The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 21 to 32.
Letter to ICANN on NCSG
http://editors.cis-india.org/internet-governance/blog/letter-to-icann-on-ncsg
<b>The Centre for Internet and Society sent the following mail to ICANN regarding their attempt to impose their own charter for a Noncommercial Stakeholder Group (NCSG), instead of accepting the one drafted by the Noncommercial Users Constituency (NCUC).</b>
<p>Dear Sir or Madam,</p>
<p>Greetings from the Centre for Internet and Society - Bangalore. We are a Bangalore based research and advocacy organisation promoting consumer and citizen rights on the Internet. We currently focus on IPR reform, IPR alternatives and electronic accessibility by the disabled. Please see our website <http://cis-india.org> for more information about us and our activities.</p>
<p>It has come to our attention that ICANN is imposing the ICANN staff-drafted charter for a Noncommercial Stakeholder Group (NCSG) and ignoring the version drafted by civil society. As you know, the civil society version was drafted using a consensus process and more than 80 international noncommercial organizations, including mine, support it.</p>
<p>This is an unacceptable situation since the governance structures contained within the NCSG charter determine how effectively noncommercial users can influence policy decisions at ICANN in years to come. On behalf of Internet users in India - I would strongly urge you to reject the staff drafted version of the charter and adopt the version drafted and endorsed by civil society.</p>
<p>Best wishes,</p>
<p>Sunil Abraham<br />Executive Director<br />Centre for Internet and Society</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/letter-to-icann-on-ncsg'>http://editors.cis-india.org/internet-governance/blog/letter-to-icann-on-ncsg</a>
</p>
No publisherpraneshPublic AccountabilityDigital PluralismDigital Governance2011-08-02T07:41:11ZBlog EntryIT Act and Commerce
http://editors.cis-india.org/internet-governance/blog/it-act-and-commerce
<b>This is a guest post by Rahul Matthan, partner in the law firm Trilegal, and widely regarded as one of the leading experts on information technology law in India. In this post, Mr. Matthan looks at the provisions in the amended Information Technology Act of interest to commerce, namely electronic signatures and data protection.</b>
<p>This post analyses the amendments brought about to the Information Technology Act, 2000 (“IT Act 2000”) through the recent 2008 amendments (“IT Act 2008”).</p>
<h2>Definitions</h2>
<p>The IT Act 2008 has introduced a few additional definitions to the list of definitions originally included in the IT Act 2000. These definitions have either amplified the existing provisions or been introduced in order to address new issues required to be defined in the context of the newly introduced provisions in the statute. Some of the significant definitions have been discussed below:</p>
<h3>Computer Network</h3>
<p>The definition of “computer network” has been amended to specifically include the wireless interconnection of computers. While wireless technology did fall within the scope of the IT Act under the rather generic head of “other communication media”, the Amendment Act clarifies the scope of the IT Act by expressly including the term “wireless”.</p>
<h3>Communication Devices</h3>
<p>The IT Amendment Bill, 2006, had provided an explanation for “communication devices” under Section 66A. This definition has been moved into the definition section and now applies across all sections of the IT Act 2008. “Communication devices” is defined to mean “a cell phone, personal digital assistance (PDA) device or combination of both or any device used to communicate, send or transmit any text, video, audio or image”.</p>
<p>There has been case law even under the IT Act that has held mobile phones to fall within the ambit of the IT Act, as a result of which all the provisions of the Act that apply to computers are equally applicable to mobile phones. This amendment only makes that position more explicit.</p>
<h2>Electronic Signatures<br /></h2>
<p>One of the major criticisms of the IT Act 2000 was the fact that it was not a technology neutral legislation. This was specifically so in relation to the provisions in the IT Act 2000 relating to the use of digital signatures for the purpose of authentication of electronic records. The statute made specific reference to the use of asymmetric cryptosystem technologies in the context of digital signatures, and, in effect, any authentication method that did not use this technology was not recognised under the IT Act 2000.</p>
<p>The IT Act 2008 has attempted to make this more technology neutral. In doing so, the attempt has been to bring the law in line with the United Nations Commission on International Trade Law Model Law on Electronic Signatures (“Model Law”).</p>
<h3>Replacement of Digital Signatures</h3>
<p>The first significant change in the IT Act 2008 is the replacement of the term “digital signatures” with “electronic signatures” in almost all the provisions in the IT Act 2000. In some provisions, reference continues to be made to digital signatures, but the net effect of the amendments is to treat digital signatures as a subset (or an example of one type) of electronic signatures.</p>
<p>Electronic signatures have been defined as the authentication of an electronic record using the authentication techniques specified in the 2nd Schedule to the Act, provided they are reliable. </p>
<p>The reliability criterion has been introduced, very much along the lines of the Model Law. However, the contents of the 2nd Schedule are yet to be stipulated, which means that despite the existence of a reliability standard, the only authentication method available at this point in time is the digital signature regime.</p>
<h3>Dual Requirement</h3>
<p>One significant implication of this amendment is the introduction of a dual requirement – to meet the reliability standard as well as to be included in the 2nd Schedule. However, structuring the authentication procedures in this manner offsets the objective tests of neutrality borrowed from the Model Law, since an authentication method may meet the reliability test but will not be deemed to be legally enforceable unless it is notified in the 2nd Schedule.</p>
<p>Additionally, there will be grounds for challenging electronic signatures that are notified to the 2nd Schedule, if it can be shown that the signature so notified is not reliable under the terms of the reliability criteria. This can act as an impediment to the recognition of electronic signatures by notification.</p>
<h3>Emphasis on Digital Signatures</h3>
<p>Another concern is the treatment of digital signatures in the post amendment statute. The IT Act 2008 continues to retain all the provisions relating to digital signatures within the main body of the statute. The term “digital signature” has not been uniformly substituted with “electronic signature” throughout the statute. In certain provisions this leads to a certain amount of absurdity, such as in those relating to representations made as to the issuance, suspension or revocation of digital signature certificates; due to the lack of uniformity, these principles now apply only to digital signatures and not to all types of electronic signatures. </p>
<p>It would have been preferable if the provisions relating to digital signatures had been moved in their entirety to the 2nd Schedule. Then, digital signatures would have become just another class of electronic signatures listed in the Schedule. By omitting to do this, the authors ensure that digital signature-specific provisions remaining in the main body of the statute challenge the technology neutrality of the statute.</p>
<h3>Certifying Authorities</h3>
<p>The IT Act 2008 has made the certifying authority the repository of all electronic signatures issued under the statute. Given that there are, at present, multiple certifying authorities, this provision is impractical. Instead, the statute should have either referred to the Controller of Certifying Authorities or should have been worded to state that each certifying authority would be the repository for all electronic signature certificates issued by it.</p>
<h3>Impact on Other Statutes</h3>
<p>Since the enactment of the IT Act 2000, amendments have been carried out in other statutes, relying on the concept of digital signatures. For instance, the Negotiable Instruments Act, 1881, makes the use of a digital signature essential for an electronic cheque.1 While the IT Act 2008 has expanded the scope of the available authentication measures, by introducing the technologically neutral concept of electronic signatures, corresponding amendments in other statutes like the Negotiable Instruments Act, 1881, will need to be carried out, so that they are not limited in their application to digital signatures.</p>
<h2>Data Protection<br /></h2>
<p>Prior to the passing of the IT Act 2008, the concept of 'data protection' was not recognised in India. The amendments have now introduced some amount of legal protection for data stored in the electronic medium. This chapter analyses the changes sought to be introduced and their impact on data protection law in India.</p>
<h3>Data under the IT Act 2000</h3>
<p>The only provision under the IT Act 2000, which dealt with unauthorised access and damage to data, was Section 43. Under that section, penalties were prescribed in respect of any person who downloads copies or extracts data from a computer system, introduces computer contaminants or computer viruses into a computer system or damages any data residing in a computer system.</p>
<h3>Data under the IT Act 2008</h3>
<p>Under the IT Act 2008, far-reaching changes have been made in relation to data. Two sections have been inserted specifically for that purpose – Sections 43-A and 72-A, one dealing with the civil and the other with the criminal remedies in relation to the breach of data related obligations.</p>
<h3>The Civil Remedies for Data Protection</h3>
<p>The newly introduced Section 43-A reads as follows:</p>
<blockquote>
<p>Compensation for failure to protect data - Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, to the person so affected.</p>
<p> Explanation - For the purposes of this section:</p>
<p> (i) “Body Corporate” means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities;</p>
<p>(ii) “Reasonable Security Practices and Procedures” means security practices and procedures designed to protect such information from unauthorised access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in the absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit; and</p>
<p>(iii) “Sensitive Personal Data or Information” means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.</p>
</blockquote>
<p>While at first this provision appears to address several long standing concerns relating to data protection in India, there are several insidious flaws that could affect the development of a data protection jurisprudence in the country.</p>
<h3>Non-Electronic Data</h3>
<p>In the first instance, there is no mention, under this provision, of non-electronic data. Most international data protection statutes recognise and protect data stored in any electronic medium or a relevant filing system (including, for instance, a salesperson's diary). The newly introduced provisions of the IT Act 2008 do not provide any protection for data stored in a non-electronic medium.</p>
<p>It could be argued that given the legislative focus of this statute (it has been called the Information Technology Act with a reason), it would be inappropriate to include within this statute protection for forms of data that do not relate to the digital or electronic medium. While that argument is valid to many who look to the new provisions introduced in the IT Act 2008 as the answer to the data protection concerns that the country has been facing all these years, their enthusiasm must be tempered as these new provisions merely provide solutions for electronic data.</p>
<h3>Classification of Data</h3>
<p>Most international data protection statutes distinguish between different levels of personal data – specifying difference levels of protection for personal information and sensitive personal information. Depending on whether the data can be classified as one or the other, they have different levels of protection, as loss, unauthorised access or disclosure of sensitive personal information is considered to have a deeper impact on the data subject. </p>
<p>The new provisions of the IT Act 2008 make no such distinction. Section 43-A applies to all “sensitive personal data or information” but does not specify how personal data not deemed to be sensitive is to be treated. In essence, personal information and sensitive personal information do not appear to be differentially treated in the context of data protection.</p>
<h3>Consequences</h3>
<p>Under most international data protection statutes, the person in “control” of the data is liable for the consequences of disclosure, loss or unauthorised access to such information. This ensures that liability is restricted to those who actually have the ability to control the manner in which the data is treated. </p>
<p>However, under the new provisions of the IT Act 2008, the mere possession of information and its subsequent misuse would render any person who possesses this data liable to damages. While there is likely to be a debate on what constitutes possession and how this differs from control, there can be little doubt that by referring to “possession” in addition to “operation” and “control”, the IT Act 2008 appears to have widened the net considerably.</p>
<h3>Negligence in Implementing Security Practices</h3>
<p>Section 43-A specifically places liability on a body corporate only if such body corporate has been negligent in implementing its security practices and procedures in relation to the data possessed, controlled or handled by it. The choice of language here is significant. The statute specifically refers to the term “negligence” in relation to the security practices and procedures as opposed to stipulating a clear, pass-fail type obligation to conform.</p>
<p>There is a significant difference between the terms “negligence to implement” and “failure to implement”. The former can only result in a breach if the body corporate that was required to follow reasonable security practices with regard to the data in its possession or control does not perform the required action and it can be proved that a reasonable man in the same circumstances would have performed the required action. If a body corporate is to be made liable under the provisions of this Section, it is not enough to demonstrate that security procedures were not followed; it has to be proved in addition that the body corporate was negligent.</p>
<h3>Wrongful Loss and Gain</h3>
<p>The Section appears to have been constructed on the basis that a breach has occurred in the event that any “wrongful gain” or “wrongful loss” was suffered. These terms have not been defined either under statutes or through any judicial precedents in the civil context. However, these terms do have a definition under criminal law in India. The Indian Penal Code, 1860 (“IPC”), defines “Wrongful Gain” to mean gain, by unlawful means, of property to which the person gaining is not legally entitled; and “Wrongful Loss” to mean the loss by unlawful means of property to which the person losing it is legally entitled.</p>
<p>There does not appear to be any greater significance in the use of these terms even though they are typically found in criminal statutes. Therefore, apart from the slight ambiguity as to purpose, their use in the IT Act does not appear to have any great significance.</p>
<h3>Limitation on Liability</h3>
<p>The provisions of Section 43 originally had the total liability for a breach capped at Rs. 5,00,00,000 (five crore rupees). The original text of Section 43-A had the same limitation of liability in respect of its data protection provisions. Before the bill was passed into law, this limitation was removed and now a breach of Section 43-A is not subject to any limitation of liabilities.</p>
<h3>Reasonable Security Practices and Procedures</h3>
<p>Section 43-A makes a reference to “reasonable security practices and procedures” and stipulates that a breach has been caused only if such practices and procedures have not been followed. There are three methods by which reasonable security practices and procedures can be established:</p>
<ul><li> By agreement;</li><li>By law; and</li><li>By prescription by the Central Government.</li></ul>
<p><br />As there is no law in India which sets out an appropriate definition for the term and since it will be some time before which the Central Government comes out with necessary regulations, it would appear that the only option available is for the parties to arrive at an agreement as to how the sensitive personal data and information exchanged under their contract is to be handled.</p>
<p>As a corollary, till such time as the government establishes the necessary rules in relation to these security practices and procedures, if a body corporate does not enter into an agreement with the person providing the information as to the reasonable security practices and procedures that would apply, the body corporate cannot be brought within the purview of this section for any loss or damage to data.</p>
<h3>The Criminal Remedies for Unlawful Disclosure of Information</h3>
<p>In addition to the civil remedies spelled out in such detail in Section 43-A, the newly introduced provisions of Section 72-A of the IT Act 2008 could be used to impose criminal sanctions against any person who discloses information in breach of a contract for services. While not exactly a data protection provision in the same way that Section 43-A is, there are enough similarities in purpose to achieve the same result.</p>
<p>Section 72-A reads:</p>
<blockquote>
<p> Punishment for Disclosure of information in breach of lawful contract - Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person shall be punished with imprisonment for a term which may extend to three years, or with a fine which may extend to Rupees five lakh, or with both.</p>
</blockquote>
<p>In substance, this provision appears to be focused on providing criminal remedies in the context of breach of confidentiality obligations under service contracts; given that the section specifically refers to the disclosure of personal information obtained under that service contract, it is fair to classify this as a provision that addresses data protection issues.</p>
<h3>Personal Information</h3>
<p>The IT Act 2008 does not define “personal information”. Equally, there are no judicial precedents that provide any clarity on the term. The Right to Information Act, 2005 does provide a definition for “personal information”, but that definition is inappropriate in the context of the IT Act 2008. In the absence of a useable definition for the term “personal information”, it becomes difficult to assess the scope and ambit of the provision and in particular to understand the extent to which it is enforceable.</p>
<h3>"Willful"</h3>
<p>The section would only apply to persons who willfully disclose personal information and cause wrongful loss or gain. Hence, in order to make a person liable it has to be proved that the person disclosing the personal information did so with an intention to cause wrongful loss or gain. It would be a valid defense to claim that any loss caused was unintentional.</p>
<h3>Service Contracts</h3>
<p>The section appears to be particular about the fact that it only applies in the context of personal information obtained under a contract for services. This appears to rule out confidential information (that is not of a personal nature) that has been received under any other form of agreement (including, for example, a technology license agreement). The section is clearly intended to protect against the misuse of personal information and cannot be adapted to provide a wider level of protection against all breaches of confidential information. That said, employers now have a much stronger weapon against employees who leave with the personal records of other fellow employees.</p>
<h3>Consent</h3>
<p>This section also clearly applies only to those disclosures of personal information with the intent to cause wrongful loss or gain which have taken place without the consent of the person whose personal information is being disclosed. What remains to be seen is how the law will deal with situations where a general consent for disclosures has been obtained at the time of recruitment.</p>
<p>Such clauses are made effective around the world by including opt in and opt out clauses, to allow the employee to either expressly agree to the disclosure of his personal information or to specifically exclude himself from the ambit of any such disclosures.</p>
<h3>Media of Material</h3>
<p>This section, unlike several other provisions of the IT Act 2008, deals with all manner of materials without requiring them to be digital. However, while disclosure of information stored in the non-electronic medium has been recognised, in the absence of a clear definition of personal information, it is difficult to ascertain the application and enforcement of this section.</p>
<h3>What’s Missing</h3>
<p>In order to be a truly effective data protection statute, the IT Act 2008 must include provisions relating to the collection, circumstances of collection, control, utilisation and proper disposal of data. At present the statute is silent about these aspects. In many ways, the statute addresses the particular concerns of companies or corporate entities looking for protection in relation to data outsourced to any other corporate entity for processing. Within these specific parameters the statute works well. However it does little to protect the average citizen of the country from the theft of personal data. Until we have statutory recognition of these issues, we will not be able to say that we have an effective data protection law in India.</p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/it-act-and-commerce'>http://editors.cis-india.org/internet-governance/blog/it-act-and-commerce</a>
</p>
No publisherpraneshIT ActDigital GovernanceData ProtectionAuthenticationSecurity2011-08-02T07:41:45ZBlog EntryGetting the (Digital) Indo-Pacific Economic Framework Right
http://editors.cis-india.org/internet-governance/blog/directions-cyber-digital-europe-arindrajit-basu-september-16-2022-getting-the-digital-indo-pacific-economic-framework-right
<b>On the eve of the Tokyo Quad Summit in May 2022, President Biden unveiled the Indo-Pacific Economic Framework (IPEF), visualising cooperation across the Indo-Pacific based on four pillars: trade; supply chains; clean energy, decarbonisation and infrastructure; and tax and anti-corruption. Galvanised by the US, the other 13 founding members of the IPEF are Australia, Brunei Darussalam, India, Indonesia, Japan, Republic of Korea, Malaysia, New Zealand, Philippines, Singapore, Thailand and Vietnam. The first official in-person Ministerial meeting was held in Los Angeles on 9 September 2022.</b>
<p style="text-align: justify; ">The article was <a class="external-link" href="https://directionsblog.eu/getting-the-digital-indo-pacific-economic-framework-right/">originally published in Directions</a> on 16 September 2022.</p>
<hr />
<p style="text-align: justify; ">It is still early days. Given the broad and noncommittal scope of the <a href="http://indiamediamonitor.in/ViewImg.aspx?rfW3mQFhdxZsqXnJzK5Xi5+XYlnW6zXnPDF3Ad56Y/KdgI1zvICzrodtLI85MPKdVO1fIh79GUlPfyXY2/bE2g==" rel="noreferrer noopener" target="_blank">economic arrangement</a>, it is unlikely that the IPEF will lead to a trade deal among members in the short run. Instead, experts believe that this new arrangement is designed to serve as a ‘<a href="https://indianexpress.com/article/opinion/columns/building-on-common-ground-7963518/" rel="noreferrer noopener" target="_blank">framework or starting point</a>’ for members to cooperate on geo-economic issues relevant to the Indo-Pacific, buoyed in no small part by the United States’ desire to make up lost ground and counter Chinese economic influence in the region.</p>
<p style="text-align: justify; ">United States Trade Representative (USTR) Katherine Tai has underscored the relevance of the Indo-Pacific digital economy to the US agenda with the IPEF. She has emphasized the <a href="https://www.whitehouse.gov/briefing-room/press-briefings/2022/05/23/on-the-record-press-call-on-the-launch-of-the-indo-pacific-economic-framework/" rel="noreferrer noopener" target="_blank">importance of</a> collaboratively addressing key connectivity and technology challenges, including standards on cross-border data flows, data localisation and online privacy, as well as the discriminatory and unethical use of artificial intelligence. This is an ambitious agenda given the divergence among members in terms of technological advancement, domestic policy preferences and international negotiating stances at digital trade forums. There is a significant risk that imposing external standards or values on this evolving and politically-contested digital economy landscape will not work, and may even undermine the core potential of the IPEF in the Indo-Pacific. This post evaluates the domestic policy preferences and strategic interests of the Framework’s member states, and how the IPEF can navigate key points of divergence in order to achieve meaningful outcomes.</p>
<h3><strong>State of domestic digital policy among IPEF members</strong></h3>
<p style="text-align: justify; ">Data localisation is a core point of divergence in global digital policymaking. It continues to dominate discourse and trigger dissent at all <a href="https://www.ikigailaw.com/the-data-localization-debate-in-international-trade-law/#acceptLicense" rel="noreferrer noopener" target="_blank">international trade forums</a>, including the World Trade Organization. IPEF members have a range of domestic mandates restricting cross-border flows, which vary in scope, format and rigidity (see table below)<strong>. </strong>Most countries only have a conditional data localisation requirement, meaning data can only be transferred to countries where it is accorded an equivalent level of protection – unless the individual whose data is being transferred consents to said transfer. <a href="https://www.lexology.com/library/detail.aspx?g=ee977f2e-ecfb-45cf-9f63-186a78a49512#:~:text=Australia%20has%20no%20broad%20data,transferred%20or%20processed%20outside%20Australia." rel="noreferrer noopener" target="_blank">Australia </a>and the <a href="https://www.acq.osd.mil/dpap/pdi/docs/FAQs_Network_Penetration_Reporting_and_Contracting_for_Cloud_Services_(01-27-2017).pdf" rel="noreferrer noopener" target="_blank">United States</a> have sectoral localisation requirements for health and defence data respectively. India presently has multiple sectoral data localisation requirements. In particular, a 2018 Reserve Bank of India (RBI) <a href="https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11244&Mode=0" rel="noreferrer noopener" target="_blank">directive</a> imposed strict local storage requirements along with a 24-hour window for foreign processing of payments data generated in India. The RBI imposed a <a href="https://theprint.in/economy/what-is-data-localisation-why-mastercard-amex-diners-club-cant-add-more-customers-in-india/703790/" rel="noreferrer noopener" target="_blank">moratorium</a> on the issuance of new cards by several US-based card companies until compliance issues with the data localisation directive were resolved. Furthermore, several iterations of India’s recently <a href="https://www.thehindu.com/sci-tech/technology/internet/explained-why-has-the-government-withdrawn-the-personal-data-protection-bill-2019/article65736155.ece" rel="noreferrer noopener" target="_blank">withdrawn </a>Personal Data Protection Bill contained localisation requirements for some categories of personal data.</p>
<p style="text-align: justify; ">Indonesia and Vietnam have <a href="https://thediplomat.com/2020/01/the-retreat-of-the-data-localization-brigade-india-indonesia-and-vietnam/" rel="noreferrer noopener" target="_blank">diluted</a> the scopes of their data localisation mandates to apply, respectively, only to companies providing public services and to companies not complying with other local laws. These dilutions may have occurred in response to concerted pushback from foreign technology companies operating in these countries. In addition to sectoral restrictions on the transfer of geospatial data, South Korea<a href="https://carnegieendowment.org/2021/08/17/korean-approach-to-data-localization-pub-85165" rel="noreferrer noopener" target="_blank"> retains </a>several procedural checks on cross-border flows, including formalities regarding providing notice to individual users.</p>
<p style="text-align: justify; ">Moving onto another issue flagged by USTR Tai, while all IPEF members recognise the right to information privacy at an overarching or constitutional level, the legal and policy contours of data protection are at different stages of evolution in different countries. <a href="https://www.dlapiperdataprotection.com/index.html?t=law&c=JP#:~:text=Personal%20Information%20Protection%20Commission,-Kasumigaseki%20Common%20Gate&text=Japan%20does%20not%20have%20a%20central%20registration%20system.&text=There%20is%20no%20specific%20legal,(eg%20Chief%20Privacy%20Officer)." rel="noreferrer noopener" target="_blank">Japan</a>, <a href="https://www.dlapiperdataprotection.com/index.html?t=law&c=KR" rel="noreferrer noopener" target="_blank">South Korea</a>, <a href="https://www.pdp.gov.my/jpdpv2/assets/2020/01/Introduction-to-Personal-Data-Protection-in-Malaysia.pdf" rel="noreferrer noopener" target="_blank">Malaysia</a>, <a href="https://www.linklaters.com/en/insights/data-protected/data-protected---new-zealand#:~:text=There%20is%20no%20data%20portability%20right%20in%20New%20Zealand.&text=While%20there%20is%20no%20%22right,a%20correction%20to%20that%20information." rel="noreferrer noopener" target="_blank">New Zealand,</a> <a href="https://www.privacy.gov.ph/data-privacy-act/#:~:text=%E2%80%93%20(a)%20The%20personal%20information,against%20any%20other%20unlawful%20processing." rel="noreferrer noopener" target="_blank">Philippines</a>, <a href="https://www.pdpc.gov.sg/Overview-of-PDPA/The-Legislation/Personal-Data-Protection-Act#:~:text=What%20is%20the%20PDPA%3F,Banking%20Act%20and%20Insurance%20Act." rel="noreferrer noopener" target="_blank">Singapore</a> and <a href="https://www.trade.gov/market-intelligence/thailand-personal-data-protection-act#:~:text=The%20legislation%20mandates%20that%20data,1%20million%20in%20criminal%20fines." rel="noreferrer noopener" target="_blank">Thailand </a>have data protection frameworks in place. Data protection frameworks in India and Brunei are under consultation. Notably, the US does not have a comprehensive federal framework on data privacy, although there are patchworks of data privacy regulations at both the federal and state levels.</p>
<p style="text-align: justify; ">Regulation and strategic thinking on artificial intelligence (AI) are also at varying levels of development among IPEF members. India has produced a slew of policy papers on Responsible Artificial Intelligence. The most recent <a href="https://www.niti.gov.in/sites/default/files/2021-08/Part2-Responsible-AI-12082021.pdf" rel="noreferrer noopener" target="_blank">policy paper</a> published by NITI AAYOG (the Indian government’s think tank) refers to constitutional values and endorses a risk-based approach to AI regulation, much like that adopted by the EU. The US National Security Commission on Artificial Intelligence (NSCAI), chaired by Google CEO Eric Schmidt, expressed concerns about the US ceding AI leadership ground to China. The NSCAI’s final <a href="https://www.nscai.gov/" rel="noreferrer noopener" target="_blank">report </a>emphasised the need for US leadership of a ‘coalition of democracies’ as an alternative to China’s autocratic and control-oriented model. Singapore has also made key strides on trusted AI, launching <a href="https://www.pdpc.gov.sg/news-and-events/announcements/2022/05/launch-of-ai-verify---an-ai-governance-testing-framework-and-toolkit" rel="noreferrer noopener" target="_blank">A.I. verify</a> – the world’s first AI Governance Testing Framework for companies that wish to demonstrate their use of responsible AI through a minimum verifiable product.</p>
<h3><strong>IPEF and pipe dreams of digital trade</strong></h3>
<p style="text-align: justify; ">Some members of the IPEF are signatories to other regional trade agreements. With the exception of Fiji, India and the US, all the IPEF countries are members of the Regional Comprehensive Economic Partnership <a href="https://www.dfat.gov.au/trade/agreements/in-force/rcep#:~:text=RCEP%20entered%20into%20force%20on,Australia%20as%20an%20original%20party." rel="noreferrer noopener" target="_blank">(RCEP)</a>, which also includes China. Five IPEF member countries are also members of the <a href="https://www.dfat.gov.au/trade/agreements/in-force/cptpp/comprehensive-and-progressive-agreement-for-trans-pacific-partnership" rel="noreferrer noopener" target="_blank">Comprehensive and Progressive Trans-Pacific Partnership (CPTPP)</a> that President Trump backed out of in 2017. Several IPEF members also have bilateral or trilateral trading agreements among themselves, an example being the <a href="https://www.mfat.govt.nz/en/trade/free-trade-agreements/free-trade-agreements-in-force/digital-economy-partnership-agreement-depa/" rel="noreferrer noopener" target="_blank">Digital Economic Partnership Agreement (DEPA)</a> between Singapore, New Zealand and Chile.</p>
<p style="text-align: justify; "><img src="http://editors.cis-india.org/home-images/Pie.png" alt="Pie" class="image-inline" title="Pie" /></p>
<p style="text-align: justify; ">All these ‘mega-regional’ trading agreements contain provisions on data flows, including prohibitions on domestic legal provisions that mandate local computing facilities or restrict cross-border data transfers. Notably, these agreements also incorporate <a href="https://publications.clpr.org.in/the-philosophy-and-law-of-information-regulation-in-india/chapter/indias-engagement-with-global-trade-regimes-on-cross-border-data-flows/" rel="noreferrer noopener" target="_blank">exceptions</a> to these rules. The CPTPP includes within its ambit an exception on the grounds of ‘legitimate public policy objectives’ of the member, while the RCEP incorporates an additional exception for ‘essential security interests’.</p>
<p style="text-align: justify; ">IPEF members are also spearheading <a href="https://www.hinrichfoundation.com/research/article/wto/can-the-wto-build-consensus-on-digital-trade/" rel="noreferrer noopener" target="_blank">multilateral efforts </a>related to the digital economy: Australia, Japan and Singapore are working as convenors of the plurilateral Joint Statement Initiative (JSI) at the World Trade Organization (WTO), which counts 86 WTO members as parties. India (along with South Africa) vehemently <a href="https://docs.wto.org/dol2fe/Pages/SS/directdoc.aspx?filename=q:/WT/GC/W819.pdf&Open=True" rel="noreferrer noopener" target="_blank">opposes</a> this plurilateral push on the grounds that the WTO is a multilateral forum functioning on consensus and a plurilateral trade agreement should not be negotiated within the aegis of the WTO. They fear, rightly, that such gambits close out the domestic policy space, especially for evolving digital economy regimes where keen debate and contestation exist among domestic stakeholders. While wary of the implications of the JSI, other IPEF members, such as Indonesia, have cautiously joined the initiative to ensure that they have a voice at the table.</p>
<p style="text-align: justify; ">It is unlikely that the IPEF will lead to a digital trade arrangement in the short run. Policymaking on issues as complex as the digital economy that must respond to specific social, economic and (geo)political realities cannot be steamrolled through external trade agreements. For instance, after the Los Angeles Ministerial India <a href="https://www.business-standard.com/article/economy-policy/india-opts-out-of-joining-ipef-trade-pillar-to-wait-for-final-contours-122091000344_1.html" rel="noreferrer noopener" target="_blank">opted out</a> of the IPEF trade pillar citing both India’s evolving domestic legislative framework on data and privacy as well as a broader lack of consensus among IPEF members on several issues, including digital trade. Commerce Minister Piyush Goyal explained that India would wait for the “<a href="https://pib.gov.in/PressReleasePage.aspx?PRID=1858243" rel="noreferrer noopener" target="_blank">final contours</a>” of the digital trade track to emerge before making any commitments.</p>
<p style="text-align: justify; ">Besides, brokering a trade agreement through the IPEF runs a risk of redundancy. Already, there exists a ‘<a href="https://www.rieti.go.jp/en/columns/a01_0193.html" rel="noreferrer noopener" target="_blank">spaghetti bowl’</a> of regional trading agreements that IPEF members can choose from, in addition to forming bilateral trade ties with each other.</p>
<p style="text-align: justify; ">This is why Washington has been clear about calling the IPEF an ‘<a href="https://theprint.in/diplomacy/india-set-to-join-us-led-indo-pacific-economic-arrangement-next-week-with-aim-to-counter-china/963795/" rel="noreferrer noopener" target="_blank">economic arrangement</a>’ and not a trade agreement. Membership does not imply any legal obligations. Rather than duplicating ongoing efforts or setting unrealistic targets, the IPEF is an opportunity for all players to shape conversations, share best practices and reach compromises, which could feed back into ongoing efforts to negotiate trade deals. For example, several members of RCEP have domestic data localisation mandates that do not violate trade deals because the agreement carves out exceptions that legitimise domestic policy decisions. Exchanges on how these exceptions work in future trade agreements could be a part of the IPEF arrangement and nudge states towards framing digital trade negotiations through other channels, including at the WTO. Furthermore, states like Singapore that have launched AI self-governance mechanisms could share best practices on how these mechanisms were developed as well as evaluations of how they have helped policy goals be met. And these exchanges shouldn’t be limited to existing IPEF members. If the forum works well, countries that share strategic interests in the region with IPEF members, including, most notably, the European Union, may also want to get involved and further develop partnerships in the region.</p>
<h3><strong>Countering China</strong></h3>
<p>Talking shop on digital trade should certainly not be the only objective of the IPEF. The US has made it clear that they want the message emanating from the IPEF ‘<a href="https://www.business-standard.com/article/international/biden-to-visit-japan-for-quad-summit-to-have-bilateral-meetings-with-modi-122051900128_1.html" rel="noreferrer noopener" target="_blank">to be heard in Beijing</a>’. Indeed, the IPEF offers an opportunity for the reassertion of US economic interests in a region where President Trump’s withdrawal from the CPTPP has left a vacuum for China to fill. Accordingly, it is no surprise that the IPEF has representation from several regions of the Indo-Pacific: South Asia, Southeast Asia and the Pacific.</p>
<p>This should be an urgent policy priority for all IPEF members. Since its initial announcement in 2015, the <a href="https://www.cfr.org/china-digital-silk-road/" rel="noreferrer noopener" target="_blank">Digital Silk Road (DSR)</a>, the digital arm of China’s Belt and Road Initiative, has spearheaded <a href="https://www.iiss.org/blogs/research-paper/2021/02/china-digital-silk-road-implications-for-defence-industry" rel="noreferrer noopener" target="_blank">massive investments</a> by the Chinese private sector (allegedly under close control of the Chinese state) in e-commerce, fintech, smart cities, data centres, fibre optic cables and telecom networks. This expansion has also happened in the Indo-Pacific, unhampered by China’s aggressive geopolitical posturing in the region through maritime land grabs in the South China Sea. With the exception of <a href="https://www.scmp.com/news/asia/southeast-asia/article/3024479/vietnam-shuns-huawei-it-seeks-build-aseans-first-5g" rel="noreferrer noopener" target="_blank">Vietnam</a>, which remains wary of China’s economic expansionism, countries in Southeast Asia welcome Chinese investments, extolling their developmental benefits. Several IPEF members – <a href="https://www.iseas.edu.sg/wp-content/uploads/2022/05/ISEAS_Perspective_2022_57.pdf" rel="noreferrer noopener" target="_blank">including</a> Indonesia, Malaysia and Singapore – have associations with Chinese private sector companies, predominantly Huawei and ZTE. A <a href="https://carnegieendowment.org/2022/07/11/localization-and-china-s-tech-success-in-indonesia-pub-87477" rel="noreferrer noopener" target="_blank">study</a> evaluating Indonesia’s response to such investments indicates that while they are aware of the risks posed by Chinese infrastructure, their calculus remains unaltered: development and capacity building remain their primary focuses. Furthermore, on the specific question of surveillance, given evidence of other countries such as the US and Australia also using digital infrastructure for surveillance, the threat from China is not perceived as a unique risk.</p>
<h3><strong>Setting expectations and approaches</strong></h3>
<p style="text-align: justify; ">Still, the risks of excessive dependence on one country for the development of digital infrastructure are well known. While the IPEF cannot realistically expect to displace the DSR, it can be utilised to provide countries with alternatives. This can only be done by issuing carrots rather than sticks. A US narrative extolling ‘digital democracy’ is unlikely to gain traction in a region characterised by a diversity of political systems that is focused on economic and development needs. At the same time, an excessive focus on thorny domestic policy issues – such as data localisation and the pipe dream of yet another mega-regional trade deal – could risk derailing the geo-economic benefits of the IPEF.</p>
<p style="text-align: justify; ">Instead, the IPEF must focus on capacity building, training and private sector investment in infrastructure across the Indo-Pacific. The US must position itself as a geopolitically reliable ally, interested in the overall stability of the digital Indo-Pacific, beyond its own economic or policy preferences. This applies equally to other external actors, like the EU, who may be interested in engaging with or shaping the digital economic landscape in the Indo-Pacific.</p>
<p style="text-align: justify; ">Countering Chinese economic influence and complementing security agendas set through other fora – such as the Quadrilateral Security Dialogue – should be the primary objective of the IPEF. It is crucial that unrealistic ambitions seeking convergence on values or domestic policy do not undermine strategic interests and dilute the immense potential of the IPEF in catalysing a more competitive and secure digital Indo-Pacific.</p>
<h3><strong>Table: Domestic policy positions on data localisation and data protection</strong></h3>
<p><img src="http://editors.cis-india.org/home-images/Table.png/@@images/8e9a5192-5f6c-4666-8d78-e0863111534a.png" alt="Table" class="image-inline" title="Table" /></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/directions-cyber-digital-europe-arindrajit-basu-september-16-2022-getting-the-digital-indo-pacific-economic-framework-right'>http://editors.cis-india.org/internet-governance/blog/directions-cyber-digital-europe-arindrajit-basu-september-16-2022-getting-the-digital-indo-pacific-economic-framework-right</a>
</p>
No publisherarindrajitPrivacyInternet GovernanceDigital GovernanceDigital Economy2022-10-03T14:56:22ZBlog EntryFill The Gap: Global Discussion on Digital Natives
http://editors.cis-india.org/research/grants/digital-natives-with-a-cause/dntweet
<b>More often than not people don't understand the new practices inspired by Internet and digital technologies. As such a series of accusations have been leveled against the Digital Natives. Educators, policy makers, scholars, and parents have all raised their worries without hearing out from the people they are concerned about. Hivos has initiated an online global discussion about Digital Natives. So, to voice your opinion, start tweeting with us now #DigitalNatives.</b>
<div class="content-view-full">
<div class="class-event">
<div class="pagecontent">
<h2>If you cannot attend Fill The Gap, you can also join us in a global discussion on some of the issues being discussed at #DigitalNatives<br /></h2>
<br />
<p>1.
Are
you an apolitical consumer, or do you have ambitions?</p>
<p><a href="http://www.tweetworks.com/groups/view/DigitalNatives" target="_blank">http://www.tweetworks.com/groups/view/DigitalNatives</a></p>
<p>2.
Are
you a little prince or princess, who only wants to talk to like minded people
or are you different?</p>
<p><a href="http://www.tweetworks.com/groups/view/DigitalNativesPrincess" target="_blank">http://www.tweetworks.com/groups/view/DigitalNativesPrincess</a></p>
<p>3.
Is
Wikipedia your bible or do you really know something?</p>
<p><a href="http://www.tweetworks.com/groups/view/DigitalNativesWiki" target="_blank">http://www.tweetworks.com/groups/view/DigitalNativesWiki</a></p>
<p>4.
Are
you a digital dinosaur? They say you don’t know anything about ICT!</p>
<p><a href="http://www.tweetworks.com/groups/view/DigitalDinosaur" target="_blank">http://www.tweetworks.com/groups/view/DigitalDinosaur</a></p>
<p>5.
Why
use the Internet, why don’t you march the streets?</p>
<p><a href="http://www.tweetworks.com/groups/view/DigitalNativesProtest" target="_blank">http://www.tweetworks.com/groups/view/DigitalNativesProtest</a></p>
<p>6.
Plans
to change the world? What do you need?</p>
<p><a href="http://www.tweetworks.com/groups/view/DigitalNativesChanceTheWorld" target="_blank">http://www.tweetworks.com/groups/view/DigitalNativesChanceTheWorld</a></p>
<br />If you are in Amsterdam, here is the information you will need to attend the event:<br />
<h2>Fill the Gap! - 7</h2>
<h3>
R U Online?</h3>
<div class="date">Date: 15 January 2010 </div>
<div class="date">Time: 12.30 until
17.00 hour</div>
<div class="date">Location: Het Sieraad, Postjesweg 1, Amsterdam</div>
<br />
<strong></strong>The seventh edition of Fill the Gap! is all about the power of youth
and IT in developing countries. How can their skills be strengthened
and put to use for a better world? Hivos, apart from cohosting the
event, will be involving digital natives to hear their stories about
ICT and engagement.
<br />
<p>
An Open Space event on the potential of new (mobile) media and youth in
developing countries. For everyone in politics, the profit and the
non-profit sectors who is interested in ICT and international
development cooperation.</p>
<p>
The use of new (mobile) technology is the most natural thing in the world for the youth of today.</p>
<p>
Shaped by the digital era and at ease with creativeity, these
innovators use new media to change the world. Just think of the Twitter
revolution in Iran. What can the international development sector learn
from this? How could international development cooperation use the
potential power of youth to tackle development problems?</p>
<p> The seventh edition of Fill the Gap! is all about the power of
youth and IT in developing countries. How can their skills be
strengthened and put to use for a better world? The kick-off will be
hosted by Jennifer Corriero, co-founder of Taking IT Global: the
international platform for youth and the use of new media for a better
world. Then the floor is open to discuss your own ideas with people
from new media, the business world and the international development
sector during the Open Space sessions. Join in: come to Amsterdam on
Friday January 15th and be inspired during Fill the Gap!<br />
<br /> Registration is free. The programme is in English.</p>
<br /><a href="http://www.fill-the-gap.nl/Fill_the_gap_7?" target="_blank">» Fill the Gap</a></div>
</div>
</div>
<p>
For more details visit <a href='http://editors.cis-india.org/research/grants/digital-natives-with-a-cause/dntweet'>http://editors.cis-india.org/research/grants/digital-natives-with-a-cause/dntweet</a>
</p>
No publishernishantSocial mediaDigital ActivismDigital GovernanceDigital NativesAgencyYouthFeaturedCyberculturesNew PedagogiesDigital subjectivitiesICT2010-01-22T10:54:13ZBlog EntryFake Narendra Modi apps aplenty, but it’s up to users to protect themselves
http://editors.cis-india.org/internet-governance/news/indian-express-december-2-2016-fake-narendra-modi-apps-aplenty-but-it-is-up-to-users-to-protect-themselves
<b>The app, hosted on Google Play store, automatically gets excessive permission including full network access and ability to take pictures and videos once downloaded.</b>
<p>The article was <a class="external-link" href="http://indianexpress.com/article/india/this-fake-narendra-modi-app-can-secretly-take-pictures-shoot-videos-using-your-phone-4407400/">published by Indian Express</a> on December 2, 2016. Pranesh Prakash was quoted. Also see Nandini Yadav's blog post in <a class="external-link" href="http://www.bgr.in/news/beware-of-the-fake-narendra-modi-app-on-google-play-store/">BGR</a> on December 3, 2016.</p>
<hr />
<p style="text-align: justify; "><img alt="modi3" class="size-full wp-image-4407413" src="http://images.indianexpress.com/2016/12/modi3.jpeg" /></p>
<p style="text-align: justify; ">The app, hosted on Google Play store, automatically gets excessive permission including full network access and ability to take pictures and videos once downloaded.</p>
<p style="text-align: justify; ">A “<a href="http://indianexpress.com/about/narendra-modi">Narendra Modi</a>” app, purportedly offered by the Government of India, caught the attention of Internet expert Pranesh Prakash on Thursday as the app developer was found to be using a Bangladesh-based web host and e-mail address. Suggesting that this could be the work of a con-artist, Prakash underlined that granting access to fake apps could lead to security breach. The app, hosted on <a href="http://indianexpress.com/about/google/">Google</a> Play store, automatically gets excessive permission including full network access and ability to take pictures and videos once downloaded. The original NaMo, however, only gets access to read, modify and delete the user’s media files. The “fake” app was downloaded more than 1 lakh times and has an average rating of 4.4 from over 2,000 reviews. A simple search on the play store throws up dozens of Narendra Modi apps, some even calling themselves fake apps. The original app was published by Narendramodi.in and Government Of India. But there are scores of other apps trying to imitate the original.</p>
<p style="text-align: justify; "><img src="http://editors.cis-india.org/home-images/NMApp.png" alt="Narendra Modi App" class="image-inline" title="Narendra Modi App" /></p>
<p style="text-align: justify; "><img src="http://editors.cis-india.org/home-images/NMApp.png" alt="Narendra Modi App" class="image-inline" title="Narendra Modi App" /></p>
<p style="text-align: justify; ">Pranesh, who is Policy Director at The Centre for Internet and Society, also questioned how users can differentiate between fake and genuine apps when even the official app was registered using a gmail address. While the Government of India Narendra Modi app has been published using info@narendramodi.press, the one by Narendramodi.in has been published using a simple Gmail app. He also highlighted how the play store was flooded with fake banking apps, with one such “SBI app” gaining full access to the user’s files. Incidentally, the fake Modi Ki Note app which has been in the limelight since the demonetisation on high value notes and issue of new ones itself has many duplicates.</p>
<p style="text-align: justify; ">In the last two days, the Congress and its vice-president Rahul Gandhi fell victim to hacking as their verified Twitter accounts were compromised. Profane content was shared from both accounts, targeting the Gandhi and his family. This lead to the Congress questioning Prime Minister Narendra Modi’s digital India push as security remains a huge concern.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/indian-express-december-2-2016-fake-narendra-modi-apps-aplenty-but-it-is-up-to-users-to-protect-themselves'>http://editors.cis-india.org/internet-governance/news/indian-express-december-2-2016-fake-narendra-modi-apps-aplenty-but-it-is-up-to-users-to-protect-themselves</a>
</p>
No publisherpraskrishnaDigital IndiaInternet GovernanceDigital GovernancePrivacy2016-12-10T04:24:24ZNews ItemEngaging on the Digital Commons
http://editors.cis-india.org/openness/blog-old/digital-commons
<b>We at the Centre for Internet and Society are very glad to be able to participate in the 13th Biennial Conference of the International Association for the Study of the Commons (IASC). Our interest in the conference arises mainly from our work in the areas of intellectual property rights reform and promotion of different forms of ‘opennesses’ that have cropped up as a response to perceived problems with our present-day regime of intellectual property rights, including open content, open standards, free and open source software, open government data, open access to scholarly research and data, open access to law, etc., our emerging work on telecom policy with respect to open/shared spectrum, and the very important questions around Internet governance. The article by Sunil Abraham and Pranesh Prakash was published in the journal Common Voices, Issue 4.</b>
<p>Our work on intellectual property reform are proactive measures at effecting policy change that go towards protecting and preserving an intellectual, intangible commons. We have opposed the Protection and Utilization of the Public-funded Intellectual Property Bill (an Indian version of the American Bayh-Dole Act) which sought to privatise the fruits of publicfunded research by mandating patents on them. We are working towards reform of copyright law which we believe is lopsided in its lack of concern for consumers and that its current march towards greater enclosure of the public domain is unsustainable. Believing that not all areas of industry and technology are equal, and that patent protection is ill-suited for the software industry, we have worked to ensure that the current prohibitions against patenting of software are effectively followed.</p>
<p>Defensively—that is working within the existing framework of intellectual property law—we seek to promote the various forms of copyright and patent licensing that have arisen as reactions to restrictive IP laws. Free/open source software and open content have arisen as a reaction to the restrictive nature of copyright law, such as the presumption under copyright law that a work is copyrighted by the mere fact of it coming into existence. (for instance, this was not so in the United States until 1989, till when a copyright notice was required to assert copyright). While earlier the presumption was that a work was to belong to the public domain, after the Berne Convention, that presumption was reversed. This led to the creation of the idea of special licences, by using which one could allow all others to share his/her work and reuse it. This innovation in using the law to promote, rather than restrict, what others could do with one’s works has enabled the creation and sharing of everything from Wikipedia, to Linux (which powers more than 85 percent of the world’s top 500 supercomputers) and Apache HTTP server (more than 60 percent of all websites). The advent of the Internet has allowed the creation of intangible digital commons.</p>
<p>We are also starting to engage with the question of telecom policy around spectrum allocation, and believe that promotion of a shared spectrum would help make telecom services, including broadband Internet, available to people at reasonable prices. We also believe that Internet governance should not be the prerogative of governments, and should not happen in a top-down fashion.</p>
<p>Comparisons between tangible commons and intangible commons have been made by people like Elinor and Vincent Ostrom, who in 1977 contributed to our understanding of subtractability and public goods. James Boyle has written about the expansion of copyright law as “the second enclosure movement”, following in the footsteps of the first enclosure movement against the take-over of common land which stretched from the fifteenth century till the nineteenth. Yochai Benkler, has written extensively on commons in information and communication systems as well as on spectrum commons. Just as Elinor Ostrom’s work shows how Garrett Hardin’s evocative ‘tragedy of the commons’ and the problems of free-riding are very often avoided in practice, Michael Heller’s equally evocative phrase ‘gridlock economy’ shows that ‘over-propertisation’ of knowledge can lead to a ‘tragedy of the anti-commons’.</p>
<p>Through this conference we wish to learn of the lessons that academic writings on tangible commons have to impart to intangible commons which are configured very differently (in terms of subtractability, for instance). Ostrom’s work shows how individuals can, in a variety of settings, work to find institutional solutions that promote social cooperation and human betterment. As part of her nine design principles of stable local common pool resource management, she lists clearly defined boundaries for effective exclusion of external unentitled parties. How does that work, when even the existing mechanisms of boundary-definition in intellectual property, such as patent claims, are often decried as being ambiguous thanks to the legalese they are written in? What of traditional knowledge for which defining the community holding ownership rights becomes very difficult? As Ostrom and Hess note, “the rules and flow patterns are different with digital information”, but how do these differences affect the lessons learned from CPR studies? How do Ostrom’s pronouncements against uniform top-down approaches to resource management affect the way that copyright and patents seek to establish a uniform system across multiple areas of art, science and industry (musical recordings and paintings, pharmaceuticals and software)? And how can Ostrom’s work on management of natural resources inform us about the management of resources such as spectrum or the Internet itself? These are all very interesting and important questions that need to be explored, and we are glad that this conference will help us understand these issues better.</p>
<p>Please read the article in Common Voices Issue 4 <a class="external-link" href="http://iasc2011.fes.org.in/common-voices-4.pdf">here</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/openness/blog-old/digital-commons'>http://editors.cis-india.org/openness/blog-old/digital-commons</a>
</p>
No publisherpraneshDigital AccessOpennessCommonsDigital Governance2011-08-20T12:56:26ZBlog EntryElectoral Databases – Privacy and Security Concerns
http://editors.cis-india.org/internet-governance/blog/electoral-databases-2013-privacy-and-security-concerns
<b>In this blogpost, Snehashish Ghosh analyzes privacy and security concerns which have surfaced with the digitization, centralization and standardization of the electoral database and argues that even though the law provides the scope for protection of electoral databases, the State has not taken any steps to ensure its safety.</b>
<p></p>
<p> </p>
<p style="text-align: justify; ">The recent move by the Election Commission of India (ECI) to tie-up with Google for providing electoral look-up services for citizens and electoral information services has faced heavy criticism on the grounds of data security and privacy.<a href="#_edn1" name="_ednref1"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[i]</span></span></a> After due consideration, the ECI has decided to drop the plan.<a href="#_edn2" name="_ednref2"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ii]</span></span></a></p>
<p style="text-align: justify; ">The plan to partner with Google has led to much apprehension regarding Google gaining access to the database of 790 million voters including, personal information such as age, place of birth and residence. It could have also gained access to cell phone numbers and email addresses had the voter chosen to enroll via the online portal on the ECI website. Although, the plan has been cancelled, it does not necessarily mean that the largest database of citizens of India is safe from any kind of security breach or abuse. In fact, the personal information of each voter in a constituency can be accessed by anyone through the ECI website and the publication of electoral rolls is mandated by the law.</p>
<p style="text-align: justify; "><b>Publication of Electoral Rolls</b><br />The electoral roll essentially contains the name of the voter, name of the relationship (son of/wife of, etc.), age, sex, address and the photo identity card number. The main objective of creation and maintenance of electoral rolls and the issue of Electoral Photo Identity Card (EPIC) was to ensure a free and fair election where the voter would have been able to cast his own vote as per his own choice. In other words, the main purpose of the exercise was to curtail bogus voting. This is achieved by cross referencing the EPIC with the electoral roll.</p>
<p style="text-align: justify; ">The process of creation and maintenance of electoral rolls is governed by the Registration of Electors Rules, 1960. Rule 22 requires the registration officer to publish the roll with list of amendments at his office for inspection and public information. Furthermore, ECI may direct the registration officer to send two copies of the electoral roll to every political party for which a symbol has exclusively been reserved by the ECI. It can be safely concluded that the electoral roll of a constituency is a public document<a href="#_edn3" name="_ednref3"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iii]</span></span></a> given that the roll is published and can be circulated on the direction of the ECI.</p>
<p style="text-align: justify; ">With the computational turn, in 1998 the ECI took the decision to digitize the electoral databases. Furthermore, printed electoral rolls and compact discs containing the rolls are available for sale to general public.<a href="#_edn4" name="_ednref4"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iv]</span></span></a> In addition to that, the electoral rolls for the entire country are available on the ECI website.<a href="#_edn5" name="_ednref5"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[v]</span></span></a> However, the current database is not uniform and standardized, and entries in some constituencies are available only in the local language. The ECI has taken steps to make the database uniform, standardized and centralized.<a href="#_edn6" name="_ednref6"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[vi]</span></span></a></p>
<p style="text-align: justify; "><b>Security Concerns</b><br />The Registration of Electoral Rules, 1960 is an archaic piece of delegated legislation which is still in force and casts a statutory duty on the ECI to publish the electoral rolls. The publication of electoral rolls is not a threat to security when it is distributed in hard copies and the availability of electoral rolls is limited. The security risks emerge only after the digitization of electoral database, which allows for uniformity, standardization and centralization of the database which in turn makes it vulnerable and subject to abuse. The law has failed to evolve with the change in technology.</p>
<p style="text-align: justify; ">In a recent article, Bill Davidow analyzes "the dark side of Moore’s Law" and argues that with the growth processing power there has been a growth in surveillance capabilities and on this note the article is titled, “<i>With Great Computing Power Comes Great Surveillance”</i><a href="#_edn7" name="_ednref7"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[vii]</span></span></a> Drawing from Davidow’s argument, with the exponential growth in computing power, search has become convenient, faster and cheap. A uniform, standardized and centralized database bearing the personal information of 790 million voters can be searched and categorized in accordance with the search terms. The personal information of the voters can be used for good, but it can be equally abused if it falls into the wrong hands. Big data analysis or the computing power makes it easier to target voters, as bits and pieces of personal information give a bigger picture of an individual, a community, etc. This can be considered intrusive on individual’s privacy since the personal information of every voter is made available in the public domain</p>
<p style="text-align: justify; ">For example, the availability of a centralized, searchable database of voters along with their age would allow the appropriate authorities to identify wards or constituencies, which has a high population of voters above the age of 65. This would help the authority to set up polling booths at closer location with special amenities. However, the same database can be used to search for density of members of a particular community in a ward or constituency based on the name, age, sex of the voters. This information can be used to disrupt elections, target vulnerable communities during an election and rig elections.</p>
<p style="text-align: justify; "><b>Current IT Laws does not mandate the protection of the electoral database</b><br />A centralized electoral database of the entire country can be considered as a critical information infrastructure (CII) given the impact it may have on the election which is the cornerstone of any democracy. Under Section 70 of the Information Technology Act, 2000 (IT Act) CII means “the computer resource, incapacitation or destruction of which, shall have debilitating impact on national security, economy.”<a href="#_edn8" name="_ednref8"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[viii]</span></span></a> However, the appropriate Government has not notified the electoral database as a protected system<a href="#_edn9" name="_ednref9"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ix]</span></span></a>. Therefore, information security practices and procedures for a protected system are not applicable to the electoral database.</p>
<p style="text-align: justify; ">The Information Technology Rules (IT Rules) are also not applicable to electoral databases, <i>per se</i>. Since, ECI is not a body corporate, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information), Rules, 2011 (<i>hereinafter </i>Reasonable Security Practices Rules) do not apply to electoral databases. Ignoring that Reasonable Security Practices Rules only apply to a body corporate, the electoral database does fall within the ambit of definition of “personal information”<a href="#_edn10" name="_ednref10"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[x]</span></span></a> and should arguably be made subject to the Rules.</p>
<p style="text-align: justify; ">The intent of the ECI for hosting the entire country’s electoral database online <i>inter alia</i> is to provide electronic service delivery to the citizens. It seeks to provide “electoral look up services for citizens ... for better electoral information services.”<a href="#_edn11" name="_ednref11"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[xi]</span></span></a> However, the Information Technology (Electronic Service Delivery) Rules, 2011 are not applicable to the electoral database given that it is not notified by the appropriate Government as a service to be delivered electronically. Hence, the encryption and security standards for electronic service delivery are not applicable to electoral rolls.</p>
<p style="text-align: justify; ">The IT Act and the IT Rules provide a reasonable scope for the appropriate Government to include electoral databases within the ambit of protected system and electronic service delivery. However, the appropriate government has not taken any steps to notify electoral database as protected system or a mode of electronic service delivery under the existing laws.</p>
<p style="text-align: justify; "><b>Conclusion</b><br />Publication of electoral rolls is a necessary part of an election process. It ensures free and fair election and promotes transparency and accountability. But unfettered access to electronic electoral databases may have an adverse effect and would endanger the very goal it seeks to achieve because the electronic database may pose threat to privacy of the voters and also lead to security breach. It may be argued that the ECI is mandated by the law to publish the electoral database and hence, it is beyond the operation of the IT Act. But Section 81 of the IT Act has an overriding effect on any law inconsistent, therewith. The appropriate Government should take necessary steps under the IT Act and notify electoral databases as a protected system.</p>
<p style="text-align: justify; ">It is recommended that the Electors Registration Rules, 1960 should be amended, taking into account the advancement in technology. Therefore, the Rules should aim at restricting the unfettered electronic access to the electoral database and also introduce purposive limitation on the use of the electoral database. It should also be noted that more adequate and robust data protection and privacy laws should be put in place, which would regulate the collection, use, storage and processing of databases which are critical to national security.</p>
<div>
<hr align="left" size="1" width="100%" />
<div id="edn1">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref1" name="_edn1"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[i]</span></span></a> Pratap Vikram Singh, Post-uproar, EC’s Google tie-up plan may go for a toss, Governance Now, January 7, 2014 available at <a class="external-link" href="http://www.governancenow.com/news/regular-story/post-uproar-ecs-google-tie-plan-may-go-toss">http://www.governancenow.com/news/regular-story/post-uproar-ecs-google-tie-plan-may-go-toss</a></p>
</div>
<div id="edn2">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref2" name="_edn2"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ii]</span></span></a> Press Note No.ECI/PN/1/2014, Election Commission of India , January 9, 2014 available at <a class="external-link" href="http://eci.nic.in/eci_main1/current/PN09012014.pdf">http://eci.nic.in/eci_main1/current/PN09012014.pdf</a></p>
</div>
<div id="edn3">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref3" name="_edn3"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iii]</span></span></a> Section 74, Indian Evidence Act, 1872</p>
</div>
<div id="edn4">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref4" name="_edn4"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[iv]</span></span></a> <a class="external-link" href="http://eci.nic.in/eci_main1/the_function.aspx">eci.nic.in/eci_main1/the_function.aspx</a></p>
</div>
<div id="edn5">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref5" name="_edn5"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[v]</span></span></a> <a class="external-link" href="http://eci.nic.in/eci_main1/Linkto_erollpdf.aspx">http://eci.nic.in/eci_main1/Linkto_erollpdf.aspx</a></p>
</div>
<div id="edn6">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref6" name="_edn6"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[vi]</span></span></a> “At present, in most States and UTs the Electoral Database is kept at the district level. In some cases it is kept even with the vendors. In most States/UTs it is maintained in MS Access, while in some cases it is on a primitive technology like FoxPro and in some other cases on advanced RDBMS like Oracle or Sql Server. The database is not kept in bilingual form in some of the States/UTs, despite instructions of the Commission. In most cases Unicode fonts are not used. The database structure not being uniform in the country, makes it almost impossible for the different databases to talk to each other” – Election Commission of India, Revision of Electoral Rolls with reference to 01-01-2010 as the qualifying date – Integration and Standardization of the database- reg., No. 23/2009-ERS, January 6, 2010 available at e<a class="external-link" href="http://eci.nic.in/eci_main/eroll&epic/ins06012010.pdf">ci.nic.in/eci_main/eroll&epic/ins06012010.pdf</a><span dir="RTL"></span></p>
</div>
<div id="edn7">
<p class="MsoEndnoteText"><a href="#_ednref7" name="_edn7"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[vii]</span></span></a><a class="external-link" href="http://eci.nic.in/eci_main1/current/PN09012014.pdf"><span><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"> </span></span></span>http://www.theatlantic.com/technology/archive/2014/01/with-great-computing-power-comes-great-surveillance/282933/</a></p>
</div>
<div id="edn8">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref8" name="_edn8"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[viii]</span></span></a> Section 70, Information Technology Act, 2000</p>
</div>
<div id="edn9">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref9" name="_edn9"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[ix]</span></span></a> Computer resource which directly or indirectly affects the facility of Critical Information Infrastructure</p>
</div>
<div id="edn10">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref10" name="_edn10"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[x]</span></span></a> Rule 2(1)(i), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011</p>
</div>
<div id="edn11">
<p class="MsoEndnoteText" style="text-align: justify; "><a href="#_ednref11" name="_edn11"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference">[xi]</span></span></a> Press Note No.ECI/PN/1/2014, Election Commission of India , January 9, 2014 available at <a class="external-link" href="http://eci.nic.in/eci_main1/current/PN09012014.pdf">http://eci.nic.in/eci_main1/current/PN09012014.pdf</a></p>
</div>
</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/electoral-databases-2013-privacy-and-security-concerns'>http://editors.cis-india.org/internet-governance/blog/electoral-databases-2013-privacy-and-security-concerns</a>
</p>
No publishersnehashishDigital GovernancePrivacyCybersecurityData ProtectionInternet GovernanceSafetyInformation TechnologyCyber SecuritySecuritye-GovernanceTransparency, PoliticsE-Governance2014-01-16T11:07:21ZBlog EntryCPOV : Wikipedia Research Initiative
http://editors.cis-india.org/research/conferences/conference-blogs/cpov
<b>The Second event, towards building the Critical Point of View Reader on Wikipedia, brings a range of scholars, practitioners, theorists and activists to critically reflect on the state of Wikipedia in our contemporary Information Societies. Organised in Amsterdam, Netherlands, by the Institute of Network Cultures, in collaboration with the Centre for Internet and Society, Bangalore, the event builds on the debates and discussions initiated at the WikiWars that launched off the knowledge network in Bangalore in January 2010. Follow the Live Tweets at #CPOV</b>
<p>Second international conference of the <em>CPOV Wikipedia Research
Initiative</em> :: March 26-27, 2010 :: OBA (Public Library Amsterdam,
next to Amsterdam central station), Oosterdokskade 143, Amsterdam.</p>
<p>Wikipedia is at the brink of becoming the de facto global reference
of dynamic knowledge. The heated debates over its accuracy, anonymity,
trust, vandalism and expertise only seem to fuel further growth of
Wikipedia and its user base. Apart from leaving its modern counterparts
Britannica and Encarta in the dust, such scale and breadth places
Wikipedia on par with such historical milestones as Pliny the Elder’s
Naturalis Historia, the Ming Dynasty’s Wen-hsien ta- ch’ eng, and the
key work of French Enlightenment, the Encyclopedie. <span id="more-10604"></span>The multilingual Wikipedia as digital
collaborative and fluid knowledge production platform might be said to
be the most visible and successful example of the migration of FLOSS
(Free/ Libre/ Open Source Software) principles into mainstream culture.
However, such celebration should contain critical insights, informed by
the changing realities of the Internet at large and the Wikipedia
project in particular.</p>
<p>The CPOV Research Initiative was founded from the urge to stimulate
critical Wikipedia research: quantitative and qualitative research that
could benefit both the wide user-base and the active Wikipedia community
itself. On top of this, Wikipedia offers critical insights into the
contemporary status of knowledge, its organizing principles, function,
and impact; its production styles, mechanisms for conflict resolution
and power (re-)constitution. The overarching research agenda is at once a
philosophical, epistemological and theoretical investigation of
knowledge artifacts, cultural production and social relations, and an
empirical investigation of the specific phenomenon of the Wikipedia.</p>
<p>Conference Themes: Wiki Theory, Encyclopedia Histories, Wiki Art,
Wikipedia Analytics, Designing Debate and Global Issues and Outlooks.</p>
<p>Follow the live tweets on http://twitter.com/#search?q=%23CPOV</p>
<p>Confirmed speakers: Florian Cramer (DE/NL), Andrew Famiglietti (UK),
Stuart Geiger (USA), Hendrik-Jan Grievink (NL), Charles van den Heuvel
(NL), Jeanette Hofmann (DE), Athina Karatzogianni (UK), Scott Kildall
(USA), Patrick Lichty (USA), Hans Varghese Mathews (IN), Teemu Mikkonen
(FI), Mayo Fuster Morell (IT), Mathieu O’Neil (AU), Felipe Ortega (ES),
Dan O’Sullivan (UK), Joseph Reagle (USA), Ramón Reichert (AU), Richard
Rogers (USA/NL), Alan Shapiro (USA/DE), Maja van der Velden (NL/NO),
Gérard Wormser (FR).</p>
<p>Editorial team: Sabine Niederer and Geert Lovink (Amsterdam), Nishant
Shah and Sunil Abraham (Bangalore), Johanna Niesyto (Siegen), Nathaniel
Tkacz (Melbourne). Project manager CPOV Amsterdam: Margreet Riphagen.
Research intern: Juliana Brunello. Production intern: Serena Westra.</p>
<p>The CPOV conference in Amsterdam will be the second conference of the
CPOV Wikipedia Research Initiative. The launch of the initiative took
place in Bangalore India, with the conference WikiWars in January 2010.
After the first two events, the CPOV organization will work on
producing a reader, to be launched early 2011. For more information or
submitting a <a href="http://networkcultures.org/wpmu/cpov/reader">reader</a>
contribution.</p>
<p>Buy your ticket <a href="http://networkcultures.org/wpmu/cpov/practical-info/tickets/">online</a>
(with iDeal), or register by sending an email to: info (at)
networkcultures.org. One day ticket: €25, students and OBA members:
€12,50. Full conference pass (2 days): €40, students and OBA members:
25.</p>
<p>Organized by the Institute of Network Cultures Amsterdam, in
cooperation with the Centre for Internet and Society in Bangalore,
India.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/research/conferences/conference-blogs/cpov'>http://editors.cis-india.org/research/conferences/conference-blogs/cpov</a>
</p>
No publishernishantConferenceOpen StandardsDigital ActivismDigital GovernanceDigital AccessPublic AccountabilityResearchFeatured2011-08-23T02:52:25ZBlog EntryCivic Hacking Workshop
http://editors.cis-india.org/openness/blog-old/civic-hacking-workshop
<b>CIS, with the UK Government's Foreign Office and the Cabinet Office Team for Digital Engagement, and Google India, is organizing a workshop on open data (or the lack thereof) and 'civic hacking'.</b>
<p>The UK Government's Foreign Office and the Cabinet Office Team for Digital Engagement, Google India and the Centre for Internet and Society, Bangalore are organizing a 'Civic Hacking Workshop' on Wednesday, July 28, 2010, bringing together civic-minded technologists who've been working with governmental data in India and Britain.</p>
<p>The workshop will discuss the problems of obtaining data, especially in India, the technological solutions that these various groups have encountered, the difficulties of technology as a mass-based civic solution, and the visions that these groups have for a more engaged civil society and the contributions they seek to make to the public.</p>
<p> </p>
<p>The people attending are, from India (Bangalore):</p>
<ol><li>Alok Singh (Akshara Foundation)</li><li>Shivangi Desai (Akshara Foundation)</li><li>Arun Ganesh (Geohackers / National Institute of Design)</li><li>A. Pandian (Mapunity)</li><li>Sridhar Raman (Mapunity)</li><li>S. Raghavan Kandala (Mapunity)</li><li>Thejesh GN (Janaagraha / Infosys)</li><li>Sushant Sinha (IndianKanoon.com / Yahoo)</li><li>Vijay Rasquinha (Mahiti)</li><li>P.G. Bhat (SmartVote.in)<br /></li><li>Pranesh Prakash (CIS)</li><li>Raman Jit Singh Chima (Google)</li></ol>
<p><br />And from Britain:</p>
<ol><li>David McCandless (Information Is Beautiful)</li><li>Harry Metcalfe (TellThemWhatYouThink.org / Open Rights Group)</li><li>Tim Green (Democracy Club)</li><li>Edmund von der Burg (YourNextMP)</li><li>Rohan Silva (Special Adviser to the PM)</li></ol>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/openness/blog-old/civic-hacking-workshop'>http://editors.cis-india.org/openness/blog-old/civic-hacking-workshop</a>
</p>
No publisherpraneshOpen DataWorkshopDigital GovernanceOpenness2011-08-23T03:14:03ZBlog EntryBeyond Scale: How to make your digital development program sustainable
http://editors.cis-india.org/internet-governance/news/beyond-scale-how-to-make-your-digital-development-program-sustainable
<b>A dissemination workshop was organized by BBC Media Action, with support from the Digital Impact Alliance and the Bill & Melinda Gates Foundation on February 21, 2018 in Bangalore. Sunil Abraham participated in the workshop.</b>
<h3>Agenda</h3>
<p><b>9.00 to 9.45</b></p>
<p>Registration and coffee</p>
<p><b>9.50 to 10.05</b></p>
<p>Introduction to ‘<i>Beyond Scale’</i>, Kate Willson, CEO, Digital Impact Alliance</p>
<p><b>10.15 to 11.15</b></p>
<p>‘Surviving the Valley of Death’, panel discussion with:</p>
<ul>
<li>Rahul Mullick, ICT lead, Bill & Melinda Gates Foundation, India, </li>
<li>Nehal Sanghavi, Senior Advisor for Innovation and Partnership, USAID, India</li>
<li>Kate Wilson, CEO, Digital Impact Alliance</li>
<li>Priyanka Dutt, Country Director, BBC Media Action</li>
</ul>
<p><span>Moderated by Sara Chamberlain, Digital Director, BBC Media Action</span></p>
<p><b>11.15 to 11.30 </b></p>
<p>Tea/coffee break</p>
<p><b> </b></p>
<p><b> </b></p>
<p><b>11.30 to 11.45</b></p>
<p>Introduction to the table workshop sessions</p>
<p><b>11.45 to 1.00</b></p>
<p style="text-align: justify; ">Each table works to identify solutions to some of the digital development sector’s most pressing challenges in the areas of organizational change management, regulatory compliance, legal protection and risk, public sector adoption, private sector business models, solution design, technical architecture for scale, partnerships and human capacity.</p>
<p><b> </b></p>
<p><b> </b></p>
<p><b>1 PM to 2.00</b></p>
<p>Lunch</p>
<p><b> </b></p>
<p><b> </b></p>
<p><b>2.00 to 2.30</b></p>
<p>Each table finalizes its presentation.</p>
<p><b>3.00 to 4.15</b></p>
<p>Presentations, Q&A and discussion of each table’s group work</p>
<p><b>4.15 </b></p>
<p>Tea/coffee will be served at the tables</p>
<p><b> </b></p>
<p><b> </b></p>
<p><b>4.30 to 4.45</b></p>
<p>Introduction to the ‘Expert Bar’</p>
<p><b> </b></p>
<p><b> </b></p>
<p><b>4.45 to 6.00 </b></p>
<p style="text-align: justify; ">There will be one or more ‘experts’ in specific focus areas of the guide seated at each table. Participants are free to visit the tables that interest them to discuss their challenges and share their own expertise. <b><br /> </b></p>
<p><b> </b></p>
<p><b>6.00 – 9.00</b></p>
<p>Networking reception with open bar and snacks</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/beyond-scale-how-to-make-your-digital-development-program-sustainable'>http://editors.cis-india.org/internet-governance/news/beyond-scale-how-to-make-your-digital-development-program-sustainable</a>
</p>
No publisherAdminInternet GovernanceDigital Governance2018-02-26T14:23:26ZNews ItemAn Evidence based Intermediary Liability Policy Framework: Workshop at IGF
http://editors.cis-india.org/internet-governance/blog/igf-workshop-an-evidence-based-intermediary-liability-policy-framework
<b>CIS is organising a workshop at the Internet Governance Forum 2014. The workshop will be an opportunity to present and discuss ongoing research on the changing definition of intermediaries and their responsibilities across jurisdictions and technologies and contribute to a comprehensible framework for liability that is consistent with the capacity of the intermediary and with international human-rights standards.</b>
<p style="text-align: justify; ">The Centre for Internet and Society, India and Centre for Internet and Society, Stanford Law School, USA, will be organising a workshop to analyse the role of intermediary platforms in relation to freedom of expression, freedom of information and freedom of association at the Internet Governance Forum 2014. <span>The aim of the workshop is to highlight the increasing importance of digital rights and broad legal protections of stakeholders in an increasingly knowledge-based economy. The workshop will discuss public policy issues associated with Internet intermediaries, in particular their roles, legal responsibilities and related liability limitations in context of the evolving nature and role of intermediaries in the Internet ecosystem. distinct</span></p>
<p style="text-align: justify; "><b>Online Intermediaries: Setting the context</b></p>
<p style="text-align: justify; ">The Internet has facilitated unprecedented access to information and amplified avenues for expression and engagement by removing the limits of geographic boundaries and enabling diverse sources of information and online communities to coexist. Against the backdrop of a broadening base of users, the role of intermediaries that enable economic, social and political interactions between users in a global networked communication is ubiquitous. Intermediaries are essential to the functioning of the Internet as many producers and consumers of content on the internet rely on the action of some third party–the so called intermediary. Such intermediation ranges from the mere provision of connectivity, to more advanced services such as providing online storage spaces for data, acting as platforms for storage and sharing of user generated content (UGC), or platforms that provides links to other internet content.</p>
<p style="text-align: justify; ">Online intermediaries enhance economic activity by reducing costs, inducing competition by lowering the barriers for participation in the knowledge economy and fuelling innovation through their contribution to the wider ICT sector as well as through their key role in operating and maintaining Internet infrastructure to meet the network capacity demands of new applications and of an expanding base of users.</p>
<p style="text-align: justify; ">Intermediary platforms also provide social benefits, by empowering users and improving choice through social and participative networks, or web services that enable creativity and collaboration amongst individuals. By enabling platforms for self-expression and cooperation, intermediaries also play a critical role in establishing digital trust, protection of human rights such as freedom of speech and expression, privacy and upholding fundamental values such as freedom and democracy.</p>
<p style="text-align: justify; ">However, the economic and social benefits of online intermediaries are conditional to a framework for protection of intermediaries against legal liability for the communication and distribution of content which they enable.</p>
<p style="text-align: justify; "><b>Intermediary Liability</b></p>
<p style="text-align: justify; ">Over the last decade, right holders, service providers and Internet users have been locked in a debate on the potential liability of online intermediaries. The debate has raised global concerns on issues such as, the extent to which Internet intermediaries should be held responsible for content produced by third parties using their Internet infrastructure and how the resultant liability would affect online innovation and the free flow of knowledge in the information economy?</p>
<p style="text-align: justify; ">Given the impact of their services on communications, intermediaries find themselves as either directly liable for their actions, or indirectly (or “secondarily”) liable for the actions of their users. Requiring intermediaries to monitor the legality of the online content poses an insurmountable task. Even if monitoring the legality of content by intermediaries against all applicable legislations were possible, the costs of doing so would be prohibitively high. Therefore, placing liability on intermediaries can deter their willingness and ability to provide services, hindering the development of the internet itself.</p>
<p style="text-align: justify; ">Economics of intermediaries are dependent on scale and evaluating the legality of an individual post exceeds the profit from hosting the speech, and in the absence of judicial oversight can lead to a private censorship regime. Intermediaries that are liable for content or face legal exposure, have powerful incentives, to police content and limit user activity to protect themselves. The result is curtailing of legitimate expression especially where obligations related to and definition of illegal content is vague. Content policing mandates impose significant compliance costs limiting the innovation and competiveness of such platforms.</p>
<p style="text-align: justify; ">More importantly, placing liability on intermediaries has a chilling effect on freedom of expression online. Gate keeping obligations by service providers threaten democratic participation and expression of views online, limiting the potential of individuals and restricting freedoms. Imposing liability can also indirectly lead to the death of anonymity and pseudonymity, pervasive surveillance of users' activities, extensive collection of users' data and ultimately would undermine the digital trust between stakeholders.</p>
<p style="text-align: justify; ">Thus effectively, imposing liability for intermediaries creates a chilling effect on Internet activity and speech, create new barriers to innovation and stifles the Internet's potential to promote broader economic and social gains. To avoid these issues, legislators have defined 'safe harbours', limiting the liability of intermediaries under specific circumstances.</p>
<p style="text-align: justify; ">Online intermediaries do not have direct control of what information is or information are exchanged via their platform and might not be aware of illegal content per se. A key framework for online intermediaries, such limited liability regimes provide exceptions for third party intermediaries from liability rules to address this asymmetry of information that exists between content producers and intermediaries.</p>
<p style="text-align: justify; ">However, it is important to note, that significant differences exist concerning the subjects of these limitations, their scope of provisions and procedures and modes of operation. The 'notice and takedown' procedures are at the heart of the safe harbour model and can be subdivided into two approaches:</p>
<p style="text-align: justify; ">a. Vertical approach where liability regime applies to specific types of content exemplified in the US Digital Copyright Millennium Act</p>
<p style="text-align: justify; ">b. Horizontal approach based on the E-Commerce Directive (ECD) where different levels of immunity are granted depending on the type of activity at issue</p>
<p style="text-align: justify; "><b>Current framework </b></p>
<p style="text-align: justify; ">Globally, three broad but distinct models of liability for intermediaries have emerged within the Internet ecosystem:</p>
<p style="text-align: justify; ">1. Strict liability model under which intermediaries are liable for third party content used in countries such as China and Thailand</p>
<p style="text-align: justify; ">2. Safe harbour model granting intermediaries immunity, provided their compliance on certain requirements</p>
<p style="text-align: justify; ">3. Broad immunity model that grants intermediaries broad or conditional immunity from liability for third party content and exempts them from any general requirement to monitor content. <b> </b></p>
<p style="text-align: justify; ">While the models described above can provide useful guidance for the drafting or the improvement of the current legislation, they are limited in their scope and application as they fail to account for the different roles and functions of intermediaries. Legislators and courts are facing increasing difficulties, in interpreting these regulations and adapting them to a new economic and technical landscape that involves unprecedented levels user generated content and new kinds of and online intermediaries.</p>
<p style="text-align: justify; ">The nature and role of intermediaries change considerably across jurisdictions, and in relation to the social, economic and technical contexts. In addition to the dynamic nature of intermediaries the different categories of Internet intermediaries‘ are frequently not clear-cut, with actors often playing more than one intermediation role. Several of these intermediaries offer a variety of products and services and may have number of roles, and conversely, several of these intermediaries perform the same function. For example , blogs, video services and social media platforms are considered to be 'hosts'. Search engine providers have been treated as 'hosts' and 'technical providers'.</p>
<p style="text-align: justify; ">This limitations of existing models in recognising that different types of intermediaries perform different functions or roles and therefore should have different liability, poses an interesting area for research and global deliberation. Establishing classification of intermediaries, will also help analyse existing patterns of influence in relation to content for example when the removal of content by upstream intermediaries results in undue over-blocking.</p>
<p style="text-align: justify; ">Distinguishing intermediaries on the basis of their roles and functions in the Internet ecosystem is critical to ensuring a balanced system of liability and addressing concerns for freedom of expression. Rather than the highly abstracted view of intermediaries as providing a single unified service of connecting third parties, the definition of intermediaries must expand to include the specific role and function they have in relation to users' rights. A successful intermediary liability regime must balance the needs of producers, consumers, affected parties and law enforcement, address the risk of abuses for political or commercial purposes, safeguard human rights and contribute to the evolution of uniform principles and safeguards.</p>
<p style="text-align: justify; "><b>Towards an evidence based intermediary liability policy framework</b></p>
<p style="text-align: justify; ">This workshop aims to bring together leading representatives from a broad spectrum of stakeholder groups to discuss liability related issues and ways to enhance Internet users’ trust.</p>
<p style="text-align: justify; ">Questions to address at the panel include:</p>
<p style="text-align: justify; ">1. What are the varying definitions of intermediaries across jurisdictions?</p>
<p style="text-align: justify; ">2. What are the specific roles and functions that allow for classification of intermediaries?</p>
<p style="text-align: justify; ">3. How can we ensure the legal framework keeps pace with technological advances and the changing roles of intermediaries?</p>
<p style="text-align: justify; ">4. What are the gaps in existing models in balancing innovation, economic growth and human rights?</p>
<p style="text-align: justify; ">5. What could be the respective role of law and industry self-regulation in enhancing trust?</p>
<p style="text-align: justify; ">6. How can we enhance multi-stakeholder cooperation in this space?</p>
<p style="text-align: justify; ">Confirmed Panel:</p>
<p style="text-align: justify; ">Technical Community: Malcolm Hutty: Internet Service Providers Association (ISPA)<br />Civil Society: Gabrielle Guillemin: Article19<br />Academic: Nicolo Zingales: Assistant Professor of Law at Tilburg University<br />Intergovernmental: Rebecca Mackinnon: Consent of the Networked, UNESCO project<br />Civil Society: Anriette Esterhuysen: Association for Progressive Communication (APC)<br />Civil Society: Francisco Vera: Advocacy Director: Derechos Digitale<br />Private Sector: Titi Akinsanmi: Policy and Government Relations Manager, Google Sub-Saharan Africa<br />Legal: Martin Husovec: MaxPlanck Institute</p>
<p style="text-align: justify; "><b> </b></p>
<p style="text-align: justify; "><span>Moderator(s): </span><span>Giancarlo Frosio, Centre for Internet and Society (CIS) and </span><span>Jeremy Malcolm, Electronic Frontier Foundation </span></p>
<p style="text-align: justify; "><span><span>Remote Moderator: </span><span>Anubha Sinha, New Delhi</span></span></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/igf-workshop-an-evidence-based-intermediary-liability-policy-framework'>http://editors.cis-india.org/internet-governance/blog/igf-workshop-an-evidence-based-intermediary-liability-policy-framework</a>
</p>
No publisherjyotihuman rightsDigital Governanceinternet governanceFreedom of Speech and ExpressionInternet Governance ForumHuman Rights OnlineIntermediary LiabilityPoliciesMulti-stakeholder2014-07-04T06:41:10ZBlog EntryA provisional definition for the Cultural Last Mile
http://editors.cis-india.org/raw/histories-of-the-internet/blogs/the-last-cultural-mile/definiton
<b>In the first of his entries, Ashish Rajadhyaksha gives his own spin on the 'Last Mile' problem that has been at the crux of all public technologies. Shifting the terms of debate away from broadcast problems of distance and access, he re-purposes the 'last mile' which is a communications problem, to make a cultural argument about the role and imagination of technology in India, and the specific ways in which this problem features in talking about Internet Technologies in contemporary India.</b>
<div class="main">
<div class="snap_preview">
<p>In its classical
form, the ‘last mile’ is a communications term defining the final stage
of providing connectivity from a communications provider to a customer,
and has been used as such most commonly by telecommunications and cable
television industries. There has however been a a specific Indian
variant, seen in its most classical avatar in scientist Vikram
Sarabhai’s contention that overcoming the last mile could solve the two
major challenges India has faced, of <strong>linguistic diversity </strong>and <strong>geographical distance</strong>,
and mounted as the primary argument for terrestrial television in the
early 1980s. (I will try and attach the Sarabhai paper a little later
to this posting).</p>
<p>This specifically Indian variation, where technology was mapped onto
developmentalist-democratic priorities, has been the dominant
characteristic of communications technology since at least the
invention of the radio in the 1940s. For at least 50 years now, that
means, the last mile has become a mode of a techno-democracy, where
connectivity has been directly translated into democratic citizenship.
It has continuously provided the major rationale for successive
technological developments, from the 1960s wave of portable
transistors, the terrestrial transponders of the first televisual
revolution it the early 1980s (the Special Plan for the Expansion of
Television), the capacity of satellite since SITE and the INSAT series,
and from the 1990s the arrival of wired networks (LANs, Cable,
fibre-optic) followed by wireless (WLAN, WiMAX, W-CDMA). At each point
the assumption has been consistently made that the final frontier was
just around the corner; that the next technology in the chain would
breach a major barrier, once and for all.</p>
<p><strong>What I hope to do is to provide a historical account to
argue that the theory of the ‘last mile’ has been founded on
fundamental (mis)apprehensions around just what this bridge
constitutes. </strong>Further, that these apprehensions may have been
derived from a misconstruction of democractic theory, to assume, first,
an evolutionary rather than distributive model for connectivity, and
second, to introduce a major bias for broadcast (or one-to-many) modes
as against many-to-many peer-to-peer formats. The book, whenever I
succeed in writing it, will hope to argue the following:</p>
<p>1. It has been difficult to include <strong>human resource</strong>
as an integral component to the last mile. Contrary to the relentlessly
technologized definition of the last mile, it may perhaps be best seen
historically as <em>also</em>, and even perhaps <em>primarily</em>, a
human resource issue. This is not a new realization, but it is one that
keeps reproducing itself with every new technological generation<a href="http://culturallastmile.wordpress.com/#_ftn1">[1]</a>,
with ever newer difficulties. The endemic assumption, derived from the
broadcasting origins of the definition is that it is primarily the <em>sender</em>’s responsibility to bridge the divide, that <em>technology </em>can
aid him to do so on its own, and that such technology can negate the
need to define connectivity as a multiple-way partnership as it reduces
the recipient into no more than an intelligent recipient of what is
sent (the citizen model). On the other hand, it is possible to show how
previous successful experiments bridging the last mile have been ones
where <em>recipients have been successfully integrated into the communications model </em>both as peers and, even more significantly, as <em>originators </em>as well as <em>enhancers </em>of
data. Importantly, this paper will show, this has been evidenced even
in one-way ‘broadcast’ modes such as film, television and radio (in the
movie fan, community radio and the television citizen-journalist).</p>
<p>2. The one-way broadcast versus peer-to-peer versus two/multiple-way
debate needs to he historically revisited. The need to redefine the
beneficiary of a connectivity cycle as a full-fledged partner tends to
come up against a bias written into standard communications models –
and therefore several standard revenue models – that consistently tend
to underplay what this paper will call the <em>significant sender/recipient</em>.
While both terrestrial and satellite systems require some level of
peer-to-peer transmission systems to facilitate last-mile
communications, it has been a common problem that unless <em>either</em> a clear focus exists on geographic areas <em>or</em>
significant peer-to-peer participation exists, broadcast models
inevitably find themselves delivering large amounts of S/N at low
frequencies without sufficient spectrum to support large information
capacity. While it is technically possible to ‘flood’ a region in
broadcasting terms, this inevitably leads to extremely high wastage as
much of the radiated ICE never reaches any user at all. As information
requirements increase, broadcast ‘wireless mesh’ systems small enough
to provide adequate information distribution to and from a relatively
small number of local users, require a prohibitively large number of
broadcast locations along with a large amount of excess capacity to
make up for the wasted energy.</p>
<p>This problem, importantly, springs as much from a built-in <em>ideological </em>commitment
to one-way broadcasting formats, as from technological limitations. The
technology itself poses further problems given the bias of different
systems to different kinds of connectivity, and with it different types
of peer-to-peer possibilities. Rather than attempting a
one-size-fits-all model for all models to follow, we need to work out
different <em>synergies </em>between broadcast-dependent and peer-to-peer-enabled platforms.</p>
<p>This book will eventually hope to study the history of peer-to-peer
and multiple-way structures as systems where sending has become a
component part of receiving. Key technological precedents to the
present definition of the sender-communication ‘partner’ would be <strong>community radio</strong>, <strong>low-power transmission-reception systems </strong>(most famously the Pij experiment in Gujarat conducted by ISRO), and various <strong>internet-based networking models</strong>.</p>
<p>3. The need to revisit the technological community is therefore
critical. The key question is one of how technological communities have
been produced, and how they may be sustained. In January 2007, the
attack by V.S. Ailawadi, former Chairman, Haryana Electricty Regulatory
Commission, on India’s public sector telecom giants BSNL and MTNL for
keeping their ‘huge infrastructure’ of ‘copper wire and optic fibre’ to
themselves, when these could be used by private operators as cheaper
alternatives to WiMAX, W-CDMA and broadband over power lines, shows the
uneasy relationship between new players and state agencies. Mr.
Ailawadi’s contention that the ‘unbundling’ of the last mile would
bring in competition for various types of wireless applications and
broadband services not just for 45 million landlines but also for 135
million mobile users of various service providers, also therefore needs
to be revisited from the perspective of community formation. How would
the new 135 million mobile users be effectively tapped for their
capacity to become what we are calling significant senders?</p>
<p>In defining the last mile as to do with the recipient-as-sender, and thus the <strong>community</strong>, this paper will focus on a history of community action along specific models of connectivity. These are: cinema’s <strong>movie fan</strong>, internet’s <strong>blogger</strong> and <strong>networker</strong>, solar energy’s <strong>barefoot engineer</strong>, software’s <strong>media pusher</strong> and television’s <strong>citizen-journalist. </strong>A specific focus for study will be the models of <strong>participatory learning</strong> in the classroom, using <strong>film</strong>, the <strong>vinyl disc</strong>, the <strong>audio cassette</strong>, the <strong>radio</strong>, the <strong>television</strong>, the <strong>web </strong>and now the <strong>mobile phone</strong>.</p>
</div>
</div>
<p>
For more details visit <a href='http://editors.cis-india.org/raw/histories-of-the-internet/blogs/the-last-cultural-mile/definiton'>http://editors.cis-india.org/raw/histories-of-the-internet/blogs/the-last-cultural-mile/definiton</a>
</p>
No publishernishantA copy of this post is also available on the author's personal blog at http://culturallastmile.wordpress.com/2009/10/25/1-what-is-the-cultural-last-mile/ICT4DDigital GovernancePublic AccountabilityInternet GovernanceCyberculturesDigital subjectivities2011-08-02T08:57:07ZBlog Entry