Blog

In continuance of research around the Draft Human DNA Profiling Bill that has been drafted the Department of Biotechnology, this blog entry reviews best practices for the communication of DNA profiles from the DNA Bank Manager to law enforcement and the police, compares the section 35(1) of the Draft Human DNA Profiling Bill and section 4 of the Identification Act Revised Statute of Canada, and recommends a revision of the present provision in the Draft Human DNA Profiling Bill.

Indian Provision

35 (1) “On receipt of a DNA profile for entry in the DNA Data Bank, the DNA Bank Manager shall cause it to be compared with the DNA profiles in the DNA Data Bank in order to determine whether it is already contained in the DNA Data Bank and shall communicate, for the purposes of the investigation or prosecution in a criminal offence, the following information to a court, tribunal, law enforcement agency or DNA laboratory in India which the DNA Data Bank Manager considers is concerned with it, appropriate, namely –

(a) As to whether the DNA profile received is already contained in the Data Bank; and

(b) Any information, other than the DNA profile received, is contained in the Data Bank in relation to the DNA profile received.

(2) The information as to whether a person’s DNA profile is contained in the offenders’ index may be communicated to an official who is authorized to receive the same as prescribed.”

Canadian Provision vs. Indian Provision

According to the Draft Human DNA Profiling Bill 35(1) was adopted from the DNA Identification Act Revised Statute of Canada section 4. The provision found in the Draft Human DNA Profiling Bill is different in three ways:

1. The Canadian statute limits the communication of whether a DNA profile is contained in the Data Bank or not to law enforcement agencies or other DNA laboratories, where as the provision in the Draft Human DNA Profiling Bill allows the communication to law enforcement agencies, other DNA data banks, and courts and tribunals.
2. The Canadian statute limits the comparison of any DNA profile to that as entered in the convicted offenders index or the crime scene index with those DNA profiles that are already contained in the databank, where as the Draft Human DNA Profiling Bill allows for any received profile to be compared with the other profiles in the DNA Data Bank.
3. The Canadian statute defines four types of information that may be communicated to law enforcement or another DNA databank including:

1. (a) if the DNA profile is not already contained in the data bank, the fact that it is not;
2. (b) if the DNA profile is already contained in the data bank, the information contained in the data bank in relation to that DNA profile;
3. (c) if the DNA profile is, in the opinion of the Commissioner, similar to one that is already contained in the data bank, the similar DNA profile; and
4. (d) if a law enforcement agency or laboratory advises the Commissioner that their comparison of a DNA profile communicated under paragraph (c) with one that is connected to the commission of a criminal offence has not excluded the former as a possible match, the information contained in the data bank in relation to that profile.

While the Draft Human DNA Profiling Bill provides for communication of only (a) and (b) by the DNA Data Bank Manager.

Concerns with 35(1) and Best Practices

The Centre for Internet and Society finds 35(1) problematic because a  DNA profile is never a complete match, and is instead a scientific and statistical based probability. There are a number of steps that go into the analysis of a DNA profile. According to the US National Institute of Justice, these include: “1) the isolation of the DNA from an evidence sample containing DNA of unknown origin, and generally at a later time, the isolation of DNA from a sample (e.g., blood) from a known individual; 2) the processing of the DNA so that test results may be obtained; 3) the determination of the DNA test results (or types), from specific regions of the DNA; and 4) the comparison and interpretation of the test results from the unknown and known samples to determine whether the known individual is not the source of the DNA or is included as a possible source of the DNA.”

Though it is common for DNA Banks to communicate responses such as “match”,  “no match”, or “partial match” or “inclusion”, “exclusion”, or “inconclusive” to inquiries received from law enforcement and other DNA Banks, this is not the case for communications to courts and tribunals. For example in England and Wales guidelines for presenting DNA evidence in court were laid out in the rule Rv. Dohemy and Adams (1997) 1 Cr. App. R. 396. Along with comprehensive guidelines on how experts should conduct themselves in court to prevent bias, the guidelines require the following information to be presented when DNA material is used as evidence in a case:

• “The scientist should adduce the evidence of the DNA comparisons between the crime stain and the defendant’s sample together with the calculations of the Random Match Probability.
• Whenever DNA evidence is adduced the Crown should serve on the defence details as to how the calculations have been carried out which are sufficient to enable the defence to scrutinize the basis of the calculations.
• The Forensic Science Service should make available to a defence expert, if requested, the databases upon which the calculations have been made.
• The expert will, on the basis of empirical statistical data, five the jury the random occurrence rations - the frequency with which the matching DNA characteristics are likely to be found in the population at large.
• Provided that the expert has the necessary data, it may then be appropriate for him to indicate how many people with the matching characteristics are likely to be found in the United Kingdom...”

Recommendations

Given the influential weight that DNA evidence can have in a case, it is critical that the evidence is accurately presented to the court and other key stakeholders. The  Centre for Internet and Society recommends that the Bill should distinguish the DNA Bank Manager’s response to law enforcement and other DNA Laboratory’s and the DNA Bank Manger’s response to courts and tribunals as below:

• Response to Law enforcement agency and DNA Laboratory: The DNA Bank Manger should respond to a request from law enforcement or a DNA laboratory with either: "match" or "partial match" .
• Response to Court and tribunal: When DNA evidence is used in a court of law, the Bill should provide that the presentation should include:

1. The random match probability: The probability that the profile is in the sample from the individual tested if the individual tested has been selected at random.
2. The frequency with which the matching DNA characteristics are likely to be found in the population at large.
3. The probability of contamination.

The Bill should also provide for the database upon which the calculations were based to be made available when requested.  In addition, the Bill should provide for rules to be made prescribing the procedure for presentation.

---

[]. http://nij.gov/topics/forensics/evidence/dna/basics/Pages/analyzing.aspx

[2]. http://www.medicalgenomics.co.uk/pdf/Barrister_vol32-2007.pdf

This article by Maria Xynou was published by OpenDemocracy on 10 February 2014.

Worried about the secret, mass surveillance schemes being carried out by the NSA? While we should be, some of the surveillance schemes in the world's largest democracy, India, are arguably in the same league.

Surveillance is being globalised to the extent that even India, a country with huge poverty issues, is investing millions of dollars in creating an expansive surveillance regime. However, why would communications monitoring interest Indian authorities, when the majority of the population lives below the line of poverty and only 17% of the population has access to the Internet?

The official political motivation behind surveillance in India appears to be the government's determination to tackle terrorism in the country. The 2008 Mumbai terrorist attacks were arguably a similar landmark to the 9/11 terrorist attacks in the US, and both governments officially announced their intention to carry out surveillance as a counter-terrorism measure. However, unlike in the west, terrorist attacks in India are much more common, and the National Security Adviser reported in 2008 that 800 terrorist cells were operational in the country. With India’s history of major terror attacks in India over the last 25 years, it's easy for one to be persuaded that terrorism is actually a major threat to national security.

India's surveillance schemes

India’s surveillance programs mostly started following the 2008 Mumbai terror attacks. That was when the Ministry of Home Affairs first proposed the creation of a National Intelligence Grid (NATGRID), which will give 11 intelligence and investigative agencies real-time access to 21 citizen data sources to track terror activities. These citizen data sources will be provided by various ministries and departments, otherwise called “provider agencies”, and will include bank account details, telephone records, passport data and vehicle registration details, among other types of data.

The Ministry of Home Affairs has sought over Rs. 3,400 crore (around USD 540 million!) for the implementation of NATGRID, which aims to create comprehensive patterns of intelligence by collecting sensitive information from databases of departments like the police, banks, tax and telecoms to supposedly track any terror suspect and incident.

But NATGRID is far from India's only data sharing scheme. In 2009 the Cabinet Committee on Economic Affairs approved the creation and implementation of the Crime and Criminal Tracking Network & Systems (CCTNS), which would facilitate the sharing of databases among 14,000 police stations across all 35 states and Union Territories of India, excluding 6,000 police offices which are high in the police hierarchy. Rs. 2,000 crore (around USD 320 million) have been allocated for the CCTNS, which is being implemented by the National Crime Records Bureau under the national e-governance scheme. The CCTNS not only increases transparency by automating the function of police stations, but also provides the civil police with tools, technology and information to facilitate the investigation of crime and detection of criminals.

But apparently, sharing data and linking databases is not enough to track criminals and terrorists. As such, in the aftermath of the 2008 Mumbai terror attacks, the Indian government also implemented various interception systems. In September 2013 it was reported that the Indian government has been operating Lawful Intercept & Monitoring (LIM) systems, widely in secret. In particular, mobile operators in India have deployed their own LIM systems allowing for the so-called “lawful interception” of calls by the government. And possibly to enable this, mobile operators are required to provide subscriber verification to the Telecom Enforcement, Resource and Monitoring (TERM) cells of the Department of Telecommunications.

In the case of Internet traffic, the LIM systems are deployed at the international gateways of large Internet Service Providers (ISPs) and expand to a broad search across all Internet traffic using “keywords” and “key-phrases”. In other words, security agencies using LIM systems are capable of launching a search for suspicious words, resulting in the indiscriminate monitoring of all Internet traffic, possibly without court oversight and without the knowledge of ISPs.

India has also automated and centralized the interception of communications through the Central Monitoring System (CMS). This project was initially envisioned in 2009, following the 2008 Mumbai terror attacks and was approved in 2011. The CMS intercepts all telecommunications in India and centrally stores the data in national and regional databases. The CMS will be connected with the Telephone Call Interception System (TCIS) which will help monitor voice calls, SMS and MMS, fax communications on landlines, CDMA, video calls, GSM and 3G networks. Agencies which will have access to the CMS include the Intelligence Bureau (IB), the Central Bureau of Investigation (CBI), the Directorate of Revenue Intelligence (DRI), the Research and Analysis Wing (RAW) and the National Investigation Agency (NIA).

Unlike mainstream interception, where service providers are required to intercept communications and provision interception requests to law enforcement agencies, the Central Monitoring System will automate the entire process of interception. This means that the CMS authority will have centralized access to all intercepted data and that the authority can also bypass service providers in gaining such access. Once security agencies have access to this data, they are equipped with Direct Electronic Provisioning, filters and alerts on the target numbers, as well as with Call Details Records (CDR) analysis and data mining tools to identify the personal information of target numbers.

Given that roughly 73% of India's population uses mobile phones, this means that the Central Monitoring System can potentially affect about 893 million people, more than double the population of the United States! However, how is it even possible for Indian authorities to mine the data of literally millions of people? Who supplies Indian authorities with the technology to do this and what type of technology is actually being used?

India's surveillance industry

India has the world's second largest population, consisting of more than a billion people and an expanding middle class. Undoubtedly, India is a big market and many international companies aspire in investing in the country. Unfortunately though, along with everything else being imported into India, surveillance technologies are no exception.

Some of the biggest and most notorious surveillance technology companies in the world, such as ZTE, Utimaco and Verint, have offices in India. Even FinFisher command and control servers have been found in India. However, in addition to allowing foreign surveillance technology companies to create offices and to sell their products and solutions in the country, local companies selling controversial spyware appear to be on the rise too.

Kommlabs Dezign is an Indian company which loves to show off its Internet monitoring solutions at various ISS trade shows, otherwise known as “the Wiretapper's Ball”. In particular, Kommlabs Dezign sells VerbaNET, an Internet Interception Solution, as well as VerbaCENTRE, which is a Unified Monitoring Centre that can even detect cognitive and emotional stress in voice calls and flag them! In other words, Kommlabs Dezign makes a point that not only should we worry about what we text and say over our phones, but that we should also worry about what we sound like when on the phone.

Vehere is another Indian company which sells various surveillance solutions and notably sells vCRIMES, which is a Call Details Records (CDR) analysis system. VCRIMES is used to analyse and gather intelligence and to unveil hidden interconnections and relations through communications. This system also includes a tool for detecting sleeper cells through advanced statistical analysis and can analyse more than 40 billion records in less than 3 seconds.

Paladion Networks is headquartered in Bangalore, India and sells various Internet Monitoring Systems, Telecom Operator Interception Systems, SSL Interception and Decryption Systems and Cyber Cafe Monitoring Systems to law enforcement agencies in India and abroad. In fact, Paladion Networks even states in its website that its customers include India's Ministry of Information Technology and the U.S Department of Justice.

ClearTrail Technologies is yet another Indian company which not only sponsors global surveillance trade shows but also sells a wide range of monitoring solutions to law enforcement agencies in India and abroad. ComTrail is a solution for the centralised mass interception and monitoring of voice and data networks, including Gmail, Yahoo, Hotmail, BlackBerry, ICQ and GSM voice calls. Furthermore, ComTrail is equipped to handle millions of communications per day, correlating identities across multiple networks, and can instantly analyse data across thousands of terabytes.

ClearTrail also sells xTrail, which is a solution for the targeted interception, decoding and analysis of data traffic over IP networks and which enables law enforcement agencies to intercept and monitor targeted communications without degrading the service quality of the IP network. Interestingly, xTrail can filter based on a “pure keyword”, a URL/Domain with a keyword, a mobile number or even with just a user identity, such as an email ID, chat ID or VoIP ID.

Apparently, some the biggest challenges that law enforcement agencies face when monitoring communications include cases when targets operate from public Internet networks and/or use encryption. However, it turns out that ClearTrail's QuickTrail solution is designed to gather intelligence from public Internet networks, when a target is operating from a cyber cafe, a hotel, a university campus or a free Wi-Fi zone. This device can remotely deploy spyware into a target's computer and supports protocol decoding, including HTTP, SMTP, POP3 and HTTPS.

Additionally, QuickTrail can identify a target machine on the basis of metadata, such as an IP address, and can monitor Ethernet LANs in real time, as well as monitor Gmail, Yahoo and all other HTTPS-based communications. ClearTrail's mTrail is designed for the passive 'off-the-air' interception of GSM communications, including the interception of targeted calls from pre-defined suspect lists and the monitoring of SMS and protocol information. MTrail also identifies a target's location by using signal strength, target numbers, such as IMSI, TIMSI, IMEI or MSI SDN, which makes it possible to listen to the conversation of so-called “lawfully intercepted” calls in near real-time.

In short, it looks like India is reaching the top league when it comes to surveillance technologies, especially since many of its companies and their products appear to be just as scary as some of the most sophisticated spying gear sold by the West. India may be the world's largest (by population) democracy, but that means that it has a huge population with way too many opinions...and apparently, the private and public sectors in India appear to be joining forces to do something about it.

So do Indians have nothing to hide?

A very popular rhetoric in both India and the west is that citizens should not be concerned about surveillance because, after all, if they are not terrorists, they should have nothing to hide. However, privacy advocate Caspar Bowden has rightfully stated that this rhetoric is fundamentally flawed and that we should all indeed “have something to hide”. But is privacy just about “having something to hide”? Jacob Appelbaum has stated that this rhetoric is merely a psychological copying mechanism when dealing with security.

It's probably rather comforting and reassuring to think that we are not special or important enough for surveillance to affect us personally. But is that really up to us to decide? Unfortunately not. The very point of data mining is to match patterns, create profiles of individuals and to unveil hidden interconnections and relations. A data analyst can uncover more information about us than what we are even aware of and it is they who decide if our data is “incriminating” or not. Or even worse: in many cases it's up to data mining software to decide how “special” or “important” we are. And unfortunately, technology is not infallible.

The world's largest democracy, which is also one of the most corrupt countries in the world, is implementing many controversial surveillance schemes which lack transparency, accountability and adequate legal backing, and which are largely being carried out in secret. And to make matters worse, India lacks privacy legislation. Over a billion people in a democratic regime are exposed to inadequately regulated surveillance schemes, while a local surveillance industry is thriving without any checks or balances whatsoever. What will this mean for the global future of democracy?

In the 52^nd Report on Cyber Crime, Cyber Security, and the Right to Privacy – in evidence provided, the Department of Electronics and Information Technology stated “...Section 43A and the rules published under that Section cover the entire privacy in case of digital data. These are being followed by UIDAI also and other organisations...” (pg.46) [1]

This blog post explains the requirements found under Section 43A of the Information Technology Act 2000 and the subsequent Information Technology “ Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011[2] and analyses publicly available documents from the UIDAI website[3] as well as the UIDAI enrolment form[4] to demonstrate the ways in which:

• UIDAI practices are in line with section 43A and the Rules,
• UIDAI practices are not in line with section 43A and the Rules,
• UIDAI practices are partially in with section 43A and the Rules
• Where more information is needed to draw a conclusion.

Applicability and Scope

Section 43A of the Information Technology Act 2008 and subsequent Rules apply only to Body Corporate and to digital information.

Body Corporate under the Information Technology Act 2008 is defined as:

“Any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities”

UIDAI Practices - not in line: The UIDAI is not a body corporate. The UIDAI is an attached office under the aegis of the Planning Commission that was set up by an executive order.[5]

The UIDAI collects, processes, stores, and shares both digital and non-digital information. As section 43A and subsequent Rules apply only to digital information, there is not sufficient protection provided over all the information collected, processed, stored, and used by the UIDAI.

Privacy Policy on Website

Rule 4 requires body corporate to provide a privacy policy on their website. The privacy policy must include:

• Clear and easily accessible statements of its practices and policies
• Type of personal or sensitive personal data or information collected
• Purpose of collection and usage of such information
• Disclosure of information including sensitive personal information
• Reasonable security practices and procedures as provided under rule 8

UIDAI Practices - Partially in Line

• Though the UIDAI has placed a privacy policy[6] on their website, the privacy policy only addresses the use of website and does not comprehensively provide clear and accessible statements about all of the UIDAI’s practices and policies.
• The UIDAI privacy policy does not state the specific types of personal or sensitive data that could be collected, but instead states “As a general rule, this website does not collect Personal Information about you when you visit the site. You can generally visit the site without revealing Personal Information, unless you choose to provide such information.”
  
  Features on the UIDAI website that require individuals to provide personal information and sensitive personal information include: Booking an appointment, checking aadhaar status, enrolling for e-aadhaar, enrolling for aadhaar, updating aadhaar data. Types of information required for these services include: mobile number, name, address, gender, date of birth, and enrolment ID.[7]
  
  The privacy policy goes on to state:  “If you are asked for any other Personal Information you will be informed how it will be used if you choose to give it. If at any time you believe the principles referred to in this privacy statement have not been followed, or have any other comments on these principles, please notify the webmaster through the Contact Us page. Note: The use of the term "Personal Information" in this privacy statement refers to any information from which your identity is apparent or can be reasonably ascertained.”
• The UIDAI privacy policy does explain the purpose for collection of information on the website and the use of collected information.
• The UIDAI privacy policy does not address the possibility of disclosure of information collected by the UIDAI from the use of its website, except in the case of when an individual provides his/her email at which point the privacy policy states “Your e-mail address will not be used for any other purpose, and will not be disclosed without your consent.”
• The UIDAI privacy policy does not provide information about the security practices adopted by the UIDAI.

Consent

Rule 5 requires that prior to the collection of sensitive personal data, the body corporate must obtain consent, either in writing or through fax regarding the purpose of usage before collection of such information.

UIDAI Practices - in Line
The UIDAI collects written consent from individuals through the enrolment form  for the issuance of an Aadhaar number.

Collection Limitation

Rule 5 (2) requires that body corporate only collect sensitive personal data if it is connected to a lawful purpose and if it is considered necessary for that purpose.

UIDAI Practices - in Line
The Aadhaar enrolment form requires only the necessary sensitive personal data for the issuance of an Aadhaar number. Individuals are given the option to provide banking and financial information.

Notice During Direct Collection

Rule 5(3) requires that while collecting information directly from an individual the body corporate must provide the following information:

• The fact that the information is being collected
• The purpose for which the information is being collected
• The intended recipients of the information
• The name and address of the agency that is collecting the information
• The name and address of the agency that will retain the information

UIDAI Practices - Partially in Line
The Aadhaar enrolment form does not provide the following information:

• The intended recipients of the information
• The name and address of the agency collecting the information
• The name and address of the agency that will retain the information

Retention Limitation

Rule 5(4) requires that body corporate must retain sensitive personal data only for as long as it takes to fulfil the stated purpose or otherwise required under law.

UIDAI Practices - Unclear
It is unclear from publicly available information what the UIDAI retention practices are.

Use Limitation

Rule 5(5) requires that information must be used for the purpose that it was collected for.

UIDAI Practices - Unclear
It is unclear from publicly available information if the UIDAI is using collected information only for the purpose for which it was collected for.

Right to Access and Correct

Rule 5(6) requires body corporate to provide individuals with the ability to review the information they have provided and access and correct  personal or sensitive personal information.

UIDAI Practices - Partially in Line
Though the UIDAI provides individuals with the ability to access and correct personal information, as stated on the enrolment form, correction is free only if changed within 96 hours of enrolment. Additionally, as stated on the enrolment form, if an individual chooses to allow for the UIDAI to facilitate the opening of a bank account and link present bank accounts to the UID number, this information, after being provided, cannot be corrected. The UIDAI website has a portal for updating information, but only name, address, gender, data of birth, and mobile number can be updated through this method. [9]

Right to ‘Opt Out’ and Withdraw Consent

Rule 5(7) requires that body corporate must provide individuals with the option of 'opting out' of providing data or information sought. Individuals also have the right to withdraw consent at any point of time.  Body corporate has the right to withdraw services if consent is withdrawn.

UIDAI Practices - Partially in Line
The UID enrolment form provides individuals with one ‘optional’ field  - the option of having the UIDAI open a bank account and link it to the individuals UID number or having the UIDAI link present bank accounts to individuals UID number. No other option to ‘opt out’ or withdraw consent is present on the enrolment form or the UIDAI privacy policy, terms of use, or website.

Security of Information

Rule 8 requires that body corporate must secure information in accordance with the ISO  27001 standard. These practices must be audited on an annual basis or when the body corporate undertakes a significant up gradation of its process and computer resource.

UIDAI Practices - Unclear
The security practices adopted by the UIDAI are not mentioned in the website privacy policy, on the website, or on the enrolment form, thus it is unclear from publicly available information if the UID is compliant with ISO 27001 standards. Though the UIDAI has been functioning since 2010, and it is unclear from publicly available information if annual audits of the UIDAI security practices have been undertaken.

Disclosure with Consent

Rule 6 requires that body corporate must have consent before disclosing sensitive personal data to any third person or party, except in the case with Government agencies for the purpose of verification of identity, prevention, detection, investigation, including cyber incidents and prosecution and punishment of offenses, on receipt of a written request.

UIDAI Practices - Partially in Line
In the enrolment form, consent for disclosure is stated as ‘‘I have no objection to the UIDAI sharing information provided by me to the UIDAI with agencies engaged in delivery of welfare services.” This is a blanket statement and allows for all future possibilities of sharing and disclosure of information provided with any organization that the UIDAI deems as ‘engaged in the delivery of welfare services’.

The UIDAI privacy policy only addresses the disclosure of an individual’s email address with consent. Though not directly addressing disclosure, the UIDAI privacy policy also states “ We will not identify users or their browsing activities, except when a law enforcement agency may exercise a warrant to inspect the service provider's logs.”

Prohibition on Publishing and Further Disclosure

Rule 6(3) and 6(4) prohibit the body corporate from publishing sensitive personal  data or information. Similarly, organizations receiving sensitive personal data are not allowed to disclose it further.

UIDAI Practices - in Line
The UDAI does not publish sensitive personal data. It is unclear what practices and standards registrars and enrolment agencies are functioning under.

Requirements for Transfer of Sensitive Personal Data

Rule 7 requires that body corporate may transfer sensitive personal data into another jurisdiction only if the country ensures the same level of protection.

UIDAI Practices - Unclear
It is unclear from publicly available information if information collected by the UIDAI is transferred outside of India.

Establishment of Grievance Officer

Rule 5(9) requires that body corporate must establish a grievance officer and the details must be posted on the body corporates website and grievances must be addressed within a month of receipt.

UIDAI Practices - in Line
The website of the UIDAI provides details of a grievance officer that individuals can contact.[10] It is unclear from publicly available information if grievances are addressed within a month.

---

[1]. http://164.100.47.134/lsscommittee/Information%20Technology/15_Information_Technology_52.pdf

[2]. http://dispur.nic.in/itact/it-procedures-sensitive-personal-data-rules-2011.pdf

[3]. http://uidai.gov.in/

[4]. http://www.jharkhand.gov.in/marpdf/Aadhar-enrolmentform.pdf

[5]. http://uidai.gov.in/organization-details.html

[6]. http://uidai.gov.in/privacy-policy.html

[7]. http://resident.uidai.net.in/home

[8]. http://www.jharkhand.gov.in/marpdf/Aadhar-enrolmentform.pdf

[9]. https://ssup.uidai.gov.in/web/guest/ssup-home

[10]. http://uidai.gov.in/contactus.html

---

The article was published in the Indian Express on February 18, 2014

---

The age of volunteerism is officially over. The last decade of the mass adoption of the internet has been fuelled by endless human hours being spent in producing information which is the new currency of our times. The big transition to Web 2.0 began when the individual “user” became more than either an individual or the user. The individual found herself as a part of a collective, finding a voice and a community of others to belong to. Simultaneously, instead of being a passive consumer of the web, the user started producing data — blogs, videos, tweets, content management systems, online discussion boards, massively multiple online role-playing platforms, social network transactions — all of which became a part of the new Web’s widespread popularity.

Almost everything that we understand as the social web today is contingent upon people producing data in their interactions with the world around them. From knowledge producing websites like Wikipedia to entertainment platforms like YouTube, visualisation and data gathering spaces like Pinterest to photographs of self, food and cute animals on Instagram, political and social commentaries on Tumblr to Listicles and memes on Buzzfeed, the internet is a veritable smorgasbord of new information forms, formats and functions that are generated by the users.

What is possibly the most exciting about this burgeoning information universe has been the amount of free labour that goes into it, and often remains invisible. As digital labour scholar Trebor Schulz points out, the internet has become both a factory and a playground, where our leisure time is capitalised into producing work that sustains the new attention and information economies. For instance, the world’s largest social networking site, Facebook, does not produce any of its contents. It is, in fact, a system of information mining and sorting, which works as long as a growing user base continues to produce information on it. Tomorrow, if all of us stop producing Facebook, and only lurk on it, the platform will collapse. Which is why, Facebook continues to acquire new platforms and applications to be integrated into its universe.

Similarly, the real effort that goes into the sustenance of sites like Wikipedia, which has become the de facto reference for global knowledge systems, is carried out by unsung and invisible editors who patiently, meticulously, and without almost any expectation, continue to add, verify, strengthen and curate reliable information that we can use. When the non-profit organisation WikiMedia Foundation prides itself in running one of the least expensive websites in the top 10 most visited sites in the world, it is signalling its deep appreciation for the countless human hours that have made Wikipedia possible.

But, in recent years, there is noticeable stagnation in the wave of free information production on the Web. Oh, don’t get me wrong. We are producing an unprecedented amount of data — we are constantly being watched by surveillance technologies that detect biometric and genetic make-up of all our transactions, or we are inviting people to watch us on social network sites where we reveal some of our deepest secrets and desires, or we are watching ourselves, quantifying everything from things we ate to the number of hours we sleep. And yet, as we live in a world of Big Data, there is a definite decrease in people contributing to production of free information.

As the digital natives move from the web to mobile phones, traditional websites are already facing a crisis. News and media agencies that have celebrated the global citizen media networks have started realising that the individual user is more interested in local networks and information ecologies which are independent of mainstream conglomerates. And people are realising that their time and effort is worth money. They can be easily compensated for their online activities and gain reputation and importance.

The tension only becomes more palpable when people start realising that there are others who are being paid to work on the platforms that they are contributing to. We all knew that this model of depending on free information was not a sustainable one. But it seems the day has arrived, especially with the recent drives on Wikipedia to build specialised knowledge editors. In the last few months, we have seen people in the FemTechNet project — an academic activist feminist project that seeks to remind us of the intersections of feminism and technology in network societies — carry out “Wikistorming”, where students are adding pages of women’s contribution to technologies on Wikipedia. More recently, medicine students at University of Chicago have taken to correcting and adding accurate information to Wikipedia, which is often a source of health information.

Both of these are fantastic efforts to add to the platform that was the underdog that overthrew the mammoth encyclopaedia like The Encyclopaedia Britannica. We hope more specialised users in different locations, fields, disciplines and languages continue to edit and contribute to Wikipedia. However, it is also a signal that the generalist information producer is on the decline. We are transitioning into a new age, where people are going to need rewards, incentives and benefits for performing information transactions on the web. The user is no longer going to be available for free labour, and it is time we started thinking of “paid usership”.

Gautam Bhatia's blog post was originally published on Indian Constitutional Law and Philosophy Blog

---

We have seen that Gobind essentially crystallized a constitutional right to privacy as an aspect of personal liberty, to be infringed only by a narrowly-tailored law that served a compelling state interest. After the landmark decision in Gobind, Malak Singh v State of P&H was the next targeted-surveillance history-sheeter case to come before the Supreme Court. In that case, Rule 23 of the Punjab Police Rules was at issue. Its vires was not disputed, so the question was a direct matter of constitutionality. An order of surveillance was challenged by two individuals, on the ground that there were no reasonable bases for suspecting them of being repeat criminals, and that their inclusion in the surveillance register was politically motivated.  After holding that entry into a surveillance sheet was a purely administrative measure, and thus required no prior hearing (audi alteram partem), the Court then embarked upon a lengthy disquisition about the scope and limitations of surveillance, which deserves to be reproduced in full:

“But all this does not mean that the police have a licence to enter the names of whoever they like (dislike?) in the surveillance register; nor can the surveillance be such as to squeeze the fundamental freedoms guaranteed to all citizens or to obstruct the free exercise and enjoyment of those freedoms; nor can the surveillance so intrude as to offend the dignity of the individual. Surveillance of persons who do not fall within the categories mentioned in Rule 23.4 or for reasons unconnected with the prevention of crime, or excessive surveillance falling beyond the limits prescribed by the rules, will entitle a citizen to the Court’s protection which the court will not hesitate to give. The very rules which prescribe the conditions for making entries in the surveillance register and the mode of surveillance appear to recognise the caution and care with which the police officers are required to proceed. The note following R. 23.4 is instructive. It enjoins a duty upon the police officer to construe the rule strictly and confine the entries in the surveillance register to the class of persons mentioned in the rule. Similarly R.23.7 demands that there should be no illegal interference in the guise of surveillance. Surveillance, therefore, has to be unobstrusive and within bounds. Ordinarily the names of persons with previous criminal record alone are entered in the surveillance register. They must be proclaimed offenders, previous convicts, or persons who have already been placed on security for good behaviour. In addition, names of persons who are reasonably believed to be habitual offenders or receivers of stolen property whether they have been convicted or not may be entered. It is only in the case of this category of persons that there may be occasion for abuse of the power of the police officer to make entries in the surveillance register. But, here, the entry can only be made by the order of the Superintendent of Police who is prohibited from delegating his authority under Rule 23.5. Further it is necessary that the Superintendent of Police must entertain a reasonable belief that persons whose names are to be entered in Part II are habitual offenders or receivers of stolen property. While it may not be necessary to supply the grounds of belief to the persons whose names are entered in the surveillance register it may become necessary in some cases to satisfy the Court when an entry is challenged that there are grounds to entertain such reasonable belief. In fact in the present case we sent for the relevant records and we have satisfied ourselves that there were sufficient grounds for the Superintendent of Police to entertain a reasonable belief. In the result we reject both the appeals subject to our observations regarding the mode of surveillance. There is no order as to costs.”

Three things emerge from this holding: first, the Court follows Gobind in locating the right to privacy within the philosophical concept of individual dignity, found in Article 21’s guarantee of personal liberty. Secondly, it follows Kharak Singh, Malkani and Gobind in insisting that the surveillance be targeted, limited to fulfilling the government’s crime-prevention objectives, and be limited – not even to suspected criminals, but – repeat offenders or serious criminals. And thirdly, it leaves open a role for the Court – that is, judicial review – in examining the grounds of surveillance, if challenged in a particular case.

After Malak Singh, there is another period of quiet. LIC v Manubhai D Shah, in 1993, attributed – wrongly – to Indian Express Newspapers the proposition that Article 19(1)(a)’s free expression right included privacy of communications (Indian Express itself had cited a  UN Report without incorporating it into its holding).

Soon afterwards, R. Rajagopal v State of TN involved the question of the publication of a convicted criminal’s autobiography by a publishing house; Auto Shankar, the convict in question, had supposedly withdrawn his consent after agreeing to the book’s publication, but the publishing house was determined to go ahead with it. Technically, this wasn’t an Article 21 case: so much is made clear by the very manner in which the Court frames its issues: the question is whether a citizen of the country can prevent another person from writing his biography, or life story. (Paragraph 8) The Court itself made things clear when it held that the right of privacy has two aspects: the tortious aspect, which provides damages for a breach of individual privacy; and the constitutional aspect, which protects privacy against unlawful governmental intrusion. (Paragraph 9) Having made this distinction, the Court went on to cite a number of American cases that were precisely about the right to privacy against governmental intrusion, and therefore – ideally – irrelevant to the present case (Paras 13 – 16); and then, without quite explaining how it was using these cases – or whether they were relevant at all, it switched to examining the law of defamation (Para 17 onwards). It would be safe to conclude, therefore, in light of the clear distinctions that it made, the Court was concerned in R. Rajagopal about an action between private parties, and therefore, privacy in the context of tort law. It’s confusing observations, however, were to have rather unfortunate effects, as we shall see.

We now come to a series of curious cases involving privacy and medical law. In Mr X v Hospital Z, the question arose whether a Hospital that – in the context of a planned marriage – had disclosed the appellant’s HIV+ status, leading to his social ostracism – was in breach of his right to privacy. The Court cited Rajagopal, but unfortunately failed to understand it, and turned the question into one of the constitutional right to privacy, and not the private right. Why the Court turned an issue between two private parties – adequately covered by the tort of breach of confidentiality – into an Article 21 issue is anybody’s guess. Surely Article 21 – the right to life and personal liberty – is not horizontally applicable, because if it was, we might as well scrap the entire Indian Penal Code, which deals with exactly these kinds of issues – individuals violating each others’ rights to life and personal liberty. Nonetheless, the Court cited Kharak Singh, Gobind and Article 8 of the European Convention of Human Rights, further muddying the waters, because Article 8 – in contrast to American law – embodies a proportionality test for determining whether there has been an impermissible infringement of privacy. The Court then came up with the following observation:

“Where there is a clash of two Fundamental Rights, as in the instant case, namely, the appellant’s right to privacy as part of right to life and Ms. Akali’s right to lead a healthy life which is her Fundamental Right under Article 21, the RIGHT which would advance the public morality or public interest, would alone be enforced through the process of Court, for the reason that moral considerations cannot be kept at bay.”

With respect, this is utterly bizarre. If there is a clash of two rights, then that clash must be resolved by referring to the Constitution, and not to the Court’s opinion of what an amorphous, elastic, malleable, many-sizes-fit “public morality” says. The mischief caused by this decision, however, was replicated in Sharda v Dharmpal, decided by the Court in 2003. In that case, the question was whether the Court could require a party who had been accused of unsoundness of mind (as a ground for divorce under the wonderfully progressive Hindu Marriage Act) to undergo a medical examination – and draw an adverse inference if she refused. Again, whether this was a case in which Article 21 ought to be invoked is doubtful; at least, it is arguable, since it was the Court making the order. Predictably, the Court cited from Mr X v Hospital Z extensively. It cited Gobind (compelling State interest) and the ECHR (proportionality). It cited a series of cases involving custody of children, where various Courts had used a “balancing test” to determine whether the best interests of the child overrode the privacy interest exemplified by the client-patient privilege. It applied this balancing test to the case at hand by balancing the “right” of the petitioner to obtain a divorce for the spouse’s unsoundness of mind under the HMA, vis-à-vis the Respondent’s right to privacy.

In light of the above analysis, it is submitted that although the outcome in Mr X v Hospital Z and Sharda v Dharmpal might well be correct, the Supreme Court has misread what R. Rajagopal actually held, and its reasoning is deeply flawed. Neither of these cases are Article 21 cases: they are private tort cases between private parties, and ought to be analysed under private law, as Rajagopal itself was careful to point out. In private law, also, the balancing test makes perfect sense: there are a series of interests at stake, as the Court rightly understood, such as certain rights arising out of marriage, all of a private nature. In any event, whatever one might make of these judgments, one thing is clear: they are both logically and legally irrelevant to the Kharak Singh line of cases that we have been discussing, which are to do with the Article 21 right to privacy against the State.

As it noted in the NTIA's press release:

NTIA’s responsibility includes the procedural role of administering changes to the authoritative root zone file – the database containing the lists of names and addresses of all top-level domains – as well as serving as the historic steward of the [Domain Name System (DNS)]. NTIA currently contracts with [the Internet Corporation for Assigned Names and Numbers, ICANN] to carry out the Internet Assigned Numbers Authority (IANA) functions and has a Cooperative Agreement with Verisign under which it performs related root zone management functions. Transitioning NTIA out of its role marks the final phase of the privatization of the DNS as outlined by the U.S. Government in 1997.

This move was welcomed by "Internet technical leaders".

While this announcement cannot be said to be unexpected, it is nonetheless an important one and is also a welcome one. The NTIA seems to have foreclosed any option of the US government's role being performed by any government-led organization by noting in their press release, "NTIA will not accept a proposal that replaces the NTIA role with a government-led or an inter-governmental organization solution," once again reaffirming their belief in American exceptionalism: the NTIA could fulfil its role despite being a government, but now even a body involving multiple stakeholders can't replace the NTIA's role if it is going to be government-led.

Unfortunately, this announcement to relax American "stewardship" or "oversight" over some aspects of the Internet's technical functioning cannot restore the trust that has been lost due to actions taken by the US government and US companies. This new announcement won't change the US government's ability to 'tap' the Internet, nor will it affect their ability to unilaterally seize .com/.net/.name/.org/.edu/.tv/.cc/.us and other US-based domain names. Nor will a shift away from NTIA oversight lead to any of the chilling visions that some believe might lie in our future: the fears of the Association of National Advertisers and of some politicians and members of the US Congress is based on ignorance of what NTIA's role is.

The European Commission in a communiqué last month noted: "recent revelations of large-scale surveillance have called into question the stewardship of the U.S. when it comes to Internet governance". Unfortunately, the U.S. giving up that stewardship role will not prevent the continuation of their large-scale surveillance, just as the lack of such a stewardship role has not prevented other governments — U.K., India, Canada, Sweden, France, etc. — from engaging in large-scale surveillance.

There are three main benefits from the U.S. giving up this role.

• First, it will put an end to the political illegitimacy of the U.S. government having a core authority in a global system, somehow making it first among equals;

• Second, will focus light on ICANN, which under US oversight performs the IANA functions, and might, one hopes, lead to needed reform in ICANN's other functions;

• Third, it will allow us to collectively move on from this dreaded political issue at the heart of Internet governance, which nevertheless is of little practical consequence if ICANN's accountability mechanisms are strengthened. As difficult as it may be, ICANN has to be accountable not just to one government or another but to the world, and ensuring that accountability to all doesn't become accountability to none, as NetChoice's Steve DelBianco put it, is the formidable task ahead of us.
  

Yet, all the ICANN reform in the world will still not lead to a less spied-upon, more open, and more equitable Internet.

The principle behind net-neutrality, simply put, is that the data being transmitted to and from the user should be treated equally, i.e. that data carriage, at the level of ISP’s, should be ‘dumb’. This would mean that internet service providers cannot discriminate between different data based on the content of the data. Without the principle of net-neutrality being followed, ISP’s would become the ‘internet gatekeepers’, choosing what data gets to reach the end-user and how. There are many arguments for favouring or disfavouring net-neutrality, however, advocates of privacy on the internet should be wary of the possible implications of endorsing a non-neutral internet and allowing greater network management by ISP’s. So, how does the net-neutrality debate affect privacy?

It all depends upon what kind of network management ISP’s employ. Deep Packet Inspection (DPI) is a method of data inspection which allows the network manager to scrutinize data at the application level, and in real time. As compared to shallow packet inspection, which identifies based on headers like IP addresses or protocols like TCP and UDP, which are analogous to envelopes on a letter, DPI would be akin to having access to the contents. DPI-based network management can identify the programs, software and applications being used, and what they are being used for in real time. Unlike any ordinary online service provider ISP’s are in the unique position of having comprehensive access to all of their customers’ data. Allowing DPI-based network management for prioritizing certain data or applications, an almost certain outcome if net-neutrality is weakened, would mean that ISP’s would be able to intercept and scrutinize any and all user data, which would reveal substantial information about the user, and would be a serious blow to privacy. While DPI can have several benefits in its application (such as finding and fighting malware or viruses), but where it is used, must be for a targeted and legitimate aim. Even where DPI is not used, if network discrimination is allowed, based on a user-to-user basis it would require inspecting the IP addresses of the user, which can also be a problematic intrusion of privacy, especially since the ISP also has other data like addresses and names of users which it can use to identify them.

Privacy may not necessarily be affected through non-neutral internet systems, but in all probability, with the growth of systems like the DPI and commercial incentives for “gatekeeper ISP’s” who are in a position to profit greatly from an ability to scrutinize and discriminate between data, it is likely that it will. In India, though government ISP’s like MTNL and BSNL deny using DPI,[1] it’s likely that it is still applied by others, and that the government is aware of this (http://www.theinquirer.net/inquirer/news/2161541/indian-isps-block-104-websites). Even as the TRAI advocates and supports net-neutrality, Indian ISP’s seem to be heading the other way.[2] Before the trend becomes the norm, it’s high time for a comprehensive discussion about how policies should be framed for keeping the internet a more neutral, and more private, space.

---

References

1. Apar Gupta, TRAI(ing) to keep it neutral, http://www.iltb.net/2010/09/traiing-keep-it-neutral/
2. For a lay discussion on Deep Packet Inspection and net-neutrality, visit http://arstechnica.com/gadgets/2007/07/deep-packet-inspection-meets-net-neutrality/

Even as the Central Government prepares the Central Monitoring System for the unrestricted monitoring of all personal communication, the Department of Telecom has issued new guidelines for Telecom Service Providers to assist in responding to requests for interception and monitoring of communications from security agencies.

These guidelines do not appear to be publicly accessible, but according to news items, under the “Standard Operating Procedures for Lawful Interception and Monitoring of Telecom Service Providers”, the TSP’s must now provide for lawful interception and monitoring requests for voice calls, Short message Service (SMS), General Packet Radio Service (GPRS) and Value Added Service (VAS) including Multi Message Service (MMS), data and voice in 3G/4G/Long Term Evolution (LTE) including video call or Voice Over Internet protocol (VoIP). This move comes just days after the Home Ministry suggested that the Department of Telecom either change the rules under their Telecom Policies such as the Unified Access Service Licence (UASL) to include VoIP monitoring, or, drastically, block all VoIP services on the internet, which would include several communication applications including Skype and GTalk. (See the article published by Economic Times).

The guidelines will supposedly also provide for some basic safeguards to ensure that non-authorized interception does not take place, such as ensuring that the interception is only to be provided by the Chief Nodal Officer of a TSP and only upon the issue of an order by the Home Secretary at the Central or State Government. Furthermore, these requests must only be in written, in untampered and sealed envelopes with no overwriting, etc. and bearing the order number issued by the concerned Secretary, with the date of the order. However, in exigent circumstances the order may be provided by email, provided that the physical copy is sent within two days of the order, else the interception order must be terminated. Inquiry processes are detailed under the new SOP’s which can verify whether the request was in original and addressed to the Nodal Officer and from which designated security agency it was issued, and can also verify the issue of an acknowledgment of compliance of the order by the TSP within two days of its receipt. The new guidelines also clarify the issue of interception of roaming subscribers by the State Government where the subscriber is registered. According to the guidelines, an order by the government of the state where such a caller has registered is sufficient and does not need vetting by the Home Secretary at the centre.

Notwithstanding the additional “safeguards” against unlawful or unauthorized interception, the message to take away from these guidelines is the Government’s continued efforts to expand its surveillance regime to comprehensively monitor every action and every communication at its whim. These requests for monitoring, undertaken by “security agencies” which include taxation agencies and the SEBI, are flawed not merely because of the possibility of “unauthorized” interception, rather because the legal basis of the interception is vague, broad and widely susceptible to misuse, as the recent “snoopgate” allegations against the Gujarat government have shown. (See the article published by the Hindu).

The current regime, based on a wide interpretation of Section 5(2) of the Indian Telegraph Act and the telecom policies of the Department of Telecom, do not have adequate safeguards for preventing misuse by those in power – such as the requirement of reasonable suspicion or a warrant. Without a sound legal basis for interception, which protects the privacy rights of individuals, any additional safeguards are more or less moot, since the real threat of intrusive surveillance and infringing of basic privacy exists regardless of whether it is done under the seal of the Home Secretary or not.

---

Resources

1. http://cis-india.org/internet-governance/resources/rule-419-a-indian-telegraph-rules-1951
2. http://www.thehindu.com/news/national/centre-issues-new-guidelines-for-phone-interception/article5559460.ece

---

Read the original published in the Economic Times on March 14, 2014

---

Activists have five main concerns.

1. Facebook has a track record of not keeping its promises to users.
2. The ethos of both companies when it comes to privacy is diametrically opposite.
3. The probability that WhatsApp messages and content will be intercepted because of Facebook's participation in NSA's PRISM spying programme.
4. Facebook slurping WhatsApp's large repository of phone numbers.
5. Two hundred trackers already monitor your internet use when you are not using Facebook and now they tracking mobile use much more granularly. This week the Indian competition regulator (CCI) also told the media that the acquisition would be subject to scrutiny. However, unlike the US regulator the Indian regulator does not have the mandate to examine the acquisition from a privacy perspective.

LIRNEAsia research in Indonesia paints a very similar picture to one we have in India. When Indonesian mobile phone users were asked if they used Facebook they answered in affirmative. Then the very same users were asked if they used the internet and they replied in negative. A large number of Facebook users in these other similar economies are trapped within what are called "walled gardens."

Walled gardens allow mobile phone subscribers without data connections to get access to a single over-the-top service provider like Facebook because their telcom provider has an arrangement. Software such as Facebook on every phone makes it possible for feature phone users to also enter the walled garden.

According to Facebook it "is a fast and easyto-use native app that works on more than 3,000 different types of feature phones from almost every handset manufacturer that exists today."

Unlike North American and European users of Facebook - who freely roam the "world wild web" and then choose to visit Facebook when they want to many Indian users will first experience data services in a domesticated fashion within a walled garden.

Whether or not they will wander in the wild when they are have full access to the internet remains to be seen. But given our poor rates of penetration, dogmatic insistence on network neutrality at this early stage of internet adoption may not be the right way to maximise welfare and consumer interest.

Fortunately for Facebook and unfortunately for us, India still does not have a comprehensive data protection or horizontal privacy law. The Justice AP Shah Committee that was constituted by the Planning Commission in October 2012 recommended that the Privacy Act articulate national privacy principles and establish the office of the Privacy Commissioner. It further recommended that data protection and surveillance be regulated for both the private sector and the state.

Since then the Department of Personnel and Training has updated the draft bill to implement these recommendations and has been working towards consensus within government.

Since we still don't have our own privacy regulator we will have to depend on foreign data protection authorities and privacy commissioners to protect us from the voracious appetite for personal data of over-the-top service providers like Facebook This is woefully insufficient because they will not act on harm caused to Indian consumers or be aware of how Facebook acts differently in the Indian market.

As we approach the first general election in India when social media will play a small but influential role it would have been excellent if we had someone to look out for our right to privacy.

The article was published in Index on Censorship in August 2012. This is an unedited version of the article.

---

In a matter of three days, in August 2012, India’s central government ordered internet service providers to block around 309 pieces of online content – mostly individual web pages, YouTube videos and Facebook groups. The blocking orders came days after people originally from north-eastern India living in Bangalore began fleeing the city in fear of attack. Rumours that some Muslims in the city were planning violence in retaliation for recent clashes between the indigenous Bodo tribe and Muslim settlers in Assam spread quickly via text messages and through the media. The Nepali migrant community in Bangalore also received text messages from their families, warning them that they might be mistaken for north-eastern Indians and also be targeted. Indian Railway, catering to the huge demand, organised special trains to Assam for the crowds of people.

Freedom of speech is enshrined in the Constitution of India, which came into force in 1952, and specifically in Article 19(1)(a), which guarantees that ‘all citizens shall have the right to freedom of speech and expression’. While in the United States, it wasn’t until the 1920s that the Supreme Court struck down a law or governmental action on freedom of speech grounds, in India, just one year after the constitution was adopted, government actions against both left- and right-wing political speech were struck down for violating Article 19(1)(a). Enraged, the Congress government then amended Article 19, expanding the list of restrictions to the right to free expression. These included speech pertaining to ‘friendly relations with foreign states’, ‘public order’ and ‘incitement to an offence’. In 1963, in response to the 1962 war with China, the ‘sovereignty and integrity of India’ was also added, taking the number of categories of permissible restrictions up to eight. While the constitution categorically stipulates that no further restrictions should be imposed, courts have on occasion added to the list (privacy, for instance) through judicial interpretation without explicitly stating that they are doing so. Comparisons are often drawn between the constitution’s ‘reasonable restrictions’ and the categorical prohibition enshrined in the US Constitution’s First Amendment: ‘Congress shall make no law … abridging the freedom of speech, or of the press’ – a meaningless comparison as there are indeed many categories of speech that are seen as being protected under the US constitution and even speech that is protected may be restrained in a number of ways.

Today, there are a number of laws that regulate freedom of speech in India, from the Indian Penal Code (IPC), the Victorian legislation meant to codify crimes, to the Information Technology Act, which was amended in 2008 and in some cases makes behaviour that is perfectly legal offline into a criminal activity when online.

Sedition and social harmony

The Indian Penal Code criminalises sedition; speech intended to cause enmity between communities; speech intended to ‘outrage religious feelings of any class’; selling, singing or displaying anything obscene; and defamation. It also prohibits ‘causing someone, by words or gestures, to believe they’re the target of divine displeasure’. Each of these provisions has been misused, as there are indeed many catagories of speech that are not seen as being protected under thw US constitution, and even speech that is protected may be restrained in a number of ways.

In recent years, sedition charges have been brought against human rights activists (Binayak Sen and Arundhati Roy), journalists (Seema Azad), cartoonists (Aseem Trivedi) and protesters (thousands of villagers in Koodankulam and neighbouring villages who demonstrated against a nuclear reactor in their area). It is usually the higher judiciary that dismisses such cases, while the lower judiciary seems to be supplicant to the bizarre claims of government, the police and complainants. Similarly, the higher judiciary has had to intervene in cases where books and films have been banned for ‘causing enmity between communities’ or for intentionally hurting the sentiments of a religious group.

Of the last six books banned by the Maharashtra government, all but one (RV Bhasin’s Islam: A Concept of Political World Invasion by Muslims) have been overturned by the Mumbai High Court. In one case, the court criticised the government for using a violent protest (organised by the Sambhaji Brigade, one of many right-wing political groups that frequently stage demonstrations) as reason enough for banning an academic book on the Maratha king Shivaji. In its decision, the judge pointed out that it is the government’s job to provide protection against such violence. Given India’s history of communal violence there is indeed a need for the law to address incitement to violence – but these laws should be employed at the actual time of incitement, not after the violence has already taken place. But, as recent events have shown, the government is willing to censor ‘harmful’ books and films and less likely to take action against individuals who incite violence during demonstrations.

Online speech and the law

There are regular calls for the government to introduce legislation that deals specifically with online behaviour, despite the fact that the vast majority of the laws regarding sedition and social harmony apply online as well as offline. One example is the recent move to introduce amendments to the Indecent Representation of Women Act (1986) so that it applies to ‘audiovisual media and material in electronic form’.

But the government’s attempts to control online speech began long before the introduction of any internet-specific legislation. Indeed, when state-monopoly internet service provider VSNL censored content, it did so under the terms of a contract it had entered with its customers, not under any law. In 1998, a mailing list called Middle East Socialist Network was blocked on national security grounds. In 1999, Pakistani newspaper Dawn’s website was blocked during the Kargil conflict. In both of the latter cases, the government relied on the Indian Telegraph Act (1885) to justify its actions, though that act contains no explicit provisions for such censorship.

In 2000, the Information Technology (IT) Act was passed and the Indian Computer Emergency Response Team (CERT-In) was created, which (unlawfully) assumed the role of official online censor. Importantly, while the IT Act did
make the publication of obscene content online illegal (though it already was under the IPC), it did not grant permission for authorities to block websites. Despite this, an executive order passed on 27 February 2003 granted CERT-In the power to block. Had this been challenged in a court, it may well have been deemed unconstitutional since, in the absence of a statutory law, an executive order cannot reverse the freedom granted under Article 19. And although the telecommunications sector in India was being liberalised around this time, as part of their licence agreements, all internet service providers (ISPs) have to agree to block links upon being requested to do so by the government. In 2008, when the IT Act was amended, it clearly stated that the government can block websites not only when it deems it necessary to do so but also when it is deemed expedient in relation to matters of public interest, national security and with regard to maintaining friendly relations with foreign states. The power to block does not, however, extend to obscenity or defamation offences. At the same time, further categories of speech crimes were introduced, along with other new offences, including the electronic delivery of ‘offensive messages through communication services’ or anything ‘for the purpose of causing annoyance or inconvenience’. This has often been abused, including by the chief minister of West Bengal, who issued proceedings against a professor for forwarding an email containing a cartoon that mocked him. Under this draconian and unconstitutional provision, the police do not need an arrest warrant and the punishment can be as much as three years’ imprisonment, longer than even the punishment for causing death by negligence. The amendment also granted the government extensive powers to monitor and intercept online speech and data traffic, greatly extending the powers provided under colonial laws such as the Indian Telegraph Act (1885). As legislation has been introduced, the penalties for online offences have increased significantly. For example, the penalty for the first-time publication of an obscene ebook is up to five years in prison and a 1,000,000 rupee (US$18,800) fine, compared with two years’ imprisonment and a 2,000 rupee (US$38) fine as stipulated in the IPC for publishing that same material in print version. New laws introduced in 2009 pertain specifically to blocking (section 69a), interception, decryption and monitoring (69 and 69b) and are in accordance with the constitution. However, the amendments were brought in without any attempt at transparency or accountability.

Power in the hands of intermediaries

In April 2011, despite critical submissions received during its public consultation, the government announced new ‘intermediary guidelines’ and ‘cyber cafe rules’, both of which have adverse effects on freedom of expression. The rules, which were issued by the Department of Information and Technology (DIT), grant not only the government but citizens significant powers to censor the internet. They require all intermediaries – companies that handle content, including web hosts, telecom companies, domain name providers and other such intermediaries – to remove ‘disparaging’ content that could ‘harm minors in any way’. They prohibit everything from jokes (if the person sharing the joke does not own copyright to it) to anything that is disparaging. In a recent case, in December 2011, thousands of people used the hashtag #=IdiotKapilSibal on Twitter to criticise the minister of communications and information technology, Kapil Sibal, who had requested that officials from Google, Microsoft, Yahoo! and Facebook in India pre-screen online content. These guidelines and rules are badly drafted and unconstitutional, as they go beyond the limits allowed under Article 19 in the constitution. And do so in a manner that lacks any semblance of due process and
fairness. They are inconsistent with offline laws, too: for example, because the guidelines also refer to gambling, the government of Sikkim can publish advertisements for its PlayWin lottery in newspapers but not online. It’s far easier to persuade officials to remove online material than it is to persuade them to remove books from a bookstore or artwork from a gallery. Police are only empowered to seize books if the government or a court has been persuaded that it violates a law and issues such an order. This fact is always recorded, in government or legal records, police files or in the press. By contrast, web content can be removed on the basis of one email complaint; intermediaries are required to ‘disable’ the relevant content within 36 hours of the complaint. A court order is not required, nor is there a requirement to notify the owner of the content that a complaint has been received or that material has been removed. The effect is that of almost invisible censorship.

This assertion – that it only takes one complaint – may seem far-fetched. But a researcher from the Centre for Internet and Society sent complaints to several intermediaries on a number of occasions, resulting in content being removed in a majority of cases. If intermediaries choose not to take action, they risk losing their immunity against punishment for content. In essence, the law is the equivalent of punishing a post office for the letters that people send via the postal service.

The amendments were brought in without any attempt at transparency or accountability

In 1984, Indira Gandhi was forced to sue Salman Rushdie for defamation in a London court in order to ensure one sentence was expurgated from his novel Midnight’s Children. Today Gandhi wouldn’t need to win a lawsuit against publishers. She would merely have to send a complaint to websites selling the book and it would have to be removed from sale. It is easier to block Akbari.in – the online newspaper run by Vinay Rai, who filed a criminal complaint against multiple internet companies in December 2011 for all manner of materials – than it is to prevent its print publication. There is no penalty for frivolous complaints, such as those sent by researchers from the Centre for Internet and Society, nor is there any requirement for records to be kept of who has removed what. Such great powers of  censorship without any penalties for abuse of these powers are a sure-fire way of moving towards greater intolerance, with the internet – that republic of opinions and expressions – being a casualty.

Censorship outside the law

Since 2011, governments and private companies alike have increasingly engaged in internet censorship. In April 2011, in response to a right to information request, the DIT released a list of 11 websites that had been officially blocked under the IT Act since 2009, when the amended act came into force. But, according to a recent Google Transparency Report, government requests for the removal of material far exceeds that number. The report reveals that the government (including state governments) requested that Google remove 358 items from January 2011 to June 2011. Of this number, only eight were considered to be hate speech and only one item was related to concerns over national security. The remaining material, 255 items (71 per cent of all requests), was taken down because of ‘government criticism’. Criticism of the government is protected under the country’s constitution but, nonetheless, Google complied with take-down requests 51 per cent of the time. It’s clear, then, that governmental censorship is far more widespread than officially acknowledged.

In July 2011, Reliance Entertainment obtained a ‘John Doe’ order to protect its intellectual property rights with regard to its film Singham, which was scheduled for release that month. The order prohibited both online and offline  infringement of copyright for the film and was sent to a number of ISPs, which then blocked access to file-sharing websites, even though there was no proof of the film having been available on any of them. According to Reliance Entertainment, they merely asked ISPs ‘not to make the film available’ on their networks, even though the order did not authorise it. But a right to information request pertaining to a similar case dealing with the distribution of the film Dhammu showed that the entertainment company’s lawyers had in fact asked for dozens of websites – not just deep-link URLs to infringing content – to be blocked, despite publicly claiming otherwise. If web users encountered any information at all about why access to the sites was blocked, it was that the Department of Telecom had ordered the blocking, which was plainly untrue. In February 2012, following a complaint from the Indian Music Industry (a consortium of 142 music companies), the Calcutta High Court ordered 387 ISPs to block 107 websites for music piracy. At least a few of those, including Paktimes.com and Filmicafe.com, were general interest entertainment sites. The most famous of these sites, Songs.pk, re-emerged shortly after the block as Songspk.pk, highlighting the pointlessness of the block. And outside the realm of copyright, in December 2011, the domain name CartoonsAgainstCorruption.com was suspended based on an unlawful complaint from the Mumbai police requesting its suspension, despite there being no powers for them to do so under any law.

Between August and November 2011, the DIT also went to great efforts to compel big internet companies including Indiatimes, Facebook, Google, Yahoo!, and Microsoft, to ‘self-regulate’. This revealed the department’s desire to gain ever greater powers to control ‘objectionable’ content online, effectively bypassing the IT Act. It’s obvious, too, that by encouraging internet companies to ‘self-regulate’ the government will avoid embarrassing statistics such as those revealed by Google’s Transparency Report.

New dangers

A way forward, at least for internet-specific laws, could be to rekindle the Cyber Regulations Advisory Committee – a multi-stakeholder committee required by the IT Act – and to practise at home what we preach abroad on matters of internet governance: the value of a multi-stakeholder system, which includes industry, academia and civil society and not just governments. The idea of a multi-stakeholder framework has gained prominence since it was placed at the core of the ‘Declaration of Principles’ at the first World Summit on Information Society in Geneva in 2003. It has also been at the heart of India’s pronouncements at the Internet Governance Forum and the India-Brazil-South Africa Dialogue Forum. The Internet Governance Division, which formulates the country’s international stance on internet governance, has long recognised that these decisions must be taken in an open and collaborative manner. It is time the DIT’s Cyber-Law and ESecurity Group, which formulates the country’s national stance on the internet, realises the same.

Freedom of speech means nothing in a democratic society if it does not allow everyone to speak. Despite the internet being a very elite space, the number of people who have used it to express themselves since its introduction in India in 1994 is vast, especially when compared to the number of people in India who have expressed themselves in print since 1947 when the country won its independence. Online speech is indeed a big shift from edited and usually civil discussions in the world of print media. Perhaps this gives us some indication of why there is some support among the mass media for government regulations on speech. Too many discussions of online speech laws in India descend into arguments about the lack of civility online. However, the press – and all of us – would do well to remember that civility and decency in speech, while desirable in many contexts, cannot be the subject of legislation. But in India, the greatest threat to freedom of expression is not a government clampdown on dissent but threats from political and corporate powers with a range of tools at their disposal, including fostering a climate of selfcensorship. The government has passed bad laws that have given way to private censorship. And many of these laws are simply a result of gross ineptitude.

We cannot take sufficient comfort in the fact that, in India, censorship is limited and nowhere on the scale that it is in China or Iran. It is crucial that, from a legal, cultural and technological standpoint we do not open the door for further censorship. And currently, we are failing.

---

Pranesh Prakash is Policy Director at the Centre for Internet and Society in Bangalore. Part of this article appeared in a blog by the author on the centre’s website, cis-india.org, in January 2012

---

Note: After obtaining a copy of the leaked Privacy Bill 2014, we have replaced the blog "An Analysis of the New Draft Privacy Bill" which was based off of a report from the Economic Times, with this blog post.

---

This represents the third leak of potential privacy legislation for India that we know of, with publicly available versions having leaked in April 2011 and September 2011.

When compared to the September 2011 Privacy Bill, the text of the 2014 Bill includes a number of changes, additions, and deletions.  Below is an outline of significant changes from the September 2011 Privacy Bill to the 2014 Privacy Bill:

• Scope: The 2014 Bill extends the right to Privacy to all residents of India. This is in contrast to the 2011 Bill, which extended the Right to Privacy to citizens of India.  The 2014 Bill furthermore recognizes the Right to Privacy as a part of Article 21 of the Indian Constitution and extends to the whole of India, whereas the 2011 Bill did not explicitly recognize the Right to Privacy as being a part of Article 21, and excluded Jammu and Kashmir from its purview.
• Definitions: The 2014 Bill includes a number of new definitions, redefines existing terms, and deletes others.
  

Terms that have been added in the 2014 Bill and the definitions

1. Personal identifier: Any unique alphanumeric sequence of members, letters, and symbols that specifically identifies an individual with a database or a data set.
2. Legitimate purpose: A purpose covered under this Act or any other law for the time being in force, which is certain, unambiguous, and limited in scope for collection of any personal data from a data subject.
3. Competent authority : The authority which is authorized to sanction interception or surveillance, as the case may be, under this Act or rules made there under or any other law for the time being in force.
4. Notification: Notification issued under this Act and published in the Official Gazette
5. Control : And all other cognate forms of expressions thereof, means, in relation to personal data, the collection or processing of personal data and shall include the ability to determine the purposes for and the manner in which any personal data is to be collected or processed.
6. Telecommunications system: Any system used for transmission or reception of any communication by wire, radio, visual or other electromagnetic means but shall not include broadcasting services.
7. Privacy standards: The privacy standards or protocols or codes of practice.  developed by industry associations.

Terms that have been re-defined in the 2014 Bill from the 2011 Bill and the 2014 Bill definitions

1. Communication data:The data held or obtained by a telecommunications service provider in relation to a data subject including the data usage of the telecommunications
2. Data subject : Any living individual, whose personal data is controlled by any person
3. Interception: In relation to any communication in the course of its transmission through a telecommunication system, any action that results in some or all of the contents of that communication being made available, while being transmitted, to a person other than the sender or the intended recipient of the communication.
4. Person: Any natural or legal person and shall include a body corporate, partnership, society, trust, association of persons, Government company, government department, urban  local body, or any other officer, agency or instrumentality of the state.
5. Sensitive personal data: Personal data relating to: (a) physical and mental health including medical history, (b) biometric, bodily or genetic information, (c) criminal convictions (d) password, (e) banking credit and financial data (f) narco analysis or polygraph test data, (g) sexual orientation.  Provided that any information that is freely available or accessible in public domain or to be furnished under the Right to Information Act 2005 or any other law for time being in force shall not be regarded as sensitive personal data for the purposes of this Act.
6. Individual: a resident of Indian
7. Covert surveillance: covert Surveillance" means obtaining private information about an individual and his private affairs without his knowledge and includes: (i) directed surveillance which is undertaken for the purposes of specific investigation or specific operation in such a manner as is likely to result in the obtaining of private information about a person whether or not that person was specifically identified in relation to the investigation or operation; (ii) intrusive surveillance which is carried out by an individual or a surveillance device  in relation to anything taking place on a residential premise or in any private vehicle. It also covers use of any device outside the premises or a vehicle wherein it can give information of the same quality and detail as if the device were in the premises or vehicle; (iii) covert human intelligence service which is information obtained by a person who establishes or maintains a personal or other relationship with an individual for the covert purpose of using such a relationship to obtain or to provide access to any personal information about that individual
8. Re-identify: means the recovery of data from an anonymised data, capable of identifying a data subject whose personal data has been anonymised;
9. Process: “process" and all other cognate forms of expressions thereof, means any operation or set of operations, whether carried out through automatic means or not by any person or organization, that relates to:(a) collation, storage, disclosure, transfer, updating, modification, alteration or use of personal data; or (b) the merging, linking, blocking, degradation or anonymisation of personal data;
10. Direct marketing: Direct Marketing means sending of a commercial communication to any individual
11. Data controller:  any person who controls, at any point in time, the personal data of a data subject but shall not include any person who merely provides infrastructure for the transfer or storage of personal data to it data controller;
12. Government: the Central Government or as the case may be, the State Government and includes the Union territory Administration, local authority or any agency and instrumentality of the Government;

Terms that have been removed from the 2014 Bill that were in the 2011 Bill and the 2011 definition:

1. Consent: Includes implied consent
2. Maintain: Includes maintain, collect, use, or disseminate.
3. Data processor: In relation to personal data means any person (other than the employee of the data controller), who processes the data on behalf of the data controller.
4. Local authority: A municipal committee, district board, body of port commissioners, council, board or other authority legally entitled to, or entrusted by the Government with, the control or management of a municipal or local fund.
5. Prescribed: Prescribed by rules made under this Act.
6. Surveillance: Surveillance undertaken through installation and use of CCTVs and other system which capture images to identify or monitor individuals (this was removed from the larger definition of surveillance.)
7. DNA: Cell in the body of an individual, whether collected from a cheek, cell, blood cell, skin cell or other tissue, which allows for identification of such individual when compared with other individual.

Terms that have remained broadly (with some modification) the same between the 2014 Bill and 2011 Bill (as per the 2014 Bill definition):

1. Authority: The Data Protection Authority of India
2. Appellate tribunal: the Cyber Appellate Tribunal established under Sub-Section (1) of section n48 of the Information Technology Act, 2000.
3. Personal data: Any data which relates to a data subject, if that data subject can be identified from that data, either directly or indirectly, in conjunction with other data that the data controller has or is likely to have and includes any expression of opinion about such data subject.
4. Member: Member of the Authority
5. Disclose: and all other cognate forms of expression thereof, means disclosure, dissemination, broadcast, communication, distribution, transmission, or make available in any manner whatsoever, of personal data.
6. Anonymised: The deletion of all data that identifies the data subject or can be used to identify the data subject by linking such data to any other data of the data subject, by the data controller.

• Exceptions to the Right to Privacy: According to the 2011 Bill, the exceptions to the Right to Privacy included:

1. Sovereignty, integrity and security of India, strategic, scientific or economic interest of the state
2. Preventing incitement to the commission of any offence
3. Prevention of public disorder or the detection of crime
4. Protection of rights and freedoms of others
5. In the interest of friendly relations with foreign state
6. Any other purpose specifically mentioned in the Act.

The 2014 Bill reflects almost all of the exceptions defined in the 2011 Bill, but removes ‘detection of crime’ from the list of exceptions. The 2014 Bill also qualifies that the application of each exception must be adequate, relevant, and not excessive to the objective it aims to achieve and must be imposed on the manner prescribed – whereas the 2011 Bill stated only that the application of exceptions to the Right to Privacy cannot be disproportionate to the purpose sought to be achieved.

• Acts not to be considered deprivations of privacy:  The 2011 Bill lists five instances that  will not be considered a deprivation of privacy  - namely

1. For journalistic purposes unless it is proven that there is a reasonable expectation of privacy,
2. Processing data for personal or household purposes,
3. Installation of surveillance equipment for the security of private premises,
4. Disclosure of information via the Right to Information Act 2005,
5. And any other activity exempted under the Act.

The 2014 limits these instances to:

1. The processing of data purely for personal or household purposes,
2. Disclosure of information under the Right to Information Act 2005,
3. And any other action specifically exempted under the Act.

• Privacy Principles:  Unlike the 2011 Bill, the 2014 Bill defines nine specific privacy principles: notice, choice and consent, collection limitation, purposes limitation, access and correction, disclosure of information, security, openness, and accountability. The Privacy Principles will apply to all existing and evolving practices.

• Provisions for Personal Data: Both the 2011 Bill and the 2014 Bill have provisions that apply to the processing of personal and sensitive personal data. The 2011 Bill includes provisions addressing the:

1. Collection of personal data,
2. Processing of personal data,
3. Data quality,
4. Provisions relating to sensitive personal data,
5. Retention of personal data,
6. Sharing (disclosure) of personal data,
7. Security of personal data,
8. Notification of breach of security,
9. Access to personal data by data subject,
10. Updation of personal data by data subject
11. Mandatory processing of data,
12. Trans border flows of personal data.

Of these, the 2014 Bill broadly (though not verbatim) reflects the 2011 Bill provisions relating to the:

1. Collection of personal data,
2. Processing of personal data,
3. Access to personal data,
4. Updating personal data
5. Retention of personal data
6. Data quality,

The 2014 Bill has further includes provisions addressing:

1. Openness and accountability,
2. Choice,
3. Consent,
4. Exceptions for personal identifiers.

The 2014 Bill has made changes to the provisions addressing:

1. Provisions relating to sensitive personal data,
2. Sharing (disclosure of personal data),
3. Notification of breach of security,
4. Mandatory processing of data
5. Security of personal data
6. Trans border flows of personal data.

The changes that have been made have been mapped out below:

Provisions Relating to Sensitive Personal Data: The 2011Bill and 2014 Bill both require authorization by the Authority for the collection and processing of sensitive personal data. At the same time, both Bills include a list of circumstances under which authorization for the collection and processing of sensitive personal data is not required. On the whole, this list is the same between the 2011 Bill and 2014 Bill, but the 2014 Bill adds the following circumstances on which authorization is not needed for the collection and processing of sensitive personal data:

1. For purposes related to the insurance policy of the individual if the data relates to the physical or mental health or medical history of the individual and is collected and processed by an insurance company.
2. Collected or processed by the Government Intelligence agencies in the interest of the sovereignty, integrity, security or the strategic, scientific or economic interest of India.

The 2014 Bill also allows the Authority to specify additional regulations for sensitive personal data, and requires that any additional transaction sought to be performed with the sensitive personal information requires fresh consent to first be obtained. The 2014 Bill carves out another exception for Government agencies, allowing disclosure of sensitive personal data without consent to Government agencies mandated under law for the purposes of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences.

Notification of Breach of Security: The provisions relating to the notification of breach of security in the 2014 Bill differ from the 2011 Bill. Specifically, the 2014 Bill removes the requirement that data controllers must publish information about a data breach in two national news papers. Thus, in the 2014 Bill, data controllers must only inform the data protection authority and affected individuals of the breach.

Notice: The 2014 Bill changes the structure of the notice mechanism – where in the 2011 Bill, prior to the processing of data, data controllers had to take all reasonable steps to ensure that the data subject was aware of the following:

1. The documented purposes for which such personal data is being collected
2. Whether providing of personal data by the data subject is voluntary or mandatory under law or in order to avail of any product or service
3. The consequences of the failure to provide the personal data
4. The recipient or category of recipients of the personal data
5. The name and address of the data controller and all persons who are or will be processing information on behalf of the data controller
6. If such personal data is intended to be transferred out of the country, details of such transfer.

In contrast the 2014 Bill provides that before personal data is collected, the data controller must give notice of:

1. What data is being collected and
2. The legitimate purpose for the collection.

If the purpose for which the data was collected has changed the data controller will then be obligated to provide the data subject with notice of:

1. The use to which the personal data will be put
2. Whether or not the personal data will be disclosed to a third party and if so the identity of such person
3. If the personal data being collected is intended to be transferred outside India  and the reasons for doing so, how the transfer helps in achieving the legitimate purpose and whether the country to which such data is transferred has suitable legislation to provide for adequate protection and privacy of the data.
4. The security and safeguards established by the data controller in relation to the personal data
5. The processes available to a data subject to access and correct  his personal data
6. The recourse open to a data subject, if he has any complaints in respect of collection or processing of the personal data and the procedure relating thereto
7. The name, address, and contact particulars of the data controller and all persons who will be processing the personal data on behalf of the data controller.

Disclosure of personal data: Though titled as ‘sharing of personal data’ both the 2011 Bill and 2014 Bill require consent for the disclosure of personal information, but list exceptional circumstances on which consent is not needed. In the 2011 bill, the relevant provision permits disclosure of personal data without consent only if (i) the sharing was a part of the documented purpose, (ii) the sharing is for any purpose relating to the exceptions to the right to privacy or (iii) the Data Protection Authority has authorized the sharing.  In contrast, the 2014 Bill permits disclosure of personal data without consent if (i) such disclosure is part of the legitimate purpose (ii) such disclosure is for achieving any of the objectives of section 5 (iii) the Authority has by order authorized such disclosure (iv) the disclosure is required under any law for the time being in force (v) the disclosure is made to the Government Intelligence agencies in the interest of the sovereignty, integrity, security or the strategic, scientific or economic interest of India.  As a safeguard, the 2014 Bill requires that any person to whom  personal information is disclosed, whether a resident or not, must adhere to all provisions of the Act. Furthermore, the disclosure of personal data must be limited to the extent which is necessary to achieve the purpose for which the disclosure is sought and no person can make public any personal data that is in its control.

Transborder flow of information: Though both the 2011 Bill and the 2014 Bill require any country that data is transferred to must have equivalent or stronger data protection standards in place, the 2014 Bill carves out an exception for law enforcement and intelligence agencies and the transfer of any personal data outside the territory of India, in the interest of the sovereignty, integrity, security or the strategic, scientific or economic interest of India.

Mandatory Processing of Data: Both the 2011 Bill and 2014 Bill have provisions that address the mandatory processing of data. These provisions are similar, but the 2014 Bill includes a requirement that data controllers must anonymize personal data that is collected without prior consent from the data subject within a reasonable time frame after collection.

Security of Personal Data: The provision relating to the security of personal information in the 2014 Bill has been changed from the 2011 Bill by expanding the list and type of breaches that must be prevented, but removing requirements that data controllers must ensure all contractual arrangements with data processors specifically ensure that the data is maintained with the same level of  security.

• Conditions on which provisions do not apply: Both the 2011Bill and 2014 Bill define conditions on which the provisions of updating personal data, access, notification of breach of security, retention of personal data, data quality, consent, choice, notice, and right to privacy  will not apply to personal data.  Though the 2011 Bill and 2014 Bill reflect the same conditions, the 2014 Bill  carves out an exception for Government Intelligence Agencies  - stating that the provisions of  updating personal data, access to data by the data subject, notification about breach of security, retention of personal data, data quality, processing of personal data, consent, choice, notice, collection from an individual will not apply to data collected or processed in the interest of the sovereignty, integrity, security or the strategic, scientific or economic interest of India.
• Privacy Officers: Unlike the 2011 Bill, the 2014 Bill defines the role of the privacy officer that must be established by every data controller for the purpose of overseeing the security of personal data and implementation of the provisions of the Act.
• Power of Authority to Exempt: Both the 2011 Bill and 2014 Bill contain provisions that enable the Authority to waive the applicability of specific provisions of the Act. The circumstances on which this can be done are based on the exceptions to the Right to Privacy in both the 2011 and 2014 Bill. To this extent, the 2014 Bill differs slightly from the 2011 Bill, by removing the power of the Authority to exempt for the ‘detection of crime’ and ‘any other legitimate purpose mentioned in this Act’ .

• The Data Protection Authority: The 2011 Bill and 2014 Bill both establish Data Protection Authorities, but the 2014 Bill further clarifies certain aspects of the functioning of the Authority and expands the functions and the powers of the Authority.  For example, new functions of the Authority include:

1. Auditing any or all personal data controlled by the data controller to assess whether it is being maintained in accordance with the Act,
2. Suggesting international instruments relevant to the administration of the Act,
3. Encouraging industry associations to evolve privacy standards for self regulations, adjudicating on disputes arising between data controllers or between individuals and data controllers.

The 2014 Bill also expands the powers of the Data Protection Authority – importantly giving him the power to receive, investigate complaints about alleged violations of privacy and issue appropriate orders or directions.

At the same time, the 2014 Bill carves out an exception for Government Intelligence Agencies and Law Enforcement agencies – preventing the Authority from conducting investigations, issuing appropriate orders or directions, and adjudicating complaints in respect to actions taken by the Government Intelligences Agencies and Law Enforcement,  if for the objectives of  (a) sovereignty, integrity or security of India; or(b) strategic, scientific or economic interest of India; or(c) preventing incitement to the commission of any offence, or (d) prevention of public disorder, or(e) the investigation of any crime; or (f) protection of rights and freedoms of others; or (g) friendly relations with foreign states; or (h) any other legitimate purpose mentioned in this Act.

This power is instead vested with a court of competent jurisdiction.

• The National Data Controller Registry: The 2014 Bill removes the National Data Controller Registry and requirements for data controllers to register themselves and oversight of the Registry by the Data Protection Authority.
• Direct Marketing: Both the 2011 and 2014 Bills contain provisions regulating the use of personal information for direct marketing purposes. Though the provisions are broadly the same, the 2011 Bill envisions that no person will undertake direct marketing unless he/she is registered in the ‘National Data Registry’  and one of the stated purposes is direct marketing. As the 2014 Bill removes the National Data Registry, the 2014 Bill now requires that any person undertaking direct marketing must have on record where he/she has obtained personal data from.
• Interception of Communications: Though maintaining some of the safeguards defined in the 2011 Bill for interception,  2014 Bill changes  the interception regime envisioned in the 2011 Bill by carving out a wide exception for organizations monitoring the electronic mail of employees,  removing provisions requiring the interception take place only for the minimum period of time required for achieving the purposes, and removing provisions excluding the use of intercepted communications as evidence in a court of law. Similar to the 2011 Bill, the 2014 Bill specifies that the principles of notice, choice and consent, access and correction, and openness will not apply to the interception of communications.
• Video Recording Equipment in public places: Unlike the 2011 Bill, which addressed only the use of CCTV’s, the 2014 Bill addresses the installation and use of video recording equipment in public places. Though both the 2011 Bill and 2014 Bill both prevent the use of recording equipment and CCTVs for the purpose of identifying an individual, monitoring his personal particulars, or revealing personal, or otherwise adversely affecting his right to privacy - the 2014 Bill requires that the use of recording equipment must be in accordance with procedures, for a legitimate purpose, and proportionate to the objective for which the equipment was installed.

The 2014 Bill makes a broad exception to these safeguards for law enforcement agencies and government intelligence agencies in the interest of the sovereignty, integrity, security or the strategic, scientific, or economic interest of India.

• Privacy Standards and Self Regulation: The 2014 Bill establishes a specific mechanism of self regulation where industry associations will develop privacy standards and adhere to them.  For this purpose, an industry ombudsman should be appointed. The standards must be in conformity with the National Privacy Principles and the provisions of the Privacy Bill. The developed standards will be submitted to the Authority and the Authority may frame regulations based on the standards. If an industry association has not developed privacy standards, the Authority may frame regulations for a specific sector.
• Settlement of Disputes and Appellate Tribunal: The 2014 Bill makes significant change to the process for settling disputes from the 2011 Bill. In the 2014 Bill an Alternative Dispute Mechanism is established where disputes between individuals and data controllers are first addressed by the Privacy Officer of each Data Controller or the industry level Ombudsman. If individuals are not satisfied with the decision of the Ombudsman they may take the complaint to the Authority. Individuals can also take the complaint directly to the Authority if they wish.  If an individual is aggrieved with the decision of the Authority, by a privacy officer or ombudsman through the Alternative Dispute Resolution mechanism, or by the adjudicating officer of the Authority, they may approach the Appellate Tribunal. Any order from the Appellate Tribunal can be appealed at a high court.

In the 2011 Bill disputes between the data controller and an individual can be taken directly to the Appellate Tribunal and orders from the Authority can be appealed at the Tribunal. There is not further path for appeal to an order of the tribunal.

• Offences and Penalties: The 2014 Bill changes the structure of the offences and penalties section by breaking the two into separate sections - one addressing offences and one addressing penalties while the 2011 Bill addressed offences and penalties in the same section.

• Offences: The 2014 Bill penalizes every offence with imprisonment and a fine and empowers a police officer not below the rank of Deputy Superintendent of Police to investigate any offence, limits the courts ability to take cognizance of an offence to only those brought by the Authority, requires that the Court be no lower than a Chief Metropolitan Magistrate or a Chief Judicial Magistrate, and permits courts to compound offences. The 2014 Bill further specifies that any offence that is punishable with three years in prison and above is cognizable, and offences punishable with three years in prison are bailable. . Under the 2014 Bill offences are defined as:

1. Unauthorized interception of communications
2. Disclosure of intercepted communications
3. Undertaking unauthorized Covert Surveillance
4. Unauthorized use of disclosure of communication data

The offences defined under the Act are reflected in the 2011 Bill, but the time in prison and fine is higher in the 2014 Bill.

Penalties: The 2014 Bill provides a list of penalties including:

1. Penalty for obtaining personal data on false pretext
2. Penalty for violation of conditions of license pertaining to maintenance of secrecy and confidentiality by telecommunications service providers
3. Penalty for disclosure of other personal information
4. Penalties for contravention of directions of the Authority
5. Penalties for data theft
6. Penalties for unauthorised collection, processing, and disclosure of personal data
7. Penalties for unauthorized use of personal data for direction marketing. These penalties reflect the penalties in the 2011 bill, but prescribe higher fines
   
   

Adjudicating Officer: Unlike the 2011 Bill that did not have in place an adjudicating officer, the 2014 Bill specifies that the Chairperson of the Authority will appoint a Member of the Authority not  below the Rank of Director of the Government of India to be an adjudicating officer. The adjudicating officer will have the power to impose a penalty and will have the same powers as vested in a civil court under the Code of Civil Procedure. Every proceeding before the adjudicating officer will be considered a judicial processing. When adjudicating the officer must take into consideration the amount of disproportionate gain or unfair advantage, the amount of loss caused, the respective nature of the default

Civil Remedies and compensation: Both the 2011 and 2014 Bill contain provisions that permit an individual to pursue a civil remedy, but the 2014 Bill limits these instances to - if loss or damage has been suffered or an adverse determination is made about an individual due to negligence on complying with the Act, and provides for the possibility that the contravening parties will have to provide a public notice of the offense.

The 2014 Bill removes provisions specifying that individuals that have suffered loss due to a contravention by the data controller of the Act are entitled to compensation.

Exceptions for intelligence agencies:  Unlike the 2011 Bill, the 2014 Bill includes an exception for Government Intelligence Agencies and Law Enforcement Agencies – stating that the Authority will not have the power to conduct investigations, issue appropriate orders and directions or otherwise adjudicate complaints in respect of action taken by the Government intelligence agencies and Law  Enforcement agencies for achieving any of the objectives that reflect the defined exceptions to privacy.

The Centre for Internet and Society welcomes many of the changes that are reflected in the Privacy Bill 2014, but are cautious about the wide exceptions that have been carved out for law enforcement and intelligence agencies in the Bill.

In 2012, the Report of Group of Expert s on Privacy was developed for the purpose of informing a privacy framework for India. As such the Centre for Internet and Society will be analyzing in upcoming posts the draft Privacy Bill 2014 and the recommendations in the Report of the Group of Experts on Privacy.

Introduction:

1. Shielding the Messengers: Protecting Platforms for Expression and Innovation. The Centre for Democracy and Technology. December 2012, available at: https://www.cdt.org/files/pdfs/CDT-Intermediary-Liability-2012.pdf: This paper analyses the impact that intermediary liability regimes have on freedom of expression, privacy, and innovation. In doing so, the paper highlights different models of intermediary liability regimes, reviews different technological means of restricting access to content, and provides recommendations for intermediary liability regimes and provides alternative ways of addressing illegal content online.
2. Internet Intermediaries: Dilemma of Liability: Article 19. 2013, available at: http://www.article19.org/data/files/Intermediaries_ENGLISH.pdf:This Policy Document reviews different components of intermediary liability and highlights the challenges and risks that current models of liability have to online freedom of expression. Relying on international standards for freedom of expression and comparative law,  the document includes recommendations and alternative models that provide stronger protection for freedom of expression. The key recommendation in the document include: web hosting providers or hosts should be immune from liability to third party content if they have not modified  the content, privatised enforcement should not be a model and removal orders should come only from courts or adjudicatory bodies, the model of notice to notice should replace notice and takedown regimes, in cases of alleged serious criminality clear conditions should be in place and defined.
3. Comparative Analysis of the National Approaches to the Liability of Internet Intermediaries: Prepared by Daniel Seng for WIPO, available at http://www.wipo.int/export/sites/www/copyright/en/doc/liability_of_internet_intermediaries.pdf:This Report reviews the intermediary liability regimes and associated laws in place across fifteen different contexts with a focus on civil copyright liability for internet intermediaries. The Report seeks to find similarities and differences across the regimes studied and highlight  principles and components in different that can be used in international treaties and instruments, upcoming policies, and court decisions.
4. Freedom of Expression, Indirect Censorship, & Liability for Internet Intermediaries. The Electronic Frontier Foundation. February 2011, available at: http://infojustice.org/download/tpp/tpp-civil-society/EFF%20presentation%20ISPs%20and%20Freedom%20of%20Expression.pdf:This presentation was created for the Trans-Pacific Partnership Stakeholder Forum in Chile and highlights that for freedom of expression to be protected, clear legal protections for internet intermediaries are needed and advocates for a regime that provides blanket immunity to intermediaries or is based on judicial takedown notices.
5. Study on the Liability of Internet Intermediaries. Contracted by the European Commission. 2007, available at: http://ec.europa.eu/internal_market/e-commerce/docs/study/liability/final_report_en.pdf. This Report provides insight on the application of the intermediary liability sections of the EU e-commerce directive  and studies the impact of the regulations under the Directive on the functioning of intermediary information society services. To achieve this objective, the study identifies relavant case law across member states, calls out and evaluates developing trends across Member States, and draws conclusions.
6. Internet Intermediary Liability: Identifying Best Practices for Africa. Nicolo Zingales for the Association for Progressive Communications,  available at: https://www.apc.org/en/system/files/APCInternetIntermediaryLiability_BestPracticesAfrica_20131125.pdf: This background paper seeks to identify challenges and opportunities in addressing intermediary liability for countries in the African Union and recommend safeguards that can be included in emerging intermediary liability regimes in the context of human rights. The paper also reviews different models of intermediary liability and discusses the limitations, scope, and modes of operation of each model.
7. The Liability of Internet Intermediaries in Nigeria, Kenya, South Africa, and Uganda: An uncertain terrain. Association for Progressive Communications. October 2012, available at: http://www.academia.edu/2484536/The_liability_of_internet_intermediaries_in_Nigeria_Kenya_South_Africa_and_Uganda_An_uncertain_terrain:This Report reviews intermediary liability in Nigeria, Kenya, South Africa and Uganda – providing background to the political context, relevant legislation, and present challenges . In doing so, the Report provides insight into how intermediary liability has changed in recent years in these contexts and explores past and present debates on intermediary liability. The Report concludes with recommendations for stakeholders affected by intermediary liability.
8. The Fragmentation of intermediary liability in the UK. Daithi Mac Sithigh. 2013, available at: http://jiplp.oxfordjournals.org/content/8/7/521.full.pdf?keytype=ref&ijkey=zuL8aFSzKJqkozT. This article looks at the application of the Electronic Commerce Directive across Europe and argues that it is being intermixed and subsequently replaced with provisions from national legislation  and provisions of law from area specific legislation. Thus, the article argues that systems for intermediary liability are diving into multiple systems – for example for content related to copyright intermediaries are being placed with new responsibilities while for content related to defamation, there is a reducing in the liability that intermediaries are held to.
9. Regimes of Legal Liability for Online Intermediaries: an Overview. OECD, available at:  http://www.oecd.org/sti/ieconomy/45509050.pdf. This article provides an overview of different intermediary liability regimes  including EU and US.
10. Closing the Gap: Indian Online Intermediaries and a Liability System Not Yet Fit for Purpose. GNI. 2014, available at: http://www.globalnetworkinitiative.org/sites/default/files/Closing%20the%20Gap%20-%20Copenhagen%20Economics_March%202014_0.pdf.  This Report argues that the provisions of the Information Technology Act 2000 are not adequate to deal with ICT innovations , and argues that the current liability regime in India is hurting the Indian internet economy.
11. Intermediary Liability in India. Centre for Internet and Society. 2011, available at: http://cis-india.org/internet-governance/intermediary-liability-in-india.pdf. This report reviews and ‘tests’  the effect of the Indian intermediary liability on freedom of expression. The report concludes that the present regime in India has a chilling effect on free expression and offers recommendations on how the Indian regime can be amended to protect this right.
12. The Liability of Internet Service providers and the exercise of the freedom of expression in Latin America have been explored in detail through the course of this research paper by Claudio Ruiz Gallardo and J. Carlos Lara Galvez. The paper explores the efficacy and the implementation of proposals to put digital communication channels under the oversight of certain State sponsored institutions in varying degrees. The potential consequence of legal intervention in media and digital platforms, on the development of individual rights and freedoms has been addressed through the course of this study. The paper tries to arrive at relevant conclusions with respect to the enforcement of penalties that seek to redress the liability of communication intermediaries and the mechanism that may be used to oversee the balance between the interests at stake as well as take comparative experiences into account. The paper also analyses the liability of technical facilitators of communications while at the same time attempting to define a threshold beyond which the interference into the working of these intermediaries may constitute an offence of the infringement of the privacy of users. Ultimately, it aims to derive a balance between the necessity for intervention, the right of the users who communicate via the internet and interests of the economic actors who may be responsible for the service: http://www.palermo.edu/cele/pdf/english/Internet-Free-of-Censorship/02-Liability_Internet_Service_Providers_exercise_freedom_expression_Latin_America_Ruiz_Gallardo_Lara_Galvez.pdf

---

Click to read the newsletter from the Association of Progressive Communications. The summaries for the reports can be found below:

Internet Intermediaries: The Dilemma of Liability in Africa. APC News, May 2014, available at: http://www.apc.org/en/node/19279/. This report summarizes the challenges facing internet content regulators in Africa, and the effects of these regulations on the state of the internet in Africa. Many African countries do not protect intermediaries from potential liability, so some intermediaries are too afraid to transmit or host content on the internet in those countries. The report calls for a universal rights protection for internet intermediaries.

APC’s Frequently Asked Questions on Internet Intermediary Liability:  APC, May 2014, available at: http://www.apc.org/en/node/19291/. This report addresses common questions pertaining to internet intermediaries, which are entities which provide services that enable people to use the internet, from network providers to search engines to comments sections on blogs. Specifically, the report outlines different models of intermediary liability, defining two main models. The “Generalist” model intermediary liability is judged according to the general rules of civil and criminal law, while the “Safe Harbour” model protects intermediaries with a legal safe zone.

New Developments in South Africa: APC News, May 2014, available at: http://www.apc.org/en/news/intermediary-liability-new-developments-south-afri. This interview with researchers Alex Comninos and Andrew Rens goes into detail about the challenges of intermediary in South Africa. The researchers discuss the balance that needs to be struck between insulating intermediaries from a fear of liability and protecting women’s rights in an environment that is having trouble dealing with violence against women. They also discuss South Africa’s three strikes policy for those who pirate material.

Preventing Hate Speech Online In Kenya: APCNews, May 2014, available at: http://www.apc.org/en/news/intermediary-liability-preventing-hate-speech-onli. This interview with Grace Githaiga investigates the uncertain fate of internet intermediaries under Kenya’s new regime. The new government has mandated everyone to register their SIM cards, and indicated that it was monitoring text messages and flagging those that were deemed risky. This has led to a reduction in the amount of hate speech via text messages. Many intermediaries, such as newspaper comments sections, have established rules on how readers should post on their platforms. Githaiga goes on to discuss the issue of surveillance and the lack of a data protection law in Kenya, which she sees as the most pressing internet issue in Kenya.

New Laws in Uganda Make Internet Providers More Vulnerable to Liability and State Intervention: APCNews, May 2014, available at: http://www.apc.org/en/news/new-laws-uganda-make-internet-providers-more-vulne. In an interview, Lilian Nalwoga discusses Uganda’s recent anti-pornography law that can send intermediaries to prison. The Anti-Pornography Act of 2014 criminalizes any sort of association with any form of pornography, and targets ISPs, content providers, and developers, making them liable for content that goes through their systems. This makes being an intermediary extremely risky in Uganda. The other issue with the law is a vague definition of pornography. Nalwoga also explains the Anti-Homosexuality Act of 2014 bans any promotion or recognition of homosexual relations, and the monitoring technology the government is using to enforce these laws.

New Laws Affecting Intermediary Liability in Nigeria: APCNews, May 2014, available at: http://www.apc.org/en/news/new-laws-affecting-intermediary-liability-nigeria. Gbenga Sesan, executive director of Paradigm Initiative Nigeria, expounds on the latest trends in Nigerian intermediary liability. The Nigerian Communications Commission has a new law that mandates ISPs store users data for at least here years, and wants to make content hosts responsible for what users do on their networks. Additionally, in Nigeria, internet users register with their real name and prove that you are the person who is registration. Sesan goes on to discuss the lack of safe harbor provisions for intermediaries and the remaining freedom of anonymity on social networks in Nigeria.

Internet Policies That Affect Africans: APC News, May 2014, available at: http://www.apc.org/en/news/intermediary-liability-internet-policies-affect-af. The Associsation for Progressive Communcations interviews researcher Nicolo Zingales about the trend among African governments establishing further regulations to control the flow of information on the internet and hold intermediaries liable for content they circulate. Zingales criticizes intermediary liability for “creating a system of adverse incentives for free speech.” He goes on to offer examples of intermediaries and explain the concept of “safe harbor” legislative frameworks. Asked to identify best and worst practices in Africa, he highlights South Africa’s safe harbor as a good practice, and mentions the registration of users via ID cards as a worst practice.

Towards Internet Intermediary Responsibility: Carly Nyst, November 2013, available at: http://www.genderit.org/feminist-talk/towards-internet-intermediary-responsibility. Nyst argues for a middle ground between competing goals in internet regulation in Africa. Achieving one goal, of protecting free speech through internet intermediaries seems at odds with the goal of protecting women’s rights and limiting hate speech, because one demands intermediaries be protected in a legal safe harbor and the other requires intermediaries be vigilant and police their content. Nyst’s solution is not intermediary liability but responsibility, a role defined by empowerment, and establishing an intermediary responsibility to promote positive gender attitudes.

The 2014 seminar is jointly organized by the Center for Global Communication Studies (CGCS) at the University of Pennsylvania’s Annenberg School for Communication, the American Austrian Foundation (AAF), and the Diplomatic Academy of Vienna (DA).  For more information visit the seminar webpage and Facebook Page. Dr. Nishant Shah is the co-founder and Director-Research at the Centre for Internet and Society, Bangalore, India.

Nishant Shah's post was published on April 1st, 2014 | by cgcsblog

---

An imagined and perceived gap between the global and the local informs transnational politics and internet policy. The global views the local as both the site upon which the global can manifest itself as well as the microcosm that supports and strengthens global visions by providing mutations, adaptations and reengineering of the governance practices. The local is encouraged to connect with the global through a series of outward facing practices and policies, thus producing two separate domains of preservation and change.  On the one hand, the local, the organic and the traditional, needs to be preserved and make the transnational and the global the exotic other. On the other hand, the local also needs to be in a state of aspiration, transforming itself to belong to global networks of polity and policy that are deemed as desirable, especially for a development and rights based vision of societies.

While these negotiations and transactions are often fruitful and local, national, and transnational structures and mechanics have been developed to facilitate this flow, this relationship is precarious. There is an implicit recognition that the local and the transnational, dialectically produced, are often opaque categories and empty signifiers. They sustain themselves through unquestioned presumptions of particular attributes that are taken for granted in these interactions. There have been many different metaphors that have been used to understand and explain these complex transfers of knowledge and information, resources and capital, bodies and ideologies. Vectors, Flows, Disjunctures, Intersections are some of the examples. However, with the rise of the digital technologies and vocabularies, especially the internet, the metaphor of the Network with its distributed nodes has become one of the most potent explanations of contemporary politics. This idea of living in networked worlds is so seductive and ‘common-sense,’ that it has become an everyday practice to think of the global as a robust, never-ending, all-inclusive network where the local becomes an important node because it enables both connectivity within but also an expansion of the edges, in order to connect to that which is outside the traffic capacities of the network.

The ‘Network Society’ paradigm is distinct from earlier rubrics of information and open society that have informed existing information and communication policies. In this paradigm we have the opportunity to revisit and remap the ways in which local governments and populations function and how they produce locals who can feed into the transnational and global discourse. The network facilitates some knowledge that is valuable and allows us to map inequity and mal-distribution of resources by offering comparisons between the different nodes. Networks force our attention to the edges, the no-person’s-zone which is porous but still serves as an osmotic filter that often keeps the underprivileged and the unintelligible outside its fold. Networks as metaphors are valuable because they produce a cartographic vision of the world with multiple boundaries and layers, dealing with big data sets to create patterns that might otherwise be invisible. They enable the replication of models that can be further localised and adapted to fit the needs of the context.  Networks make the world legible – we write it through the lens of the network, intelligible – we understand it through the language and vocabulary of the network, and accessible – it allows for knowledge and practices to transfer across geographies and times.

At the same time, networks are a vicious form of organisation because they work through the logic of resource maximisation, efficiency and optimisation, often disallowing voices of dissent that threaten the consensus making mechanisms of the network. Networks have a self-referential relationship with reality because they produce accounts of reality which can easily stand in for the material and the real. They are the new narratives that can operate with existing data sets and produce such rich insights for analysis that we forget to account for that which cannot be captured in the database structures of these data streams. Networks work through a principle of homogeneity and records, thus precluding forms of operation which cannot be easily quantified.

Given this complex nature of networks and the fact that they are emerging as the de facto explanations of not only social and cultural relationships but also economic and political transactions, it might be fruitful to approach the world of policy and politics, the local and the transnational, through the lens of the network. Building a critique of the network while also deploying the network as a way to account for the governmental practices might produce key insights into how the world operates. What does it mean to imagine the world in the image of the internet as a gigantic network? What are the ways in which a networked visualisation of policy and governmental processes can help us analyse and understand contemporary politics? What tools can we develop to expose the limitations of a network paradigm and look at more inclusive and sensitive models for public discourse and participation? How do we document events, people, and drivers of political change that often get overlooked in the networked imagination of transnational politics? These are the kind of questions that the Center for Global Communication Study’s Internet Policy Observatory (IPO) could initiate, building empirical, qualitative and historical research to understand the complex state of policy making and its relationship with enforcement, operationalization and localisation.

Given the scope and scale of these questions, there are a few specific directions that can be followed to ensure that research is focused and concentrated rather than too vague and generalised:

1. Bird’s eye views: The big picture understanding of transnational political and policy networks is still missing from our accounts of contemporary discourse. While global representative networks of multi-stakeholder dialogues have been established, there is not enough understanding of how they generate traffic (information, knowledge, data, people, policies) within the network through the different nodes. Producing an annotated and visual network map that looks at the different structural and organisational endeavours and presences, based on available open public data, bolstered by qualitative interviews would be very useful both as a research resource but also an analytic prototype to understand the complex relationships between the various stakeholders involved in processes of political change.
2. Crisis Mapping: One of the most important things within Network studies is how the network identifies and resolves crises. Crises are the moment when the internal flaws, the structural weaknesses, and the fragile infrastructure become visible. The digital network, like the internet, has specific mechanisms of protecting itself against crises. However, the appearance of a crisis becomes an exciting time to look at the discrepancy between the ambition of the network and its usage. A crisis is generally a symptom that shows the potentials for radical subversion, overthrowing, questioning and the abuse of network designs and visions. Locating ICT related crises with historical and geographical focuses could similarly reveal the discrepancies of the processes of making policy and orchestrating politics.
3. Longitudinal Studies: The network remains strong because it works through a prototype principle. Consequently, no matter how large the network is, it is possible to splice, slice, and separate a small component of the network for deep dive studies. This microcosm offers rich data sets, which can then be applied across the network to yield different results. Further, working with different actors – from individual to the collective, from the informal the institutional – but giving them all equal valency provides a more equal view of the roles, responsibilities, and aspirations of the different actors involved in the processes. This kind of a longitudinal study, working on very small case-studies and then applying them to analyse the larger social and political conditions help in understanding the transnational and global processes in a new way.

These research based inquiries could result in many different outputs based on the key users that they are working with and for. The methods could be hybrid, using existing local and experimental structures, with predefined criteria for rigour and robustness. The research, given its nature, would necessitate working with existing networks and expanding them, thus building strong and sustainable knowledge networks that can be diverted towards intervention through capacity building and pedagogy directed at the different actors identified within these nodes.

---

Dr. Nishant Shah is the co-founder and Director-Research at the Centre for Internet and Society, Bangalore, India. He is an International Tandem Partner at the Centre for Digital Cultures, Leuphana University, Germany and a Knowledge Partner with the Hivos Knowledge Programme, The Netherlands. In these varied roles, he has been committed to producing infrastructure, frameworks and collaborations in the global south to understand and analyse the ways in which emergence and growth of digital technologies have shaped the contemporary social, political and cultural milieu. He is the editor for a series of monographs on ‘Histories of Internet(s) in India’ that looks at the complicated relationship that technologies have with questions of gender, sexuality, body, city, governance, archiving and gaming in a country like India. He is also the principle researcher for a research programme that produced the four-volume anthology ‘Digital AlterNatives With a Cause?’ that examines the ways in which young people’s relationship with digital technologies produces changes in their immediate environments.

Dr. Nishant Shah's column was published in the Indian Express on March 30, 2014.

---

Within the online space, where wonderments often run rife, and conspiracy theories travel at the speed of light, there are many dark recesses where netizens half-jokingly, self-referentially, in a spirit of part-truth, part-exaggeration, often wonder on what the real reason is for the internet to exist.

One suggestion, and probably the most persuasive one, drawing from the Broadway musical Avenue Q, is that the internet was made for porn. Positing a competing argument is a clowder of cat lovers, who insist that the internet was made for cats. Or, at least, it is definitely made of cats.

From the first internet memes like LOL Cats (and then subsequently Grumpy Cat, Ceiling Cat and Hipster Kitty), which had pictures of cats used for strong social, cultural and political commentary, to Caturday — a practice where users on the Web’s largest unmoderated discussion board, 4Chan, post pictures of cats every Saturday — cats are everywhere.

I want to add to this list and suggest that the internet was meant for “shame”. With the explosion of the interactive Web, more people getting access to mobile computing devices, and more websites inviting users to write reviews, leak pictures, expose videos and reveal more personal and private information online, there seems to be no doubt that we live in the age of digital shaming.

The aesthetic, also embedded in peer-to-peer platforms like chatroulete, or snapchat, where people often engage in sexting, is also becoming common in popular media. The ability to spy, to capture private images and videos, and expose the people who violate some imagined moral code has dangerous implications for the future of the Web and our own private lives. And as more of it goes unpunished and gets naturalised in our everyday digital practices, it is time to realise that the titillation it offers through scandal is far outweighed by the growing stress and grief it causes to victims. While there are some values to public shaming that ask for more transparency and accountability, we need to reflect on how it is creating societies of shame.

It sometimes emerges as an attempt to shame governments, private institutions, places of consumption, for compromise of the rights of the users.

Anything, from denial of service and corruption in government offices to bad food and substandard goods in restaurants and malls, is now reported in an attempt to shame the people responsible for it. This kind of “citizen journalism” allows for individual voices and experiences to be heard and documented, and the people in question are forced to be accountable for their jobs.

From fascinating websites like IPaidABribe.com to restaurant review sites like Zomato, we have seen an interesting phenomenon of “naming and shaming” that gives voice to individual discontent and anger. And so commonplace has this become, that most managers of different services and goods track, respond and mitigate the situation, often offering apologies and freebies to make up for that one bad experience.

Most big organisations have Twitter handles that function in a similar way, addressing grievances of users in real time, and helping to deliver better services and products. It is a new era of granular accountability that ensures that individual acts of discrimination, neglect or just disservice get reported and have direct impact on those responsible for it.

On the other end of the spectrum of this call for transparent and accountable structures, is the phenomenon of shaming and cyber bullying that is also increasing, especially with digital natives who spend more time online. On social networking sites, it has become almost passé, for personal and sensitive information to be leaked in order to shame and expose a person’s weaknesses and vulnerabilities. Especially for young teens who might be in a disadvantaged position — for reasons of sexual orientation, location, practices or interests — the shaming through exposing their private information often creates extremely traumatic conditions, even leading people to take their lives.
Shaming takes up particularly dire forms on websites and platforms that are designed to leak this kind of information. Hunter Moore, who has recently earned the title of being the most hated man on the internet, was the founder of a revenge-porn website, which invited male users to reveal sexual and embarrassing pictures of their former girlfriends and even spouses, to reveal them in compromising positions and shame them for being “sluts”.

Moore’s website has been shut down now and he is facing multiple charges of felony in the US, but that one site was just the tip of the iceberg. Slut shaming and trying to humiliate women has become a strong underground practice on the dark web. Hidden by anonymity and the security that the Web can sometimes offer, people betray the trust of their friends and lovers and expose them to be punished by voyeuristic audiences.

---

The article was published in Yojana (April 2014 Issue). Click to download the original here. (PDF, 177 Kb)

---

The role of the US perceived by some as the benevolent dictator or primary steward of the Internet because of history, technology, topology and commerce came under scrutiny again. The I star bodies also known as the technical community - Internet Corporation for Assigned Names and Numbers (ICANN); five Regional Internet Registries (RIRs) ie. African,  American, Asia-Pacific, European and Latin American; two standard setting organisations - World Wide Web Consortium (W3C) & Internet Engineering Task Force (IETF); the Internet Architecture Board (IAB); and Internet Society (ISOC) responded by issuing the Montevideo Statement [1] on the 7th of October. The statement expressed "strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance." It called for  "accelerating the globalization of ICANN and IANA functions..." - did this mean that the I star bodies were finally willing to end the special role that US played in Internet governance? However, that dramatic shift in position was followed with the following qualifier "...towards an environment in which all stakeholders, including all governments, participate on an equal footing." Clearly indicating that for the I star bodies multistakeholderism was non-negotiable.  Two days later President Rousseff after a meeting with Fadi Chehadé, announced on Twitter that Brazil would host "an international summit of governments, industry, civil society and academia." [2] The meeting has now been dubbed Net Mundial and 188 proposals for “principles” or “roadmaps for the further evolution of the Internet governance ecosystem” have been submitted for discussion in São Paulo on the 23rd and 24th of April. The meeting will definitely be an important milestone for multilateral and multi-stakeholder mechanisms in the ecosystem.

It has been more than a decade since this debate between multilateralism and multi-stakeholderism has ignited. Multistakeholderism is a form of governance that seeks to ensure that every stakeholder is guaranteed a seat at the policy formulation table (either in consultative capacity or in decision making capacity depending who you ask). The Tunis Agenda, which was the end result of the 2003-05 WSIS upheld the multistakeholder mode. The 2003–2005 World Summit on the Information Society process was seen by those favouring the status quo at that time as the first attempt by the UN bodies or multilateralism - to takeover the Internet. However, the end result i.e. Tunis Agenda [3] clarified and reaffirmed multi-stakeholderism as the way forward even though multilateral governance mechanisms were also accepted as a valid component of Internet governance. The list of stakeholders included states, the private sector, civil society, intergovernmental organisations, international standards organisations and the “academic and technical communities within those stakeholder groups mentioned” above. The Tunis Agenda also constituted the Internet Governance Forum (IGF) and the process of Enhanced Cooperation.

The IGF was defined in detail with a twelve point mandate including to “identify emerging issues, bring them to the attention of the relevant bodies and the general public, and, where appropriate, make recommendations.” In brief it was to be a learning Forum, a talk shop and a venue for developing soft law not international treaties. Enhanced Cooperation was defined as “to enable governments, on an equal footing, to carry out their roles and responsibilities, in international public policy issues pertaining to the Internet, but not in the day-to-day technical and operational matters, that do not impact on international public policy issues” –  and to this day, efforts are on to define it more clearly.

Seven years later, during the World Conference on Telecommunication in Dubai, the status quoists dubbed it another attempt by the UN to take over the Internet. Even those non-American civil society actors who were uncomfortable with US dominance were willing to settle for the status quo because they were convinced that US court would uphold human rights online more robustly than most other countries. In fact, the US administration had laid a good foundation for the demonization of the UN and other nation states that preferred an international regime. "Internet freedom" was State Department doctrine under the leadership of Hillary Clinton. As per her rhetoric – there were good states, bad states and swing states. The US, UK and some Scandinavian countries were the defenders of freedom. China, Russia and Saudi Arabia were examples of authoritarian states that were balkanizing the Internet. And India, Brazil and Indonesia were examples of swing states – in other words, they could go either way – join the good side or the dark side.

But Internet freedom rhetoric was deeply flawed. The US censorship regime is really no better than China’s. China censors political speech – US censors access to knowledge thanks to the intellectual property (IP) rightsholder lobby that has tremendous influence on the Hill. Statistics of television viewership across channels around the world will tell us how the majority privileges cultural speech over political speech on any average day. The great firewall of China only affects its citizens – netizens from other jurisdictions are not impacted by Chinese censorship. On the other hand, the US acts of censorship are usually near global in impact.

This is because the censorship regime is not predominantly based on blocking or filtering but by placing pressure on identification, technology and financial intermediaries thereby forcing their targets offline. When it comes to surveillance, one could argue that the US is worse than China. Again, as was the case with censorship, China only conducts pervasive blanket surveillance upon its citizens – unlike US surveillance, which not only affects its citizens but targets every single user of the Internet through a multi-layered approach with an accompanying acronym soup of programmes and initiatives that include malware, trojans, software vulnerabilities, back doors in encryption standards, over the top service providers, telcos, ISPs, national backbone infrastructure and submarine fibre optic cables.

Security guru Bruce Schneier tells us that "there is no security without privacy. And liberty requires both security and privacy.” Blanket surveillance therefore undermines the security imperative and compromises functioning markets by make e-commerce, e-banking, intellectual property, personal information and confidential information vulnerable. Building a secure Internet and information society will require ending mass surveillance by states and private actors.

The Opportunity for India

Unlike the America with its straitjacketed IP regime, India believes that access to knowledge is a precondition for freedom of speech and expression. As global intellectual property policy or access to knowledge policy is concerned, India is considered a leader both when it comes to domestic policy and international policy development at the World Intellectual Property Organisation. From the 70s our policy-makers have defended the right to health in the form of access to medicines. More recently, India played a critical role in securing the Marrakesh Treaty for Visually Impaired Persons in June 2013 which introduces a user right [also referred to as an exception, flexibility or limitation] which allows the visually impaired to convert books to accessible formats without paying the copyright-holder if an accessible version has not been made available. The Marrakesh Treaty is disability specific [only for the visually impaired] and works specific [only for copyright]. This is the first instance of India successfully exporting policy best practices. India's exception for the disabled in the Copyright Act unlike the Marrakesh Treaty, however, is both disability-neutral and works-neutral.

Given that the Internet is critical to the successful implementation of the Treaty ie. cross border sharing of works that have been made accessible to disabled persons in one country with the global community, it is perhaps time for India to broaden its influence into the sphere of Internet governance and the governance of information societies more broadly.

Post-Snowden, the so called swing states occupy the higher moral ground. It is time for these states to capitalize on this moment using strong political will. Instead of just being a friendly jurisdiction from the perspective of access to medicine, it is time for India to also be the enabling jurisdiction for access to knowledge more broadly. We could use patent pools and compulsory licensing to provide affordable and innovative digital hardware [especially mobile phones] to the developing world. This would ensure that rights-holders, innovators, manufactures, consumers and government would all benefit from India going beyond being the pharmacy of the world to becoming the electronics store of the world. We could explore flat-fee licensing models like a broadband copyright cess or levy to ensure that users get content [text, images, video, audio, games and software] at affordable rates and rights-holders get some royalty from all Internet users in India. This will go a long way in undermining the copyright enforcement based censorship regime that has been established by the US. When it comes to privacy – we could enact a world-class privacy law and establish an independent, autonomous and proactive privacy commissioner who will keep both private and state actors on a short lease. Then we need a scientific, targeted surveillance regime that is in compliance with human rights principles. This will make India simultaneously an IP and privacy haven and thereby attract huge investment from the private sector, and also earn the goodwill of global civil society and independent media. Given that privacy is a precondition for security, this will also make India very secure from a cyber security perspective. Of course this is a fanciful pipe dream given our current circumstances but is definitely a possible future for us as a nation to pursue.

What is the scope of Internet Governance?

Part of the tension between multi-stakeholderism and multilateralism is that there is no single, universally accepted definition of Internet governance. The conservative definitions of Internet Governance limits it to management of critical Internet resources, including the domain name system, IP addresses and root servers – in other words, the ICANN, IANA functions, regional registries and other I* bodies. This is where US dominance has historically been most explicit. This is also where the multi-stakeholder model has clearly delivered so far and therefore we must be most careful about dismantling existing governance arrangements. There are very broadly four approaches for reducing US dominance here – a) globalization [giving other nation-states a role equal to the US within the existing multi-stakeholder paradigm], b) internationalization [bring ICANN, IANA functions, registries and I* bodies under UN control or oversight], c) eliminating the role for nation states in the IANA functions[4] and d) introducing competitors for names and numbers management. Regardless of the final solution, it is clear that those that control domain names and allocate IP addresses will be able to impact the freedom of speech and expression. The impact on the national security of India is very limited given that there are three root servers [5] within national borders and it would be near impossible for the US to shut down the Internet in India.

For a more expansive definition – The Working Group on Internet Governance report[6] has four categories for public policy issues that are relevant to Internet governance:

“(a) Issues relating to infrastructure and the management of critical Internet resources, including administration of the domain name system and Internet protocol addresses (IP addresses), administration of the root server system, technical standards, peering and interconnection, telecommunications infrastructure, including innovative and convergent technologies, as well as multilingualization. These issues are matters of direct relevance to Internet governance and fall within the ambit of existing organizations with responsibility for these matters;

(b) Issues relating to the use of the Internet, including spam, network security and cybercrime. While these issues are directly related to Internet governance, the nature of global cooperation required is not well defined;

(c)Issues that are relevant to the Internet but have an impact much wider than the Internet and for which existing organizations are responsible, such as intellectual property rights (IPRs) or international trade. ...;

(d) Issues relating to the developmental aspects of Internet governance, in particular capacity-building in developing countries.”

Some of these categories are addressed via state regulation that has cascaded from multilateral bodies that are associated with the United Nations such as the World Intellectual Property Organisation for "intellectual property rights" and the International Telecommunication Union for “telecommunications infrastructure”. Other policy issues such as  "cyber crime" are currently addressed via plurilateral instruments – for example the Budapest Convention on Cybercrime – and bilateral arrangements like Mutual Legal Assistance Treaties. "Spam" is currently being handled through self-regulatory efforts by the private sector such as Messaging, Malware and Mobile Anti-Abuse Working Group.[7] Other areas where there is insufficient international or global cooperation include "peering and interconnection" - the private arrangements that exist are confidential and it is unclear whether the public interest is being adequately protected.

So who really governs the Internet?

So in conclusion, who governs the Internet is not really a useful question. This is because nobody governs the Internet per se. The Internet is a diffuse collection of standards, technologies and actors and dramatically different across layers, geographies and services. Different Internet actors – the government, the private sector, civil society and the technical and academic community are already regulated using a multiplicity of fora and governance regimes – self regulation, coregulation and state regulation. Is more regulation always the right answer? Do we need to choose between multilateralism and multi-stakeholderism? Do we need stable definitions to process? Do we need different version of multi-stakeholderism for different areas of governance for ex. standards vs. names and numbers? Ideally no, no, no and yes. In my view an appropriate global governance system will be decentralized, diverse or plural in nature yet interoperable, will have both multilateral and multistakeholder institutions and mechanisms and will be as interested in deregulation for the public interest as it is in regulation for the public interest.

---

[1]. Montevideo Statement on the Future of Internet Cooperation https://www.icann.org/en/news/announcements/announcement-07oct13-en.htm

[2]. Brazil to host global internet summit in ongoing fight against NSA surveillance http://rt.com/news/brazil-internet-summit-fight-nsa-006/

[3]. Tunis Agenda For The Information Society http://www.itu.int/wsis/docs2/tunis/off/6rev1.html

[4]. Roadmap for globalizing IANA: Four principles and a proposal for reform: a submission to the Global Multistakeholder Meeting on the Future of Internet Governance by Milton Mueller and Brenden Kuerbis March 3rd 2014  See: http://www.internetgovernance.org/wordpress/wp-content/uploads/ICANNreformglobalizingIANAfinal.pdf

[5]. Mumbai (I Root), Delhi (K Root) and Chennai (F Root). See: http://nixi.in/en/component/content/article/36-other-activities-/77-root-servers

[6]. Report of the Working Group on Internet Governance to the President of the Preparatory Committee of the World Summit on the Information Society, Ambassador Janis Karklins, and the WSIS Secretary-General, Mr Yoshio Utsumi. Dated:  14 July 2005 See: http://www.wgig.org/WGIG-Report.html

[7].Messaging, Malware and Mobile Anti-Abuse Working Group website See: http://www.maawg.org/

---

The author is is the Executive Director of the Centre for Internet and Society (CIS), Bangalore. He is also the founder of Mahiti, a 15 year old social enterprise aiming to reduce the cost and complexity of information and communication technology for the voluntary sector by using free software. He is an Ashoka fellow. For three years, he also managed the International Open Source Network, a project of United Nations Development Programme's Asia-Pacific Development Information Programme, serving 42 countries in the Asia-Pacific region.

The Committee on Civil Liberties, Justice and Home Affairs of the European Parliament in its draft report on global surveillance has issued a scathing indictment of the activities of the NSA and its counterparts in other member nations and is a welcome stance taken by an international body that is crucial to the fight against surveillance.

The "European Parliament Draft Report on the US NSA surveillance programme, surveillance bodies in various Member States and their impact on EU citizens’ fundamental rights and on transatlantic cooperation in Justice and Home Affairs" released on the 8^th of January, 2014, comprehensively details and critiques the mass surveillance being undertaken by government agencies in the USA as well as within the EU, from a human rights and privacy perspective. The report examines the extent to which surveillance systems are employed by the USA and EU member-states, and declares these systems in their current avatars to be unlawful and in breach of international obligations and fundamental constitutional rights including "the freedom of expression, of the press, of thought, of conscience, of religion and of association, private life, data protection, as well as the right to an effective remedy, the presumption of innocence and the right to a fair trial and non-discrimination".

Furthermore, the report points to the erosion of trust between the EU and the US as well as amongst member states as an outcome of such secret surveillance, and criticises and calls for a suspension of the data-sharing and transfer agreements like the Terrorist Finance Tracking Program (TFTP), which share personal information about EU citizens with the United States, after examining the inadequacy of the US Safe Harbour Privacy principles in ensuring the security of such information.

After considering the secret and unregulated nature of these programmes, the report points to the need of restricting surveillance systems and criticizes the lack of adequate data protection laws and privacy laws which adhere to basic principles such as necessity, proportionality and legality.. It also questions the underlying motives of these programmes as mere security-tools and points to the possible existence of political and economic motives behind their deployment. Recognizing the pitfalls of surveillance and the terrible potential for misuse, the report "condemns in the strongest possible terms the vast, systemic, blanket collection of the personal data of innocent people, often comprising intimate personal information; emphasises that the systems of mass, indiscriminate surveillance by intelligence services constitute a serious interference with the fundamental rights of citizens; stresses that privacy is not a luxury right, but that it is the foundation stone of a free and democratic society; points out, furthermore, that mass surveillance has potentially severe effects on the freedom of the press, thought and speech, as well as a significant potential for abuse of the information gathered against political adversaries."

Amongst the recommendations in the 51-page report are calls for a prohibition of mass surveillance and bulk data collection, and an overhaul of the existing systems of data-protection across the European Union and in the US to recognize and strengthen the right to privacy of their citizens, as well as the implementation of democratic oversight mechanisms to check security and intelligence agencies. It also calls for a review of data-transfer programmes and ensuring that standards of privacy and other fundamental rights under the European constitution are met. The committee sets out a 7-point plan of action, termed the European Digital Habeus Corpus for Protecting Privacy, including adopting the Data Protection Package, suspending data transfers to the US until a more comprehensive data protection regime is through an Umbrella Agreement, enhancing fundamental freedoms of expression and speech, particularly for whistleblowers, developing a European Strategy for IT independence and developing the EU as a reference player for democratic and neutral governance of the internet.

Though this draft report has no binding legal value as yet, the scathing criticism has assisted in calling to the attention of the global community the complex issues of internet governance and privacy and surveillance, and generated debate and discourse around the need for an overhaul of the current system. The recent decision of the US government to ‘democratize’ the internet by handing control of the DNS root zone to an international body, and thereby relinquishing a large part of its means of controlling the internet, is just one example of the systemic change that this debate is generating.

Recommendations in the Report of the Group of Experts on Privacy that are Incorporated in the 2014 Privacy Bill

Constitutional Right to Privacy

The Report of the Group of Experts on Privacy recommends that any privacy legislation for India specify the constitutional basis of a right to privacy. The 2014 Privacy Bill has done this, locating the Right to Privacy in Article 21 of the Constitution of India.

Nine National Privacy Principles

The Report of the Group of Experts on Privacy recommends that nine National Privacy Principles be adopted and applied to harmonize existing legislation and practices. The 2014 Privacy Bill also adopts nine National Privacy Principles. Though these principles differ slightly from the National Privacy Principles recommended in the Report, they are broadly the same, and importantly will apply to all existing and evolving practices, regulations and legislations of the Government that have or will have an impact on the privacy of any individual. Presently, the 2014 Privacy Bill locates the nine National Privacy Principles in an Annex to the Bill, but also incorporates the principles in more detail in sections relating to personal data.  An analysis of the principles as compared in the Report and the Bill is below:

• Notice: The principle of notice as recommended by the Report of the Group of Experts on Privacy differs from the principle of notice in the 2014 Privacy Bill.  According to the notice principle in the Report, a data controller shall give sample to understand notice of its information practices to all individuals, in clear and concise language, before any personal information is collected from them. Such notices should include: (during collection) What personal information is being collected; Purposes for which personal information is being collected; Uses of collected personal information; Whether or not personal information may be disclosed to third persons;  Security safeguards established by the data controller in relation to the personal information; Processes available to data subjects to access and correct their own personal information;  Contact details of the privacy officers and SRO ombudsmen for filing complaints. (Other Notices) Data breaches must be notified to affected individuals and the commissioner when applicable. Individuals must be notified of any legal access to their personal information after the purposes of the access have been met. Individuals must be notified of changes in the data controller’s privacy policy. Any other information deemed necessary by the appropriate authority in the interest of the privacy of data subjects.
  
  In contrast, the 2014 Privacy Bill requires that all the data controllers provide adequate and appropriate notice of their information practices in a form that is easily understood by all intended recipients. In addition to this principle as listed in an annex, the Bill requires that on initial collection data controllers provide notice of what personal data is being collected and the legitimate purpose for which the personal data is being collected. If the purpose for which the personal data changes, data controllers must provide data subjects with a further notice that would include the use to which the personal data shall be put, whether or not the personal data will be disclosed to at third person and, if so, the identity of such person if the personal data being collected is intended to be transferred outside India  and the reasons for doing so; how such transfer helps in achieving the legitimate purpose; and whether the country to which such data is transferred has suitable legislation to provide for adequate protection and privacy of the data; the security and safeguards established by the data controller in relation to the personal data; the processes available to a data subject to access and correct his personal data; the recourse open to a data subject, if he has any complaints in respect of collection or processing of the personal data and the procedure relating thereto; the name, address and contact particulars of the data controller and all persons who will be processing the personal data on behalf of the data controller. Additionally, if a breach of data takes place data controllers must inform the affected data subject that lost or stolen; accessed or acquired by any person not authorized to do so; damaged, deleted or destroyed; processed, re-identified or disclosed in an unauthorized manner.
  
  Though the 2014 Privacy Bill requires a more comprehensive notice to be issued if the purpose for the use of personal data changes, it does not specify (as recommended by the Group of Experts on Privacy) that notice of changes to a data controller’s privacy policy be issued.

• Choice and Consent: The principle of choice and consent in the 2014 Privacy Bill is similar to the principle in the Report of the Group of Experts on privacy in that it requires that all data subjects be provided with a choice to provide or not to provide personal data and that data subject will have the option of withdrawing consent at any time. Though not a part of the specific principle on ‘choice and consent’ listed in the annex the 2014 Privacy Bill also contains provisions that address mandatory collection of information which require, as recommended by the Report of the Group of Experts, that the information is anonymoized. Furthermore, the 2014 Privacy Bill provides individuals an opt-in or opt-out choice with respect to the provision of personal data.
  
  Different from as recommended in the principle in the Report of the Group of Experts on Privacy, the 2014 Privacy Bill does not specify that in exception cases when it is not possible to provide a service with choice and consent, then choice and consent will not be required.

• Collection Limitation: The principle of collection limitation as recommended in the Report of the Group of Experts on Privacy and the principle of collection limitation in the Annex of the 2014 Privacy Bill are similar in that both require that only data that is necessary to achieve an identified purpose be collected. As recommended in the Report of the Group of Experts on Privacy, the 2014 Privacy Bill also requires that notice be provided prior to collection and content taken.

• Purpose Limitation: Though the principle of Purpose Limitation are similar in the Report of the Group of Experts on Privacy and the 2014 Privacy Bill as they both require personal data to be used only for the purposes for which it was collected and that the data must be destroyed after the purposes have been served, the 2014 Privacy Bill does not specify that information collected by a data controller must be adequate and relevant for the purposes for which they are processed. The 2014 Privacy Bill also incorporates elements from the principle of Purpose Limitation as defined by the Report of the Group of Experts in other parts of the Bill. For example, the 2014 Bill requires that notice be provided to the individual if there is a change in purpose for the use of the personal information, and designates a section on retention of personal data.

• Access and Correction: The principle of Access and Correction in the 2014 Privacy Bill reflects the principle of Access and Correction in the Report of the Group of Experts (though not verbatim). Importantly, the 2014 Privacy Bill incorporates the recommendation from the Report of the Group of Experts on Privacy that prohibits access to personal data if it will affect the privacy rights of another individual.

• Disclosure of Information: The principle of ‘Disclosure of Information’ in the Privacy Bill 2014 is similar to the principle of ‘Disclosure of Information’ as recommended in the Report of the Group of Experts on Privacy (though not verbatim).  As recommended this principle requires that personal data be disclosed to third parties only if informed consent has been taken from the individual and the third party is bound the adhere to all relevant and applicable privacy principles.

• Security: The principle of security in the 2014 Privacy Bill reflects the principle of Security recommended in the Report of the Group of Experts on Privacy and requires that personal data be secured through reasonable security safeguards against unauthorized access, destruction, use, modification, de-anonymization or unauthorized disclosure.

• Openness: The principle of Openness in the 2014 Privacy Protection Bill is similar to the principle of Openness recommended in the Report of the Group of Experts on Privacy in that it requires data controllers to make available to all individuals in an intelligible form, using clear and plain language, the practices, procedures, and policies, and systems that are in place to ensure compliance with the privacy principles. The principle in the 2014 Privacy Bill differs from the recommendation in the Report of the Group of Experts on Privacy in that it does not require data controllers to take necessary steps to implement practices, policies, and procedures in a manner proportional to the scale, scope, and sensitivity to the data they collect.

• Accountability: The principle of Accountability in the 2014 Privacy Bill is similar to the principle of Accountability as recommended in the Report of the Group of Experts as both require that the data controller is accountable for compliance with the national Privacy Principles.

Application to interception and access, video and audio recording, personal identifiers, bodily and genetic material: The Privacy Bill 2014 incorporates the recommendations from the Report of the Group of Experts on Privacy and specifies the way in which the National Privacy Principles will apply to the interception and access of communications, video and audio recording, and personal identifiers. But the 2014 Privacy Bill does not specify the application of the National Privacy Principles to bodily and genetic material (though this information is included in the definition of sensitive personal information).

With respect to the installation and operation of video recording equipment in a public space, the 2014 Privacy Bill requires that video recording equipment may only be used in accordance with a prescribed procedure and for a legitimate purpose that is proportionate to the objective for which it was installed. Furthermore, individuals cannot use video recording equipment for the purpose of identifying an individual, monitoring his personal particulars, or revealing in public his personal information. The provisions in the Bill that speak to storage, processing, retention, security, and disclosure of personal data apply to the installation and use of video recording equipment. As a note the 2014 Privacy Bill carves out an exception for law enforcement and government intelligence agencies in the interest of the sovereignty, integrity, security or the strategic, scientific or economic interest of India.

With respect to the application of the National Privacy Principles to the interception of communications, the 2014 Privacy Bill lays down a regime for the interception of communications and specifies that the principles of notice, choice, consent, access and correction, and openness will apply to the interception of communications when authorised.

With respect to Personal Identifiers, the 2014 Privacy Bill notes that the principles of notice, choice, and consent will not apply to the collection of personal identifiers by the government. Additionally, the government will not be obliged to use any personal identifier only for the limited purpose for which the personal identifier was collected, provided that the use is in conformance with the other National Privacy Principles.

Additional Protection for Sensitive Personal Data

The Report of the Group of Experts on Privacy broadly recommends that sensitive personal data be afforded additional protection and existing definitions of sensitive personal data should be harmonised. The 2014 Privacy Bill incorporates these recommendations by defining sensitive personal data as data relating to physical and mental health including medical history, biometric, bodily or genetic information; criminal convictions;  password, banking credit and financial data; narco analysis or polygraph test data, sexual orientation. The 2014 Privacy Bill also requires authorization from the Data Protection Authority for the collection and processing of sensitive personal data and defines circumstances of when this authorization would not be required including:  collection or processing of such data is authorized by any other law for the time being in force; such data has already been made public as a result of steps taken by the data subject; collection and processing of such data is made in connection with any legal proceedings by an order of the competent court; such data relating to physical or mental health or medical history of an individual is collected and processed by a medical professional, if such collection and processing is necessary for medical care and health of that individual; such data relating to biometrics, bodily or genetic material, physical or mental health, prior criminal convictions or financial credit history is processed by the employer of an individual for the purpose of and in connection with the employment of that individual; such data relating to physical or mental health or medical history is collected an processed by an insurance company, if such processing is necessary for the purpose of and in connection with the insurance policy of that individual; such data relating to criminal conviction, biometrics and genetic is processed and collected by law enforcement agencies; such data regarding credit, banking and financial details of an individual is processed by a specific user under the Credit Information Companies (Regulation) Act, 2005; such data is processed by schools or other education institutions in connection with imparting of education to an individual;  such data is collected or processed by the government Intelligence agencies in the interest of the sovereignty, integrity, security or the strategic, scientific or economic interest of India,  the authority has, by a general or specified order permitted the processing of such data for specific purpose and is limited to the extent of such permission. The 2014 Privacy Bill also prohibits additional transactions from being performed using sensitive personal information unless free consent was obtained for such transaction.

Privacy Officers

The Report of the Group of Experts on Privacy recommends that Privacy Officers be established at the organizational level for overseeing the processing of personal data and compliance with the Act. This recommendation has been incorporated in the 2014 Privacy Bill, which establishes Privacy Officers at the organizational level.

Co-regulatory Framework

The Report of the Group of Experts on Privacy recommends that a system of co-regulation be established, where industry levels self regulatory organizations develop privacy norms, which are in turn approved and enforced by the Privacy Commissioner. The 2014 Privacy Bill puts in place a similar co-regulatory framework where industry level self regulatory organizations can develop norms which will be turned into regulations and enforced by the Data Protection Authority. If a sector does not develop norms, the Data Protection Authority can develop norms for the specific sector.

Recommendations in the Report that are not in the Bill

Scope

The Report of the Group of Experts on Privacy recommends that the scope of any privacy framework extends to all individuals, all data processed in India, and all data originating from India.  The 2014 Privacy Bill differs from these recommendations by extending the right to privacy to all residents of India, while remaining silent on whether or not the scope of the legislation extends to all data processed in India and all data originating in India. Despite this, the 2014 Bill does specify that any organization that processes or deals with data of an Indian resident, but does not have a place of business within India, must establish a ‘representative resident’ in India who will be responsible for compliance with the Act.

Exceptions

The Report of the Group of Experts recommends the following as exceptions to the right to privacy:

1. National security
2. Public order
3. Disclosure in the public interest
4. Prevention, detection, investigation, and prosecution of criminal offenses
5. Protection of the individual and rights and freedoms of others

The Report further clarifies that any exception must be qualified and measured against the principles of proportionality, legality, and necessary in a democratic state.

The Privacy Bill 2014 reflects only the exception of  “protection of the individual rights and freedoms of others”. The exceptions as defined in the 2014 Bill are:

1. Sovereignty, integrity or security of India or
2. Strategic, scientific or economic interest of India; or
3. Preventing incitement to the commission of any offence; or
4. Prevention of public disorder; or
5. The investigation of any crime; or
6. Protection of rights and freedoms others; or
7. Friendly relations with foreign states; or
8. Any other legitimate purpose mentioned in this Act.

Instead of qualifying these exceptions with the principles of proportionality, legality, and necessary in a democratic state – as recommended in the Report of Group of Experts on Privacy, the 2014 Privacy Bill qualifies that any restriction must be adequate and not excessive to the objectives it aims to achieve.

Constitution of Infringement of Privacy

The Report of the Group of Experts on Privacy specifies that the publication of personal data for artistic and journalistic purposes in the public interest, disclosure under the Right to Information Act, 2005, and the use of personal data for household purposes should not constitute an infringement of privacy. In contrast the 2014 Privacy Bill specifies that the processing of personal data by an individual purely for his personal or household use, the disclosure of information under the provisions of the Right to information Act, 2005, and any other action specifically exempted under the Act will not constitute an infringement of privacy.

The Data Protection Authority

The Report of the Group of Experts on Privacy recommends the establishment of Privacy Commissioners (and places emphasis on Privacy Commissioner rather than Data Protection Authority) at the Central and Regional level. The Privacy Commissioner should  be of a rank no lower than a retired Supreme Court Judge at the Central level and a retired High Court Judge at the regional level. The privacy commissioner should have the power to receive and investigate class action complaints and investigative powers of the commissioner should include the power to examine and call for documents, examine witnesses, and take a case to court if necessary. The Commissioner should be able to investigate data controllers on receiving complaints or suo moto, and can order privacy impact assessments. Organizations should not be able to appeal fines levied by the Privacy Commissioner, but individuals can appeal a decision of the Privacy Commissioner to the court. The Commissioner should also have broad oversight with respect to interception/access, audio & video recordings, use of personal identifiers, and the use of bodily or genetic material. The Privacy Commissioner will also have the responsibility of approving codes of conduct developed by the industry level SRO’s.

Differing from the recommendations in the Report of the Group of Experts on Privacy, the 2014 Privacy Bill establishes a Data Protection Authority (as opposed to a Privacy Commissioner) at the Central level. Instead of creating regional Data Protection Authorities, the 2014 Privacy Bill allows for the Central Government to decide where other offices of the Data Protection Authority will be located. Furthermore, the 2014 Privacy Bill does not specify a qualification for the Data Protection Authority and instead establishes a selection committee to choose and appoint a Data Protection Authority. This committee is comprised of a Cabinet Secretary, Secretary to the Department of Personnel and Training, Secretary to the Department of Electronics and Information Technology, and two experts of eminence from relevant fields that will be nominated by the Central Government.

The 2014 Privacy Bill does not specify that fines ordered by the Data Protection Authority will be binding for organizations, but does allow individuals to appeal decisions of the Data Protection Authority to the Appellate Tribunal. Differing from the recommendations in the Report of the Group of Experts on Privacy,  the 2014 Privacy Bill gives the Data Protection Authority the power to call upon any data controller at any time to furnish in writing information or explanation relating to its affairs,  and receive and investigate complaints about alleged violations of privacy of individuals in respect of matters covered under this Act, conduct investigations and issue appropriate orders or directions to the parties concerned. Furthermore, the 2014 Privacy Bill does not specify that the Data Protection Authority will carry out privacy impact assessments, but the Authority can conduct audits of any or all personal data controlled by a data controller, can investigate data breaches, investigate in complaint received, and adjudicate on a dispute arising between data controllers or data subjects and data controllers.  Unlike the recommendations in the Report of the Group of Experts on Privacy, it does not seem that the Data Protection Authority will play an overseeing role with respect to interception, the use of video recording equipment, personal identifiers, and the use of bodily and genetic material.

Tribunal and System of Complaints

Differing from the recommendation in the Report of the Group of Experts on Privacy, which specified that a Tribunal should not be established as under the Information Technology Act as there is the risk that the institutions will not have the capacity to rule on a broad right to privacy, the 2014 Privacy Bill does establish a Tribunal under the Information Technology Act. The Report of the Group of Experts on Privacy also recommended that complaints be taken to the district level, high level, and Supreme Court – whereas the 2014 Privacy Bill allows individuals to appeal decisions from the Tribunal only to a High Court. Similar to the recommendations of the Report of the Group of Experts, the 2014 Privacy Bill has in place Alternative Dispute Resolution mechanisms at the level of the industry self regulatory organization.  The 2014 Privacy Bill also specifies that individuals can seek civil remedies and leaves the issuance of compensation for privacy harm to be from a Court. Unlike the recommendations in the Report of the Group of Experts on Privacy, the 2014 Privacy Bill does not specify that the Data Protection Authority will be able to take a case to the court.

Penalties and Offenses

The Report of the Group of Experts on Privacy did not provide specific recommendations for types of offences and penalties, but did suggest that offenses similar to those spelled out in the UK Data Protection Act and Australian Privacy Act be adopted – namely non-compliance with the privacy principles, unlawful collection, processing, sharing/disclosure, access, and use of personal data, and obstruction of the privacy commissioner. The 2014 Privacy Bill does create offenses for the unlawful collection, processing, sharing/disclosure, access, and use of personal data, but does not create offenses for obstruction of the privacy commissioner or broad non-compliance with the privacy principles.

Conclusion

The Centre for Internet and Society welcomes the similarities between the recommendations in the Report of the Group of Experts on Privacy and the leaked 2014 Privacy Bill, but would recommend that on areas where there are differences, particularly in the scope of the Privacy Bill and the powers and functions of the Data Protection Authority, the 2014 Bill be brought in line with the recommendations from the Report of the Group of Experts on Privacy.

In the upcoming post, we will be comparing the text of the leaked 2014 Privacy Bill to international best practices and standards.

---

References

1. Leaked Privacy Bill: 2014 vs. 2011
2. Report of the Group of Experts on Privacy

Let us take, for the purposes of this post, the following definition:

“The idea that all Internet traffic should be treated equally is known as network neutrality. In other words, no matter who uploads or downloads data, or what kind of data is involved, networks should treat all of those packets in the same manner.”

In other words, put simply, net neutrality in its broadest form requires the extant gatekeepers of the internet – such as, for instance, broadband companies – to accord a form of equal and non-discriminatory treatment to all those who want to access the internet. Examples of possible discrimination – as the quote above illustrates – include, for instance, blocking content or providing differential internet speed (perhaps on the basis of a tiered system of payment for access).

Net neutrality has its proponents and opponents, and I do not have space here to address that dispute. In its broadest and absolutist form, net neutrality is highly controversial (including arguments that existing status quo is not neutral in any genuine sense). I take as given, however, that some form of net neutrality is both an important and a desirable goal. In particular, intentional manipulation of information that is available to internet users – especially for political purposes – is, I assume, an undesirable outcome, as are anti-competitive practices, as well as price-discrimination for the most basic access to the internet (this brief article in the Times of India provides a decent, basic primer on the stakes involved).

An example of net neutrality in practice is the American Federal Communications Commission’s Open Internet Order of 2010, which was the subject of litigation in the recently concluded Verizon v. FCC. The Open Internet order imposed obligations of transparency, no blocking, and no unreasonable discrimination, upon internet service providers. The second and third requirements were vacated by a United States Court of Appeals. The rationale for the Court’s decision was that ISPs could not be equated, in law, to “common carriers”. A common carrier is an entity that offers to transport persons and/or goods in exchange for a fee (for example, shipping companies, or bus companies). A common carrier is licensed to be one, and often, one of the conditions for license is an obligation not to discriminate. That is, the common carrier cannot refuse to carry an individual who is willing and able to pay the requisite fees, in the absence of a compelling reason (for example, if the individual wishes the carrier to transport contraband). Proponents of net neutrality have long called for treating ISPs as common carriers, a proposition – as observed above – was rejected by the Court.

With this background, let us turn to India. In India, internet service providers are both state-owned (BSNL and MTNL), and privately-owned (Airtel, Spectranet, Reliance, Sify etc). Unlike many other countries, however, India has no network-neutrality laws. As this informative article observes:

“The Telecom Regulatory Authority of India (TRAI), in its guidelines for issuing licences for providing Unified Access Service, promotes the principle of non-discrimination but does not enforce it… the Information Technology Act does not provide regulatory provisions relating to Internet access, and does not expressly prohibit an ISP from controlling the Internet to suit their business interests.”

In the absence of either legislation or regulation, there are two options. One, of course, is to invoke the rule of common carriers as a common law rule in court, should an ISP violate the principles of net neutrality. In this post (and the next), however, I would like to analyze net neutrality within a constitutional framework – in particular, within the framework of the constitutional guarantee of freedom of speech and expression.

In order to do so, two questions become important, and I shall address them in turn. First, given that most of the ISPs are privately owned, how does the Constitution even come into the picture? Our fundamental rights are enforceable vertically, that is, between individuals and the State, and not horizontally – that is, between two individuals, or two private parties. Where the Constitution intends to depart from this principle (for instance, Article 15(2)), it specifically and expressly states so. As far as Article 19 and the fundamental freedoms are concerned, however, it is clear that they do not admit of horizontal application.

Yet what, precisely, are we to understand by the term “State”? Consider Article 12:

“In this part, unless the context otherwise requires, the State includes the Government and Parliament of India and the Government and the Legislature of each of the States and all local or other authorities within the territory of India or under the control of the Government of India.”

The key question is what, precisely, falls within the meaning of “other authorities”. The paradigmatic example – and this is something Ambedkar had in mind, as is evidenced by the Constituent Assembly Debates – is the statutory corporation – i.e., a company established under a statute. There are, however, more difficult cases, for instance, public-private partnerships of varying types. For the last fifty years, the Supreme Court has struggled with the issue of defining “other authorities” for the purposes of Part III of the Constitution, with the pendulum swinging wildly at times. In the case of Pradeep Kumar Biswas v. Indian Institute of Chemical Biology, a 2002 judgment by a Constitution bench, the Court settled upon the following definition:

“The question in each case would be whether in the light of the cumulative facts as established, the body is financially, functionally and administratively dominated by or under the control of the Government. Such control must be particular to the body in question and must be pervasive. If this is found then the body is a State within Article 12. On the other hand, when the control is merely regulatory whether under statute or otherwise, it would not serve to make the body a State.”

Very obviously, this dooms the ISP argument. There is no way to argue that ISPs are under the pervasive financial, functional and administrative domination or control of the State. If we step back for a moment, though, the Pradeep Kumar Biswas test seems to be radically under-inclusive. Consider the following hypothetical: tomorrow, the government decides to privatize the nation’s water supply to private company X. Company X is the sole distributor of water in the country. On gaining control, it decides to cut off the water supply to all households populated by members of a certain religion. There seems something deeply wrong in the argument that there is no remedy under discrimination law against the conduct of the company.

The argument could take two forms. One could argue that there is a certain minimum baseline of State functions (ensuring reasonable access to public utilities, overall maintenance of communications, defence and so on). The baseline may vary depending on your personal political philosophy (education? Health? Infrastructure?), but within the baseline, as established, if a private entity performs a State function, it is assimilated to the State. One could also argue, however, that even if Part III isn’t directly applicable, certain functions are of a public nature, and attract public law obligations that are identical in content to fundamental rights obligations under Part III, although their source is not Part III.

To unpack this idea, consider Justice Mohan’s concurring opinion in Unnikrishnan v. State of Andhra Pradesh, a case that involved the constitutionality of high capitation fees charged by private educational institutions. One of the arguments raised against the educational institutions turned upon the applicability of Article 14’s guarantee of equality. The bench avoided the issue of whether Article 14 directly applied to private educational institutions by framing the issue as a question of the constitutionality of the legislation that regulated capitation fees. Justice Mohan, however, observed:

“What is the nature of functions discharged by these institutions? They discharge a public duty. If a student desires to acquire a degree, for example, in medicine, he will have to route through a medical college. These medical colleges are the instruments to attain the qualification. If, therefore, what is discharged by the educational institution, is a public duty that requires… [it to] act fairly. In such a case, it will be subject to Article 14.”

In light of Pradeep Kumar Biswas, it is obviously difficult to hold the direct application of the Constitution to private entities. We can take Justice Mohan, however, to be making a slightly different point: performing what are quintessentially public duties attract certain obligations that circumscribe the otherwise free action of private entities. The nature of the obligation itself depends upon the nature of the public act. Education, it would seem, is an activity that is characterized by open and non-discriminatory access. Consequently, even private educational institutions are required to abide by the norms of fairness articulated by Article 14, even though they may not, as a matter of constitutional law, be held in violation of the Article 14 that is found in the constitutional text. Again, the content of the obligation is the same, but its source (the constitutional text, as opposed to norms of public law) is different.

We have therefore established that in certain cases, it is possible to subject private entities performing public functions to constitutional norms without bringing them under Article 12’s definition of the State, and without the need for an enacted statute, or a set of regulations. In the next post, we shall explore in greater detail what this means, and how it might be relevant to ISPs and net neutrality.

---

Gautam Bhatia — @gautambhatia88 on Twitter — is a graduate of the National Law School of India University (2011), and presently an LLM student at the Yale Law School. He blogs about the Indian Constitution at http://indconlawphil.wordpress.com. Here at CIS, he will be blogging on issues of online freedom of speech and expression.

The article was originally published in GeneWatch (January - April 2014) issue.

---

Why should an organization that focuses on the Internet be invited to such a committee? There are some obvious reasons related to data protection and big data. CIS had previously served on the Justice AP Shah committee that was tasked by the Planning Commission to make recommendations on the draft Privacy Bill in 2012. There are also some less obvious connections, such as academic research into cyborgs wherein the distinction between human and machine/technology is blurred; where an insulin pump makes one realize that the Internet of Things could include the Internet of Body Parts. But for this note I will focus on biometrics - quantifiable data related to individual human characteristics - and their gate-keeping function on the Internet.

The bouquet of biometric options available to technologists is steadily expanding - fingerprint, palm print, face recognition, DNA, iris, retina, scent, typing rhythm, gait, and voice. Biometrics could be used as authentication or identification to ensure security and privacy. However, biometrics are different from other types of authentication and identification factors in three important ways that have implications for human rights in information societies and the Internet.

Firstly, biometrics allow for non-consensual authentication and identification. Newer, more advanced and more expensive biometric technologies usually violate human rights more extensively and intensively than older, more rudimentary and inexpensive biometrics. For example, it is possible to remotely harvest iris information when a person is wide awake without even being aware that their identification or authentication factors have been compromised. It isn't difficult to imagine ways to harvest someone's fingerprints and palm prints without their knowledge, and you cannot prevent a security camera from capturing your gait. You could use specialized software like Tor to surf the World Wide Web anonymously and cover your digital tracks, but it is much harder to leave no trail of DNA material in the real world.

Secondly, biometrics rely on probabilistic matching rather than discrete matching - unlike, for example, a password that you use on a social media platform. In the 2007 draft of India's current Human DNA Profiling Bill, the preamble said "the Deoxyribose Nucleic Acid (DNA) analysis of body substances is a powerful technology that makes it possible to determine whether the source of origin of one body substance is identical to that of another, and further to establish the biological relationship, if any, between two individuals, living or dead, without any doubt." This extract from the bill was quoted in an ongoing court case to use tampered chain of custody for DNA as the means to seek exoneration of the accused. And the scientists on the committee insist that the DNA Data Bank Manager "...shall communicate, for the purposes of the investigation or prosecution in a criminal offence, the following information to a court, tribunal, law enforcement agency ... as to whether the DNA profile received is already contained in the Data Bank" - in other words, a "yes" or "no" answer. This is indeed odd for those who come from the world of Internet policy - especially when one DNA lab worker confidentially shared that after a DNA profile was generated the "standard operating procedure" included checking it against the DNA profile of the lab worker to ensure that there was no contamination during the process of generating the profile. This would not be necessary for older forms of biometrics such as the process of developing a photograph. In other words, chain of custody issues with every generation of biometric technology are getting more and more complex. In the developing world, the disillusioned want to believe that "technology is the solution." The fallibility of technology must determine its evidentiary status.

Finally, biometrics are only machine-scrutable. This means machines and not human beings will determine whether you are guilty or innocent; whether you should get subsidized medicine, grain, or fuel; whether you can connect to the Internet via mobile phone, cybercafe or broadband. DNA evidence is not directly observable by judges and therefore the technology and equipment have to be made increasingly transparent so that ordinary citizens as well as the scientific community can audit their effectiveness. In 2009, the Second District Court of Appeal and Circuit Court in Florida upheld a 2005 ruling requiring CMI Inc, the manufacturer of Intoxilyzer 5000, to release source code, failing which evidence from the breathalyzer would be rendered inadmissible in more than 100 drunk driving cases. If the transparency of machines is important when prosecuting misdemeanors then surely this is something we must advocate for when culpability for serious crimes is determined through DNA evidence and other types of biometric technologies. This could be accomplished by the triad of mandates for free/open source software, open standards and open hardware. This is not necessary for all DNA technology and equipment that is used in the market, but only for a small sub-set of these technologies that impinge on our rights as human beings via law enforcement and the judicial system.

It has been nine years since India started the process of drafting this bill. We hope that the delays will only result in a robust law that upholds human rights, justice and scientific progress.

---

Sunil Abraham is Executive Director of the Centre for Internet and Society, based in Bangalore, India.

This post maps the discussion across the NETmundial submissions and presents six emerging evolution scenarios related to the IANA functions:

1. Separation of IANA from policy/ICANN, control of IANA to a multilateral body
2. Separation of IANA from policy/ICANN, control of IANA to a non-multilateral body
3. No separation of IANA from policy/ICANN, control of IANA to a multilateral body
4. No separation of IANA from policy/ICANN, control of IANA to a non-multilateral body
5. Multiplication of TLD registries and root servers
6. Maintenance of status quo

---

I. Separation of IANA from policy/ICANN, control of IANA to a multilateral body

The proposal under this category demands for the separation of IANA function from technical policy making, and suggests that the IANA function be transferred to an intergovernmental body.

Such proposal is listed below:

Sl.No.	Proposal No.	Name of Proposal	Organization	Sector	Region	Link
1	186	The Next Best Stage for the Future of Internet Governance is Democracy	Global Geneva	Civil Society	Geneva, Switzerland	http://content.netmundial.br/contribution/the-next-best-stage-for-the-future-of-internet-governance-is-democracy/305

This proposal by Global Geneva seeks the establishment of an intergovernmental organisation called World Internet Organisation (WIO), under which IANA (which is understood to be essentially technical and concerning safety and security of the Internet would be located. WIO would additionally have a special link/status/contract with IANA to avoid unwanted interference from governments. A 75% majority at WIO would be requested to act/modify/contest an IANA decision, making it difficult for governments to go beyond reasonable and consensual demands. WIO would act in concert with World Internet Forum, under which ICANN would be located, whereby it would make policy decisions regarding gTLDs apart from its other present functions.

II. Separation of IANA from policy/ICANN, control of IANA to a non-multilateral body

There are certain proposals whereby it is proposed that IANA function should be separated from technical policy making, or ICANN, and IANA function, which is perceived to be a purely administrative one in such submissions, should be handed over to some sort of non-multilateral organisation, which take different forms in each proposal.

Most such submissions have emerged from the civil society or the technical community.

The Internet Governance Project submission envisions the creation of a DNS Authority under whose umbrella IANA would function. The DNS Authority would be separate from ICANN. This proposal has been endorsed by the submissions of InternetNZ as well as Article 19 and Best Bits. Avri Doria’s submission, along with the submission of APC, envisions the establishment of an independent IANA, separate from the technical policy function. Such independence is sought to be preceded by a transition period by a body called IANA Stewardship Group which would be constituted mostly by members from the technical community. IANA is sought to be governed via MoUs with all stakeholders, on the same lines as the MoU between ICANN and the IETF, as described in RFC2860, RFC6220. The focus of these MoUs would not be policy but will be on performance and adherence to service level agreements.

These submissions are listed below:

Sl. No.	Proposal No.	Name of Proposal	Organisation	Sector	Region	Link
1	19	Roadmap for Globalising IANA: Four Principles and a Proposal for Reform	Internet Governance Project	Civil Society	North America	http://content.netmundial.br/contribution/roadmap-for-globalizing-iana-four-principles-and-a-proposal-for-reform-a-submission-to-the-global-multistakeholder-meeting-on-the-future-of-internet-governance/96
2	26	Roadmap for the Further Evolution of the Internet Governance Ecosystem- ICANN	Article 19 and Best Bits	Civil Society	Global	http://content.netmundial.br/contribution/roadmap-for-the-further-evolution-of-the-internet-governance-ecosystem-icann/109
3	42	Content Contribution to NetMundial on the Roadmap for the Futher Evolution of the IG Ecosystem regarding the Internationalisation of the IANA Function	InternetNZ	Technical Community	New Zealand	http://content.netmundial.br/contribution/content-contribution-to-netmundial-on-the-roadmap-for-the-futher-evolution-of-the-ig-ecosystem-regarding-the-internationalisation-of-the-iana-function/130
4	60	One Possible Roadmap for IANA Evolution	Avri Doria, Independent Researcher	Other	USA	http://content.netmundial.br/contribution/one-possible-roadmap-for-iana-evolution/153
5	162	APC Proposals for the Further Evolution of the Internet Governance Ecosystem	Association for Progressive Communications (APC)	Civil Society	APC is an international organisation with its executive director's office in South Africa	http://content.netmundial.br/contribution/apc-proposals-for-the-further-evolution-of-the-internet-governance-ecosystem/280

III. No separation of IANA from policy/ICANN, control of IANA to a multilateral body

These submissions propose that the IANA function should come under a multilateral body. However they do not suggest the separation of IANA function from policymaking, or from ICANN; or they are at least silent on this latter issue. 2 such proposals come from the civil society and 2 from the government.

A list of these submissions is provided below:

Sl. No.	Proposal No.	Name of Proposal	Organisation	Sector	Region	Link
1	8	Roadmaps for Further Evolution of Internet Governance	Association for Proper Internet Governance	Civil Society	Switzerland	http://content.netmundial.br/contribution/roadmaps-for-further-evolution-of-internet-governance/65
2	45	Russian Parliament Submission to NET mundial	State Duma of the Russian Federation (Parliament of the Russia)	Government	Russian Federation	http://content.netmundial.br/contribution/themes/133
3	121	Contribution from the Islamic Republic of Iran to the Global Multiskaeholder (sic) Meeting for the Future of the Internet, 23-24 April 2014 Sao Paulo, Brazil	Cyber Space National Center, Iran	Government	Islamic Republic of Iran	http://content.netmundial.br/contribution/contribution-from-the-islamic-republic-of-iran-to-the-global-multiskaeholder-meeting-for-the-future-of-the-internet-23-24-april-2014-sao-paolo-brazil/236
4	125	Towards Reform of Global Internet Governance	The Society for Knowledge Commons	Civil Society	India and Brazil	http://content.netmundial.br/contribution/towards-reform-of-global-internet-governance/240

IV. No separation of IANA from policy/ICANN, control of IANA to a non-multilateral body

These submissions do not consider the issue of separation of IANA function from policymaking, or ICANN, or at least do not state an opinion on the separation of IANA function from ICANN. However, they do suggest that the control of IANA should be held by a non-multilateral body, and not the US Government.

Many of these submissions also suggest that the oversight of ICANN should be done by a non-multilateral body, therefore it makes sense that the IANA function is administered by a non-multilateral body, without its removal from the ICANN umbrella.

A list of such submissions is provided below:

Sl.No.	Proposal No.	Name of Proposal	Organisation	Sector	Region	Link
1	46	Norwegian Contribution to the Sao Paulo Meeting	Norwegian government	Government	Norway, Europe	http://content.netmundial.br/contribution/norwegian-government/137
2	50	Contribution from the GSM Association to the Global Multistakeholder Meeting on the Future of Internet Governance	GSMA	Private Sector	Global	http://content.netmundial.br/contribution/contribution-from-the-gsm-association-to-the-global-multistakeholder-meeting-on-the-future-of-internet-governance/141
3	51	Contribution of Telefonica to NETmundial	Telefonica, S.A.	Private Sector	Spain	http://content.netmundial.br/contribution/contribution-of-telefonica-to-netmundial/143
4	56	ETNO Contribution to NETmundial	ETNO [European Telecommunications Network Operators' Association]	Private Sector	Belgium	http://content.netmundial.br/contribution/etno-contribution-to-netmundial/148
5	61	French Government Submission to NETmundial	French Ministry of Foreign Affairs	Government	France	http://content.netmundial.br/contribution/french-government-submission-to-netmundial/154
6	63	Nominet Submission on Internet Governance Principles and the Roadmap	Nominet	Private Sector	UK	http://content.netmundial.br/contribution/nominet-submission-on-internet-governance-principles-and-the-roadmap/156
7	64	Submission by AHCIET to the Global Multistakeholder Meeting on the Future of Internet Governance. NETmundial	AHCIET	Private Sector	Latin America	http://content.netmundial.br/contribution/submission-by-ahciet-to-the-global-multistakeholder-meeting-on-the-future-of-internet-governance-netmundial/157
8	70	Spanish Government Contribution to the Global Multi-stakeholder Meeting on the Future of Internet Governance	Ministry of Industry, Energy and Tourism, Spain	Government	Spain	http://content.netmundial.br/contribution/multistakeholder-human-rights-stability-gac/165
9	80	Roadmap for the Further Evolution of the Internet Governance Ecosystem	European Commission	Government	Europe	http://content.netmundial.br/contribution/roadmap-for-the-further-evolution-of-the-internet-governance-ecosystem/177
10	94	Roadmap for the Future Development of the Internet Governance Ecosystem	Ministry of Foreign Affairs of Argentina	Government	Argentina	http://content.netmundial.br/contribution/roadmap-for-the-future-development-of-the-internet-governance-ecosystem/196
11	97	Orange Contribution for NETmundial	Orange Group	Private Sector	Deputy to the Chief Regulatory Officer Orange Group	http://content.netmundial.br/contribution/orange/199
12	106	Submission on Internet Governance Principles and Roadmap for the Further Evolution of the Internet Governance Ecosystem	Kuwait Information Technology Society	Civil Society	Kuwait	http://content.netmundial.br/contribution/kuwait-information-technology-society-kits-submission-on-internet-governance-principles-and-roadmap-for-the-further-evolution-of-the-internet-governance-ecosystem/214
13	111	Content Submission by the Federal Government of Mexico	Secretara de Comunicaciones y Transportes, Mexico	Government	Mexico	http://content.netmundial.br/contribution/content-submission-by-the-federal-government-of-mexico/219
14	114	Better Understanding and Co-operation for Internet Governance Principles and Its Roadmap	Japan Internet Service Providers Association	Private Sector	Japan	http://content.netmundial.br/contribution/better-understanding-cooperation-for-internet-governance-principles-its-roadmap/222
15	116	Deutsche Telekom’s Contribution for to the Global Multistakeholder Meeting on the Future of Internet Governance	Deutsche Telekom AG	Private Sector	Germany / Europe	http://content.netmundial.br/contribution/deutsche-telekom-s-contribution-for-to-the-global-multistakeholder-meeting-on-the-future-of-internet-governance/225
16	148	NRO Contribution to NETmundial	NRO (for AFRINIC, APNIC, ARIN, LACNIC, RIPE-NCC)	Technical Community	Mauritius	http://content.netmundial.br/contribution/nro-contribution-to-netmundial/259
17	146	Evolution and Internationalisation of ICANN	CGI.br- Brazilian Internet Steering Committee	Other	Brazil	http://content.netmundial.br/contribution/evolution-and-internationalization-of-icann/263
18	176	Addressing Three Prominent “How To” Questions on the Internet Governance Ecosystem Future	Luis Magalhes, Professor at IST of University of Lisbon, Portugal; Panelist of ICANN’s Strategy Panel on the Role in the Internet Governance System	Academia	Portugal	http://content.netmundial.br/contribution/addressing-three-prominent-how-to-questions-on-the-internet-governance-ecosystem-future/294
19	183	NETmundial Content Submission- endorsed by NIC Mexico	NIC Mexico	Technical Community	Mexico	http://content.netmundial.br/contribution/netmundial-content-submission-endorsed-by-nic-mexico/302

V. Multiplication of TLD registries and Root Servers

These submissions are based on the assumption that reform in the current ICANN/IANA administrative structure is impossible as the US government is unlikely to give up its oversight role over both. Instead, these submissions suggest that multiple TLD registries and root servers should be created as alternatives to today’s IANA/ICANN so that a healthy market competition can be fostered in this area, rather than fostering monopoly of IANA.

A list of such submissions is provided below:

Sl.No.	Proposal No.	Name of Proposal	Organisation	Sector	Region	Link
1	41	Internet Governance: What Next?	EUROLINC	Civil Society	France, Europe	http://content.netmundial.br/contribution/internet-governance-what-next/129
2	175	The Intergovernance of the InterPLUS	INTLNET	Civil Society	France	http://content.netmundial.br/contribution/the-intergovernance-of-the-interplus/293

VI. Maintenance of status quo

These submissions are based on the “if it ain’t broke, don’t fix it” principle, and are of the opinion that there is no need to change the administration of IANA function as it functions efficiently in the current system.

A list of such submissions is provided below:

Sl.No.	Proposal No.	Name of Proposal	Organisation	Sector	Region	Link
1	12	United Kingdom Government Submission	Department For Culture Media and Sport, United Kingdom Government	Government	Government	http://content.netmundial.br/contribution/united-kingdom-government-submission/79
2	133	Perspectives from the Domain Name Association	Domain Name Association	Private Sector	Private Sector	http://content.netmundial.br/contribution/perspectives-from-the-domain-name-association/249

---

Read more on ICANN/IANA: Role and Structural Considerations (PDF Document, 1215 Kb)

This post analyses the contributions of the academic community to draw out broad agreements and divergences concerning Internet governance principles.

I. Introduction

In two days, a large measure of the global Internet community – governments, the private sector, civil society, technical community and academia – gather in São Paulo, Brazil, for the Global Multi-stakeholder Meeting on the Future of Internet Governance. The NETmundial (April 23-24, 2014), touted as the World Cup of Internet governance, is a global conference convened and supported by the Brazilian president, Dilma Rousseff, and organized by the Brazilian Internet Steering Committee (CGI.br) and /1Net, a forum comprising various stakeholders involved and interested in Internet governance. It hopes, importantly, “to establish strategic guidelines related to the use and development of the Internet in the world”. To this end, it sought open-ended Contributions from interested stakeholders on the topics, “Set of Internet governance principles” and “Roadmaps for the further evolution of the Internet governance system”. The agenda for NETmundial may be found here.

To fully utilize the 2 short days available, knowledge of the stakeholder positions, especially their broad agreements and divergences on the two topics, is of immense help. Through a series of posts, I analyse the contributions to NETmundial on the question of Internet governance principles, seeking to dig deep into definitions and interpretations of suggested principles, such as management of Critical Internet Resources (such as the Domain Name System), human rights including freedom of expression and privacy, cyber-security, inclusiveness and participation in Internet governance, etc. In separate posts, I shall analyse contributions of each sector (governments, the private sector, civil society, technical community, academia and ‘Other’) and finally, present an overall analysis of the contributions pitted against the Draft Outcome Document, which is presently under discussion.

II. The Contributions

The NETmundial has received 187 contributions from 46 countries. Sector break-ups are given below:

Sector	Number of Contributions (187)
Academia	20
Governments	28
Private Sector	43
Civil Society	61
Technical Community	16
‘Other’ (such as UNESCO, the European Commission, etc.)	19

A quick look at the contributors indicates that contributions are primarily from North America, Europe, South and East Asia, and South America. No or very few contributions were made from large parts of Africa and South East Asia, Central and West Asia, Eastern Europe and Western South America. We present a graphical representation of contributing countries here.

Of the contributions, stakeholders from various sectors contributed to the two topics listed above in the following manner:

Sector	Set of Internet Governance Principles	Roadmaps for Further Evolution of the Internet Governance System	Combined: Internet Governance Principles & Roadmaps
Academia	7	7	6
Government	7	4	17
Private Sector	11	3	29
Civil Society	25	21	15
Technical Community	8	5	3
‘Other’	7	4	8

Despite the above classification, I focus on all 187 contributions for analysis. This is as some contributions expressly set out principles while others do not. Therefore, eliciting and analyzing principles from stakeholder contributions has involved a certain amount of subjective maneuvering. However, such elicitation has been restricted on the following bases:

1. The contribution is externally categorized as falling under either “Set of Internet governance principles” or “Combined – Internet governance principles & Roadmaps”.
2. Internally, the document places principles under rubrics of ‘Internet governance principles’.
3. Internally, the document makes references to Internet governance principles before setting out (without rubrics) principles.

With this caveat, I go on to discuss the NETmundial contributions from the academic community to Internet governance principles.

Part I: Academia

Of the academic contributions, the main contributors are Africa (Kenya – 1, Sudan – 3), Europe (Germany – 1, Poland – 1, Portugal – 1, Russia – 2, Ukraine – 1), South America (Argentina – 1, Brazil – 3) and the United States (8). No Asian country has made an academic contribution, and as evident from above, academia is geographically severely under-represented. Furthermore, only 4 out of 20 contributions expressly set out Internet governance principles. These four are:

1. Report of the Experts Meeting on Cyberspace Law
2. Proposed Internet Governance Principles
3. Taking Consent Seriously
4. Internet Governance Principles: Securing the Future of the Internet
   

Semantics aside, certain broad, high-level consensus emerges within the academic community. On substantive principles of governance on the Internet, the greatest support is found for freedom of express and access to information, with 6 contributions emphasizing this. Equally important is Internet universality and non-discriminatory (3 contributions), universal access to the Internet (6). Protection of privacy and permissible levels of surveillance come a close second, with 5 contributions referring to these. Cyber-security (5), respect for human rights (4) and support for net neutrality (3) and cultural and linguistic diversity on the Internet (3) also emerge as issues of concern for the academic community. The UNESCO and academics from Sudan emphasize training and education to use the Internet. Inter-operability (2) and a single, unfragmented Internet (2) also find a place in the academic community’s contributions.

With regard to processual principles for Internet governance, inclusiveness and participation are the most important concerns (5). The academic community asks for an open, transparent and multi-stakeholder Internet governance system (4), calling for international cooperation (2) among governments and other stakeholders. Interestingly, one contribution requires that the role of governments in the multi-stakeholder model be limited to “the facilitation of the participation of their domestic stakeholder communities in Internet governance processes”, while a Brazilian contribution advocates a multilateral model.

While no contribution expressly calls for these principles to underscore global Internet governance, the author believes that a high-level consensus may be gleaned in favour of respect for and protection of human rights, especially freedom of expression, access to information, privacy and protection from unwarranted domestic or extraterritorial surveillance. This is further supported by cyber-security concerns. The call for universal access to the Internet, alongside mention of net neutrality, emphasizes inclusiveness and non-discrimination. Processually as well, inclusiveness and participation (including equal participation) of all stakeholders finds the largest support, reflected in the calls for multi-stakeholder models of Internet governance.

No glaring divergences exist with regard to human rights or principles of governance on the Internet. The only major divergence amongst academia is the call for multilateral or multi-stakeholder models of Internet governance. While a majority of the contributions call for multi-stakeholder models, the Brazilian contribution (linked above) calls for “Open, multilateral and democratic governance, carried out with transparency by stimulating collective creativity and the participation of society, Governments and the private sector”, while at the same time supporting a “real multi-stakeholder governance model for the Internet based on the full involvement of all relevant actors and organizations”. Indeed, even this divergence is marked by a common emphasis on open, transparent and inclusive participation in Internet governance.

---

These documents were obtained from the websites of the respective banks, and wherever they were lacking, from the branches of the banks themselves. Attempts were made to obtain any information required for the project that was not available on the website or in the forms from the officers of the respective banks.

The State Banks of India (hereinafter ‘SBI’), Central Bank of India (hereinafter ‘CBI’), ICICI Bank (hereinafter ‘ICICI’), IndusInd Bank (hereinafter ‘IndusInd’) and Standard Chartered Bank (hereinafter ‘SCB’) are the banks chosen for this project. As mentioned, these banks have been chosen to ensure a diverse sample pool. SBI is an Indian public multinational bank, CBI is an Indian public bank and it is not multinational, ICICI is an Indian private and multinational bank, IndusInd is an Indian private bank which isn’t multinational, and SCB is a British bank operating in India.

The forms and other documents of each of the banks have been compared against a template of twenty nine questions created from the nine principles given in Justice A.P. Shah Group of Experts’ Report on Privacy.

The two services provided by these banks that have been analysed are Opening an Account and Taking out a Personal Loan. This comparison has been done keeping in mind the obligations of the banks under the Master Circular and the KYC Norms detailed in it, Code of Conduct, and the Rules under Section 43A of the IT Act. Attempts have been made to clarify the basis of the response as much as possible. An analysis of the obligations of the banks is present below, along with an explanation of the relevance of various parts of the two services that are analysed.

---

Click to download:

1. Banking Policy Guide
2. Banking Practices

Image above: Comparing Absolute Appearance of Fifty Most Frequent Words

Image above: Comparing Relative Appearance of Fifty Most Frequent Words

Created by Sumandro using R. Download the R code. Download the data.

These heatmaps compare the appearance of fifty most frequently appearing words (for all 187 contributions) across the contributions made by different types of organisation. Click on them to see the larger images. Hit *escape* to come back to this page. The first heatmap shows the absolute appearance of the words -- that is the total number of times each word appears in contributions by a type of organisation. The second heatmap shows the relative appearance of the words -- that is the ratio of the word's appearance in contribution by a type of organisation divided by total number of contributions by that type of organisation.

---

The Centre for Internet and Society, Bangalore, India, is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness, and engages in academic research on digital natives and digital humanities. The analysis was done by Geetha Hariharan, Jyoti Pandey, and Sumandro Chattapadhyay, with data entry support from Chandrasekhar.

Created by Sumandro using Google Charts. Google Terms of Use and Data Policy. Download the data.

This treemap chart divides up contributions submitted to NETmundial 2014 into their countries of origin, which are also clustered into regional divisions. The size of the rectangles indicate the total number of submissions from the respective region/country. Right click on the regions to see the division of submissions from the countries within that region. Left click to go back. Certain submissions have been contributed by global organisations, such as Internet Society, ICANN and Commonwealth agencies. These submissions have been included in the 'Global' division in the above chart. Also, Russia has been included within Europe, and China has been included within East Asia.

---

The Centre for Internet and Society, Bangalore, India, is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness, and engages in academic research on digital natives and digital humanities.

The visualisations are done by Sumandro Chattapadhyay, based on data compilation and analysis by Jyoti Pandey, and with data entry suport from Chandrasekhar.

All code, content and data is co-owned by the author(s) and Centre for Internet and Society, Bangalore, India, and shared under Creative Commons Attribution-ShareAlike 2.5 India license.

Created by Sumandro using Google Charts. Google Terms of Use and Data Policy. Download the data.

This Sankey diagram shows all the countries/regions from where contributions have come in on the left side, and all the various types of organisations on the right side. Use the mouse cursor to hover over a country to see what proportion of the submissions from that country has come from which type of organisation, or hover over an organisation type to see what proportion of submission from such organisations have come in from which countries. The height of the blue bars next to the country/region names and organisation types indicate at the respective proportions among all the contributions. Certain submissions have been contributed by global organisations, such as Internet Society, ICANN and Commonwealth agencies. These submissions have been included in the 'Global' division in the above chart.

---

The Centre for Internet and Society, Bangalore, India, is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness, and engages in academic research on digital natives and digital humanities.

The visualisations are done by Sumandro Chattapadhyay, based on data compilation and analysis by Jyoti Pandey, and with data entry suport from Chandrasekhar.

Created by Sumandro using Datamaps.

The map shows (in *green*) all the countries from where no contributions (by any kinds of organisation) have been submitted to NETmundial. Countries appearing in *white* are those from where contributions have been submitted. Organisations that have indicated (in their submitted contribution) that they are either 'global' or 'international' organisations with headquarter in a specific country(ies), or a coalition of several organisations from different countries, have not been considered while making the above map. Such organisations (not considered while making this map) include African ICT/IG Stakeholders, Association for Progressive Communications, Best Bits, Just Net Coalition, OECD, etc. To see the map of all the countries from where the respective governments have not submitted any contributions to NETmundial, click here.

---

The Centre for Internet and Society, Bangalore, India, is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness, and engages in academic research on digital natives and digital humanities.

The visualisations are done by Sumandro Chattapadhyay, based on data compilation and analysis by Jyoti Pandey, and with data entry suport from Chandrasekhar.

Built on Bootstrap by Sumandro

All code, content and data is co-owned by the author(s) and Centre for Internet and Society, Bangalore, India, and shared under Creative Commons Attribution-ShareAlike 2.5 India license.

Created by Sumandro using Datamaps.

The map shows (in *green*) all the countries from where no government agency has submitted any contribution to NETmundial. Governments of the countries appearing in *white* have contributed to the NETmundial process. Inter-governmental and international bodies that have submitted contributions to NETmundial -- such as OECD and UNESCO -- have not been considered while creating the above map. To see the map of all the countries from where there have been no contributions (by any kinds of organisation) to NETmundial, click here.

---

The Centre for Internet and Society, Bangalore, India, is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness, and engages in academic research on digital natives and digital humanities.

The visualisations are done by Sumandro Chattapadhyay, based on data compilation and analysis by Jyoti Panday, and with data entry support from Chandrasekhar.

Built on Bootstrap by Sumandro.

All code, content and data is co-owned by the author(s) and Centre for Internet and Society, Bangalore, India, and shared under Creative Commons Attribution-ShareAlike 2.5 India license.

---

---

Created by Sumandro using R. Download the R code. Download the data.

These word clouds show the hundred most frequently appearing words in the aggregated contribution text of each type of organisations. The size of the words in these diagrams refer to their frequency of appearance. A larger size refers to higher frequency of appearance. The colour of the words have been differentiated to group the words according to their freuqency of appearance. The color hierarchy is as follows: Green, Pink, Blue, Red. While creating these word clouds, certain common English words (like, 'the' and 'and') and obvious words for the contributions (like, 'internet' and 'governance') have been ommitted. The full list of ommitted words have been documented in the R code used to generate the diagrams.

Built on Bootstrap by Sumandro.

All code, content and data is co-owned by the author(s) and Centre for Internet and Society, Bangalore, India, and shared under Creative Commons Attribution-ShareAlike 2.5 India license.

The issue of how to ensure the legitimacy and accountability of ICANN is a concern which finds voice in many of the proposals. Generally speaking, the issue of representation, and legitimacy of ICANN members is a point which all proposals regarding ICANN accountability consider. The issue of funding also came up in several of the submissions. The Brazilian Internet Steering Committee, Joint Contribution of Civil Society from Latin America, submissions from University of Gezira in Sudan and NIC Mexico, called for increased funding for participation of stakeholders from developing countries in ICANN and other multistakeholder meetings. The Government of Austria expressed concern over dwindling funding of IGF and called for improvement of the same. In this scenario of crunched funds, submissions by Article 19 and BestBits as well as Net Coalition proposed the use of a percentage of ICANN’s gTLD revenues to fund inclusive participation in the multistakeholder process.

Apart from these concerns, submissions to NetMundial '14 also raised a myriad of different issues around the functioning of ICANN. Nevertheless, four broad stands can be gleaned from the issue of accountability of ICANN. These are as follows:

I. Submissions which suggest that oversight over ICANN should end, and ICANN accountability should be internalised.

8 submissions to the NetMundial 2014 were of the opinion that ICANN should become an independent body with no oversight exercised by any other body on it. In other words, these proposals opposed the replacement of current US government oversight on ICANN, by oversight through any other body. In such a case, accountability of ICANN was sought to be ensured through strengthening multistakeholderism and reform within the ICANN structure.

Most of these submissions came from the civil society (4) or the technical community (2); 1 from Panel on Global Internet Cooperation and Governance Mechanisms, which identifies as “other”, and 1 from the Government of France. 3 of these proposals represent a global community, 2 come from North America or USA, 1 from France, 1 from New Zealand and 1 from the Democratic Republic of Congo.

The ICANN model proposed in the submission from Internet Governance Project (IGP), from the North American civil society, found support among other contributors in this category. The proposal was based on the principle that oversight of ICANN must not be internationalised but ended. The rationale behind such proposal was that giving additional stakeholders besides the NTIA a say in IANA function and ICANN oversight will only politicise ICANN and make it a subject of possible geopolitical power struggles by governments, ultimately ignoring the interests of internet users all over the world. While calling for an end to ICANN oversight through any or all government agencies, the proposal also called for the strengthening of multistakeholderism within ICANN. This proposal was explicitly supported by InternetNZ, from the New Zealand technical community, in its proposal, as well as to quite an extent by Article 19 and BestBits, from the global civil society, in their proposal.

IGP’s submission also suggested whittling down of ICANN’s powers in order to separate management of IANA functions from ICANN’s present mandate. This is a point where the submissions in this category diverge. Submissions from IGP with Article 19 and BestBits, Association for Progressive Communications (APC) from the civil society and InternetNZ and Avri Doria, from the technical community, recommended the separation of IANA functions from the ICANN. The French Government submission, on the other hand, did not envisage separation of management IANA function from ICANN, but rather the internalisation of the former within the latter, even as proposing an independent and multistakeholder structure for ICANN with suitable accountability mechanisms for all stakeholders.

The submission from Article 19 and BestBits, in fact, suggested further narrowing of ICANN’s mandate by explicitly including a clause in its bylaws to prevent it from engaging in content regulation or conduct that could violate freedom of expression or privacy on the internet, including technical policy making involving trademarks and intellectual property. Such suggestions were made based on the fear that, if unregulated, ICANN might increasingly make its foray into public policy issues like content regulation, as happened in the .xxx controversy. Consequently, the submission from Article 19 and BestBits also suggested that ICANN’s bylaws include a provision whereby private parties can legally challenge ICANN’s actions on grounds of human rights violations before local courts or arbitration tribunals.

This approval for local dispute resolution when the submission agrees with the suitability of Californian law for ICANN incorporation is, however, likely to cause consternation amongst non-American stakeholders. While the submission is not averse to the idea of ICANN expanding its reach globally through creation of subsidiaries (preferably in western Europe), it also takes a firm stand on ICANN not moving its headquarters out of the US. The advantages of such status quo are seen in stability of current agreements with registrars etc., but the idea of ICANN being ultimately subject to Californian law and its courts is unlikely to go down well with other global stakeholders.

One concern found across board, but more explicitly in submissions of Article 19 and BestBits and Avri Doria was the strengthening of ICANN board by making it more representative and accountable through mechanisms of internal accountability like the ATRT2 Transparency and Accountability Review process. Avri Doria of USA, in her submission suggested, the improvement of accountability mechanisms in ICANN by supplementing the ATRT process with a strong appeals mechanism, as found in IETF, for accountability process and results with powers to remove officers from their roles if they do not fulfil their responsibilities. Strengthening of GAC within ICANN by making it more participatory and representative is another concern which is highlighted.

II. Submissions which suggest that oversight of ICANN should be transferred to a multilateral or intergovernmental body

A second, small category of 4 submissions argued that the oversight function of the ICANN should be transferred from the present unilateral U.S. government (NTIA) oversight, to oversight by all countries. This was suggested to counter the power imbalance exercised by one country over critical internet infrastructure, over others, by sharing oversight of ICANN with all others.

In their details, submissions in this category can be vague. While some of them envisioned transfer of ICANN control by the US Government to an intergovernmental body like the ITU, others do not specify the details of the transfer, but merely mention that ICANN oversight should be multilateral in nature. Submissions from CIPIT, part of the Kenyan academia and The Society for Knowledge Commons, civil society stakeholder covering India and Brazil, mentioned that the oversight of technical policy functions should be “multilateral” in nature, while the submission by the Government of Iran called for restructuring ICANN as an “international” organisation.

The submission by Swiss civil society organisation, Association for Proper Internet Governance, referred to the response by the Syrian representative in ITU to RFC sought by the US Department of Commerce, to bring ICANN in the aegis of ITU by signing of a MoU between the two entities, as far as technical policy decisions (eg. development of policies relating to operation of root servers and those relating to operation and administration of gTLDs and ccTLDs) are concerned. Such a proposal was found necessary in light of the non-binding advisory nature of GAC in ICANN, especially when technical policy decisions by ICANN have public policy implications. In such a scenario, the submission dubs it “strange” to relegate government to a subsidiary role within ICANN and “unusual (to say the least)” for governments to constitute a sub-committee of the board of a private company like ICANN. Consequently, the MoU between ITU and ICANN is sought to make GAC a group within ITU so as to strengthen its legitimacy and accountability.

III. Submissions which suggest that oversight of ICANN should be transferred to another body not intergovernmental in nature.

10 submissions suggested the transfer of ICANN oversight to a non-intergovernmental or multilateral body. 2 of these proposals came from governments and 1 from the Brazilian Internet Steering Committee, which identifies as “other”, 3 from the private sector, 2 from civil society and 1 from technical community and academia each. Most of these proposals come from European stakeholders (5), 1 each from Brazil and Argentina, 1 from India, 1 from Nigeria, and 1 from the global civil society group, Just Net Coalition.

Like the last category, these submissions also expressed their dissatisfaction with the unilateral US Government oversight of ICANN, but suggested replacing it with a non-multilateral body. Details of the composition of such bodies vary. Some called for replacement by a technical body, other envision a wholly newly created multistakeholder body, yet others called for signing of the present ICANN AoC with US Government, by a number of stakeholders, which would not include just governments.

One such submission came from Portuguese academic, Luis Magalhaes, which called for the signature of ICANN AoCs with all the stakeholders in internet governance, thus effectively replacing oversight by NTIA to oversight by all stakeholders. This submission also expressed concern over the incorporation of ICANN under Californian law, and suggests that ICANN should be regulated in an international law framework, though without relinquishing its control to merely governments. Submission by the private sector stakeholder Orange Group also looked to expand the AoC of ICANN to include within it, the “ICANN community and stakeholders including Governments represented through the GAC.”

Private sector stakeholder from the UK, Nominet, similarly, called for wider engagement in the ICANN AoC and ensuring wider engagement for transparency and accountability in the AoC process. It also called to end ambiguity about the legal jurisdiction for ICANN, while including and strengthening ITU and IGF in the internet governance ecosystem. Submission by private player, Data Security Council of India, while endorsing “a multistakeholder model with defined roles of relevant stakeholders” was vaguer about the model it sought for ICANN. But it called for nomination of stakeholders by Governments rather than ICANN selecting them without transparency.

The Austrian Government submission, on the other hand, was more ambiguous. It envisaged the extension of AoCs regarding ICANN and IANA while ensuring “the full participation of all stakeholders, from both developed and developing countries, within their respective roles and responsibilities.” In its submission, the Government of Argentina sought to “promote the internationalisation of ICANN through a deep revision of the current structure,” and ensure “active representation from all regions and all actors in the ICANN structure, including representatives of governments on an equal footing,” especially in the structures of ICANN Board, SSAC and GNSO.

The submission by Brazilian Internet Steering Committee similarly, looked to export oversight to entities outside of ICANN in its submission, as long as such entities are recognised as representative of the international public interest. This was suggested with the rationale to avoid a situation where the same organisation is responsible is responsible for policy making as well as its implementation. The Committee also suggested strengthening of ATRT2 process, as well as reform of GNSO and of ALAC so that the latter can have transparent processes for nomination of members, as well as participate in policy development processes in GNSO, along with increased government participation in GNSO. It was also suggested that the number of ICANN Board seats allocated by NomCom should be reduced in order to increase slots for Board members directly elected by the SOs.

Other submissions offered a more detailed view into the composition of the oversight entity recommended to replace NTIA. The submission by global civil society organisation, Just Net Coalition, for example, proposed the formation of a “Internet Technical and Advisory Board” to discharge ICANN oversight function by replacing the present NTIA oversight role. In addition, this board was recommended to advice on public policy perspectives to various technical standards bodies, and thus act as the link between public policy bodies and these standards bodies. The composition of such a board was recommended to consist of people with specialised technical expertise but also with appropriate political legitimacy, ensured via a democratic process. 10-15 members were envisaged in such a board which could include 1 member from each of the Regional Internet Registries (RIRs). 2-3 members from each of the 5 geographic regions as understood in the UN system to be selected through an appropriate process by the relevant technical standards bodies and/or country domain name bodies of all the countries of the respective region were suggested to be part of the board. It was preferred that these members would come from the top recognised technical academic bodies of each country/region, but the entire constitution of the board was left open to other suggestions in Just Net Coalition’s submission.

The technical community stakeholder, Nigeria Internet Registration Association, on the other hand, offered a rather confused proposal for the formation of a “World Internet Governance Organisation (WIGO),”envisaged as “a global organisation with equal participation of the Government, Private sector, Civil Society, Technical Community in a multi-stakeholder consensus building NET-NATIONS.” But while in the beginning the submission suggests a multistakeholder composition of WIGO, seemingly for oversight of ICANN, later the submission sparks the idea that ICANN itself should be changed to WIGO.

Global Geneva’s submission proposed to transfer ICANN oversight to a body called World Internet Forum, which, while part of the UN system, is envisioned as a multistakeholder venue for citizens globally, where constituencies are not governments. ICANN is allowed to pursue technical policy functions like gTLD management under the supervision of WIF, while not encroaching on public policy matters. IANA function is envisaged to be managed separately from the ICANN.

In many of these submissions, like those of Argentinian Government and Brazilian Internet Steering Committee emphasis was also paid on the strengthening of GAC, while taking into consideration stakeholders other than governments.

IV. Submissions which endorse globalisation and multistakeholder governance of ICANN but are vague about the specifics of such governance model

Lastly, there are submissions which call for the globalisation of ICANN and express their dissatisfaction with the U.S. Government oversight of it, while endorsing multistakeholder governance. However, these submissions are also vague about the details of such ICANN globalisation, and the structures in which it will be held accountable.  4 such submissions emerge from governments (Spain, Norway, Mexico and the European Commission), 6 from the private sector, 2 from the technical community, and 2 from the civil society. Europe leads in this category of proposals with 6 of these proposals emerging from there, 2 from Latin America and Mexico each (4 altogether), 1 from Kuwait, 1 from Japan, 1 from the NRO (identifying itself from Mauritius) and 1 from the global GSM Association of mobile operators.

A list of these submissions is provided below.

Sl.No.	Proposal No.	Name of Proposal	Organisation	Sector	Region	Link
	46	Norwegian Contribution to the Sao Paulo Meeting	Norwegian government	Government	Norway, Europe	http://content.netmundial.br/contribution/norwegian-government/137
	50	Contribution from the GSM Association to the Global Multistakeholder Meeting on the Future of Internet Governance	GSMA	Private Sector	Global	http://content.netmundial.br/contribution/contribution-from-the-gsm-association-to-the-global-multistakeholder-meeting-on-the-future-of-internet-governance/141
	51	Contribution of Telefonica to NETmundial	Telefonica, S.A.	Private Sector	Spain	http://content.netmundial.br/contribution/contribution-of-telefonica-to-netmundial/143
	56	ETNO Contribution to NETmundial	ETNO [European Telecommunications Network Operators' Association]	Private Sector	Belgium	http://content.netmundial.br/contribution/etno-contribution-to-netmundial/148
	64	Submission by AHCIET to the Global Multistakeholder Meeting on the Future of Internet Governance. NETmundial	AHCIET	Private Sector	Latin America	http://content.netmundial.br/contribution/submission-by-ahciet-to-the-global-multistakeholder-meeting-on-the-future-of-internet-governance-netmundial/157
	70	Spanish Government Contribution to the Global Multi-stakeholder Meeting on the Future of Internet Governance	Ministry of Industry, Energy and Tourism, Spain	Government	Spain	http://content.netmundial.br/contribution/multistakeholder-human-rights-stability-gac/165
	80	Roadmap for the Further Evolution of the Internet Governance Ecosystem	European Commission	Government	Europe	http://content.netmundial.br/contribution/roadmap-for-the-further-evolution-of-the-internet-governance-ecosystem/177
10.	106	Submission on Internet Governance Principles and Roadmap for the Further Evolution of the Internet Governance Ecosystem	Kuwait Information Technology Society	Civil Society	Kuwait	http://content.netmundial.br/contribution/kuwait-information-technology-society-kits-submission-on-internet-governance-principles-and-roadmap-for-the-further-evolution-of-the-internet-governance-ecosystem/214
	111	Content Submission by the Federal Government of Mexico	Secretara de Comunicaciones y Transportes, Mexico	Government	Mexico	http://content.netmundial.br/contribution/content-submission-by-the-federal-government-of-mexico/219
10.	114	Better Understanding and Co-operation for Internet Governance Principles and Its Roadmap	Japan Internet Service Providers Association	Private Sector	Japan	http://content.netmundial.br/contribution/better-understanding-cooperation-for-internet-governance-principles-its-roadmap/222
11.	116	Deutsche Telekom’s Contribution for to the Global Multistakeholder Meeting on the Future of Internet Governance	Deutsche Telekom AG	Private Sector	Germany/Europe	http://content.netmundial.br/contribution/deutsche-telekom-s-contribution-for-to-the-global-multistakeholder-meeting-on-the-future-of-internet-governance/225
12.	135	Joint Contributions of Civil Society Organisations from Latin America to NetMundial	Group of individuals and Civil Society Organizations from Latin America	Civil Society	Latin America	http://content.netmundial.br/contribution/joint-contributions-of-civil-society-organizations-from-latin-america-to-netmundial/251
13.	143	NRO Contribution to NETmundial	NRO (for AFRINIC, APNIC, ARIN, LACNIC, RIPE-NCC)	Technical Community	Mauritius	http://content.netmundial.br/contribution/nro-contribution-to-netmundial/259
14.	183	NETmundial Content Submission- endorsed by NIC Mexico	NIC Mexico	Technical Community	Mexico	http://content.netmundial.br/contribution/netmundial-content-submission-endorsed-by-nic-mexico/302

***

A previous version of this post performed preliminary analysis of the NETmundial submissions. It may be found here.

Every evening is capped by a music performance, and the opening act was a stand-out two-hour visual extravaganza by Tom Zé, Tropicalia's most avant-garde exponent. Lula (Luiz Inácio Lula da Silva, the previous President of Brazil) was supposed to join us at 7 p.m. today to discuss Marco Civil da Internet - the Brazilian bill for "civil rights" on the Internet - but was a no show.

No matter: Marco Civil was passed into law by the Senate at about 8 p.m. this evening, and President Dilma Rousseff (who reportedly willed this meeting into being) is expected to sign her assent to it tomorrow morning at the opening of NETmundial, which she is scheduled to attend. (While the global press around Marco Civil is unanimously positive and upbeat, it's worth noting that there is one problematic provision — the issue of data retention — that many folks from Brazilian civil society see as a huge loss).

A host of civil society groups spent the day at Arena NETmundial figuring out how to stage a coordinated, detailed and forceful response to what many saw as watered-down text from the NETmundial organisers. (Several corporate representatives and some academics also saw it as watered-down, but from another direction).

There are several puzzling aspects to the shape NETmundial has assumed. What began as a response to the Snowden leaks — the unprecedented scale of the US government sponsored, NSA-executed surveillance — has become a meeting that strangely doesn't have all that much to say about surveillance, perhaps thanks to the various partners roped in to manage the process. There is little that references the bitter SOPA/PIPA battles of two years ago, and not much in the NETmundial outcome document that addresses the manner in which a sovereign state has outrageously sought to export its national application of copyright onto the global Internet landscape. The civil society meeting produced language to address both these situations.

Perhaps the most confounding aspect of this meeting is the manner in which the word "multistakeholder" is thrown about by people of every political stripe. Seemingly, if there is one thing that most everyone, from governments to businesses to civil society activists at NETmundial agree on, it is that multistakeholderism has an essential place in the future of Internet governance.

That being as it is, I asked a bunch of people what their interpretation of the term was, and many agreed to be recorded. Their answers were surprising, to say the least.

This is what they said:

Q: What does "multi-stakeholder" mean? What is "multi-stakeholderism"?

I think multistakeholderism is a kind of democracy, which means, in the public policy area, other than the critical internet resources, usually only governments make public policy. They sometimes consult with other stakeholders, but it is not usually open or transparent and it is very selective. They only choose the experts they like. I think "multistakeholder" is useful in comparison with an inter-governmental or governmental process.

Byoungil Oh from the Korean Progressive Network Jinbonet

Multistakeholderism is a mechanism to ensure that people who are affected or have the potential to be affected by a policy or a technical decision get to have a say in the decision, in the process, or in coming to a decision, so that their rights — the rights of the affected people — are assured. I think there should be some sort of equity, currently the way multistakeholderism is being carried out is that certain stakeholders carry much higher weight and I think that is something that needs to be addressed.

YoungEum Lee from Korea National Open University (Korea)

If multistakeholderism is a form of institutionalising participatory democracy, then it's good. But public policy decision making is only something that the representatives of people can do. For me, that's sacrosanct. When you're taking in views, in consultation, multistakeholderism works. But public policy decision-making, at a global level, has to be a multilateral process. However, it has to be embedded into a huge amount of public consultations, transparencies, accountabilities, etc., which could be a multistakeholder system.

Parminder Jeet Singh from IT for Change (ITFC) (India)

I hate with a passion the concept of multistakeholderism. For me, how it can make sense is by recognising there are multiple stakeholders. And they’re not fixed. But issues affect different people in different ways and these people need to be involved in decision making processes. It's an approach that can potentially democratise processes by identifying who is affected by those processes and making sure they participate in them. But turning them into an -ism which is undifferentiated, which doesn't recognise conflict, power, voice, and that there are differences, makes it meaningless and also possibly dangerous.

Anriette Esterhuysen from the Association for Progressive Communications (APC) (South Africa)

This multistakeholderism thing I think is bullshit. We now a have a clear picture of technology as a whole being turned against its users, being turned into a tool for oppression, for control. And when you look at the most important struggles of the 20th century, whether women's rights or civil rights or gay rights, it never happened with a total global consensus. This is an illusion. What we need is to affirm that we citizens have the right to decide. We are the only stakeholders here, because we are the co-owners of the Internet as a public good.

Jérémie Zimmermann, co-founder of La Quadrature du Net (France)

Everyone has to participate, and everyone has to decide what is the future of the Internet. I think that we need to improve our networks. There is no real answer here: for me it is very difficult to think of the kind of discussion we will have, but I know that my voice is probably useful for others who are in a similar situation to me.

Pilar Saenz from the Karisma Foundation (Colombia)

Multistakeholderism means that we are going to smash the patriarchy. Ask me what the colour blue means? [Ok: What does the colour blue mean?] The colour blue means we are going to smash the patriarchy.

Jacob Appelbaum, journalist, activist and core member of the TOR Project (USA/Germany)

Ultimately rights are embedded in laws. But when it comes to an international framework, in the current Internet governance model, nothing is based in law, including the domain name system. So the whole structure of international Internet governance is divorced from international law, and that's why, when you talk of a multistakeholder model, what you are really saying is that the market will finally determine what happens. No stakeholder is going to operate against its own interest whether it be governments or corporations. We need an international legal framework, from which the powers - or rights - of Internet governance emerge. Without that you're leaving it to the market. In reality, even today, what we have is a private-sector-led multistakeholder model.

Prabir Purkayastha from Knowledge Commons and the JustNet Coalition (India)

What does multistakeholderism mean? Listen, I'm a brown person from a developing country, and I'm female.

Anonymous

Introduction

A technically borderless Internet, in a world defined by national boundaries, brings many challenges in its wake. The social, ethical and legal standards of all countries are affected by technical standards and procedures, created by a few global players. This disparity in capacity and opportunities to participate and shape Internet policy, fuelled by Edward Snowden's revelations led to the development of the Global Multi-stakeholder Meeting on the Future of Internet Governance or NETmundial. Set against, an urgent need for interdisciplinary knowledge assessment towards establishing global guiding principles with respect to the technological architecture and the legal framework of the Internet–NETmundial is seen as a critical step in moving towards a global policy framework for Internet Governance (IG). As stakeholder groups from across the world come together to discuss future forms of governance, one of the most widely discussed issues will be that of Multistakeholderism (MSism).

Multistakeholderism

The governance structure of the Multistakeholder model is based on the notion, that stakeholders most impacted by decisions should be involved in the process of decision making. The collaborative multistakeholder spirit has been widely adopted within the Internet Governance fora, with proponents spread across regions and communities involved in the running, management and use of the Internet. So far, MSism has worked well in the coordination of technical networking standards and efforts to set norms and best practices in defined areas, in the realm of technical governance of the Internet.  However, the extension  of MSism beyond truly voluntary, decentralized and targeted contexts and expanding its applicability, to other substantive areas of Internet Governance is proving a challenge. Beyond defining how the process of policymaking should be undertaken, MSism does not provide any guidance on substantive policy issues of Internet governance. With the increasing impact of Internet technology on human lives and framed against the complexity of issues such as security, access and privacy, the consensus on MSism is further rendered unattainable.

The need for contextualizing the model aside, as with most policy negotiations certain open concepts and words have also prevented agreement and adoption of MSism as the best way forward for IG. One such open and perhaps, the most contentious issue with respect to the legitimacy of MSism in managing Internet functions is the role of stakeholders. A key element of MSism is that decisions will be made by and including all relevant stakeholders. Stakeholder groups are broadly classified to include governments, technical community and academia, private sector and civil society. With each stakeholder representing diverse and often conflicting interests, creating a consensus process that goes beyond a set of rules and practices promising a seat at the negotiation table and is supportive of broad public interest is a challenging task that needs urgent addressing.

This post aims to add to the discourse on defining the role and scope of stakeholders' decision-making powers, towards a better understanding of the term "in their respective role". Addressing the complexity of functions in managing and running the Internet and the diversity of stakeholders that are affected and hence should be included in decision making, I have limited the scope of my analysis to cover three broad internet management functions:

1. Technical: Issues related to infrastructure and the management of critical Internet resources
2. Policy: Issues relating to the developmental aspects, capacity building, bridging digital divide, human rights
3. Implementation: Issues relating to the use of the Internet including jurisdictional law, legislation spam, network security and cybercrime

While this may be an oversimplification of complex and interconnected layers of management and coordination, in my opinion, broad categorisation of issues is necessary, if not an ideal starting point for the purpose of this analysis. I have considered only the submissions categorised under the theme of Roadmap, seeking commonalities  across stakeholder groups and regions on the role of stakeholders and their participation in the three broad functions of technology, policy and implementation.

Towards a definition of respective roles: Analysis NETmundial submissions on Roadmap

There were a total of 44 submissions specific to Roadmap with civil society (20) contributing more than any other group including academia (7), government (4), technical community (5), private sector (3) and other (5). MSism sees support across most stakeholder groups and many submissions highlight or agree on participation and inclusion in decision making processes.

Regionally, submissions from North (24) were dominated by USA (10) with contributions cutting across academia (4), civil society (2), technical community (2) and other (2). Brazil (5) contributed the most to submissions from South (15), followed by Argentina (3). The submissions were consistent with the gender disparity prevalent in the larger technology community with only 12 females contributing submissions. An overwhelming number of submissions (38), thought that the multistakeholder (MS) model needs further definition or improvements, however, suggestions on how best to achieve this varied widely across stakeholders and regional boundaries. Only 16 submissions referenced or suggested Internet Governance Forum (IGF) in its present capacity or with an expanded policy role as a mechanism of implementing MSism on the Internet.

Many submissions referred to issues related to the management of critical internet resources (CIRs), the role of ICANN and US oversight of IANA functions. A total of 11 submissions referred to or specified governance processes with respect to technical functions and issues related to critical resources with civil society (5) and academia (3) contributing the most. In an area that perhaps has the most direct relevance to their work, the technical community was conspicuous with just two submissions making any concrete recommendations. The European Commission was the only governmental organisation that addressed this issue, recommending an expansion of the role of IGF.  There were no specific recommendations from the private sector.

The suggestions on oversight and decision making mechanism were most conflicted for this category of Internet functions and included:

• setting up a technical advisory group, positioned within a new intergovernmental body World Internet Organization (WIO) framework;
• splitting IANA functions into protocol parameters, that Internet Engineering Task Force (IETF) will be responsible for and IP address-related functions retained by ICANN
• expanding the role of IGF, possibly creating an IGF Secretariat
• expanding the role of Government Advisory Committee (GAC) to mainstream government representatives participation within supporting organisations, in particular the Generic Name Supporting Organisation (GNRO)
• expanding the role of private sector
• expanding the role of ICANN with multistakeholder values
• expanding the role of all stakeholders
• implementing changes that do not necessarily require legislative acts or similar hard law approaches and implementation does not necessitate international treaties or intergovernmental structures
• establishing a new non-profit corporation DNS Authority (DNSA) combining the IANA Functions and the Root Zone Maintainer roles in
• improving transparency and accountability of current bodies managing CIRs

16 submissions referred to issues related to policy development and implementation including developmental aspects, capacity building, bridging digital divide and human rights. All submissions called for a reform or further definition of MSism and included recommendations from civil society (5), academia (4), technical community (2), governments (2), private sector (1) and Other (2). All stakeholder groups across regions, unanimously agreed that all stakeholders within their respective role should have a role in decision making and within public policy functions. There was however, no broad consensus on the best way to achieve this.

Specific recommendations and views captured on who should be involved in policy related decision making and what possible frameworks could be developed included:

• improving existing intergovernmental organizations
• creating Internet Ad Hoc Group
• modularization of ICANN’s functions
• creating a stewardship group IETF, ICANN and the RIRs
• creating an independent IANA as an International NGO with host country agreements  governed by its MOUs-defined by the IANA Stewardship Group prior to the signing of MOUs with IANA Partners
• creating a 'new body' to develop international level public policies in concerned areas; seek appropriate harmonization of national level policies; and facilitate required treaties, conventions and agreements
• responsibility of the definition of these policies rests within the States as an inalienable right
• continuity of bottom-up oversight enables a better view of an organization and thus better accountability as government oversight will destroy multistakeholder character
• evolving global governance norms that separate DNS maintenance from policies on TLDs, as well as public policies that intersect with nations’ rights to make them
• policy makers incrementally develop formal and informal relationships
• dealing with conflict of interest and ensuring pluralism
• full multi-stakeholder framework including possible establishment of Working Groups where all parties concerned are represented

18 submissions referred to issues related to the implementation of standards including issues relating to the use of the Internet including jurisdiction, law, legislation, spam, network security and cybercrime. All submissions called for a reform or further definition of MSism values and included recommendations from civil society (8), academia (3), technical community (3), governments (2), private sector (1) and other (1). Stakeholders from academia (5), civil society (3) and government (1) collectively called for the reform of ICANN guided by multistakeholder values, but did not specify how this reform would be achieved.

Specific recommendations on the improvements of institutional frameworks and arrangements for issues related to implementation of  standards included:

• establishment of double system of arbitrage/settlement placed under World Internet Forum (WIF) scrutiny and under the neutral oversight and arbitrage of the UN general secretariat
• new legal instruments in establishing MS model need to be adopted
• establishment of the Internet Technical Oversight and Advisory Board (ITOAB) replace the US government's current oversight role
• multilateral frameworks with oversight role of governments

In summation,  the classification of Internet functions discussed above, presents a very broad view of complex, dynamic and often, interrelated relationships amongst stakeholder groups. However, even within these very broad categories there are various interpretations of how MSism should evolve.

To come back to the very beginning of this post,  NETmundial is an important step towards a global policy framework for Internet governance. This is the first meeting outside formal processes and it is difficult to know what to expect, partly as the expectations are not clear and range widely across stakeholders. Whatever the outcome,  NETmundial's real contribution to Internet Governance has been sparking anew, the discourse on multistakeholderism and its application on the Internet through the creation of a spontaneous order amongst diverse actors and providing a common platform for divergent views to come together.

NETmundial Day 1

>
>***LIVE SCRIBING BY BREWER & DARRENOUGUE - WWW.QUICKTEXT.COM***
>------
>>> LADIES AND GENTLEMEN, GOOD MORNING. IN SOME MINUTES WE WILL HAVE OUR OPENING SESSION OF OUR GLOBAL MULTISTAKEHOLDER MEETING ON THE FUTURE OF THE INTERNET GOVERNANCE. PLEASE TURN OFF YOUR MOBILE PHONES OR TURN THEM INTO VIBRATING. PLEASE TAKE YOUR SEATS. OR SHUT IT OFF. THANK YOU VERY MUCH.
>------
>------
>>> LADIES AND GENTLEMEN, PLEASE TAKE YOUR SEATS AND PLEASE TURN OFF YOUR MOBILE PHONES OR SET THEM INTO SILENT MODE. IN SOME MINUTES, WE ARE GOING TO START OUR OPENING CEREMONY OF OUR GLOBAL MULTISTAKEHOLDER MEETING ON THE FUTURE GOVERNANCE OF THE INTERNET.
>------
>------
>>> PLEASE TAKE YOUR SEATS AND TURN OFF YOUR MOBILE PHONES OR SET THEM INTO SILENT MODE. IN A FEW MINUTES, WE WILL START OUR OPENING CEREMONY OF THE GLOBAL MULTISTAKEHOLDER MEETING ON THE FUTURE OF INTERNET GOVERNANCE.
>------
>------
>------
>------
>>> LADIES AND GENTLEMEN, IN SOME MINUTES WE WILL START OFF THE OPENING CEREMONY OF THE GLOBAL MULTISTAKEHOLDER MEETING ON THE FUTURE OF INTERNET GOVERNANCE.
>------
>------
>[MUSIC ] >> THIS IS MY INTERNET.
>>> THIS IS MY INTERNET.
>------
>------
>------
>------
>------
>>> LADIES AND GENTLEMEN, THE PRESIDENT OF BRAZIL, HER EXCELLENCY DILMA ROUSSEFF. THE CHAIRMAN OF NETmundial, VIRGILIO ALMEIDA, AND THE MIKE RODENBAUGH OF SAO PAULO, THE COO OF ICANN, FADI CHEHADE, AND THE REPRESENTATIVE OF THE TECHNICAL SECTOR AND CREATOR OF THE WEB, TIM BERNERS-LEE. REPRESENTATIVE OF THE PRIVATE SECRETARY AND VICE PRESIDENT OF GOOGLE, VINT CERF, AND THE REPRESENTATIVE OF THE -- OF CIVIL SOCIETY, COFOUNDER, NNENNA NWAKANMA.
>[APPLAUSE ] >> WE ARE STARTING OFF THIS EFFORT AND WE ARE GOING TO LISTEN TO THE NATIONAL ANTHEM OF BRAZIL.
>[ PLAYING OF NATIONAL ANTHEM. ] [APPLAUSE ] >> WE ARE GOING TO LISTEN TO THE WORDS OF THE MINISTER OF COMMUNICATIONS, PAULO BERNARDO.
>>>PAULO BERNARDO SILVA: GOOD MORNING, HER EXCELLENCY DILMA ROUSSEFF, MEMBERS HERE AND PARTICIPANTS OF THIS MEETING.
>LADIES AND GENTLEMEN, WELCOME TO BRAZIL AND TO NETmundial. WE ARE VERY PROUD AND FEEL VERY RESPONSIBLE FOR RECEIVING YOU IN SAO PAULO.
>ALL OF YOU WHO CARE ABOUT INTERNET IN THE FUTURE HAVE REASONS FOR BEING PLEASED WITH WHAT WE ARE GOING TO DO TODAY.
>THIS MEETING IS THE CONCRETIZATION OF ALL OUR WISHES. WE NEEDED AN ADEQUATE ENVIRONMENT FOR THIS TO BE VOICED. WE BELIEVE THAT NETmundial IS THIS ENVIRONMENT WE NEED. FREE PARTICIPANTIVE AND PLURAL, AS WELL AS THE INTERNET WE BELIEVE IN.
>AND THIS IS SO BECAUSE THE CONCERN THAT GETS US TOGETHER IS GREATER THAN THE CONCERNS OF EACH PARTY. WE ARE DISCUSSING THIS INTERNET AROUND THIS TABLE OR OTHERWISE WE WILL HAVE NO FUTURE FOR THE INTERNET FROM THE VERY FIRST MOMENT, THE DIFFERENT STAKEHOLDERS GOT INVOLVED IN THE ORGANIZATION OF THIS EVENT AND THE PROOF OF THIS ENVIRONMENT IS HERE IN THE GREAT DIVERSITY OF CONTRIBUTIONS RECEIVED.
>WE ALSO HAVE HERE MANY AUTHORITIES AND PARTICIPANTS. WE'D LIKE TO THANK EACH ONE OF YOU AND CONGRATULATE EACH ONE OF YOU FROM DIFFERENT COUNTRIES. WE'RE ALL PROTAGONISTS OF AN HISTORICAL MOMENT AND TODAY WHAT WE HAVE BEFORE US IS A CHALLENGE TO MAKE THE MOST FOR ALL THE DIFFERENT OPINIONS IN FAVOR OF A UNIQUE PATH.
>THIS PATH HAS A VERY STRAIGHT SENSE OF ORIENTATION, A FREE AND UNFRAGMENTED INTERNET. THAT'S THE BEST WE CAN HAVE, THE CAPACITY TO CONNECT, TO MOBILIZE, TO INNOVATE, TO CREATE RICHNESS OF CULTURE OR WHATEVER, AND RESPECT THE LINKS. SO INTERNET BEING RULED BY MORE PEOPLE COULD REACH MORE PEOPLE IN THE WORLD.
>SO I WISH THAT WHEN WE LEAVE SAO PAULO, WE CAN 81BRATE A NEW AND PROMISSORY BEGINNING. THIS IS OUR RESPONSIBILITY HERE, AND THANK YOU VERY MUCH. AND HAVE A GOOD MEETING. THANK YOU.
>[APPLAUSE ] >> NOW, MR. HONKING, SECRETARY-GENERAL OF THE UNITED NATIONS FOR BUSINESS MATTERS WILL DELIVER HIS MESSAGE FROM THE SECRETARY-GENERAL, BAN KI-MOON.
>>>WU HONGBO: YOUR EXCELLENCY, PRESIDENT ROUSSEFF, DISTINGUISHED MINISTERS, EXCELLENCIES, DISTINGUISHED DELEGATES, COLLEAGUES, LADIES AND GENTLEMEN.
>I'M HONORED TO BE HERE WITH YOU FOR THIS IMPORTANT EVENT. IT IS MY GREAT PLEASURE TO DELIVER A MESSAGE ON BEHALF OF THE UNITED NATIONS SECRETARY-GENERAL, MR. BAN KI-MOON.
>HERE I QUOTE: I THANK THE GOVERNMENT OF BRAZIL FOR HOSTING THE NETmundial MEETING, AND I COMMEND THIS GLOBAL MULTISTAKEHOLDER NATURE. ONLY THROUGH INCLUSIVE AND BOTTOM-UP PARTICIPATION WE BE ABLE TO FOSTER AN ACCESSIBLE, OPEN, SECURE, AND TRUSTWORTHY INTERNET.
>THE INTERNET IS TRANSFORMING SOCIETIES IN ALL REGIONS. IT IS THE BACKBONE OF OUR GLOBAL ECONOMY AND AN ESSENTIAL VEHICLE FOR DISSEMINATING INFORMATION AND IDEAS.
>ONE-THIRD OF THE PEOPLE NOW HAVE ACCESS TO THE INTERNET AND THE KNOWLEDGE AND THE TOOLS IT PROVIDES. INCREASING NUMBER OF PEOPLE NOW HAVE A PLATFORM TO VOICE THEIR OPINIONS AND PARTICIPATE IN SOCIETY FROM COMMERCE TO DEMOCRATIC DECISION-MAKING. THAT IS WHY IT IS ESSENTIAL THAT INTERNET GOVERNANCE POLICIES CONTINUE TO FOSTER FREEDOM OF EXPRESSION AND THE FREE FLOW OF INFORMATION.
>THE INTERNET AND THE INFORMATION SOCIETY HOLD TREMENDOUS PROMISE FOR THE POST-2015 DEVELOPMENT AGENDA.
>THE INTERNET CAN STRENGTHEN EFFORTS TO ERADICATE POVERTY, ADDRESS INEQUALITY, AND PROTECT AND RENEW THE PLANET'S RESOURCES.
>BUT REALIZING THE PROMISE MEANS EXPANDING INTERNET ACCESS TO NEARLY 1.3 BILLION PEOPLE WHO CURRENTLY LACK IT.
>MOST ARE IN DEVELOPING COUNTRIES AND THERE ARE SIGNIFICANT GENDER GAPS.
>INTERNET GOVERNANCE MUST, THEREFORE, WORK TO BRIDGE THE DIGITAL DIVIDE THROUGH INCLUSIVE RIGHTS-BASED POLICIES.
>INTERNET GOVERNANCE SHOULD AIM FOR UNIVERSAL ACCESS TO AN INTEROPERABLE, GLOBALLY CONNECTED, AND SAFE ONLINE SPACE.
>TO THIS END, THE PRINCIPLES OF THE WORLD SUMMIT ON THE INFORMATION SOCIETY REMAIN RELEVANT.
>THE UNITED NATIONS INVITES ALL STAKEHOLDERS TO JOIN IN THE ONGOING SUMMIT REVIEW PROCESS.
>CONFIDENCE IN THE INTERNET AND ITS GOVERNANCE IS VITAL. IF IT IS TO BE EFFECTIVELY CONTRIBUTING TO THE SUSTAINABLE DEVELOPMENT.
>IN THIS CONNECTION, I WISH TO INFORM THE MEETING I INTEND TO APPOINT AMBASSADOR JANIS KARKLINS OF LATVIA AS THE CHAIR OF THE MULTISTAKEHOLDER ADVISORY GROUP OF THE INTERNET GOVERNANCE FORUM.
>[APPLAUSE ] >>WU HONGBO: I COUNT ON MR. KARKLINS TO PROMOTE A STRENGTHENED INTERNET GOVERNANCE THROUGH BROADER PARTICIPATION, NOT ONLY BY GOVERNMENTS BUT ALSO THE PRIVATE SECTOR AND CIVIL SOCIETY, INCLUDING THE ACADEMIC AND THE TECHNICAL COMMUNITIES.
>BUILDING CONSENSUS ON THE ROADMAP FOR THE FUTURE OF INTERNET GOVERNANCE IS CRUCIAL. THIS NETmundial IS AN IMPORTANT MILESTONE. I WISH YOU A PRODUCTIVE MEETING. UNQUOTE.
>THANK YOU VERY MUCH ON BEHALF OF UNITED NATIONS DEPARTMENT OF ECONOMIC AND SOCIAL AFFAIRS, UNDESA. I WOULD LIKE TO THANK BRAZIL AND THE BRAZILIAN INTERNET STEERING COMMITTEE FOR NOT ONLY HOSTING THIS IMPORTANT MEETING, BUT ALSO FOR BEING CONSISTENT SUPPORTERS OF INTERNET GOVERNMENT FORUM. THE IGF COMMUNITY LOOKS FORWARD TO RUNNING TO BRAZIL FOR THE SECOND TIME FOR THE 10TH IGF IN 2015.
>THANK YOU VERY MUCH.
>[APPLAUSE ] >> NOW, WE ARE GOING TO LISTEN TO MS. NNENNA NWAKANMA, A REPRESENTATIVE OF CIVIL SOCIETY AND CONTRIBUTOR OF THE OPEN SOURCE FOUNDATION OF AFRICA.
>[APPLAUSE ] >>NNENNA NWAKANMA: OOH-LA-LA. YOUR EXCELLENCIES, COLLEAGUES, PRESENT AND REMOTE LADIES AND GENTLEMEN, (NON-ENGLISH WORD OR PHRASE). MY NAME IS I COME FROM THE INTERNET. I ALSO COME FROM DIVERSE CIVIL SOCIETY TEAMS AND NETWORKS, ONE OF WHICH IS THE TEAM THAT WORKS WITH THE WORLD WIDE WEB FOUNDATION.
>AT THE WEB FOUNDATION, WE ARE ENGAGED IN THE ALLIANCE FOR AFFORDABLE INTERNET. WE'RE ENGAGED IN THE WEB INDEX AND OPEN DATA INITIATIVES. ONE THING I DO FOR A LIVING IS TO ESTABLISH THE OPEN WEB AS A GLOBAL PUBLIC GOOD AND A BASIC RIGHT, ENSURING THAT EVERYONE CAN ACCESS AND USE IT FREELY. THAT'S WHAT I DO.
>I ALSO BELONG TO THE (INDISCERNIBLE) CIVIL SOCIETY PLATFORM, THE INTERNET GOVERNANCE CAUCUS FOR THE PAST 12 YEARS, AND THE AFRICA INTERNET GOVERNANCE FORUM.
>SO FOR ME, NETmundial, IN CONVENING US TO TAKE A CRITICAL LOOK AT THE PRINCIPLES AND ROADMAP FOR THE FUTURE OF THE INTERNET GOVERNANCE AVAILS ME WITH AN OPPORTUNITY TO RAISE THREE KEY ISSUES.
>THE FIRST ISSUE IS ACCESS.
>AS MUCH AS TWO-THIRDS OF THE WORLD'S POPULATION IS NOT YET CONNECTED TO THE INTERNET. THE PENETRATION RATES IN DEVELOPED COUNTRIES AVERAGE AROUND 31%, BUT IN AFRICA WHERE I COME FROM, WE ARE ABOUT 16%.
>IN THE WORLD'S 49 LEAST DEVELOPED COUNTRIES, OVER 90% OF THE POPULATION ARE STILL NOT ONLINE.
>WE HAVE 1 BILLION PEOPLE LIVING WITH DISABILITY, AND 80% OF THESE LIVE IN THE DEVELOPING COUNTRIES. EACH ONE OF THESE DESERVE ACCESS.
>ACCESS TO INFORMATION, ACCESS TO LIBRARIES, ACCESS TO KNOWLEDGE, AND ACCESS TO AFFORDABLE INTERNET.
>MY SECOND ISSUE IS SOCIAL AND ECONOMIC JUSTICE.
>THE INTERNET IS FAST BECOMING THE DOMINANT MEANS OF WEALTH CREATION, SO THE RIGHTS TO DEVELOPMENT, I THINK, SHOULD INCLUDE SOCIAL JUSTICE.
>FOR ME, IT IS NOT ENOUGH TO DO A SUPERFICIAL CAPACITY-BUILDING JUST FOR A FEW PERSONS. I'M LOOKING FOR THE MECHANISM THAT ALLOWS THE HIGHEST NUMBER OF PERSONS TO BE INCLUDED, THE LARGEST NUMBER OF VOICES TO BE HEARD, THE WIDEST EXTENT OF ACCESS TO INNOVATION, AND THE DEEPEST CREATIVITY FOR THE HUMAN MIND TO FLOURISH.
>FOR THIS, I THINK WE NEED TO START CONSIDERING THE INTERNET AS PUBLIC COMMENTS.
>MY THIRD ISSUE IS HUMAN RIGHTS AND FREEDOM.
>NOW I WILL INVITE YOU TO LISTEN THROUGH MY VOICE TO SOMEONE THAT I GREATLY RESPECT.
>THIS PERSON IS A "SHE." SHE WAS SPEAKING AT THE UNITED NATIONS GENERAL ASSEMBLY IN NEW YORK ON THE 25TH OF SEPTEMBER RAFT YEAR. DO YOU WANT TO HEAR WHAT SHE SAID?
>>> YES!
>>>NNENNA NWAKANMA: SHE SAID, "I CANNOT BUT DEFEND IN AN UNCOMPROMISING FASHION THE RIGHT TO PRIVACY OF INDIVIDUALS. IN THE ABSENCE OF THE RIGHT TO PRIVACY, THERE CAN BE NO TRUE FREEDOM OF EXPRESSION AND OPINION AND THERE IS NO EFFECTIVE DEMOCRACY." AND THAT WAS DILMA ROUSSEFF.
>[CHEERS AND APPLAUSE ] >>NNENNA NWAKANMA: OKAY. THANK YOU. RIGHT. LADIES AND GENTLEMEN, IN LOOKING FORWARD TOWARDS THE ROADMAP, I ALSO NEED TO RAISE THREE KEY ISSUES.
>MY FIRST ISSUE IS PARTICIPATION. WHEN WE STARTED, WE KICKED OFF WITH THE BASIC UNDERSTANDING THAT ALL STAKEHOLDERS HAVE A PLACE, A ROLE, A CONTRIBUTION.
>BUT AS WE'VE MOVED FURTHER DOWN THE LINE, THE IDEA OF MULTISTAKEHOLDER ENGAGEMENT IS GETTING MUDDLED AND IT'S LOSING A BIT OF ITS MEANING, SO I WOULD REQUEST THAT WE GO BACK TO THE DRAWING BOARD AND WE REVISIT IT, AND IF IT NEEDS TO UPGRADE, PLEASE LET'S DO THAT.
>BECAUSE WE NEED TO ENGAGE ALL STAKEHOLDERS AT A GLOBAL, REGIONAL, AND NATIONAL LEVELS.
>WE NEED TO ESTABLISH RESPECT AND VALUE FOR ALL CONTRIBUTIONS COMING FROM ALL STAKEHOLDERS, AND WE NEED MEANINGFUL PARTICIPATION FROM INDIVIDUALS COMING FROM DEVELOPING COUNTRIES AND UNDERREPRESENTED GROUPS.
>MY SECOND ISSUE IS RESOURCES.
>HOW DO WE ENSURE THAT RESOURCES ARE MOBILIZED AND MAINTAINED FOR A VIABLE INTERNET GOVERNANCE MECHANISM?
>THE QUESTION IS NOT JUST AT THE GLOBAL LEVEL. IT'S AT CONTINENTAL, REGIONAL, AND EVEN NATIONAL LEVELS.
>WHO'S RESOURCES ARE WE GOING TO COMMIT?
>MY FIRST THOUGHT IS THAT THE INTERNET SHOULD BE ABLE TO PROVIDE RESOURCES FOR ITS OWN GOVERNANCE. MAYBE PART OF THE DOMAIN NAME FEES SHOULD BE REINVESTED IN THIS AREA.
>[APPLAUSE ]
>>>NNENNA NWAKANMA: NOW, MY THIRD ISSUE IS CHANGE.
>NETmundial IS OFFERING US A GREAT OPPORTUNITY FOR CHANGE. CHANGE FROM ONE STAKEHOLDER HIJACKING THE PROCESS TO AN OPEN AND INCLUSIVE PROCESS. CHANGE FROM ONE OFFICIAL ISSUING ORDERS TO COLLABORATION. CHANGE FROM JUST REPORTS TO REAL TRANSPARENCY.
>CHANGE FROM POWER TO ACCOUNTABILITY. CHANGE FROM MONOLOGUES TO DIALOGUES AND DEBATES. CHANGE FROM THE RHETORIC OF CYBER-WAR TO THE NOTION OF INTERNET FOR PEACE. CHANGE FROM CYBER-THREATS TO DIGITAL SOLIDARITY. AND I DO BELIEVE THAT ALL OF THESE PRINCIPLES WILL ALSO GUIDE US IN IANA TRANSITION.
>LADIES AND GENTLEMEN, THERE IS ONE MESSAGE I MUST LEAVE WITH YOU TODAY, IT IS THE MESSAGE OF TRUST.
>WE'RE IN BRAZIL BECAUSE WE TRUST THE PERSON OF DILMA ROUSSEFF. WE ARE HERE BECAUSE WE TRUST THE NETmundial PROCESS. WE TRUST THE MULTISTAKEHOLDER APPROACH OF BRAZIL IN ITS OWN IGF, AND WE HAVE FOLLOWED THE STORY OF MARCO CIVIL AND I WANT TO SEE CONGRATULATIONS TO ALL BRAZILIANS ON THIS.
>[CHEERS AND APPLAUSE ] >>NNENNA NWAKANMA: HANG ON. HANG ON. HANG ON.
>THE TRUST THAT WE HAVE IN BRAZIL IS NEEDED AT ALL LEVELS. BUT THIS TRUST HAS BEEN DESTROYED BY THE COLLECTION, PROCESSING, AND INTERCEPTION OF OUR COMMUNICATIONS.
>[APPLAUSE ] >>NNENNA NWAKANMA: YES. SURVEILLANCE ON INTERNET SECURITY AND OUR TRUST IN ALL PERSONAL BUSINESS AND DIPLOMATIC COMMUNICATIONS. THAT'S WHY WE SAY "NO." THE WEB WE CAN TRUST, THAT IS THE WEB WE WANT. THE WEB THAT CONTRIBUTES TO PEACE, THAT IS THE WEB WE WANT. THE WEB THAT IS OPEN AND INCLUSIVE, THAT IS THE WEB WE WANT. THE WEB OF OPPORTUNITIES AND SOCIAL JUSTICE, THAT IS WHY I AM HERE.
>LADIES AND GENTLEMEN, NETmundial, I THINK, IS THE WORLD CUP OF INTERNET GOVERNANCE. WE NEED A ROBUST STADIUM THAT CAN HOLD US. THAT IS INFRASTRUCTURE. WE NEED TO ENJOY THE GAME. THAT IS PARTICIPATION. WE SHOULD NOT DISCRIMINATE. THAT IS NET NEUTRALITY. EVERYBODY'S FREE TO SUPPORT THEIR TEAM. I SUPPORT (SAYING NAME) OF NIGERIA. THAT IS FREEDOM. I SUPPORT BRAZIL AS LONG AS THEY ARE NOT PLAYING AGAINST AFRICA, ANYWAY.
>[LAUGHTER ] >>NNENNA NWAKANMA: WE NEED TO BE ABLE TO WEAR OUR COSTUMES AS FANS AND THAT IS DIVERSITY. AND MOST IMPORTANTLY, WE NEED TO KNOW THE RULES OF THE GAME AND PLAY BY IT. THAT, FOR ME, IS TRANSPARENCY.
>SO IT'S NOT GOING TO BE ABOUT POWER AND CONTROL FOR GOVERNMENTS. IT'S NOT GOING TO BE JUST INTEREST FOR THE INDUSTRY. IT'S NOT GOING TO BE NAMES AND NUMBERS FOR TECHNICAL COMMUNITY. IT'S NOT GOING TO BE FOR OR AGAINST FOR CIVIL SOCIETY. I THINK THAT WE NEED HUMILITY. THE HUMILITY TO LISTEN TO DIVERSE VOICES IS ESSENTIAL FOR AN AUTHENTIC DIALOGUE. LET US TALK TO EACH OTHER AND NOT AT EACH OTHER. BECAUSE SOMETIMES WE CAN BE SO DROWNED IN OUR OWN VOICES THAT WE DO NOT HEAR THE OTHER STAKEHOLDERS.
>JUST BEFORE I SIT DOWN, LADIES AND GENTLEMEN, TOMORROW IS GIRLS IN ICT DAY, SO I'M GOING TO SPEAK TO LADIES.
>GIRLS, IT IS UP TO US TO SEIZE THE OPPORTUNITY THAT THE INTERNET HAS GIVEN US. LET'S SEIZE IT AND LET'S ROCK THE WORLD! LET US GET WOMEN ONLINE. LET US GET US ONLINE.
>AND THIS, I WANT TO SAY A SPECIAL TRIBUTE TO ALL THE GIRLS IN MY WORLD FOUNDATION TEAM. ALEXANDRA IS HERE, RENAT AVILA, SONIA GEORGE, ANGELA, AND NOT JUST NETmundial BUT GIRLS ACROSS THE WORLD WORK ON THE INTERNET EVERY DAY. DEBORAH BROWN IS IN THE U.S. MARION FRANKLIN IS IN EUROPE. ANNA IS IN INDIA, (SAYING NAME) IS IN LATIN AMERICA HERE, (SAYING NAME) IS IN AFRICA, JOY LID I COT IS IN NEW ZEALAND, AND SALANIETA IS SOMEWHERE IN THE ISLANDS OF FIJI. GREAT WOMEN WHO DO THIS WORK. AND EVEN HERE IN BRAZIL, WE HAVE GREAT LADIES. ONE IS (SAYING NAME) AND THE OTHER IS (SAYING NAME) BUT COME ON, IT'S NOT JUST ABOUT WOMEN. THERE ARE GUYS, MEN, WHO WORK EVERY DAY, WHO PUT IN THE ENERGY, WHO PUT IN THEIR LIFE, WHO PUT IN ALL THEY HAVE, PUT IN THEIR EXPERTISE, SO THAT WE CAN HAVE A GLOBAL, TRUE, OPEN AND RESILIENT. AND TO ALL OF US WHO LOVE THE INTERNET AND TO ALL OF US WHO ARE HERE AND TO SOMEONE CALLED EDWARD, EDWARD SNOWDEN, THANK YOU.
>[CHEERS AND APPLAUSE ]
>>> ---
>>>VINT CERF: PRESIDENT DILMA ROUSSEFF, EXCELLENCIES, DISTINGUISHED GUESTS, LADIES AND GENTLEMEN, IT IS AN HONOR AND A PRIVILEGE TO PARTICIPATE IN NETmundial. THIS DIALOGUE IS TIMELY AND MUCH NEEDED AS THE INTERNET CELEBRATES THE 40th YEAR OF ITS PUBLIC UNVEILING AND THE 31st YEAR OF ITS OPERATION. IN MAY 1974, THE DESIGN OF THE INTERNET WAS PUBLISHED IN THE IE EX-E PUBLICATIONS. ROBERT KAHN AND I FELT STRONGLY THE DESIGN AND THE PROTOCOLS OF THE INTERNET NEEDED TO BE FREELY AND OPENLY AVAILABLE TO ANY INTERESTED PARTIES AND WITHOUT ANY BARRIERS TO ADOPTION AND USE.
>OVER FOUR DECADES BY WORKING TOGETHER AND INCLUDING THE EXPERIENCES GATHERED FROM OTHER GLOBAL NETWORK EXERCISES, AN INFORMAL COALITION HAS BUILT FROM THE BOTTOM UP THE SUCCESSFUL, FREE AND OPEN INTERNET AND THE POPULAR WORLDWIDE WEB. SOME 3 BILLION PEOPLE ARE ALREADY ONLINE WORKING TOGETHER TOWARDS GROWTH IN A POWERFUL ECONOMIC ENGINE AND POSITIVE SOCIAL FORCE.
>THIS INTERNET GOVERNANCE MEETING COMES AT A TIME WHEN THE INTERNET AND ITS USE REFLECTS THE FULL RANGE OF INTERESTS OF A GLOBAL AND INCREASINGLY ONLINE SOCIETY.
>IN ADDITION TO APPRECIATING THE ENORMOUS BENEFITS ALREADY OBTAINED THROUGH THE COOPERATIVE CREATION, DISCOVERING AND SHARING OF INFORMATION ON THE INTERNET, IT IS ALSO APPARENT THAT USERS AND GOVERNMENTS ARE BECOMING CONCERNED ABOUT POTENTIAL HARMS THAT MAY BE ENCOUNTERED IN THIS DIGITAL WORLD.
>A SMALL FRACTION OF THE INTERNET'S USERS DELIBERATELY SEEK TO BENEFIT THEMSELVES AT THE EXPENSE OF OTHERS OR JUST SEEK TO DO DAMAGE THROUGH A KIND OF DIGITAL VANDALISM, AS ALSO HAPPENS OFFLINE.
>MOREOVER, IT IS APPARENT THAT THE RICH SOCIAL NETWORKING APPLICATIONSES THAT ARE RAPIDLY PROLIFERATING ALSO HAVE A POLITICAL POTENTIAL THAT MAY BE ALARMING TO SOME REGIMES.
>GOVERNMENTS UNDERSTANDABLY SEEK WAYS TO DEFEND THE GENERAL PUBLIC AND PRIVATE SECTORS AGAINST HARM, SUCH AS FRAUD, MALWARE, IDENTITY THEFT AND BULLYING. OTHERS VIOLATE HUMAN RIGHTS BY USING THE INTERNET TO CENSOR, MISINFORM, CONDUCT SURVEILLANCE AND RESTRICT SPEECH OR USE IT AS A MEANS TO IDENTIFY AND INCARCERATE THOSE WHO SPEAK TRUTH TO POWER.
>THE OPENNESS OF THE INTERNET HAS BEEN THE KEY TO ITS GROWTH AND VALUE. PERMISSIONLESS INNOVATION IS THE MAIN SPRING OF INTERNET'S ECONOMIC POWER. WE MUST FIND WAYS TO PROTECT THE VALUES THAT THE INTERNET BRINGS, INCLUDING THE RIGHTS OF ITS USERS WHILE ALSO PROTECTING THEM FROM HARM.
>THESE PRINCIPLES, TOGETHER WITH GROWING ACCESS TO THE INTERNET WILL PROVE TO BE OF LASTING VALUE TO THE DEVELOPING WORLD THAT CAN TAKE ADVANTAGE OF THE POSITIVE BENEFITS OF AN EXPANDING INFORMATION ECONOMY.
>OUR WORK IS NOT NEARLY DONE UNTIL THE INTERNET IS ACCESSIBLE TO EVERYONE AND IPv6 IS ACCESSIBLE EVERYWHERE.
>BRAZIL HAS SET A POSITIVE EXAMPLE IN NETmundial. IN A MULTIPARTY INITIATIVE LED BY CONGRESSMAN ALESANDRO MALONE, THE COUNTRY HAS JUST LEGISLATED MARCO CIVIL WHICH OFFERS IMPORTANT SAFEGUARDS TO PROTECT INTERMEDIARY INTERNET PROVIDERS AND PROTECT USER RIGHTS. ITS INTERNET STEERING COMMITTEE, CGI.BR, IS A MODEL OF NATIONAL MULTISTAKEHOLDER GOVERNANCE.
>THIS MEETING, AMONG MANY OTHERS, REPRESENTS AN IMPORTANT OPPORTUNITY TO EXAMINE A MULTISTAKEHOLDER MODEL FOR INTERNET GOVERNANCE BASED ON THE PARTICIPATION OF ALL STAKEHOLDERS, INCLUDING ROLES FOR GOVERNMENT, ACADEMICS, CIVIL SOCIETY, PRIVATE BUSINESSES AND THE TECHNICAL COMMUNITY. THIS CONFERENCE HAS BROUGHT TOGETHER A RICH AND VARIED GROUP OF INTERESTED PARTIES TO EXPLORE PRINCIPLES AND GUIDELINES FOR FUTURE INTERNET GOVERNANCE AS IT REACHES THE OTHER 4 BILLION STILL UNCONNECTED PEOPLE IN THE WORLD.
>THE INTERNET HAS BEEN BUILT ON THE BASIS OF COLLABORATION AMONG A DIVERSE AND CONSTANTLY EVOLVING SET OF INTERESTED PARTIES. AND THIS IS A FOUNDATIONAL IDEA THAT MUST BE PRESERVED. NEW INSTITUTIONS AND OPERATIONAL PLAYERS HAVE BEEN FORMED AT NEED, SUCH AS THE INTERNET ARCHITECTURE BOARD, THE INTERNET ENGINEERING TASK, THE INTERPRET SOCIETY, THE INTERNET CORPORATION FOR ASSIGNED NAMES AND NUMBERS, THE REGIONAL INTERNET REGISTRIES AND THE NUMBER RESOURCE ORGANIZATION, OTHER REGIONAL TLD ORGANIZATIONS SUCH AS CENTR AND LacTLD, THE ROOT SERVER OPERATORS, REGIONAL NETWORK OPERATION GROUPS, THE EMERGENCY RESPONSE TEAMS, INTERNET EXCHANGE POINTS, THE TOP-LEVEL DOMAIN REGISTRIES AND REGISTRARS AND THE NETWORK INFORMATION CENTERS SUCH AS THE BRAZILIAN NIC.
>OUT OF THE WORLD SUMMIT ON THE INFORMATION SOCIETY HAS COME THE ANNUAL INTERNET GOVERNANCE FORUM AND ITS REGIONAL AND NATIONAL ANALOGS. WE CREATE INSTITUTIONS AT NEED.
>AS WE GATHER HERE FOR THE NEXT TWO DAYS, WE HAVE TWO SPECIFIC CHALLENGES TO CONSIDER. THE LARGER ONE IS THE GENERAL DESIGN OF A GLOBAL, MULTISTAKEHOLDER INTERNET GOVERNANCE FRAMEWORK THAT PRESERVES THE FREE AND OPEN INTERNET AND PROVIDES TRANSNATIONAL PROTECTIONS FOR THE RIGHTS OF USERS.
>THE FRAMEWORK HAS TO ENABLE THE EVOLUTION OF THE INTERNET AND BE ABLE TO ADAPT TO IT. THE MORE FOCUSED CHALLENGE IS TO DEVISE A RESPONSE TO THE U.S. INVITATION TO ASSURE THAT WHEN THE U.S. GOVERNMENT AND ITS CONTRACTUAL RELATIONSHIP WITH ICANN, THE MULTISTAKEHOLDER FRAMEWORK FOR ICANN'S MANAGEMENT OF UNIQUE IDENTIFIERS AND PARAMETERS WILL ADHERE TO THE PRINCIPLES THAT HAVE MADE THE INTERNET A REMARKABLE, GLOBAL AND BENEFICIAL INFRASTRUCTURE.
>I BELIEVE THAT THE CHALLENGE BEFORE US, ASSURING ICANN'S ADHERENCE CAN BE ACCOMPLISHED BY REINFORCING ITS ACCOUNTABILITY AND TRANSPARENCY MECHANISMS. THE LARGER CHALLENGE, PROTECTING THE RIGHTS OF USERS WHILE ASSURING THEIR SAFETY WILL REQUIRE LAYERED, LOCAL, NATIONAL AND TRANSNATIONAL ENABLING MECHANISMS. WE CANNOT PRETEND TO KNOW THE SOLUTION TO ALL THE CHALLENGES AND OPPORTUNITIES THAT THE INTERNET POSES. WE CAN, HOWEVER, CREATE STRUCTURES THAT WILL ALLOW MULTISTAKEHOLDER COLLABORATIONS TO DISCOVER AND EVALUATE POSSIBLE ANSWERS.
>AMONG THE MECHANISMS THAT SHOULD BE REINFORCED AND SUPPORTED, I WOULD SINGLE OUT THE INTERNET GOVERNANCE FORUM. IT NEEDS FINANCIAL SUPPORT AND A PROPERLY STAFFED SECRETARIAT. IT HAS ILLUMINATED OUR UNDERSTANDING OF THE PROSPECTS AND PROBLEMS ARISING FROM THE GLOBAL GROWTH OF THE INTERNET.
>MOBILE TECHNOLOGY RAPIDLY DROPPING COSTS FOR INTERNET-ENABLING EQUIPMENT AND COMMUNICATIONS, AND BOUNDLESS DEVELOPMENT OF NEW APPLICATIONS HAVE CREATED A RICH PALATE FROM WHICH TO PAINT A BENEFICIAL DIGITAL FUTURE. THE GLOBAL IGF AND ITS REGIONAL AND NATIONAL COUNTERPARTS CAN BECOME AN EVEN MORE HELPFUL MECHANISM FOR HIGHLIGHTING ISSUES BY TRACKING THEIR SOLUTIONS IN A VARIETY OF FORUMS AND ENABLING THE EMERGENCE OF NEW APPROACHES WHEN THESE SEEM NECESSARY.
>WE WOULD HAVE TO BE A PRETTY SILLY SPECIES NOT TO TAKE ADVANTAGE OF THE GIFT THAT THE TECHNOLOGY HAS GIVEN US. THOSE OF US PARTICIPATING IN THE NETmundial -- WELL, I HAVE A VERY INTERESTING PROBLEM HERE, MY SPEECH ENDS BECAUSE THE REST OF IT WASN'T PRINTED OUT.
>[LAUGHTER ]
>SO I WILL END BY THANKING YOU VERY MUCH FOR THE TIME ON THIS STAGE.
>[APPLAUSE ]
>>>TIM BERNERS-LEE: TECHNOLOGY IS PERFECT THEN.
>45 YEARS AGO VINT CERF AND BOB KAHN PUT TOGETHER THE IDEA OF THE INTERNET, DESIGNED THAT, AND MADE THAT OPEN. 25 YEARS AGO -- A LONG TIME LATER, THE INTERNET WAS RUNNING. THERE WAS REMOTE --- . THERE WAS EMAIL RUNNING OVER THE INTERNET. BUT THERE WERE NO WEB, NO WEB SITES, NO WEB PAGES, NO LINKS. I FELT IT WAS REALLY IMPORTANT THERE SHOULD BE SO I INVENTED THE WEB. AND AS THE WORLDWIDE WEB PROJECT GREW, I NEEDED COLLABORATORS. I INVENTED HTML AND HTTP AND URLS BUT THE DEVELOPMENT OF THOSE HAD TO BE DONE BY A LARGE TECHNICAL COMMUNITY. I WENT TO THE INTERNET ENGINEERING TASK FORCE, I FOUNDED THE WORLDWIDE WEB CONSORTIUM THAT ASSESS THE STANDARDS FOR THE WEB AND ITS MOTTO IS TO LEAD THE WEB TO ITS FULL POTENTIAL.
>SO THE COLLABORATION BETWEEN THESE MULTISTAKEHOLDER GROUPS LIKE IETF AND W3C AND ALL THE PEERS THEY WORK WITH LIKE ECMA, TC39 FOR (SAYING NAME) THAT HAS BEEN REALLY CRUCIAL AND IT REALLY HAS BEEN HOW THIS HAS ALL WORKED.
>I HOPE YOU WILL AGREE THAT PEOPLE WORKING TOGETHER HAVE DONE A REASONABLE JOB AND LOOKING BACK AT THE 25 YEARS OF THE WEB, IT HAS BEEN -- IT HAS BEEN AN INCREDIBLE RIDE AND WE REALIZE NOW THAT RATHER THAN BEING A FUN PROJECT LIKE ALL THESE THINGS STARTED OFF WITH, IT NOW BECOMES SOMETHING WE HAVE TO REGARD AS TO BEING CRUCIAL.
>SOME OF THESE ORGANIZATIONS WHICH BELIEVE IN OPEN STANDARDS IN THIS PARTICULAR SORT OF MULTISTAKEHOLDER OPEN ON THE WEB SORT OF MEANING OF THE WORD, DEVISED THE WORD OPEN STAND. YOU CAN GO TO OPENSTAND.ORG TO EXPRESS THE WAY IT SHOULD BE ABOUT WITH OPEN DISCUSSION WITH THE DOCUMENTS BEING FREELY AVAILABLE ON THE WEB. WITH W3C SPECIFICALLY COMPANIES COMMIT THAT WHEN THEY START AND WORK TOWARDS THESE STANDARDS, THAT WHEN THE STANDARDS COME OUT THAT THEY WILL NOT CHARGE ROYALTIES TO ANYBODY WHO WANTS TO IMPLEMENT IT. SO KEEPING IT ROYALTY FREE HAS ALSO BEEN REALLY IMPORTANT.
>THE WEB GREW AS SOMETHING WHICH DID NOT INVOLVE BORDERS BECAUSE IT GREW ON THE INTERNET AND THE INTERNET, WHEN YOU CONNECT -- WHEN I WROTE A PROGRAM TO CONNECT FROM ONE COMPUTER TO THE OTHER, NEITHER PROGRAM HAD AN AWARENESS, NEEDED TO KNOW OR NECESSARILY FOUND IT EASY TO FIND OUT WHICH COUNTRY THOSE TWO COMPUTERS WERE IN. BUT INTERNET WAS TECHNICALLY -- IS A NATIONLESS THING. SO IN A NON-NATIONAL ENVIRONMENT, THE WEB GROWING UP, IT HAS BEEN A NON-NATIONAL SOCIETY WHICH HAS GROWN UP AROUND IT.
>YES, THERE HAS BEEN -- FORMALLY, THERE HAS BEEN A CONNECTION BETWEEN THE U.S. GOVERNMENT AND THE WAY INTERNET NUMBERS AND NAMES HAVE BEEN ASSIGNED. AND I'M VERY GLAD THAT THE U.S. GOVERNMENT HAS ACCEPTED TO RELEASE THAT OVERSIGHT. I THINK THAT IS VERY OVERDUE AND A VERY IMPORTANT STEP.
>IT IS AN IMPORTANT STEP BECAUSE ICANN SHOULD SERVICE -- IT SERVICES THE GLOBAL PUBLIC INTERNET, AND, THEREFORE, IT SHOULD BE A GLOBAL PUBLIC BODY. SO FOR ME, WHAT DOES THAT MEAN? IT IS EASY TO SAY IN THE PUBLIC INTEREST. FOR ME, FOR ICANN, THAT MEANS THAT DECISIONS THAT IT MAKES ABOUT TOP-LEVEL DOMAINS, ABOUT WHATEVER, ABOUT HOW TO SPEND ITS FUNDING, THEY SHOULD BE MADE BY STEPPING BACK AND THINKING, WELL, NEVERMIND THE PEOPLE WE KNOW INTIMATELY WHO ARE INVOLVED IN THAT DECISION BUT LET'S THINK ABOUT THE PLAN AS A WHOLE. WHAT IS BEST FOR HUMANITY AS A WHOLE? THAT SHOULD GUIDE EVERY DECISION THAT ICANN MAKES.
>OBVIOUSLY, ONE OF THE THINGS THAT ICANN DOES IS IT HAS FUNDS TO SPEND AND SO PARTLY IT CAN FURTHER THE WORLD BY SPENDING THOSE IN A BENEFICIAL WAY SUCH AS SUPPORTING -- WELL, SUPPORTING STANDARDIZATION, SUPPORTING HARDENING WEB TECHNOLOGY, SUPPORTING PIECES OF TECHNOLOGY LIKE THAT, THE INTERNATIONALIZATION OF THE TECHNOLOGY, KEEPING IT SO IT WORKS WITH EVERY CULTURE AND LANGUAGE, ACCESSIBILITY FOR PEOPLE WITH DISABILITIES AND, OF COURSE, CLOSING THE DIGITAL DIVIDE FOR REALLY IMPORTANT AGENDAS WHICH ICANN CAN THINK ABOUT SUPPORTING.
>THE INTERNET HAS THRIVED FROM THE EMPOWERMENT OF CAPABLE AND PUBLIC-SPIRITED PEOPLE. INITIALLY, THEY WERE FROM THE TECHNICAL COMMUNITY AND ACADEMIA BUT MORE RECENTLY THE WHOLE PRIVATE SECTOR, CIVIL SOCIETY AND GOVERNMENTS. WE NEED INTERNET GOVERNMENTS WHICH ALLOWS EACH COMMUNITY TO BRING ITS PARTICULAR STRENGTHS TO THE TABLE BUT ALLOWS NONE OF THEM TO ELEVATE ITS OWN INTEREST ABOVE THE PUBLIC GOOD.
>FIVE YEARS AGO, RELATIVELY RECENTLY IN INTERNET TIME, SOME OF US REALIZE THAT ALL THE TECHNICAL WORK WE WERE DOING WAS WONDERFUL BUT IT WAS EVERY SINGLE THING DID WAS INCREASING THE DIGITAL DIVIDE, INCREASING THE GAP BETWEEN THE POWER OF THE PEOPLE WHO HAD THE WEB AND DID NOT HAVE IT. SO AT THAT POINT, WE STARTED THE WORLDWIDE WEB FOUNDATION ABOUT WHICH YOU ALREADY HEARD SOME TO MAKE SURE THAT THE WEB -- WELL, YES, THAT IT GETS TO, FOR EXAMPLE, THE 60% OF THE PEOPLE WHO IN THE WORLD WHO DON'T HAVE IT AT ALL BUT ALSO FOR THE PEOPLE WHO HAVE IT, THAT IT REALLY IS THE WEB THAT WE WOULD WANT, THE WEB HAS NOW BECOME AN ESSENTIAL PUBLIC UTILITY SO WE HAVE TO REGARD IT AS SUCH.
>MUCH OF OUR TRADITIONAL THINKING ABOUT HUMAN RIGHTS APPLIES DIRECTLY TO EVERYTHING ON THE INTERNET SUCH AS FREE EXPRESSION. BUT NEW THINGS BECOMING IMPORTANT IN THE NETWORK CONTEXT, NET NEUTRALITY MEANS KEEPING THE NET FREE FROM DISCRIMINATION, BE IT COMMERCIAL OR POLITICAL.
>THE INNOVATIVE EXPLOSION WHICH HAPPENED ACROSS THE NET OVER THE LAST 25 YEARS HAS HAPPENED ONLY BECAUSE THAT NET HAS BEEN NEUTRAL. THE SOCIAL GROUND-BREAKING SENSE OF POSSIBILITY THAT WE CAN UNDERSTAND EACH OTHER AND POSSIBLY LIVE IN PEACE RELIES ON AN OPEN NET. OH, AND THANKS TO EVERYBODY WHO HAS EVER HELD UP A BANNER IN ANY FORUM ABOUT PUSHING FOR THE OPEN NET AND PUSHING AGAINST LAWS WHICH RESTRICT THE OPEN NET.
>SO THAT SENSE OF EXCITEMENT WHICH WE ALL HAVE GIVES US ALSO A RESPONSIBILITY THAT WE MUST KEEP THE NET NEUTRAL -- THE NET AS A NEUTRAL PLATFORM IN THE FUTURE.
>FREEDOM OF EXPRESSION IS A CRUCIAL RIGHT BUT IT HAS TO BE COUPLED ON THE NETWORK WITH A COMPLIMENTARY RIGHT TO PRIVACY AS, MADAM PRESIDENT, YOU HAVE POINTED OUT BEFORE AND HAVE ALREADY BEEN QUOTED TODAY.
>SO I WON'T QUOTE YOU AGAIN, BUT I WOULD, YES, AGREE THAT THERE ARE A LOT OF PEOPLE THAT ARE WORRIED ABOUT SURVEILLANCE AND FEEL IT IS PERHAPS THE MOST IMMEDIATE THREAT. IT FEELS THE MOST IMMEDIATE THREAT. AND, OF COURSE, SURVEILLANCE ALL AFFECTS THE INTERNET, IT IS ONE OF THE MORE INSIDIOUS ONES BECAUSE YOU DON'T SEE IT HAPPENING UNLIKE CENSORSHIP.
>IT IS GREAT TO BE BACK IN BRAZIL TODAY, NOT JUST BECAUSE BRAZIL IS A WONDERFUL COUNTRY AND ONE WHICH HAS HAD A REALLY VIBRANT SENSE OF WHAT OPPORTUNITY ON THE NET BUT, OF COURSE, ESPECIALLY TODAY IS A SPECIAL DAY. YESTERDAY WAS A VERY SPECIAL DAY, THE MARCO CIVIL GOING THROUGH IS WONDERFUL. A FANTASTIC EXAMPLE OF HOW GOVERNMENTS COMPARE POSITIVE ROLE IN ADVANCING WEB RIGHTS AND KEEPING THE WEB OPEN. YES, EUROPEANS ALSO CELEBRATE, THE EUROPEAN PARLIAMENT PASSING LEGISLATION PROTECTING USERS ON THE WEB. WELL DONE. SO TWO DATA POINTS THAT SUGGEST WE ARE MAKING PROGRESS. THAT IS GREAT, BUT, BOY, WE HAVE GOT A HUGE WAY THE PRINCIPLES OF HUMAN RIGHTS ON THE NET ARE NEW AND THEY'RE NOT UNIVERSALLY ACCEPTED.
>THE WEB BECOMES EVER MORE EXCITING WITH EVERY ADVANCING TECHNOLOGY LIKE MOBILE WEB AND SO ON, BUT 60% OF THE WEB -- OF THE POPULATION CAN'T USE THE WEB AT ALL.
>AS THE WEB GIVES PEOPLE GREATER AND GREATER POWER, INDIVIDUALLY AND COLLECTIVELY, SO MANY FORCES ARE ABUSING OR THREATEN TO ABUSE THE NET AND ITS CITIZENS. THE WEB THAT WE WILL HAVE IN ANOTHER 25 YEARS' TIME IS, BY NO MEANS, CLEAR. BUT IT IS COMPLETELY UP TO US TO DECIDE WHAT WE WANT TO MAKE THAT WEB, WHAT WE WANT TO MAKE THAT WORLD.
>THAT'S WHY I'M ASKING WEB USERS AROUND THE WORLD, NOT JUST PEOPLE HERE IN THIS CONFERENCE ROOM AND THE OTHER CONFERENCE ROOMS WHERE THIS IS BEING RELAYED, NOT JUST PEOPLE IN THIS CONFERENCE BUT PEOPLE ALL OVER THE WORLD, TO GO AND THINK ABOUT WHAT YOU WANT AND TO FIND SOME SORT OF GLOBAL MAGNA CARTA FOR THE INTERNET. THAT IS WHY --
>[APPLAUSE ] >>TIM BERNERS-LEE: THAT IS WHY I'M ASKING COUNTRIES EVERYWHERE TO FOLLOW BRAZIL'S EXAMPLE AND EUROPE'S EXAMPLE AND DEVELOP POSITIVE LAWS THAT PROTECT AND EXPAND THE RIGHTS OF USERS IN AN OPEN, FREE, AND UNIVERSAL WEB.
>[APPLAUSE ]
>>>TIM BERNERS-LEE: THANK YOU.
>[APPLAUSE ] >> LADIES AND GENTLEMEN, THE PRESIDENT OF THE REPUBLIC HAS APPROVED A LAW THAT GUARANTEES THE RIGHTS AND DUTIES FOR THE USE OF INTERNET IN THE WORLD.
>[CHEERS AND APPLAUSE ] >>H.E. DILMA ROUSSEFF: GOOD MORNING TO ONE AND ALL. I WOULD LIKE TO THANK THOSE WHO SPOKE BEFORE ME FOR PERFECTLY PRONOUNCING "GOOD MORNING" IN PORTUGUESE, (NON-ENGLISH WORD OR PHRASE) AS VOICED BY OUR DEAR REPRESENTATIVE FROM AFRICA, NNENNA NWAKANMA.
>THANK YOU VERY MUCH FOR PERFECTLY PRONOUNCING (NON-ENGLISH WORD OR PHRASE) IN BRAZILIAN PORTUGUESE. GOOD MORNING.
>AND BY GREETING HER, I WOULD LIKE TO EXTEND MY GREETINGS TO ALL WOMEN WHO ARE CURRENTLY ACTIVE ON THE WEB. BOTH THE GIRLS AND THE GUYS WHO ARE EQUALLY ACTIVE ON THE WEB.
>GREETINGS, LIKEWISE, TO THE MAYOR OF SAO PAULO WHO HAS SO KINDLY WELCOMED US, AND ABOVE ALL, I WOULD RECYCLE TO, FIRST OF ALL, GREET TWO MEMBERS OF CONGRESS FROM BRAZIL. NAMELY MR. (SAYING NAME) REPRESENTING THE HOUSE OF REPRESENTATIVES WHO SERVED AS RAPPORTEUR OF THE BILL OF LAW WHICH LED UP TO THE PASSING YESTERDAY OF THE INTERNET CIVIL FRAMEWORK, AS WELL AS REPRESENTATIVE -- RATHER SENATOR (SAYING NAME), AND THROUGH HIM, I WOULD LIKE TO FURTHER EXTEND MY GREETINGS, LIKEWISE, TO THE SENATE RAPPORTEURS WHO WERE ABLE TO PASS THE PIECE OF LAW IN A RECORD TIME, SENATOR (SAYING NAME), SENATOR (SAYING NAME), AND SENATOR (SAYING NAME). THANK YOU.
>AND SO SENATOR (SAYING NAME) AND TO REPRESENTATIVE (SAYING NAME), I WOULD LIKE TO VOICE MY THANKS FOR YOUR EFFORTS IN PASSING THE INTERNET CIVIL FRAMEWORK.
>GREETINGS, LIKEWISE, TO THE SECRETARY-GENERAL OF THE UNITED NATIONS, HONG BO. SPECIAL GREETINGS LIKEWISE TO THE INVENTOR OF THE INTERNET, TIM BERNERS-LEE.
>I WOULD LIKE TO GREET THE VICE PRESIDENT OF GOOGLE, AND A KEY PERSON -- RATHER A KEY PERSON IN THE ESTABLISHMENT OF THE INTERNET, MR. CERF.
>GREETINGS, ONCE AGAIN, TO MR. (SAYING NAME) WHO, ON OCTOBER THE 8TH LAST YEAR, 2013 -- CORRECT, FADI, IF I'M NOT MISTAKEN, WE MET IN BRAZIL YEAH AND ON THAT OCCASION DURING THAT MEETING WITH YOU THE SEMINAL IDEA SURFACED OF ESTABLISHING THIS INTERNET GOVERNANCE SUMMIT MEETING THAT IS REALIZED HERE TODAY, SO THANK YOU VERY MUCH AN ALL OF YOU, INCLUDING CABINET MINISTERS AND FOREIGN DELEGATES ATTENDING THIS SESSION TODAY. ---
>MAY I ALSO USE THE OPPORTUNITY ---
>MAY I ALSO USE THE OPPORTUNITY TO GREET ALL CABINET MINISTERS WHO HAVE BEEN ACTIVELY INVOLVED IN THE PROCESS THAT LED UP TO THE PASSING OF THE INTERNET GOVERNANCE CIVIL FRAMEWORK, AN EFFORT WHICH OF COURSE INVOLVED ALL STAKEHOLDERS AND SOCIETY.
>SPECIAL THANKS TO MINISTER OF FOREIGN AFFAIRS, AMBASSADOR (SAYING NAME), MINISTER OF JUSTICE CARDOZO, ALSO MINISTER OF COMMUNICATIONS, MINISTER OF SCIENCE AND TECHNOLOGY, (SAYING NAME), AND MAY I ALSO GREET AND THANK SENATOR AND MINISTER OF CULTURE (SAYING NAME) AS WELL AS THE BRAZILIAN SECRETARY-GENERAL OF THE PRESIDENT'S OFFICE, (SAYING NAME). GREETINGS LIKEWISE TO ALL ATTENDEES, PARTICULARLY THE MEDIA PROFESSIONALS, JOURNALISTS, PHOTOGRAPHERS, AND CAMERAMEN AND WOMEN.
>MAY I SAY THAT YOU ARE ALL MOST WELCOME TO BRAZIL.
>AS ATTENDEES TO THIS GLOBAL MULTISTAKEHOLDER MEETING ON THE FUTURE OF INTERNET GOVERNANCE, THE SO-CALLED NETmundial AS WE CALL IT IN PORTUGUESE.
>AT THIS POINT IN TIME I WOULD ALSO LIKE TO VOICE MY GREETINGS TO THE ORGANIZERS, I.E., THE INTERNET MANAGEMENT OR MANAGING COMMITTEE AS WELL AS THE 1net COMMITTEE. IT GIVES ME GREAT JOY TO SEE IN THIS PLENARY HALL REPRESENTATIVES OF ALL DIFFERENT SECTORS WHO -- OR WHICH ARE IN ONE WAY INVOLVED IN THE INTERNET GOVERNANCE.
>IN THIS HALL TODAY, WE HAVE CIVIL SOCIETY, ACADEMIA, MEMBERS OF THE TECHNICAL COMMUNITY, BUSINESSES, AND GOVERNMENTS AT LARGE.
>THIS HEALTHY DIVERSITY -- AND I STRESS IT IS A HEALTHY DIVERSITY -- IS ALSO A HALLMARK OF THOSE GROUPS THAT HAVE JOINED US THROUGH THE INTERNET AND THIS MEETING, AND I WOULD LIKE TO USE THE OPPORTUNITY TODAY TO ESTABLISH A DIALOGUE ON THE ISSUES AND THE PURPOSES THAT BRING US TOGETHER IN SAO PAULO TODAY.
>BACK IN MID-2013 WHEN THE REVELATION SURFACED ON THE COMPREHENSIVE MECHANISMS FOR COLLECTIVE MONITORING OF COMMUNICATIONS CAUSED ANGER AND REPUDIATION IN VAST CIRCLES OF PUBLIC OPINION BOTH IN BRAZIL AND IN THE WORLD AT LARGE, IN BRAZIL CITIZENS, COMPANIES, DIPLOMATIC REPRESENTATIONS AND EVEN THE PRESIDENCY OF THE REPUBLIC ITSELF WERE TARGETED, AND THEIR COMMUNICATIONS INTERCEPTED.
>THESE EVENTS ARE NOT ACCEPTABLE. WERE NOT ACCEPTABLE IN THE PAST AND REMAIN UNACCEPTABLE TODAY, IN THAT THEY ARE AN AFFRONTMENT AGAINST THE VERY NATURE OF THE INTERNET AS A DEMOCRATIC, FREE, AND PLURALISTIC PLATFORM.
>THE INTERNET WE WANT IS ONLY POSSIBLE IN A SCENARIO WHERE HUMAN RIGHTS ARE RESPECTED. PARTICULARLY THE RIGHT TO PRIVACY AND TO ONE'S FREEDOM OF EXPRESSION.
>ACCORDINGLY, IN MY ADDRESS TO THE 68TH GENERAL ASSEMBLY OF THE UNITED NATIONS, I PUT FORTH A PROPOSAL TO TACKLE SUCH PRACTICES. I THEN PROPOSED A DISCUSSION ON ESTABLISHING A GLOBAL CIVIL FRAMEWORK FOR INTERNET GOVERNANCE AND USE, AS WELL AS MEASURES TO ENSURE ACTUAL PROTECTION OF DATA THAT TRAVELS THROUGH THE INTERNET.
>ALSO, WORKING TOGETHER WITH GERMAN CHANCELLOR ANGELA MERKEL WE SUBMITTED TO THE UNITED NATIONS A DRAFT RESOLUTION ON THE RIGHT TO PRIVACY IN THE DIGITAL AGE.
>BY CONSENSUS, THE RESOLUTION WAS PASSED AS PROPOSED AND WE ALSO PASSED A CALL FOR STATES TO DISCONTINUE ANY ARBITRARY OR ILLEGAL COLLECTION OF PERSONAL DATA AND TO ENFORCE USERS' RIGHTS TO PRIVACY.
>I SHOULD ACTUALLY STRESS THE FACT THAT THE SAME RIGHTS THAT PEOPLE ARE ENTITLED TO OFFLINE OR IN THE OFFLINE WORLD SHOULD BE LIKEWISE PROTECTED ON THE ONLINE WORLD.
>THIS MEETING TODAY, NETMUNDIAL, PROVIDES FURTHER MOMENTUM TO THAT EFFORT. THIS MEETING ALSO LIVES UP TO A GLOBAL YEARNING AS WE PROPOSE CHANGES IN THE CURRENT STATE OF AFFAIRS AND FOR AN ONGOING CONSISTENT STRENGTHENING OF FREEDOM OF EXPRESSION ON THE INTERNET AS WELL AS EFFORTS TO ULTIMATELY PROTECT BASIC HUMAN RIGHTS, AS IS THE CASE OF ONE'S RIGHT TO PRIVACY. AND WITHOUT THE SHADOW OF A DOUBT, THAT IS ALSO THE CASE OF ONE'S RIGHT TO PROPER TREATMENT OF WEB-BASED DISCUSSIONS IN A RESPECTFUL FASHION, TO ENSURE ITS OPEN, DEMOCRATIC NATURE. WE HAVE ALL TO SAO PAULO, THEREFORE, WITH A SHARED PURPOSE, THE PURPOSE OF ENHANCING AND DEMOCRATIZING INTERNET GOVERNANCE BY MEANS OF CONSENSUS BUILDING. AND I MEAN CONSENSUS AROUND PRINCIPLES, AND ON A ROADMAP TO BE DEVELOPED FOR ITS FUTURE EVOLUTION.
>A POINT I'D LIKE TO MAKE PLAIN AND CLEAR IS THAT THE IDEA HERE IS NOT, OF COURSE, TO REPLACE FOR THE COUNTLESS FORA OUT THERE THAT ALREADY ADDRESS THE TOPIC OR THE MATTER AT HAND TODAY. THE IDEA, RATHER, IS TO LEND A NEW MOMENTUM TO THE ONGOING DISCUSSIONS IN A MUCH NEEDED SENSE OF URGENCY.
>WE, THEREFORE, WORK FROM TWO PREMISES OR KEY ASSUMPTIONS.
>THE FIRST SUCH PREMISE IS THAT WE ALL WANT TO PROTECT THE INTERNET AS A SPACE, AVAILABLE TO ALL, AS A SHARED ASSET, AND AS SUCH, TRULY HERITAGE OF HUMANKIND, MORE THAN SIMPLY A WORK TOOL AND WAY BEYOND ITS WELL-KNOWN CONTRIBUTION FOR ECONOMIC GROWTH, PROVIDED, OF COURSE, THAT IT BE INCREASINGLY INCLUSIVE AND THE FACT IS THAT THE INTERNET HAS ENABLED THE CONSTANT REINVENTION OF THE WAY PEOPLE AND INSTITUTIONS INTERACT, PRODUCE CULTURE, AND ORGANIZE THEMSELVES, EVEN POLITICALLY.
>AN OPEN AND DECENT NETWORK ARCHITECTURE FAVORS GREATER ACCESS TO KNOWLEDGE. IT HELPS MAKE COMMUNICATIONS MORE DEMOCRATIC AND ALSO FOSTERS CONSTANT INNOVATION. THESE BASIC FEATURES ARE THE FEATURES THAT WE WANT AND THAT SHOULD BE PRESERVED UNDER ANY CIRCUMSTANCES, AND IN ANY SCENARIO, IN ORDER TO ULTIMATELY GUARANTEE THE FUTURE OF THE INTERNET AND, THUS, BOOST ITS TRANSFORMATIVE EFFECTS FOR AND IN SOCIETIES.
>THE SECOND PREMISE OR ASSUMPTION IS THE DESIRE WE ALL SHARE TO INCORPORATE AN INCREASINGLY BROADER AUDIENCE INTO THIS PROCESS.
>OUR COMMITMENT TO AN OPEN AND INCLUSIVE DEBATE HAS GUIDED THE EFFORTS TO ORGANIZE THIS MEETING IN SAO PAULO TODAY. ALL DIFFERENT WALKS OF LIFE HAVE TAKEN PART IN ITS PREPARATION AND ARE DULY REPRESENTED IN THIS PLANE HALL TODAY.
>WE ARE TALKING ABOUT THOUSANDS OF PARTICIPANTS FROM ALL OVER THE WORLD WHO ARE JOINED BY VIRTUAL CONNECTIONS IN SEVERAL DIFFERENT POINTS OF THE PLANET.
>THE TOPICS TO BE DISCUSSED HAVE BEEN THE SUBJECT OF BROAD AND PRIOR INTERNATIONAL PUBLIC CONSULTATION AND HAVE RECEIVED INPUTS FROM PLAYERS OR STAKEHOLDERS LOCATED IN SEVERAL DIFFERENT COUNTRIES AND IN DIFFERENT GEOGRAPHIES.
>THESE PROPOSALS IN TURN, OR INPUTS, HAVE SERVED AS THE FOUNDATION TO DEVELOP A DRAFT DOCUMENT, THE DRAFT DOCUMENT TO BE DISCUSSED AND FURTHER ENHANCED HERE IN THE NEXT FEW DAYS.
>I WOULD LIKE TO WELCOME THE WORK CONDUCTED BY THE EXECUTIVE METRIC SECTORAL COMMUNITY AS WELL AS THE HIGH-LEVEL MULTISTAKEHOLDER COMMITTEE FOR THIS JOINT EFFORT.
>THE INTEREST OF BRAZILIANS IN THE INTERNET IS REFLECTED ON THE SUBSTANTIAL PARTICIPATION OF BRAZILIAN NATIONALS IN THE DOMESTIC PUBLIC CAPTION AS FACILITATED BY THE.BR PORTAL. AT THIS TIME, CIVIL SOCIETY IS ORGANIZED IN THIS FORUM, THE SO-CALLED NETmundial ARENA, WHICH IS THE BRAZILIAN LOCUS FOR ACCESS TO TODAY'S SESSIONS.
>MAY I REMIND ALL THE LADIES AND GENTLEMEN AND FRIENDS ATTENDING THIS SESSION THAT BRAZIL ADVOCATES THAT INTERNET GOVERNANCE SHOULD BE MULTISTAKEHOLDER, MULTILATERAL, DEMOCRATIC, AND TRANSPARENT IN NATURE.
>IT IS OUR VIEW THAT THE MULTISTAKEHOLDER MODEL IS THE BEST WAY TO EXERCISE INTERNET GOVERNANCE.
>VERY MUCH IN ACCORDANCE WITH THAT VIEW, OUR LOCAL GOVERNANCE SYSTEM WHICH HAS BEEN IN OPERATION FOR 20 YEARS HAS RELIED ON ACTUAL PARTICIPATION OF REPRESENTATIVES FROM CIVIL SOCIETY, MEMBERS OF ACADEMIA, THE BUSINESS COMMUNITY, AND THE GOVERNMENT AT LARGE AT THE INTERNET GOVERNANCE -- OR AT THE INTERNET MANAGEMENT COMMITTEE.
>FULLY IN LINE WITH WHAT I JUST SAID, I ALSO ATTACH A GREAT DEAL OF IMPORTANCE TO THE MULTILATERAL PERSPECTIVE, ACCORDING TO WHICH GOVERNMENT PARTICIPATION SHOULD OCCUR ON AN EQUAL FOOTING AMONG GOVERNMENTS IN SUCH A WAY AS TO ENSURE THAT NO COUNTRY WILL HAVE OR BEAR GREATER WEIGHT VIS-A-VIS OTHER COUNTRIES.
>[APPLAUSE ] >>H.E. DILMA ROUSSEFF: OUR ADVOCACY OF THE MULTILATERAL MODEL IS THE NATIONAL CONSEQUENCE OF AN ELEMENTARY PRINCIPLE THAT SHOULD GOVERN TODAY'S INTERNATIONAL RELATIONS AS ENSHRINED IN THE BRAZILIAN FEDERAL CONSTITUTION. I'M TALKING ABOUT EQUALITY AMONG STATES.
>WE, THEREFORE, SEE NO OPPOSITION WHATSOEVER BETWEEN MULTI- -- OR THE MULTILATERAL AND THE MULTISTAKEHOLDER NATURE OF THE INTERNET. ACTUALLY, THE OPPOSITE OF THAT WOULD BE A ONE-SIDED UNILATERAL INTERNET WHICH IS UNTENABLE.
>AN INTERNET THAT IS ULTIMATELY SUBJECT TO INTERGOVERNMENTAL ARRANGEMENTS THAT EXCLUDE OTHER SECTORS OF SOCIETY IS NOT DEMOCRATIC.
>MULTISTAKEHOLDER ARRANGEMENTS THAT ARE IN TURN SUBJECT TO OVERSIGHT BY ONE OR FEW STATES ARE NOT ACCEPTABLE EITHER.
>WE TRULY WANT TO MAKE RELATIONS BETWEEN GOVERNMENTS AND SOCIETIES MORE DEMOCRATIC, AS WELL AS THE RELATIONS AMONG GOVERNMENTS. WE WANT MORE, NOT LESS, DEMOCRACY.
>THE TASK OF PROVIDING A GLOBAL DONATION TO THE ORGANIZATIONS THAT ARE CURRENTLY RESPONSIBLE FOR CENTRAL FUNCTIONS OF THE INTERNET IS NOT ONLY NECESSARY, BUT ALSO AN UN-POSTPONABLE TASK.
>THE COMPLEXITY OF THE TRANSITION AT HAND, WHICH ON THE ONE HAND INVOLVES JURISDICTIONAL COMPETENCE, AS WELL AS ACCOUNTABILITY AND AN AGREEMENT WITH MULTIPLE STAKEHOLDERS, DOES NOT, NEVERTHELESS, MAKE IT LESS URGENT A TASK.
>THAT IS WHY I'D LIKE TO AGAIN WELCOME THE RECENTLY VOICED INTENTION OF THE UNITED STATES GOVERNMENT TO REPLACE ITS INSTITUTIONAL LINKAGE WITH THE AUTHORITY FOR -- OR WITH THE INTERNET AUTHORITY FOR NUMBER ASSIGNMENT, IANA, AND THE INTERNET CORPORATION FOR NAMES AND NUMBER ASSIGNMENTS, ICANN, BY A GLOBAL MANAGEMENT OF THESE INSTITUTIONS FROM NOW ONWARDS, A NEW INSTRUMENTAL AND LEGAL ARRANGEMENT OF THE ISDN UNDER THE RESPONSIBILITY OF IANA AND ICANN SHOULD BE BUILT IN SUCH A WAY AS TO INCLUDE BROAD-RANGING INVOLVEMENT OF ALL SECTORS THAT HAVE AN INTEREST IN THE MATTER WAY BEYOND THE TRADITIONAL STAKEHOLDERS OR PLAYERS.
>EACH SECTOR, OF COURSE, PERFORMS DIFFERENT ROLES BASED ON LIKEWISE DIFFERENTIATED RESPONSIBILITIES.
>THE OPERATIONAL MANAGEMENT OF THE INTERNET SHOULD CONTINUE BEING LED BY ITS TECHNICAL COMMUNITY. MAY I, AT THIS POINT, VOICE MY PUBLIC RECOGNITION -- AND THIS IS ON BEHALF OF MY GOVERNMENT -- TO THESE PEOPLE WHO DEVOTE THEIR TIME AND ENERGY ON A DAY-TO-DAY BASIS TO KEEPING THE INTERNET AS AN OPEN, STABLE, AND SECURE PLATFORM, A KEY EFFORT WHICH REMAINS LARGELY INVISIBLE IN THE EYES OF MOST OF US END USERS.
>MATTERS PERTAINING TO SOVEREIGNTY SUCH AS CYBERCRIME, BREACH OF RIGHTS, ECONOMIC ISSUES OR TRANSNATIONAL ECONOMIC ISSUES, AND THREATS OF CYBER-ATTACKS ARE THE PRIMARY RESPONSIBILITY OF STATES.
>THE TASK AT HAND IS, ABOVE ALL, TO ENSURE THAT STATES WILL HAVE AT THEIR AVAIL THE TOOLS THAT WILL ALLOW THEM TO FULFILL THEIR RESPONSIBILITIES BEFORE THEIR CITIZENS, TO INCLUDE THE GUARANTEE OF FUNDAMENTAL RIGHTS. RIGHTS WHICH ARE ENSURED OFFLINE SHOULD BE EQUALLY INSURED ONLINE.
>THESE RIGHTS THRIVE UNDER THE SHELTER AND NOT IN THE ABSENCE OF THE STATE.
>IN ORDER FOR THE GLOBAL INTERNET GOVERNANCE TO BE TRULY DEMOCRATIC, MECHANISMS ARE REQUIRED TO ENABLE GREATER PARTICIPATION OF DEVELOPING COUNTRIES IN ALL DIFFERENT SECTORS.
>THE MATTERS THAT ARE IN THE INTEREST OF THESE COUNTRIES THAT ARE THE HEAVY-DUTY USERS OF THE INTERNET, TOPICS SUCH AS, FOR EXAMPLE, EXPANDING CONNECTIVITY, ACCESSIBILITY, AND THE RESPECT TO DIVERSITY, SHOULD BE CENTRAL ON THE INTERNATIONAL AGENDA.
>IT IS NOT ENOUGH FOR FORA TO BE OPEN FROM A PURELY FORMAL STANDPOINT. WE MUST FURTHER IDENTIFY AND REMOVE THE VISIBLE AND INVISIBLE BARRIERS TO ACTUAL PARTICIPATION OF THE ENTIRE POPULATION OF EVERY COUNTRY OR ELSE WE WOULD BE ULTIMATELY RESTRICTING OR LIMITING THE DEMOCRATIC ROLE AND THE SOCIAL AND CULTURAL REACH OF THE INTERNET.
>THE EFFORT AT HAND FURTHER REQUIRES THAT THE INTERNET GOVERNANCE FORUM BE FURTHER STRENGTHENED AS A DIALOGUE FORUM CAPABLE OF PRODUCING RESULTS AND RECOMMENDATIONS.
>IT ALSO REQUIRES A COMPREHENSIVE, BROAD-RANGING REVIEW OF THE 10 YEARS FOLLOWING THE SUMMIT -- WORLD SUMMIT MEETING OF INFORMATION SOCIETY AS WELL AS A DEEPER DISCUSSION ON ETHICS AND PRIVACY AT THE UNESCO LEVEL.
>GIVEN THE ABOVE, MAY I SAY THAT WE ARE STRONG BELIEVERS THAT THE CYBER-SPACE -- AND I'M SURE THAT BELIEF IS SHARED BY ALL OF US -- THE CYBER-SPACE SHOULD BE THE TERRITORY OF TRUST, HUMAN RIGHTS, CITIZENSHIP, COLLABORATION, AND PEACE.
>TO ACHIEVE THESE OBJECTIVES, WE MUST AGREE ON BASIC PRINCIPLES THAT WILL ULTIMATELY GUIDE INTERNET GOVERNANCE.
>AS REGARDS PRIVACY, THE RESOLUTION PASSED BY THE UNITED NATIONS ORGANIZATION WAS AN IMPORTANT STEP IN THE RIGHT DIRECTION, BUT WE MUST -- BUT WE STILL HAVE MUCH PROGRESS TO MAKE.
>ANY DATA COLLECTION OR TREATMENT SHOULD ONLY BE CARRIED OUT WITH FULL AGREEMENT OF THE PARTIES INVOLVED OR AS LEGALLY PROVIDED FOR.
>HOWEVER, THE DISCUSSION ON PRINCIPLES IS MUCH MORE COMPREHENSIVE. IT SHOULD -- AND I STRESS IT SHOULD -- INCLUDE UNIVERSAL INTERNET ACCESS, WHICH IS ABSOLUTELY KEY FOR THE WEB TO SERVE AS A TOOL FOR HUMAN AND SOCIAL DEVELOPMENT SO AS TO ULTIMATELY HELP BUILD INCLUSIVE, NONDISCRIMINATORY SOCIETIES.
>IT SHOULD ALSO INCLUDE FREEDOM OF EXPRESSION AND NET NEUTRALITY AS AN SINE BRAZIL HAS ITS CONTRIBUTIONS TO MAKE FOLLOWING A BROAD RANGING DISCUSSION, DOMESTIC PROCESS THAT HAS ULTIMATELY LED TO THE PASSING OF THE INTERNET CIVIL FRAMEWORK ACT AS PASSED YESTERDAY BY CONGRESS IN WHICH I HAD THE HONOR OF SANCTIONING JUST A FEW MINUTES AGO. THE LAW -- AND I MAY QUOTE TIM BERNERS-LEE WHO QUOTED THE LAW AS A PRESIDENT TO THE WEB ON THE OCCASION OF THE 20th -- OR 25th ANNIVERSARY AS SUCH THE LAW CLEARLY SHOWS THE FEASIBILITY AND SUCCESS OF OPEN MULTISECTORIAL DISCUSSIONS AS WELL AS THE INNOVATIVE USE OF THE INTERNET AS PART OF ONGOING DISCUSSIONS AS A TOOL AND A INTERACTIVE DISCUSSION PLATFORM.
>I THINK IT IS FAIR TO SAY THAT THE PROCESS THAT LED UP TO THE CIVIL FRAMEWORK ACT CAN BE DESCRIBED AS A VIRTUOUS PROCESS IN THAT OUR CIVIL FRAMEWORK, AS IT CURRENTLY STANDS, HAS BEEN EVEN FURTHER APPRECIATED GIVEN THE PROCESS THAT PRECEDED THE EFFORTS TO ESTABLISH IT AS SUCH.
>MAY I, THEREFORE, CALL TO MIND THAT OUR CIVIL FRAMEWORK ESTABLISHES PRINCIPLES, GUARANTEES AND USER RIGHTS, CLEARLY ASSIGNING DUTIES AND RESPONSIBILITIES OF THE DIFFERENT STAKEHOLDERS AND GOVERNMENT AGENCIES ON AN ONLINE ENVIRONMENT. AND EQUALLY IMPORTANT, IT ENSHRINES NETWORK NEUTRALITY AS A KEY PRINCIPLE, A MAJOR GAIN WHICH WE WERE ABLE TO MATERIALIZE AS A CONSENSUS IN THE PROCESS.
>IT ENSHRINES NETWORK NEUTRALITY BY ESTABLISHING THE TELECOMMUNICATIONS COMPANY SHOULD TREAT ANY DATA PACKAGES ON IN A --- FASHION WITH ACCOUNT TO AGENT, DESTINATION, SERVICE, TERMINAL OR APPLICATION. THE LAW OR FRAMEWORK AS HAS TRULY ENSHRINED NETWORK NEUTRALITY. FURTHERMORE, COMPANIES MAY NOT BLOCK, MONITOR, FILTER OR ANALYZE THE CONTENT OF DATA PACKAGES.
>THE CIVIL FRAMEWORK PROTECTS CITIZENS' PRIVACY IN THE ONLY IN THE RELATION WITH THE GOVERNMENTS BUT ALSO WITH RELATION WITH THE INTERNET COMPANIES. COMMUNICATIONS ARE, BY DEFINITION, NON-VIABLE EXCEPT BY A SPECIFIC COURT ORDER TO THAT EFFECT. THE RECENTLY PASSED LAW FURTHER CONTAINS CLEAR RULES GOVERNING WITHDRAWAL OF CONTENT FROM THE INTERNET. ALWAYS, OF COURSE, WITH A VIEW TO ENSURING THAT THE APPLICABLE COURT ORDERS BE AVAILABLE.
>THE CIVIL NETWORK IS AN EXAMPLE OF THE FACT THAT THE INTERNET DEVELOPMENT CANNOT DO IT WITHOUT A DISCUSSION PROCESS AND THE INVOLVEMENT OF NATIONAL STATES. AS SUCH, IT STANDS AS AN INNOVATIVE BENCHMARK MILESTONES BECAUSE IN ITS DEVELOPMENT PROCESS, WE HEARD THE VOICES OF THE STREETS, THE NETWORKS AND OF DIFFERENT INSTITUTIONS.
>FOR ALL OF THE ABOVE, IT IS OUR FIRM CONVICTION THAT ON A NETWORK, EACH NODE MATTERS. THE LARGE NODES SUCH AS THE MEGA PORTALS TO WHICH A SUBSTANTIAL AMOUNT OF WORLD TRAFFIC CONVERGES AND SMALL NODES ARE EQUALLY IMPORTANT.
>AT THIS TIME, I WOULD LIKE TO BRING TO THE FORE A KEY FUNDAMENTAL ISSUE AND TALK ABOUT THE FACT THAT THIS COUNTRY HAS TAKEN A MAJOR STEP FORWARD AS PART OF THE ONGOING PROCESS WHEREBY WE NOT ONLY INCLUDE BUT ALSO GUARANTEE A STEADY STREAM OF INCOME TO A SUBSTANTIAL SHARE OF THE POPULATION.
>INCOME AND ACCESS ARE EQUALLY IMPORTANT. WE BELIEVE THAT IT IS EQUALLY IMPORTANT TO ENSURE WE HAVE PLACE IN SOCIETY WHERE CITIZENS HAVE THEIR OWN VIEWS AND THEY ARE ABLE TO VOICE THEIR VIEWS FREELY. HENCE, THE INVALUABLE DEGREE OF IMPORTANCE WE ATTACH TO THE INTERNET IN OUR SOCIETY.
>WE ALSO HAVE YET ANOTHER MAJOR ASSET. I'M TALKING ABOUT BRAZIL'S ETHNIC CULTURAL, POLITICAL AND RELIGIOUS DIVERSITY. IT IS OURS TO NOT ONLY RESPECT BUT ALSO PROMOTE AND FOSTER OUR CULTURAL DIVERSITY. WE DO NOT WISH TO IMPOSE BELIEFS, CUSTOMS, VALUES OR POLITICAL VIEWS ON ANYONE.
>MAY I PARTICULARLY HIGHLIGHT THE THOUSANDS OF USERS THAT MULTIPLY ON A DAY-TO-DAY BASIS NOT ONLY HERE BUT IN ALL THE DEVELOPING COUNTRIES IN THE OUTSKIRTS OF LARGE URBAN AREAS AND ALSO IN TRADITIONAL COMMUNITIES OUT THERE. ALL OF THESE NEW USERS ENRICH THE NETWORK WITH NEW ALTERNATIVE IDEAS AND ACCOUNTS OF THE WORLD, NEW WORLD VISIONS. THESE PEOPLE MAKE THE INTERNET A STRONGER AND MORE UNIVERSAL PLATFORM.
>AND IT IS ON THEIR BEHALF AND BECAUSE OF THEM, THAT I WOULD LIKE TO AGAIN VOICE MY THANKS TO ALL OF YOU FOR ATTENDING THIS MEETING IN SAO PAULO. FOR US, THE INTERNET IS A MODERN-DAY PRO EMANCIPATION, PRO TRANSFORMATION TOOL THAT CHANGES SOCIETY. SWEEPING CHANGES ARE INTRODUCED THROUGH THE INTERNET. YOU ARE ALL MOST WELCOME. AND I HOPE YOU WILL ALL COME BACK FOR THE WORLD CUP OF ALL CUPS. IF NOT, MAKE SURE YOU WATCH IT THROUGH THE INTERNET. THANK YOU VERY MUCH AGAIN.
>[APPLAUSE ]
>>> LADIES AND GENTLEMEN, WE THANK YOU FOR THE PRESENCE OF YOU ALL. WE CLOSE NOW THIS CEREMONY.
>
>
>
>

Surveillance was mentioned by a few brave souls. Two peaceful, silent - and rather effective - protests broke out during the opening speeches; one, against the data retention clause in Brazil's otherwise path-breaking and brand-new law for civil rights on the Internet, Marco Civil, and another for honouring US NSA whistleblower Edward Snowden and urging action against surveillance. Sadly for Brazilian civil society, the Marco Civil protestations went unheard, and Rousseff signed the bill into law in full.

There were lots of speeches. Lots. If you missed them, here's a handy visualisation you can use to catch up quickly: just add some prepositions and conjunctions, and you'll have a perfectly anodyne and universally acceptable bureaucrat/politician keynote address.

The afternoon was given over to assimilating previously received comments on the outcome document and adding new ones from people in the room. Much contention, much continuity, lots of hard work, lots of nitpicking (some of it even useful) and lots of ambiguity; after more consultation - the slog goes on until tomorrow afternoon - the outcome document will be laid to rest. Lunch was excellent: there's a reason the Grand Hyatt São Paulo costs as much as it does.

Our quest to plumb the depths of multi-stakeholderism continued: we thank the kind folks who gave us their time and allowed us to record them.

Q: What does "multi-stakeholder" mean? What is "multi-stakeholderism"?

Multi-stakeholderism to me is the ability to engage with every stakeholder and have them in the room, and have them understand that it is not an equal opportunity for all. I also understand that civil society and academia will never be at the same place as business, which has far more resources, or governments, which have the sovereign right to make laws, or even the technical community, which is often missing from the policy dialogue. There are three things which are important to me: (1) Will I be able to make interventions not just in the dialogue but in the decision making process? For me, that is key. (2) Do I have recourse in a process which might be multilateral or inter-governmental - do I have recourse when international treaties are  ratified or signed, because they become binding national laws? and (3) What is it that happens to dissent in a process that is not multi-stakeholder? I think even the ITU (the International Telecommunications Union) has taken cognizance of multi-stakeholderism. So it's not new, but it's also not old or accepted, which is why we contest it. We will never have equal stakeholders. And who gets to represent the stakeholder communities? I don't think power imbalances get resolved, and I think it's a deeply flawed process. It's not perfect. But what worries me is the alternative. So give me a better alternative.
Subi Chaturvedi, Media for Change/ Lady Shriram College  (India)

Simply put, multi means many components, and stakeholders are people who have the stakes. So multi-stakeholder means many people who are informed to take the process forward. The process is still on: it's evolving. The idea is that everyone who has an interest should bring it forward, and the dialogue must be balanced. Proof of concept is important - it's not about taking a dogmatic position but a scientific position. Business is concerned about the justification around return on investment.
Jimson Olufuye, Africa ICT Alliance (Nigeria)

Everyone who has a stake in the use and operation of the Internet should have a stake in the way it is managed. I think we shouldn't be considering this as a power game - it's not winner takes all. Decision making should be as much as possible consensual, where no one has a veto power.
Getachew Engida, Deputy Director-General, UNESCO (France)

It is very simple. I think people are complicating matters. It's not a power game. The Internet is fundamentally a global network of interconnected computers. People have become not only consumers of information but providers of information, so the stakes in the media/ICT world are massive. Unprecedented. Therefore, around major issues confronting the Internet, decision making should be as participatory as possible.
Indrajit Banerjee, Director, UNESCO (France)

---

Additional Links

• Watch Brazilian President Dilma Rousseff's speech at the opening of NETmundial
• Follow Swedish foreign minister Carl Bildt on Twitter

Marco Civil, on which we blogged previously, includes provisions for the protection of privacy and freedom of expression of all users, rules mandating net neutrality, etc. Brazil celebrated the beginning of NETmundial, a momentous first day about which Achal Prabhala blogs, with President Rousseff’s approval of the Marco Civil.

At about the same time, news broke that the US Federal Communications Commission is set to propose new net neutrality rules. In the wake of the Verizon net neutrality decision in January, the proposed new rules will prohibit Internet service providers such as Comcast from slowing down or blocking traffic to certain websites, but permit fast lane traffic for content providers who are willing to pay for it. This fast lane would prioritise traffic from content providers like Netflix and Youtube on commercially reasonable terms, and result in availability of video and other content at higher speeds or quality. An interesting turn-around, as Marco Civil expressly mandates net neutrality for all traffic.

Created by Sumandro using Google Charts. Google Terms of Use and Data Policy. Data compiled by Sumandro and Jyoti. Download the data.

This scatter plot shows the number of times the word *multistakeholder* (including *multi-stakeholder* and *multistakeholderism*) appears across contributions submitted to NETmundial. X axis (horizontal) gives the serial number of contributions and Y axis (vertical) gives the number of times the word appears on a contribution. Click on the types of organisation below the chart to highlight the corresponding organisations on the chart.

The Centre for Internet and Society, Bangalore, India, is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness, and engages in academic research on digital natives and digital humanities.

The visualisations are done by Sumandro Chattapadhyay, based on data compilation and analysis by Jyoti Panday, and with data entry suport from Chandrasekhar.

Built on Bootstrap by Sumandro

All code, content and data is co-owned by the author(s) and Centre for Internet and Society, Bangalore, India, and shared under Creative Commons Attribution-ShareAlike 2.5 India license.

For all the talk of an inclusive global meeting, there was exactly one governmental submission from the African continent, and it was from Tunisia; and the overall rate of submissions from Africa and West Asia were generally very low.

The outcome document perfectly reflects the gloss that the "multi-stakeholder" model was designed to achieve: an outcome that is celebrated by businesses (and by all embedded institutions like ICANN) for being harmless, met with relief by governments for not upsetting the status quo, all of it lit up in the holy glow of "consensus" from civil society.

Of course there was no consensus. Civil society groups who organised on Day 0 put up their position: the shocking omission of a strong case for net neutrality, ambiguous language on surveillance, weak defences of free expression and privacy. All valid points. But it's striking that civil society takes such a pliant position towards authority: other than exactly two spirited protests (one against the data retention in Marco Civil, and the other against the NSA's mass surveillance program) there was no confrontation, no provocation, no passionate action that would give civil society the force it needs to win. If we were to compare this to other international struggles, the gay rights battle, or its successor, the AIDS medicines movement, for instance - what a difference there is. People fought to crush with powerful, forceful action. Only after huge victories with public and media sympathy, and only after turning themselves into equals of the corporations and governments they were fighting, did they allow themselves to sit down at the table and negotiate nicely. Internet governance fora are marked by politeness and passivity, and perhaps - however sad - it's no wonder that the least powerful groups in these fora always come away disappointed.

It's also surprising that there is no language in the outcome document that explicitly addresses the censorious threat posed by the global expansion of a sovereign application of copyright, as seen most vividly in the proposed SOPA/PIPA legislation in the United States. The outcome document has language that seems to more or less reflect the civil society proposal, and it's possible that a generous interpretation of the language could mean that it opposes the selective, restrictive and damaging application of what the intellectual property industries want to accomplish on the Internet. But it's puzzling that the language isn't stronger or more explicit, and even more puzzling that civil society doesn't seem to want to fight for such language.

This seems like an appropriate time to end the multi-stakeholder diaries. Hasn't the word been used enough? Here is one last instalment. We thank the kind folks who gave us their time.

Q: What does "multi-stakeholder" mean? What is "multi-stakeholderism"?

A large part of the discourse prior to the NETmundial conference has been centered around the issue of what is the best structural system to regulate a global network – this has commonly been portrayed as a choice between a multistakeholder system – which broadly speaking, aims to place ‘all stakeholders’ on equal footing – against multilateralism – a recognized concept in International law / the Comity of Nation States, where a nation state is recognized as the representative of its citizens, making decisions on their behalf and in their interests.

In our opinion, the issue is not about the dichotomy between multilateralism and multistakeholderism; it is about what functions or issues can legitimately be dealt with through each of the processes in terms of adequately protecting civil liberties and other public interest principles – including the appropriate enforcement of norms. For instance, how do you deal with something like cyber warfare without the consent of states? Similarly, how do we address regulatory issues such as determining (and possibly subsidizing) costs of access, or indeed to protect a right of a country against unilateral disconnection?

.....The crux of the matter rests in deciding which is the best governance ‘basket’ to include a particular issue within – taken from both a substantive and enforcement perspective. The challenge is trying to demarcate issues to ensure that each is dealt with effectively by placing it in an appropriate bucket. (The full post can be accessed here).
Rishab Bailey from the Society for Knowledge Commons (India)

If I would have signed the campaign http://wepromise.eu as a candidate to the European Parliament I would have made it an election promise to defend "the principle of multistakeholderism".

That means that I "support free, open, bottom-up, and multi-stakeholder models of coordinating the Internet resources and standards - names, numbers, addresses etc" and that I "support measures which seek to ensure the capacity of representative civil society to participate in multi-stakeholder forums." Further, I "oppose any attempts by corporate, governmental or intergovernmental agencies to take control of Internet governance."

My very rudimentary personal view is basically that it's a bad idea to institutionalise conflicting competences.
Erik Josefsson, Adviser on Internet policies for the Greens/EFA group in the European Parliament

---

And so it ends.

To sum up the previous post: under Article 12 of the Constitution, fundamental rights can be enforced only against the State, or State-like entities that are under the functional, financial and administrative control of the State. In the context of net neutrality, it is clear that privately-owned ISPs do not meet the exacting standards of Article 12. Nonetheless, we also found that the Indian Supreme Court has held private entities, which do not fall within the contours of Article 12, to an effectively similar standard of obligations under Part III as State organizations in certain cases. Most prominent among these is the case of education: private educational institutions have been required to adhere to standards of equal treatment which are identical in content to Article 14, even though their source lies elsewhere. If, therefore, we are to impose obligations of net neutrality upon private ISPs, a similar argument must be found.

I will suggest that the best hope is by invoking the free speech guarantee of Article 19(1)(a). To understand how an obligation of free speech might operate in this case, let us turn to the case of Marsh v. Alabama, an American Supreme Court case from 1946.

Marsh v. Alabama involved a “company town”. The “town” of Chickasaw was owned by a private company, the Gulf Shipbuilding Corporation. In its structure it resembled a regular township: it had building, streets, a sewage system, and a “business block”, where stores and business places had been rented out to merchants and other service providers. The residents of the “town” used the business block as their shopping center, to get to which they used the company-owned pavement and street. Highway traffic regularly came in through the town, and its facilities were used by wayfarers. As the Court noted:

“In short the town and its shopping district are accessible to and freely used by the public in general and there is nothing to distinguish them from any other town and shopping center except the fact that the title to the property belongs to a private corporation.”

Marsh, who was a Jehovah’s Witness, arrived in Chickasaw with the intention of distributing religious literature on the streets. She was asked to leave the sidewalk, and on declining, she was arrested by the police, and charged under an anti-trespassing statute. She argued that if the statute was applied to her, it would violate her free speech and freedom of religion rights under the American First Amendment. The lower Courts rejected her argument, holding that since the street was owned by a private corporation, she had no constitutional free speech rights, and the situation was analogous to being invited into a person’s  private house. The Supreme Court, however, reversed the lower Courts, and found for Marsh.

Four (connected) strands of reasoning run through the Supreme Court’s (brief) opinion. First, it found that streets, sidewalks and public places have historically been critically important sites for dissemination and reception of news, information and opinions, whether it is through distribution of literature, street-corner oratory, or whatever else. Secondly, it found that private ownership did not carry with it a right to exclusive dominion. Rather, “the owners of privately held bridges, ferries, turnpikes and railroads may not operate them as freely as a farmer does his farm. Since these facilities are built and operated primarily to benefit the public and since their operation is essentially a public function, it is subject to state regulation.” Thirdly, it noted that a large number of Americans throughout the United States lived in company towns, and acted just as other American citizens did, in their duties as residents of a community. It would therefore be perverse to deny them rights enjoyed by those who lived in State-municipality run towns. And fourthly, on balance, it held that the private rights of property-owners was subordinate to the right of the people to “enjoy freedom of press and religion.”

No one factor, then, but a combination of factors underlie the Court’s decision to impose constitutional obligations upon a private party. It mattered that, historically, there have been a number of spaces traditionally dedicated to public speech: parks, squares and streets – whose public character remained unchanged despite the nature of ownership. It mattered that individuals had no feasible exit option – that is, no other place they could go to in order to exercise their free speech rights. And it mattered that free speech occupied a significant enough place in the Constitutional scheme so as to override the exclusionary rights that normally tend to go with private property.

The case of the privately-owned street in the privately-owned town presents a striking analogy when we start thinking seriously about net neutrality. First of all, in the digital age, the traditional sites of public discourse – parks, town squares, streets – have been replaced by their digital equivalents. The lonely orator standing on the soap-box in the street corner now tweets his opinions and instagrams his photographs. The street-pamphleteer of yesteryear now updates his Facebook status to reflect his political opinions. Specialty and general-interest blogs constitute a multiplicity of town-squares where a speaker makes his point, and his hearers gather in the comments section to discuss and debate the issue. While these examples may seem frivolous at first blush, the basic point is a serious one: the role of opinion formation and transmission that once served by open, publicly accessible physical infrastructure, held – in a manner of speaking – in public trust by the government, is now served in the digital world, under the control of private gatekeepers. To that extent, it is a public function, undertaken in public interest, as the Court held in Marsh v. Alabama.

The absence of an exit option is equally important. The internet has become not only a space of exchanging information, but it has become a primary – non-replaceable source – of the same. Like the citizens of Chickasaw lacked a feasible alternative space to exercise their public free speech rights (and we operate on the assumption that it would be unreasonably expensive and disruptive for them to move to a different town), there is now no feasible alternative space to the internet, as it exists today, where the main online spaces are owned by private parties, and access to those spaces is determined by gatekeepers – which are the ISPs.

The analogy is not perfect, of course, but there is a case to be made that in acting as the gatekeepers of the internet, privately-owned ISPs are in a position quite similar to the corporate owners of they public streets Company Town.

In the last post, we saw how it is possible – constitutionally – to impose public obligations upon private parties, although the Court has never made its jurisprudential foundation clear. Here, then, is a thought: public obligations ought to be imposed when the private entity is providing a public function and/or when the private entity is in effectively exclusive control of a public good. There is an argument that ISPs satisfy both conditions. Of course, we need to examine in detail how precisely the rights of free expression are implicated in the ISP context. That is the subject for the next post.

---

Gautam Bhatia — @gautambhatia88 on Twitter — is a graduate of the National Law School of India University (2011), and presently an LLM student at the Yale Law School. He blogs about the Indian Constitution at http://indconlawphil.wordpress.com. Here at CIS, he will be blogging on issues of online freedom of speech and expression.

It is within this realm of the social transaction that there exists an unending conflict between the Right to Privacy of an individual and the overbearing hand of the State as a facilitator of public interest. This right thus acts as a safety valve providing individuals with a sacred space within which their interactions in their personal capacity have no bearing on their conduct in the public sphere. The preservation of this space is incredibly important in order to ensure a willingness of individuals to engage and cooperate with the State in its fulfillment of public welfare measures that would otherwise be deemed as intrusive. It is in this regard that the Right to Privacy, one of the last sustaining rights that an individual holds against a larger State interest, ought to be protected by the law.

There are numerous dimensions to the idea of the Right to Privacy. These include but are not limited to the privacy of person, privacy of communication, personal privacy, transactional privacy, privacy of information and the privacy of personal data.

The Supreme Court of India has come to the rescue of individuals, time and again by construing "Right to Privacy" as an extension of the Fundamental Right to “Protection of Life and Personal liberty” under Article 21 of the Constitution. This has been reflected in the adjudicatory jurisprudence of the Constitutional courts in the country. However, there exists no Constitutional remedy to redress the breach of privacy by a nongovernmental actor, except under tortuous liability. The power and authority of public and private institutions to use an individual’s personal data for larger interests of national security or effectuation of socio-economic policies is still under extensive scrutiny. It is in this regard that we have compiled a number of sectoral legislations, regulating domains ranging from Finance and Telecom to Healthcare, Freedom of Expression, Consumer rights and Procedural codes. The highlighted provisions under each Act pertain to the mechanisms embodied within the legislation for the regulation of privacy within their respective sectors. Through this we aim to determine the threshold for permissible collection of confidential data and regulatory surveillance, provided a sufficient need for the same has been established. The determination of such a threshold is imperative to formulating a consistent and effective regime of privacy protection in India.

---

Click to download the below resources:

Legislations
Master Circulars
Finance and Privacy
Code of Civil Procedure and Code of Criminal Procedure
Freedom of Expression
Identity and Privacy
National Security and Privacy
Consumer Protection
Transparency and Privacy
Healthcare
Telecom

Case Laws
Code of Civil Procedure and Code of Criminal Procedure
Freedom of Expression
Identity and Privacy
National Security and Privacy
Consumer Protection
Transparency and Privacy
Healthcare
Telecom

The article was published in the Hoot on April 15, 2014.

---

Privacy evades definition and for this reason sits uneasily with law. The multiplicity of everyday privacy claims and transgressions by ordinary people, and the diversity of situations in which these occur, confuse any attempt to create a common meaning of privacy to inform law. Instead, privacy is negotiated contextually, and the circumstances that permit a privacy claim in one situation might form the basis for its transgression in another.

It is easy to understand privacy when it is claimed in relation to the body; it is beyond argument that every person has a right to privacy in relation to their bodies, especially intimate areas. It is also accepted that homes and private property secure to their owners a high degree of territorial privacy. But what of privacy from intrusive stares, or even from camera surveillance, when in a public place? Or of biometric privacy to protect against surreptitious fingerprint capturing or DNA collection from the things we touch and the places we visit every day? Or the privacy of a conversation in a restaurant from other patrons? Clearly, there are multiple meanings of privacy that are negotiated by individuals all the time.

Law has, where social custom has demanded, clothed some aspects of human activity with an expectation of privacy. In relation to bodily privacy, this is achieved by both ordinary common law without reference to privacy at all, such as the offences of battery and rape; and, by special criminal law that is premised on an expectation of privacy, such as the discredited offences regarding women’s modesty in sections 354 and 509 of the Indian Penal Code, 1860 (IPC), and the new offences of voyeurism and stalking contained in sections 354C and 354D of the IPC.

The law also privileges communications that are made through telephones, letters, and emails by regulating the manner of their interception in special circumstances. Conditional interception provisions with procedural safeguards – which, for several reasons, are flawed and ineffective – exist to protect the privacy of such communications in section 5(2) of the Indian Telegraph Act, 1885, section 26 of the Indian Post Office Act, 1898, and section 69 of the Information Technology Act, 2000.

Territorial privacy, which is afforded by possession of private property, is ordinarily protected by the broad offence of trespass – in India, these are the offences of criminal trespass, house trespass, and lurking house-trespass contained in sections 441 to 443 of the IPC – and house-breaking, which is akin to the offence of breaking and entering in other jurisdictions, in section 445 of the IPC.

Some measure of protection is provided to biometric information, such as fingerprints and DNA, by limiting their lawful collection by the state: sections 53, 53A, and 54 of the Code of Criminal Procedure, 1973 permit collections of biometric information from arrestees in certain circumstances; this is in addition to a colonial-era collection regime created by the Identification of Prisoners Act, 1920. However, nothing expressly prohibits the police or anybody else from non-consensually developing DNA profiles from human material that is routinely left behind by our bodies, for instance, saliva on restaurant cutlery or hair at the barbershop.

Physical surveillance, by which a person is visually monitored to invade locational privacy, is also inadequately regulated. Besides man-on-woman stalking, which was criminalised only one year ago, no effective measures exist to otherwise protect locational privacy. Indian courts regularly employ their injunctive power but have been loath to issue equitable remedies such as restraining orders to secure privacy. Police surveillance, which is usually covert, is an executive function that is practised with wide latitude under every state police statute and government-issued rules and regulations thereunder with little or no oversight. The risk of misuse of these powers is compounded by the increasingly widespread use of surveillance cameras sans regulation.

Other technologies too compromise privacy: GPS-enabled mobile phones offer precise locational information, presumably consensually; cell-tower tracking, almost always non-consensually, is ordered by Indian police without any procedurally built-in safeguards; radio frequency identification to locate vehicles is sought to be made mandatory; and, satellite-based surveillance is available to intelligence agencies, none of which are registered or regulated unlike in other liberal democracies.

No uniform privacy standard in law

None of these laws applies a uniform privacy standard nor are they measured against a commonly understood meaning of privacy. The lack of a statutory definition is not the issue; the lack of a statute that expresses the legislative will of a democracy to forge a common understanding of privacy to inform all kinds of human activity is the concern. Ironically, the impetus to draft a privacy law has come from abroad. Foreign senders of personal information – credit card data, home addresses, phone numbers, and the like – to India’s information technology and outsourcing industry demand institutionalised protection for their privacy.

Pressure from the European Union, which has the world’s strongest information privacy standards and with which India is currently negotiating a free trade agreement, to enact a data protection regime to address privacy has not gone unanswered. The Indian government – specifically, the Department of Personnel and Training, the same department that administers the Right to Information Act, 2005 – is currently drafting a privacy law to govern data protection and surveillance. At stake is the continued growth of India’s information technology and outsourcing sectors that receive significant amounts of European personal data for processing, which drives national exports and gross domestic product.

An inferred right

For its part, the Supreme Court has examined more than a few privacy claims to find, intermittently and unconvincingly, that there is a constitutional right to privacy, but the contours of this right remain vague. In 1962, the Supreme Court rejected the existence of a privacy right in Kharak Singh’s case which dealt with intrusive physical surveillance by the police.

The court was not unanimous; the majority of judges expressly rejected the notion of locational privacy while declaring that privacy was not a constituent of personal liberty, a lone dissenting judge found the opposite to be true and, furthermore, held that surveillance had a chilling effect on freedom. In 1975, in the Gobind case that presented substantially similar facts, the Supreme Court leaned towards, but held short of, recognising a right to privacy. It did find that privacy flowed from personal autonomy, which bears the influence of American jurisprudence, but subjected it to the interests of government; the latter prevailed.

However, in the PUCL case of 1997 that challenged inadequately regulated wiretaps, the Supreme Court declared that phone conversations were protected by a fundamental right to privacy that flowed from Article 21 of the Indian Constitution. To intrude upon this right, the court said, a law was necessary that is just, fair, and reasonable. If this principle were to be extended beyond communications privacy to, say, identity cards, the Aadhar project, which is being implemented without the sanction of an Act of Parliament, would be judicially stopped.

But what does “law” mean? Is it only the law of our Constitution and courts? What of the law that governed Indian societies before European colonisation brought the word ‘privacy’ to our legal system? Classical Hindu law – distinct from colonial and post-independence Hindu law – also recognises and enforces expectations of privacy in different contexts. It recognised the sanctity of the home and family, the autonomy of the community, and prescribed penalties for those who breached these norms. So, too, does Islamic law: all schools of Islamic jurisprudence – ‘fiqh’ – recognise privacy as an enforceable right.

Different words and concepts are used to secure this right, and these words have meanings and connotations of their own. But, the hermeneutics of privacy notwithstanding, this belies the common view that privacy is not an Indian value. Privacy may or may not be a cultural norm, but it has existed in India and South Asia in different forms for millennia.

---

Bhairav Acharya is a constitutional lawyer practising in the Supreme Court of India. He advises the Centre for Internet & Society, Bangalore, on privacy law and other constitutional issues.

The source of pressure for strict legal regulations addressing data protection are both the growing recognition of the importance of privacy rights, as well as the risk of falling behind on international standards on data protection, which would hamper the potential of developing countries as destinations for outsourcing industries which depend largely on processing of information.[1] The Protection of Personal Information Act enacted by South Africa is an example of a policy which enables a comprehensive framework for data security and privacy and is a model for other developing nations which are weighing the costs and benefits of establishing a secure data protection regime.

The South African law traces the right to protection of personal information back to Section 14 of the South African Constitution, which provides for a right against the unlawful collection, retention, dissemination and use of personal information. The law establishes strict restrictions and regulations on the processing of personal information, which includes information including relating to race, gender, sexual orientation, medical information, biometric information and personal opinion. The processing of personal information under the Act must comply with 8 principles, namely - accountability, lawful purpose for processing and processing limitation, purpose specification, information quality, openness and notice of collection, openness, reasonable security safeguards and subject participation, in line with the international standards for fair information practices.[2] The Act also recognizes ‘special personal information’, including religious or political beliefs, race, sexual orientation and trade union membership, as well as any personal information of children below the age of 18, which require stricter safeguards for processing,. Similar to the draft Indian legislation on privacy, the Act contemplates an independent regulatory mechanism, the information regulator, which would have all the necessary powers to effectively monitor compliance under the Act, including the power for punishing offences under the Act.

The Protection of Personal Information Act contains 115 Sections and is meant to be an exhaustive and heavily detailed policy to bring South Africa’s laws in line with EU and international regulations on data protection.[3] Though such progressive policies should be a model for policy changes in other developing nations, one aspect in which the law fails is to address increasing privacy concerns arising from widespread government-enabled surveillance and data retention. The POPI excludes from its application the processing of information related to national security, terrorist related activities and public safety, combating of money laundering, investigation of proof of offences, the prosecution of offenders, execution of sentences or other security measures, subject to adequate safeguards being established by the legislature for protection of personal information. Unfortunately, the ambiguous wording of the exclusions, especially in determining “adequate safeguards”, leaves its interpretation and application open for governments to engage in mass surveillance in the name of public security. Over the past few years, governments have taken to using technology and information, particularly through mass surveillance, to collect comprehensive information on their citizens and violate their liberties and privacy. In India, particularly with programs like the Central Monitoring System being implemented, any policy which purportedly aims at the protection of privacy must not only seek bare minimal compliances with the current international standards for data protection, but should also address the mass, unrestricted surveillance and data retention which is taking place in the name of public security.

Developing nations like South Africa and India face significant challenges in ensuring individual privacy, particularly the lack of sufficient legal safeguards for the protection of privacy. The right to privacy is often dismissed as an elitist or western concept, which does not have value in the context of developing nations, without engaging with the realities and the nuances of the right. Further, the costs of expensive technical safeguards means private and public bodies are required to spend significant resources in maintaining data security and these factors often outweigh privacy considerations in policy debates. The South African Act, hence, serves both as an important model for legislation and as an indication that the right to privacy is valuable to recognize in developing countries as well.

---

[1]. Article 25 of the European Union Directive on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such data (Directive 95/46/EC) prohibits the transfer of data to non-member states which do not comply with adequate data protection norms.

[2]. http://oecdprivacy.org/

[3]. Link to Act: www.gov.za/documents/download.php?f=204368

The blog entry was originally published in DML Central on April 17, 2014 and mirrored in Hybrid Publishing Lab on May 13, 2014.

---

Are we an ensemble of actors? A cluster of friends? A conference of scholars? A committee of decision makers? An array of perspectives? A group of associates? A play-list of voices? I do not pose these  questions rhetorically, though I do enjoy rhetoric. I want to look at this inability to name collectives and the confusions and ambiguity it produces as central to our conversations around digital thinking. In particular, I want to look at the notion of the network. Because, I am sure, that if we were to go for the most neutralised digital term to characterise this collection that we all weave in and out of, it would have to be the network. We are a network.[1]

But, what does it mean to say that we are a network? The network is a very strange thing. Especially within the realms of the Internet, which, in itself, purports to be a giant network, the network is self-explanatory, self-referential and completely denuded of meaning. A network is benign, and like the digital, that foregrounds the network aesthetic, the network is inscrutable. You cannot really touch a network or name it. You cannot shape it or define it. You can produce momentary snapshots of it, but you can never contain it or limit it. The network cannot be held or materially felt.

And yet, the network touches us. We live within networked societies. We engage in networking – network as a verb. We are a network – network as a noun. We belong to networks – network as a collective. In all these poetic mechanisms of network, there is perhaps the core of what we want to talk about today – the tension between the local and the global and the way in which we will understand the Internet and then the frameworks of governance and policy that surround it.

Let me begin with a genuine question. What predates the network? Because the network is a very new word. The first etymological trace of the network is in 1887, where it was used as a verb, within broadcast and communications models, to talk about an outreach. As in ‘to cover with a network.’ The idea of a network as a noun is older where in the 1550s, the idea of ‘net-like arrangements of threads, wires, etc.’ was first identified as a network. In the second half of the industrial 19th Century, the term network was used for understanding an extended, complex, interlocking system. The idea of network as a set of connected people emerged in the latter half of the 20thCentury. I am pointing at these references to remind us that the ubiquitous presence of the network, as a practice, as a collective, and as a metaphor that seeks to explain the rest of the world around us, is a relatively new phenomenon. And we need to be aware of the fact, that the network, especially as it is understood in computing and digital technologies, is a particular model through which objects, individuals and the transactions between them are imagined.

For anybody who looks at the network itself – especially the digital network that we have accepted as the basis on which everything from social relationships on Facebook to global financial arcs are defined – we know that the network is in a state of crisis.

Networks of crises: The Bangalore North East Exodus

Let me illustrate the multiple ways in which the relationship between networks and crisis has been imagined through a particular story. In August 2012, I woke up one morning to realise that I was living in a city of crisis. Bangalore, which is one of my homes, where the largest preoccupations to date have been about bad roads, stray dogs, and occasionally, the lack of a nightlife, was suddenly a space that people wanted to flee and occupy simultaneously.

Through the technology mediated gossip mill that produced rumours faster than the speed of a digital click, imagination of terror, danger, and material harm found currency. The city suddenly witnessed thousands of people running away from it, heading back to their imagined homelands. It was called the North East exodus, where, following an ethnic-religious clash between two traditionally hostile communities in Assam, there were rumours that the large North East Indian community in Bangalore was going to be attacked by certain Muslim factions at the end of Ramadan.
The media spectacle of the exodus around questions of religion, ethnicity, regionalism and belonging only emphasised the fact that there is a new way of connectedness that we live in – the network society that no longer can be controlled, contained or corrected by official authorities and their voices. Despite a barrage of messages from law enforcement and security authorities, on email, on large screens on the roads, and on our cell phones, there was a growing anxiety and a spiralling information explosion that was producing an imaginary situation of precariousness and bodily harm. For me, this event, was one of the first signalling how to imagine the network society in a crisis, especially when it came to Bangalore, which is supposed to represent the Silicon dreams of an India that is shining brightly. While there is much to be unpacked about the political motivations and the ecologies of fear that our migrant lives in global cities are enshrined in, I want to specifically focus on what the emergence of this network society means.

There is an imagination, especially in cities like Bangalore, of digital technologies as necessarily plugging in larger networks of global information consumption. The idea that technology plugs us into the transnational circuits is so huge that it only tunes us toward an idea of connectedness that is always outward looking, expanding the scope of nation, community and body.

However, the ways in which information was circulating during this phenomenon reminds us that digital networks are also embedded in local practices of living and survival. Most of the time, these networks are so natural and such an integral part of our crucial mechanics of urban life that they appear as habits, without any presence or visibility. In times of crises – perceived or otherwise – these networks make themselves visible, to show that they are also inward looking. But in this production of hyper-visible spectacles, the network works incessantly to make itself invisible.

Which is why, in the case of the North East exodus, the steps leading to the resolution of the crisis, constructed and fuelled by networks is interesting. As government and civil society efforts to control the rumours and panic reached an all-time high and people continued to flee the city, the government eventually went in to regulate the technology itself. There were expert panel discussions about whether the digital technologies are to be blamed for this rumour mill. There was a ban on mass-messaging and there was a cap on the number of messages which could be sent on a day by each mobile phone subscriber. The Information and Broadcast Ministry along with the Information Technologies cell, started monitoring and punishing people for false and inflammatory information.

Network as Crisis: The unexpected visibility of a network

What, then, was the nature of the crisis in this situation? It is a question worth exploring. We would imagine that this crisis was a crisis about the nationwide building of mega-cities filled with immigrant bodies that are not allowed their differences because they all have to be cosmopolitan and mobile bodies. The crisis could have been read as one of neo-liberal flatness in imagining the nation and its fragments, that hides the inherent and historical sites of conflict under the seductive rhetoric of economic development. And yet, when we look at the operationalization of the resolutions, it looked as if the crisis was the appearance and the visibility of the hitherto hidden local networks of information and communication.

In her analysis of networks, Brown University’s Wendy Chun posits that this is why networks are an opaque metaphor. If the function of metaphor is to explain, through familiarity, objects which are new to us, the network as an explanatory paradigm presents a new conundrum. While the network presumes and exteriority that it seeks to present, while the network allows for a subjective interiority of the actor and its decisions, while the network grants visibility and form to the everyday logic of organisation, what the network actually seeks to explain is itself. Or, in less evocative terms, the network is not only the framework through which we analyse, but it is also the object of analyses. Once the network has been deployed as a paradigm through which to understand a crisis, once the network has made itself visible, all our efforts are driven at explaining and strengthening, and almost like digital mothers, comfort the network back into its peaceful existence as infrastructure. We develop better tools to regulate the network. We define new parameters to mine the data more effectively. We develop policies to govern and govern through the network with greater transparency and ease.

Thus, in the case of the North East exodus, instead of addressing the larger issues of conservative parochialism, an increasing backlash by right-wing governments and a growing hostility that emerges from these cities that nobody possesses and nobody belongs to, the efforts were directed at blaming technology as the site where the problem is located and the network as the object that needs to be controlled. What emerged was a series of corrective mechanisms and a set of redundant regulations that controlled the number of text messages that people were able to send per day or policing the Internet for spreading rumours. The entire focus was on information management, as if the reason for the mass exodus of people from the NE Indian states and the sense of fragility that the city had been immersed in, was all due to the pervasive and ubiquitous information gadgets and their ability to proliferate in p2p (peer-to-peer) environments outside of the government’s control. This lack of exteriority to the network is something that very few critical voices have pointed out.

Duncan Watts, the father of network computing, working through the logic of nodes, traffic and edges, has suggested there is a great problem in the ways in which we understand the process of network making. I am paraphrasing his complex mathematical text that explains the production of physical networks – what he calls the small worlds – and pointing out his strong critique about how the social scientists engage with networks. In the social sciences’ imagination of networks, there is a messy exteriority – fuzzy, complex and often not reducible to patterns or basic principles. The network is a distilling of the messy exteriority, a representation of the complex interplay between different objects and actors, and a visual mapping of things as they are. Which is to say, we imagine there is a material reality and the network is a tool by which this reality, or at least parts of this reality, are mapped and represented to us in patterns which can help us understand the true nature of this reality.

Drawing from practices of network modelling and building, Watts proved, that we have the equation wrong. The network is not a representation of reality but the ontology of reality. The network is not about trying to make sense of an exteriority. Instead, the network is an abstract and ideological map that constructs the reality in a particular way. In other words, the network precedes the real, and because of its ability to produce objective, empiricist and reductive principles (constantly filtering out that which is not important to the logic or the logistics of the network design), it then gives us a reality that is produced through the network principles. To make it clear, the network representation is not the derivative of the real but the blue-print of the real. And the real as we access it, through these networked tools, is not the raw and messy real but one that is constructed and shaped by the network in those ways. The network, then, needs to be understood, examined and critiqued, not as something that represents the natural, but something that shapes our understanding of the natural itself.

In the case of the Bangalore North East Exodus, the network and its visibility created a problem for us – and the problem was, that the network, which is supposed to be infrastructure, and hence, by nature invisible, had suddenly become visible. We needed to make sure that it was shamed, blamed, named and tamed so that we can go back to our everyday practices of regulation, governance and policy.

The Intersectional Network

What I want to emphasise, then, is that this binary of local versus the global, or local working in tandem with global, or the quaintly hybridised glocal are not very generative in thinking of policy and politics around the Internet. What we need is to recognise what gets hidden in this debate. What becomes visible when it is not supposed to? What remains invisible beyond all our efforts? And how do we develop a framework that actually moves beyond these binary modes of thinking, where the resolution is either to collapse them or to pretend that they do not exist in the first place? Working with frameworks like the network makes us aware of the ways in which these ideas of the global and the local are constructed and continue to remain the focus of our conversations, making invisible the real questions at hand.

Hence, we need to think of networks, not as spaces of intersection, but in need of intersections. The networks, because of their predatory, expanding nature, and the constant interaction with the edges, often appear as dynamic and inclusive. We need to now think of the networks as in need of intersections – or of intersectional networks. Developing intersections, of temporality, of geography and of contexts are great. But, we need to move one step beyond – and look at the couplings of aspiration, inspiration, autonomy, control, desire, belonging and precariousness that often mark the new digital subjects. And our policies, politics and regulations will have to be tailored to not only stop the person abandoning her life and running to a place of safety, not only stop the rumours within the Information and communication networks, not only create stop-gap measures of curbing the flows of gossip, but to actually account for the human conditions of life and living.

---

[1]. This post has grown from conversations across three different locations. The first draft of this talk was presented at the Habits of Living Conference, organised by the Centre for Internet & Society and Brown University, in Bangalore. A version of this talk found great inputs from the University of California Humanities Research Institute in Irvine, where I found great ways of sharpening the focus. The responses at the Milton Wolf Seminar at the America Austria Foundation, Austria, to this story, helped in making it more concrete to the challenges that the “network” throws to our digital modes of thinking. I am very glad to be able to put the talk into writing this time, and look forward to more responses.

---

The op-ed was published in the Hindu on May 2, 2014.

---

On May 5, the Supreme Court will hear Kamlesh Vaswani’s infamous anti-pornography petition again. The petition makes some rather outrageous claims. Watching pornography ‘puts the country’s security in danger’ and it is ‘worse than Hitler, worse than AIDS, cancer or any other epidemic,’ it says. This petition has been pending before the Court since February 2013, and seeks a new law that will ensure that pornography is exhaustively curbed.

Disintegrating into binaries

The petition assumes that pornography causes violence against women and children. The trouble with such a claim is that the debate disintegrates into binaries; the two positions being that pornography causes violence or that it does not. The fact remains that the causal link between violence against women and pornography is yet to be proven convincingly and remains the subject of much debate. Additionally, since the term pornography refers to a whole range of explicit content, including homosexual adult pornography, it cannot be argued that all pornography objectifies women or glamorises violent treatment of them.

Allowing even for the petitioner’s legitimate concern about violence against women, it is interesting to note that of all the remedies available, he seeks the one which is authoritarian but may not have any impact at all. Mr. Vaswani could have, instead, encouraged the state to do more toward its international obligations under the Convention on the Elimination of Discrimination against Women (CEDAW). CEDAW’s General Recommendation No. 19 is about violence against women and recommends steps to be taken to reduce violence against women. These include encouraging research on the extent, causes and effects of violence, and adopting preventive measures, such as public information and education programmes, to change attitudes concerning the roles and status of men and women.

Child pornography

Although different countries disagree about the necessity of banning adult pornography, there is general international consensus about the need to remove child pornography from the Internet. Children may be harmed in the making of pornography, and would at the very minimum have their privacy violated to an unacceptable degree. Being minors, they are not in a position to consent to the act. Each act of circulation and viewing adds to the harmful nature of child pornography. Therefore, an argument can certainly be made for the comprehensive removal of this kind of content.

Indian policy makers have been alive to this issue. The Information Technology Act (IT Act) contains a separate provision for material depicting children explicitly or obscenely, stating that those who circulate such content will be penalised. The IT Act also criminalises watching child pornography (whereas watching regular pornography is not a crime in India).

Intermediaries are obligated to take down child pornography once they have been made aware that they are hosting it. Organisations or individuals can proactively identify and report child pornography online. Other countries have tried, with reasonable success, systems using hotlines, verification of reports and co-operation of internet service providers to take down child pornography. However, these systems have also sometimes resulted in the removal of other legitimate content.

Filtering speech on the Internet

Child pornography can be blocked or removed using the IT Act, which permits the government to send lists of URLs of illegal content to internet service providers, requiring them to remove this content. Even private parties can send notices to online intermediaries informing them of illegal content and thereby making them legally accountable for such content if they do not remove it. However, none of this will be able to ensure the disappearance of child pornography from the Internet in India.

Technological solutions like filtering software that screens or blocks access to online content, whether at the state, service provider or user level, can at best make child pornography inaccessible to most people. People who are more skilled than amateurs will be able to circumvent technological barriers since these are barriers only until better technology enables circumvention.

Additionally, attempts at technological filtering usually even affect speech that is not targeted by the filtering mechanism. Therefore, any system for filtering or blocking content from the Internet needs to build in safeguards to ensure that processes designed to remove child pornography do not end up being used to remove political speech or speeches that are constitutionally protected.

In the Vaswani case, the government has correctly explained to the Supreme Court that any greater attempt to monitor pornography is not technologically feasible. It has pointed out that human monitoring of content will delay transmission of data substantially, will slow down the Internet, and will also be ineffective, since the illegal content can easily be moved to other servers in other countries.

Making intermediaries liable for the content they host will undo the safe harbour protection granted to them by the IT Act. Without it, intermediaries like Facebook will actually have to monitor all the content they host, and the resources required for such monitoring will reduce the content that makes its way online. This would seriously impact the extensiveness and diversity of content available on the Internet in India. Additionally, when demands are made for the removal of legitimate content, profit-making internet companies will be disinclined to risk litigation much in the same way as Penguin was reluctant to defend Wendy Doniger’s book.

If the Supreme Court makes the mistake of creating a positive obligation to monitor Internet content for intermediaries, it will effectively kill the Internet in India.

(Chinmayi Arun is research director, Centre for Communication Governance, National Law University, Delhi, and fellow, Centre for Internet and Society, Bangalore)

The ruling is expected to have considerable impact on reputation and privacy related takedown requests as under the decision, data subjects may approach the operator directly seeking removal of links to web pages containing personal data. Currently, users prove whether data needs to be kept online—the new rules reverse the burden of proof, placing an obligation on companies, rather than users for content regulation.

A win for privacy?

The ECJ ruling addresses Mario Costeja González complaint filed in 2010, against Google Spain and Google Inc., requesting that personal data relating to him appearing in search results be protected and that data which was no longer relevant be removed. Referring to the Directive 95/46/EC of the European Parliament, the court said, that Google and other search engine operators should be considered 'controllers' of personal data. Following the decision, Google will be required to consider takedown requests of personal data, regardless of the fact that processing of such data is carried out without distinction in respect of information other than the personal data.

The decision—which cannot be appealed—raises important of questions of how this ruling will be applied in practice and its impact on the information available online in countries outside the European Union.  The decree forces search engine operators such as Google, Yahoo and Microsoft's Bing to make judgement calls on the fairness of the information published through their services that reach over 500  million people across the twenty eight nation bloc of EU.

ECJ rules that search engines 'as a general rule,' should place the right to privacy above the right to information by the public. Under the verdict, links to irrelevant and out of date data need to be erased upon request, placing search engines in the role of controllers of information—beyond the role of being an arbitrator that linked to data that already existed in the public domain. The verdict is directed at highlighting the power of search engines to retrieve controversial information while limiting their capacity to do so in the future.

The ruling calls for maintaining a balance in addressing the legitimate interest of internet users in accessing personal information and upholding the data subject’s fundamental rights, but does not directly address either issues. The court also recognised, that the data subject's rights override the interest of internet users, however, with exceptions pertaining to nature of information, its sensitivity for the data subject's private life and the role of the data subject in public life. Acknowledging that data belongs to the individual and is not the right of the company, European Commissioner Viviane Reding, hailed the verdict, "a clear victory for the protection of personal data of Europeans".

The Court stated that if data is deemed irrelevant at the time of the case, even if it has been lawfully processed initially, it must be removed and that the data subject has the right to approach the operator directly for the removal of such content. The liability issue is further complicated by the fact, that search engines such as Google do not publish the content rather they point to information that already exists in the public domain—raising questions of the degree of liability on account of third party content displayed on their services.

The ECJ ruling is based on the case originally filed against Google, Spain and it is important to note that, González argued that searching for his name linked to two pages originally published in 1998, on the website of the Spanish newspaper La Vanguardia. The Spanish Data Protection Agency did not require La Vanguardia to take down the pages, however, it did order Google to remove links to them. Google appealed this decision, following which the National  High Court of Spain sought advice from the European court. The definition of Google as the controller of information, raises important questions related to the distinction between liability of publishers and the liability of processors of information such as search engines.

The 'right to be forgotten'

The decision also brings to the fore, the ongoing debate and fragmented opinions within the EU, on the right of the individual to be forgotten. The 'right to be forgotten' has evolved from the European Commission's wide-ranging plans of an overhaul of the commission's 1995 Data Protection Directive. The plans for the law included allowing people to request removal of personal data with an obligation of compliance for service providers, unless there were 'legitimate' reasons to do otherwise. Technology firms rallying around issues of freedom of expression and censorship, have expressed concerns about the reach of the bill. Privacy-rights activist and European officials have upheld the notion of the right to be forgotten, highlighting the right of the individual to protect their honour and reputation.

These issues have been controversial amidst EU member states with the UK's Ministry of Justice claiming the law 'raises unrealistic and unfair expectations' and  has sought to opt-out of the privacy laws. The Advocate General of the European Court Niilo Jääskinen's opinion, that the individual's right to seek removal of content should not be upheld if the information was published legally, contradicts the verdict of the ECJ ruling. The European Court of Justice's move is surprising for many and as Richard Cumbley, information-management and data protection partner at the law firm Linklaters puts it, “Given that the E.U. has spent two years debating this right as part of the reform of E.U. privacy legislation, it is ironic that the E.C.J. has found it already exists in such a striking manner."

The economic implications of enforcing a liability regime where search engine operators censor legal content in their results aside, the decision might also have a chilling effect on freedom of expression and access to information. Google called the decision “a disappointing ruling for search engines and online publishers in general,” and that the company would take time to analyze the implications. While the implications of the decision are yet to be determined, it is important to bear in mind that while decisions like these are public, the refinements that Google and other search engines will have to make to its technology and the judgement calls on the fairness of the information available online are not public.

The ECJ press release is available here and the actual judgement is available here.

In the modern State, effective exercise of free speech rights is increasingly dependent upon an infrastructure that includes newspapers, television and the internet. Access to a significant part of this infrastructure is determined by money. Consequently, if what we value about free speech is the ability to communicate one’s message to a non-trivial audience, financial resources influence both who can speak and, consequently, what is spoken. The nature of the public discourse – what information and what ideas circulate in the public sphere – is contingent upon a distribution of resources that is arguably unjust and certainly unequal.

There are two opposing theories about how we should understand the right to free speech in this context. Call the first one of these the libertarian conception of free speech. The libertarian conception takes as given the existing distribution of income and resources, and consequently, the unequal speaking power that that engenders. It prohibits any intervention designed to remedy the situation. The most famous summary of this vision was provided by the American Supreme Court, when it first struck down campaign finance regulations, in Buckley v. Valeo: “the concept that government may restrict the speech of some [in] order to enhance the relative voice of others is wholly foreign to the First Amendment.” This theory is part of the broader libertarian worldview, which would restrict government’s role in a polity to enforcing property and criminal law, and views any government-imposed restriction on what people can do within the existing structure of these laws as presumptively wrong.

We can tentatively label the second theory as the social-democratic theory of free speech. This theory focuses not so much on the individual speaker’s right not to be restricted in using their resources to speak as much as they want, but upon the collective interest in maintaining a public discourse that is open, inclusive and home to a multiplicity of diverse and antagonistic ideas and viewpoints. Often, in order to achieve this goal, governments regulate access to the infrastructure of speech so as to ensure that participation is not entirely skewed by inequality in resources. When this is done, it is often justified in the name of democracy: a functioning democracy, it is argued, requires a thriving public sphere that is not closed off to some or most persons.

Surprisingly, one of the most powerful judicial statements for this vision also comes from the United States. In Red Lion v. FCC, while upholding the “fairness doctrine”, which required broadcasting stations to cover “both sides” of a political issue, and provide a right of reply in case of personal attacks, the Supreme Court noted:

“[Free speech requires] preserv[ing] an uninhibited marketplace of ideas in which truth will ultimately prevail, rather than to countenance monopolization of that market, whether it be by the Government itself or a private licensee… it is the right of the public to receive suitable access to social, political, esthetic, moral, and other ideas and experiences which is crucial here.”

What of India? In the early days of the Supreme Court, it adopted something akin to the libertarian theory of free speech. In Sakal Papers v. Union of India, for example, it struck down certain newspaper regulations that the government was defending on grounds of opening up the market and allowing smaller players to compete, holding that Article 19(1)(a) – in language similar to what Buckley v. Valeo would hold, more than fifteen years later – did not permit the government to infringe the free speech rights of some in order to allow others to speak. The Court continued with this approach in its next major newspaper regulation case, Bennett Coleman v. Union of India, but this time, it had to contend with a strong dissent from Justice Mathew. After noting that “it is no use having a right to express your idea, unless you have got a medium for expressing it”, Justice Mathew went on to hold:

“What is, therefore, required is an interpretation of Article 19(1)(a) which focuses on the idea that restraining the hand of the government is quite useless in assuring free speech, if a restraint on access is effectively secured by private groups. A Constitutional prohibition against governmental restriction on the expression is effective only if the Constitution ensures an adequate opportunity for discussion… Any scheme of distribution of newsprint which would make the freedom of speech a reality by making it possible the dissemination of ideas as news with as many different facets and colours as possible would not violate the fundamental right of the freedom of speech of the petitioners. In other words, a scheme for distribution of a commodity like newsprint which will subserve the purpose of free flow of ideas to the market from as many different sources as possible would be a step to advance and enrich that freedom. If the scheme of distribution is calculated to prevent even an oligopoly ruling the market and thus check the tendency to monopoly in the market, that will not be open to any objection on the ground that the scheme involves a regulation of the press which would amount to an abridgment of the freedom of speech.”

In Justice Mathew’s view, therefore, freedom of speech is not only the speaker’s right (the libertarian view), but a complex balancing act between the listeners’ right to be exposed to a wide range of material, as well as the collective, societal right to have an open and inclusive public discourse, which can only be achieved by preventing the monopolization of the instruments, infrastructure and access-points of speech.

Over the years, the Court has moved away from the majority opinions in Sakal Papers and Bennett Coleman, and steadily come around to Justice Mathew’s view. This is particularly evident from two cases in the 1990s: in Union of India v. The Motion Picture Association, the Court upheld various provisions of the Cinematograph Act that imposed certain forms of compelled speech on moviemakers while exhibiting their movies, on the ground that “to earmark a small portion of time of this entertainment medium for the purpose of showing scientific, educational or documentary films, or for showing news films has to be looked at in this context of promoting dissemination of ideas, information and knowledge to the masses so that there may be an informed debate and decision making on public issues. Clearly, the impugned provisions are designed to further free speech and expression and not to curtail it.”

LIC v. Manubhai D. Shah is even more on point. In that case, the Court upheld a right of reply in an in-house magazine, “because fairness demanded that both view points were placed before the readers, however limited be their number, to enable them to draw their own conclusions and unreasonable because there was no logic or proper justification for refusing publication… the respondent’s fundamental right of speech and expression clearly entitled him to insist that his views on the subject should reach those who read the magazine so that they have a complete picture before them and not a one sided or distorted one…” This goes even further than Justice Mathew’s dissent in Bennett Coleman, and the opinion of the Court in Motion Picture Association, in holding that not merely is it permitted to structure the public sphere in an equal and inclusive manner, but that it is a requirement of Article 19(1)(a).

We can now bring the threads of the separate arguments in the three posts together. In the first post, we found that public law and constitutional obligations can be imposed upon private parties when they discharge public functions. In the second post, it was argued that the internet has replaced the park, the street and the public square as the quintessential forum for the circulation of speech. ISPs, in their role as gatekeepers, now play the role that government once did in controlling and keeping open these avenues of expression. Consequently, they can be subjected to public law free speech obligations. And lastly, we discussed how the constitutional conception of free speech in India, that the Court has gradually evolved over many years, is a social-democratic one, that requires the keeping open of a free and inclusive public sphere. And if there is one thing that fast-lanes over the internet threaten, it is certainly a free and inclusive (digital) public sphere. A combination of these arguments provides us with an arguable case for imposing obligations of net neutrality upon ISPs, even in the absence of a statutory or regulatory obligations, grounded within the constitutional guarantee of the freedom of speech and expression.

For the previous post, please see: http://cis-india.org/internet-governance/blog/-neutrality-free-speech-and-the-indian-constitution-part-2.

_____________________________________________________________________________________________________

Gautam Bhatia — @gautambhatia88 on Twitter — is a graduate of the National Law School of India University (2011), and presently an LLM student at the Yale Law School. He blogs about the Indian Constitution at http://indconlawphil.wordpress.com. Here at CIS, he will be blogging on issues of online freedom of speech and expression.

---

The article was published in the Hindu Businessline on May 10, 2014.

---

One word to describe NetMundial: Disappointing! Why? Because despite the promise, human rights on the Internet are still insufficiently protected. Snowden’s revelations starting last June threw the global Internet governance processes into crisis.

Things came to a head in October, when Brazil’s President Dilma Rousseff, horrified to learn that she was under NSA surveillance for economic reasons, called for the organisation of a global conference called NetMundial to accelerate Internet governance reform.

The NetMundial was held in São Paulo on April 23-24 this year. The result was a statement described as “the non-binding outcome of a bottom-up, open, and participatory process involving … governments, private sector, civil society, technical community, and academia from around the world.” In other words — it is international soft law with no enforcement mechanisms.

The statement emerges from “broad consensus”, meaning governments such as India, Cuba and Russia and civil society representatives expressed deep dissatisfaction at the closing plenary. Unlike an international binding law, only time will tell whether each member of the different stakeholder groups will regulate itself.

Again, not easy, because the outcome document does not specifically prescribe what each stakeholder can or cannot do — it only says what internet governance (IG) should or should not be. And finally, there’s no global consensus yet on the scope of IG. The substantive consensus was disappointing in four important ways:

Mass surveillance : Civil society was hoping that the statement would make mass surveillance illegal. After all, global violation of the right to privacy by the US was the raison d'être of the conference.

Instead, the statement legitimised “mass surveillance, interception and collection” as long as it was done in compliance with international human rights law. This was clearly the most disastrous outcome.

Access to knowledge: The conference was not supposed to expand intellectual property rights (IPR) or enforcement of these rights. After all, a multilateral forum, WIPO, was meant to address these concerns. But in the days before the conference the rights-holders lobby went into overdrive and civil society was caught unprepared.

The end result — “freedom of information and access to information” or right to information in India was qualified “with rights of authors and creators”. The right to information laws across the world, including in India, contains almost a dozen exemptions, including IPR. The only thing to be grateful for is that this limitation did not find its way into the language for freedom of expression.

Intermediary liability: The language that limits liability for intermediaries basically provides for a private censorship regime without judicial oversight, and without explicit language protecting the rights to freedom of expression and privacy. Even though the private sector chants Hillary Clinton's Internet freedom mantra — they only care for their own bottomlines.

Net neutrality: Even though there was little global consensus, some optimistic sections of civil society were hoping that domestic best practice on network neutrality in Brazil’s Internet Bill of Right — also known as Marco Civil, that was signed into law during the inaugural ceremony of NetMundial — would make it to the statement. Unfortunately, this did not happen.

For almost a decade since the debate between the multi-stakeholder and multilateral model started, the multi-stakeholder model had produced absolutely nothing outside ICANN (Internet Corporation for Assigned Names and Numbers, a non-profit body), its technical fraternity and the standard-setting bodies.

The multi-stakeholder model is governance with the participation (and consent — depending on who you ask) of those stakeholders who are governed. In contrast, in the multilateral system, participation is limited to nation-states.

Civil society divisions

The inability of multi-stakeholderism to deliver also resulted in the fragmentation of global civil society regulars at Internet Governance Forums.

But in the run-up to NetMundial more divisions began to appear. If we ignore nuances — we could divide them into three groups. One, the ‘outsiders’ who are best exemplified by Jérémie Zimmermann of the La Quadrature du Net. Jérémie ran an online campaign, organised a protest during the conference and did everything he could to prevent NetMundial from being sanctified by civil society consensus.

Two, the ‘process geeks’ — for these individuals and organisations process was more important than principles. Most of them were as deeply invested in the multi-stakeholder model as ICANN and the US government and some who have been riding the ICANN gravy train for years.

Even worse, some were suspected of being astroturfers bootstrapped by the private sector and the technical community. None of them were willing to rock the boat. For the ‘process geeks’, seeing politicians and bureaucrats queue up like civil society to speak at the mike was the crowning achievement.

Three, the ‘principles geeks’ perhaps best exemplified by the Just Net Coalition who privileged principles over process. Divisions were also beginning to sharpen within the private sector. For example, Neville Roy Singham, CEO of Thoughtworks, agreed more with civil society than he did with other members of the private sector in his interventions.

In short, the ‘outsiders’ couldn't care less about the outcome and will do everything to discredit it, the ‘process geeks’ stood in ovation when the outcome document was read at the closing plenary and the ‘principles geeks’ returned devastated.

For the multi-stakeholder model to survive it must advance democratic values, not undermine them.

This will only happen if there is greater transparency and accountability. Individuals, organisations and consortia that participate in Internet governance processes need to disclose lists of donors including those that sponsor travel to these meetings.

Media reports across India are focusing on the new government and its Cabinet portfolios. In the midst of the celebration of and grief over the regime change, we found many reports indicating that civil society is wary of the new government’s stance towards Internet freedoms.

Andhra Pradesh:

Andhra MLA and All India Majlis-e-Ittihad ul-Muslimin member Akbaruddin Owaisi has been summoned to appear before a Kurla magistrate’s court on grounds of alleged hate speech and intention to harm harmony of Hinduism and Islam. Complainant Gulam Hussain Khan saw an online video of a December 2012 speech by Owaisi and filed a private complaint with the court. “I am prima facie satisfied that it disclosed an offence punishable under Section(s) 153A and 295A of the Indian Penal Code,” the Metropolitan Magistrate said.

Goa:

A Goa Sessions Judge has dismissed shipbuilding diploma engineer Devu Chodankar’s application for anticipatory bail. On the basis of an April 26 complaint by CII state president Atul Pai Kane, Goa cybercrime cell registered a case against Chodankar for allegedly posting matter on a Facebook group with the intention of promoting enmity between religious groups in view of the 2014 general elections. The Judge noted, inter alia, that Sections 153A and 295A of the Indian Penal Code were attracted, and that it is necessary to find out whether, on the Internet, “there is any other material which could be considered as offensive or could create hatred among different classes of citizens of India”.

Karnataka:

Syed Waqas, an MBA student from Bhatkal pursuing an internship in Bangalore, was picked up for questioning along with four of his friends after Belgaum social activist Jayant Tinaikar filed a complaint. The cause of the complaint was a MMS, allegedly derogatory to Prime Minister Narendra Modi. After interrogation, the Khanapur (Belgaum) police let Waqas off on the ground that Waqas was not the originator of the MMS, and that Mr. Tinaikar had provided an incorrect mobile phone number.

In another part of the country, Digvijaya Singh is vocal about Indian police’s zealous policing of anti-Modi comments, while they were all but visible when former Prime Minister Dr. Manmohan Singh was the target of abusive remarks.

Kerala:

The Anti-Piracy Cell of Kerala Police plans to target those uploading pornographic content on to the Internet and its sale through memory cards. A circular to this effect has been issued to all police stations in the state, and civil society cooperation is requested.

In other news, Ernakulam MLA Hibi Eden inaugurated “Hibi on Call”, a public outreach programme that allows constituents to reach the MLA directly. A call on 1860 425 1199 registers complaints.

Maharashtra:

Mumbai police are investigating pizza delivery by an unmanned drone, which they consider a security threat.

Tamil Nadu:

Small and home-run businesses in Chennai are flourishing with the help of Whatsapp and Facebook: Mohammed Gani helps his customers match bangles with Whatsapp images, Ayeesha Riaz and Bhargavii Mani send cakes and portraits to Facebook-initiated customers. Even doctors spread information and awareness using Facebook. In Madurai, you can buy groceries online, too.

Opinion:

Chethan Kumar fears that Indian cyberspace is strangling freedom of expression through the continued use of the ‘infamous’ Section 66A of the Information Technology Act, 2000 (as amended in 2008). Sunil Garodia expresses similar concerns, noting a number of arrests made under Section 66A.

However, Ankan Bose has a different take; he believes there is a thin but clear line between freedom of expression and a ‘freedom to threaten’, and believes Devu Chodankar and Syed Waqar may have crossed that line. For more on Section 66A, please redirect here.

While Nikhil Pahwa is cautious of the new government’s stance towards Internet freedoms, given the (as yet) mixed signals of its ministers, Shaili Chopra ruminates on the new government’s potential dive into a “digital mutiny and communications revolution” and wonders about Modi’s social media management strategy. For Kashmir Times reader Hardev Singh, even Kejriwal’s arrest for allegedly defaming Nitin Gadkari will lead to a chilling effect on freedom of expression.

Elsewhere, the Hindustan Times is intent on letting Prime Minister Narendra Modi know that his citizens demand their freedom of speech and expression. Civil society and media all over India express their concerns for their freedom of expression in light of the new government.

The article was published in the Hoot on May 20, 2014.

---

In October 2010, the Department of Personnel and Training ("DOPT") of the Ministry of Personnel, Public Grievances and Pensions released an ‘Approach Paper’ towards drafting a privacy law for India. The Approach Paper claims to be prepared by a leading Indian corporate law firm that, to the best of my knowledge, has almost no experience of criminal procedure or constitutional law. The Approach Paper resulted in the drafting of a Right to Privacy Bill, 2011 ("DOPT Bill") which, although it has suffered several leaks, has neither been published for public feedback nor sent to the Cabinet for political clearance prior to introduction in Parliament.

Approach Paper and DOPT Bill

The first article in this two-part series broadly examined the many legal facets of privacy. Notions of privacy have long informed law in common law countries and have been statutorily codified to protect bodily privacy, territorial or spatial privacy, locational privacy, and so on. These fields continue to evolve and advance; for instance, the legal imperative to protect intimate body privacy from violation has now expanded to include biometric information, and the protection given to the content of personal communications that developed over the course of the twentieth century is now expanding to encompass metadata and other ‘information about information’.

The Approach Paper suffers from several serious flaws, the largest of which is its conflation of commercial data protection and privacy. It ignores the diversity of privacy law and jurisprudence in the common law, instead concerning itself wholly with commercial data protection. This creates a false equivalency, albeit not one that cannot be rectified by re-naming the endeavour to describe commercial data protection only.

However, there are other errors. The paper claims that no right of action exists for privacy breaches between citizens inter se. This is false, the civil wrongs of nuisance, interference with enjoyment, invasion of privacy, and other similar torts and actionable claims operate to redress privacy violations. In fact, in the case of Ratan Tata v. Union of India that is currently being heard by the Supreme Court of India, at least two parties are arguing that privacy is already adequately protected by civil law. Further, the criminal offences of nuisance and defamation, amongst others, and the recently introduced crimes of stalking and voyeurism, all create rights of action for privacy violations. These measures are incomplete, – this is not contested, the premise of these articles is the need for better privacy protection law – but denying their existence is not useful.

The shortcomings of the Approach Paper are reflected in the draft legislation it resulted in. A major concern with the DOPT Bill is its amateur treatment of surveillance and interception of communications. This is inevitable for the Approach Paper does not consider this area at all although there is sustained and critical global and national attention to the issues that attend surveillance and communications privacy. For an effort to propose privacy law, this lapse is quite astonishing. The Approach Paper does not even examine if Parliament is competent to regulate surveillance, although the DOPT Bill wades into this contested turf.

Constitutionality of Interceptions

In a federal country, laws are weighed by the competence of their legislatures and struck down for overstepping their bounds. In India, the powers to legislate arise from entries that are contained in three lists in Schedule VII of the Constitution. The power to legislate in respect of intercepting communications traditionally emanates from Entry 31 of the Union List, which vests the Union – that is, Parliament and the Central Government – with the power to regulate “Posts and telegraphs; telephones, wireless, broadcasting and other like forms of communication” to the exclusion of the States. Hence, the Indian Telegraph Act, 1885, and the Indian Post Office Act, 1898, both Union laws, contain interception provisions. However, after holding the field for more than a century, the Supreme Court overturned this scheme in Bharat Shah’s case in 2008.

The case challenged the telephone interception provisions of the Maharashtra Control of Organised Crime Act, 1999 ("MCOCA"), a State law that appeared to transgress into legislative territory reserved for the Union. The Supreme Court held that Maharashtra’s interception provisions were valid and arose from powers granted to the States – that is, State Assemblies and State Governments – by Entries 1 and 2 of the State List, which deal with “public order” and “police” respectively. This cleared the way for several States to frame their own communications interception regimes in addition to Parliament’s existing laws. The question of what happens when the two regimes clash has not been answered yet. India’s federal scheme anticipates competing inconsistencies between Union and State laws, but only when these laws derive from the Concurrent List which shares legislative power. In such an event, the ‘doctrine of repugnancy’ privileges the Union law and strikes down the State law to the extent of the inconsistency.

In competitions between Union and State laws that do not arise from the Concurrent List but instead from the mutually exclusive Union and State Lists, the ‘doctrine of pith and substance’ tests the core substance of the law and traces it to one the two Lists. Hence, in a conflict, a Union law the substance of which was traceable to an entry in the State List would be struck down, and vice versa.

However, the doctrine permits incidental interferences that are not substantive. For example, as in a landmark 1946 case, a State law validly regulating moneylenders may incidentally deal with promissory notes, a Union field, since the interference is not substantive. Since surveillance is a police activity, and since “police” is a State subject, care must be taken by a Union surveillance law to remain on the pale of constitutionality by only incidentally affecting police procedure. Conversely, State surveillance laws were required to stay clear of the Union’s exclusive interception power until Bharat Shah’s case dissolved this distinction without answering the many questions it threw up.

Since the creation of the Republic, India’s federal scheme was premised on the notion that the Union and State Lists were exclusive of each other. Conceptually, the Union and the States could not have competing laws on the same subject. But Bharat Shah did just that; it located the interception power in both the Lists and did not enunciate a new doctrine to resolve their (inevitable) future conflict. This both disturbs Indian constitutional law and goes to the heart of surveillance and privacy law.

Three Principles of Interception

Apart from the important questions regarding legislative competence and constitutionality, the DOPT Bill proposed weak, ill-informed, and poorly drafted provisions to regulate surveillance and interceptions. It serves no purpose to further scrutinise the 2011 DOPT Bill. Instead, at this point, it may be constructive to set out the broad contours of a good interceptions regulation regime. Some clarity on the concepts: intercepting communications means capturing the content and metadata of oral and written communications, including letters, couriers, telephone calls, facsimiles, SMSs, internet telephony, wireless broadcasts, emails, and so on. It does not include activities such visual capturing of images, location tracking or physical surveillance; these are separate aspects of surveillance, of which interception of communications is a part.

Firstly, all interceptions of communications must be properly sanctioned. In India, under Rule 419A of the Indian Telegraph Rules, 1951, the Home Secretary – an unelected career bureaucrat, or a junior officer deputised by the Home Secretary – with even lesser accountability, authorises interceptions. In certain circumstances, even senior police officers can authorise interceptions. Copies of the interception orders are supposed to be sent to a Review Committee, consisting of three more unelected bureaucrats, for bi-monthly review. No public information exists, despite exhaustive searching, regarding the authorisers and numbers of interception orders and the appropriateness of the interceptions.

The Indian system derives from outdated United Kingdom law that also enables executive authorities to order interceptions. But, the UK has constantly revisited and revised its interception regime; its present avatar is governed by the Regulation of Investigatory Powers Act, 2000 ("RIPA") which creates a significant oversight mechanism headed by an independent commissioner, who monitors interceptions and whose reports are tabled in Parliament, and quasi-judicially scrutinised by a tribunal comprised of judges and senior independent lawyers, which hears public complaints, cancels interceptions, and awards monetary compensation. Put together, even though the current UK interceptions system is executively sanctioned, it is balanced by independent and transparent quasi-judicial authorities.

In the United States, all interceptions are judicially sanctioned because American constitutional philosophy – the separation of powers doctrine – requires state action to be checked and balanced. Hence, ordinary interceptions of criminals’ communications as also extraordinary interceptions of perceived national security threats are authorised only by judges, who are ex hypothesi independent, although, as the PRISM affairs teaches us, independence can be subverted. In comparison, India’s interception regime is incompatible with its democracy and must be overhauled to establish independent and transparent authorities to properly sanction interceptions.

Secondly, no interceptions should be sanctioned but upon ‘probable cause’. Simply described, probable cause is the standard that convinces a reasonable person of the existence of criminality necessary to warrant interception. Probable case is an American doctrine that flows from the US Constitution’s Fourth Amendment that protects the rights of people to be secure in places in which they have a reasonable expectation of privacy. There is no equivalent standard in UK law, except perhaps the common law test of reasonability that attaches to all government action that abridges individual freedoms. If a coherent ‘reasonable suspicion’ test could be coalesced from the common law, I think it would fall short of the strictness that the probable cause doctrine imposes on the executive. Therefore, the probable cause requirement is stronger than ordinary constraint of reasonability but weaker than the standard of reasonable doubt beyond which courts may convict. In this spectrum of acceptable standards, India’s current law in section 5(2) of the Indian Telegraph Act, 1885 is the weakest for it permits interceptions merely “on the occurrence of any public emergency or in the interest of public safety”, which determination is left to the “satisfaction” of a bureaucrat. And, under Rule 419A(2) of the Telegraph Rules, the only imposition on the bureaucrat when exercising this satisfaction is that the order “contain reasons” for the interception.

Thirdly, all interceptions should be warranted. This point refers not to the necessity or otherwise of the interception, but to the framework within which it should be conducted. Warrants should clearly specify the name and clear identity of the person whose communications are sought to be intercepted. The target person’s identity should be linked to the specific means of communication upon which the suspected criminal conversations take place. Therefore, if the warrant lists one person’s name but another person’s telephone number – which, because of the general ineptness of many police forces, is not uncommon – the warrant should be rejected and the interception cancelled. And, by extension, the specific telephone number, or email account, should be specified. A warrant against a person called Rahul Kumar, for instance, cannot be executed against all Rahul Kumars in the vicinity, nor also against all the telephones that the one specific Rahul Kumar uses, but only against the one specific telephone number that is used by the one specific Rahul Kumar. Warrants should also specify the duration of the interception, the officer responsible for its conduct and thereby liable for its abuse, and other safeguards. Some of these concerns were addressed in 2007 when the Telegraph Rules were amended, but not all.

A law that fails to substantially meet the standards of these principles is liable, perhaps in the not too distant future, to be read down or struck down by India’s higher judiciary. But, besides the threat of judicial review, a democratic polity must protect the freedoms and diversity of its citizens by holding itself to the highest standards of the rule of law, where the law is just.

Media focus on the new government and its ministries and portfolios has been extensive, and to my knowledge, few newspapers or online sources have reported violations of freedom of speech. However, on his first day in office, the new I&B Minister, Prakash Javadekar, acknowledged the importance of press freedom, avowing that it was the “essence of democracy”. He has assured that the new government will not interfere with press freedom.

Assam:

A FICCI discussion in Guwahati, attended among others by Microsoft and Pricewaterhouse Coopers, focused on the role of information technology in governance.

Goa:

Following the furore over allegedly inflammatory, ‘hate-mongering’ Facebook posts by shipping engineer Devu Chodankar, a group of Goan netizens formed a ‘watchdog forum’ to police “inappropriate and communally inflammatory content” on social media. Diana Pinto feels, however, that some ‘compassion and humanism’ ought to have prompted only a stern warning in Devu Chodankar’s case, and not a FIR.

Karnataka:

Syed Waqar was released by Belgaum police after questioning revealed he was a recipient of the anti-Modi MMS. The police are still tracing the original sender.

Madhya Pradesh:

The cases of Shaheen Dhada and Rinu Srinivasan, and recently of Syed Waqar and Devu Chodankar have left Indore netizens overly cautious about “posting anything recklessly on social media”. Some feel it is a blow to democracy.

Maharashtra:

In Navi Mumbai, the Karjat police seized several computers, hard disks and blank CDs from the premises of the Chandraprabha Charitable Trust in connection with an investigation into sexual abuse of children at the Trust’s school-shelter. The police seek to verify whether the accused recorded any obscene videos of child sexual abuse.

In Mumbai, even as filmmakers, filmgoers, artistes and LGBT people celebrated the Kashish Mumbai International Queer Film Festival, all remained apprehensive of the new government’s social conservatism, and were aware that the films portrayed acts now illegal in India.

Manipur:

At the inauguration of the 42nd All Manipur Shumang Leela Festival, V.K. Duggal, State Governor and Chairman of the Manipur State Kala Akademi, warned that the art form was under threat in the digital age, as Manipuri films are replacing it in popularity.

Rajasthan:

Following the lead of the Lok Sabha, the Rajasthan state assembly has adopted a digital conference and voting system to make the proceedings in the House more efficient and transparent.

Seemandhra:

Seemandhra Chief Minister designate N. Chandrababu Naidu promised a repeat of his hi-tech city miracle ‘Cyberabad’ in Seemandhra.

West Bengal:

West Bengal government has hired PSU Urban Mass Transit Company Limited to study, install and operationalize Intelligent Transport System in public transport in Kolkata. GPS will guide passengers about real-time bus routes and availability. While private telecom operators have offered free services to the transport department, there are no reports of an end-date or estimated expenditure on the project.

News and Opinion:

Over a week ago, Avantika Banerjee wrote a speculative post on the new government’s stance towards Internet policy. At Fair Observer, Gurpreet Mahajan laments that community politics in India has made a lark of banning books.

India’s Computer Emergency Response Team (CERT-In) has detected high-level virus activity in Microsoft’s Internet Explorer 8, and recommends upgrading to Explorer 11.

Of the projected 400 million users that Twitter will have by 2018, India and Indonesia are expected to outdo the United Kingdom in user base. India saw nearly 60% growth in user base this year, and Twitter played a major role in Elections 2014. India will have over 18.1 million users by 2018.

Elsewhere in the world:

Placing a bet on the ‘Internet of Everything’, Cisco CEO John Chambers predicted a “brutal consolidation” of the IT industry in the next five years. A new MarketsandMarkets report suggests that the value of the ‘Internet of Things’ may reach US $1423.09 billion by 2020 at an estimated CAGR of 4.08% from 2014 to 2020.

China’s Xinhua News Agency announced its month-long campaign to fight “infiltration from hostile forces at home and abroad” through instant messaging. Message providers WeChat, Momo, Mi Talk and Yixin have expressed their willingness to cooperate in targeting those engaging in fraud, or in spreading ‘rumours’, violence, terrorism or pornography. In March this year, WeChat deleted at least 40 accounts with political, economic and legal content.

Thailand’s military junta interrupted national television broadcast to deny any role in an alleged Facebook-block. The site went down briefly and caused alarm among netizens.

Snowden continues to assure that he is not a Russian spy, and has no relationship with the Russian government.

For example, the ubiquitous smartphone, above and beyond a communication device, is a device which can maintain a complete record of the communications data, photos, videos and documents, and a multitude of other deeply personal information, like application data which includes location tracking, or financial data of the user. As computers and phones increasingly allow us to keep massive amounts of personal information accessible at the touch of a button or screen (a standard smartphone can hold anything between 500 MB to 64 GB of data), the increasing reliance on computers as information-silos also exponentially increases the harms associated with the loss of control over such devices and the information they contain. This vulnerability is especially visceral in the backdrop of law enforcement and the use of coercive state  power to maintain security, juxtaposed with the individual’s right to secure their privacy.

American Law - The Fourth Amendment Protection against Unreasonable Search and Seizure

The right to conduct a search and seizure of persons or places is an essential part of investigation and the criminal justice system. The societal interest in maintaining security is an overwhelming consideration which gives the state a restricted mandate to do all things necessary to keep law and order, which includes acquiring all possible information for investigation of criminal activities, a restriction which is based on recognizing the perils of state-endorsed coercion and its implication on individual liberty. Digitally stored information, which is increasingly becoming a major site of investigative information, is thus essential in modern day investigation techniques. Further, specific crimes which have emerged out of the changing scenario, namely, crimes related to the internet, require investigation almost exclusively at the level of digital evidence. The role of courts and policy makers, then, is to balance the state’s mandate to procure information with the citizens’ right to protect it.

The scope of this mandate is what is currently being considered before the Supreme Court of the United States, which begun hearing arguments in the cases Riley v. California,[1] and United States v Wurie,[2]on the 29^th of April, 2014. At issue is the question of whether the police should be allowed to search the cell phones of individuals upon arrest, without obtaining a specific warrant for such search. The cases concern instances where the accused was arrested on account of a minor infraction and a warrantless search was conducted, which included the search of cell phones in their possession. The information revealed in the phones ultimately led to the evidence of further crimes and the conviction of the accused of graver crimes. The appeal is for a suppression of the evidence so obtained, on grounds that the search violates the Fourth Amendment of the American Constitution. Although there have been a plethora of conflicting decisions by various lower courts (including the judgements in Wurie and Riley),[3] the Federal Supreme Court will be for the first time deciding upon the issue of whether cell phone searches should require a higher burden under the Fourth Amendment.

At the core of the issue are considerations of individual privacy and the right to limit the state’s interference in private matters. The fourth amendment in the Constitution of the United States expressly grants protection against unreasonable searches and seizure,[4]however, without a clear definition of what is unreasonable, it has been left to the courts to interpret situations in which the right to non-interference would trump the interests of obtaining information in every case, leading to vast and varied jurisprudence on the issue. The jurisprudence stems from the wide fourth amendment protection against unreasonable government interference, where the rule is generally that any warrantless search is unreasonable, unless covered by certain exceptions. The standard for the protection under the Fourth Amendment is a subjective standard, which is determined as per the state of the bind of the individual, rather than any objective qualifiers such as physical location; and extends to all situations where individuals have a reasonable expectation of privacy, i.e., situations where individuals can legitimately expect privacy, which is a subjective test, not purely dependent upon the physical space being searched.[5]

Therefore, the requirement of reasonableness is generally only fulfilled when a search is conducted subsequent to obtaining a warrant from a neutral magistrate, by demonstrating probable cause to believe that evidence of any unlawful activity would be found upon such search. A warrant is, therefore, an important limitation on the search powers of the police. Further, the protection excludes roving or general searches and requires particularity of the items to be searched. The restriction derives its power from the exclusionary rule, which bars evidence obtained through unreasonable search or seizure, obtained directly or through additional warrants based upon such evidence, from being used in subsequent prosecutions. However, there have evolved several exceptions to the general rule, which includes cases where the search takes place upon the lawful arrest of an accused, a practice which is justified by the possibility of hidden weapons upon the accused or of destruction of important evidence.[6]

The appeal, if successful, would provide an exception to the rule that any search upon lawful arrest is always reasonable, by creating a caveat for the search of computer devices like smartphones. If the court does so, it would be an important recognition of the fact that evolving technologies have transmuted the concept of privacy to beyond physical space, and legal rules and standards that applied to privacy even twenty years ago, are now anachronistic in an age where individuals can record their entire lives on an iPhone. Searching a person nowadays would not only lead to the recovery of calling cards or cigarettes, but phones and computers which can be the digital record of a person’s life, something which could not have been contemplated when the laws were drafted. Cell phone and computer searches are the equivalent of searches of thousands of documents, photos and personal records, and the expectation of privacy in such cases is much higher than in regular searches. Courts have already recognized that cell phones and laptop computers are objects in which the user may have a reasonable expectation of privacy by making them analogous to a “closed container” which the police cannot search and hence coming under the protection of the Fourth Amendment.[7]

On the other hand, cell phones and computers also hold data which could be instrumental in investigating criminal activity, and with technologies like remote wipes of computer data available, such data is always at the risk of destruction if delay is occurred upon the investigation. As per the oral arguments, being heard now, the Court seems to be carving out a specific principle applicable to new technologies. The Court is likely to introduce subtleties specific to the technology involved – for example, it may seek to develop different principles for smartphones (at issue in Riley) and the more basic kind of cell-phones (at issue in Wurie), or it may recognize that only certain kinds of information may be accessed,[8]or may even evolve a rule that would allow seizure, but not a search, of the cell phone before a search warrant can be obtained.[9] Recognizing that transformational technology needs to be reflected in technology-specific legal principles is an important step in maintaining a synchronisation between law and technology and the additional recognition of a higher threshold adopted for digital evidence and privacy would go a long way in securing digital privacy in the future.

Search and Seizure in India

Indian jurisprudence on privacy is a wide departure from that in the USA. Though it is difficult to strictly compartmentalize the many facets of the right to privacy, there is no express or implicit mention of such a right in the Indian Constitution. Although courts have also recognized the importance of procedural safeguards in protecting against unreasonable governmental interference, the recognition of the intrinsic right to privacy as non-interference, which may be different from the instrumental rights that criminal procedure seeks to protect (such as misuse of police power), is sorely lacking. The general law providing for the state’s power of search and seizure of evidence is found in the Code of Criminal Procedure, 1973.

Section 93 provides for the general procedure of search. Section 93 allows for a magistrate to issue a warrant for the search of any “document or thing”, including a warrant for general search of an area, where it believes it is required for the purpose of investigation. The particularity of the search warrant is not a requirement under S. 93(2), and hence a warrant may be for general or roving search of a place. Section 100, which further provides for the search of a closed place, includes certain safeguards such as the presence of witnesses and the requirement of a warrant before a police officer may be allowed ingress into the closed place. However, under S. 165 and S. 51 of the code, the requirements of a search warrant are exempted. S. 165 dispenses with the warrant requirement and provides for an officer in charge of a police station, or any other officer duly authorized by him, to conduct the search of any place as long as he has reasonable grounds to believe that such search would be for the purpose of an investigation and a belief that a search warrant cannot be obtained without undue delay. Further, the officer conducting such search must as far as possible note down the reasons for such belief in writing prior to conducting the search. Section 51 provides another express exception to the requirement of search warrants, by allowing the search of a person arrested lawfully provided that the arrested person may not or cannot be admitted to bail, and requires any such seized items to be written in a search memo. As long as these conditions are fulfilled, the police has an unqualified authority to search a person upon arrest. Therefore, where the arrestee can be admitted to bail as per the warrant, or, in cases of warrantless arrest, as per the law, the search and seizure of such person may not be regular, and the evidence so collected would be subject to greater scrutiny by the court. However, besides these minimal protections, there is no additional procedural protection of individual privacy, and the search powers of the police are extremely wide and discretionary. In fact, there is a specific absence of the exclusionary rule as a protection as well, which means that, unlike under the Fourth Amendment, the non-compliance with the procedural requirements of search would not by itself vitiate the proceedings or suppress the evidence so found, but would only amount to an irregularity which must be simply another factor considered in evaluating the evidence.[10]

The extent of the imputation of the Fourth Amendment protection against unreasonable governmental interference in the Indian constitution is also uncertain. A direct imputation of the Fourth Amendment into the Indian Constitution has been disregarded by the Supreme Court.[11]Though the allusions to the Fourth Amendment have mostly been invoked on facts where unreasonable intrusions into the homes of persons were challenged, the indirect imputation of the right to privacy into the right under Article 21 of the Constitution, invoking the right to privacy as a right to non-interference and a right to live with dignity, would suggest that the considerations for privacy under the Constitution are not merely objective, or physical, but depend on the subjective facts of the situation, i.e. its effect on the right to live with dignity (analogous to the reasonable expectation of privacy test laid down in Katz).[12] Further, the court has specifically struck down provisions for search and seizure which confer particularly wide and discretionary powers on the executive without judicial scrutiny, holding that searches must be subject to the doctrine of proportionality, and that a provision probable cause to effect any search.[13] The Fourth Amendment protection against unreasonable interference in private matters by the state is a useful standard to assess privacy, since it imputes a concept of privacy as an intrinsic right as well as an instrumental one, i.e. privacy as non-interference is a good in itself, notwithstanding the rights it helps achieve, like the freedom of movement or speech.

Regarding digital privacy in particular, Indian law and policy has failed to stand up to the challenges that new technologies pose to privacy and has in fact been regressive, by engaging in surveillance of communications and by allowing governmental access to digital records of online communications (including emails, website logs, etc.) without judicial scrutiny and accountability.[14] In an age of transformative technology and of privacy being placed at a much greater risk, laws which were once deemed reasonable are now completely inadequate in guaranteeing freedom and liberty as encapsulated by the right to privacy. The disparity is even more pronounced in cases of investigation of cyber-crimes which rely almost exclusively on digital evidence, such as those substantively enumerated under the Information Technology Act, but investigated under the general procedure laid down in the Code of Criminal Procedure, which is already mentioned. The procedures for investigation of cyber-crimes and the search and seizure of digital evidence require special consideration and must be brought in line with changing norms. Although S.69 and 69B lay down provisions for investigation of certain crimes,[15] which requires search upon an order by competent authority, i.e. the Secretary to the Department of IT in the Government of India, the powers of search and seizure are also present in several other rules, such as rule 3(9) of the Information Technology (Due diligence observed by intermediaries guidelines) Rules, 2011 which allows access to information from intermediaries by a simple written order by any agency or person who are lawfully authorised for investigative, protective, cyber security or intelligence activity; or under rule 6 of the draft Reasonable Security Practices Rules, 2011 framed under Section 43A of the Information Technology Act, where any government agency may, for the prevention, detection, investigation, prosecution, and punishment of offences, obtain any personal data from an intermediate “body corporate” which stores such data. The rules framed for investigation of digital evidence, therefore, do not inspire much confidence where safeguarding privacy is concerned. In the absence of specific guidelines or amendments to the procedures of search and seizure of digital evidence, the inadequacies of applying archaic standards leads to unreasonable intrusions of individual privacy and liberties – an incongruity which requires remedy by the courts and legislature of the country.

---

[1]. http://www.supremecourt.gov/oral_arguments/argument_transcripts/13-132_h315.pdf

[2]. http://www.supremecourt.gov/oral_arguments/argument_transcripts/13-212_86qd.pdf

[3]. In Wurie, the motion to supress was allowed, while in Riley it was denied. Also see US v Jacob Finley, US v Abel Flores-Lopez where the motion to suppress was denied.

[4]. The Fourth Amendment to the Constitution of the United States of America: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

[5]. Katz v United States, 389 U.S. 347, 352 (1967).

[6]. Stephen Saltzer, American Criminal Procedure

[7]. United States v Chan, 830 F. Supp. 531,534 (N.D. Cal. 1993).

[8]. A factor considered in US v Abel Flores-Lopez, where the court held that the search of call history in a cell phone did not constitute a sufficient infringement of privacy to require the burden of a warrant.

[9]. The decision in Smallwood v. Florida, No. SC11-1130, before the Florida Supreme Court, made such a distinction.

[10]. State Of Maharashtra v. Natwarlal Damodardas Soni, AIR 1980 SC 593; Radhakrishnan v State of UP, 1963 Supp. 1 S.C.R. 408

[11]. M.P. Sharma v Satish Chandra, AIR 1954 SC 300

[12]. Kharak Singh v State of UP, (1964) 1 SCR 332; Gobind v State of Madhya Pradesh, 1975 AIR 1378

[13]. District Registrar and Collector v. Canara Bank, AIR 2005 SC 186, which related to S.73 of the Andhra Pradesh Stamps Act which allowed ‘any person’ to enter into ‘any premises’ for the purpose of conducting a search.

[14]. S. 69 and 69B of the Information Technology (Amendment) Act, 2008.

[15]. Procedures and Safeguards for Monitoring and collecting traffic data or information rules 2009, available at http://cis-india.org/internet-governance/resources/it-procedure-and-safeguard-for-monitoring-and-collecting-traffic-data-or-information-rules-2009

In the immediate aftermath of the elections, free speech issues have come to the fore again. In Goa, a Facebook user was summoned for a post warning a second holocaust if Modi was elected to power. In Karnataka, a MBA student was likewise arrested for circulating an MMS that showed Modi’s face morphed onto a corpse, with the slogan “Abki baar antim sanskaar”. These arrests have reopened the debate about the constitutional validity of Section 66A of the IT Act, which is the legal provision governing online speech in India. Section 66A criminalises, among other things, the sending of information that is “grossly offensive or menacing in character” or causes “annoyance or inconvenience”. The two instances cited above raise – not for the first time – the concern that when it comes to implementation, Section 66A is unworkable to the point of being unconstitutional.

Like all legal provisions, Section 66A must comply with the fundamental rights chapter of the Indian Constitution. Article 19(1)(a) guarantees the freedom of speech and expression, and Article 19(2) permits reasonable restrictions in the interests of – inter alia – “public order, decency or morality”. Presumably, the only way in which Section 66A can be justified is by showing that it falls within the category of “public order” or of “morality”. The precedent of the Supreme Court, however, has interpreted Article 19(2) in far narrower terms than the ones that Section 66A uses. The Court has held that “public order” may only be invoked if there is a direct and immediate relation between the offending speech and a public order disturbance – such as, for instance, a speaker making an incendiary speech to an excited mob, advocating imminent violence (the Court has colloquially stated the requirement to be a “spark in a powder keg”). Similarly, while the Court has never precisely defined what “morality” – for the purposes of Article 19(2) – means, the term has been invoked where (arguably) pornographic materials are concerned – and never simply because speech has “offended” or “menaced” someone. Indeed, the rhetoric of the Court has consistently rejected the proposition that the government can prohibit individuals from offending one another.

This raises two constitutional problems with Section 66A: the problems of overbreadth and vagueness. Both doctrines have been developed to their fullest in American free speech law, but the underlying principles are universal.

A statute is overbroad when it potentially includes within its prohibitions both speech that it is entitled to prohibit, and speech that it is not. In Gooding v. Wilson, a Georgia statute criminalized the use of “opprobrious words or abusive language”. In defending the statute, the State of Georgia argued that its Courts had read it narrowly, limiting its application to “fighting words” – i.e., words that by their very nature tended to incite an imminent breach of the peace, something that was indisputably within the power of the State to prohibit. The Supreme Court rejected the argument and invalidated the statute. It found that the words “opprobrious” and “abusive” had greater reach than “fighting words”. Thus, since the statute left “wide open the standard of responsibility, so that it [was] easily susceptible to improper application”, the Court struck it down.

A statute is vague when persons of “ordinary intelligence… have no reasonable opportunity to know what is prohibited.” In Grayned v. Rockford, the American Supreme Court noted that “a vague law impermissibly delegates basic policy matters to policemen, judges, and juries for resolution on an ad hoc and subjective basis, with the attendant dangers of arbitrary and discriminatory application.” There are, therefore, a number of problems with vague laws: one of the fundamental purposes of law is to allow citizens to plan their affairs with a degree of certainty. Vagueness in legislation prevents that. And equally importantly, vague laws leave a wide scope of implementing power with non-elected bodies, such as the police – leading to the fear of arbitrary application.

While overbreadth and vagueness are problems that affect legislation across the board, they assume a particular urgency when it comes to free speech. This is because, as the American Supreme Court has recognized on a number of occasions, speech regulating statutes must be scrutinized with specific care because of the chilling effect: when speech is penalized, people will – out of fear and caution – exercise self-censorship, and the political discourse will be impoverished. If we accept – as the Indian Courts have – that a primary reason for guaranteeing free expression rights is their indispensability to democracy, then the danger of self-censorship is one that we should be particularly solicitous of. Hence, when speech-regulating statutes do proscribe expression, they must be clear and narrowly drawn, in order to avoid the chilling effect. As the American Supreme Court euphemistically framed it, “free speech needs breathing space to survive.” Overbroad and vague speech-restricting statutes are particularly pernicious in denying it that breathing space.

There seems to be little doubt that Section 66A is both overbroad and vague. However ill-judged a holocaust comparison or a morphed corpse-image may be, neither of them are like sparks in a powder keg, which will lead to an immediate breach in public order – or “immoral” in the way of explicit pornography. We can therefore see, clearly, that the implementation of the law leaves almost unbounded scope to officials such as the police, provides room for unconstitutional interpretations, and is so vaguely framed that it is almost impossible to know, in advance, what actions fall within the rule, and which ones are not covered by it. If there is such a thing as over-breadth and vagueness par excellence, then Section 66A is surely it!

At various times in its history, the Supreme Court has acknowledged the problems of overbreadth, vagueness and the chilling effect, but never directly incorporated them into Indian law. As we have seen, each of these elements is connected to the other: over-broad and vague speech-regulating statutes are problematic because of the chilling effect. Since Section 66A is presently being challenged before the Supreme Court, there is a great opportunity for the Court both to get rid of this unconstitutional law, as well as strengthen the foundations of our free speech jurisprudence.

Good afternoon. My name is Pranesh Prakash, and I'm with the Yale Information Society Project and the Centre for Internet and Society.

I am extremely concerned about the accountability of ICANN to the global community. Due to various decisions made by the US government relating to ICANN's birth, ICANN has had a troubled history with legitimacy. While it has managed to gain and retain the confidence of the technical community, it still lacks political legitimacy due to its history. The NTIA's decision has presented us an opportunity to correct this.

However, ICANN can't hope to do so without going beyond the current ICANN community, which while nominally being 'multistakeholder' and open to all, grossly under-represents those parts of the world that aren't North America and Western Europe.

Of the 1010 ICANN-accredited registrars, 624 are from the United States, and 7 from the 54 countries of Africa. In a session yesterday, a large number of the policies that favour entrenched incumbents from richer countries were discussed. But without adequate representation from poorer countries, and adequate representation from the rest of the world's Internet population, there is no hope of changing these policies.

This is true not just of the business sector, but of all the 'stakeholders' that are part of global Internet policymaking, whether they follow the ICANN multistakeholder model or another. A look at the boardmembers of the Internet Architecture Board, for instance, would reveal how skewed the technical community can be, whether in terms of geographic or gender diversity.

Without greater diversity within the global Internet policymaking communities, there is no hope of equity, respect for human rights -- civil, political, cultural, social and economic --, and democratic funtioning, no matter how 'open' the processes seem to be, and no hope of ICANN accountability either.

Delhi NCR:

Following a legal notice from Dina Nath Batra, publisher Orient BlackSwan “set aside… for the present” Communalism and Sexual Violence: Ahmedabad Since 1969 by Dr. Megha Kumar, citing the need for a “comprehensive assessment”. Dr. Kumar’s book is part of the ‘Critical Thinking on South Asia’ series, and studies communal and sexual violence in the 1969, 1985 and 2002 riots of Ahmedabad. Orient BlackSwan insists this is a pre-release assessment, while Dr. Kumar contests that her book went to print in March 2014 after extensive editing and peer review. Dina Nath Batra’s civil suit led Penguin India to withdraw Wendy Doniger’s The Hindus: An Alternative History earlier this year.

The Delhi Police’s Facebook page aimed at reaching out to Delhi residents hailing from the North East proved to be popular.

Goa:

Shipbuilding engineer Devu Chodankar’s ordeal continued. Chodankar, in a statement to the cyber crime cell of the Goa police, clarified that his allegedly inflammatory statements were directed against the induction of the Sri Ram Sene’s Pramod Muthalik into the BJP. Chodankar’s laptop, hard-disk and mobile Internet dongle were seized.

Jammu & Kashmir:

Chief Minister Omar Abdullah announced the withdrawal of a four-year-old SMS ban in the state. The ban was instituted in 2010 following widespread protests, and while it was lifted for post-paid subscribers six months later, pre-paid connections were banned from SMSes until now.

Maharashtra:

In a move to contain public protests over ‘objectionable posts’ about Chhatrapati Shivaji, Dr. B.R. Ambedkar and the late Bal Thackeray (comments upon whose death led to the arrests of Shaheen Dhada and Renu Srinivasan under Section 66A), Maharashtra police will take action against even those who “like” such posts. ‘Likers’ may be charged under the Information Technology Act and the Criminal Procedure Code, say Nanded police.

A young Muslim man was murdered in Pune, apparently connected to the online publication of ‘derogatory’ pictures of Chhatrapati Shivaji and Bal Thackarey. Members of Hindu extremists groups celebrated his murder, it seems. Pune’s BJP MP, Anil Shirole, said, “some repercussions are natural”. Members of the Hindu Rashtra Sena were held for the murder, but it seems that the photographs were uploaded from foreign IP addresses. Across Maharashtra, 187 riotingcases have been registered against a total of 710 persons, allegedly in connection with the offensive Facebook posts.

On a lighter note, Bollywood hopes for a positive relationship with the new government on matters such as film censorship, tax breaks and piracy.

News & Opinion:

Shocking the world, Vodafone reported the existence of secret, direct-access wires that enable government surveillance on citizens. India is among 29 governments that sought access to its networks, says Vodafone.

I&B Minister Prakash Javadekar expressed his satisfaction with media industry self-regulation, and stated that while cross-media ownership is a matter for debate, it is the legality of transactions such as the Reliance-Network18 acquisition that is important.

Nikhil Pahwa of Medianama wrote of a ‘right to be forgotten’ request they received from a user in light of the recent European Court of Justice ruling. The right raises a legal dilemma in India, LiveMint reports. Medianama also comments on Maharashtra police’s decision to take action against Facebook ‘likes’, noting that at the very least, a like and a comment do not amount to the same thing.

The Hindu was scorching in its editorial on the Pune murder, warning that the new BJP government stands to lose public confidence if it does not clearly demonstrate its opposition to religious violence. The Times of India agrees.

Sanjay Hegde wrote of Section 66A of the Information Technology Act, 2000 (as amended in 2008) as a medium-focused criminalization of speech. dnaEdit also published its criticism of Section 66A.

Ajit Ranade of the Mumbai Mirror comments on India as a ‘republic of hurt sentiments’, criminalizing exercises of free speech from defamation, hate speech, sedition and Section 66A. But in this hurt and screaming republic, dissent is crucial and must stay alive.

A cyber security expert is of the opinion that the police find it difficult to block webpages with derogatory content, as servers are located outside India. But data localization will not help India, writes Jayshree Bajoria.

Dharma Adhikari tries to analyze the combined impact of converging media ownership, corporate patronage of politicians and elections, and recent practices of forced and self-censorship and criminalization of speech.

Elsewhere in the world:

In Pakistan, Facebook has been criticized for blocking pages of a Pakistani rock band and several political groups, primarily left-wing. Across the continent in Europe, Google is suffering from a popularity dip.

The National Council for Peace and Order, the military government in Thailand, has taken over not only the government,but also controls the media. The military cancelled its meetings with Google and Facebook. Thai protesters staged a quiet dissent. The Asian Human Rights Commission condemned the coup. For an excellent take on the coup and its dangers, please redirect here. For a round-up of editorials and op-eds on the coup, redirect here.

China has cracked down on Google, affecting Gmail, Translate and Calendar. It is speculated that the move is connected to the 25^th anniversary of the Tiananmen Square protests and government reprisal. At the same time, a Tibetan filmmaker who was jailed for six years for his film, Leaving Fear Behind, has been released by Chinese authorities. Leaving Fear Behind features a series of interviews with Tibetans of the Qinghai province in the run-up to the controversial Beijing Olympics in 2008.

Japan looks set to criminalize possession of child pornography. According to reports, the proposed law does not extend to comics or animations or digital simulations.

Egypt’s police is looking to build a social media monitoring system to track expressions of dissent, including “profanity, immorality, insults and calls for strikes and protests”.

Human rights activists asked Facebook to deny its services to the election campaign of Syrian President Bashar al-Assad, ahead of elections on June 3.

Call for inputs:

The Law Commission of India seeks comments from stakeholders and citizens on media law. The consultation paper may be found here. The final date for submission is June 19, 2014.

____________________________________________________________________________________________________________

For feedback and comments, Geetha Hariharan is available by email at [email protected] or on Twitter, where her handle is @covertlight.

On May 31, the Times of India reported some observations of a two-judge bench of the Supreme Court on its contempt powers. The Court noted that the power to punish for contempt was necessary to “secure public respect and confidence in the judicial process”, and also went on to add – rather absurdly – to lay down the requirements, in terms of timing, tone and tenor, of a truly “contrite” apology. This opinion, however, provides us with a good opportunity to examine one of the most under-theorised aspects of Indian free speech law: the contempt power.

Indeed, the contempt power finds express mention in the Constitution. Article 19(2) permits the government to impose reasonable restrictions upon the freedom of speech and expression “… in relation to contempt of court.” The legislation governing contempt powers is the 1971 Contempt of Courts Act. Contempt as a civil offence involves willful disobedience of a court order. Contempt as a criminal offence, on the other hand, involves either an act or expression (spoken, written or otherwise visible) that does one of three things: scandalises, or tends to scandalize, or lowers, or tends to lower, the authority of any court; prejudices or interferes (or tends to interfere) with judicial proceedings; or otherwise obstructs, or tends to obstruct, the administration of justice. As we can see, contempt can – broadly – take two forms: first, obstructing the proceedings of the Court by acts such as disobeying an order, holding up a hearing through absence or physical/verbal disturbance etc. This is straightforward enough. More problematically, however, contempt also covers instances of what we may call “pure speech”: words or other forms of expression about the Court that are punished for no other reason but their content. In particular, “scandalising the Court” seems to be particularly vague and formless in its scope and ambit.

“Scandalising the court” is a common law term. The locus classicus is the 1900 case of R v. Gray, which – in language that the Contempt of Courts Act has largely adopted – defined it as “any act done or writing published calculated to bring a Court or a judge of the Court into contempt, or to lower his authority.” The basic idea is that if abusive invective against the Court is permitted, then people will lose respect for the judiciary, and justice will be compromised.

It is obvious that this argument is flawed in many respects, and we shall analyse the Supreme Court’s problematic understanding of its contempt powers in the next post. First, however, it is instructive to examine the fate of contempt powers in the United States – which, like India, constitutionally guarantees the freedom of speech – and in England, whose model India has consciously followed.

America’s highly speech-protective Courts have taken a dim view of contempt powers. Three cases stand out. Bridges v. California involved a contempt of court accusation against a labour leader for calling a Court decision “outrageous”, and threatening a strike if it was upheld. Reversing his prior conviction, the Supreme Court noted that “public interest is much more likely to be kindled by a controversial event of the day than by a generalization, however penetrating, of the historian or scientist.” Given the strong public interest, the burden of justifying restrictions upon this speech was particularly high. The Court identified two possible justifications: respect for the judiciary, and the orderly administration of justice. On the first, it observed that “an enforced silence, however limited, solely in the name of preserving the dignity of the bench would probably engender resentment, suspicion, and contempt much more than it would enhance respect.” On the second, it held that since striking itself was entirely legal, it was no argument that the threat of a strike would illegally intimidate a judge and subvert the course of justice. Throughout the case, the Court stressed that unfettered speech on matters of public interest was of paramount value, and could only be curtailed if there was a “clear and present danger” that the substantially evil consequences would result out of allowing it.

Similarly, in Garrison v. Lousiana, an attorney accused certain judges of inefficiency and laziness. Reversing his conviction, the Supreme Court took note of “the paramount public interest in a free flow of information to the people concerning public officials, their servants…. few personal attributes are more germane to fitness for office than dishonesty, malfeasance, or improper motivation, even though these characteristics may also affect the official's private character.” Consequently, it held that only those statements could be punished that the author either knew were false, or were made with reckless disregard for the truth. And lastly, in Landmark Communications v. Virginia, the Court held that “the operations of the courts and the judicial conduct of judges are matters of utmost public concern”, and endorsed Justice Frankfurter’s prior statement, that “speech cannot be punished when the purpose is simply "to protect the court as a mystical entity or the judges as individuals or as anointed priests set apart from the community and spared the criticism to which in a democracy other public servants are exposed.”

What stands out here is the American Courts’ rejection of the ideas that preserving the authority of judges by suppressing certain forms of speech is an end in itself, and that the Courts must be insulated to some greater degree than other officials of government. Consequently, it must be shown that the impugned expression presents a clear and present danger to the administration of justice, before it can be punished.

Now to England. The last successful prosecution of the offence was in 1931. In 2012, the Law Commission published a paper on contempt powers, in which it expressly recommended abolishing the offence of “scandalising the Court”; its recommendations were accepted, and the offence was abolished in 2013. Admittedly, the offence remains on the statute books in many commonwealth nations, although two months ago – in April 2014 – the Privy Council gave it a highly circumscribed interpretation while adjudicating a case on appeal from Mauritius: there must, it held, be a “real risk of undermining public confidence in the administration of justice” (something akin to clear and present danger?), and the Prosecution must demonstrate that the accused either intended to do so, or acted in reckless disregard of whether or not he was doing so.

What is particularly interesting is the Law Commission’s reasoning in its recommendations. Tracing the history of the offence back to 18^th century England, it noted that the original justification was to maintain a “haze of glory” around the Courts, and it was crucial that the Courts not only be universally impartial, but also perceived to be so. Consequently, the Law Commission observed that “this language suggests that “to be impartial” and “to be universally thought so” are two independent requirements, implying that the purpose of the offence is not confined to preventing the public from getting the wrong idea about the judges, and that where there are shortcomings, it is equally important to prevent the public from getting the right idea.” Obviously, this was highly problematic.

The Law Commission also noted the adverse impact of the law on free speech: the well-known chilling effect, whereby people would self-censor even justified criticism. This was exacerbated by the vagueness of the offence, which left unclear the intent requirement, and the status of defences based on truth and public interest. The Law Commission was concerned, as well, about the inherently self-serving nature of the offence, which give judges the power to sit in judgment over speech and expression that was directly critical of them. Lastly, the Law Commission noted that the basic point of contempt powers was similar to that of seditious libel: to ensure the good reputation of the State (or, in the case of scandalising, the judges) by controlling what could be said about them. With the abolition of seditious libel, the raison d’être of scandalising the Court was also – now – weakened.

We see, therefore, that the United States has rejected sweeping contempt powers as unconstitutional. England, which created the offence that India incorporated into its law, stopped prosecuting people for it in 1931, and formally abolished it last year. And even when its hands have been bound by the law that it is bound the enforce, the Privy Council has interpreted the offence in as narrow a manner as possible, in order to remain solicitous of free speech concerns. Unfortunately, as we shall see in the next essay, all these developments have utterly passed our Courts by.

---

Gautam Bhatia — @gautambhatia88 on Twitter — is a graduate of the National Law School of India University (2011), and presently an LLM student at the Yale Law School. He blogs about the Indian Constitution at http://indconlawphil.wordpress.com. Here at CIS, he blogs on issues of online freedom of speech and expression.

Further, quasi-judicial bodies do not have the same procedural restrictions as proper courts, which makes the adjudication of disputes easier. The Information Technology Act of India, which regulates several important aspects of electronic information, including the regulation of private electronic transactions as well as detailing civil and criminal offences relating to computers and electronic information, contemplates a specialised dispute resolution mechanism for disputes relating to the offences detailed under the Act. The Act provides for the establishment of quasi-judicial bodies, namely adjudicating officers under S.46, to hear disputes arising out of Chapter IX of the Act, namely, offences of a civil nature under S.43, 43A, 44 and 45 of the Act, as well as criminal offences described under Chapter XI of the Act. The adjudicating officer has the power to both award compensation as damages in a civil remedy, as well as impose penalties for the contravention of the Act,[1] and therefore has powers of both civil and criminal courts. The first appellate body provided in the Act, i.e. the authority that any party not satisfied by the decision of the adjudicating officer can appeal to, is the Cyber Appellate Tribunal, consisting of a Chairperson and any other members so prescribed by the Central Government.[2] The second appeal, if a party is aggrieved by the decision of the Cyber Appellate Tribunal, may be filed before the High Court having jurisdiction, within 60 days from the date of communication of the order.[3]

Functioning of the Offices of the State Adjudicating Officers and the Cyber Appellate Tribunal

The office of the adjudicating officer is established under S.46 of the IT Act, which provides that the person appointed to such a post must be a government officer of a rank not below that of a Director or an equivalent rank, and must have experience both in the field of Information Technology as well as legal or judicial experience.[4] In most cases, the appointed adjudicating officer is the Principle Secretary to the Department of Information Technology in the state.[5] The decisions of these adjudicating officers determine the scope and meaning of several provisions of the IT Act, and are instrumental in the development of the law in this field and filling a lacuna regarding the interpretation of these important provisions, particularly in areas such as data protection and privacy.[6] However, despite the large number of cyber-crime cases being registered across the country,[7] there is a lack of available judgements on the adjudication of disputes under Sections 43, 43A, 44 and 45 of the Act. Of all the states, only the websites of the Departments of Information Technology in Maharashtra,[8], Tamil Nadu[9], New Delhi[10], and Haryana[11] have reported judgements or orders of the Adjudicating Officers.  The adjudicating officer in Maharasthra, Rajesh Aggarwal, has done a particularly commendable job, having disposed of 51 cases under the IT Act, with 20 cases still pending.

The first Cyber Appellate Tribunal set up by the Central Government is located at New Delhi. Although a second branch of the Tribunal was to be set up in Bangalore, no efforts seem to have been made in this regard.[12] Further, the position of the Chairperson of the Appellate Tribunal, has been left vacant since 2011, after the appointed Chairperson attained the age of superannuation and retired. Although judicial and technical members have been appointed at various points, the tribunal cannot hold hearings without a chairperson. A total of 17 judgements have been passed by the Cyber Appellate Tribunal prior to the retirement of the chairperson, while the backlog of cases is continuously growing.[13] Despite a writ petition being filed before the Karnataka High Court and the secretary of the Department of IT coming on record to state that the Chairperson would be appointed within 6 months (of September 2013), no action seems to have been taken in this regard, and the lacunae in the judicial mechanism under the IT Act continues. The proper functioning of adjudicating officers and the Cyber Appellate Tribunal is particularly necessary for the functioning of a just judicial system in light of the provisions of the Act (namely, Section 61) which bar the jurisdiction of ordinary civil courts in claims below the amount of Rs. 5 Crores, where the adjudicating officer or the CAT is empowered.[14]

Analysis of Cases Filed under Section 43A

Section 43A of the Information Technology Act was inserted by the 2008 Amendment, and is the principle provision governing protection of information held by intermediaries under the Act. Section 43A provides that “body corporates” handling “sensitive personal data” must implement reasonable security practices for the protection of this information. If it is negligent in providing or maintaining such reasonable security practices, the body corporate is to be held liable and must pay compensation for the loss occurred.[15] Rule 3 of the Draft Reasonable Security Practices Rules, defines sensitive personal data as including – passwords, user details as provided at the time of registration or thereafter, information related to financial information such as Bank account/ credit card /debit card /other payment instrument details of the users, physiological and mental health conditions, medical records and history, biometric information, information received by body corporate for processing, stored or processed under lawful contract or otherwise and call data records.[16]

All the decisions of appointed adjudicators are available for an analysis of Section 43A are from the adjudicating officer in Maharashtra, Mr. Rajesh Tandon, who despite having no judicial experience, has very cogent analysis and knowledge of legal issues involved in the cases, which is commendable for a quasi-judicial officer.

One class of cases, constituting a major chunk of the claims, is where the complainant is claiming against a bank for the fraudulent transfer of funds from the claimants account to another account. In most of these cases, the adjudicating officer examined the compliance of the bank with “Know Your Customer” norms and guidelines framed by the Reserve Bank of India for prevention of banking fraud and, where such compliance was found to be lacking and information which allowed the bank accounts of the complainant was allowed to be accessed by fraudsters, the presumption is that the bank was negligent in the handling of “sensitive personal information”,[17] by failing to provide for reasonable security practices and consequently was liable for compensation under S.43A, notwithstanding that the complainant also contributed to compromising certain personal information by responding to phishing mails,[18] or divulging information to other third parties.[19] These instances clearly fall within the scope of Section 43A, which protects “information related to financial information such as Bank account/ credit card /debit card /other payment instrument details of the users” as sensitive personal data from negligent handling by body corporates. The decisions of the adjudicating officer must be applauded for placing a higher duty of care on banks to protect informational privacy of its customers, given that they are in a position where they ought to be well equipped to deal with intimate financial information and holding them accountable for lack of proper mechanisms to counter bank fraud using stolen information, which reflects in the compensation which the banks have been liable to pay, not only as indemnification for losses, but also punitive damages.[20]

In Nirmalkumar Bhagerwal v IDBI Bank and Meenal Bhagerwal, the sensitive financial information of the complainant, namely, the bank statement, had been accessed by the complainants wife. In holding the bank to be liable for divulging the same, and that access to personal information by a spouse is also covered under S.43A, the officer seems to have imputed the loss of privacy on account of such negligence as ‘wrongful loss’ which deserves compensation. One anomalous decision of the officer was where the operator of an ATM was held liable for fraudulent credit card transactions in that Machine, due to “reasonable security practices” such as security personnel or CCTV footage, and therefore causing the loss of “sensitive personal data”. However, it is difficult to see how ATM operators can be held liable for failing to protect sensitive information from being divulged, when the case is simply of a person fraudulently using a credit card.

Another class of cases, generally linked with the above cases, is complaints against cell phone providers for divulging information through falsely procured Sim Cards. In such instances, the officer has held that by negligently allowing the issuance of duplicate sim cards, the phone company has led to the access of sensitive personal data and thus caused wrongful loss to the complainant. This interpretation of Section 43A is somewhat confusing. The officer seems to have interpreted the provisions of Section 43A to include carriers of the information which was originally sent through the computer resource of the banking companies. In this way, they are imputed the status of “handlers” of sensitive personal information, and their communications infrastructure through which the information is sent is the “computer resource” which it operates for the purpose of the Act. Therefore, through their negligence, they are abetting the offence under 43A.[21]

For example, in the case of Sanjay Govind Dhandhe v ICICI and Vodafone, the officer remarked that –“A SIM card is a veritable key to person’s sensitive financial and personal information. Realizing this, there are clear guidelines issued by the DOT regarding the issuance of SIM cards. The IT Act also intends to ensure that electronic personal and sensitive data is kept secured and reasonable measures are used to maintain its confidentiality and integrity. It is extremely crucial that Telecom companies actively follow strict security procedures while issuing SIM cards, especially in wake of the fact that mobiles are being increasingly used to undertake financial transactions. In many a case brought before me, financial frauds have been committed by fraudsters using the registered mobile numbers of the banks’ account holders.” Therefore, intermediaries such as telecom companies, which peripherally handle the data, are also liable under the same standards for ensuring its privacy. The adjudicating officer has also held telephone companies liable for itemized phone bills as Call Data Records negligently divulged by them, which again clearly falls under the scope of the Reasonable Security Practices Rules.[22]

Note:

"Credentek v Insolutions (http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_Credentek_Vs_Insolutions-28012014.pdf) . This case holds that banks and the National Payments Corporation of India were liable under S. 43A for divulging information relating to transactions by their customers to a software company which provides services to these banks using the data, without first making them sign non-disclosure agreements. The NCPI was fined a nominal amount of Rs. 10,000."

---

[1]. Section 46, Information Technology Act, 2000.

[2]. Section 48 and 49 of the Information Technology Act, 2000 (Amended as of 2008).

[3]. Section 62, IT Act. However, The High Court may extend this period if there was sufficient cause for the delay.

[4]. S. 46(3), Information Technology Act, “No person shall be appointed as an adjudicating officer unless he possesses such experience in the field of Information Technology and Legal or Judicial experience as may be prescribed by the Central Government.”

[5]. From whatever data is available, the adjudicating officers in the states of Maharashtra, New Delhi, Haryana, Tamil Nadu and Karnataka are all secretaries to the respective state departments relating to IT.

[6]. See http://cis-india.org/internet-governance/blog/analysis-of-cases-filed-under-sec-48-it-act-for-adjudication-maharashtra; Also see the decision of the Karnataka adjudicating officer which held that body corporates are not persons under S.43 of the IT Act, and thus cannot be liable for compensation or even criminal action for offences under that Section, available at http://www.naavi.org/cl_editorial_13/adjudication_gpl_mnv.pdf.

[7]. Maharashtra Leads in War Against Cyber Crime, The Times of India, available at http://timesofindia.indiatimes.com/city/mumbai/Maharashtra-leads-in-war-against-cyber-crime/articleshow/30579310.cms. (18^th February, 2014).

[8]. https://it.maharashtra.gov.in/1089/IT-Act-Judgements

[9]. http://www.tn.gov.in/documents/atoz/J

[10]. http://www.delhi.gov.in/wps/wcm/connect/DoIT_IT/doit_it/it+home/orders+of+adjudicating+officer

[11]. http://haryanait.gov.in/cyber.htm

[12]. Bangalore Likely to host southern chapter of Cyber Appellate Tribunal, The Hinduk http://www.thehindu.com/news/national/karnataka/bangalore-is-likely-to-host-southern-chapter-of-cyber-appellate-tribunal/article3381091.ece (2^nd May, 2013).

[13]. http://catindia.gov.in/Judgement.aspx

[14]. Section 61 of the IT Act – ‘No court shall have jurisdiction to entertain any suit or proceeding in respect of any matter which an adjudicating officer appointed under this Act or the Cyber Appellate Tribunal constituted under this Act is empowered by or under this Act to determine and no injunction shall be granted by any court or other authority in respect of any action taken or to be taken in pursuance of any power conferred by or under this Act. Provided that the court may exercise jurisdiction in cases where the claim for injury or damage suffered by any person exceeds the maximum amount which can be awarded under this Chapter.’

[15]. Section 43A, Information Technology Act, 2000 – ‘Compensation for failure to protect data (Inserted vide ITAA 2006) Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, to the person so affected. (Change vide ITAA 2008)

Explanation: For the purposes of this section (i) "body corporate" means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities (ii) "reasonable security practices and procedures" means security practices and procedures designed to protect such information from unauthorized access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in the absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit. (iii) "sensitive personal data or information" means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.

[16]. Draft Reasonable Security Practices Rules under Section 43A of the IT Act, available at http://www.huntonfiles.com/files/webupload/PrivacyLaw_Reasonable_Security_Practices_Sensitive_Personal_Information.pdf.

[17]. Ravindra Gunale v Bank of Maharashtra, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_RavindraGunale_Vs_BoM&Vodafone_20022013.PDF. Ram Techno Pack v State Bank of India, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_RamTechno_Vs_SBI-22022013.pdf.

Srinivas Signs v IDBI, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_SreenivasSigns_Vs_IDBI-18022014.PDF.

Raju Dada Raut v ICICI Bank, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_RajuDadaRaut_Vs_ICICIBank-13022013.pdf

Pravin Parkhi v SBI Cards, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_PravinParkhi_Vs_SBICardsPayment-30122013.PDF.

[18]. Sourabh Jain v ICICI, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_SourabhJain_Vs_ICICI&Idea-22022013.PDF.

[19]. Poona Automobiles v Punjab National Bank, https://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_PoonaAuto_Vs_PNB-22022013.PDF

[20]. Amit Patwardhan v Bank of Baroda, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudicaton_AmitPatwardhan_Vs_BankOfBaroda-30122013.PDF.

[21]. Ravindra Gunale v Bank of Maharashtra, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_RavindraGunale_Vs_BoM&Vodafone_20022013; Raju Dada Raut v ICICI Bank, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_RajuDadaRaut_Vs_ICICIBank-13022013.pdf.

[22]. Rohit Maheshwari v Vodafone, http://it.maharashtra.gov.in/Site/Upload/ACT/DIT_Adjudication_RohitMaheshwari_Vs_Vodafone&ors-04022014.PDF.

Introduction:

On March 14, 2014, the US National Telecommunications and Information Administration announced its intent to transition key Internet domain name functions to the global multi-stakeholder Internet governance community. ICANN was tasked with the development of a proposal for transition of IANA stewardship, for which ICANN subsequently called for public comments. At NETmundial, ICANN President and CEO Fadi Chehadé acknowledged that the IANA stewardship transition and improved ICANN accountability were inter-related issues, and announced the impending launch of a process to strengthen and enhance ICANN accountability in the absence of US government oversight. The subsequent call for public comments on “Enhancing ICANN Accountability” may be found here.

Suggestions for improved accountability:

In the event, Centre for Internet and Society (“CIS”) wishes to limit its suggestions for improved ICANN accountability to matters of reactive or responsive transparency on the part of ICANN to the global multi-stakeholder community. We propose the creation and implementation of a robust “freedom or right to information” process from ICANN, accompanied by an independent review mechanism.

Article III of ICANN Bye-laws note that “ICANN and its constituent bodies shall operate to the maximum extent feasible in an open and transparent manner and consistent with procedures designed to ensure fairness”. As part of this, Article III(2) note that ICANN shall make publicly available information on, inter alia, ICANN’s budget, annual audit, financial contributors and the amount of their contributions, as well as information on accountability mechanisms and the outcome of specific requests and complaints regarding the same. Such accountability mechanisms include reconsideration (Article IV(2)), independent review of Board actions (Article IV(3)), periodic reviews (Article IV(4)) and the Ombudsman (Article V).

Further, ICANN’s Documentary Information Disclosure Policy (“DIDP”) sets forth a process by which members of the public may request information “not already publicly available”. ICANN may respond (either affirmatively or in denial) to such requests within 30 days. Appeals to denials under the DIDP are available under the reconsideration or independent review procedures, to the extent applicable.

While ICANN has historically been prompt in its response to DIDP Requests, CIS is of the view that absent the commitments in the AoC following IANA stewardship transition, it would be desirable to amend and strengthen Response and Appeal procedures for DIDP and other, broader disclosures. Our concerns stem from the fact that, first, the substantive scope of appeal under the DIDP, on the basis of documents requested, is unclear (say, contracts or financial documents regarding payments to Registries or Registrars, or a detailed, granular break-up of ICANN’s revenue and expenditures); and second, that grievances with decisions of the Board Governance Committee or the Independent Review Panel cannot be appealed.

Therefore, CIS proposes a mechanism based on “right to information” best practices, which results in transparent and accountable governance at governmental levels.

First, we propose that designated members of ICANN staff shoulder responsibility to respond to information requests. The identity of such members (information officers, say) ought to be made public, including in the response document.

Second, an independent, third party body should be constituted to sit in appeal over information officers’ decisions to provide or decline to provide information. Such body may be composed of nominated members from the global multi-stakeholder community, with adequate stakeholder-, regional- and gender-representation. However, such members should not have held prior positions in ICANN or its related organizations. During the appointed term of the body, the terms and conditions of service ought to remain beyond the purview of ICANN, similar to globally accepted principles of an independent judiciary. For instance, the Constitution of India forbids any disadvantageous alteration of privileges and allowances of judges of the Supreme Court and High Courts during tenure.

Third, and importantly, punitive measures ought to follow unreasonable, unexplained or illegitimate denials of requests by ICANN information officers. In order to ensure compliance, penalties should be made continuing (a certain prescribed fine for each day of information-denial) on concerned officers. Such punitive measures are accepted, for instance, in Section 20 of India’s Right to Information Act, 2005, where the review body may impose continuing penalties on any defaulting officer.

Finally, exceptions to disclosure should be finite and time-bound. Any and all information exempted from disclosure should be clearly set out (and not merely as categories of exempted information). Further, all exempted information should be made public after a prescribed period of time (say, 1 year), after which any member of the public may request for the same if it continues to be unavailable.

CIS hopes that ICANN shall deliver on its promise to ensure and enhance its accountability and transparency to the global multi-stakeholder community. To that end, we hope our suggestions may be positively considered.

Comment repository:

All comments received by ICANN during the comment period (May 6, 2014 to June 6, 2014) may be found at this link.

Towards the end of the last post, we saw how the Law Commission traced the genealogy of the “scandalising the Court” offence, inasmuch as it sought to protect the “standing of the judiciary”, to that of seditious libel. The basic idea is the same: if people are allowed to criticise state institutions in derogatory terms, then they can influence their fellow-citizens who, in turn, will lose respect for those institutions. Consequently, the authority of those institutions will be diminished, and they will be unable to effectively perform their functions. Hence, we prevent that eventuality by prohibiting certain forms of speech when it concerns the functioning of the government (seditious libel) or the Courts (scandalising the Court). This, of course, often ties the judges into knots, in determining the exact boundary between strident – but legitimate – criticism, and sedition/scandalising the Court.

Seditious libel, of course, went out in the United States with the repeal of the Sedition Act in 1800, and was abolished in the England in 2009. Notoriously, it still remains on the statute books in India, in the form of S. 124A of the Indian Penal Code. An examination of the Supreme Court’s sedition jurisprudence would, therefore, be apposite. Section 124A makes it an offence to bring or attempt to bring into hatred or contempt, or excite or attempt to excite, disaffection, towards the government. The locus classicus is Kedar Nath Singh v. Union of India. I have analysed the case in detail elsewhere, but briefly, Kedar Nath Singh limited the scope of 124A to incitement to violence, or fostering public disorder, within the clear terms of Article 19(2). In other words, prosecution for sedition, if it was to succeed, would have to satisfy the Court’s public order jurisprudence under Article 19(2). The public order test itself – as we discussed previously on this blog, in a post about Section 66A – was set out in highly circumscribed terms in Ram Manohar Lohia’s Case, which essentially required a direct and imminent degree of proximity between the speech or expression, and the breach of public order (in that case, the Court refused to sustain the conviction of a speaker who expressly encouraged an audience to break the law). Subsequently, in S. Rangarajan v. P. Jagjivan Ram, the Court noted that the relation ought to be like that of a “spark in a powder keg” – something akin to inciting an enraged mob to immediate violence. Something that the Court has clearly rejected is the argument that it is permissible to criminalise speech and expression simply because its content might lower the authority of the government in the eyes of the public, which, in turn, could foster a disrespect for law and the State, and lead to breaches of public order.

Unfortunately, however, when it comes to contempt and scandalising, the Court has adopted exactly the chain of reasoning that it has rejected in the public order cases. As early as 1953, in Aswini Kumar Ghose v. Arabinda Bose, the Court observed that “it is obvious that if an impression is created in the minds of the public that the Judges in the highest Court in the land act on extraneous considerations in deciding cases, the confidence of the whole community in the administration of justice is bound to be undermined and no greater mischief than that can possibly be imagined.”

Subsequently, in D.C. Saxena v. CJI, the Court held that “Any criticism about judicial system or the judges which hampers the administration of justice or which erodes the faith in the objective approach of the judges and brings administration of justice to ridicule must be prevented. The contempt of court proceedings arise out of that attempt. Judgments can be criticised. Motives to the judges need not be attributed. It brings the administration of justice into disrepute. Faith in the administration of justice is one of the pillars on which democratic institution functions and sustains.” Notice the chain of causation the Court is working with here: it holds faith in the administration of justice as a necessary pre-requisite to the administration of justice, and prohibits criticism that would cause other people to lose their faith in the judiciary. This is exactly akin to a situation in which I make an argument advocating Marxist theory, and I am punished because some people, on reading my article, might start to hold the government in contempt, and attempt to overthrow it by violent means. Not only is it absurd, it is also entirely disrespectful of individual autonomy: it is based on the assumption that the person legally and morally responsibly for a criminal act is not the actor, but the person who convinced the actor through words and arguments, to break the law – as though individuals are incapable of weighing up competing arguments and coming to decisions of their own accord. Later on, in the same case, the Court holds that scandalising includes “all acts which bring the court into disrepute or disrespect or which offend its dignity or its majesty or challenge its authority.” As we have seen before, however, disrepute or disrespect of an institution cannot in itself be a ground for punishment, unless there is something more. That something more is actual disruption of justice, which is presumably caused by people who have lost their confidence in the judiciary, but in eliding disrepute/disrespect with obstruction of justice, the Court entirely fails to consider the individual agency involved in crossing that bridge, the agency that is not that of the original speaker. This is why, again, in its sedition cases, the Court has gone out of its way to actually require a proximate relation between “disaffection” and public order breaches, in order to save the section from unconstitutionality. Its contempt jurisprudence, on the other hand, shows no such regard. It is perhaps telling that the Court, one paragraph on, adopts the “blaze of glory” formulation that was used in an 18^th century, pre-democratic English case.

Indeed, the Court draws an express analogy with sedition, holding that “malicious or slanderous publication inculcates in the mind of the people a general disaffection and dissatisfaction on the judicial determination and indisposes in their mind to obey them.” Even worse, it then takes away even the basic protection of mens rea, holding that all that matters is the effect of the impugned words, regardless of the intention/recklessness with which they were uttered. The absence of mens rea, along with the absence of any meaningful proximity requirement, makes for a very dangerous cocktail – an offence that can cover virtually any activity that the Court believes has a “tendency” to certain outcomes: “Therefore, a tendency to scandalise the court or tendency to lower the authority of the court or tendency to interfere with or tendency to obstruct the administration of justice in any manner or tendency to challenge the authority or majesty of justice, would be a criminal contempt. The offending act apart, any tendency if it may lead to or tends to lower the authority of the court is a criminal contempt. Any conduct of the contemnor which has the tendency or produces a tendency to bring the judge or court into contempt or tends to lower the authority of the court would also be contempt of the court.”

The assumption implicit in these judgments – that the people need to be protected from certain forms of speech, because they are incompetent at making up their own minds, in a reasonable manner, about it – was made express in Arundhati Roy’s Case, in 2002. After making observations about how confidence in the Courts could not be allowed to be “tarnished” at any cost, the Court noted that “the respondent has tried to cast an injury to the public by creating an impression in the mind of the people of this backward country regarding the integrity, ability and fairness of the institution of judiciary”, observed that the purpose of the offence was to protect the (presumably backward) public by maintaining its confidence in the judiciary, which had been enacted keeping in mind “the ground realities and prevalent socio-economic system in India, the vast majority of whose people are poor, ignorant, uneducated, easily liable to be misled. But who acknowledly (sic) have the tremendous faith in the dispensers of Justice.” So easy, indeed, to mislead, that there was no need for any evidence to demonstrate it: “the well-known proposition of law is that it punishes the archer as soon as the arrow is shot no matter if it misses to hit the target. The respondent is proved to have shot the arrow, intended to damage the institution of the judiciary and thereby weaken the faith of the public in general and if such an attempt is not prevented, disastrous consequences are likely to follow resulting in the destruction of rule of law, the expected norm of any civilised society.”

The American legal scholar, Vince Blasi, has outlined a “pathological perspective” of free speech. According to him, heightened protection of speech – even to the extent of protecting worthless speech – is important, because when the government passes laws to regulate speech that is hostile towards it, it will, in all likelihood, over-regulate purely out of self-interest, sometimes even unconsciously so. This is why, if the Courts err, they ought to err on the side of speech-protection, because it is quite likely that the government has over-estimated public order and other threats that stem out of hostile speech towards government itself. The pathological perspective is equally – if not more – applicable in the realm of contempt of Court, because here the Court is given charge of regulating speech hostile towards itself. Keenly aware of the perils of speech suppression that lie in such situations, we have seen that the United States and England have abolished the offence, and the Privy Council has interpreted it extremely narrowly.

The Indian Supreme Court, however, has gone in precisely the opposite direction. It has used the Contempt of Court statute to create a strict-liability criminal offence, with boundlessly manipulable categories, which is both overbroad and vague, entirely inconsistent with the Court’s own free speech jurisprudence, and at odds with free speech in a liberal democracy.

---

Gautam Bhatia — @gautambhatia88 on Twitter — is a graduate of the National Law School of India University (2011), and presently an LLM student at the Yale Law School. He blogs about the Indian Constitution at http://indconlawphil.wordpress.com. Here at CIS, he blogs on issues of online freedom of speech and expression.

Facebook removes content largely on the basis of requests either by the government or by other users. The Help section of Facebook deals with warnings and blocking of content. It says that Facebook only removes content that violates Community Guidelines and not everything that has been reported.

I conducted an experiment to primarily look at Facebook’s process of content removal and also to analyse what kind of content they actually remove.

1. I put up a status which contained personal information of a person on my Friend List (the information was false). I then asked several people (including the person about whom the status was made) to report the status — that of  being harassed  or for violation of  privacy rights. Seven people reported the status. Within half an hour of the reports being made, I received the following notification:
   "Someone reported your post for containing harassment and 1 other reason."
   
   The notification also contained the option to delete my post and said that Facebook would look into whether it violated their Community Guidelines.
   
   A day later, all those who had reported the status received notifications stating the following:
   
   "We reviewed the post you reported for harassment and found it doesn't violate our Community Standards."
   
   I received a similar notification as well.
2. I, along with around thirteen others, reported a Facebook page which contained pictures of my friend and a few other women with lewd captions in various regional languages. We reported the group for harassment and bullying and also for humiliating someone we knew. The report was made on 24 March, 2014. On 30 April, 2014, I received a notification stating the following:
   
   "We reviewed the page you reported for harassment and found it doesn't violate our Community Standards.
   
   Note: If you have an issue with something on the Page, make sure you report the content (e.g. a photo), not the entire Page. That way, your report will be more accurately reviewed."
   
   I then reported each picture on the page for harassment and received a series of notifications on 5 May, 2014 which stated the following:
   
   "We reviewed the photo you reported for harassment and found it doesn't violate our Community Standards."

These incidents are in stark contrast with repeated attempts by Facebook to remove content which it finds objectionable. In 2013, a homosexual man’s picture protesting against the Supreme Court judgment in December was taken down. In 2012, Facebook removed artwork by a French artist which featured a nude woman.  In the same year, Facebook removed photographs of a child who was born with defect and banned the mother from accessing Facebook completely. Facebook also removed a picture of a breast cancer survivor who posted a picture of a tattoo that she had following her mastectomy. Following this, however, Facebook issued an apology and stated that mastectomy photographs are not in violation of their Content Guidelines. Even in the sphere of political discourse and dissent, Facebook has cowered under government pressure and removed pages and content, as evidenced by the ban on the progressive Pakistani band Laal’s Facebook page and other anti-Taliban pages. Following much social media outrage, Facebook soon revoked this ban. These are just a few examples of how harmless content has been taken down by Facebook, in a biased exercise of its powers.

After incidents of content removal have been made public through news reports and complaints, Facebook often apologises for removing content and issues statements that the removal was an “error.” In some cases, they edit their policies to address specific kinds of content after a takedown (like the reversal of the breastfeeding ban).

On the other hand, however, Facebook is notorious for refusing to take down content that is actually objectionable, partially evidenced by my own experiences listed above. There have been complaints about Facebook’s refusal to remove misogynistic content which glorifies rape and domestic violence through a series of violent images and jokes. One such page was removed finally, not because of the content but because the administrators had used fake profiles. When asked, a spokesperson said that censorship “was not the solution to bad online behaviour or offensive beliefs.” While this may be true, the question that needs answering is why Facebook decides to draw these lines only when it comes to certain kinds of ‘objectionable’ content and not others.

All of these examples represent a certain kind of arbitrariness on the part of Facebook’s censorship policies. It seems that Facebook is far more concerned with removing content that will cause supposed public or governmental outrage or defy some internal morality code, rather than protecting the rights of those who may be harmed due to such content, as their Statement of Policies so clearly spells out.

There are many aspects of the review and takedown process that are hazy, like who exactly reviews the content that is reported and what standards they are made to employ. In 2012, it was revealed that Facebook outsourced its content reviews to oDesk and provided the reviewers with a 17-page manual which listed what kind of content was appropriate and what was not. A bare reading of the leaked document gives one a sense of Facebook’s aversion to sex and nudity and its neglect of other harm-inducing content like harassment through misuse of content that is posted and what is categorised as hate speech.

In the process of monitoring the acceptability of content, Facebook takes upon itself the role of a private censor with absolutely no accountability or transparency in its working. A Reporting Guide was published to increase transparency in its content review procedures. The Guide reveals that Facebook provides for an option where the reportee can appeal the decision to remove content in “some cases.” However, the lack of clarity on what these cases are or what the appeal process is frustrates the existence of this provision as it can be misused. Additionally, Facebook reserves the right to remove content with or without notice depending upon the severity of the violation. There is no mention of how severe is severe enough to warrant uninformed content removal. In most of the above cases, the user was not notified that their content was found offensive and would be liable for takedown. Although Facebook publishes a transparency report, it only contains a record of takedowns following government requests and not those by private users of Facebook. The unbridled nature of the power that Facebook has over our personal content, despite clearly stating that all content posted is the user’s alone, threatens the freedom of expression on the site. A proper implementation of the policies that Facebook claims to employ is required along with a systematic record of the procedure that is used to remove content that is in consonance with natural justice.

Karnataka:

A Hindu rightwing group demanded the arrest of a prominent activist, who during a speech on the much-debated Anti-superstition Bill, made comments that are allegedly blasphemous.

Kerala:

On June 10, the principal and six students of Government Polytechnic at Kunnamkulam, Thrissur, were arrested for publishing a photograph of Prime Minister Narendra Modi alongside photographs of Hitler, Osana bin Laden and Ajmal Kasab, under the rubric ‘negative faces’. An FIR was registered against them for various offences under the Indian Penal Code including defamation (Section 500), printing or engraving matter known to be defamatory (Section 501), intentional insult with intent to provoke breach of peace (Section 504), and concealing design to commit offence (Section 120) read with Section 34 (acts done by several persons in furtherance of common intention). The principal was later released on bail.

In a similarly unsettling incident, on June 14, 2014, a case was registered against the principal and 11 students of Sree Krishna College, Guruvayur, for using “objectionable and unsavoury” language in a crossword in relation to PM Narendra Modi, Rahul Gandhi, Shashi Tharoor, etc. Those arrested were later released on bail.

Maharashtra:

Facebook posts involving objectionable images of Dr. B.R. Ambedkar led to arson and vandalism in Pune. Police have sought details of the originating IP address from Facebook.

A Pune-based entrepreneur has set up a Facebook group to block ‘offensive’ posts against religious leaders. The Social Peace Force will use Facebook’s ‘Report Spam’ option to take-down of ‘offensive’ material.

Deputy Chief Minister Ajit Pawar suggested a ban on social media in India, and retracted his statement post-haste.

Punjab:

A bailable warrant was issued against singer Kailash Kher for failing to appear in court in relation to a case. The singer is alleged to have hurt religious sentiments of the Hindu community in a song, and a case registered under Sections 295A and 298, Indian Penal Code.

Uttar Pradesh:

The presence of a photograph on Facebook, in which an accused in a murder case is found posing with an illegal firearm, resulted in a case being registered against him under the IT Act.

News & Opinion:

Authors, civil society activists and other concerned citizens issued a joint statement questioning Prime Minister Modi’s silence over arrests and attacks on exercise of free speech and dissent. Signatories include Aruna Roy, Romila Thapar, Baba Adhav, Vivan Sundaram, Mrinal Pande, Jean Dreze, Jayati Ghosh, Anand Pathwardhan and Mallika Sarabhai.

In response to Mumbai police’s decision to take action against those who ‘like’ objectionable or offensive content on Facebook, experts say the freedom to ‘like’ or ‘share’ posts or tweets is fundamental to freedom of expression. India’s defamation laws for print and the Internet need harmonization, moreover.

While supporting freedom of expression, Minister for Information and Broadcasting Prakash Javadekar cautioned the press and all users of social media that the press and social media should be used responsibly for unity and peace. The Minister has also spoken out in favour of free publication, in light of recent legal action against academic work and other books.

Infosys, India’s leading IT company, served defamation notices on the Economic Times, the Times of India and the Financial Express, for “loss and reputation and goodwill due to circulation of defamatory articles”. Removal of articles and an unconditional apology were sought, and Infosys claimed damages amounting to Rs. 2000 crore. On a related note, Dr. Ashok Prasad argues that criminal defamation is a violation of freedom of speech.

Drawing on examples from the last 3 years, Ritika Katyal analyses India’s increasing violence and legal action against dissent and hurt sentiment, and concludes that Prime Minister Narendra Modi has both the responsibility and ability to “rein in Hindu hardliners”.

Discretionary powers resting with the police under the vaguely and broadly drafted Section 66A, Information Technology Act, are dangerous and unconstitutional, say experts.

Providing an alternative view, the Hindustan Times comments that the police ought to “pull up their socks” and understand the social media in order to effectively police objectionable and offensive content on the Internet.

Keeping Track:

Indconlawphil’s Free Speech Watch keeps track of violations of freedom of expression in India.

This post is a surface-level overview of national IG bodies, and is intended to inform introductory thoughts on national IG mechanisms.

A Short Introduction

The previous decade has seen a proliferation of regional, sub-regional and national initiatives for Internet governance (IG). Built primarily on the multi-stakeholder model, these initiatives aim at creating dialogue on issues of regional, local or municipal importance. In Asia, Bangladesh has instituted a national IGF, the Bangladesh IGF, with the stated objective of creating a national multi-stakeholder forum that is specialized in Internet governance issues, and to facilitate informed dialogue on IG policy issues among stakeholders. India, too, is currently in the process of instituting such a forum. At this juncture, it is useful to consider the rationale and modalities of national IG bodies.

The Internet has long been considered a sphere of non-governmental, multi-stakeholder, decentralized, bottom-up governance space. The Declaration of Independence of Cyberspace, John Perry Barlow’s defiant articulation of the Internet’s freedom from governmental control, is a classic instance of this. The Internet is a “vast ocean”, we claimed; “no one owns it”.[1] Even today, members of the technical community insist that everyone ought to “let techies do their job”: a plea, if you will, of the complexity of cyber-walls and –borders (or of their lack).

But as Prof. Milton Mueller argues in Ruling the Root, the Internet has always been a contentious resource: battles over its governance (or specifically, the governance of the DNS root, both the root-zone file and the root servers) have leapt from the naïveté of the Declaration of Independence to a private-sector-led, contract-based exploitation of Internet resources. The creation of ICANN was a crucial step in this direction, following arbitrary policy choices by Verizon and entities managing the naming and numbering resources of the Internet.

The mushrooming of parallel tracks of Internet governance is further evidence of the malleability of the space. As of today, various institutions – inter-governmental and multi-stakeholder – extend their claims of governance. ICANN, the World Summit of Information Society, the World Conference on International Telecommunications, the Internet Governance Forum and the Working Group on Enhanced Cooperation under the ECOSOC Committee for Science, Technology and Development are a few prominent tracks. As of today, the WSIS process has absorbed various UN special bodies (the ITU, UNESCO, UNCTAD, UNDP are but a few), with the UNESCO instituting a separate study on Internet-related issues. A proposal for a multilateral Committee on Internet-Related Policies remains stillborn.

Amongst these, the Internet Governance Forum (IGF) remains a strong contender for a truly multi-stakeholder process facilitating dialogue on IG. The IGF was set up following the recommendation of the Working Group of Internet Governance (WGIG), constituted after the Geneva phase of the WSIS.

Rationale: Why Have National IG bodies?

The issue of national multi-stakeholder cooperation/collaboration in IG is not new; it has been alive since the early 2000s. The Tunis Agenda, in paragraph 80, encourages the “development of multi-stakeholder processes at the national, regional and international levels to discuss and collaborate on the expansion and diffusion of the Internet as a means to support development efforts to achieve internationally agreed development goals and objectives, including the Millennium Development Goals” (emphasis supplied).

In its June 2005 Report, the Working Group on Internet Governance (WGIG) emphasizes that “global Internet governance can only be effective if there is coherence with regional, subregional and national-level policies”. Towards this end it recommends that “coordination be established among all stakeholders at the national level and a multi-stakeholder national Internet governance steering committee or similar body be set up” (emphasis supplied). The IGF, whose creation the WGIG recommended, has since been commended for its impact on the proliferation of national IGFs.

The rationale, then, was that multi-stakeholder steering committees at the national level would help to create a cohesive body to coordinate positions on Internet governance. In Reforming Internet Governance, WGIG member Waudo Siganga writes of the Internet Steering Committee of Brazil as a model, highlighting lessons that states (especially developing countries) may learn from CGI.br.

The Brazilian Internet Steering Committee (CGI.br) was set up in 1995 and is responsible, inter alia, for the management of the .br domain, distribution of Internet addresses and administration of metropolitan Internet exchange points. CERT.br ensures network security and extends support to network administrators. Siganga writes that CGI.br is a “well-structured multistakeholder entity, having representation from government and democratically chosen representatives of the business sector, scientific and technological community and an Internet expert”.

Why is CGI.br a model for other states? First, CGI.br exemplifies how countries can structure in an effective manner, a body that is involved in creating awareness about IG issues at the national level. Moreover, the multi-stakeholder nature of CGI.br shows how participation can be harnessed effectively to build capacity across domestic players. This also reflects the multi-stakeholder aspects of Internet governance at the global level, clarifying and implementing the WSIS standards (for instance). Especially in developing countries, where awareness and coordination for Internet governance is lacking at the national level, national IG committees can bridge the gap between awareness and participation. Such awareness can translate into local solutions for local issues, as well as contributing to an informed, cohesive stance at the global level.

Stakeholders: Populating a national IG body

A national IG body – be in steering committee, IGF or other forum – should ideally involve all relevant stakeholders. As noted before, since inception, the Internet has not been subject to exclusive governmental regulation. The World Summit on Information Society recognized this, but negotiations amongst stakeholders resulted in the delegation of roles and responsibilities: the controversial and much-debated paragraph 35 of the Tunis Agenda reads:

1. Policy authority for Internet-related public policy issues is the sovereign right of States. They have rights and responsibilities for international Internet-related public policy issues.
2. The private sector has had, and should continue to have, an important role in the development of the Internet, both in the technical and economic fields.
3. Civil society has also played an important role on Internet matters, especially at community level, and should continue to play such a role.
4. Intergovernmental organizations have had, and should continue to have, a facilitating role in the coordination of Internet-related public policy issues.
5. International organizations have also had and should continue to have an important role in the development of Internet-related technical standards and relevant policies.

This position remains endorsed by the WSIS process; the recent WSIS+10 High Level Event endorsed by acclamation the WSIS+10 Vision for WSIS Beyond 2015, which “respect mandates given by Tunis Agenda and respect for the multi-stakeholder principles”. In addition to government, the private sector and civil society, the technical community is identified as a distinct stakeholder group. Academia has also found a voice, as demonstrated by stakeholder-representation at NETmundial 2014.

A study of the Internet Society (ISOC) on Assessing National Internet Governance Arrangements, authored by David Souter, maps IG stakeholders at the global, regional and national levels. At the global level, primary stakeholders include ICANN (not-for-profit, private sector corporation involved in governance and technical coordination of the DNS), the IETF, IAB and W3C (technical standards), governments and civil society organizations, all of which participate with different levels of involvements at the IGF, ICANN, ITU, etc.

At the national/municipal level, the list of stakeholders is as comprehensive. Governmental stakeholders include: (1) relevant Ministries (in India, these are the Ministry of Information and Broadcasting, and the Ministry of Communications and Information Technology – the Department of Electronics and Information Technology under the MCIT is particularly relevant), and (2) regulators, statutory and independent (the Telecom Regulatory Authority of India, for example). At the national level, these typically seek inputs from other stakeholders while making recommendations to governments, which then enact laws or make policy. In India, for instance, the TRAI conducts consultations prior to making recommendations to the government.

Within the private sector, there may be companies (1) on the supply-side, such as infrastructure networks, telecommunications service companies, Internet Service Providers, search engines, social networks, cybercafés, etc., and (2) on the demand-side, online businesses, advertising/media, financial service providers, etc. who use the Internet. There may also be national registries managing ccTLDs, such as the Registro.br or the National Internet Exchange of India (NIXI). There may also the press and news corporations representing both corporate and public interest under specific circumstances (media ownership and freedom of expression, for distinct examples).

Civil society organisations, including consumer organisations, think-tanks and grassroots organisations, participate at various levels of policy-making in the formal institutional structure, and are crucial in representing users and public interest. The complexity of stakeholders may be seen from Souter’s report, and this enumeration is but a superficial view of the national stakeholder-population.

Processes: Creating effective national IG bodies

National IG bodies – be they steering committees, IGFs, consultative/working groups or other forums – may be limited by formal institutional governmental settings. While limited by the responsibility-gradient in paragraph 35 of the Tunis Agenda, an effective national IG body requires robust multi-stakeholder participation, as Souter notes, in technical governance, infrastructure and public policy issues. Its effectiveness also lies in governmental acquiescence of its expertise and recommendations; in short, in the translation of the IG body’s decisions into policy.

How do these stakeholders interact at the national level? In addition to the Brazilian example (CGI.br), an ISOC study by Souter and Monica Kerretts-Makau, Internet Governance in Kenya: An Assessment, provides a detailed answer. At the technical level, the registry KENIC manages the .ke domain, while the Kenya Computer Incident Response Team Coordination Centre coordinates national responses to incidents and collaborates internationally on cyber-security issues. A specific IPv6 Force to promote Kenya’s transition to IPv6 was also created.

At the infrastructural level, both the government and the private sector play important roles. Directly, ministries and government departments consult with infrastructure providers in creating policy. In India, for instance, the TRAI conducts multi-stakeholder consultations on issues such as telecom tariffs, colocation tariffs for submarine cable stations and mobile towers, etc. The government may also take a lead in creating infrastructure, such as the national optic fibre networks in India and Kenya, as also creating investment opportunities such as liberalizing FDI. At the public policy level, there may exist consultations initiated by government bodies (such as the TRAI or the Law Commission), in which other stakeholders participate.

As one can see, government-initiated consultations by ministries, regulators, law commissions or specially constituted committees. Several countries have also set up national IGFs, which typically involve all major stakeholders in voluntary participation, and form a discussion forum for existing and emerging IG issues. National IGFs have been considered particularly useful to create awareness within the country, and may best address IG issues at the domestic policy level. However, Prof. Mueller writes that what is necessary is a “reliable mechanism reliable mechanisms for consistently feeding the preferences expressed in these forums to actual global policy-making institutions like ICANN, RIRs, WIPO, and WTO which impact distributional outcomes”.

---

[1] M. Mueller, Ruling the Root: Internet Governance and the Taming of Cyberspace 57 (2002).

Domain names and the DNS are used in virtually every aspect of the Internet, and without the DNS, the Internet as we know it, would not exist. The DNS root zone has economic value and  ICANN's contract with Verisign delineates the selling of domain names via only ICANN accredited registrars. By the indirect virtue of its control of the root, ICANN has the power and capacity to influence the decisions of entities involved in the management and operations of the DNS, including registrars.

Too far, too many?

We acknowledge some of the efforts for improvements, in particular with reference to barriers to participation in DNS-related business in regions such as Africa and the Middle East, including the creation of a fellowship program, and increased availability of translated materials. However, despite these efforts, the gaps in the distribution of the DNS registrars and registries across the world has become an issue of heightened concern.

This is particularly true, in light of the distribution of registrars and given that, of the 1124 ICANN-accredited registrars, North America has a total of 765 registrars. US and Canada together, have more than double the number of registrars than the rest of the world taken collectively. To put things further into perspective, of the total number of registrars 725 are from the United States alone, and 7 from the 54 countries of Africa.

A barrier to ICANN's capacity building initiatives has been the lack of trust, given the general view that, ICANN focuses on policies that favour entrenched incumbents from richer countries. Without adequate representation from poorer countries, and adequate representation from the rest of the world's Internet population, there is no hope of changing these policies or establishing trust. The entire region of Latin America and the Caribbean, comprising of a population of 542.4 million internet users[1] in 2012, has only 22 registrars spread across a total of 10 countries. In Europe, covering a population of 518.5 million internet users[2], are 158 registrars and 94 of those are spread across Germany, UK, France, Spain and Netherlands. The figures paint the most dismal picture with respect to South Asia, in particular India, where just 16 registrars cater to the population of internet users that is expected to reach 243 million by June 2014[3].

While we welcome ICANN's research and outreach initiatives with regard to the DNS ecosystem in underserved regions, without the crucial first step of clarifying the metrics that constitute an underserved region, these efforts might not bear their intended impact. ICANN cannot hope to identify strategies towards bridging the gaps that exist in the DNS  ecosystem, without going beyond the current ICANN community, which, while nominally being 'multistakeholder' and open to all, grossly under-represents those parts of the world that aren't North America and Western Europe.

The lack of registries in the developing world is another significant issue that needs to be highlighted and addressed. The top 5 gTLD registries are in the USA and it is important that users and the community feels that the fees being collected are equivalent compensation for the services they provide. As registries operate in captive markets that is allocated by ICANN, we invite ICANN to improve its financial accountability, by enabling its stakeholders to assess the finances collected on these registrations.

Multistakeholderism—community and consensus

As an organization that holds itself a champion of the bottom-up policy development process, and, as a private corporation fulfilling a public interest function, ICANN, is in a unique position to establish new norms of managing common resources. In theory and under ICANN’s extensive governance rules, the board is a legislative body that is only supposed to approve the consensus decisions of the community and the staff wield executive control. However in reality, both board and the staff have been criticised for decisions that are not backed by the community.

The formal negotiations between ICANN and Registrar Stakeholder Group Negotiating Team (Registrar NT) over the new Registrar Accreditation Agreement (RAA), is an example of processes that have a multistakeholder approach but fail on values of deliberation and pluralistic decision making.[4] ICANN staff insisted on including a "proposed Revocation (or "blow up") Clause that would have given them the ability to unilaterally terminate all registrar accreditations" and another proposal seeking to provide ICANN Board ability to unilaterally amend the RAA (identical to proposal inserted in the gTLD registry agreement - a clause met with strong opposition not only from the Registry Stakeholder Group but from the broader ICANN community).

Both proposals undermine the multistakeholder approach of the ICANN governance framework, as they seek more authority for the Board, rather than the community or protections for registrars and more importantly, registrants. The proposed amendments to the RAA were not issues raised by Law Enforcement, GAC or the GNSO but by the ICANN staff and received considerable pushback from the Registrar Stakeholder Group Negotiating Team (Registrar NT). The bottom-up policy making process at ICANN has also been questioned with reference to the ruling on vertical integration between registries and registrars, where the community could not even approach consensus.[5] Concerns have also been raised about the extent of the power granted to special advisory bodies handpicked by the ICANN president, the inadequacy of existing accountability mechanisms for providing a meaningful and external check on Board decisions and the lack of representation of underserved regions on these special bodies. ICANN must evolve its accountability mechanisms, to go beyond the opportunity to provide comments on proposed policy, and extend to a role for stakeholders in decision making, which is presently a privilege reserved for staff rather than bottom-up consensus.

ICANN was created as a consensus based organisation that would enable the Internet, its stakeholders and beneficiaries to move forward in the most streamlined, cohesive manner.[6] Through its management of the DNS, ICANN is undertaking public governance duties, and it is crucial that it upholds the democratic values entrenched in the multistakeholder framework. Bottom up policy making extends beyond passive participation and has an impact on the direction of the policy. Presently, while anyone can comment on policy issues, only a few have a say in which comments are integrated towards outcomes and action. We would like to stress not just improving and introducing checks and balances within the ICANN ecosystem, but also, integrating accountability and transparency practices at all levels of decision making.

Bridging the gap

We welcome the Africa Strategy working group and the public community process that was initiated by ICANN towards building domain name business industry in Africa, and, we are sure there will be lessons that will applicable to many other underserved regions. In the context of this report CIS, wants to examine the existing criteria of the accreditation process. As ICANN's role evolves and its revenues grow across the DNS and the larger Internet landscape, it is important in our view, that ICANN review and evolve it's processes for accreditation and see if they are as relevant today, as they were when launched.

The relationship between ICANN and every accredited registrar is governed by the individual RAA, which set out the obligations of both parties, and, we recommend simplifying and improving them. The RAA language is complex, technical and not relevant to all regions and presently, there are no online forms for the accreditation process. While ICANN's language will be English, the present framing has an American bias—we recommend—creating an online application process and simplifying the language keeping it contextual to the region. It would also be helpful, if ICANN invested in introducing some amount of standardization across forms, this would reduce the barrier of time and effort it takes to go through complex legal documents and contribute to the growth of DNS business.

The existing accreditation process for registrars requires applicants to procure US$70,000 or more for the ICANN accreditation to become effective. The applicants are also required to obtain and maintain for the length of accreditation process, a commercial general liability insurance with a policy limit of US$500,000 or more. The working capital and the insurance are quite high and create a barrier to entrance of underserved regions in the DNS ecosystem.

With lack of appropriate mechanisms registrars resort to using US companies for insurance, creating more foreign currency pressures on themselves. The commercial general liability insurance requirement for the registrars is not limited to their functioning as a registrar perhaps not the most appropriate option. ICANN should, and must, increase efforts towards helping registrars find suitable insurance providers and scaling down the working capital. Solutions may lie in exploring variable fee structures adjusted against profits, and derived after considering factors such as cost of managing domain names and sub-domain names, expansion needs, ICANN obligations and services, financial capacities of LDCs and financial help pledged to disadvantaged groups or countries.

Presently, the start-up capital required is too high for developing countries, and this is reflected in the number of registries in these areas. Any efforts to improve the DNS ecosystem in underserved regions, must tackle this by scaling down the capital in proportion to the requirements of the region.

Another potential issue that ICANN should consider, is that users getting sub-domain names from local registrars located in their own country, are usually taxed on the transaction, however, online registration through US registrars spares users from paying taxes in their country.[7] This could create a reverse incentive for registering domain sub-names online from US registrars. ICANN should push forward on efforts to ensure that registrars are sustainable by providing incentives for registering in underserved regions and help towards maintain critical mass of the registrants. The Business Constituency (BC)—the voice of commercial Internet users within ICANN, could play a role in this and ICANN should endeavour to either, expand the BC function or create a separate constituency for the representation of  underserved regions.

---

[1] Internet Users and Population stats 2012. http://www.internetworldstats.com/stats2.htm

[2] Internet Users and Population stats 2012. http://www.internetworldstats.com/stats4.htm

[3] Times of India IAMAI Report. http://timesofindia.indiatimes.com/tech/tech-news/India-to-have-243-million-internet-users-by-June-2014-IAMAI/articleshow/29563698.cms

[4] Mar/07/2013 - Registrar Stakeholder Group Negotiating Team (Registrar NT) Statement Regarding ICANN RAA Negotiations.http://www.icannregistrars.org/calendar/announcements.php

[5] Kevin Murphy, Who runs the internet? An ICANN 49 primer. http://domainincite.com/16177-who-runs-the-internet-an-icann-49-primer

[6] Stephen Ryan, Governing Cyberspace: ICANN, a Controversial Internet Standards Body http://www.fed-soc.org/publications/detail/governing-cyberspace-icann-a-controversial-internet-standards-body

[7] Open Root-Financing LDCs in the WSIS process. See: http://www.open-root.eu/about-open-root/news/financing-ldcs-in-the-wsis-process

The Law Enforcement Disclosure Report, a section of a larger annual Sustainability Report began by asserting that Vodafone "customers have a right to privacy which is enshrined in international human rights law and standards and enacted through national laws."

However, the report continues, Vodafone is incapable of fully protecting its customers right to privacy, because it is bound by the laws in the various countries in which it operates. "If we do not comply with a lawful demand for assistance, governments can remove our license to operate, preventing us from providing services to our customers," The report goes into detail about the laws in each of the 29 nations where the company operates.

Vodafone’s report is one of the first published by a multinational service provider. Compiling such a report was especially difficult, according to the report, for a few reasons. Because no comparable report had been published before, Vodafone had to figure out for themselves, the “complex task” of what information they could legally publish in each country. This difficulty was compounded by the fact that Vodafone operates physical infrastructure and thus sets up a business in each of the countries where it provides services. This means that Vodafone is subject to the laws and operating licenses of each nation where it operates, unlike as a search engine such as Google, which can provide services across international borders but still be subject to United States law – where it is incorporated.

The report is an important step forward for consumer privacy. First, the Report shows that the company is aware of the conflict of interest between government authorities and its customers, and the pivotal position that the company can play in honoring the privacy of its users by providing information regarding the same in all cases where it legally can. Additionally, providing the user insight into challenges that the company faces when addressing and responding to law enforcement requests, the Report provides a brief overview of the legal qualifications that must be met in each country to access customer data. Also, Vodafone’s report has encouraged other telecom companies to disclose similar information to the public. For instance, Deutsche Telekom AG, a large European and American telecommunications company, said Vodafone’s report had led it consider releasing a report of it’s own.

Direct Government Access

The report revealed that six countries had constructed secret wires or “pipes” which allowed them access to customers’ private data. This means that the governments of these six countries have immediate access to Vodafone’s network without any due process, oversight, or accountability for these opaque practices. Essentially, the report reveals, in order to operate in one of these jurisdictions, a communications company must ensure  that authorities have, real time and direct access to all personal customer data at any time, without any specific justification. The report does not name these six nations for legal reasons.

"These pipes exist, the direct access model exists,” Vodafone's group privacy officer, Stephen Deadman, told the Guardian. “We are making a call to end direct access as a means of government agencies obtaining people's communication data. Without an official warrant, there is no external visibility. If we receive a demand we can push back against the agency. The fact that a government has to issue a piece of paper is an important constraint on how powers are used."

Data Organization

Vodafone’s Report lists the aggregate number of content requests they received in each country where it operates, and groups these requests into two major categories. The first is Lawful Interceptions, which is when the government directly listens in or reads the content of a communication. In the past, this type of action has been called wiretapping, but now includes reading the content of text messages, emails, and other communications.

The second data point Vodafone provides for each country is the number of Communications Data requests they receive from each country. These are requests for the metadata associated with customer communications, such as the numbers they have been texting and the time stamps on all of their texts and calls.

It is worth noting that all of the numbers Vodafone reports are warrant statistics rather than target statistics. Vodafone, according to the report, has chosen to include the number of times a government sent a request to Vodafone to "intrude into the private affairs of its citizens, not the extent to which those warranted activities then range across an ever-expanding multiplicity of devices, accounts and apps."

Data Construction

However, in many cases, laws in the various companies in which Vodafone operates prohibit Vodafone from publishing all or part of the aforementioned data. In fact, this is the rule rather than the exception. The majority of countries, including India, prohibit Vodafone from releasing the number of data requests they receive. Other countries publish the numbers themselves, so Vodafone has chosen not to reprint their statistics either. This is because Vodafone wants to encourage governments to take responsibility for informing their citizens of the statistics themselves.

The report also makes note of the process Vodafone went through to determine the legality of publishing these statistics. It was not always straightforward. For example, in Germany, when Vodafone’s legal team went to examine the legislation governing whether or not they could publish statistics on government data requests, they concluded that the laws were unclear, and asked German authorities for advice on how to proceed. They were informed that publishing any such statistics would be illegal, so they did not include any German numbers in their report. However, since that time, other local carriers have released similar statistics, and thus the situation remains unresolved.

Other companies have also recently released reports. Twitter, a microblogging website, Facebook, a social networking website, and Google a search engine with social network capabilities have all released comparable reports, but their reports differ from Vodafone’s in a number of ways. While Twitter, Google, and Facebook all specified the percent of requests granted, Vodafone released no similar statistics. However, Vodafone prepared discussions of the various legal constraints that each country imposed on telecom companies, giving readers an understanding of what was required in each country for authorities to access their data, a component that was left out of other recent reports. Once again, Vodafone’s report differed from those of Google Facebook and Twitter because while Vodafone opens businesses in each of the countries where it operates and is subject to their laws, Google, Facebook, and Twitter are all Internet companies and so are only governed by United States law.

Google disclosed that it received 27,427 requests over a six-month period ending in December, 2013, and also noted that the number of requests has increased consistently each six-month period since data began being compiled in 2009, when fewer than half as many requests were being made. On the other hand Google said that the percentage of requests it complied with (64% over the most recent period) had declined significantly since 2010, when it complied with 76% of requests.

Google went into less detail when explaining the process non-American authorities had to go through to access data, but did note that a Mutual Legal Assistance Treaty was the primary way governments outside of the United States could force the release of user data. Such a treaty is an agreement between the United States and another government to help each other with legal proceedings. However, the report indicated that Google might disclose user information in situations when they were not legally compelled to, and did not go into detail about how or when it did that. Thus, given the difficulty of obtaining a Mutual Legal Assistance Treaty in addition to local warrants or subpoenas, it seems likely that Google complies with many more non-American data requests than it was legally forced to.

Facebook has only released two such reports so far, for the two six month periods in 2013, but they too indicated an increasing number of requests, from roughly 26,000 to 28,147. Facebook plans to continue issuing reports every six months.

Twitter has also seen an increase of 22% in government requests between this and the previous reporting period, six months ago. Twitter attributes this increase in requests to an increase in users internationally, and it does seem that the website has a similarly growing user base, according to charts released by Twitter. It is worth noting that while large nations such as the United States and India are responsible for the majority of government requests, smaller nations such as Bulgaria and Ecuador also order telecom and Internet companies to turn over data.

Vodaphone’s Statistics

Though Vodafone’s report didn’t print statistics for the majority of the countries the report covered, looking at the few numbers they did publish can shed some light on the behavior of governments in countries where publishing such statistics is illegal.  For the countries where Vodafone does release data, the numbers of government requests for Vodafone data were much higher than for Google data. For instance, Italy requested Vodafone data 605,601 times, while requesting Google data only 896 times. This suggests that other countries such as India could be looking at many more customers’ data through telecom companies like Vodafone than Internet companies like Google.

Vodafone stressed that they were not the only telecom company that was being forced to share customers’ data, sometimes without warrants. In fact, such access was the norm in countries where authorities demanded it.

India and the Reports

India is one of the most proliferate requesters of data, second only to the United States in number of requests for data from Facebook and fourth after the United States, France and Germany in number of requests for data from Google. In the most recent six-month period, India requested data from Google 2,513 times, Facebook 3,598 times, and Twitter 19 times. The percentage of requests granted varies widely from country. For example, while Facebook complies with 79% of United States authorities’ requests, it only grants 50% of India’s requests. Google responds to 83% of US requests but only 66% of India’s.

Facebook also provides data on the number of content restrictions each country requests. A content restriction request is where an authority asks Facebook to take down a particular status, photo, video, or other web content and no longer display it on their site. India, with 4,765 requests, is the country that most often asks Facebook to remove content.

While Vodafone’s report publishes no statistics on Indian data requests, because such disclosure would be illegal, it does discuss the legal considerations they are faced with. In India, the report explains, several laws govern Internet communications. The Information Technology Act (ITA) of 2000 is the parent legislation governing information technology in India. The ITA allows certain members of Indian national or state governments order an interception of a phone call or other communication in real time, for a number of reasons. According to the report, an interception can be ordered “if the official in question believes that it is necessary to do so in the: (a) interest of sovereignty and integrity of India; (b) the security of the State; (c) friendly relations with foreign states; (d) public order; or (e) the prevention of incitement of offences.” In short, it is fairly easy for a high-ranking official to order a wiretapping in India.

The report goes on to detail Indian authorities’ abilities to request other customer data beyond a lawful interception. The Code of Criminal Procedure allows a court or police officer to ask Vodafone and other telecom companies to produce “any document or other thing” that the officer believes is necessary for any investigation. The ITA extends this ability to any information stored in any computer, and requires service providers to extend their full assistance to the government. Thus, it is not only legally simple to order a wiretapping in India; it is also very easy for authorities to obtain customer web or communication data at any time.

It is clear that Indian laws governing communication have very little protections in place for consumer privacy. However, many in India hope to change this reality. The Group of Experts chaired by Justice AP Shah, the Department of Personnel and Training, along with other concerned groups have been working towards the  drafting of a privacy legislation for India. According to the Report of the Group of Experts on Privacy, the legislation would fix the 50 or so privacy laws in India that are outdated and unable to protect citizen’s privacy when they use modern technology.

On the other hand, the Indian government is moving forward with a number of plans to further infringe the privacy of civilians. For example, the Central Monitoring System, a clandestine electronic surveillance program, gives India’s security agencies and income tax officials direct access to communications data in the country. The program began in 2007 and was announced publicly in 2009 to little fanfare and muted public debate. The system became operational in 2013.

Conclusion

Vodafone’s report indicates that it is concerned about protecting its customer’s privacy, and Vodafone’s disclosure report is an important step forward for consumer web and communication privacy. The report stresses that company practice and government policy need to come together to protect citizen’s privacy and –businesses cannot do it alone. However, the report reveals what companies can do to effect privacy reform. By challenging authorities abilities to access customer data, as well as publishing information about these powers, they bring the issue to the government’s attention and open it up to public debate. Through Vodafone’s report, the public can see why their governments are making surveillance decisions. Yet, in India, there is still little adoption of transparent business practices such as these. Perhaps if more companies were transparent about the level of government surveillance their customers were being subjected to, their practices and policies for responding to requests from law enforcement, and the laws and regulations that they are subject to - the public would press the government for stronger privacy safeguards and protections.

The 26th session of the United Nations Human Rights Council (UNHRC) is currently ongoing (June 10-27, 2014). On June 19, 2014, 63 civil society groups joined together to urge the United Nations Human Rights Council to protect human rights online and address global challenged to their realization. Centre for Internet & Society joined in support of the statement ("the Civil Society Statement"), which was delivered by Article 19 on behalf of the 63 groups.

In its consensus resolution A/HRC/20/8 (2012), the UNHRC affirmed that the "same rights that people have offline must also be protected online, in particular freedom of expression, which is applicable regardless of frontiers and through any media of one’s choice". India, a current member of the UNHRC, stood in support of resolution 20/8. The protection of human rights online was also a matter of popular agreement at NETmundial 2014, which similarly emphasised the importance of protecting human rights online in accordance with international human rights obligations. Moreover, the WSIS+10 High Level Event, organised by the ITU in collaboration with other UN entities, emphasized the criticality of expanding access to ICTs across the globe, including infrastructure, affordability and reach.

The Civil Society Statement at HRC26 highlights the importance of retaining the Internet as a global resource - a democratic, free and pluralistic platform. However, the recent record of freedom of expression and privacy online have resulted in a deficit of trust and free, democratic participation. Turkey, Malaysia, Thailand, Egypt and Pakistan have blocked web-pages and social media content, while Edward Snowden's revelations have heightened awareness of human rights violations on the Internet.

At a time when governance of the Internet and its institutions is evolving, a human rights centred perspective is crucial. Openness and transparency - both in the governance of Internet institutions and rights online - are crucial to continuing growth of the Internet as a global, democratic and free resource, where freedom of expression, privacy and other rights are respected regardless of location or nationality. In particular, the Civil Society Statement calls attention to principles of necessity and proportionality to regulate targeted interception and collection of personal data.

The UNHRC, comprising 47 member states, is called upon to address these global challenges. Guided by resolutions A/HRC/20/8 and A/RES/68/167, the WSIS+10 High Level Event Outcome Documents (especially operative paragraphs 2, 8 and 11 of the Vision Document) and the forthcoming report of the UN High Commissioner for Human Rights regarding privacy in the digital age, the UNHRC as well as other states may gather the opportunity and intention to put forth a strong case for human rights online in our post-2015 development-centred world.

Civil Society Statement:

The full oral statement can be accessed here.

In the previous post, we discussed Vincent Blasi’s pathological perspective on free speech. The argument forms part of a broader conception that Blasi calls the “checking value of the First Amendment”. Blasi argues that the most important role of free speech is to “check” government abuses and reveal to the public information that government wants to keep secret from them. Naturally, in this model – which is a specific application of the democracy-centred theory of free speech – the press and the media become the most important organs of a system of free expression.

In addition to the checking value of free speech, there is another consideration that is now acknowledged by Courts in most jurisdictions, including our Supreme Court. When we speak about the “right” to free speech, we do not just mean – as might seem at first glance – the right of speakers to speak unhindered. We also mean the rights of listeners and hearers to receive information. A classic example is the Indian Supreme Court’s opinion in LIC v. Manubhai D. Shah, which used Article 19(1)(a) to vest a right-of-reply in a person who had been criticised in a newspaper editorial, on the ground of providing a balanced account to readers. Furthermore, instruments like the ICCPR and the ECHR make this clear in the text of the free speech right as well. For instance, Article 19 of the ICCPR states that “everyone shall have the right to freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds.”

In addition to the individual right to receive information and ideas, free speech need not be understood exclusively in the language of a right at all. Free speech also serves as a public good – that is to say, a society with a thriving system of free expression is, all things considered, better off than a society without it. The unique value that free speech serves, as a public good, is in creating an atmosphere of accountability and openness that goes to the heart of the constitutive ideals of modern liberal democracies. As Justice Hugo Black noted, a good system of free speech “rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public.” Unsurprisingly, he went on to add immediately after, that “a free press is a condition of a free society.”

If free speech is about the right to receive information, and about the public good of a society in which information circulates freely and widely, then the vehicles of information occupy a central position in any theory or doctrine about the scope of the constitutional right. In our societies, the press is perhaps the most important of those vehicles.

Establishing the crucial role of the free press in free speech theory is important to understand a crucial issue that has largely gone unaddressed in Indian constitutional and statutory law: that of source-protection laws for journalists. A source-protection law exempts journalists from having to compulsorily reveal their sources when ordered to do so by government or by courts. Such exemptions form part of ordinary Indian statutory law: under the Indian Evidence Act, for example, communications between spouses are “privileged” – that is, inadmissible as evidence in Court.

The question came up before the US Supreme Court in Branzburg v. Hayes. In a 5-4 split, the majority ruled against an unqualified reporters’ privilege, that could be invoked in all circumstances. However, all the justices understood the importance of the issue. Justice White, writing for the majority, held that government must  “convincingly show a substantial relation between the information sought and a subject of overriding and compelling state interest.” Justice Powell’s concurring opinion emphasised that the balance must be struck on a case-to-case basis. Since Branzburg, there has been no federal legislation dealing with source protection. A number of states have, however, passed “shield laws”, albeit with broad national security exceptions.

Perhaps the reason for the American Supreme Court’s reticence lies in its reluctance – notwithstanding Justice Black’s ringing oratory – to place journalists on any kind of special pedestal above the rest of the public. The European Court of Human Rights, however, has felt no such compunctions. In Goodwin v. UK, the ECHR made it clear that the press serves a crucial function as a “public watchdog” (a consistent theme in the ECHR’s jurisprudence). Compelled disclosure of sources would definitely have a chilling effect on the functioning of the press, since sources would be hesitant to speak – and journalists would be reluctant to jeopardise their sources – if it was easy to get a court order requiring disclosure. Consequently, the ECHR – which is normally hesitant to intervene in domestic matters, and accords a wide margin of appreciation to states, found the UK to be in violation of the Convention. Journalists could only be compelled to reveal their sources if there was an “overriding requirement in the public interest.”

Where both the United States and Europe have recognised the importance of source-protection, and the simple fact that some degree of source protection is essential if the press is to perform its checking – or watchdog – function effectively, Indian jurisprudence on the issue is negligible. The Law Commission has twice proposed some manner of a shield law, but no concrete action has been taken upon its recommendations.

In the absence of any law, Article 19(1)(a) could play a direct role in the matter. As argued at the beginning of this post, the Supreme Court has accepted the democracy-based justification for free speech, as well as the individual right to receive information. Both these arguments necessarily make the role of the press crucial, and the role of the press is dependant on maintaining the confidentiality of sources. Thus, there ought to be an Article 19(1)(a) right that journalists can invoke against compelled disclosure. If this is so, then any disclosure can only be required through law; and the law, in turn, must be a reasonable restriction in the interests of public order, which – in turn, has normally been given a narrow interpretation by the Supreme Court in cases such as Ram Manohar Lohia.

It is unclear, however, whether the Courts will be sympathetic. As this article points out, while the Supreme Court has yet to rule on this issue, various High Courts have ordered disclosure, seemingly without much concern for the free speech implications. One thing is evident though: either a strong shield law, or a definitive Supreme Court ruling, is required to fill the current vacuum that exists.

The World Summit on Information Society (WSIS) +10 High Level Event (HLE) was hosted at the ITU Headquarters in Geneva, from June 9-13, 2014. The HLE aimed to review the implementation and progress made on information and communication technology (ICT) across the globe, in light of WSIS outcomes (Geneva 2003 and Tunis 2005). Organised in three parallel tracks, the HLE sought to take stock of progress in ICTs in the last decade (High Level track), initiate High Level Dialogues to formulate the post-2015 development agenda, as well as host thematic workshops for participants (Forum track).

The High Level Track:

Opening Ceremony, WSIS+10 High Level Event (Source)

The High Level track opened officially on June 10, 2014, and culminated with the endorsement by acclamation (as is ITU tradition) of two Outcome Documents. These were: (1) WSIS+10 Statement on the Implementation of WSIS Outcomes, taking stock of ICT developments since the WSIS summits, (2) WSIS+10 Vision for WSIS Beyond 2015, aiming to develop a vision for the post-2015 global information society. These documents were the result of the WSIS+10 Multi-stakeholder Preparatory Platform (MPP), which involved WSIS stakeholders (governments, private sector, civil society, international organizations and relevant regional organizations).

The MPP met in six phases, convened as an open, inclusive consultation among WSIS stakeholders. It was not without its misadventures. While ITU Secretary General Dr. Hamadoun I. Touré consistently lauded the multi-stakeholder process, and Ambassador Janis Karklins urged all parties, especially governments, to “let the UN General Assembly know that the multi-stakeholder model works for Internet governance at all levels”, participants in the process shared stories of discomfort, disagreement and discord amongst stakeholders on various IG issues, not least human rights on the Internet, surveillance and privacy, and multi-stakeholderism. Richard Hill of the Association for Proper Internet Governance (APIG) and the Just Net Coalition writes that like NETmundial, the MPP was rich in a diversity of views and knowledge exchange, but stakeholders failed to reach consensus on crucial issues. Indeed, Prof. Vlamidir Minkin, Chairman of the MPP, expressed his dismay at the lack of consensus over action line C9. A compromise was agreed upon in relation to C9 later.

Some members of civil society expressed their satisfaction with the extensive references to human rights and rights-centred development in the Outcome Documents. While governmental opposition was seen as frustrating, they felt that the MPP had sought and achieved a common understanding, a sentiment echoed by the ITU Secretary General. Indeed, even Iran, a state that had expressed major reservations during the MPP and felt itself unable to agree with the text, agreed that the MPP had worked hard to draft a document beneficial to all.

Concerns around the MPP did not affect the review of ICT developments over the last decade. High Level Panels with Ministers of ICT from states such as Uganda, Bangladesh, Sweden, Nigeria, Saudi Arabia and others, heads of the UN Development Programme, UNCTAD, Food and Agriculture Organisation, UN-WOMEN and others spoke at length of rapid advances in ICTs. The focus was largely on ICT access and affordability in developing states. John E. Davies of Intel repeatedly drew attention to innovative uses of ICTs in Africa and Asia, which have helped bridge divides of affordability, gender, education and capacity-building. Public-private partnerships were the best solution, he said, to affordability and access. At a ceremony evaluating implementation of WSIS action-lines, the Centre for Development of Advanced Computing (C-DAC), India, won an award for its e-health application MOTHER.

The Outcome Documents themselves shall be analysed in a separate post. But in sum, the dialogue around Internet governance at the HLE centred around the success of the MPP. Most participants on panels and in the audience felt this was a crucial achievement within the realm of the UN, where the Tunis Summit had delineated strict roles for stakeholders in paragraph 35 of the Tunis Agenda. Indeed, there was palpable relief in Conference Room 1 at the CICG, Geneva, when on June 11, Dr. Touré announced that the Outcome Documents would be adopted without a vote, in keeping with ITU tradition, even if consensus was achieved by compromise.

The High Level Dialogues:

Prof. Vladimir Minkin delivers a statement. (Source)

The High Level Dialogues on developing a post-2015 Development Agenda, based on WSIS action lines, were active on June 12. Introducing the Dialogue, Dr. Touré lamented the Millennium Development Goals as a “lost opportunity”, emphasizing the need to alert the UN General Assembly and its committees as to the importance of ICTs for development.

As on previous panels, there was intense focus on access, affordability and reach in developing countries, with Rwanda and Bangladesh expounding upon their successes in implementing ICT innovations domestically. The world is more connected than it was in 2005, and the ITU in 2014 is no longer what it was in 2003, said speakers. But we lack data on ICT deployment across the globe, said Minister Knutssen of Sweden, recalling the gathering to the need to engage all stakeholders in this task. Speakers on multiple panels, including the Rwandan Minister for CIT, Marilyn Cade of ICANN and Petra Lantz of the UNDP, emphasized the need for ‘smart engagement’ and capacity-building for ICT development and deployment.

A crucial session on cybersecurity saw Dr. Touré envision a global peace treaty accommodating multiple stakeholders. On the panel were Minister Omobola Johnson of Nigeria, Prof. Udo Helmbrecht of the European Union Agency for Network and Information Security (ENISA), Prof. A.A. Wahab of Cybersecurity Malaysia and Simon Muller of Facebook. The focus was primarily on building laws and regulations for secure communication and business, while child protection was equally considered.

The lack of laws/regulations for cybersecurity (child pornography and jurisdictional issues, for instance), or other legal protections (privacy, data protection, freedom of speech) in rapidly connecting developing states was noted. But the question of cross-border surveillance and wanton violations of privacy went unaddressed except for the customary, unavoidable mention. This was expected. Debates in Internet governance have, in the past year, been silently and invisibly driven by the Snowden revelations. So too, at WSIS+10 Cybersecurity, speakers emphasized open data, information exchange, data ownership and control (the right to be forgotten), but did not openly address surveillance. Indeed, Simon Muller of Facebook called upon governments to publish their own transparency reports: A laudable suggestion, even accounting for Facebook’s own undetailed and truncated reports.

In a nutshell, the post-2015 Development Agenda dialogues repeatedly emphasized the importance of ICTs in global connectivity, and their impact on GDP growth and socio-cultural change and progress. The focus was on taking this message to the UN General Assembly, engaging all stakeholders and creating an achievable set of action lines post-2015.

The Forum Track:

Participants at the UNESCO session on its Comprehensive Study on Internet-related Issues (Source)

The HLE was organized as an extended version of the WSIS Forum, which hosts thematic workshops and networking opportunities, much like any other conference. Running in parallel sessions over 5 days, the WSIS Forum hosted sessions by the ITU, UNESCO, UNDP, ICANN, ISOC, APIG, etc., on issues as diverse as the WSIS Action Lines, the future of Internet governance, the successes and failures of WCIT-2012, UNESCO’s Comprehensive Study on Internet-related Issues, spam and a taxonomy of Internet governance.

Detailed explanation of each session I attended is beyond the scope of this report, so I will limit myself to the interesting issues raised.

At ICANN’s session on its own future (June 9), Ms. Marilyn Cade emphasized the importance of national and regional IGFs for both issue-awareness and capacity-building. Mr. Nigel Hickson spoke of engagement at multiple Internet governance fora: “Internet governance is not shaped by individual events”. In light of criticism of ICANN’s apparent monopoly over IANA stewardship transition, this has been ICANN’s continual response (often repeated at the HLE itself). Also widely discussed was the role of stakeholders in Internet governance, given the delineation of roles and responsibilities in the Tunis Agenda, and governments’ preference for policy-monopoly (At WSIS+10, Indian Ambassador Dilip Sinha seemed wistful that multilateralism is a “distant dream”).

This discussion bore greater fruit in a session on Internet governance ‘taxonomy’. The session saw Mr. George Sadowsky, Dr. Jovan Kurbalija, Mr. William Drake and Mr. Eliot Lear (there is surprisingly no official profile-page on Mr. Lear) expound on dense structures of Internet governance, involving multiple methods of classification of Internet infrastructure, CIRs, public policy issues, etc. across a spectrum of ‘baskets’ – socio-cultural, economic, legal, technical. Such studies, though each attempting clarity in Internet governance studies, indicate that the closer you get to IG, the more diverse and interconnected the eco-system gets. David Souter’s diagrams almost capture the flux of dynamic debate in this area (please see pages 9 and 22 of this ISOC study).

There were, for most part, insightful interventions from session participants. Mr. Sadowsky questioned the effectiveness of the Tunis Agenda delineation of stakeholder-roles, while Mr. Lear pleaded that techies be let to do their jobs without interference. Ms. Anja Kovacs raised pertinent concerns about including voiceless minorities in a ‘rough consensus’ model. Across sessions, questions of mass surveillance, privacy and data ownership rose from participants. The protection of human rights on the Internet – especially freedom of expression and privacy – made continual appearance, across issues like spam (Question 22-1/1 of ITU-D Study Group 1) and cybersecurity.

Conclusion:

The HLE was widely attended by participants across WSIS stakeholder-groups. At the event, a great many relevant questions such as the future of ICTs, inclusions in the post-2015 Development Agenda, the value of muti-stakeholder models, and human rights such as free speech and privacy were raised across the board. Not only were these raised, but cognizance was taken of them by Ministers, members of the ITU and other collaborative UN bodies, private sector entities such as ICANN, technical community such as the ISOC and IETF, as well as (obviously) civil society.

Substantively, the HLE did not address mass surveillance and privacy, nor of expanding roles of WSIS stakeholders and beyond. Processually, the MPP failed to reach consensus on several issues comfortably, and a compromise had to be brokered.

But perhaps a big change at the HLE was the positive attitude to multi-stakeholder models from many quarters, not least the ITU Secretary General Dr. Hamadoun Touré. His repeated calls for acceptance of multi-stakeholderism left many members of civil society surprised and tentatively pleased. Going forward, it will be interesting to track the ITU and the rest of UN’s (and of course, member states’) stances on multi-stakeholderism at the ITU Plenipot, the WSIS+10 Review and the UN General Assembly session, at the least.