The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 1 to 15.
Comments from the Centre for Internet and Society on Renewal of .NET Registry Agreement
http://editors.cis-india.org/internet-governance/blog/comments-from-the-centre-for-internet-and-society-on-renewal-of-net-registry-agreement
<b>The Centre for Internet and Society (CIS) is grateful for the opportunity to comment on the proposed renewal of the .NET Registry Agreement.</b>
<p>With inputs from Sunil Abraham and Pranesh Prakash</p>
<hr />
<p style="text-align: justify; ">CIS would like to express its strong opposition to the proposed renewal. This is for three primary reasons:</p>
<h3 style="text-align: justify; ">Inconsistency with ICANN’s core values</h3>
<p style="text-align: justify; ">It is important to consider the proposed renewal in light of two Core Values which are meant to guide the decisions and actions of ICANN. <br /> <br />Section 1.2.(b)(iii) of the Bylaws contemplates ICANN’s responsibility to, “ Where feasible and appropriate, depending on market mechanisms to promote and sustain a competitive environment in the DNS market;” and S ection 1.2(b)(iv) envisages, “Introducing and promoting competition in the registration of domain names where practicable and beneficial to the public interest as identified through the bottom-up, multistakeholder policy development process;”. <br /> <br />The presumptive renewal of the .NET Registry agreement precludes an open tender, thereby significantly undermining competition in the DNS market. It ignores the public interest consideration, as the absence of competitive pressure on the contract also means the absence of pressure to lower user costs.</p>
<h3 style="text-align: justify; ">Historical accident</h3>
<p style="text-align: justify; ">Verisign’s operations over .NET is a historical accident; one that does not justify its collection of .NET revenues in perpetuity. <span></span><span>Policies for Contractual Compliance of</span> <span>Existing Registries</span> was approved in 2007 to include presumptive renewal. However, during the deliberations in that Policy Development Process, there was significant objection to presumption of renewal of registry contracts; with constituencies and individuals pointing out that such renewal was blatantly anti competitive, and allowed for presumption to prevail even in the case of material breaches.</p>
<p style="text-align: justify; "><b>The proposed agreement contemplates using a portion of Registry Level </b><br />Transaction Fees to create a “special restricted fund for developing country Internet communities to enable further participation in the ICANN mission for these stakeholders.” This form of tokenism to the global south will do little to achieve meaningful participation and diversity of civil society. .NET should instead, be opened to a competitive bid and open tender, in order to encourage innovators from around the world to benefit from it.</p>
<h3 style="text-align: justify; ">Irregularity of contract</h3>
<p style="text-align: justify; ">The argument that the proposed changes are to bring the contract in line with other gTLD registry agreements doesn't hold because this contract is in itself completely irregular: it was not entered into after a competitive process that other gTLD registry agreements are subject to; and it is not subject to the price sensitivity that other contracts are either.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/comments-from-the-centre-for-internet-and-society-on-renewal-of-net-registry-agreement'>http://editors.cis-india.org/internet-governance/blog/comments-from-the-centre-for-internet-and-society-on-renewal-of-net-registry-agreement</a>
</p>
No publishervidushiICANNInternet Governance2017-06-06T13:35:53ZBlog EntryInternet's Core Resources are a Global Public Good - They Cannot Remain Subject to One Country's Jurisdiction
http://editors.cis-india.org/internet-governance/blog/internets-core-resources-are-a-global-public-good
<b>This statement was issued by 8 India civil society organizations, supported by 2 key global networks, involved with internet governance issues, to the meeting of ICANN in Hyderabad, India from 3 to 9 November 2016. The Centre for Internet & Society was one of the 8 organizations that drafted this statement.</b>
<p style="text-align: justify;">Recently, the US gave up its role of signing entries to the Internet's root zone file, which represents the addressing system for the global Internet. This is about the Internet addresses that end with .com, .net, and so on, and the numbers associated with each of them that help us navigate the Internet. We thank and congratulate the US government for taking this important step in the right direction. However, the organisation that manages this system, ICANN,<a href="#ftn1">[1]</a> a US non-profit, continues to be under US jurisdiction, and hence subject to its courts, legislature and executive agencies. Keeping such an important global public infrastructure under US jurisdiction is expected to become a very problematic means of extending US laws and policies across the world.</p>
<p style="text-align: justify;">We the undersigned therefore appeal that urgent steps be taken to transit ICANN from its current US jurisdiction. Only then can ICANN become a truly global organisation.<a href="#ftn2">[2]</a> We would like to make it clear that our objection is not directed particularly against the US; we are simply against an important global public infrastructure being subject to a single country's jurisdiction.</p>
<p style="text-align: justify;"><strong>Domain name system as a key lever of global control</strong><br />A few new top level domains like .xxx and .africa are already under litigation in the US, whereby there is every chance that its law could interfere with ICANN's (global) policy decisions. Businesses in different parts of the world seeking top level domain names like .Amazon, and, hypothetically, .Ghaniancompany, will have to be mindful of de facto extension of US jurisdiction over them. US agencies can nullify the allocation of such top level domain names, causing damage to a business similar to that of losing a trade name, plus losing all the 'connections', including email based ones, linked to that domain name. For instance, consider the risks that an Indian generic drugs company, say with a top level domain, .genericdrugs, will remain exposed to.</p>
<p style="text-align: justify;">Sector specific top level domain names like .insurance, health, .transport, and so on, are emerging, with clear rules for inclusion-exclusion. These can become de facto global regulatory rules for that sector. .Pharmacy has been allocated to a US pharmaceutical group which decides who gets domain names under it. Public advocacy groups have protested <a href="#ftn3">[3]</a> that these rules will be employed to impose drugs-related US intellectual property standards globally. Similar problematic possibilities can be imagined in other sectors; ICANN could set “safety standards”, as per US law, for obtaining .car.</p>
<p style="text-align: justify;">Country domain names like .br and .ph remain subject to US jurisdiction. Iran's .ir was recently sought to be seized by some US private parties because of alleged Iranian support to terrorism. Although the plea was turned down, another court in another case may decide otherwise. With the 'Internet of Things', almost everything, including critical infrastructure, in every country will be on the network. Other countries cannot feel comfortable to have at the core of the Internet’s addressing system an organisation that can be dictated by one government.</p>
<p style="text-align: justify;"><strong>ICANN must become a truly global body</strong><br />Eleven years ago, in 2005, the Civil Society Internet Governance Caucus at the World Summit on the Information Society demanded that ICANN should “negotiate an appropriate host country agreement to replace its California Incorporation”.</p>
<p style="text-align: justify;">A process is currently under-way within ICANN to consider the jurisdiction issue. It is important that this process provides recommendations that will enable ICANN to become a truly global body, for appropriate governance of very important global public goods.</p>
<p style="text-align: justify;">Below are some options, and there could be others, that are available for ICANN to transit from US jurisdiction.</p>
<ol style="text-align: justify;">
<li>ICANN can get incorporated under international law. Any such agreement should make ICANN an international (not intergovernmental) body, fully preserving current ICANN functions and processes. This does not mean instituting intergovernmental oversight over ICANN.</li>
<li>ICANN can move core internet operators among multiple jurisdictions, i.e. ICANN (policy body for Internet identifiers), PTI <a href="#ftn4">[4]</a> (the operational body) and the Root Zone Maintainer must be spread across multiple jurisdictions. With three different jurisdictions over these complementary functions, the possibility of any single one being fruitfully able to interfere in ICANN's global governance role will be minimized.</li>
<li>ICANN can institute a fundamental bylaw that its global governance processes will brook no interference from US jurisdiction. If any such interference is encountered, parameters of which can be clearly pre-defined, a process of shifting of ICANN to another jurisdiction will automatically set in. A full set-up – with registered HQ, root file maintenance system, etc – will be kept ready as a redundancy in another jurisdiction for this purpose. <a href="#ftn5">[5]</a> Chances are overwhelming that given the existence of this bylaw, and a fully workable exit option being kept ready at hand, no US state agency, including its courts, will consider it meaningful to try and enforce its writ. This arrangement could therefore act in perpetuity as a guarantee against jurisdictional interference without actually having ICANN to move out of the US.</li>
<li>The US government can give ICANN jurisdictional immunity under the United States International Organisations Immunities Act . There is precedent of US giving such immunity to non-profit organisations like ICANN. <a href="#ftn6">[6]</a> Such immunity must be designed in such a way that still ensures ICANN's accountability to the global community, protecting the community's enforcement power and mechanisms. Such immunity extends only to application of public law of the US on ICANN decisions and not private law as chosen by any contracting parties. US registries/registrars, with the assent of ICANN, can choose the jurisdiction of any state of the US for adjudicating their contracts with ICANN. Similarly, registries/registrars from other countries should be able to choose their respective jurisdictions for such contracts.</li></ol>
<p style="text-align: justify;">We do acknowledge that, over the years, there has been an appreciable progress in internationalising participation in ICANN's processes, including participation from governments in the Governmental Advisory Committee. However, positive as this is, it does not address the problem of a single country having overall jurisdiction over its decisions.</p>
<p style="text-align: justify;">Issued by the following India based organisation:</p>
<ul style="text-align: justify;">
<li>Centre for Internet and Society, Bangalore </li>
<li>IT for Change, Bangalore </li>
<li>Free Software Movement of India, Hyderabad </li>
<li>Society for Knowledge Commons, New Delhi</li>
<li>Digital Empowerment Foundation, New Delhi</li>
<li>Delhi Science Forum, New Delhi</li>
<li>Software Freedom Law Centre - India, New Delhi</li>
<li>Third World Network - India, New Delhi</li></ul>
<p style="text-align: justify;">Supported by the following global networks:</p>
<ul style="text-align: justify;">
<li>Association For Progressive Communications</li>
<li>Just Net Coalition</li></ul>
<p style="text-align: justify;"><br />For any clarification or inquiries you may may write to or call:</p>
<ul style="text-align: justify;">
<li>Parminder Jeet Singh: <a class="mail-link" href="mailto:parminder@itforchange.net">parminder@itforchange.net</a> +91 98459 49445, or </li>
<li>Vidushi Marda: <a class="mail-link" href="mailto:vidushi@cis-india.org">vidushi@cis-india.org</a> +91 99860 92252</li></ul>
<hr />
<p><a name="ftn1">[1]</a> Internet Corporation for Assigned Names and Numbers</p>
<p style="text-align: justify;"><a name="ftn2">[2]</a> The “NetMundial Multistakeholder Statement” , endorsed by a large number of governments and other stakeholders, including ICANN and US government, called for ICANN to become a “truly international and global organization”.</p>
<p style="text-align: justify;"><a name="ftn3">[3]</a> See, <a class="external-link" href="https://www.techdirt.com/articles/20130515/00145123090/big-pharma-firms-seeking-pharmacy-domain-to-crowd-out-legitimate-foreign-pharmacies.shtml">https://www.techdirt.com/articles/20130515/00145123090/big-pharma-firms-seeking-pharmacy-domain-to-crowd-out-legitimate-foreign-pharmacies.shtml </a></p>
<p><a name="ftn4">[4]</a> Public Technical Identifier, a newly incorporated body to carry out the operational aspects of managing Internet's identifiers.</p>
<p style="text-align: justify;"><a name="ftn5">[5]</a> This can be at one of the existing non US global offices of ICANN, or the location of one of the 3 non-US root servers. Section 24.1 of ICANN Bylaws say, “The principal office for the transaction of the business of shall be in the County of Los Angeles, State of California, United States of America. may also have an additional office or offices within or outside the United States of America as it may from time to time establish”.</p>
<p style="text-align: justify;"><a name="ftn6">[6]</a> E.g., International Fertilizer and Development Center was designated as a public, nonprofit, international organisation by US Presidential Decree, granting it immunities under United States International Organisations Immunities Act . See <a class="external-link" href="https://archive.icann.org/en/psc/corell-24aug06.html">https://archive.icann.org/en/psc/corell-24aug06.html</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/internets-core-resources-are-a-global-public-good'>http://editors.cis-india.org/internet-governance/blog/internets-core-resources-are-a-global-public-good</a>
</p>
No publishervidushiICANNHomepageInternet Governance2016-11-14T06:39:52ZBlog EntryIANA Transition: A Case of the Emperor’s New Clothes?
http://editors.cis-india.org/internet-governance/blog/digital-asia-hub-october-6-2016-vidushi-marda-iana-transition
<b>Transparency is key to engaging meaningfully with ICANN. CIS has filed the most number of Documentary Information Disclosure Policy (DIDP) requests with ICANN, covering a range of subjects including its relationships with contracted parties, financial disclosure, revenue statements, and harassment policies. Asvatha Babu, an intern at CIS, analysed all responses to our requests and found that only 14% of our requests were answered fully.</b>
<p> </p>
<p style="text-align: justify;">The post was published by <a class="external-link" href="https://www.digitalasiahub.org/2016/10/06/iana-transition-a-case-of-emperor-in-new-clothes/?utm_content=buffer48f31&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer">Digital Asia Hub</a> on October 6, 2016.</p>
<hr style="text-align: justify;" />
<p style="text-align: justify;">In March 2014, the US Government committed to ending its contract with ICANN to run the Internet Assigned Numbers Authority (IANA), and also announced that it would hand over control to the “global multistakeholder community”. The conditions for this handover were that the changes must be developed by stakeholders across the globe, with broad community consensus.</p>
<p style="text-align: justify;">Further, it was indicated that any proposal must support and enhance the multistakeholder model; maintain the security, stability, and resiliency of the Internet Domain Name System (DNS); meet the needs and expectation of the global customers and partners of the IANA services and maintain the openness of the Internet. Further, it must not replace the NTIA role with a solution that is government-led or by an inter-governmental organisation.</p>
<p style="text-align: justify;" class="p1"><span class="s1">These conditions were met, ICANN’s Supporting Organisations (SO’s) and Advisory Committees (ACs) accepted transition proposals, and these proposals were then accepted by the ICANN Board as well, putting the transition in motion. But not quite. The “global multistakeholder community” still had to wait for approval from the NTIA and the US government, both of whom eventually approved the proposal. The latter’s approval was confirmed after considerable uncertainty due to <a href="http://www.theregister.co.uk/2016/04/05/cruz_slams_dns_overseer_icann_again/"><span class="s2">Senator Ted Cruz</span><span class="s3">’</span><span class="s2">s efforts</span></a> to stop the transition, due to his belief that the transition was an exercise of the US government handing over control of the internet to foreign governments. Notwithstanding this, on 29th September, the US Senate passed a short term bill to keep the US Government funded till the end of the year, without a rider on the IANA transition. The next hurdle was a lawsuit filed in federal court in Texas by the attorney generals of four states to stop the handover of the IANA contract. As on the 30</span><span class="s4"><sup>th</sup></span><span class="s1"> of September, the court <a href="http://www.circleid.com/pdf/iana_hearing_minute_160930.pdf"><span class="s5">denied</span></a> the Plaintiffs’ Application, thus allowing the transition to proceed. </span></p>
<p style="text-align: justify;" class="p1"><span class="s1">What does this transition mean? What does it change? The transition, while a welcome step, leaves much to be desired in terms of tangible change, primarily because it fails to address the most important question, that of ICANN jurisdiction. It is important to have the Internet’s core Domain Name System (DNS) functioning free from the pressures and control of a single country or even a few countries; the transition does not ensure this, as the Post Transition IANA entity (PTI) will be under Californian jurisdiction, just like ICANN was pre-transition. The entire ICANN community has been witness to a single American political figure <a href="https://www.cruz.senate.gov/?p=press_release&id=2795"><span class="s5">almost derailing</span></a> its meticulous efforts simply because he could; and in many ways these events cemented the importance of having diversity in terms of legal jurisdiction of ICANN, the PTI and the root zone maintainer.</span></p>
<p style="text-align: justify;">My colleague Pranesh Prakash has identified <a href="http://cis-india.org/internet-governance/blog/jurisdiction-the-taboo-topic-at-icann"><span class="s5">11 reasons</span></a> why the question of jurisdiction is important to consider during the IANA transition. Some of these issues depend on where ICANN, the PTI and the root zone maintainer are situated, some depend on the location of the office in question and still others depend on contracts that ICANN enters into. ICANN’s new bylaws state that it <em>will be situated in California</em>, the post transition IANA entities bylaws also make a Californian jurisdiction <em>integral</em> to its functioning. As an alternative, the Centre for Internet & Society has called for the “jurisdictional resilience” of ICANN, encompassing three crucial points: legal immunity for core technical operators of Internet functions (as opposed to policymaking venues) from legal sanctions or orders from the state in which they are legally situated, division of core Internet operators among multiple jurisdictions, and jurisdictional division of policymaking functions from technical implementation functions.</p>
<p style="text-align: justify;" class="p1"><span class="s1">Transparency is also key to engaging meaningfully with ICANN. CIS has filed the most number of Documentary Information Disclosure Policy (DIDP) requests with ICANN, covering a range of subjects including its relationships with contracted parties, financial disclosure, revenue statements, and harassment policies. Asvatha Babu, an intern at CIS, analysed all responses to our requests and found that only 14% of our requests were answered fully. 40% of our requests had no relevant answers disclosed at all (these were mostly to do with complaints and contractual compliance). To illustrate the importance of engaging with ICANN transparency, CIS has focused on understanding ICANN’s sources of income since 2014. This is because we believe that conflict of interest can only be properly understood by following the money in a granular fashion. This information was not publicly available, and in fact, it seemed like <a href="http://cis-india.org/internet-governance/blog/where-does-icann2019s-money-come-from-we-asked-they-don2019t-know"><span class="s2">ICANN didn</span><span class="s3">’</span><span class="s2">t know where it got its money from, either</span></a>. It is only through the DIDP process that we were able to <a href="http://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014"><span class="s5">get ICANN to disclose</span></a> sources of income, and figures along with those sources for a single financial year. </span></p>
<p style="text-align: justify;" class="p1"><span class="s1">ICANN prides itself on being transparent and accountable, but in reality it is not. The most often used exception to avoid answering DIDP requests has been “Confidential business information and/or internal policies and procedures”, which in itself is a testament to ICANN’s opacity. Another condition for non-disclosure allows ICANN to reject answering “Information requests: (i) which are not reasonable; (ii) which are excessive or overly burdensome; (iii) complying with which is not feasible; or (iv) are made with an abusive or vexatious purpose or by a vexatious or querulous individual.”. These exemptions are not only vague, they are also extremely subjective: again, demonstrative of the need for enhanced accountability and transparency within ICANN. Key issues have not been addressed even at the time that the transition is formally underway. The grounds for denying DIDP requests are still vague and wide, effectively giving ICANN the discretion to decline answering difficult questions, which is unacceptable from an entity that is at the center of the multi-billion dollar domain name industry. </span></p>
<p style="text-align: justify;" class="p1"><span class="s1">ICANN’s jurisdictional resilience and enhanced accountability are particularly vital for countries in Asia. Its policies, processes and functioning have historically been skewed towards western and industry interests, and ICANN can neither be truly global nor multistakeholder till such countries can engage meaningfully with it in a transparent fashion. The IANA transition is, of course, largely political, and may <em>symbolise </em>a transition to the global multistakeholder community, but in reality, it changes very little, if anything. </span></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/digital-asia-hub-october-6-2016-vidushi-marda-iana-transition'>http://editors.cis-india.org/internet-governance/blog/digital-asia-hub-october-6-2016-vidushi-marda-iana-transition</a>
</p>
No publishervidushiIANAInternet GovernanceIANA Transition2016-11-03T06:20:46ZBlog EntryInternet Democratisation: IANA Transition Leaves Much to be Desired
http://editors.cis-india.org/internet-governance/blog/hindustan-times-october-6-2016-vidushi-marda-internet-democratisation
<b>At best, the IANA transition is symbolic of Washington’s oversight over ICANN coming to an end. It is also symbolic of the empowerment of the global multistakeholder community. In reality, it fails to do either meaningfully.</b>
<p> </p>
<p style="text-align: justify;">The article was published in the <a class="external-link" href="http://www.hindustantimes.com/analysis/internet-democratisation-iana-transition-leaves-much-to-be-desired/story-t94hojZjDXqS4LjNSepZlN.html">Hindustan Times</a> on October 6, 2016.</p>
<hr />
<img src="https://fortunedotcom.files.wordpress.com/2016/09/605664440.jpg" alt="PardonSnowden.org" />
<h6> Many suspect Washington’s 2014 announcement of handing over control of the IANA contract to be fuelled by the outcry following Edward Snowden’s revelations of the extent of US government surveillance. Source: AFP</h6>
<p style="text-align: justify;">September 30, 2016, marked the expiration of a contract between the US government and the Internet Corporation for Assigned Names and Numbers (ICANN) to carry out the Internet Assigned Numbers Authority (IANA) functions.</p>
<p style="text-align: justify;">In simpler, acronym-free terms, Washington’s formal oversight over the Internet’s address book has come to an end with the expiration of this contract, with control now being passed on to the “global multistakeholder community”.</p>
<p style="text-align: justify;">ICANN was incorporated in California in 1998 to manage the backbone of the Internet, which included the domain name system (DNS), allocation of IP addresses and root servers. After an agreement with the US National Telecommunications and Information Administration (NTIA), ICANN was tasked with operating the IANA functions, which includes maintenance of the root zone file of the DNS. Over the years Washington has rejected calls to hand over the control of IANA functions, but in March 2014 it announced its intentions to do so and laid down conditions for the handover. Many suspect the driving force behind this announcement to be the outcry following Edward Snowden’s revelations of the extent of US government surveillance.</p>
<p style="text-align: justify;">The conditions laid down by the NTIA were met, and the US government accepted the transition proposal, amidst much political pressure and opposition, most notably from Senator Ted Cruz.</p>
<p style="text-align: justify;">This transition is a step in the right direction, but in reality, it changes very little as it fails to address two critical issues: Of jurisdiction and accountability.</p>
<p style="text-align: justify;">Jurisdiction is important while considering the resolution of contractual disputes, application of labour and competition laws, disputes regarding ICANN’s decisions, consumer protection, financial transparency, etc. Many of these questions, although not all, will depend on where ICANN is located. ICANN’s new bylaws mention that it will continue to be incorporated in California, and subject to California law just as it was pre-transition. Having the DNS subject to the laws of a single country can only lend to its fragility. ICANN’s US jurisdiction also means that it is not free from the political pressures from the US Senate and in turn, the toxic effect of American party politics that were made visible in the events leading up to September 30.</p>
<p style="text-align: justify;">Another critical issue that the transition does not address is that of ICANN accountability. Post-transition, ICANN’s board will continue to be the ultimate decision-making authority, thus controlling the organisation’s functioning, and ICANN staff will be accountable to the board alone.</p>
<p style="text-align: justify;">To put things in perspective, look at the board’s track record in the recent past. In August, an Independent Review Panel (IRP) found that ICANN’s board had violated ICANN’s own bylaws and had failed to discharge its transparency obligations when it failed to look into staff misbehaviour. Following this, in September, ICANN decided to respond to such allegations of mismanagement, opacity and lack of accountability by launching a review. The review however, would not look into the issues, failures and false claims of the board, but instead focus on the process by which ICANN staff was able to engage in such misbehaviour. This ironically, will be in the form of an internal review that will pass through ICANN staff — the subjects of the investigation — before being taken up to the board.</p>
<p style="text-align: justify;">At best, the transition is symbolic of Washington’s oversight over ICANN coming to an end. It is also symbolic of the empowerment of the global multistakeholder community. In reality, it fails to do either meaningfully.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/hindustan-times-october-6-2016-vidushi-marda-internet-democratisation'>http://editors.cis-india.org/internet-governance/blog/hindustan-times-october-6-2016-vidushi-marda-internet-democratisation</a>
</p>
No publishervidushiICANNIANAInternet Governance2016-11-03T07:52:37ZBlog EntryWe Truly are the Product being Sold
http://editors.cis-india.org/internet-governance/blog/hindustan-times-vidushi-marda-august-31-2016-we-truly-are-the-product-being-sold
<b>WhatsApp has announced it will begin sharing user data such as names, phone numbers, and other analytics with its parent company, Facebook, and with the Facebook family of companies. This change to its terms of service was effected in order to enable users to “communicate with businesses that matter” to them. How does this have anything to do with Facebook?
</b>
<p style="text-align: justify; ">The article was <a class="external-link" href="http://www.hindustantimes.com/analysis/we-truly-are-the-product-being-sold/story-fz6FN77xizMuxOBS3KBNtJ.html">published in the Hindustan Times</a> on August 31, 2016.</p>
<hr />
<p style="text-align: justify; ">WhatsApp clarifies in its blog post, “... by coordinating more with Facebook, we’ll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp. And by connecting your phone number with Facebook’s systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them.”</p>
<p style="text-align: justify; ">WhatsApp’s further clarifies that it will not post your number on Facebook or share this data with advertisers. This means little because it will share your number with Facebook for advertisement. It is simply doing indirectly, what it has said it won’t do directly. This new development also leads to the collapsing of different personae of a user, even making public their private life that they have so far chosen not to share online. Last week, <a href="https://www.washingtonpost.com/news/the-intersect/wp/2016/08/19/98-personal-data-points-that-facebook-uses-to-target-ads-to-you/?tid=sm_tw" shape="rect" title="www.washingtonpost.com">Facebook published a list of 98 data points it collects on users</a>. These data points combined with your WhatsApp phone number, profile picture, status message, last seen status, frequency of conversation with other users, and the names of these users (and their data) could lead to a severely uncomfortable invasion of privacy.</p>
<p style="text-align: justify; ">Consider a situation where you have spoken to a divorce lawyer in confidence over WhatsApp’s encrypted channel, and are then flooded with advertisements for marriage counselling and divorce attorneys when you next log in to Facebook at home. Or, you are desperately seeking loans and get in touch with several loan officers; and when you log in to Facebook at work, colleagues notice your News Feed flooded with ads for loans, articles on financial management, and support groups for people in debt.</p>
<p style="text-align: justify; ">It is no secret that Facebook makes money off interactions on its platform, and the more information that is shared and consumed, the more Facebook is benefitted. However, the company’s complete disregard for user consent in its efforts to grow is worrying, particularly because Facebook is a monopoly. In order for one to talk to friends and family and keep in touch, Facebook is the obvious, if not the only, choice. It is also increasingly becoming the most accessible way to engage with government agencies. For example, Indian embassies around the world have recently set up Facebook portals, the Bangalore Traffic Police is most easily contacted through Facebook, and heads of states are also turning to the platform to engage with people. It is crucial that such private and collective interactions of citizens with their respective government agencies are protected from becoming data points to which market researchers have access.</p>
<p style="text-align: justify; ">Given Facebook’s proclivity for unilaterally compromising user privacy, the Federal Trade Commission (FTC) in 2011 charged the company for deceiving consumers by misleading them about the privacy of their information. Following these charges, Facebook reached an agreement to give consumers clear notice and obtain consumers’ express consent before extending privacy settings that they had established. The latest modification to WhatsApp’s terms of service seems to amount to a clear violation of this agreement and brings out the grave need to treat user consent more seriously.</p>
<p style="text-align: justify; ">There is a way to opt out of sharing data for Facebook ads targeting <a href="https://www.whatsapp.com/faq/general/26000016" shape="rect" title="www.whatsapp.com">that is outlined by WhatsApp on its blog</a>, which is the best example for a case of invasion-of-privacy-by-design. WhatsApp plans to ask the users to untick a small green arrow, and then click on a large green button that says “Agree” (which is the only button) so as to indicate that they are opting-out. The interface of the notice seems to be consciously designed to confuse users by using the power of default option. For most users, agreeing to terms and conditions is a hasty click on a box and the last part of an installation process. Predictably, most users choose to go with default options, and this specific design of the opt-out option is not meaningful at all.</p>
<p style="text-align: justify; ">In 2005, Facebook’s default profile settings were such that anyone on Facebook could see your name, profile picture, gender and network. Your photos, wall posts and friends list were viewable by people in your network. Your contact information, birthday and other data could be seen by friends and only you could view the posts that you liked. Fast forward to 2010, and the entire internet, not just all Facebook users, can see your name, profile picture, gender, network, wall posts, photos, likes, friends list and other profile data. There hasn’t been a <a href="http://mattmckeon.com/facebook-privacy/" shape="rect" title="mattmckeon.com">comprehensive study since 2010</a>, but one can safely assume that Facebook’s privacy settings will only get progressively worse for users, and exponentially better for Facebook’s revenues. The service is free and we truly are the product being sold.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/hindustan-times-vidushi-marda-august-31-2016-we-truly-are-the-product-being-sold'>http://editors.cis-india.org/internet-governance/blog/hindustan-times-vidushi-marda-august-31-2016-we-truly-are-the-product-being-sold</a>
</p>
No publishervidushiSocial MediaWhatsAppFacebookInternet Governance2016-09-01T02:08:37ZBlog EntrySubmission by the Centre for Internet and Society on Revisions to ICANN Expected Standards of Behavior
http://editors.cis-india.org/internet-governance/submission-by-the-centre-for-internet-and-society-on-revisions-to-icann-expected-standards-of-behavior
<b>Prepared by Vidushi Marda, with inputs from Dr. Nirmita Narasimhan and Sunil Abraham.</b>
<p> </p>
<p>We at the Centre for Internet and Society (“CIS”) are grateful for the opportunity to comment on the proposed revisions to ICANN’s Expected Standards of Behavior (“Standards”).</p>
<p>Before providing specific comments on the proposed revisions, CIS would like to state for the record our extreme disappointment while noting that there is no indication of the intention to draft and adopt a dedicated anti - harassment policy. We are of the firm opinion that harassment, and particularly sexual harassment, is not only a sensitive topic, but also a deeply complex one. Such a policy should consider scope, procedural questions, redressal and remedies in cases of harassment in general and sexual harassment in particular. A mere change in language to these Standards, however well intentioned, cannot go too far in preventing and dealing with cases of harassment in the absence of a framework within which such instances can be addressed.</p>
<p>Some of the issues that arose at ICANN55 were confusion surrounding the powers and limits of the Ombudsman’s office in dealing with cases of harassment, the exact procedure to be followed for redressal surrounding such incidents, and the appropriate conduct of parties to the matter. There will be no clarity in these respects, even if these proposed changes are to be adopted.</p>
<p>Specifically, the proposed language is problematic and completely inadequate for the following reasons:</p>
<ol><li>
<p><strong>Vague</strong></p>
<p>Terms like “professional conduct” and “appropriate behavior” mean little in the absence of a definition that entails such conduct. These terms could mean vastly different things to each community member and such language will only encourage a misalignment of expectation of conduct between community members. The “general” definition of harassment is at best, an ineffective placeholder, as it does not encompass exactly what kind of behavior would fall under its definition.</p>
</li>
<li>
<p><strong>Fails to consider important scenarios</strong></p>
<p>The proposed language fails to consider situations where some attempts or advances at communication, sexual or otherwise, occur. For example, consider a situation in which one community member stalks another online, and catalogues his/her every move. This is most certainly foreseeable, but will not be adequately covered by the proposed language. Further, terms like “speech or behavior that is sexually aggressive or intimidates” could or could not include types of speech such as art, music, photography etc, depending on who you ask. It also does not explain the use of the word behavior - physical, emotional, professional, online behavior are all possible, but the scope of this term would depend on the interpretation one chooses to apply. In part 4 below, we will demonstrate how ICANN has applied a far more detailed framework for harassment elsewhere.</p>
</li>
<li>
<p><strong>Ignores complexity</strong></p>
<p>In discussions surrounding the incident at ICANN55, a number of issues of arose. These included, inter alia, the definition of harassment and sexual harassment, what constituted such conduct, the procedure to be followed in such cases, the appropriate forum to deal with such incidents and the conduct that both parties are expected to maintain. These questions cannot, and have not been answered or addressed in the proposed change to the Standards. CIS emphasizes the need to understand this issue as one that must imbibe differences in culture, expectation, power dynamics, and options for redressal. If ICANN is to truly be a safe space, such issues must be substantively and procedurally fair for both the accused and the victim. This proposed definition is woefully inadequate in this regard.</p>
</li>
<li>
<p><strong>Superficial understanding of harassment, sexual harassment</strong></p>
<p>The proposed changes do not define harassment, and sexual harassment in an adequate fashion. The change currently reads, “Generally, harassment is considered unwelcome hostile or intimidating behavior -- in particular, speech or behavior that is sexually aggressive or intimidates based on attributes such as race, gender, ethnicity, religion, age, color, national origin, ancestry, disability or medical condition, sexual orientation, or gender identity.” These are subject to broad interpretation, and we have already highlighted the issues that may arise due to this in 1, above. Here, we would like to point to a far more comprehensive definition.</p>
</li></ol>
<p>ICANN’s own Employment Policy includes within the scope of sexual harassment “verbal, physical and visual conduct that creates an intimidating, offensive or hostile working environment, or interferes with work performance.” The policy also states:</p>
<blockquote>Harassing conduct can take many forms and includes, but is not limited to, the following:<br />
<ol><li>Slurs, jokes, epithets, derogatory comments, statements or gestures;</li>
<li>Assault, impeding or blocking another’s movement or otherwise physically interfering with normal work;</li>
<li>Pictures, posters, drawings or cartoons based upon the characteristics mentioned in the first paragraph of this policy.</li></ol>
Sexually harassing conduct includes all of the above prohibited actions, as well as other unwelcome conduct, such as requests for sexual favors, conversation containing sexual comments, and unwelcome sexual advances.”</blockquote>
<p>This definition is not perfect, it does not comprehensively consider advances or attempts at communication, sexual or otherwise, which are unwelcome by the target. Nonetheless, CIS believes that this is a far more appropriate definition that does not include vague metrics that the proposed changes do. Since it is one ICANN has already adopted, it can act as an important stepping stone towards a comprehensive framework.</p>
<p>Like ICANN, UNESCO’s organisational approach has been to adopt a comprehensive <a href="http://www.un.org/womenwatch/osagi/UN_system_policies/(UNESCO)Anti-harassment_Policy.pdf">Anti-Harassment Policy</a> which lays down details of definition, prevention, complaint procedure, investigations, sanctions, managerial responsibility, etc. Acknowledging the cultural sensitivity of harassment particularly in international situations, the policy also recognizes advances or attempts at communication, sexual or otherwise. Most importantly, it states that for conduct to come within the definition of sexual harassment, it “must be unwelcome, i.e. unsolicited and regarded as offensive or undesirable by the victim.”</p>
<h3>Conclusion</h3>
<p>In conclusion, we would like to reiterate the importance of adopting and drafting a dedicated anti-harassment policy and framework. The benefits of safety, certainty and formal redressal mechanisms in cases of harassment cannot be over emphasized.</p>
<p>Importantly, such measures have already been taken elsewhere. The IETF has adopted an <a href="http://tools.ietf.org/html/rfc7776">instrument</a> to address issues of harassment that occur at meetings, mailing lists and social events. This instrument contemplates in detail, problematic behavior, unacceptable conduct, the scope of the term harassment, etc. It further envisages a framework for redressal of complaints, remediation, and even contemplates issues that may arise with such remediation. It is particularly important to note that while it provides a definition of harassment, it also states that "[a]ny definition of harassment prohibited by an applicable law can be subject to this set of procedures, recognising harassment as a deeply personal and subjective experience, and thus encouraging members to take up issues of harassment as per their cultural norms and national laws, which are then considered as per procedures laid down."</p>
<p>A similar effort within the ICANN community is critical.</p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/submission-by-the-centre-for-internet-and-society-on-revisions-to-icann-expected-standards-of-behavior'>http://editors.cis-india.org/internet-governance/submission-by-the-centre-for-internet-and-society-on-revisions-to-icann-expected-standards-of-behavior</a>
</p>
No publishervidushiPublic AccountabilityInternet GovernanceFeaturedICANNIANA TransitionHomepage2016-06-30T06:07:37ZBlog EntryUN Special Rapporteur Report on Freedom of Expression and the Private Sector: A Significant Step Forward
http://editors.cis-india.org/internet-governance/un-special-rapporteur-report-on-freedom-of-expression-and-the-private-sector-a-significant-step-forward
<b>On 6 June 2016, the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, David Kaye, released a report on the Information and Communications Technology (“ICT”) sector and freedom of expression in the digital age. Vidushi Marda and Pranesh Prakash highlight the most important aspects of the report.</b>
<h2 dir="ltr">Background</h2>
<p dir="ltr">Today, the private sector is more closely linked to the freedom of expression than it has ever been before. The ability to speak to a mass audience was at one time a privilege restricted to those who had access to mass media. However, with digital technologies, that privilege is available to far more people than was ever possible in the pre-digital era. As private content created on these digital networks is becoming increasingly subject to state regulation, it is crucial to examine the role of the private sector in respect of the freedom of speech and expression.</p>
<p dir="ltr">The first foray by the Special Rapporteur into this broad area has resulted in a sweeping report, that covers almost every aspect of freedom of expression within the ICT sector, except competition which we will elaborate on later in this post.</p>
<h2 dir="ltr">Introduction</h2>
<p dir="ltr">The report aims to “provide guidance on how private actors should protect and promote freedom of expression in a digital age”. It identifies the relevant international legal framework as Article 19 of the <a href="https://treaties.un.org/doc/Publication/UNTS/Volume%20999/volume-999-I-14668-English.pdf">International Covenant on Civil and Political Rights</a>, and Article 19 of the <a href="http://www.un.org/en/udhrbook/pdf/udhr_booklet_en_web.pdf">Universal Declaration of Human Rights</a>. The UN “Protect, Respect and Remedy” Framework and Guiding Principles, also known as the <a href="http://business-humanrights.org/sites/default/files/reports-and-materials/Ruggie-report-7-Apr-2008.pdf">Ruggie Principles</a> provide the framework for private sector responsibilities on business and human rights.</p>
<p dir="ltr">The report categorises different roles of the private sector in organising, accessing, regulating and populating the internet. This is important because the manner in which the ICT sector affects the freedom of expression is far more complicated than traditional communication industries. The report identifies the distinct impact of internet service providers, hardware and software companies, domain name registries and registrars, search engines, platforms, web hosting services, platforms, data brokers and e-commerce facilities on the freedom of expression.</p>
<h2>Legal and Policy Issues</h2>
<div>The Special Rapporteur discusses four distinct legal and policy issues that find relevance in respect of this problem statement: Content Regulation, Surveillance and Digital Security, Transparency and Remedies.</div>
<div> </div>
<h3>Content Regulation</h3>
<p dir="ltr">The report identifies two main channels through which content regulation takes place: the state, and internal processes.</p>
<p>Noting that digital content made on private networks is increasingly subject to State regulation, the report highlights the competing interests of intermediaries who manage platforms and States which demand for regulation of this content on grounds of defamation, blasphemy, protection of national security etc. This tension is demonstrated through vague laws that compel individuals and private corporations to over-comply and err on the side of caution “in order to avoid onerous penalties, filtering content of uncertain legal status and engaging in other modes of censorship and self-censorship.” Excessive intermediary liability forces intermediaries to over-comply with requests in order to ensure that local access to their platforms are not blocked. States attempt at regulating content outside the law through extra legal restrictions, and push private actors to take down content on their own initiative. Filtering content is another method, wherein States block and filter content through the private sector. Government blacklists, illegal content and suspended accounts are methods employed, and these have sometimes raised concerns of necessity and proportionality. <a href="http://scroll.in/article/807277/whatsapp-in-kashmir-when-big-brother-wants-to-go-beyond-watching-you">Network or service shutdowns</a> are classified as a “particularly pernicious” method of content regulation. Non neutral networks also are a method of content regulation with the possibilities of internet service providers throttling traffic. Zero rating is a potential issue, although the report acknowledges that “it remains a subject of debate whether they may be permissible in areas genuinely lacking Internet access”.</p>
<p>The other node of content regulation has been identified as internal policies and practices of the private sector. <a href="https://consentofthenetworked.com/author/rebeccamackinnon/">Terms of service</a> restrictions are often tailored to the jurisdiction’s laws and policies and don’t always address the needs and interests of vulnerable groups. Further, the report notes, <a href="http://www.catchnews.com/tech-news/facebook-free-basics-gatekeeping-powers-extend-to-manipulating-public-discourse-1452077063.html">design and engineering choices</a> of how private players choose to curate content are algorithmically determined and increasingly control the information that we consume. </p>
<h3>Transparency</h3>
<div> The report notes that transparency enables those entities subject to internet regulation to take informed decisions about their responsibilities and liabilities in a digital sphere and points out, that there is a severe lack of transparency about government requests to restrict or remove content. Some states even prohibit the publication of such information, with India being one example. In respect of the private sector, content hosting platforms sometimes at least reveal the circumstances under which content is removed due to a government request, although this is rather erratic. The report recognises the need to balance transparency with competing concerns like security and trade secrecy, and this is a matter of continued debate.</div>
<div> </div>
<h3 dir="ltr">Surveillance and Digital Security</h3>
<p>Freedom of expression concerns arise as data transmitted on private networks is gradually being subjected to surveillance and interference from the State and private actors. The report finds that several internet companies have reported an increase in government requests for customer data and user information. According to the Special Rapporteur, effective resistance strategies include inclusion of human rights guarantees, restrictively interpreting government requests negotiations. Private players also make surveillance and censorship equipment that enable States to intercept communications. Covert surveillance has been previously reported, with States tapping into communications as and when necessary. When private entities become aware of interception and covert surveillance, their human rights responsibilities arise. As private entities work towards enhancing encryption, anonymity and user security, states respond by <a href="http://www.cnbc.com/2016/03/29/apple-vs-fbi-all-you-need-to-know.html">compelling companies</a> to create loopholes for them to circumvent such privacy and security enhancing technology.</p>
<h3 dir="ltr">Remedies</h3>
<p>Unlawful content removal, opaque suspensions, data security breaches are commonplace occurrences in the digital sphere. The ICCPR guarantees that all people whose rights have been violated must have an effective remedy, and similarly, the Ruggie principles require that remedial and grievance mechanisms must be provided by corporations. There is some ambiguity on how these complaint or appeal mechanisms should be designed and implemented, and the nature and structure of these mechanisms is also unclear. The report states that it is necessary to investigate the role of the state in supplementing/regulating corporate mechanisms, its role in ensuring that there is a mechanism for remedies, and its responsibility to make sure that more easily and financially accessible alternatives exist for remedial measures.<br /><br /></p>
<h2> Special Rapporteur’s priorities for future work and thematic developments</h2>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">Investigating laws, policies and extralegal measures that equip governments to impose restrictions on the provision of telecommunications and internet services. Examining the responsibility of companies to respond in a way that respects human rights, mitigates harm, and provides avenues for redress.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">Evaluating content restrictions under terms of service and community standards. Private actors face substantial pressure from governments and individuals to restrict expression, and a priority is to evaluate the interplay of private and state actions on freedom of expression in light of human rights obligations and responsibilities.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">Focusing on the legitimacy of rationales for intermediary liability for content hosting, restrictions, conditions for removing third party content.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">Exploring censorship and surveillance within the human rights framework, and encouraging greater scrutiny before using these technologies for purposes that undermine the freedom of expression.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">Identifying ways to balance an increasing scope of freedom of expression with the need to address governmental interests in national security and public order.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">Internet access - Future work will explore issues around access and private sector engagement and investment in ensuring affordability and accessibility, particularly considering marginalized groups.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">Internet governance - Internet governance frameworks and reform efforts are sensitive to the needs of women, sexual minorities and other vulnerable communities. Throughout this future work, the Special Rapporteur will pay particular attention to legal developments (legislative, regulatory, and judicial) at national and regional levels.</p>
</li></ol>
<div> </div>
<h2>Conclusions and Recommendations</h2>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">States: The report recommends that states should not pressurise the private sector to interfere with the freedom of speech and expression in a manner that does not meet the condition of necessary and proportionate principles. Any request to take down content or access customer information must be based on validly enacted law, subject to oversight, and demonstrate necessary and proportionate means of achieving the aims laid down in Article 19(3) of the ICCPR.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">Private Actors: The Special Rapporteur recommends that private actors develop and implement transparent human rights assessment procedures, and develop policies keeping in mind their human rights impact. Apart from this, private entities should integrate commitments to the freedom of expression into internal processes and ensure the “greatest possible transparency”.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">International Organisations: The report recommends that organisations make resources and educational material on internet governance publicly accessible. The Special Rapporteur also recommends encouraging meaningful civil society participation in multi-stakeholder policy making and standard setting processes, with an increased focus on sensitivity to human rights.</p>
</li></ol>
<div> </div>
<h2>CIS Comments</h2>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">CIS strongly agrees with the expansion of the Special Rapporteur’s scope that this report represents. He is no longer looking solely at states but at the private sector too.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">CIS also notes that competition is an important aspect of the freedom of expression, but has not been discussed in this report. Viable alternatives to platforms, networks, internet service providers etc., will ensure a healthy, competitive marketplace, and will have a positive impact in resolving the issues identified above.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr">Our <a href="http://cis-india.org/internet-governance/intermediary-liability-in-india.pdf/view">work</a> has called for maintaining a balanced approach to liability of intermediaries for their users’ actions, since excessive liability or strict liability would lead to over-caution and removal of legitimate speech, while having no liability at all would make it difficult to act effectively against harmful speech, e.g., revenge porn.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p dir="ltr"><a href="http://cis-india.org/internet-governance/blog/cis-position-on-net-neutrality">CIS’ work</a> on network neutrality has highlighted the importance of neutrality for freedom of speech, and has advocated for an evidence-based approach that ensures there is neither under-regulation, nor over-regulation. The Special Rapporteur suggests that ‘Zero-Rating’ practices always violate Net Neutrality, but the majority of the definitions of Net Neutrality proposed by academics and followed by regulators across the world often do not include Zero-Rating. Similarly, he suggests that the main exception for Zero-Rating is for areas genuinely lacking access to the Internet, whereas the potential for some forms of Zero-Rating to further freedom of expression, especially of minorities, even in areas with access to the Internet, provides sufficient reason for the issue to merit greater debate.</p>
</li></ol>
<div> </div>
<div> </div>
<div>(Pranesh Prakash was invited by the Special Rapporteur to provide his views and took part in a meeting that contributed to this report)</div>
<div> </div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/un-special-rapporteur-report-on-freedom-of-expression-and-the-private-sector-a-significant-step-forward'>http://editors.cis-india.org/internet-governance/un-special-rapporteur-report-on-freedom-of-expression-and-the-private-sector-a-significant-step-forward</a>
</p>
No publishervidushiFreedom of Speech and ExpressionInternet GovernanceUNHRCDigital MediaIntermediary LiabilityICT2016-06-08T17:27:22ZBlog EntrySubmission by the Centre for Internet and Society on Draft New ICANN By-laws
http://editors.cis-india.org/internet-governance/blog/comments-on-the-draft-new-icann-bylaws
<b>The Centre for Internet & Society sent its comments on the Draft New ICANN Bylaws. The submission was prepared by Pranesh Prakash, Vidushi Marda, Udbhav Tiwari and Swati Muthukumar. Special thanks to Sunil Abraham for his input and feedback.
</b>
<p style="text-align: justify; ">We at the Centre for Internet and Society are grateful for the opportunity to comment on the draft new ICANN by-laws. Before we comment on specific aspects of the Draft by-laws, we would like to make a few general observations:</p>
<p style="text-align: justify; ">Broadly, there are significant differences between the final form of the by-laws and that which has been recommended by the participants in the IANA transition process through the ICG and the CCWG. They have been shown to be unnecessarily complicated, lopsided, and skewed towards U.S.-based businesses in their past form, which continues to reflect in the current form of the draft by-laws.</p>
<p style="text-align: justify; ">The draft by-laws are overwrought, but some of that is not the fault of the by-laws, but of the CCWG process itself. Instead of producing a broad constitutional document for ICANN, the by-laws read like the worst of governmental regulations that go into unnecessary minutiae and create more problems than they solve. Things that ought not to be part of fundamental by-laws — such as the incorporating jurisdiction of PTI, on which no substantive agreement emerged in the ICG — have been included as such.</p>
<p style="text-align: justify; ">Simplicity has been seen as a sin and has made participation in this complicated endeavour an even more difficult proposition for those who don’t choose to participate in the dozens of calls held every month. On specific substantive issues, we have the following comments:</p>
<h3 style="text-align: justify; ">Jurisdiction of ICANN’s Principal Office</h3>
<p style="text-align: justify; ">Maintaining by-law Article XVIII, which states that ICANN has its principal office in Los Angeles, California, USA, these Draft by-laws make an assumption that ICANN’s jurisdiction will not change post transition, even though the jurisdiction of ICANN and its subsidiary bodies is one of the key aspects of post transition discussion to be carried out in Work Stream 2 (WS2). Despite repeated calls to establish ICANN as an international community based organisation (such as the International Red Cross or International Monetary Fund), the question of ICANN's future jurisdiction was deferred to WS2 of the CCWG-Accountability process. All of the new proposed by-laws have been drafted with certainty upon ICANN's jurisdiction remaining in California. Examples of this include the various references to the California Civil Code in the by-laws and repeated references to entities and structures (such as public benefit corporations) in the fundamental by-laws of the ICANN that can only be found in California.</p>
<p style="text-align: justify; ">This would make redundant any discussion in WS2 regarding jurisdiction, since they cannot be implemented without upending the decisions relating to accountability structures made in WS1, and embedded in the by-laws.</p>
<p style="text-align: justify; ">CIS suggests an provision expressly be inserted in the by-laws to allow changes to the by-laws in WS2 insofar as matters relating to jurisdiction and other WS2 issues are concerned, to make it clear that there is a shared understanding that WS2 decisions on jurisdiction are not meant to be redundant.</p>
<h3 style="text-align: justify; ">Jurisdiction of the Post-Transition IANA Authority (PTI)</h3>
<p style="text-align: justify; ">The structure of the by-laws and the nature of the PTI in Article 16 make its Californian jurisdiction integral to the very organisation as a whole and control all its operations, rights and obligations. This is so despite this issue not having been included in the CWG report (except for footnote 59 in the CWG report, and as a requirement proposed by ICANN’s lawyers, to be negotiated with PTI’s lawyers, in Annex S of the CWG report). The U.S. government’s requirement that the IANA Functions Operator be a U.S.-based body is a requirement that has historically been a cause for concern amongst civil society and governments. Keeping this requirement in the form of a fundamental by-law is antithetical to the very idea of internationalizing ICANN, and is not something that can be addressed in Work Stream 2.</p>
<p style="text-align: justify; ">CIS expressed its disagreement with the inclusion of the U.S-jurisdiction requirement in Annex S in its comments to the ICG. Nothing in the main text of the CWG or ICG recommendations actually necessitate Californian jurisdiction for the PTI. Thus, clearly the draft by-laws include this as a fundamental by-law despite it not having achieved any form of documented consensus in any prior process. This being a fundamental by-law would make shifting the PTI’s registered and principal office almost impossible once the by-laws are passed.</p>
<p style="text-align: justify; ">No reasoning or discussion has been provided to justify the structure, location and legal nature of the PTI. The fact that the revenue structure, by-laws and other details have not even been hinted at in the current document, indicate that the true rights and obligations of PTI have been left at the sole discretion of the ICANN while simultaneously granting it fundamental by-law protection. This is not only deeply problematic on front of delegation of excessive responsibility for a key ICANN function without due oversight but also leads to situation where the community is agreeing to be bound to a body whose fundamental details have not even been created yet, and yet is a fundamental by-law.</p>
<p style="text-align: justify; ">CIS would therefore suggest that the PTI related clauses in the by-laws be solely those on which existing global Internet community consensus can be shown, and the PTI’s jurisdiction is not something on which such consensus can be shown to exist. Therefore the by-laws should be rewritten to make them agnostic to PTI’s jurisdiction. Further, CIS suggests that the law firm appointed for PTI be non-American, since U.S.-based law firms capable law firms in Brazil, France, and India.</p>
<p style="text-align: justify; ">We would also like to note that we have previously proposed that PTI’s registered office and ICANN’s registered office be in different jurisdictions to increase jurisdictional resilience against governmental and court-based actions.</p>
<h3 style="text-align: justify; ">Grandfathering Agreements Clause</h3>
<p style="text-align: justify; ">A fair amount of discussion has taken place both in the CCWG mailing list about Section 1.1 (d)(ii), which concerns the inclusion of certain agreements into the scope of protection granted to ICANN from its Mission and Objective statement goals. CIS largely agrees with the positions taken by the IAB and CCWG in their comments of demanding the removal of parts B, C, D E and F of Section 1.1(d)(ii) as all of these are agreements that were not included in the scope of the CCWG Proposal and a fair few of these agreements (such as the PTI agreement) have not even been created yet. This leads to practical and legal issues for the ICANN as well as the community as it restricts possible accountability and transparency measures that may be taken in the future.<br />CIS as its suggestion therefore agrees with the IAB and CCWG in this regard and supports the request by them that demand by these grandfathering provisions be removed.</p>
<h3 style="text-align: justify; ">Inspection Rights</h3>
<p style="text-align: justify; ">Section 22.7 severely limits the transparency of ICANN’s functioning, and we believe it should be amended.</p>
<p style="text-align: justify; ">(a) It limits Inspection Requests to Decisional Participants and does not allow for any other interested party to make a request for inspection. While the argument has been made that Californian law requires inspection rights for decisional participants, neither the law nor CCWG’s recommendations require restricting the inspection rights to decisional participants. CIS’s suggestion is to allow for any person in the public to make a request for examination, but to have to declare the nature of the public interest behind requests for non-decisional participants, so that an undue number of requests are not made for the purpose of impairing the operations of the organisation.</p>
<p style="text-align: justify; ">(b) The unclear but extremely limited definition of ‘permitted scope’, which does not allow one to question any ‘small or isolated aspect’ of ICANN’s functioning, where there is no explicit definition of what constitutes the scope of matters relevant to operation of ICANN as a whole, leaving a loophole for potential exploitation. CIS suggests the removal of this statement and to allow only for limitations listed in Section 22.7 (b) for Inspection Requests.</p>
<p style="text-align: justify; ">(3) There is no hard deadline provided for the information to be made available to the querying body, thus allowing for inordinate delays on the part of the ICANN, which is open to abuse. CIS suggests the removal of the clause ‘or as soon as reasonably practicable thereafter’ in this section.</p>
<p style="text-align: justify; ">(4) The need for insisting that the material be used only for restricted purposes. CIS suggests that as a step towards ICANN’s transparency, it is essential that they allow the use of the information for any reason deemed necessary by the person demanding inspection. There is no clear reason to require restriction to EC proceedings for non-confidential material. This requirement should be removed.</p>
<h3 style="text-align: justify; ">Work Stream 2 Topics</h3>
<p style="text-align: justify; ">Section 27.2, which covers necessary topics for WS2, currently does not include key aspects such as PTI documents, jurisdictional issues, etc. In this light, we suggest that they be included and a clause be inserted to indicate that this list of topics is indicative and the CCWG can expand the scope of items to be worked on in WS2 as well as make changes to work completed in WS1 (such as these by-laws) to meet WS2 needs as well.</p>
<h3 style="text-align: justify; ">FOI-HR</h3>
<p style="text-align: justify; ">Section 27.3 (a) requires the FOI-HR to be approved by "(ii) each of the CCWG-Accountability’s chartering organizations..” which is inconsistent with the CCWG proposal that forms the basis for these by-laws. The requirement of formal approval from every Chartering Organisation in the current draft is inconsistent with Annex 6 of the CCWG proposal, that has no such requirement.</p>
<p style="text-align: justify; ">CIS strongly advocates for a change in the bylaw text to align with the intent of the CCWG Accountability report, and to reflect that the process of developing the FOI-HR shall follow the same procedure as Work Stream 1.</p>
<h3 style="text-align: justify; ">Contracts with ICANN</h3>
<p style="text-align: justify; ">Section 27.5 currently states that “Notwithstanding the adoption or effectiveness of the New by-laws, all agreements, including employment and consulting agreements, entered by ICANN shall continue in effect according to their terms.”</p>
<p style="text-align: justify; ">As the section currently stands, there is a possibility that prior to the creation of by-laws, agreements that may be in contravention of the by-laws may be brought forth intentionally before the commencement of the operation of ICANN’s Mission statement in the said by-laws. The clause may be updated as follows to avoid this —</p>
<p style="text-align: justify; ">“Notwithstanding the adoption or effectiveness of the New by-laws, all agreements, including employment and consulting agreements, entered by ICANN shall continue in effect according to their terms, provided that they are in accordance with ICANN’s Mission Statement.”</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/comments-on-the-draft-new-icann-bylaws'>http://editors.cis-india.org/internet-governance/blog/comments-on-the-draft-new-icann-bylaws</a>
</p>
No publishervidushiICANNInternet Governance2016-05-31T02:49:45ZBlog EntryPublic Debate on 'Differential Pricing': Series 3
http://editors.cis-india.org/internet-governance/events/public-debate-on-differential-pricing-series-3
<b>The Centre for Internet and Society, in association with ICRIER and the Department of Civics and Politics, University of Mumbai, is pleased to announce “A Series of Public Debates on Differential Pricing” in the cities of Bangalore, Mumbai and New Delhi. The third public debate will be held at India Habitat Centre, Lodhi Road near Air Force Bal Bharti School, New Delhi on February 5, 2016.</b>
<div class="kssattr-target-parent-fieldname-text-b0c8dac0221d45df8f2e6e8e3a8d7a4a kssattr-macro-rich-field-view kssattr-templateId-widgets/rich kssattr-atfieldname-text " id="parent-fieldname-text-b0c8dac0221d45df8f2e6e8e3a8d7a4a">
<p style="text-align: justify; ">In light of the recent consultation paper released by the Telecom Regulatory Authority of India (TRAI), the objective of these debates will be to deconstruct the issue of differential pricing through a discussion on the variety of views this subject has attracted. Speakers will also discuss possible implications of differential pricing policy on questions of access, diversity, competition and entrepreneurship.</p>
<p style="text-align: justify; ">Each debate will comprise three rounds. In the first round, speakers will present the body of their arguments over 10 minutes each. The second round will be a rebuttal round, with each speaker being given 5 minutes. The third and final round will see the floor being opened to the audience who will engage the speakers with comments and questions.</p>
<hr />
<h2 style="text-align: justify; "><a href="http://editors.cis-india.org/telecom/blog/public-debates-on-differential-pricing" class="internal-link">Download the Invite</a></h2>
</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/events/public-debate-on-differential-pricing-series-3'>http://editors.cis-india.org/internet-governance/events/public-debate-on-differential-pricing-series-3</a>
</p>
No publishervidushiFreedom of Speech and ExpressionTelecomEventInternet Governance2016-01-28T13:53:12ZEventPublic Debate on 'Differential Pricing': Series 2
http://editors.cis-india.org/internet-governance/events/public-debate-on-differential-pricing-series-2
<b>The Centre for Internet and Society, in association with ICRIER and the Department of Civics and Politics, University of Mumbai, is pleased to announce “A Series of Public Debates on Differential Pricing” in the cities of Bangalore, Mumbai and New Delhi. The second public debate will be held at Pherozeshah Mehta Bhavan, Vidyanagari, Kalina, Mumbai on February 3, 2016.
</b>
<div class="kssattr-target-parent-fieldname-text-b0c8dac0221d45df8f2e6e8e3a8d7a4a kssattr-macro-rich-field-view kssattr-templateId-widgets/rich kssattr-atfieldname-text " id="parent-fieldname-text-b0c8dac0221d45df8f2e6e8e3a8d7a4a">
<p style="text-align: justify; ">In light of the recent consultation paper released by the Telecom Regulatory Authority of India (TRAI), the objective of these debates will be to deconstruct the issue of differential pricing through a discussion on the variety of views this subject has attracted. Speakers will also discuss possible implications of differential pricing policy on questions of access, diversity, competition and entrepreneurship.</p>
<p style="text-align: justify; ">Each debate will comprise three rounds. In the first round, speakers will present the body of their arguments over 10 minutes each. The second round will be a rebuttal round, with each speaker being given 5 minutes. The third and final round will see the floor being opened to the audience who will engage the speakers with comments and questions.</p>
<hr />
<h2 style="text-align: justify; "><a href="http://editors.cis-india.org/telecom/blog/public-debates-on-differential-pricing" class="internal-link">Download the Invite</a></h2>
</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/events/public-debate-on-differential-pricing-series-2'>http://editors.cis-india.org/internet-governance/events/public-debate-on-differential-pricing-series-2</a>
</p>
No publishervidushiFreedom of Speech and ExpressionTelecomEventInternet Governance2016-01-28T13:51:06ZEventPublic Debate on 'Differential Pricing': Series 1
http://editors.cis-india.org/internet-governance/events/a-series-of-public-debates-on-differential-pricing-series-1
<b>The Centre for Internet and Society, in association with ICRIER and the Department of Civics and Politics, University of Mumbai, is pleased to announce “A Series of Public Debates on Differential Pricing” in the cities of Bangalore, Mumbai and New Delhi. The first public debate will be held at the Centre for Internet & Society office in Bangalore on February 1, 2016. </b>
<div class="kssattr-target-parent-fieldname-text-b0c8dac0221d45df8f2e6e8e3a8d7a4a kssattr-macro-rich-field-view kssattr-templateId-widgets/rich kssattr-atfieldname-text " id="parent-fieldname-text-b0c8dac0221d45df8f2e6e8e3a8d7a4a">
<p style="text-align: justify; ">In light of the recent consultation paper released by the Telecom Regulatory Authority of India (TRAI), the objective of these debates will be to deconstruct the issue of differential pricing through a discussion on the variety of views this subject has attracted. Speakers will also discuss possible implications of differential pricing policy on questions of access, diversity, competition and entrepreneurship.</p>
<p style="text-align: justify; ">Each debate will comprise three rounds. In the first round, speakers will present the body of their arguments over 10 minutes each. The second round will be a rebuttal round, with each speaker being given 5 minutes. The third and final round will see the floor being opened to the audience who will engage the speakers with comments and questions.</p>
<hr />
<h2 style="text-align: justify; "><a href="resolveuid/a01978fec6244f86b178b26006f1b312" class="internal-link">Download the Invite</a></h2>
</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/events/a-series-of-public-debates-on-differential-pricing-series-1'>http://editors.cis-india.org/internet-governance/events/a-series-of-public-debates-on-differential-pricing-series-1</a>
</p>
No publishervidushiFreedom of Speech and ExpressionTelecomEventInternet Governance2016-01-27T13:51:06ZEventFacebook Free Basics: Gatekeeping Powers Extend to Manipulating Public Discourse
http://editors.cis-india.org/internet-governance/blog/catchnews-january-6-2016-vidushi-marda-facebook-free-basics-gatekeeping-powers-extend-to-manipulating-public-discourse
<b>15 million people have come online through Free Basics, Facebook's zero rated walled garden, in the past year. "If we accept that everyone deserves access to the internet, then we must surely support free basic internet services. Who could possibly be against this?" asks Facebook founder Mark Zuckerberg, in a recent op-ed defending Free Basics.
</b>
<p>The article was published in Catchnews on January 6, 2015. For more info <a class="external-link" href="http://www.catchnews.com/tech-news/facebook-free-basics-gatekeeping-powers-extend-to-manipulating-public-discourse-1452077063.html">click here</a>.</p>
<hr />
<p style="text-align: justify; ">This rhetorical question however, has elicited a plethora of answers. The network neutrality debate has accelerated over the past few weeks with the Telecom Regulatory Authority of India (TRAI) releasing a consultation paper on differential pricing.</p>
<p style="text-align: justify; ">While notifications to "Save Free Basics in India" prompt you on Facebook, an enormous backlash against this zero rated service has erupted in India.</p>
<p style="text-align: justify; "><img src="http://editors.cis-india.org/FreeBasics.png" alt="Free Basics" class="image-inline" title="Free Basics" /></p>
<p style="text-align: justify; ">The policy objectives that must guide regulating net neutrality are consumer choice, competition, access and openness. Facebook claims that Free Basics is a transition to the full internet and digital equality. However, by acting as a gatekeeper, Facebook gives itself the distinct advantage of deciding what services people can access for free by virtue of them being "basic", thereby violating net neutrality.</p>
<p style="text-align: justify; ">Amidst this debate, it's important to think of the impact Facebook can have on manipulating public discourse. In the past, Facebook has used it's powerful News Feed algorithm to significantly shape our consumption of information online.</p>
<p style="text-align: justify; ">In July 2014, Facebook researchers revealed that for a week in January 2012, it had altered the news feeds of 689,003 randomly selected Facebook users to control how many positive and negative posts they saw. This was done without their consent as part of a study to test how social media could be used to spread emotions online.</p>
<p style="text-align: justify; ">Their research showed that emotions were in fact easily manipulated. Users tended to write posts that were aligned with the mood of their timeline.</p>
<p style="text-align: justify; ">Another worrying indication of Facebook's ability to alter discourse was during the ALS Ice Bucket Challenge in July and August, 2014. Users' News Feeds were flooded with videos of individuals pouring a bucket of ice over their head to raise awareness for charitable cause, but not entirely on its merit.</p>
<p style="text-align: justify; ">The challenge was Facebook's method of boosting its native video feature which was launched at around the same time. Its News Feed was mostly devoid of any news surrounding riots in Ferguson, Missouri at the same time, which happened to be a trending topic on Twitter.</p>
<p style="text-align: justify; ">Each day, the news feed algorithm has to choose roughly 300 posts out of a possible 1500 for each user, which involves much more than just a random selection. The posts you view when you log into Facebook are carefully curated keeping thousands of factors in mind. Each like and comment is a signal to the algorithm about your preferences and interests.</p>
<p style="text-align: justify; ">The amount of time you spend on each post is logged and then used to determine which post you are most likely to stop to read. Facebook even keeps into account text that is typed but not posted and makes algorithmic decisions based on them.</p>
<p style="text-align: justify; ">It also differentiates between likes - if you like a post before reading it, the news feed automatically assumes that your interest is much fainter as compared to liking a post after spending 10 minutes reading it.</p>
<p style="text-align: justify; ">Facebook believes that this is in the best interest of the user, and these factors help users see what he/she will most likely want to engage with. However, this keeps us at the mercy of a gatekeeper who impacts the diversity of information we consume, more often than not without explicit consent. Transparency is key.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; "><i>(Vidushi Marda is a programme officer at the Centre for Internet and Society)</i></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/catchnews-january-6-2016-vidushi-marda-facebook-free-basics-gatekeeping-powers-extend-to-manipulating-public-discourse'>http://editors.cis-india.org/internet-governance/blog/catchnews-january-6-2016-vidushi-marda-facebook-free-basics-gatekeeping-powers-extend-to-manipulating-public-discourse</a>
</p>
No publishervidushiFree BasicsFreedom of Speech and ExpressionInternet GovernanceSocial Media2016-01-09T13:43:56ZBlog EntryData Flow in the Unique Identification Scheme of India
http://editors.cis-india.org/internet-governance/blog/data-flow-in-unique-identification-scheme-of-india
<b>This note analyses the data flow within the UID scheme and aims at highlighting vulnerabilities at each stage. The data flow within the UID Scheme can be best understood by first delineating the organizations involved in enrolling residents for Aadhaar. The UIDAI partners with various Registrars usually a department of the central or state Government, and some private sector agencies like LIC etc– through a Memorandum of Understanding for assisting with the enrollment process of the UID project.</b>
<p><i>Many thanks to Elonnai Hickok for her invaluable guidance, input and feedback</i></p>
<hr />
<p style="text-align: justify; ">These Registrars then appoint Enrollment Agencies that enroll residents by collecting the necessary data and sharing this with the UIDAI for de-duplication and issuance of an Aadhaar number, at enrolment centers that they set up. The data flow process of the UID is described below:<a href="#_ftn1" name="_ftnref1">[1]</a></p>
<ol> </ol>
<h3><b>Data Capture</b></h3>
<ul>
<li style="text-align: justify; "><i>Filling out an enrollment form</i> – To enroll for an Aadhaar number, individuals are required to provide proof of address and proof of identity. These documents are verified by an official at the enrollment center. </li>
</ul>
<p style="padding-left: 30px; text-align: justify; ">Vulnerability: Though an official is responsible for verifying these documents, it is unclear how this verification is completed. It is possible for fraudulent proof of address and proof of identity to be verified and approved by this official.</p>
<ol> </ol>
<ul>
<li style="text-align: justify; "><i>The 'introducer' system</i>: For individuals who do not have a Proof of Identity, Proof of Address etc the UIDAI has established an 'introducer' system. The introducer verifies that the individual is who they claim to be and that they live where they claim to live.</li>
</ul>
<ol> </ol>
<p style="padding-left: 30px; text-align: justify; "><span>Vulnerability</span>: This introducer is akin to the introducer concept in banking; except that here, the introducer must be approved by the Registrar, and need not know the person bring enrolled. This leads to questions of authenticity and validity of the data collected and verified by an 'introducer'. The Home Ministry in 2012, indicated that this must be reviewed.<a href="#_ftn2" name="_ftnref2">[2]</a></p>
<ol> </ol>
<ul>
<li style="text-align: justify; "><i>Categories of data for enrollment</i>: The UIDAI has a standard enrollment form and list of documents required for enrollment. This includes: name, address, birth date, gender, proof of address and proof of identity. Some MoUs (Memorandum of Understanding) permit for the Registrars to collect additional information in addition to what is required by the UIDAI. This could be any information the Registrar deems necessary for any purpose.</li>
</ul>
<ol> </ol>
<p style="padding-left: 30px; text-align: justify; ">Vulnerability: The fact that a Registrar may collect any information they deem necessary and for any purpose leads to concerns regarding (1) informed consent – as individuals are in placed in a position of having to provide this information as it is coupled with the Aadhaar enrollment process (2) unauthorized collection - though the MOU between the UIDAI and the Registrar has authorized the Registrar to collect additional information – if the information is personal in nature and the Registrar is a body corporate it must be collected as per the Information Technology Rules 2011 under section 43A. It is unclear if Registrars that are body corporates are collecting data in accordance to these rules. (3) As Registrars are permitted to collect any data they deem necessary for any purpose – this leads to concerns regarding misuse of this data..<a href="#_ftn3" name="_ftnref3">[3]</a></p>
<ol> </ol>
<ul>
<li><i>Verification of Resident’s Documents</i>: true copies of original documents, after verification are sent to the Registrar for “permanent storage.”<a href="#_ftn4" name="_ftnref4">[4]</a></li>
</ul>
<ol> </ol>
<p style="padding-left: 30px; text-align: justify; "><span>Vulnerability</span>: It is unclear as to what extent and form this storage takes place. There is no clarity on who is responsible for the data once collected, and the permissible uses of such data are also unclear. The contracts between the UID and Registry claim that guidelines must be followed, while the guidelines state that, “<i>The documents are required to be preserved by Registrar till the UIDAI finalizes its document storage agency”</i> and states that the <i>“Registrars must ensure that the documents are stored in a safe and secure manner and protected from unauthorized access.”</i> <a href="#_ftn5" name="_ftnref5">[5]</a> The question of what is “unauthorized access”, “secure storage”, when is data transferred to the UIDAI and when the UIDAI will access it and why remain unanswered. Moreover, there is nothing about deleting documents once the MoU lapses. The guidelines in question were also developed post facto.</p>
<p><b> </b></p>
<ol> </ol>
<ul>
<li style="text-align: justify; "><i>Data collection for enrollment</i>: After verification of proof of address and proof of identity, operators at the enrolling the agency will be enrolling individuals. Data Collection is completed by operators at the enrolling agency. This includes the digitization of enrollment forms and collection of biometrics. Enrollment information is manually collected and entered into computers operating software provided by the UIDAI and then transferred to the UIDAI. Biometrics are collected through devices that have been provided by third parties such as Accenture and L1Identity Solutions.</li>
</ul>
<ol> </ol>
<p style="padding-left: 30px; text-align: justify; ">Vulnerability: After data is collected by enrollment operators it is possible for data leakage to occur at the point of collection or during transfer to the Registrar and UIDAI. Data operators, are therefore not answerable to the UIDAI, but to a private agency; a fact which has been the cause of concern even within the government.<a href="#_ftn6" name="_ftnref6">[6]</a> There have also been instances of sub contracting which leads to more complications in respect of accountability. Misuse<a href="#_ftn7" name="_ftnref7">[7]</a> and loss of data is a very real possibility, and irregularities have been reported as well.<a href="#_ftn8" name="_ftnref8">[8]</a> By relying on technology that is provided by third parties (in many cases foreign third parties) data collected by these devices is also available to these companies while at the same time the companies are not regulated by Indian law.</p>
<ol> </ol>
<ul>
<li style="text-align: justify; "><i>Import pre-enrolment data into Aadhaar enrollment client</i>, <i>Syncing NPR/census data into the software</i>: The National Population Register (NPR) enrolls usual residents, and is governed by the Citizenship Rules, which prescribe a penalty for non disclosure of information.</li>
</ul>
<ol> </ol>
<p style="padding-left: 30px; text-align: justify; "><span>Vulnerability</span>: Biometrics does not form part of the Rules that govern NPR data collection; the Citizenship Rules, 2003. In many ways, collection of biometrics without amending the citizenship laws amounts to a worrying situation. The NPR hands over information that it collects to UIDAI, biometrics collected as part of the UIDAI is included in the NPR, leading to concerns surrounding legality and security of such data.</p>
<ol> </ol>
<ul>
<li><i> Resident’s consent</i>: for “whether the resident has agreed to <b>share the captured information</b> with organizations engaged in delivery of welfare services.”</li>
</ul>
<ol> </ol>
<p style="padding-left: 30px; text-align: justify; "><span>Vulnerability</span>: This allows the UIDAI to use data in an almost unfettered fashion. The enrolment form reads, “<i>‘‘I have no objection to the UIDAI sharing information provided by me to the UIDAI with agencies engaged in delivery of welfare services.” </i>Informed consent, Vague. What info and with whom. Why is necessary for the UIDAI to share this information, when the organization is only supposed to be a passive intermediary? Does beyond the mandate of the UIDAI, which is only to provide and authenticate the number.<i> </i></p>
<ol> </ol>
<ul>
<li style="text-align: justify; "><i>Biometric exceptions</i>: The operator checks if the resident’s eyes/hands are amputated/missing, and after the Supervisor verifies the same, the record is made as an exception and only the individuals photograph is recorded.</li>
</ul>
<ol> </ol>
<p style="padding-left: 30px; text-align: justify; "><span>Vulnerability</span>: There has widespread misuse of this clause, with data being fabricated to fall into this category, making it unreliable as a whole. In March 2013, 3.84 lakh numbers were cancelled as they were based on fraudulent use of the exception clause. <a href="#_ftn9" name="_ftnref9">[9]</a><i> </i></p>
<ul>
<li style="text-align: justify; "><i>Operator checks if resident wants Aadhaar enabled bank account</i>: The UID project was touted to be a scheme that would ensure access to benefits and subsidies that are provided through cash transfers as well as enabling financial inclusion. Subsequently, the need for a Aadhaar embedded bank account was made essential to avail of these benefits. The operator at this point checks whether the resident would like to open such a bank account.<span> </span></li>
</ul>
<p style="text-align: justify; padding-left: 30px; "><span> Vulnerability</span>: The data provided at the time of linking UID with a bank account cannot be corrected or retracted. Although this has the vision of financial inclusion, it is now a threat of exclusion.</p>
<ol> </ol> <ol> </ol>
<ul>
<li style="text-align: justify; "><i>Capturing biometrics- </i>The UIDAI scheme includes assigning each individual a unique identification number after collecting their demographic and biometric information. One Time Passwords are used to manually override a situation in which biometric identification fails.<a href="#_ftn10" name="_ftnref10">[10]</a> The UIDAI data collection process was revamped in 2012 to include best finger detection and multiple try method.<a href="#_ftn11" name="_ftnref11">[11]</a></li>
</ul>
<ol> </ol>
<p style="padding-left: 30px; text-align: justify; "><span>Vulnerabilities</span>: The collection process is not always accurate, in fact, 70% of the residents who enrolled in Salt Lake, will have to re-enroll due to discrepancies at the time of enrollment.<a href="#_ftn12" name="_ftnref12">[12]</a> Further, a large number of people in India are unable to give biometric information due to manual labour, or cataracts etc.</p>
<p style="padding-left: 30px; ">After such data is entered, the Operator shows such data to the Resident or Introducer or Head of the Family (as the case may be) for validation.</p>
<ol> </ol>
<ul>
<li><i>Operator Sign off</i> – Each set of data needs to be verified by an Operator whose fingerprint is already stored in the system.</li>
</ul>
<ol> </ol>
<p style="padding-left: 30px; text-align: justify; "><span>Vulnerability:</span><i> Vesting authority to sign off in an operator allows for signing off on inaccurate or fraudulent data. </i>For example, the issuance of aadhaar numbers to biometric exceptions highlight issues surrounding misuse and unreliability of this function.<a href="#_ftn13" name="_ftnref13">[13]</a></p>
<p style="padding-left: 30px; text-align: justify; ">After this, the Enrolment operator gets supervisor’s sign off for any exceptions that might exist, Acknowledgement and consent for enrolment is stored. Any correction to specified data can be made within 96 hours.<b> </b></p>
<h3><b>Document Storage, Back up and Sync</b></h3>
<p style="text-align: justify; ">After gathering and verifying all the information about the resident, the Enrolment Agency Operator will store photocopies of the documents of the resident. These Agencies also backup data “from time to time” (recommended to be twice a day), and maintain it for a minimum of 60 days. They also sync with the server every 7-10 days.</p>
<p><span>Vulnerability</span>: The security implications of third party operators storing information is greatly exacerbated by the fact that these operators use technology and devices from companies have close ties to intelligence agencies in other countries; L-1 Identity Solutions have close ties with America’s CIA, Accenture with French intelligence etc. <a href="#_ftn14" name="_ftnref14">[14]</a></p>
<ol> </ol>
<h3><b>Transfer of Demographic and Biometric Data Collected to CIDR</b></h3>
<p>“First mile logistics” include transferring data by using Secure File Transfer Protocol) provided by UIDAI or through a “suitable carrier” such as India Post.</p>
<ol> </ol>
<p style="text-align: justify; "><span>Vulnerability</span>: There is no engagement between the UIDAI and the enrolling agencies; the registrars engage private enrolment agencies, and not the UIDAI. Further, the scope of people authorized to collect information, the information that can be collected, how such information is stored etc are all vague. In 2009, there was a notification that claimed that the UIDAI owns the database<a href="#_ftn15" name="_ftnref15">[15]</a> but there is no indication on how it may be used, how this might react to instances of identity fraud, etc.</p>
<ol> </ol>
<h3><b>Data De-duplication and Aadhar Generation at CIDR</b></h3>
<p>On receiving biometric information, the de-duplication is done to ensure that each individual is given only one UID number.</p>
<p><span>Vulnerability</span>:</p>
<ul>
<li style="text-align: justify; ">This de-duplication is carried out by private companies, some of which are not of indian origin and thus are also not bound by Indian law. Also, the volume of Aadhaar numbers rejected due to quality or technical reasons is a cause of worry; the count reaching 9 crores in May 2015.<a href="#_ftn16" name="_ftnref16">[16]</a></li>
<li>The MoUs promise registrars access to information contained in the Aadhaar letter, although individuals are ensured that such letter is only sent to them. <a href="#_ftn17" name="_ftnref17">[17]</a></li>
<li>General compliance and de-duplication has been an issue, with over 34,000 people being issued more than one Aadhaar number,<a href="#_ftn18" name="_ftnref18">[18]</a> and innumerable examples of faulty Aadhaar cards being issued.<a href="#_ftn19" name="_ftnref19">[19]</a></li>
</ul>
<hr />
<p style="text-align: justify; "><a href="#_ftnref1" name="_ftn1">[1]</a> Enrolment Process Essentials : UIDAI , (December 13,2012), http://nictcsc.com/images/Aadhaar%20Project%20Training%20Module/English%20Training%20Module/module2_aadhaar_enrolment_process17122012.pdf</p>
<p style="text-align: justify; "><a href="#_ftnref2" name="_ftn2">[2]</a> <i>UIDAI to review biometric data collection process of 60 crore resident Indians: P Chidambaram</i>, Economic Times, (Jan 31, 2012), <a href="http://articles.economictimes.indiatimes.com/2012-01-31/news/31010619_1_biometrics-uidai-national-population-register">http://articles.economictimes.indiatimes.com/2012-01-31/news/31010619_1_biometrics-uidai-national-population-register</a>.</p>
<p><a href="#_ftnref3" name="_ftn3">[3]</a>See: an MoU signed between the UIDAI and the Government of Madhya Pradesh. Also see: Usha Ramanathan, “<i>States as handmaidens of UIDAI</i>”, The Statesman (August 8, 2013).</p>
<p><a href="#_ftnref4" name="_ftn4">[4]</a>http://nictcsc.com/images/Aadhaar%20Project%20Training%20Module/English%20Training%20Module/module2_aadhaar_enrolment_process17122012.pdf</p>
<p style="text-align: justify; "><a href="#_ftnref5" name="_ftn5">[5]</a> Document Storage Guidelines for Registrars – Version 1.2, https://uidai.gov.in/images/mou/D11%20Document%20Storage%20Guidelines%20for%20Registrars%20final%2005082010.pdf</p>
<p><a href="#_ftnref6" name="_ftn6">[6]</a> Arindham Mukherjee, Lola Nayar, <i>Aadhaar,A Few Basic Issues</i>, Outlook India, (December 5, 2011)<i>, </i><a href="http://dataprivacylab.org/TIP/2011sept/India4.pdf">http://dataprivacylab.org/TIP/2011sept/India4.pdf</a>.</p>
<p style="text-align: justify; "><a href="#_ftnref7" name="_ftn7">[7]</a> <i>Aadhaar: UIDAI probing several cases of misuse of personal data, </i>The Hindu, (April 29, 2012), http://www.thehindubusinessline.com/economy/aadhar-uidai-probing-several-cases-of-misuse-of-personal-data/article3367092.ece.</p>
<p><a href="#_ftnref8" name="_ftn8">[8]</a> Harsimran Julka, <i>UIDAI wins court battle against HCL technologies, </i>The Economic Times, (October 4, 2011), <a href="http://articles.economictimes.indiatimes.com/2011-10-04/news/30242553_1_uidai-bank-guarantee-hp-and-ibm">http://articles.economictimes.indiatimes.com/2011-10-04/news/30242553_1_uidai-bank-guarantee-hp-and-ibm</a>.</p>
<p style="text-align: justify; "><a href="#_ftnref9" name="_ftn9">[9]</a> Chetan Chauhan, <i>UIDAI cancels 3.84 lakh fake Aadhaar numbers</i>, The Hindustan Times, (December 26, 2012), <a href="http://www.hindustantimes.com/newdelhi/uidai-cancels-3-84-lakh-fake-aadhaar-numbers/article1-980634.aspx">http://www.hindustantimes.com/newdelhi/uidai-cancels-3-84-lakh-fake-aadhaar-numbers/article1-980634.aspx</a>.</p>
<p><a href="#_ftnref10" name="_ftn10">[10]</a> Usha Ramanathan, “<i>Inclusion project that excludes the poor</i>”, The Statesman (July 4, 2013).</p>
<p style="text-align: justify; "><a href="#_ftnref11" name="_ftn11">[11]</a> UIDAI to Refresh Data Collection Process, Zee News, (February 7, 2012) <a href="http://zeenews.india.com/news/delhi/uidai-to-refresh-data-collection-process_757251.html">http://zeenews.india.com/news/delhi/uidai-to-refresh-data-collection-process_757251.html</a>.</p>
<p style="text-align: justify; "><a href="#_ftnref12" name="_ftn12">[12]</a> Snehal Sengupta, <i>Queue up again to apply for Aadhaar</i>, The Telegraph, (February 27, 2015), http://www.telegraphindia.com/1150227/jsp/saltlake/story_5642.jsp#.VayjDZOqqko</p>
<p><a href="#_ftnref13" name="_ftn13">[13]</a> Chauhan, <i>supra </i>note 7.</p>
<p style="text-align: justify; "><a href="#_ftnref14" name="_ftn14">[14]</a> Usha Ramanathan, <i>Three Supreme Court Orders Later, What’s the Deal with Aadhaar? </i>Yahoo News, (April 13, 2015), <a href="https://in.news.yahoo.com/three-supreme-court-orders-later--what-s-the-deal-with-aadhaar-094316180.html">https://in.news.yahoo.com/three-supreme-court-orders-later--what-s-the-deal-with-aadhaar-094316180.html</a>.</p>
<p><a href="#_ftnref15" name="_ftn15">[15]</a> Usha Ramanathan, “<i>Threat of Exclusion and of Surveillance</i>”<i>,</i> The Statesman (July 2, 2013).</p>
<p><a href="#_ftnref16" name="_ftn16">[16]</a> <i>Over 9 Crore Aadhaar enrolments rejected by UIDAI, </i>Zee News (May 8, 2015).</p>
<p><a href="#_ftnref17" name="_ftn17">[17]</a> Usha Ramanathan, “<i>States as handmaidens of UIDAI</i>”, The Statesman (August 8, 2013).</p>
<p><a href="#_ftnref18" name="_ftn18">[18]</a> Surabhi Agarwal, <i>Duplicate Aadhar numbers within estimate, </i>Live Mint (March 5, 2013).</p>
<p><a href="#_ftnref19" name="_ftn19">[19]</a> Usha Ramanathan, “<i>Outsourcing enrolment, gathering dogs and trees</i>”, The Statesman (August 7, 2013).</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/data-flow-in-unique-identification-scheme-of-india'>http://editors.cis-india.org/internet-governance/blog/data-flow-in-unique-identification-scheme-of-india</a>
</p>
No publishervidushiInternet GovernancePrivacy2015-09-03T17:02:44ZBlog EntryRoundtable discussion on WHOIS
http://editors.cis-india.org/internet-governance/news/round-table-discussion-on-whois
<b>Sunil Abraham and Vidushi Marda participated remotely in a round-table discussion organized by the Department of Electronics & Information Technology (DeitY), Govt. of India on July 28, 2015. Aditya Garg, an intern at the Centre for Internet & Society also participated (in person) from New Delhi and made an intervention.</b>
<p style="text-align: justify; ">Dr. Ajay Kumar, Joint Secretary, DeitY chaired the round-table to seek expert input from all stakeholders at the national level, on various issues related to WHOIS (domain name) which are currently being discussed at the Public Safety Working Group (PSWG), an internal working group of Governmental Advisory Committee (GAC) of ICANN.</p>
<p style="text-align: justify; ">The PSWG will be focusing on ICANN’s policies and procedures that raise questions or have implications for the safety of the public, in connection with their use of the Internet. Current major areas of interest for PSWG are:</p>
<ol>
<li> WHOIS</li>
<li>Enforcing Contractual Compliance with Registries and Registrars</li>
<li>Implementation of new gTLDs</li>
<li>Internationalized Domain Names (IDNs)</li>
</ol>
<p style="text-align: justify; ">WHOIS is a long-term strategic priority for ICANN. ICANN’s Security and Stability Advisory Committee (SSAC) has issued 12 reports/advisories with reference to WHOIS.</p>
<p>The roundtable will served as a platform to discuss WHOIS policy / implementation issues for .IN <a class="moz-txt-link-rfc2396E" href="http://for.IN"><http://for .IN></a> registry.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/round-table-discussion-on-whois'>http://editors.cis-india.org/internet-governance/news/round-table-discussion-on-whois</a>
</p>
No publishervidushiInternet Governance2015-08-24T14:16:12ZNews ItemFirst draft of Technology Business Incubators: An Indian Perspective and Implementation Guidance Report
http://editors.cis-india.org/internet-governance/blog/technology-business-incubators
<b>The Centre for Internet and Society presents the first draft of its analysis on technology business incubators("TBI") in India. The report prepared by Sunil Abraham, Vidushi Marda, Udbhav Tiwari and Anumeha Karnatak looks at operating procedures, success stories and lessons that can be learnt from TBIs in India.</b>
<p style="text-align: justify; ">A technology business incubator (TBI) is an organisational setup that nurtures technology based and knowledge driven companies by helping them survive during the startup period in the company’s history, which lasts around the initial two to three years. Incubators do this by providing an integrated package of work space, shared office services, access to specialized equipment along with value added services like fund raising, legal services, business planning, technical assistance and networking support. The main objective of the technology business incubators is to produce successful business ventures that create jobs and wealth in the region, along with encouraging an attitude of innovation in the country as a whole.</p>
<p style="text-align: justify; ">The primary aspects that this report shall go into are the stages of a startup, the motivational factors behind establishing incubators by governments & private players, the process followed by them in selecting, nurturing talent as well as providing post incubation support. The report will also look at the role that incubators play in the general economy apart from their function of incubating companies, such as educational or public research roles. A series of case analysis of seven well established incubators from India shall follow which will look into their nurturing processes, success stories as well as lessons that can be learnt from their establishment. The final section shall look into challenges faced by incubators in developing economies and the measures taken by them to overcome these challenges.</p>
<p style="text-align: justify; "><a href="http://editors.cis-india.org/internet-governance/blog/technology-business-incubators.pdf" class="internal-link"><b>Download the full paper</b></a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/technology-business-incubators'>http://editors.cis-india.org/internet-governance/blog/technology-business-incubators</a>
</p>
No publishervidushiInternet Governance2015-07-25T16:14:44ZBlog Entry