The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 1 to 15.
Wiki's worth, on a different turf
http://editors.cis-india.org/news/wiki-worth-different-turf
<b>An Indian duo–a programmer and a mathematician–have developed a tool to expose anonymous writers and cleanse Wikipedia of rogue editors</b>
<p>Bangalore-based Kiran Jonnalagadda, a Web programming guru, and Hans Varghese Mathews, a mathematician, are the new entrants to the emerging field of Wikipedia research. The duo is credited with building Wiki Analysis, a tool that helps researchers understand the growing phenomenon of astroturfing, the practice of faking grass-roots support on Wikipedia and other websites. Wikipedia is the first Google result for most searches and this has made it a popular destination for those trying to manipulate public opinion on the Internet. Corporations, governments and even pop artists have been caught astroturfing in the past.</p>
<p>Jonnalagadda and Mathews are among 34 researchers from 17 countries attending a two-day conference in Bangalore, WikiWars, which is concluding today. WikiWars is taking a fresh look at many different aspects of the world’s biggest encyclopaedia, the sixth most popular website on the Internet.</p>
<p>The first generation of astroturfing on Wikipedia has been, thus far, largely unsophisticated, with little attention paid to covering up digital evidence. Remember the campaign Avril Lavigne’s fans launched last year that turned her music video Girlfriend into the most viewed clip on YouTube? Wal-Mart Stores Inc. contracted its public relations firm Edelman to maintain a fake website called “Working Families for Wal-Mart”. They pretended to be ordinary citizens who opposed the views of the firm’s labour union.</p>
<p>It is well known that platforms such as Twitter and Facebook, with opaque management procedures, are susceptible to astroturf campaigns. Supporters of open licensing and peer production have always held that Wikipedia and other community-managed platforms are protected thanks to their transparency in policies and practices. But as far as Wikipedia researchers are concerned, the jury is still out.</p>
<p>Microsoft tried to pay technology blogger Rick Jelliffe to work on Wikipedia connected to OOXML (Office Open XML) during the ISO (International Organization for Standardization) approval process in an attempt to influence the global vote. OOXML was the new file format for MS Office documents that urgently needed approval to check the growing popularity of Open Office. A user called “Ril_editor”, active between September 2007 and May 2008, who claimed to be working out of Reliance Industries Ltd’s chief Mukesh Ambani’s offices, tried to expunge pages connected to negative publicity about Reliance. Scientologists were blocked by Wikipedia’s arbitration committee when they were found trying to systematically undermine Wikipedia’s NPOV (neutral point of view) policy. NPOV is Wikipedia’s particular spin on non-partisanship, providing equal space to all opinions. However, some Wikipedia researchers such as Geert Lovink, head of the Institute of Network Cultures, Amsterdam, and co-organizer of the WikiWars conference, believes that the dominance of English and textual citation requirements has meant that NPOV is never translated into practice.</p>
<p>An American team based out of the Santa Fe Institute, US, has developed WikiScanner, a public database of IP addresses that helps reveal the organizations behind anonymous edits on Wikipedia. WikiScanner has been used to expose the US Central Intelligence Agency’s manipulation of pages. WikiScanner doesn’t yet work for edits by authenticated users. The WikiScanner team has also developed another tool called Potential Sock Puppetry, which exposes those who use multiple user accounts from the same IP address. However, both tools could be circumvented by purchasing multiple data cards or getting people to work from public access points such as coffee shops and cyber cafés.</p>
<p>It is this gap the Indian duo’s tool tries to plug. The first version of their Wiki Analysis tool clusters users into potential lobbies based on the pages they edit within a date range. The tool’s next version will cluster users into lobbies based on the words they consistently add and delete across pages. Says Jonnalagadda, “Wikipedia is now close to a decade old and has many articles that have existed since its earliest days and have been edited by thousands of individuals.” It is now the primary encyclopaedic destination for Internet users, and that makes it a ripe target for astroturfing. At no point in the history of human civilization have so many collaborated over so long to produce one canonical document on any article of human knowledge.</p>
<p>“Wikipedia users rarely bother to check how a page was edited, but that information is all there, available to anyone who cares to look. We’re building the tools to help make sense of it,” Jonnalagadda says. Once Wiki Analysis is ready, you will be able to check if, for example, the editors of the climate change page on Wikipedia are more interested in ecology or energy.</p>
<p>Original article on <a class="external-link" href="http://www.livemint.com/2010/01/12210114/Wiki8217s-worth-on-a-diffe.html">Livemint</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/news/wiki-worth-different-turf'>http://editors.cis-india.org/news/wiki-worth-different-turf</a>
</p>
No publishersunilOpenness2012-10-23T08:33:56ZNews Item Why the DNA Bill is open to misuse: Sunil Abraham
http://editors.cis-india.org/internet-governance/news/business-standard-kanika-datta-august-1-2015-why-the-dna-bill-is-open-to-misuse-sunil-abraham
<b>The Human DNA Profiling Bill, the law that regulates the collection, storage and use of the human genetic code, has attracted some strong criticism from civil liberties groups including the Bengaluru-based Centre for Internet and Society (CIS) which had participated in the expert committee for DNA profiling constituted by the Department of Biotechnology in 2012.</b>
<p style="text-align: justify; "><span class="p-content">CIS circulated a detailed dissent note earlier this year on the draft of the Bill. As the government gets ready to table the Bill in Parliament, CIS Executive Director <b>Sunil Abraham</b> tells <i>Kanika Datta</i> why the provisions of the Bill are open to misuse and invasion of privacy. Edited excerpts:</span></p>
<p style="text-align: justify; "><span class="p-content"><span class="p-content"><b>Why does Centre for Internet and Society reject using DNA analysis for non-forensic use as set out in the Human DNA Profiling Bill in its current form? What are the possible risks involved here?</b><br /> <br /> The problem here is that the introduction to the Bill talks of DNA matches "without a doubt". But the way we understand it, biometric technology depends on approximate matching and not discrete matching. Unlike, say, the technology used for matching digital signatures, machines for matching DNA, fingerprints or the iris specify a false positive ratio when they leave the factory - that's what created the controversy in the O J Simpson trial, for example. This means you have to be very conservative in populating the database. For a given false positive ratio - the larger the database the greater the incidence of mistaken identification. That is why we think that for purposes other than forensic use, it would be better to create other databases.<br /> <br /> Let me clear: we are not Luddites but neither are we naïve techno-enthusiasts. After all, the Innocence Project in the US has managed to overturn the convictions of many people who were held guilty through DNA evidence. But it is a myth that the more sophisticated the technology the more secure and accurate it is. In fact, the reverse is often true. For instance, the voter machines we use in India are primitive technology but they are much harder to compromise compared to the voting machines used in the US. Given all this, we believe that there should be "process fixes", such as sending DNA collected from a crime scene to two laboratories as a check and balance against the fallibility of human beings and machines.<br /> <br /> <b>CIS made the point that the powers of the DNA Board are too wide. In what possible way could these powers be misused since the Board is to be an independent authority?</b><br /> <br /> When this exercise was started, the DNA Board had 26 functions. We proposed that this be cut this down to ten, which was accepted by a sub-committee. But when the final Bill came back it rejected the consensus view and restored the 26 functions, including things like "raising the general awareness". All this detracts from the Board's primary role and efficiency and expands its discretionary powers. It is true that a good regulator needs some amount of discretion but this should be a limited discretion within a tightly defined scope -- this is true for any regulator, not just the DNA Board.<br /> <br /> <b>The provision that no civil suit can be entertained on any matter on which the DNA Board is empowered under the Act looks excessive. Is there any precedent that explains why this provision was introduced? What kind of oversight and checks and balances are there in other jurisdictions that could be incorporated in the Indian law? </b><br /> <br /> I can understand the logic here; the government is trying to ensure that the regulator has final say. After all, if you look at telecom, the decisions of the TDSAT (Telecom Dispute Settlement & Appellate Tribunal) can be appealed in the High Court and the Supreme Court. But eliminating judicial appeal as this Bill has state amounts to a violation of classic regulatory design by circumventing the appellate process. Ideally, we need a tripartite separation of law in which the executive frames policies, the DNA board implements them and the courts adjudicate upon them.<br /> <br /> <b>You have said the term "DNA Analysis" has not been defined. Could you explain the possible risks of the absence of a definition?</b><br /> <br /> DNA analysis is of many types and some of them allow you to get to know a person quite intimately in terms of their medical history, genetic traits and so on. But forensic analysis looks at a limited set of markers which are essentially privacy-protecting and from which no genetic traits can be determined. You can't, for instance, do a study on the genetic make-up of criminals from this analysis. Now, if this Bill is around law enforcement - which we know is the policy intention - then the DNA analysis should be limited to those markers. That would reduce the chances of abuse.<br /> <br /> <b>You have also criticised the low standards of information disclosure and suggest the issue should be vested in an independent third party rather than the DNA Bank Manager. Could you explain how this would help?</b><br /> <br /> In information and technology and telecom there is an executive authorisation mechanism in place for information sharing that requires the home secretary's permission for non-emergency situations and the head of the police station in the case of an emergency. We want a similar authorisation process - say, a judge and an established paper trail so that there are proper checks and balances. When personal information is involved, even the DNA Board is not well placed because its members are scientists whereas disclosure of personal information is a question of the law.<br /> <br /> <b>You have said the Bill has not been brought in line with the nine national privacy principles set out by an expert committee in 2012. Shouldn't a privacy law precede the passing of the DNA Bill in any case?</b><br /> <br /> It's not a chicken-and-egg situation, but the point to consider is that the world is moving towards European data protection principles, and something like 100 countries have adopted it. If we in India want to trade in European personal information (via our BPO and outsourcing businesses) we must have a law that is adequate from the data protection perspective. This means, among other things, mandating that anyone whose DNA profile is accessed receives a notice to this effect, for instance. We know that the Department of Personnel and Training has incorporated the principles set out in the Justice Shah report in the privacy Bill two years ago but we haven't heard anything about it since. If and when this Bill is enacted, it will have overriding powers over a host of laws. But where the DNA Bill is concerned, there is no reason for it not to take cognisance of a later law.<br /> <br /> <b>What has been the government's reaction to this dissent note?</b><br /> <br /> No reaction!</span></span></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/business-standard-kanika-datta-august-1-2015-why-the-dna-bill-is-open-to-misuse-sunil-abraham'>http://editors.cis-india.org/internet-governance/news/business-standard-kanika-datta-august-1-2015-why-the-dna-bill-is-open-to-misuse-sunil-abraham</a>
</p>
No publishersunilDNA ProfilingInternet GovernancePrivacy2015-09-13T08:37:44ZNews ItemWhy NPCI and Facebook need urgent regulatory attention
http://editors.cis-india.org/internet-governance/blog/economic-times-june-10-2018-sunil-abraham-why-npci-and-facebook-need-urgent-regulatory-attention
<b>The world’s oldest networked infrastructure, money, is increasingly dematerialising and fusing with the world’s latest networked infrastructure, the Internet. </b>
<p style="text-align: justify; ">The article was published in the <a class="external-link" href="https://economictimes.indiatimes.com/industry/banking/finance/banking/why-npci-and-facebook-need-urgent-regulatory-attention/articleshow/64522587.cms">Economic Times</a> on June 10, 2018.</p>
<hr />
<p style="text-align: justify; ">As the network effects compound, disruptive acceleration hurtle us towards financial utopia, or dystopia. Our fate depends on what we get right and what we get wrong with the law, code and architecture, and the market.</p>
<p style="text-align: justify; ">The Internet, unfortunately, has completely transformed from how it was first architected. From a federated, generative network based on free software and open standards, into a centralised, environment with an increasing dependency on proprietary technologies.</p>
<p style="text-align: justify; ">In countries like Myanmar, some citizens misconstrue a single social media website, Facebook, for the internet, according to LirneAsia research. India is another market where Facebook could still get its brand mistaken for access itself by some users coming online. This is Facebook put so many resources into the battle over Basics, in the run-up to India’s network neutrality regulation. an odd corporation.</p>
<p style="text-align: justify; ">On hand, its business model is what some term surveillance capitalism. On the other hand, by acquiring WhatsApp and by keeping end-toend (E2E) encryption “on”, it has ensured that one and a half billion users can concretely exercise their right to privacy. At the time of the acquisition, WhatsApp founders believed Facebook’s promise that it would never compromise on their high standards of privacy and security. But 18 months later, Facebook started harvesting data and diluting E2E.</p>
<p style="text-align: justify; ">In April this year, my colleague Ayush Rathi and I wrote in Asia Times that WhatsApp no longer deletes multimedia on download but continues to store it on its servers. Theoretically, using the very same mechanism, Facebook could also be retaining encrypted text messages and comprehensive metadata from WhatsApp users indefinitely without making this obvious.</p>
<p style="text-align: justify; ">My friend, Srikanth Lakshmanan, founder of the CashlessConsumer collective, is a keen observer of this space. He says in India, “we are seeing an increasing push towards a bank-led model, thanks to National Payments Corporation of India (NPCI) and its control over Unified Payments Interface (UPI), which is also known as the cashless layer of the India Stack.”</p>
<p style="text-align: justify; ">NPCI is best understood as a shape shifter. Arundhati Ramanathan puts it best when she says “depending on the time and context, NPCI is a competitor. It is a platform. It is a regulator. It is an industry association. It is a profitable non-profit. It is a rule maker. It is a judge. It is a bystander.”</p>
<p style="text-align: justify; ">This results in UPI becoming, what Lakshmanan calls, a NPCI-club-good rather than a new generation digital public good. He also points out that NPCI has an additional challenge of opacity — “it doesn’t provide any metrics on transaction failures, and being a private body, is not subject to proactive or reactive disclosure requirements under the RTI.”</p>
<p style="text-align: justify; ">Technically, he says, UPI increases fragility in our financial ecosystem since it “is a centralised data maximisation network where NPCI will always have the superset of data.” Given that NPCI has opted for a bank-led model in India, it is very unlikely that Facebook able to leverage its monopoly the social media market duopoly it shares with in the digital advertising market to become a digital payments monopoly.</p>
<p style="text-align: justify; ">However, NCPI and Facebook both share the following traits — one, an insatiable appetite for personal information; two, a fetish for hypercentralisation; three, a marginal commitment to transparency, and four, poor track record as a custodian of consumer trust. The marriage between these like-minded entities has already had a dubious beginning.</p>
<p style="text-align: justify; ">Previously, every financial technology wanting direct access to the NPCI infrastructure had to have a tie-up with a bank. But for Facebook and Google, as they are large players, it was decided to introduce a multi-bank model. This was definitely the right thing to do from a competition perspective. But, unfortunately, the marriage between the banks and the internet giant was arranged by NPCI in an opaque process and WhatsApp was exempted from the full NPCI certification process for its beta launch.</p>
<p style="text-align: justify; ">Both NPCI and Facebook need urgent regulatory attention. A modern data protection law and a more proactive competition regulator is required for Facebook. The NPCI will hopefully also be subjected to the upcoming data protection law. But it also requires a range of design, policy and governance fixes to ensure greater privacy and security via data minimisation and decentralisation; greater accountability and transparency to the public; separation of powers for better governance and open access policies to prevent anti-competitive behaviour.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/economic-times-june-10-2018-sunil-abraham-why-npci-and-facebook-need-urgent-regulatory-attention'>http://editors.cis-india.org/internet-governance/blog/economic-times-june-10-2018-sunil-abraham-why-npci-and-facebook-need-urgent-regulatory-attention</a>
</p>
No publishersunilSocial MediaInternet GovernancePrivacy2018-06-12T02:07:42ZBlog EntryWho Governs the Internet? Implications for Freedom and National Security
http://editors.cis-india.org/internet-governance/blog/yojana-april-2014-sunil-abraham-who-governs-the-internet-implications-for-freedom-and-national-security
<b>The second half of last year has been quite momentous for Internet governance thanks to Edward Snowden. German Chancellor Angela Merkel and Brazilian President Dilma Rousseff became aware that they were targets of US surveillance for economic not security reasons. They protested loudly.</b>
<hr />
<p>The article was published in Yojana (April 2014 Issue). <a href="http://editors.cis-india.org/internet-governance/blog/yojana-april-2014-who-governs-the-internet.pdf" class="external-link">Click to download the original here</a>. (PDF, 177 Kb)</p>
<hr />
<p style="text-align: justify; ">The role of the US perceived by some as the benevolent dictator or primary steward of the Internet because of history, technology, topology and commerce came under scrutiny again. The I star bodies also known as the technical community - Internet Corporation for Assigned Names and Numbers (ICANN); five Regional Internet Registries (RIRs) ie. African, American, Asia-Pacific, European and Latin American; two standard setting organisations - World Wide Web Consortium (W3C) & Internet Engineering Task Force (IETF); the Internet Architecture Board (IAB); and Internet Society (ISOC) responded by issuing the Montevideo Statement <a href="#fn1" name="fr1">[1] </a> on the 7th of October. The statement expressed "strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance." It called for "accelerating the globalization of ICANN and IANA functions..." - did this mean that the I star bodies were finally willing to end the special role that US played in Internet governance? However, that dramatic shift in position was followed with the following qualifier "...towards an environment in which all stakeholders, including all governments, participate on an equal footing." Clearly indicating that for the I star bodies multistakeholderism was non-negotiable. Two days later President Rousseff after a meeting with Fadi Chehadé, announced on Twitter that Brazil would host "an international summit of governments, industry, civil society and academia." <a href="#fn2" name="fr2">[2] </a> The meeting has now been dubbed Net Mundial and 188 proposals for “principles” or “roadmaps for the further evolution of the Internet governance ecosystem” have been submitted for discussion in São Paulo on the 23rd and 24th of April. The meeting will definitely be an important milestone for multilateral and multi-stakeholder mechanisms in the ecosystem.</p>
<p style="text-align: justify; ">It has been more than a decade since this debate between multilateralism and multi-stakeholderism has ignited. Multistakeholderism is a form of governance that seeks to ensure that every stakeholder is guaranteed a seat at the policy formulation table (either in consultative capacity or in decision making capacity depending who you ask). The Tunis Agenda, which was the end result of the 2003-05 WSIS upheld the multistakeholder mode. The 2003–2005 World Summit on the Information Society process was seen by those favouring the status quo at that time as the first attempt by the UN bodies or multilateralism - to takeover the Internet. However, the end result i.e. Tunis Agenda <a href="#fn3" name="fr3">[3]</a> clarified and reaffirmed multi-stakeholderism as the way forward even though multilateral governance mechanisms were also accepted as a valid component of Internet governance. The list of stakeholders included states, the private sector, civil society, intergovernmental organisations, international standards organisations and the “academic and technical communities within those stakeholder groups mentioned” above. The Tunis Agenda also constituted the Internet Governance Forum (IGF) and the process of Enhanced Cooperation.</p>
<p style="text-align: justify; ">The IGF was defined in detail with a twelve point mandate including to “identify emerging issues, bring them to the attention of the relevant bodies and the general public, and, where appropriate, make recommendations.” In brief it was to be a learning Forum, a talk shop and a venue for developing soft law not international treaties. Enhanced Cooperation was defined as “to enable governments, on an equal footing, to carry out their roles and responsibilities, in international public policy issues pertaining to the Internet, but not in the day-to-day technical and operational matters, that do not impact on international public policy issues” – and to this day, efforts are on to define it more clearly.</p>
<p style="text-align: justify; ">Seven years later, during the World Conference on Telecommunication in Dubai, the status quoists dubbed it another attempt by the UN to take over the Internet. Even those non-American civil society actors who were uncomfortable with US dominance were willing to settle for the status quo because they were convinced that US court would uphold human rights online more robustly than most other countries. In fact, the US administration had laid a good foundation for the demonization of the UN and other nation states that preferred an international regime. "Internet freedom" was State Department doctrine under the leadership of Hillary Clinton. As per her rhetoric – there were good states, bad states and swing states. The US, UK and some Scandinavian countries were the defenders of freedom. China, Russia and Saudi Arabia were examples of authoritarian states that were balkanizing the Internet. And India, Brazil and Indonesia were examples of swing states – in other words, they could go either way – join the good side or the dark side.</p>
<p style="text-align: justify; ">But Internet freedom rhetoric was deeply flawed. The US censorship regime is really no better than China’s. China censors political speech – US censors access to knowledge thanks to the intellectual property (IP) rightsholder lobby that has tremendous influence on the Hill. Statistics of television viewership across channels around the world will tell us how the majority privileges cultural speech over political speech on any average day. The great firewall of China only affects its citizens – netizens from other jurisdictions are not impacted by Chinese censorship. On the other hand, the US acts of censorship are usually near global in impact.</p>
<p style="text-align: justify; ">This is because the censorship regime is not predominantly based on blocking or filtering but by placing pressure on identification, technology and financial intermediaries thereby forcing their targets offline. When it comes to surveillance, one could argue that the US is worse than China. Again, as was the case with censorship, China only conducts pervasive blanket surveillance upon its citizens – unlike US surveillance, which not only affects its citizens but targets every single user of the Internet through a multi-layered approach with an accompanying acronym soup of programmes and initiatives that include malware, trojans, software vulnerabilities, back doors in encryption standards, over the top service providers, telcos, ISPs, national backbone infrastructure and submarine fibre optic cables.</p>
<p class="callout" style="text-align: justify; ">Security guru Bruce Schneier tells us that "there is no security without privacy. And liberty requires both security and privacy.” Blanket surveillance therefore undermines the security imperative and compromises functioning markets by make e-commerce, e-banking, intellectual property, personal information and confidential information vulnerable. Building a secure Internet and information society will require ending mass surveillance by states and private actors.</p>
<h3 style="text-align: justify; ">The Opportunity for India</h3>
<p style="text-align: justify; ">Unlike the America with its straitjacketed IP regime, India believes that access to knowledge is a precondition for freedom of speech and expression. As global intellectual property policy or access to knowledge policy is concerned, India is considered a leader both when it comes to domestic policy and international policy development at the World Intellectual Property Organisation. From the 70s our policy-makers have defended the right to health in the form of access to medicines. More recently, India played a critical role in securing the Marrakesh Treaty for Visually Impaired Persons in June 2013 which introduces a user right [also referred to as an exception, flexibility or limitation] which allows the visually impaired to convert books to accessible formats without paying the copyright-holder if an accessible version has not been made available. The Marrakesh Treaty is disability specific [only for the visually impaired] and works specific [only for copyright]. This is the first instance of India successfully exporting policy best practices. India's exception for the disabled in the Copyright Act unlike the Marrakesh Treaty, however, is both disability-neutral and works-neutral.</p>
<p style="text-align: justify; ">Given that the Internet is critical to the successful implementation of the Treaty ie. cross border sharing of works that have been made accessible to disabled persons in one country with the global community, it is perhaps time for India to broaden its influence into the sphere of Internet governance and the governance of information societies more broadly.</p>
<p style="text-align: justify; ">Post-Snowden, the so called swing states occupy the higher moral ground. It is time for these states to capitalize on this moment using strong political will. Instead of just being a friendly jurisdiction from the perspective of access to medicine, it is time for India to also be the enabling jurisdiction for access to knowledge more broadly. We could use patent pools and compulsory licensing to provide affordable and innovative digital hardware [especially mobile phones] to the developing world. This would ensure that rights-holders, innovators, manufactures, consumers and government would all benefit from India going beyond being the pharmacy of the world to becoming the electronics store of the world. We could explore flat-fee licensing models like a broadband copyright cess or levy to ensure that users get content [text, images, video, audio, games and software] at affordable rates and rights-holders get some royalty from all Internet users in India. This will go a long way in undermining the copyright enforcement based censorship regime that has been established by the US. When it comes to privacy – we could enact a world-class privacy law and establish an independent, autonomous and proactive privacy commissioner who will keep both private and state actors on a short lease. Then we need a scientific, targeted surveillance regime that is in compliance with human rights principles. This will make India simultaneously an IP and privacy haven and thereby attract huge investment from the private sector, and also earn the goodwill of global civil society and independent media. Given that privacy is a precondition for security, this will also make India very secure from a cyber security perspective. Of course this is a fanciful pipe dream given our current circumstances but is definitely a possible future for us as a nation to pursue.</p>
<h3 style="text-align: justify; ">What is the scope of Internet Governance?</h3>
<p style="text-align: justify; ">Part of the tension between multi-stakeholderism and multilateralism is that there is no single, universally accepted definition of Internet governance. The conservative definitions of Internet Governance limits it to management of critical Internet resources, including the domain name system, IP addresses and root servers – in other words, the ICANN, IANA functions, regional registries and other I* bodies. This is where US dominance has historically been most explicit. This is also where the multi-stakeholder model has clearly delivered so far and therefore we must be most careful about dismantling existing governance arrangements. There are very broadly four approaches for reducing US dominance here – a) globalization [giving other nation-states a role equal to the US within the existing multi-stakeholder paradigm], b) internationalization [bring ICANN, IANA functions, registries and I* bodies under UN control or oversight], c) eliminating the role for nation states in the IANA functions<a href="#fn4" name="fr4">[4]</a> and d) introducing competitors for names and numbers management. Regardless of the final solution, it is clear that those that control domain names and allocate IP addresses will be able to impact the freedom of speech and expression. The impact on the national security of India is very limited given that there are three root servers <a href="#fn5" name="fr5">[5] </a> within national borders and it would be near impossible for the US to shut down the Internet in India.</p>
<p style="text-align: justify; ">For a more expansive definition – The Working Group on Internet Governance report<a href="#fn6" name="fr6">[6] </a>has four categories for public policy issues that are relevant to Internet governance:</p>
<p style="text-align: justify; ">“(a) Issues relating to infrastructure and the management of critical Internet resources, including administration of the domain name system and Internet protocol addresses (IP addresses), administration of the root server system, technical standards, peering and interconnection, telecommunications infrastructure, including innovative and convergent technologies, as well as multilingualization. These issues are matters of direct relevance to Internet governance and fall within the ambit of existing organizations with responsibility for these matters;</p>
<p style="text-align: justify; ">(b) Issues relating to the use of the Internet, including spam, network security and cybercrime. While these issues are directly related to Internet governance, the nature of global cooperation required is not well defined;</p>
<p style="text-align: justify; ">(c)Issues that are relevant to the Internet but have an impact much wider than the Internet and for which existing organizations are responsible, such as intellectual property rights (IPRs) or international trade. ...;</p>
<p style="text-align: justify; ">(d) Issues relating to the developmental aspects of Internet governance, in particular capacity-building in developing countries.”</p>
<p style="text-align: justify; ">Some of these categories are addressed via state regulation that has cascaded from multilateral bodies that are associated with the United Nations such as the World Intellectual Property Organisation for "intellectual property rights" and the International Telecommunication Union for “telecommunications infrastructure”. Other policy issues such as "cyber crime" are currently addressed via plurilateral instruments – for example the Budapest Convention on Cybercrime – and bilateral arrangements like Mutual Legal Assistance Treaties. "Spam" is currently being handled through self-regulatory efforts by the private sector such as Messaging, Malware and Mobile Anti-Abuse Working Group.<a href="#fn7" name="fr7">[7] </a> Other areas where there is insufficient international or global cooperation include "peering and interconnection" - the private arrangements that exist are confidential and it is unclear whether the public interest is being adequately protected.</p>
<h3 style="text-align: justify; ">So who really governs the Internet?</h3>
<p style="text-align: justify; ">So in conclusion, who governs the Internet is not really a useful question. This is because nobody governs the Internet per se. The Internet is a diffuse collection of standards, technologies and actors and dramatically different across layers, geographies and services. Different Internet actors – the government, the private sector, civil society and the technical and academic community are already regulated using a multiplicity of fora and governance regimes – self regulation, coregulation and state regulation. Is more regulation always the right answer? Do we need to choose between multilateralism and multi-stakeholderism? Do we need stable definitions to process? Do we need different version of multi-stakeholderism for different areas of governance for ex. standards vs. names and numbers? Ideally no, no, no and yes. In my view an appropriate global governance system will be decentralized, diverse or plural in nature yet interoperable, will have both multilateral and multistakeholder institutions and mechanisms and will be as interested in deregulation for the public interest as it is in regulation for the public interest.</p>
<hr />
<p style="text-align: justify; ">[<a href="#fr1" name="fn1">1</a>]. Montevideo Statement on the Future of Internet Cooperation <a class="external-link" href="https://www.icann.org/en/news/announcements/announcement-07oct13-en.htm">https://www.icann.org/en/news/announcements/announcement-07oct13-en.htm</a></p>
<p style="text-align: justify; ">[<a href="#fr2" name="fn2">2</a>]. Brazil to host global internet summit in ongoing fight against NSA surveillance <a class="external-link" href="http://rt.com/news/brazil-internet-summit-fight-nsa-006/">http://rt.com/news/brazil-internet-summit-fight-nsa-006/</a></p>
<p style="text-align: justify; ">[<a href="#fr3" name="fn3">3</a>]. Tunis Agenda For The Information Society <a class="external-link" href="http://www.itu.int/wsis/docs2/tunis/off/6rev1.html">http://www.itu.int/wsis/docs2/tunis/off/6rev1.html</a></p>
<p style="text-align: justify; ">[<a href="#fr4" name="fn4">4</a>]. Roadmap for globalizing IANA: Four principles and a proposal for reform: a submission to the Global Multistakeholder Meeting on the Future of Internet Governance by Milton Mueller and Brenden Kuerbis March 3rd 2014 See: <a class="external-link" href="http://www.internetgovernance.org/wordpress/wp-content/uploads/ICANNreformglobalizingIANAfinal.pdf">http://www.internetgovernance.org/wordpress/wp-content/uploads/ICANNreformglobalizingIANAfinal.pdf</a></p>
<p style="text-align: justify; ">[<a href="#fr5" name="fn5">5</a>]. Mumbai (I Root), Delhi (K Root) and Chennai (F Root). See: <a class="external-link" href="http://nixi.in/en/component/content/article/36-other-activities-/77-root-servers">http://nixi.in/en/component/content/article/36-other-activities-/77-root-servers</a></p>
<p style="text-align: justify; ">[<a href="#fr6" name="fn6">6</a>]. Report of the Working Group on Internet Governance to the President of the Preparatory Committee of the World Summit on the Information Society, Ambassador Janis Karklins, and the WSIS Secretary-General, Mr Yoshio Utsumi. Dated: 14 July 2005 See: <a class="external-link" href="http://www.wgig.org/WGIG-Report.html">http://www.wgig.org/WGIG-Report.html</a></p>
<p>[<a href="#fr7" name="fn7">7</a>].Messaging, Malware and Mobile Anti-Abuse Working Group website See: <a class="external-link" href="http://www.maawg.org/">http://www.maawg.org/</a></p>
<hr />
<p style="text-align: justify; "><i>The author is is the Executive Director of the Centre for Internet and Society (CIS), Bangalore. He is also the founder of Mahiti, a 15 year old social enterprise aiming to reduce the cost and complexity of information and communication technology for the voluntary sector by using free software. He is an Ashoka fellow. For three years, he also managed the International Open Source Network, a project of United Nations Development Programme's Asia-Pacific Development Information Programme, serving 42 countries in the Asia-Pacific region</i>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/yojana-april-2014-sunil-abraham-who-governs-the-internet-implications-for-freedom-and-national-security'>http://editors.cis-india.org/internet-governance/blog/yojana-april-2014-sunil-abraham-who-governs-the-internet-implications-for-freedom-and-national-security</a>
</p>
No publishersunilSurveillanceInternet GovernancePrivacy2014-04-05T16:23:36ZBlog EntryWherever you are, whatever you do
http://editors.cis-india.org/internet-governance/blog/wherever-you-are-whatever-you-do
<b>Facebook recently launched a location-based service called Places. Privacy advocates are resenting to this new development. Sunil Abraham identifies the three prime reasons for this outcry against Facebook. The article was published in the Indian Express on 23 August, 2010.</b>
<p>Privacy activists are up in arms again, at Facebook’s recent launch of a new location-based service called Places. But what’s the new issue here? For years, telecom operators have been able to roughly locate you by triangulating the signal strength between the three nearest cell towers. In India, geo-location is part of the call logs maintained by the operator. That is how the police was able to determine that Bangalore resident Sathish Gupta killed his wife Priyanka. He took her mobile with him during a jog with his friend and then faked a phone call as an alibi. He knew that the time-stamps on the call logs would corroborate his lies. But the location-data nailed him. So, in short, the state and telecom operators know where you are even if you don’t have a smartphone with GPS support.</p>
<p>For those who can afford it? GPS support provides greater accuracy and reliability, independent of telecom signal strength. The immediate and future benefits are huge. For parents, MyKidIsSafe.com, allows them to create a geo-fence and receive automatic notification when the child leaves the safety zone. In combination with RFID, businesses are able to provide their customers with accurate updates regarding status of deliveries. The Karnataka police is able to verify that the police inspector issuing the challan using a Blackberry for a traffic violation is not doing it from home. Seven hundred and fifty thousand gay men from 162 countries use a geo-social network called Grindr to find love. In the future, most car-pooling services will be GPS-enabled. Geo-location-based crowd-sourcing will be used to predict and avoid traffic jams by measuring the density and velocity of mobile phones on various routes.</p>
<p>Privacy advocates worry that after helping the police solve crimes and fight terrrorism, telecom companies retain the logs instead of deleting, anonymising or obfuscating them. Especially so in India, given the lack of privacy laws, telecom operators, web and mobile service providers could retain the logs for customer profiling or worse still, sell the raw data or analysis to third parties. Cyber-stalkers, child molesters and rapists benefit. Cat burglars will know when you are away and be able to clean out your house in a more relaxed fashion. Geo-surveillance by a state, obsessed with terrorism, will have negligible benefits while extracting a huge social cost and significantly undermining national security.</p>
<p>So why this particular outcry against the world’s most successful social networking website? There are three reasons that come immediately to mind. First, Facebook has a terrible record with privacy. In the last five years, the default settings have moved from one where no personal data was available for anonymous access to one with anonymous access to everything except birthday and contact information. And these are settings that affect the majority of the half a billion people who don’t bother changing default settings. So there is no guarantee that Facebook will not get more intrusive with its default geo-location privacy settings.</p>
<p>Second, a friend can geo-tag you without requiring you to approve or confirm this. Once you are geo-tagged, all your common friends will be notified through the friend-feed system. This is similar to the current system of photo sharing. A friend can upload a inappropriate photograph and tag you almost instantly all your work-mates who also happen to be your Facebook friends get a notification via the feed. Of course, you can always untag the photo, change the settings and defriend the culprit but by then the damage is usually done.</p>
<p>Third, the Facebook user-interface for privacy settings is notoriously complex and cumbersome. Many users will think that they have managed to bolt down the security settings when in fact their personal data will remain all up for grabs. The half a million third-party products available today on the Facebook platform only compounds this problem.</p>
<p>Read the original in the<a class="external-link" href="http://www.indianexpress.com/news/Wherever-you-are--whatever-you-do/663810"> Indian Express</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/wherever-you-are-whatever-you-do'>http://editors.cis-india.org/internet-governance/blog/wherever-you-are-whatever-you-do</a>
</p>
No publishersunilInternet Governance2012-03-21T10:12:05ZBlog EntryWhen Whistle Blowers Unite
http://editors.cis-india.org/internet-governance/blog/whistle-blowers-unite
<b>Leaking corporate or government information in public interest through popular Web service providers is risky but Wikileaks.org is one option that you could try out.</b>
<p>Leaking corporate or government information in public interest in the age of Satyam has new challenges. You couldn't just upload it to a blog, social networking website or even a document management system like <a class="external-link" href="http://www.google.co.in/">Google</a> documents. <a class="external-link" href="http://www.google.co.in/">Google</a>, <a class="external-link" href="http://m.in.yahoo.com/?p=us">Yahoo</a> and most other Web service providers nearly always comply with the national law and cooperate with enforcement agencies. In India there have been several arrests in connection with alleged illegal email messages and content on social networking websites. It did not take court order – just a request from the local police station. Furthermore, you would have to undertake additional risky activity online to draw media attention to your documents. Also those who stand to lose from the leak can send a couple of copyright take down notices which will lead to deletion. So your only real option is <a class="external-link" href="http://www.wikileaks.org/">Wikileaks.org</a>, where they boast: Every source protected. No documents censored. All legal attacks defeated.</p>
<p>Launched in December 2006, <a class="external-link" href="http://www.wikileaks.org/">Wikileaks.org</a> stands alone on the Internet as the last refuge for the truth. Even though the promoters are European and US academic organisations, journalists and NGOs – a near neutral point of view is realised by sparing no one across the political and ideological spectrum. It is the archive of the whistle-blowers of the world and it is ugly: login information and private emails of a holocaust denier, secret documents from the Church of Scientology, Internet block-lists from Thailand and standard operating procedures for US guards at Guantanamo Bay, et cetera. One could safely assume that these guys have very few friends. Unlike Wikipedia.org whose technology it employs, <a class="external-link" href="http://www.wikileaks.org/">Wikileaks</a> does not have an open and participatory editorial policy. It accepts documents through a trusted journalist–source system. </p>
<p>Leaking controversial documents can result in loss of job, limb and life, so extreme caution is always advised. Remember that India still does not have laws protecting whistle blowers, in spite of a bill being introduced in 2006. What follows is only a very rough guide to digital whistle blowing, so please get expert advice before you try these at home:</p>
<ul><li>Download and install military grade encryption software like Pretty Good Privacy. Generate a pair of keys – a public and a private one. Use your private key in combination to a journalist's public key to send him or her, a 'for your eyes only message' email. Only the journalist will be able to decrypt the message using your public key and his private key. Note however, that an Indian court under the 2008 amendment of the IT Act can ask you to disclose your key-pair. </li><li>Step outside. Working from home is a bad idea since DOT mandates that all ISPs retain logs for all users and for all services utilized for an indeterminate time-period. Office is still worse as your network administrator might be also logging your activities. </li><li>Find an anonymous public access point. Cyber-cafes, especially in New Delhi, Maharashtra, Karnataka and Tamil Nadu are asking users to provide identity cards and record contact details and in some cases web-cam photographs as well. Using your laptop in a coffee shop may work but DOT is considering cracking down on open wifi networks. </li><li>Use an anonymizing service so that the chain of digital evidence leading up to <a class="external-link" href="http://www.wikileaks.org/">Wikileaks</a> is obliterated. TOR is the anonymizing solution of choice. Several TOR servers that provide private tunnels across the Internet work in unison, to form a cloud of anonymity. </li></ul>
<p>If you were leaking large amounts of data, uploading it may be too risky. Burn the data on DVDs and mail them to <a class="external-link" href="http://www.wikileaks.org/">Wikileaks</a>. However, do ensure that all digital files have been purged of personal information. For word files this can be done by converting to PDF. Also you may not want to leave any finger-prints on the package. India will soon have a database of finger prints thanks to the National Unique Identity (NUID) project. We know this thanks to the leaked NUID project document on <a class="external-link" href="http://www.wikileaks.org/">Wikileaks.org</a>, days before the consultation.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/whistle-blowers-unite'>http://editors.cis-india.org/internet-governance/blog/whistle-blowers-unite</a>
</p>
No publishersunilDigital ActivismInternet Governance2012-03-21T10:17:48ZBlog EntryWe are anonymous, we are legion
http://editors.cis-india.org/internet-governance/blog/online-anonymity
<b>Online anonymity is vital for creativity and entrepreneurship on the Web, writes Sunil Abraham. The article was published in the Hindu on April 18, 2011.</b>
<p>During his keynote at the International World Wide Web Conference recently, Sir Tim Berners-Lee argued for the preservation of online anonymity as a safeguard against oppression. This resonated with his audience in Hyderabad, given the recent uproar in the Indian blogosphere and twitterverse around the IT Act (Amendment 2008) and the recently published associated rules for intermediaries and cyber cafes.</p>
<p>Over time, there has been a dilution of standards for blanket surveillance. The Telegraph Act allowed for blanket surveillance of phone traffic only as the rarest of exceptions. The IT Act and the ISP licence on the other hand, authorise and require ISPs and cyber cafes to undertake blanket surveillance as the norm in the form of data retention. The transaction database of the UID (Unique Identification Number) project will log of all our interactions with the government, private sector and other citizens; all these are frightening developments for freedom of expression in general and anonymous speech in particular.</p>
<p>Anonymous speech is a necessary pre-condition for democratic and open governance, free media, protection of whistle-blowers and artistic freedom. On many controversial areas of policy formulation, it is usually anonymous officials from various ministries making statements to the press. Would mapping UIDs to IP address compromise the very business of government? A traditional newspaper may solicit anonymous tips regarding an ongoing investigative journalism campaign through their website.</p>
<p>Would data retention by ISPs expose their anonymous sources? Whistle-blowers usually use public Wi-Fi or cyber cafes because they don't want their communications traced back to residential or official IP addresses. Won't the ban on open public Wi-Fi networks and the mandatory requirement for ID documents at cyber cafes jeopardise their safety significantly? Throughout history, great art has been produced anonymously or under a nom de plume. Will the draft Intermediary Due Diligence Rules, which prohibits impersonation even if it is without any criminal intent, result in artists sanitising their art into banality?</p>
<p>Anonymous speech online is facilitated by three forms of sharing — shared standards, shared software and shared identities. Shared or open standards such as asymmetric encryption and digital signatures allow for anonymous, private and yet authenticated communications. Shared software or Free/Open Source Software reassures all parties involved that there is no spy-ware or back door built into tools and technologies built around these standards. </p>
<p>Shared identities, unlike shared software and standards, is a cultural hack and, therefore, almost impossible to protect against. V for Vendetta, the graphic novel by Alan Moore gives us an insight into how this is could be done. The hero, V, hides his identity behind a Guy Fawkes mask. Towards the end of the novel, he couriers thousands of similar masks to the homes of ordinary citizens.</p>
<p>In the final showdown between V and the oppressive regime, these citizens use these masks to form an anonymous mob that confuses the security forces into paralysis. Shared identities online therefore, is the perfect counterfoil to digital surveillance.</p>
<p>As Dr. Berners-Lee spoke in Hyderabad, the Internet Rights and Principles Dynamic Coalition of the Internet Governance Forum released a list of 10 principles for online governance at the meeting convened by the UN Special Rapporteur on Freedom of Expression in Stockholm. </p>
<p>The fifth principle includes “freedom from surveillance, the right to use encryption, and the right to online anonymity”. One hopes that Gulshan Rai of CERT-IN will heed the advice provided by his international peers and amend the IT Act rules before they have a chilling effect on online creativity and entrepreneurship.</p>
<p><em>Read the article originally published in the Hindu</em>, <a class="external-link" href="http://www.thehindu.com/todays-paper/tp-national/article1705308.ece">here</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/online-anonymity'>http://editors.cis-india.org/internet-governance/blog/online-anonymity</a>
</p>
No publishersunilInternet Governance2012-03-21T09:38:56ZBlog EntryVery Big Brother
http://editors.cis-india.org/internet-governance/blog/council-for-responsible-genetics-april-2014-sunil-abraham-very-big-brother
<b>The Centre for Internet and Society, the organization I work for, currently serves on a committee established by the Government of India's Department of Biotechnology, Ministry of Science and Technology in January 2013. The committee has been charged with preparing a report on the draft Human DNA Profiling Bill.</b>
<p>The article was originally <a class="external-link" href="http://www.councilforresponsiblegenetics.org/GeneWatch/GeneWatchPage.aspx?pageId=525">published in GeneWatch</a> (January - April 2014) issue.</p>
<hr />
<p style="text-align: justify; ">Why should an organization that focuses on the Internet be invited to such a committee? There are some obvious reasons related to data protection and big data. CIS had previously served on the Justice AP Shah committee that was tasked by the Planning Commission to make recommendations on the draft Privacy Bill in 2012. There are also some less obvious connections, such as academic research into cyborgs wherein the distinction between human and machine/technology is blurred; where an insulin pump makes one realize that the Internet of Things could include the Internet of Body Parts. But for this note I will focus on biometrics - quantifiable data related to individual human characteristics - and their gate-keeping function on the Internet.</p>
<p style="text-align: justify; ">The bouquet of biometric options available to technologists is steadily expanding - fingerprint, palm print, face recognition, DNA, iris, retina, scent, typing rhythm, gait, and voice. Biometrics could be used as authentication or identification to ensure security and privacy. However, biometrics are different from other types of authentication and identification factors in three important ways that have implications for human rights in information societies and the Internet.</p>
<p style="text-align: justify; ">Firstly, biometrics allow for non-consensual authentication and identification. Newer, more advanced and more expensive biometric technologies usually violate human rights more extensively and intensively than older, more rudimentary and inexpensive biometrics. For example, it is possible to remotely harvest iris information when a person is wide awake without even being aware that their identification or authentication factors have been compromised. It isn't difficult to imagine ways to harvest someone's fingerprints and palm prints without their knowledge, and you cannot prevent a security camera from capturing your gait. You could use specialized software like Tor to surf the World Wide Web anonymously and cover your digital tracks, but it is much harder to leave no trail of DNA material in the real world.</p>
<p style="text-align: justify; ">Secondly, biometrics rely on probabilistic matching rather than discrete matching - unlike, for example, a password that you use on a social media platform. In the 2007 draft of India's current Human DNA Profiling Bill, the preamble said "the Deoxyribose Nucleic Acid (DNA) analysis of body substances is a powerful technology that makes it possible to determine whether the source of origin of one body substance is identical to that of another, and further to establish the biological relationship, if any, between two individuals, living or dead, without any doubt." This extract from the bill was quoted in an ongoing court case to use tampered chain of custody for DNA as the means to seek exoneration of the accused. And the scientists on the committee insist that the DNA Data Bank Manager "...shall communicate, for the purposes of the investigation or prosecution in a criminal offence, the following information to a court, tribunal, law enforcement agency ... as to whether the DNA profile received is already contained in the Data Bank" - in other words, a "yes" or "no" answer. This is indeed odd for those who come from the world of Internet policy - especially when one DNA lab worker confidentially shared that after a DNA profile was generated the "standard operating procedure" included checking it against the DNA profile of the lab worker to ensure that there was no contamination during the process of generating the profile. This would not be necessary for older forms of biometrics such as the process of developing a photograph. In other words, chain of custody issues with every generation of biometric technology are getting more and more complex. In the developing world, the disillusioned want to believe that "technology is the solution." The fallibility of technology must determine its evidentiary status.</p>
<p style="text-align: justify; ">Finally, biometrics are only machine-scrutable. This means machines and not human beings will determine whether you are guilty or innocent; whether you should get subsidized medicine, grain, or fuel; whether you can connect to the Internet via mobile phone, cybercafe or broadband. DNA evidence is not directly observable by judges and therefore the technology and equipment have to be made increasingly transparent so that ordinary citizens as well as the scientific community can audit their effectiveness. In 2009, the Second District Court of Appeal and Circuit Court in Florida upheld a 2005 ruling requiring CMI Inc, the manufacturer of Intoxilyzer 5000, to release source code, failing which evidence from the breathalyzer would be rendered inadmissible in more than 100 drunk driving cases. If the transparency of machines is important when prosecuting misdemeanors then surely this is something we must advocate for when culpability for serious crimes is determined through DNA evidence and other types of biometric technologies. This could be accomplished by the triad of mandates for free/open source software, open standards and open hardware. This is not necessary for all DNA technology and equipment that is used in the market, but only for a small sub-set of these technologies that impinge on our rights as human beings via law enforcement and the judicial system.</p>
<p style="text-align: justify; ">It has been nine years since India started the process of drafting this bill. We hope that the delays will only result in a robust law that upholds human rights, justice and scientific progress.</p>
<hr />
<p style="text-align: justify; ">Sunil Abraham is Executive Director of the Centre for Internet and Society, based in Bangalore, India.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/council-for-responsible-genetics-april-2014-sunil-abraham-very-big-brother'>http://editors.cis-india.org/internet-governance/blog/council-for-responsible-genetics-april-2014-sunil-abraham-very-big-brother</a>
</p>
No publishersunilInternet GovernancePrivacy2014-04-14T11:39:09ZBlog EntryUS Clampdown Worse than the Great Firewall
http://editors.cis-india.org/internet-governance/us-clampdown
<b>If you thought China’s Internet censorship was evil, think again. American moves to clean up the Web could hurt global surfers, writes Sunil Abraham in this article published in Tehelka, Volume 8, Issue 50, 17 December 2011.</b>
<p>TWO PARTICULARLY terrible pieces of legislation — the PROTECT-IP Act and the Stop Online Piracy Act (SOPA) — have been introduced in the US Senate and House of Representatives. If passed, the US administration will be empowered to shut down specific websites using the same four measures it employed in its failed attempt to shut down WikiLeaks — domain name system (DNS) filtering, blocking financial transfers via financial intermediaries, revoking hosting and sanitising search engine results. SOPA represents the perfect policy interest overlap between a State clamping down on freedom of expression and IPR-holders protecting their obsolete business models. After all it was Bono who publicly articulated the unspoken desire of many right-holders: “We know from China’s ignoble effort to suppress online dissent that it’s perfectly possible to track content.”</p>
<p>China fortunately only censors the Internet for its own citizens, the Great Firewall does not, for example, prevent access to knowledge by Indian netizens. SOPA will enable the US to censor the global Internet unilaterally. The Great Firewall can be circumvented using tools like Tor, but SOPA will in many ways make its targets disappear for the average user. DNS filtering, even when implemented in a single country, has global consequences. DNS, one of the foundational mechanisms of the Internet, is an address look-up service that allows users to translate domain names (e.g. cisindia.org — easier for humans to remember) into IP addresses (e.g. 202.190.125.69 — easier for machines). The most critical servers in the global DNS hierarchy are the root servers, or today’s server clusters. Mandated DNS filtering would result in some DNS servers returning different IP addresses than other DNS servers for certain domain names. With PROTECT-IP and SOPA, these global consequences would be at unprecedented levels given that seven of the 13 server clusters that constitute the DNS root fall within US jurisdiction. We already have some indication where this is headed. The US Immigration and Customs Enforcement Agency announced recently that it has seized 150 domain names for alleged IPR infringement.</p>
<p>We must remember that IPR policy in some countries has been configured in public interest to take advantage of the exceptions and limitations afforded by the TRIPS (trade-related aspects of IPR) agreement. In others, even though the letter of the law goes beyond TRIPS requirements, access by ordinary citizens is protected because of poor enforcement of these maximalist policies. E-commerce platforms that sell Micromax, Karbonn, Spice and Lava mobile phones that are manufactured in China may be taken offline because an American court is convinced of patent infringement. An online publisher of George Orwell’s books, which are public domain in Russia, India and South Africa but still under copyright in the US and Europe, may have its Paypal account blocked.</p>
<div class="pullquote">After the witch-hunt against WikiLeaks, policymakers have realised the extent of American hypocrisy</div>
<p>In the recent past, activists in authoritarian regimes and democracies with draconian Internet laws have leveraged US Internet freedom rhetoric. This was first deployed by Hillary Clinton in early 2010 after Google’s melodramatic withdrawal from China. Even then, many observers were convinced that this was just selective tokenism and the real agenda was domination of global markets by US-based MNCs. Today, after the witch-hunts against WikiLeaks and Anonymous, global policymakers have realised the extent of American hypocrisy.</p>
<p>Fortunately, opposition for SOPA has cut across traditional political and ideological divides — libertarians, liberal human rights organisations and political conservatives who believe in small government and also modern- day capitalists like Google, Facebook and Twitter. Let us pray that Kapil Sibal registers his protest with the Obama administration to protect the online aspirations of millions of Indian citizens and entrepreneurs.</p>
<p>Read the original published in Tehelka <a class="external-link" href="http://www.tehelka.com/story_main51.asp?filename=Op171211proscons.asp">here</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/us-clampdown'>http://editors.cis-india.org/internet-governance/us-clampdown</a>
</p>
No publishersunilFreedom of Speech and ExpressionPublic AccountabilityInternet Governance2012-01-26T20:42:14ZBlog EntryTwo Tales of Transparency!
http://editors.cis-india.org/internet-governance/two-tales-of-transparency
<b>In a single week, two global Internet giants announce transparency efforts that have direct implications for privacy and free speech. </b>
<p>One, Google replaces 60 odd privacy policies with a single one across its products apparently to provide a unified experience for consumers, advertisers and law enforcement agencies. Google says that it is trying to make its privacy policy more accessible and transparent to its users and that nothing has changed. This is indeed true, as the respective privacy policies were modified when Google acquired these products. Google spent USD 1.9 billion acquiring 79 companies in 2011. This year's company filings state "we expect our current pace of acquisitions to continue.” Their multi-year acquisition spree has spawned 60 odd products that collect personal information. And beyond Google core offerings like Search, News, YouTube and Orkut – their advertising networks Adsense and Double Click keep tabs on you as you visit millions of other websites. This advertiser cum share-holder sweet spot has been created by centrally storing 9 months of comprehensive logs tied to IP address and other device details for all accounts. A blanket surveillance dream-come-true for rogue state actors. Even in most democratic regimes this far exceeds legally mandated data retention requirements. Fans will point out that Google's transparency record on user information requests, data retention and data portability is unmatched across the industry. But that is just saying that you are less evil than Microsoft and Facebook. In June 2007, Google reduced data retention from 24 to 18 months and in a letter to the European Commission privacy regulators it said “we ... firmly reject any suggestions that we could meet our legitimate interests in security, innovation and anti-fraud efforts with any retention period shorter than 18 months.” But come August 2008, Google reduces data retention from 18 months to 9 months in what it called an attempt to address regulatory concerns. Like Europeans, Indian citizens could also benefit if our law makers were to enact horizontal privacy statute and establish the office of the privacy commissioner. In an ideal world, a pro-consumer or pro-citizen Indian privacy commissioner would create evidence based policy and reduce data retention to say 6 weeks. If unfortunately, we go by the precedent set by multi-tiered blanket surveillance provisions in the IT Act, it looks like policy-makers have bought the flawed “more is better” argument emerging from business press cheerleaders of the global surveillance industry. </p>
<p>Two, Twitter announces technical capabilities to censor tweets using geo-location to be in compliance with legal orders from different jurisdictions. Again very little has changed. Twitter has in the past complied with legal orders. In terms of transparency – Twitter has adopted pretty high standards. It will notify the author about the removal and other users from that country with message stating that the tweet has been withheld. Which some predict will precipitate a Streisand effect. In addition, Twitter has expanded its partnership with ChillingEffects.org to publicly archive these legal orders. Some activists wonder if Twitter's role in the Arab Spring would have been undermined if it implemented legal orders from the Mubarak regime. Unfortunately for Twitter, initial praise for this comes from China's state-run newspaper and from the Thai government. But to be fair, unlike Google above, Twitter is sticking to absolute legal minimum. The use of the US jurisdiction in the past, as a free speech haven did benefit activists in authoritarian regimes but perhaps SOPA and PIPA signals the end of that. In India, given the draconian IT Act this could result in blocking of heavy metal tweets on account of them being “blasphemous” or Twitpics of Cartoons against Corruption for being an “annoyance”. Both offenses which are significant dilutions from the previous standards of “incitement of hatred” or “defamation”. There are two part to the solution here, one, Twitter giving the best fight it can to protect free speech and two, Indian citizens petitioning their MPs for the amendment of the IT Act.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/two-tales-of-transparency'>http://editors.cis-india.org/internet-governance/two-tales-of-transparency</a>
</p>
No publishersunil2012-04-11T12:09:01ZBlog EntryTV versus Social Media: The Rights and Wrongs
http://editors.cis-india.org/internet-governance/blog/sunday-tribune-january-20-2013-sunil-abraham-tv-vs-social-media
<b>For most ordinary Netizens, everyday speech on social media has as much impact as graffiti in a toilet, and therefore employing the 'principle of equivalence' will result in overregulation of new media.</b>
<hr />
<p style="text-align: justify; ">Sunil Abraham's guest column was <a class="external-link" href="http://www.tribuneindia.com/2013/20130120/edit.htm#2">published in the Tribune </a>on January 20, 2013.</p>
<hr />
<p style="text-align: justify; ">Many in traditional media, especially television, look at social media with a mixture of envy and trepidation. They have been at the receiving end of various unsavoury characters online and consequently support regulation of social media. A common question asked by television anchors is "shouldn't they be subject to the same regulation as us?" This is because they employ the 'principle of equivalence', according to which speech that is illegal on broadcast media should also be illegal on social media and vice versa. According to this principle, criticising a bandh on national TV or in a newspaper op-ed or on social media should not result in jail time and, conversely, publishing obscene content, in either new or old media, should render you a guest of the state.</p>
<p style="text-align: justify; ">Given that Section 66-A of the Information Technology Act, 2000, places more draconian and arguably unconstitutional limits on free speech when compared to the regulation of traditional and broadcast media, those in favour of civil liberties may be tempted to agree with the 'principle of equivalence' since that will mean a great improvement from status quo. However, we must remember that this compromise goes too far since potential for harm through social media is usually very limited when compared to traditional media, especially when it comes to hate speech, defamation and infringement of privacy. A Facebook update or 'like' or a tweet from an ordinary citizen usually passes completely unnoticed. On rare occasion, an expression on social media originating from an ordinary citizen goes viral and then the potential for harm increases dramatically. But since this is the fringe case we cannot design policy based on it. On the other hand, public persons (those occupying public office and those in public life), including television journalists, usually have tens and hundreds of thousands friends and followers on these social networks and, therefore, can more consistently cause harm through their speech online. For most ordinary Netizens, everyday speech on social media has as much impact as graffiti in a public or residential toilet and therefore employing the 'principle of equivalence' will result in overregulation of new media.</p>
<p style="text-align: justify; ">Ideally speech regulation should address the asymmetries in the global attention economy by constantly examining the potential for harm. This applies to both 'speech about' public persons and also 'speech by' them. Since 'speech about' public persons is necessary for transparent and accountable governance and public discourse, such speech must be regulated less than 'speech about' ordinary citizens. Let us understand this using two examples: One, a bunch of school kids referring to a classmate as an idiot on a social network is bullying, but citizens using the very same term to criticise a minister or television anchor must be permitted. Two, an ordinary citizen should be allowed to photograph or video-record the acts of a film or sports star at a public location and upload it to a social network, but this exception to the right of privacy based on public interest will not imply that the same ordinary citizen can publish photographs or videos of other ordinary citizens. Public scrutiny and criticism is part of the price to be paid for occupying public office or public life. If speech regulation is configured to prevent damage to the fragile egos of public persons, then it would have a chilling effect on many types of speech that are critical in a democracy and an open society.</p>
<p style="text-align: justify; ">When it comes to 'speech by' those in public office or in public life - given the greater potential for harm - they should be held more liable for their actions online. For example, an ordinary citizen with less than 100 followers causes very limited harm to the reputation of a particular person through a defamatory tweet. However, if the very same tweet is retweeted by a television anchor with millions of followers, there can be more severe damage to that particular person's reputation.</p>
<p style="text-align: justify; ">Many in television also wish to put an end to anonymous and pseudonymous speech online. They would readily agree with Nandan Nilekani's vision of tagging all - visits to the cyber cafe, purchases of broadband connections and SIM cards and, therefore, all activities from social media accounts with the UID number. I have been following coverage of the Aadhaar project for the past three years. Often I see a 'senior official from the UIDAI' make a controversial point. If anonymous speech is critical to protect India's identity project then surely it is an important form of speech. But, unlike the print media, which more regularly uses anonymous sources for their stories, television doesn't see clearly the connection between anonymous speech and free media. This is because many of the trolls that harass them online often hide behind pseudonymous identities. Television forgets that anonymous speech is at the very foundation of our democracy, i.e., the electoral ballot.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/sunday-tribune-january-20-2013-sunil-abraham-tv-vs-social-media'>http://editors.cis-india.org/internet-governance/blog/sunday-tribune-january-20-2013-sunil-abraham-tv-vs-social-media</a>
</p>
No publishersunilFreedom of Speech and ExpressionIT ActInternet GovernanceCensorship2013-01-21T03:09:56ZBlog EntryTo regulate Net intermediaries or not is the question
http://editors.cis-india.org/internet-governance/www-deccan-herald-aug-26-2012-to-regulate-net-intermediaries-or-not-is-the-question
<b>Given the disruption to public order caused by the mass exodus of North-Eastern Indians from several cities, the government has had for the first time in many years, a legitimate case to crackdown on Internet intermediaries and their users.</b>
<hr />
<p style="text-align: justify; ">Sunil's column was <a class="external-link" href="http://www.deccanherald.com/content/274218/to-regulate-net-intermediaries-not.html">published</a> in the Deccan Herald on August 26, 2012.</p>
<hr />
<p style="text-align: justify; ">There was, of course, much room for improvement in the manner in which the government conducted the censorship. But the policy question that becomes most pertinent now is: do we need to regulate Internet intermediaries further? The answer is yes and no. <br /> <br /> There are areas where these intermediaries need to be regulated in order to protect citizen and consumer interest. But to deal with rumour-mongering and hate speech, there is sufficient provisions in Indian law to deal with the current disruption in public order and any similar disruptions in the future. <br /> <br /> It is a common misunderstanding to assume that all civil society organisations that advocate civil liberties on networked technologies are regulatory doves that wish to dismantle regulation of the private sector and allow them complete free hand for innovation and, perhaps, causing harm to public interest.<br /> <br /> The opposite is also not necessarily true. We are not hawks, those that believe in maximal regulation of the private sector. The state should regulate the private sector in areas where the citizens are unable to protect their own interest and self-regulation is inadequate. But there are many other areas where regulation needs to be dismantled in the interests of citizen and public interest. <br /> <br /> Dr Rohan Samarajiva, founder of a Colombo-based regional policy think tank LIRNEasia, explains this best using the ‘law of soft toys’. When his daughter was young he told her that in Sri Lanka there was a law which mandated that every time she got a new soft toy, she would have to necessarily give away another one.<br /> <br /> The regulatory lesson here is: the mandate for regulation cannot keep endlessly expanding. As the government moves into new areas of regulation, it should also exit other older areas where regulatory rupee is providing limited returns. These decisions should be based on evidence of harm caused to citizens and consumers. The following are a list of areas where regulation is required for Internet intermediaries:<br /> <br /> Privacy: India needs the office of the privacy commissioner established and an articulation of national privacy principles through the enactment of the long awaited Privacy Act. This privacy commissioner should be able to investigate complaints against intermediaries, proactively investigate companies, order remedial action and fine companies that violate the principles and other policies in force. Remedial action could require change in policies, features, data retention policies and services etc. <br /> <br /> Competition: Many of these intermediaries have been taken to court on anti-trust complaints, fined and subjected to remedial action by regulators in America and Europe. <br /> <br /> Earlier this year, BharatMatrimony.com has filed a complaint against Google at the Competition Commission of India (CCI) alleging anti-competitive practices in its Adwords program. In addition, based on a report submitted by Consumer Unity & Trust Society (CUTS), a civil society organisation, CCI has initiated an investigation into Google's search engine for anti-competitive practices. If they are found guilty of breaking competition law they could be fined up to 10 per cent of their turnover.<br /> <br /> Speech: Article 19(2) of the Constitution permits Parliament to enact laws that place eight categories of reasonable restrictions on speech. Unfortunately, the Information Technology Act and its associated rules attempts to expand these restrictions and in addition does not comply with the principles of natural justice. Ideally, all those impacted by the censorship should be informed and should be able to seek redress and reinstatement for the censured speech.<br /> <br /> The policy sting operation conducted by the Centre for Internet and Society (CIS) last year demonstrated that intermediaries are risk-averse and tend to over-comply with takedown notices. There is a clear chilling effect on speech online and it is important that the Act and rules be amended at the earliest.<br /> <br /> Intellectual Property: Policies that fall under this inappropriate umbrella term for many differently configured laws make the yet unproven fundamental assumption that granting limited monopolies to rights holders, usually corporations, will result in greater innovation. However, citizen and consumer interest is protected through provisions for exceptions and limitations in laws such as copyright, patent, trademarks etc. Some examples of these safeguards that guarantee access to knowledge in Indian law include compulsory licences, patent opposition, fair-dealing etc. <br /> <br /> There are many other areas where special treatment may be required for intermediaries. For example tax law needs to handle evasion techniques like the Double Irish and the Dutch Sandwich. Given my lengthy wish-list of regulation of Internet intermediaries, why then has CIS become an NGO member of the Global Network Initiative?<br /> <br /> This is because I believe that technological development happen too quickly for us to purely depend on government regulation. Self-regulation has an important role to play in keeping up with these rapid changes. As self-regulatory norms mature they could be formalised into policy by the government.<br /> <br /> Therefore, I consider it a privilege that CIS has been accepted as a member of this self-regulatory initiative and we influence GNI norms using our Indian perspective. However, when self-regulation fails to protect public interest, then the government must step in to regulate Internet intermediaries.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/www-deccan-herald-aug-26-2012-to-regulate-net-intermediaries-or-not-is-the-question'>http://editors.cis-india.org/internet-governance/www-deccan-herald-aug-26-2012-to-regulate-net-intermediaries-or-not-is-the-question</a>
</p>
No publishersunilFreedom of Speech and ExpressionPublic AccountabilityInternet GovernanceIntermediary LiabilityCensorship2012-08-26T06:12:48ZBlog EntryTin Chen
http://editors.cis-india.org/home-images/IMG_0726_small.JPG
<b>Tin Chen holding camera.</b>
<p>
For more details visit <a href='http://editors.cis-india.org/home-images/IMG_0726_small.JPG'>http://editors.cis-india.org/home-images/IMG_0726_small.JPG</a>
</p>
No publishersunil2009-09-08T04:56:25ZImageThe scariest bill in Parliament is getting no attention – here’s what you need to know about it
http://editors.cis-india.org/internet-governance/news/the-scariest-bill-in-parliament-is-getting-no-attention-2013-here2019s-what-you-need-to-know-about-it
<b>A bill proposes creation of a national DNA data bank, without requisite safeguards for privacy, and opens the information to everything from civic disputes to compilation of statistics.</b>
<p style="text-align: justify; ">The blog post by Nayantara Narayanan was <a class="external-link" href="http://scroll.in/article/743049/the-scariest-bill-in-parliament-is-getting-no-attention-heres-what-you-need-to-know-about-it">published in Scroll.in</a> on July 24, 2015.</p>
<hr />
<p style="text-align: justify; ">On Wednesday, the Narendra Modi government told the Supreme Court that India's citizens have no fundamental right to privacy. Attorney General Mukul Rohatgi <a href="http://timesofindia.indiatimes.com/india/No-fundamental-right-to-privacy-to-citizens-Centre-tells-SC/articleshow/48171323.cms" target="_blank">referred</a> to a 1950 court verdict which held that the right to privacy was not a fundamental right while defending the constitutional validity of the Aadhar scheme, a massive database of information of individual citizens including biometrics and bank accounts. At the same time, the government is planning another big database.<br /><br />In the ongoing stormy monsoon session of Parliament, where the government and opposition have locked horns over several proposed legislation, Human DNA Profiling Bill 2015 has been making little noise but can have widespread impact on India’s criminal justice system and the privacy of citizens. The bill aims to regulate the collection and use of genetic material from crime scenes, and also proposes the creation of a national DNA databank that might be used for non-forensic purposes.<br /><br />DNA is a mighty tool, especially in criminal forensics, but access to a person’s genetic information can be highly intrusive and dangerous. DNA contains information about health and genetic relationships that can influence employment, insurance. It can be tampered with and planted at crime scenes.<br /><br />Law and poverty expert Usha Ramanathan and Centre for Internet and Society executive director Sunil Abraham, who are members of an expert committee on DNA profiling constituted by the government, have written dissent notes against the final draft of the Human DNA Profiling Bill. Ramanathan and Abraham are of the opinion that there aren’t adequate safeguards to privacy and too much power rests with the proposed DNA Profiling Board.<br /><br />Ramanathan notes that one of the biggest challenges of a DNA database is function creep – the gradual widening of the use of a technology beyond the purpose for which it was originally intended. As this DNA profiling bill enters Parliament, here are some questions we should be asking. <br /><br /><b>Is DNA evidence infallible?</b><br /><br />The short answer is “no”. Despite all the crime shows and murder movies we have seen where DNA evidence nails the perpetrator to the crime, DNA evidence is far from absolute. Genetic material recovered from a crime scene is likely to be only a partial strand of DNA. Analysing this partial strand can lead to a match with the person that left the DNA behind but can also lead to a coincidental match with people who happen to have a similar gene sequence in their DNA. False incriminations can happen when more than one person’s DNA get mixed at the crime scene, from DNA contamination, mislabelling and even degradation over time.<br /><br />In the Aarushi Talwar murder case, for instance, the Hyderabad-based Centre for DNA Fingerprinting and Diagnostics altered its 2008 report in 2013 and admitted to <a href="http://www.dnaindia.com/india/report-aarushi-talwar-murder-case-talwars-say-cbi-tampered-with-evidence-1917479" target="_blank">typographical errors</a> in the description of its DNA samples. The evidence could have changed the course of the investigation.<br /><br /><b> </b><b>What will the national DNA database look like?</b><br /><br />The bill proposes to set up a national DNA data bank and a number of state or regional data banks that will feed into the national data pool. Every data bank will have six categories under which DNA profiles will be filed – crime scene index, suspects’ index, offenders’ index, missing persons’ index, unknown deceased persons’ index, and volunteers’ index. The DNA profiling board will have the power to include more categories. In the offenders’ index, the DNA information will be linked to the name of the person from whom it was collected. All others will be linked to a case reference number.<br /><br /><b>What happens when my genetic material is on the database?</b><br /><br />The bill gives sanction for broad use of DNA profiles and samples – to identify victims of accidents or disasters, to identify missing persons, for civil disputes and other offences. It also allows the information to be used to create population statistics, identification research, parental disputes, issues relating to reproductive technologies and migration. In his dissent note, Abraham argues that all non-forensic use should be rejected.<br /><br />Cases like whether paternity should be determined, unwed mothers leaving their children and adopted children looking for their natural parents are hugely contestable things, said Ramanathan. “You are changing multiple structures and not recognising any of them,” she added.<br /><br />Even though the bill allows for DNA information of offenders to be expunged once a court acquits them or sets aside a conviction, it makes no provision for removing other kinds of profiles.<br /><br />The CDFD, which will be instrumental in building and processing DNA profiles, is using the CODIS software bought from the US's Federal Bureau of Investigation an compatible with their systems. The FBI used CODIS to identify victims of the terrorist attacks on the World Trade Center in 2001. More recently, the CDFD used CODIS to identify some who died in the Uttarakhand floods of 2013 after asking for 5,000 people who were possibly relatives of the deceased to undertake DNA testing.<br /><br /><b>Can the DNA profiling board protect our genetic information?</b><br /><br />The bill grants the board vast powers to allow the use of DNA profiles in any civil and criminal proceedings that it deems necessary. “Ideally these powers would lie with the legislative or judicial branch,” Abraham said, in his dissent note. “Furthermore, the Bill establishes no mechanism for accountability or oversight over the functioning of the Board.”<br /><br />Ramanathan questions the constitution of the board itself, her worry being that the board is not a body of disinterested officials. The secretary of the board is supposed to be from the Centre for DNA Fingerprinting and Diagnostics, an autonomous institute that will get a lot of work from the creation of the national DNA data bank.<br /><br /><b>Why does a DNA fingerprinting consent form ask for caste?</b><br /><br />One of the most troubling features of the creation of a databank is the consent form to be signed by a person donating blood for DNA analysis. Along with name, gender and address, the form also asks for caste to be listed.<br /><br />India has a history of unwarrantedly linking caste and community with criminality. Members of decriminalised tribes regularly report being harassed by the police and even having false cases foisted on them simply because they are linked to a certain community. Tagging caste onto genetic data can result in unfair profiling and identification errors.</p>
<p style="text-align: justify; ">The United Kingdom set up its national criminal DNA database in 1995. The database expanded over a decade by including genetic information of anyone who was arrested till more than one million innocent people were on it – including <a href="http://www.sciencedirect.com/science/article/pii/S2090536X14000239" target="_blank">a grandmother</a> who didn’t return a football to children who kicked it into her garden. The dangers of a genetic database are too much state oversight, false implication in crimes and a loss of privacy – none of which should come to pass without at least a debate.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/the-scariest-bill-in-parliament-is-getting-no-attention-2013-here2019s-what-you-need-to-know-about-it'>http://editors.cis-india.org/internet-governance/news/the-scariest-bill-in-parliament-is-getting-no-attention-2013-here2019s-what-you-need-to-know-about-it</a>
</p>
No publishersunilInternet GovernancePrivacy2015-09-13T07:56:42ZNews ItemThe Quixotic Fight to Clean up the Web
http://editors.cis-india.org/internet-governance/quixotic-fight-to-clean-the-web
<b>The ongoing attempt to pre-screen online content won’t change anything. It will only drive netizens into the arms of criminals, writes Sunil Abraham in this article published in Tehelka Magazine, Vol 9, Issue 04, Dated 28 Jan 2012.</b>
<p>GOOGLE AND Facebook’s ongoing case in the Delhi High Court over offensive online content is curious in three ways. First, the complaint does not mention the IT Act, 2000. Prior to the 2008 amendment, intermediaries (in this case, Google, Facebook, etc) had no immunity. But after the amendment, intermediaries have significant immunity and are not considered liable unless takedown notices are ignored.</p>
<p>Second, it is curious that the complaint does not mention specific individuals or groups directly responsible for authoring the allegedly offensive material. Only intermediaries have been explicitly named. If specific content items have been submitted in court then it is curious that specific accounts and users have not been charged with the same offences.</p>
<p>Three, Delhi-based journalist Vinay Rai claims that takedown notices and requests for user information were ignored by the intermediaries. As yet, unpublished research at the Centre for Internet and Society has reached the exact opposite conclusion. We sent fraudulent takedown notices to seven of the largest intermediaries in India as part of a policy sting operation. Six of them over-complied and demonstrated no interest in protecting freedom of expression. Our takedown notices were complied with even though they were largely nonsensical. It is therefore curious that Rai’s takedown notices were ignored.<br /><br />Under Section 79 of the IT Act, the intermediary must not “initiate the transmission”, “select the receiver of the transmission” and “select or modify the information contained in the transmission”. In other words, they must not possess “actual knowledge” of the content. This would be absolutely true if intermediaries acted as “dumb pipes” or “mere conduits”. But today, they have reactive “human filters” ensuring conformance to community guidelines that often go beyond constitutional limits on freedom of expression.<br /><br />For example, Facebook deletes breastfeeding photographs if a certain proportion of the breast is visible, despite numerous protests. Intermediaries also use proactive “machine filters” to purge their networks of pornography and copyright infringing content. In order to retain immunity under the IT Act, intermediaries would have to demonstrate that they have no “actual knowledge”. This would also imply that they cannot proactively filter or pre-screen content without becoming liable for illegal content.</p>
<p>More sophisticated “machine filters” will continue to be built for social media platforms as computing speeds increase and costs decrease dramatically. But there will be significant collateral damage — the vibrancy of online Indian communities will be diminished as legitimate content will be removed and this in turn will retard Internet adoption rates. Free media, democratic governance, research and development, culture and the arts will all be fundamentally undermined. So whether pre-censorship is technically feasible is an irrelevant question. The real question is what limits on freedom of expression are reasonable in the Internet age.</p>
<div class="pullquote">The legal tussle is yet another chance for reflecting on the shortcomings of the IT Act</div>
<p>Censorship is like prohibition, illegal content will persist, the mafia will profit and ordinary citizens will be implicated in criminal networks. Use of anonymising proxies, circumvention tools and encryption technologies will proliferate, frustrating network optimisation efforts and law enforcement activities.</p>
<p>This is yet another opportunity for reflecting on the shortcomings of the ITAct. A lot of the confusion and anxiety today emerges from vague language, unconstitutional limits on freedom of expression, multi-tiered blanket surveillance provisions, blunt security policy measures contained in the statute and its associated rules. The next Parliament session is the last opportunity for MPs to ask for the rules for intermediaries, cyber cafes and reasonable security practices to be revisited. The MP who musters the courage to speak will be dubbed a superhero.<br /><br />As told to Shonali Ghosal. Sunil Abraham is Executive director, centre for internet and society and can be contacted at <a class="external-link" href="mailto:sunil@cis-india.org">sunil@cis-india.org</a>. <a class="external-link" href="http://www.tehelka.com/story_main51.asp?filename=Op280112proscons.asp">The original article was published in Tehelka</a>.</p>
<p>Illustration by Sudeep Chaudhuri</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/quixotic-fight-to-clean-the-web'>http://editors.cis-india.org/internet-governance/quixotic-fight-to-clean-the-web</a>
</p>
No publishersunilFreedom of Speech and ExpressionPublic AccountabilityInternet GovernanceInformation Technology2012-01-26T20:53:02ZBlog Entry