providers & administrators to manage and interpret data in a secured environment.

Legal hurdles

The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 deals with accountability regarding data security and protection as it applies to ‘body corporates’ and digital data. It defines a ‘body corporate’ as “any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities” under the IT Act. Therefore, it can be ascertained that government bodies or individuals collecting and using Big Data for the smart cities in India would be excluded from the scope of these Rules. This highlights the lack of a suitable regulatory framework to take into account potential privacy challenges, which currently seem to be underestimated by our planners and administrators.

Regarding access to open data, though the National Data Sharing and Accessibility Policy 2012 recognizes sensitive data, the term has not been clearly defined under it. However, the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 clearly define sensitive personal data or information. Therefore, the open data framework must refer to or adopt a clear definition drawing from section 43A Rules to bring clarity in this regard.

Way forward

As India moves toward a digital transformation, highlighted by flagship programmes like Smart Cities Mission, Digital India and the UID project, data regulation and recognition of use of data will change the nature of the relationship between the state and the individual. However, this seems to have been overlooked. Policies that regulate the digital environment of the country will intertwine with urban policies due to the smart cities mission. Use of ICTs in the form of IoT and Big Data entails access to open data, bringing another policy area in its ambit which needs consideration. Identification/development of open standards for IoT particularly for interoperability between cross sector data must be looked at.

To address privacy concerns due to the use of big data techniques, nuanced data legislation is required. For a conducive big data and technologically equipped environment, the governments must increase efforts to create awareness about the risks involved and provide assurance about the responsible use of data.

Additionally, a lack of skilled and educated manpower to deal with such data effectively must also be duly considered.

The concept note produced by the government reflects how it visualizes smart cities to be a product of marrying the physical form of cities and its infrastructure to a wider discourse on the use of technology and big data in city governance. This makes the role of big data quite indispensable, making it synonymous with the very notion of a smart city. However, the important issue is to understand that data analytics is only a part of the idea. What is additionally required is effective governance mechanism and political will. Collaboration and co-operation is the glue that will make this idea work. It is important to merge urban development policies with principles of democracy. The data involved in planning for urbanized and networked cities are currently flawed and politically-inflected. Therefore, collective efforts must go into minimizing pernicious effects of the same to ensure the basic human rights are not violated in the race to make cities “smart”.

Vanya Rakesh is Programme Officer, The Centre for Internet & Society (CIS), Bangalore. Elonnai Hickok, Policy Director of CIS, also provided inputs for this story.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-march-21-2016-vanya-rakesh-too-clever-by-half-strengthening-indias-smart-cities-plan-with-human-rights-protection

Token disclosures?

praskrishna — 2013-08-07T09:30:39Z

Snowden’s Xkeyscore expose makes a mockery of Twitter’s transparency revelations.

The article by Deepa Kurup was published in the Hindu on August 4, 2013. Sunil Abraham is quoted.

This week, roughly around the same time, two ‘revelations’ made headlines in the world of technology. The first, the U.S. National Security Agency’s top secret web surveillance programme, codenamed Xkeyscore, another expose from the house of Edward Snowden & Co.; and second, microblogging site Twitter’s third biannual Transparency Report for the first half of 2013.

The former exposed a global surveillance net, cast far and wide to freely (no formal authorisation required) access and mine emails, chats and browsing histories of millions. The content of the latter report not only pales in comparison but also raises fundamental questions on just how much goes on beyond the arguably modest claims made on Twitter’s transparency charts.

Documents published by The Guardian have the NSA claiming that the “widest-reaching” system mining intelligence from the web had, over a month in 2012, retrieved and stored no less than 41 billion records on its Xkeyscore servers. These mind-boggling numbers make a mockery of Twitter’s few hundred access request disclosures, advocates of online privacy and freedom point out. Then, it is hardly surprising that a large chunk of global requests came from the U.S. government: no less than 902 of the total 1,157 requests, accounting for 78 per cent. A far second is Japan at 8 per cent followed by the U.K.

India References

Interestingly, both Twitter’s report and the NSA’s Xkeyscore document have India references. While a map titled 'Where is Xkeyscore' in the training manual released showing India as one of 150 sites (hosting a total of 700 servers) indicates that India's very much on the global surveillance radar of the United States government; the fact that the India is a new entrant on Twitter's ‘Country Withheld Content Tool’ means that the government here is also making active interventions in microblogging content. This is very much in line with stances the Indian government has taken over the last year, swinging indecisively between asking internet firms to pre-screen content and asking service providers to take down what it finds offensive.

India, A Bit-Player

The Twitter report states that over the last six months it has seen an increase in the number of requests received (and eventual withholding of content) in five new countries: India, Brazil, Japan, Netherlands and Russia. In terms of numbers, India is still very much a bit player in the game given it falls under the ‘less than 10 category, a list where the number of requests for user information made by the government during this period is fewer than 10. It appears from the report that Twitter did not honour any of these requests, indicating that either the requests were too broad or failed to identify individual accounts.

In the same period, Twitter received two requests from India to remove content, one from the “government/law enforcement agency” and the other through a court order. In all, three tweets were removed by Twitter. No details on the nature of content removed were available.

Transparency Trends

A late entrant to transparency initiatives, Twitter's bi-annual reports have been applauded by privacy activists as an initiative that at least attempted to offer a glimpse into the otherwise opaque medium/industry. According to 'Who Has Your Back' an initiative by the Electronic Frontier Foundation, which tracks which corporate helps protect your data from the government, only a third of the 18 internet majors publish Transparency Reports – in fact, Facebook, WordPress and Tumblr all don't publish.

This article by Deepa Kurup was published in the Hindu on August 4, 2013. Sunil Abraham is quoted.

While it's definitely good that Twitter's providing data for India, post-Edward Snowden and his revealing PRISM leaks, netizens would question to what extent this data is representative of the magnitude or extent of user data tracking. Do governments like the U.S. need to approach Twitter (or other internet service providers) at all to access detailed user activity logs, content and metadata?

Secret Orders Excluded

Twitter makes it clear that its current report does not include "secret orders" or FISA disclosures. In another blog related to the Transparency Report, Jeremy Kessel, Manager, Legal Policy at Twitter Inc, writes that since 2012, Twitter's seen an uptick in requests to withhold content from two to seven countries. He writes that while Twitter wants to publish “numbers of national security requests – including FISA (Foreign Intelligence Surveillance Act) disclosures – separately from non-secret requests.” It claims it has “insisted” that the United States government allow for increased transparency into “secret orders”. “We believe it’s important to be able to publish numbers of national security requests – including FISA disclosures – separately from non-secret requests." Unfortunately, we are still not able to include such metrics, Twitter states.

'Not the Whole Truth'

In the absence of these metrics, Sunil Abraham, director of Centre for Internet and Society, feels transparency reports “may not tell us the whole truth”. The Xkeyscore revelations then may explain why the U.S. government has made only 902 information requests. “A rogramme like XKeyScore potentially allows them to capture the very same data without having to approach Twitter. This is the very same imperative behind the CMS project in India. Governments across the world want to automate private sector involvement in blanket surveillance measures so that it wont serve as a check on their unbridled appetite for data”

He warns that there's a likely “race to the bottom”, given that an unintended consequence of transparency may be that governments, rather than being shamed into respect for free speech and privacy, would be emboldened by the scale of surveillance and censorship in the so-called democracies such as the US and EU members that are on top of the global blanket surveillance game.

For more details visit https://cis-india.org/news/the-hindu-august-4-2013-deepa-kurup-token-disclosures

TIkTok: It’s time for Biden to make a decision on his digital policy with China

aman — 2021-01-22T06:11:43Z

As the United State's new president comes into office he is faced with creating a cohesive digital relations policy that corrects some of the damage done by his predecessor. This article is the first part of a series analysing his policies and challenges.

While on the campaign trail, now US president elect Joe Biden, made it clear to voters that he viewed Tik Tok as “a matter of genuine concern.” The statement came amidst a growing environment of hostility within the American government against the application. At the helm of the hostility was (now former) president Donald Trump’s passing of an executive order banning Tik Tok in the country and his attempts at forcing its parent company ByteDance to restructure the app under American ownership. Now, as the presidency passes hands, it is worth examining how the government got here and just how concerned the Biden administration should be with Tik Tok and how their strategy with the app could set the tone for digital relations with China going forward

The Road so far: The ban and forced sale of TikTok

America’s motivation to ban and sell the application can be explained by two contrasting factors: the cybersecurity risks that TikTok poses, and the country’s currently ongoing trade war with China. On the security side TikTok has faced immense scrutiny from governments around the world as to the amount of data that the application collects from its users as well as the potential links between Bytedance and the Chinese government. Furthermore there is a belief that due to the Chinese legislation that compels companies to assist the state on matters of national intelligence, there is little TikTok could do should the Chinese state decide to use it as an instrument of data collection. On the side of trade, the TikTok ban represents one of the more landmark blows dealt by the Trump government in its trade war with China. The US, since the start of his presidency has levied exclusive tariffs on specific Chinese commodities totalling to more than $550 billion. China has in response levied its own tariffs on certain American goods, with a total value of those estimated at $185 billion. Beyond these tariffs, the move to ban TikTok extends the trade war by creating clear hurdles for Chinese corporations to exist within the US market and firmly extended Trump’s protectionist trade policies into the digital sphere.

As such, on 6th August 2020, Trump released an executive order banning TikTok (as well as Chinese messaging and social media app Wechat). The ban has, however, since been indefinitely suspended as part of ongoing litigation on the matter at the federal level.

Shortly after the ban, came the attempts at forcing through the sale. While the deal has generally been referred to as ‘the TikTok sale’, it is not actually an outright purchase of the social media platform by an American company (Microsoft attempted such a purchase but was rejected by Byte Dance). Rather, the deal would see the establishment of a new US based subsidiary called TikTok global that would be partly owned (20%) by Oracle and Walmart, with Oracle becoming a trusted technology provider in order to ensure that US user’s data remains within the state. The agreement stipulates that the board of this new entity would have 4 out of 5 of the seats populated by US citizens, and that the company would go public as well. The current agreement would still see Bytedance retain ownership of the algorithms used by TikTok, which is in line with restrictions from the Chinese government preventing the sale of the algorithm to a foriegn owner without a state granted license.

How should the Biden administration handle this situation?

Dealing with the TikTok question must be one of the Biden administration’s top most priorities. The most obvious question they face is whether or not to reverse the ban and to continue to push through the sale between Bytedance and Oracle.

The case for enforcing the ban until the sale to American owners seems one that is straightforward enough. The cybersecurity concerns surrounding Bytedance’s proximity to the Chinese state and the influence of Chinese legislation are reasonable concerns. And any data gained from the application in the hands of a hostile state could be potentially harmful. This threat could be potentially reduced based on the role played by Oracle as a trusted technology partner. However with details of what exactly constitutes the functions of a ‘trusted technology partner’ it is impossible to say this with any great certainty. Simultaneously, there is a slight sense of irony in a Chinese based digital company protesting against another country’s protectionist stance to the internet.

Nonetheless these benefits are in many ways greatly over exaggerated, and in many ways allowing TikTok to return without requiring a sale could prove more beneficial in the long term. Not only would the app’s return be welcomed by its immense audience (estimated 100 million US users), it would also be a clear demonstration of America’s commitment to a less fragmented internet and more open digital economy. Furthermore, revoking the ban would also allow for the opportunity to reassess and reformulate the US’s economic and political strategy with regards to Chinese technology.

On the economic side, a retraction of the ban could signal the beginning of the end of the US-China trade war. Chinese investors are sure to see the shift from a radical republican president to a centrist democrat one as the perfect opportunity to increase foreign investment, which had been steadily declining recently. Such investment could prove significantly more substantial to the United States in a post covid-19 world as opposed to even in 2019. It is not unimaginable that Biden would look to maximise this opportunity to boost the economy.

On the political side, the government has to evaluate the success of sanctions levied against Chinese technology and whether that approach of blanket banning will translate effectively to the digital sphere. Not only has the US’s sanctions against certain chinese technologies proved unsuccessful, tools such as VPNs that can negate a ban make this strategy even less effective in the digital space.

The largest hurdle to revoking the ban would be the genuine cybersecurity concerns with a Chinese corporation having access American citizens’ data. However, dealing with these concerns through a simple ban of the application would only solve this one instance of excessive surveillance and data collection by a foreign app. Rather any solution must look to fix the issue at its root - that being the need for a more cohesive, detailed and overarching national data protection and cybersecurity policy. Such a policy could place clear limitations on data collection, stipulate data localisation policies for sensitive information and outline numerous other means of reducing the threat involved with allowing applications from states such as China to operate in the US.

Ultimately, Biden will be confronted with the reality of this situation the moment he enters office. The decision he makes on TikTok would set the tone for his term and for his government’s relationship with China. Whatever he decides to do, he needs to do it as soon as possible. The clock is ticking.

For more details visit https://cis-india.org/internet-governance/blog/tiktok-it2019s-time-for-biden-to-make-a-decision-on-his-digital-policy-with-china

Through the looking glass: Analysing transparency reports

Torsha Sarkar, Suhan S and Gurshabad Grover — 2019-11-02T05:48:59Z

An analysis of companies' transparency reports for government requests for user data and content removal

Over the past decade, a few private online intermediaries, by rapid innovation and integration, have turned into regulators of a substantial amount of online speech. Such concentrated power calls for a high level of responsibility on them to ensure that the rights of the users online, including their rights to free speech and privacy, are maintained. Such responsibility may include appealing or refusing to entertain government requests that are technically or legally flawed, or resisting gag orders on requests. For the purposes of measuring a company’s practices regarding refusing flawed requests and standing up for user rights, transparency reporting becomes useful and relevant.Making information regarding the same public also ensures that researchers can build upon such data and recommend ways to improve accountability and enables the user to understand information about when and how governments are restricting their rights.

For some time in the last decade, Google and Twitter were the only major online platforms that published half-yearly transparency reports documenting the number of content take down and user information requests they received from law enforcement agencies. In 2013 however, that changed, when the Snowden leaks revealed, amongst other things, that these companies were often excessively compliant with requests from US’ intelligence operations, and allowed them backdoor surveillance access to user information. Subsequently, all the major Silicon Valley internet companies have been attempting to publish a variance or other of transparency reports, in hopes of re-building their damaged goodwill, and displaying a measure of accountability to its users.

The number of government requests for user data and content removal has also seen a steady rise. In 2014, for instance Google noted that in the US alone, they observed a 19% rise for the second half of the year, and an overall 250% jump in numbers since Google began providing this information. As per a study done by Comparitech, India sent the maximum number of government requests for content removal and user data in the period of 2009 - 2018.8 This highlights the increasing importance of accessible transparency reporting.

Initiatives analysing the transparency reporting practices of online platforms, like The Electronic Frontier Foundation (EFF)’s Who Has Your Back? reports, for instance, have developed a considerable body of work tracing these reporting practices, but have largely focused at them in the context of the United States (US). In our research, we found that the existing methodology and metrics to assess the transparency reports of online platforms developed by organisations like the EFF are not adequate in the Indian context. We identify two reasons for developing a new methodology:

Online platforms make available vastly different information for US and India. For instance, Facebook breaks up the legal requests it receives for US into eight different classes (search warrants, subpoenas, etc.). Such a classification is not present for India. These differences are summarised in Annexure
The legal regimes and procedural safeguards under which states can compel platforms to share information or take content down also differ. For instance, in India, an order for content takedown can be issued either under section 79 and its allied rules or under section 69A and its rules, each having their own procedures and relevant authorities. A summary of such provisions for Indian agencies is given in Annexure 3.

These differences may merit differences in the methodology for research into understanding the reporting practices of these platforms, depending on each jurisdiction’s legal context.

In this report, we would be analyzing the transparency reports of online platforms with a large Indian user-base, specifically focusing on data they publish about user information and takedown requests received from Indian governments’ and courts.

First, we detail our methodology for this report, including how we selected platforms whose transparency reports we analyse, and then specific metrics relating to information available in those reports. For the latter, we collate relevant metrics from existing frameworks, and propose a standard that can be applicable for our research.

In the second part, we present company-specific reports. We identify general trends in the data published by the company, and then compare the available data to the best practices of transparency reporting that we proposed.

Download the full report. The report was edited by Elonnai Hickok. Research assistance by Keying Geng and Anjanaa Aravindan.

For more details visit https://cis-india.org/internet-governance/blog/torsha-sarkar-suhan-s-and-gurshabad-grover-october-30-2019-through-the-looking-glass

Third South Asian Meeting on the Internet and Freedom of Expression

praskrishna — 2013-01-17T07:16:58Z

Internet Democracy Project, Voices for Interactive Choice & Empowerment and Global Partners & Associates are organizing this event in Dhaka on January 14 - 15, 2013.

Pranesh Prakash is moderating the session on "Understanding cyber security and surveillance in South Asia today". Chinmayi Arun is speaking in this panel.

The Third South Asian Meeting on the Internet and Freedom of Expression seeks to address the question of how freedom of expression on the Internet is best protected by taking as its starting point two of the biggest challenges for freedom of expression online in South Asia today: hate speech online on the one hand, and cyber security and surveillance on the other.

The meeting seeks to investigate how these challenges affect freedom of expression on the Internet as well as how they can be addressed most effectively while protecting free speech online. It will also touch briefly on the important question of what kind of Internet governance processes are most likely to ensure the desired outcomes materialise.

A very short history of the South Asian Meeting on the Internet and Freedom of Expression
The first South Asian Meeting on the Internet and Freedom of Expression took place in March 2011 in Delhi, and mapped the many challenges for free speech online in our region, as an input into the report on the Internet and freedom of expression of UN Special Rapporteur on Freedom of Expression, Mr. Frank La Rue.

The second South Asian Meeting, in Kathmandu in November 2011, assessed the extent to which policy and regulation in the South Asian countries complied with the recommendations Mr. La Rue made in his report.

This third meeting will now build on these earlier efforts by bringing together experts from civil society, business, the research community and other stakeholder groups from across the region to discuss two of the biggest shared challenges for freedom of expression online in South Asia today in detail: the rising visibility of hate speech on the one hand, and the impact of discourses regarding cyber security and surveillance on the other.

Why focus on hate speech and security/surveillance now?
Since UN Special Rapporteur on Freedom of Expression, Mr. Frank La Rue, presented his report on the Internet and freedom of expression to the UN Human Rights Council in June 2011, the complexity of this topic has received growing recognition. However, not all trends that La Rue had pointed out as directly affecting freedom of expression online – from access to the Internet to cyber attacks – are equally important in the South Asian region. Detailed analysis in several South Asian countries has shown that, though Internet penetration rates remain fairly low, most countries do possess, for example, the political will crucial to improve these figures. The two trends that seem to be of greatest concern in our region are that of the fight against hate speech, and the impact on freedom of expression of cyber security and surveillance measures. The latter is foregrounded for a variety of reasons ranging from the safety of individual users to national security.

Incidentally, across the region, as in many parts of the world, hate speech and cyber security have also been among the most important reasons governments have quoted to justify greater government control over the Internet. At the national level, this has at times manifested itself through the approval and implementation of legislation that has far-reaching consequences for freedom of speech online, without consulting many of the stakeholders who are affected at any point in time. At the global level, we see a growing number of proposals by governments that would effectively expand their collective powers to regulate the Internet, though with varying levels of involvement of other stakeholders envisioned.

Yet while governments' intentions when imposing censorship or approving surveillance measures may at times be in doubt, it is difficult to deny that the Internet has facilitated a new proliferation of hate speech, as well as that it has thrown up new security challenges that couldn't even be imagined before.

It is therefore our contention that the challenges of hate speech online and of ensuring cyber security in our region are real, and need to be addressed head-on if we are to strengthen and protect the right to freedom of expression online. For this reason, the meeting seeks to investigate both the precise nature of these challenges and what Internet governance mechanisms we need to evolve to ensure that they can be addressed most effectively whilst upholding and strengthening the right to freedom of expression. If we are to take the challenges the threats of hate speech and cyber security policy embody seriously yet also aim to uphold and strengthen the right to freedom of expression online, then what are the solutions we require? And who will need to be responsible for implementing them?

Participants
Taking into account the many parallels in the shape problems of hate speech and cyber security and surveillance take across the South Asian region as a result of shared cultures and historical legacies alike, participants will be invited from Bangladesh, India, Nepal, Pakistan, Afghanistan, Sri Lanka and the Maldives. Moreover, as solutions to these problems will invariably require collaboration among various stakeholders in the Internet governance field in order to be effective, participants will be drawn from a wide variety of stakeholder groups, including civil society, business, government, academia and the media from across the region. In this way, the meeting hopes tofacilitate a South Asia wide, multistakeholder dialogue, to learn, discuss and evolve more detailed thinking on these topics for one and a half days. The meeting will come to an end with a public event at the end of the second day.

The meeting will use a variety of formats, including key note presentations, panel discussions, case studies and small group conversations.

Agenda

January 14, 2013

9.00-09.45	Welcome and introductions to participants
09.45-10.15	Introduction to the meeting: the challenge that hate speech online and cyber security/surveillance pose to freedom of expression on the Internet – Dixie Hawtin Intro: Internet governance and human rights issues in general Why is this event focussed on hate speech and surveillance?
10.15-10.45	Tea/coffee break
10.45-12.15	The challenge of hate speech on the Internet in South Asia Strengthening the right to freedom of expression to curtail hate speech (Anja Kovacs) Three country perspectives, from the Maldives (Mariyath Mohamed), Pakistan (tbc), and Bangladesh (Salim Khan) Moderator: Bishakha Datta
12.15-13:30	Lunch
13.30-14.00	Keynote: Thinking about a rights-based approach to cyber security and surveillance as it relates to speech – KS Park
14.00-15.30	Understanding cyber security and surveillance in South Asia today With Three country perspectives from Bangladesh (Mohammad Rahman), Nepal (Kailash Prasad Neupane) and India (Chinmayi Arun). Moderator: Pranesh Prakash
15.30-16:00	Tea/coffee break
16.00-17.30	Legal and ethical questions and challenges when addressing cyber security and surveillance: two case studies – Rohan Samarajiva

January 15, 2013

9.00-9.15	Introduction to day 2
9.15-9.45	Cybersecurity, surveillance and hate speech online – key issues that need to be addressed in governance in order to protect Internet freedom of expession. This session will discuss particular issues that have relevance for both cyber security debates and hate speech issues in greater depth. Four topics that will be addressed are: The question of anonimity (KS Park) Cross-border cooperation and other jurisdictional issues in context of cloud computing and crossborder data flows and storage (Aditya Rao) Domain Names and registration (Babu Ram Aryal) Intermediaries as law enforcers (Suman Pradhan) Moderator: Shahzad Ahmed
10.45-11.00	Tea/coffee break
11.00-13.00	What kind of solutions could a rights-based approach throw up to the challenges raised so far in the meeting? Open discussion in groups and plenary, following key note speaker, Bulbul Monjurul Ahsan
13.00-13.30	Summing up and thank you
13.30-15.00	Lunch
15:00 – 16:00	Meeting participants move to venue for public meeting, tea/coffee break and arrival of wider public
16.00-18.30	PUBLIC EVENT: The Internet and freedom of expression Confirmed speakers include: Abu Taher, Info Commissioner; Iftekharuzzaman, Executive Director, Transparency International Bangladesh; Sarah Hossain, Lawyer and Honorary Executive Director, BLAST; Shaheen Anam, Executive Director, Manusher Jonno Foundation; Monjurul Ahsan Bulbul, eminent journalist and CEO, Boishakhi Television; and Rohan Samarajiva, Chair and CEO, LIRNEasia.

List of Participants

Aditya Rao, Senior Associate, Amarchand Mangaldas, India
Ahmed Swapan, Executive Director, VOICE, Bangladesh
Amrit Pant, General Secretary, Computer Association of Nepal & President, Information Technology Development Society, Nepal
Anja Kovacs, Project Director, Internet Democracy Project, India
Babu Ram Aryal, President, Internet Society, Nepal Chapter, Nepal
Binaya Guragain, Coordinator of Programs, Equal Access, Nepal
Bishakha Datta, Wikimedia Foundation Board Member & Co-founder, Point of View, India
Chinmayi Arun, Assistant Professor, National Law University Delhi & Fellow, Centre for Internet and Society, India.
Dixie Hawtin, Project Manager for Digital Communications and Freedom of Expression, Global Partners and Associates, UK
Farhana Rumki, Associate Programme Coordinator, VOICE, Bangladesh
Kailash Prasad Neupane, Chief of Legal Section, Spokesperson, Secretary and Registrar, Nepal Telecommunications Authority, Nepal
Khairuzzaman Kamal, Founder Secretary General of Bangladesh Manobadhikar Sangbadik Forum & Senior Reporter at Bangladesh Sangbad Sangstha, Bangladesh
Khawaza Mainuddin, Executive Editor, ICE Business Times Magazine, Bangladesh
K S Park, Executive Director, the PSPD Public Interest Law Center & Professor, Korea University Law School, South Korea
Mariyath Mohamed, Journalist, Minivan News, Maldives
Mohammad Nazmuzzaman Bhuian Emon, Associate Professor, Department of Law, University of Dhaka, Bangladesh
Mohammad Shahriar Rahman, Assistant Professor, Department of Computer Science and Engineering, University of Asia Pacific & Head, Center for IT Security and Privacy, Bangladesh
Moiyen Zalal Chowdhury, Community Manager, Somewhere.In & Norad Fellow,Bangladesh
Monjurul Ahsan Bulbul, Chair, International Press Institute & Editor-in-chief and CEO,Boiskakhi TV, Bangladesh
Pranesh Prakash, Policy Director, Centre for Internet and Society, India
Prasanth Sunganathan, Counsel, Software Freedom Law Centre, India
Rezaur Rahman Lenin, Research Fellow, VOICE, Bangladesh
Richa Kaul Padte, Writer, India
Rohan Samarajiva, Chair and CEO, LIRNEasia, Sri Lanka
Saleem Samad, Columnist & Correspondent at Reporters without Borders, Bangladesh
Salimullah Khan, Writer and Professor, Stamford University, Bangladesh
Sana Saleem, Director, Bolo Bhi, Pakistan
Santosh Sigdel, Advocate and Vice President, Internet Society, Nepal Chapter, Nepal
Shahzad Ahmed, Country Director, Bytes for All, Pakistan
Shehla Rashid Shora, Project Officer, Internet Democracy Project, India
Shehnaz Banu, Media and Communication Officer, Alliance for Social Dialogue, Bangladesh
Soheil Zafar, Editor, Unmochan Blog & TV Producer and Researcher, 71 Television, Bangladesh
Suman Lal Pradhan, CEO, Websurfer, Nepal
Sushma Luthra, Event Coordinator, India
Syeda Fedous Jana, Managing Director and Co-Founder of Somewhere.In, Bangladesh
Tahmina Rahman, Director Bangladesh and South Asia Region, Article 19, Bangladesh
Vasana Wickremasena, Executive Director, Centre for Integrated Communication Research and Advocacy, Sri Lanka

For more details visit https://cis-india.org/news/third-south-asian-meeting-on-internet-and-freedom-of-expression

Theorizing the Digital Subaltern

sara — 2013-08-06T07:20:41Z

As digital humanities research at CIS proceeds, a number of critical positions have arisen, making it possible to reconcile questions of humanities with the digital realm. This blog entry focusses on race as a factor of research and how it is displayed in the digital.

Digital humanities has been criticized for a lack of content when compared with research in the traditional field of humanities. While humanities work deals mostly with subalternity, politics and what it means to be human, it has been established that a lot of digital humanities work revolves mainly around questions of providing access. Access is a good thing and focussing on it can be helpful. Nonetheless, as has been stated by Nishant Shah, simply providing access only works in an ideal world, where all have the gadgets and knowledges of making use of the research made available through digitalization (Shah: 2012). The internet is not the discrimination-free, post-gendered space that cyber-enthusiasts hoped for it to be. As a matter of fact, as Lisa Nakamura describes, the internet is a space of racial and gendered re-embodiement (Nakamura: 2007). Her argument is that in relation to the advancing biotechnologies, ubiquitous surveillance and pre-emptive profiling, 'racio-visual logic' is reconfiguring the body online (ibid.). Even if there is actually visibility of marginalized groups online, it is not always something that actually results in fruitful engagement with the paradigms of racial discrimination. This means that social inequalities and racial discrimination marginalizing people offline are reproduced online. Nakamura exemplifies this in an example by investigating the website alllooksame.com, where users are encouraged to participate in racial profiling by labeling pictures of Asians to be Korean, Chinese or Japanese. A majority of users falsely label the faces, which shows how the social construction of race can wrongly be mainstreamed to accommodate visual perceptions of eastern stereotypes. In this case, as the obviously problematic title of the website already suggests, simply making spaces for perceived minorities is more harmful than good. Nakamura also exemplifies how race is otherwise fetishized online, for example in video games like Grand Theft Auto, portraying non-white protagonists as thugs, or even all-time favorites like Street Fighter or Tekken, appealing to the western image of Asians as martial arts superpowers.

Therefore, the question of the quality of that access and visibility concerning subaltern groups should be vitally important to work in the digital humanities, more than the mere quantity of knowledges available. As Moore-Gilbert explains in his work on digital subalternity (Moore-Gilbert: 2000), it is not mainly access and digitalization, which will be equalizing factors in the digital age. The subaltern is a concept by Antonio Gramsci, which tries to describe the marginalized groups of people that do not have access to hegemonic spaces in society. Gayatri Spivak adds to that concept by saying that not only do the subaltern not have access to hegemonic power structures, also this denial of access makes it impossible for the subaltern to express their own knowledges, as they need to adopt Western ways of knowing to be heard. A subaltern's own cultural knowledges are therefore omitted from the discourse and a subaltern can never truly express oneself (Spivak: 1988).

Summarizing subalternity as the oppressed and dispossessed, Mike Kent (2008) defines a new digital divide, which is opening between people with access to the internet and abilities to operate a computer, and people to whom, for some reason, that description does not apply. These people may simply not own or have access to computers on a regular basis (or at all), but also may be excluded from a digital discourse, because they have been marginalized in that discourse from its analog beginnings. One of the examples was shortly addressed in one of the digital humanities blogposts, where it was explained that many people in India seem to believe that the digital is naturally for the english-speaking world and not available in local languages. These are therefore excluded in the building of gadgets and internet infrastructure, leading users to believe that the internet is a hegemonic space with male, white, western, or at the very least english-speaking dominance. Therefore local Indian languages are marginalized and the digital becomes a realm, which marginalizes non-hegemonic culture and people with different language priorities have difficulties finding their way into. The problem with subalternity is that these people are not visibly excluded, and might not even be aware of their exclusion (Kent: 2008). Providing Indian language Wikipedia, for example, is part of the solution, but definitely not all of it. When doing digital humanities work, archiving or creating access through digitalization, the digital divide grows and does so even more, as it is not, and cannot be addressed in such a way that the people being marginalized are put into a position of realizing the disproportion of knowledge access.

So merely providing information online will not result in the diminishment of the priorly addressed knowledge gap. Even when addressing this gap, it happens in terms of academics, intellectuals and people with online access speaking on behalf of people who do not have access to the discursive space in which these gaps are discussed. The experiences of the subaltern are only addressed from the outside and without their presence. This summarizes subalternity under one large, obscure category, ignoring that the subaltern might need to be addressed individually, according to race, class, gender, etc., to be able to gain the knowledges needed to participate in the discourse evolving around questions of digital humanities. Is it therefore substantive to include subaltern positions into digital discourses, even if this means speaking on behalf of certain positions at first to raise awareness. However, the awareness of speaking for someone else should also exist within the discourse and if there is any way of including subaltern positions directly, they should do so.

Within the work field of digital humanities, many projects are discussing the infrastructure and ways of dealing with online knowledges. The project Digital Humanities Q&A (http://digitalhumanities.org/answers/, or @DHanswers on twitter) offers a platform to ask questions regarding anything concerned with digital humanities. The community quickly tries to help the poster to overcome whatever difficulties s_he might be having in 'building'. And even questions of politics and ethics are discussed in the forum. This is an important infrastructure for discourse happening outside of classical academic forms and certainly retains authority through the amount of other work the researchers participating in the project are publishing online and off.

What seems to be missing, however, is the acknowledgement that the digital is not simply something apart from humanity, and is not something simply extractable and usable as a tool without affecting what it means to be human. Technology forms our very being from the first moment of creation in our mother's wombs. It is intrinsic to every life form in human society and even a complete lack of technology surrounding someone (if that is even possible), is technological in a sense that it is perceived as a lack thereof. This does not necessarily mean that all research work results to digital humanities, but it does point to the impossibility of leaving questions of the social, of race, of gender, aside when dealing with technological development.

To make an analytical example, the technologically focussed concept of the 'Internet-Geek' or the 'Hacker' gives an outlook on how questions of race are handled within a digital space. The terms hacker and geek are being used interchangeably, even though the concepts might differ. Not all geeks are hackers, however, they occupy the same space in the mainstream discourse and when speaking of an internet-geek it is often the assumption that they hack as well. While the term geek bore negative connotations for years, it seems to have shaken these with the rise of the digital realm marking the turn from 'geekism' to 'hacktivism', and with that, geekism as a new type of expertise. Geeks are no longer seen as friendless mavericks, who spend their time obsessing about one subject, which the mainstream culture seems to have little interest in or use for. Much more, the internet-geek is a political figure, which is often said to have the best survival skills in the digital age and is able to navigate through the digital realm like 'a fish takes to water'. The discourse around geek-ism focusses on the geek as an anti-intellectual figure, which overcomes classical academia, as “it's unnecessary to get a college degree in order to be a great coder” (Sanger 2011). However, debates around intellectualism are as old as the concept of the intellectual itself. Historically, the discourse on intellectualism has always been paired with antisemitism and the concept of the intellectual was first used as a derogative term to attack the left wing group defending the jewish captain Alfred Dreyfus in late 19^th century France. The captain was sentenced to life imprisonment for the wrongful accusations of having communicated french military secrets to the German embassy. His accusation and life sentence served the sustenance of French national values and enforced nationalism through the 'Othering'¹ of the jewish captain. Anti-intellectualism therefore historically springs from structural antisemitism and it is worth looking into how that concept has been employed in today's digital culture. Unfortunately, dwelling on the concept of the intellectual is not possible within the frame of this short exemplary analysis. The ambivalence of the concept should, however, not go by unnoticed. This polemic of the discourse is lost in the digital age and there seems to be little engagement with historical perceptions, which may lead to essentialists perceptions of knowledges.

In embracing the priorly addressed values of the internet, the figure of the geek is in most discourses portrayed as anarchic and dismissive of any form of singular authority, therefore undermining power-structures and hegemonic knowledges. While these discourses engage in questions of authority and freedom, it is difficult to find engagement with the categorial inequalities existent in the digital realm. The political engagement, which is supposed to be a key feature in the identity of the hacker, limits itself to questions of freedom of data and open-source. As has been described before, these technological concepts restrict themselves to data accessibility, but do not engage in questions of the quality of access to that data, or the quality of that data itself. The work of the geek or hacker is therefore not subversive per se. Rather, hackerism saw the freedom of internet usage as a right, not a privilege, thereby essentializing a 'survival of the fittest' mentality, which benefits and excuses aggressive behaviour and therefore alienating more sensitive positions. This usually results in re-justifying patriarchal structures and affirming the white, male, heterosexual norm.

Within the last couple of years geek feminism blogs and websites have been springing up on the web in an attempt to overcome the existing knowledge gaps, but the linguistic and theoretical reference seems always to be more along the lines of feminism in an online space and how much these discourses actually impact hetero-normative hackerspaces is questionable. Geek feminists therefore seldom perceive themselves to be part of the hacker-identity, but move in the realm of feminist theory, where intersectionality with other categories, such as race, has been established to be a key factor of analysis. In the hacker-realm, however, when referring to color, what is mostly being addressed is the ethical direction, in which the hacker is performing his*² task, as a short search-engine review of the topic implies. So the political questions the geek or hacker faces, evolve around cybersecurity, privacy and open spaces on the internet, but do not engage in what it means to be of a certain race, gender, etc. when writing code, hacking technologies, or processing knowledges online. This practice of obscuring categories of inequality does not make them any less effective, but, as has been shown above, enforce shallow and often fetishized depictions of online spaces and the users occupying them. This results in a naturalization of the white, male perspective and implies every other position to be an aberration. It is often implied that people of color simply don't want to participate, instead of seeing the possibility of the spaces not being inclusive and inviting enough. It has often been said that hackerspaces are alienating towards women, but the stereotypical depiction of any ethnic group influences the notion of the hacker to be of a certain class and race as well. While one might perceive that Asians occupy a great amount of online space, this does not necessarily mean fruitful engagement in a critical discourse around race in cyberspace.

So even if there is no direct racism in online spaces or within the notion of the hacker, the lack of theorizing race as a category which is still being seen as inferior leads to informal discrimination and reinforces a norm that marginalizes people of color. Research and the building of infrastructure follows these normative interests and marginalizes interests of groups that do not fit into the privileged categories. The notions of free internet usage implies a choice which is not always available, especially within marginalized communities. So it is necessary to engage with the questions of freedom, for whom they apply online, and where freedom and access stop being choices.

To reference Marshall McLuhan, the medium may not necessarily be the message, but it does inseparably intertwine itself, so that it is impossible to tell where medium stops and message begins. If we accept the premise that we are all cyborgs and digital technologies are inscribed in our bodies, a mere quantitative approach to these is not possible and believing technology to simply be a methodology, a means to end is not either. It is necessary to find a way to deal with the technological, the data and, in the end, the internet as a cultural phenomenon which forms our society just as other media does, but also creates reality in a more accurate and impacting way than any medium has done before.

Therefore when taking a turn towards visualizations and design, one should remember what it means to visualize and what is being left out in the process. Of course, articulating something is always a process of marginalizing something else, as it is simply impossible to include all positions. However, the necessity to clarify ones own position, vital in humanities, seems lost in the transition towards digital humanities. The necessity of critical digital humanities has been stressed in the past and a number of critical projects have arisen, a number of which are summarized on the design for digital inclusion homepage from the Washington University: https://depts.washington.edu/ddi/research.html. It is necessary to critically engage with concepts that occupy the digital space and this short analysis of the hacker may serve as a starting point for future research.

Annotations:

1'Othering' is a concept introduced by Edward Said, saying that the construction of a norm usually develops through the demarcation of what they are not. In this case, the french nationality was built upon a notion of anti-semitism and the concept of treason as the biggest offense to the nation state. The concept of 'othering' has also been employed by several other theorists and subaltern researchers, amongst them Gayatri Spivak. See Said: 1977, Spivak: 1985

2Unless explicitly feminist, most literature still addresses the hacker as a male figure. Although of course there are several female hackers, the concept is still connoted as a male identity. In following, this connotation will be applied, however the * indicates the critical engagement with the concept, mirroring the differential gap of power and authority according to the concept of hegemonic masculinity.

References:

Deleuze, G./Guattari, F. (1993): A Thousand Plateaus. Capitalism and Schizophrenia. Minnesota: U of Minnesota Press.

Gold, M.K. (2012): Debates in the Digital Humanities. Open Access Edition

Kuhn, T. S.(1996): The Structure of Scientific Revolutions, University of Chicago Press. 3^rd edition.

Kent, M. (2008): Digital Divide 2.0 and the Digital Subaltern. In: Nebula 5.4, 2008. Accessed July 26^th 2013:http://www.nobleworld.biz/images/Kent3.pdf

Moore-Gilbert, B. (2000): Spivak and Bhabha, In: Schwarz/Ray (ed.), A Companion to Postcolonial Studies. Oxford: Blackwell Publishers, 2000, p. 453.

Nakamura, L. (2008): Digitizing Race. Visual Cultures of the Internet. Minnesota: U of Minnesota Press.

Said, E. (1977): Orientalism. London: Penguin

Shah, N. (2012): The Digital Classroom in the Time of Wikipedia. Accessed July 26^th 2013: http://cis-india.org/raw/digital-humanities/blogs/digital-classroom/digital-classroom-in-time-of-wikipedia

Spivak, Gayatri Chakravorty. " Can the Subaltern Speak?" in Marxism and the Interpretation of Culture. Eds. Cary Nelson and Lawrence Grossberg. Urbana, IL: University of Illinois Press, 1988: 271-313.

Sterne, J. (2000): Computer Race goes to Class. How Computers in Schools Helped Shape the Racial Topography of the Internet. In: Kolko/Nakamura/Rodman (ed.): Race in Cyberspace. New York/London: Routledge. Accessed 29^th July 2013: http://sterneworks.org/ComputerRaceGoestoClass.pdf

For more details visit https://cis-india.org/raw/theorizing-the-digital-subaltern