Centre for Internet and Society

India's Statement at ITU Plenipotentiary Conference, 2014

geetha — 2014-11-04T05:50:06Z

India's Draft Resolution at the ITU Plenipot, which we have previously blogged about, was not passed following discussions at the Ad Hoc Working Group on Internet-related Resolutions. Subsequently, India made a statement at the Working Group of the Plenary, emphasizing the importance of the issues and welcoming further discussions. The statement was delivered by Mr. Ram Narain, DDG-IR, Department of Telecommunications and Head of India's Delegation at PP-14. The full text of the statement is provided below.

"Chairman of Working Group Plenary, Mr Musab Abdulla, Head of Delegations, delegates, ladies and gentlemen, good morning/afternoon to you all. I was indeed impressed with the camaraderie with which discussions were held inspite of the fact that delegates discussing the issues have different cultures, languages, nuances, impressions and sometime interests.

"Governance of packet-switched data telecom Networks based on Internet Protocol (IP), popularly known as Internet, has become an important and contentious issue due to several reasons known to all of us. We put up a draft resolution to address some of these key issues pertaining to IP based networks. When we put up the proposal, I had thought that the proposal would contribute in diminishing some of the differences. These issues and their probable solutions are given in our draft resolution, document 98, about which we were ready to take constructive inputs.

"Information is power these days. The wise Lord Acton said about hundred and fifty years ago that Power tends to corrupt and absolute power corrupts absolutely. The countries in modern times have become great on the principles of equality, liberty and justice. As and when these principles were compromised great powers lost their hold. Broadband penetration and connectivity has been the important running theme of this conference. We believe this, like great empires, can only be built on the principles of fairness, justice, and equality. No Telecom Network whether IP based or otherwise can function without naming and numbering, which is the lifeline of a network. Their availability in a fair, just and equitable manner, therefore, is an important public policy issue and need to be dealt that way. We believe that respecting the principle of sovereignty of information through network functionality and global norms will go a long way in increasing the trust and confidence in use of ICT.

"There are number of existing Internet related resolutions, but they only touch the issue in general and, therefore, without focus concrete action does not happen. Our Resolution was with a view to deal with the issues in a focused manner. Some countries supported our draft resolution, while some other were not able to support it. Some stated since the proposal is a comprehensive one, dealing with number of important issues, more time is needed for them to develop a view on it. Due to the number of proposals with Ad Hoc Group lined up before our draft resolution, there was no time left for detailed discussion on the proposal. Therefore, India agreed not to press the resolution for discussion due to paucity of time, with an understanding that for these issues of concerns for many Member States, contributions can be made in various fora dealing with development of IP based networks and future networks, including ITU. India would like that discussion should take place on these issues and look forward to these discussions. We would request that this Statement is included in the records of Plenipotentiary-14 meeting.

"We would like to thank for the cooperation extended by various Member States, particularly USA, for appreciating our concerns and all those who shared our concerns and supported the draft resolution. I would also like to thank Mr. Fabio Bigi, Chairman of Ad Hoc Working Group for giving patient hearing to all us and tolerating all our idiosyncrasies and still arriving at consensus. This is because of his wisdom, which comes with experience.

Thank you all."

For more details visit http://editors.cis-india.org/internet-governance/blog/indias-statement-at-itu-plenipotentiary-conference-2014

India ITU Resolution (Busan, 2014) - Revised

geetha — 2014-11-02T15:08:34Z

Text of revised resolution presented by India at ITU Plenipot, Busan 2014.

For more details visit http://editors.cis-india.org/internet-governance/blog/india-itu-resolution-busan-2014-revised

India Draft Resolution - ITU's Role in Securing Information Society

geetha — 2014-10-28T06:55:41Z

India's new draft resolution introduced at ITU PP14, Busan.

For more details visit http://editors.cis-india.org/internet-governance/blog/india-draft-resolution-itus-role-in-securing-information-security

ICANN reveals hitherto undisclosed details of domain names revenues

geetha — 2014-12-12T05:08:02Z

Following requests from CIS, ICANN has shared a detailed list of its revenues from domain names for the fiscal year ending June 2014. Such level of detail has, until now, been unavailable. Historical data is still to be made available.

Five days ago, CIS received a detailed list of ICANN’s revenues from domain name sales and renewals for the fiscal year ending June 2014. The document, sent to us by ICANN’s India head Mr. Samiran Gupta, lists payments received by ICANN from registrars, registries, sponsors and other entities such as the NRO and Country Code TLD administrators. Such granular information is not available at the moment on ICANN’s website as part of its financial transparency disclosures. A summary has also been provided by ICANN.

This revenue disclosure from ICANN comes on the heels of public and email correspondence between CIS and ICANN staff. At the Asia Pacific Regional IGF (August 3-6, 2014), CIS’ Sunil Abraham sought granular data – both current and historical – on ICANN’s revenues from the domain name industry.

Again, at the ICANN Open Forum at IGF (4 September 2014), Sunil sought “details of a list of legal entities that give money to ICANN and how much money they give to ICANN every year”. In emails to Kuek Yu-Chuang (ICANN’s Asia Pacific head) and Xavier Calvez (ICANN CFO), CIS had asked for historical data as well.

The global domain name industry is a multi-billion dollar industry, and ICANN sits at the centre of the web. ICANN is responsible for the policy-making and introduction of new Top Level Domains (TLDs), and it also performs technical coordination and maintenance of the Internet’s unique identifiers (domain names and IP addresses). For each domain name that is registered or renewed, ICANN receives payment through a complex contractual network of registries and registrars. The domain name industry is ICANN’s single largest revenue source.

Given the impending IANA transition and accountability debates at ICANN, and the rapid growth of the global domain name industry, one would imagine that ICANN is held up to the same standard of accountability as laid down in the right to information mechanisms of many countries. At the ICANN Open Forum (IGF Istanbul), Sunil raised this very point. Had a Public Information Officer in India failed to respond to a request for information for a month (as ICANN had to CIS’ request for granular revenue data), the officer would have been fined and reprimanded. Since there are no sufficiently effective accountability or reactive transparency measures at ICANN, such penalties are not in place.

In any event, CIS received the list of ICANN’s current domain name revenues after continual email exchanges with ICANN staff. This is undoubtedly heartening, as ICANN has shown itself responsive to repeated requests for transparency. But it remains that ICANN has shared revenue data only for the fiscal year ending June 2014, and historical revenue data is still not publicly available. Neither is a detailed list (current and historical) of ICANN’s expenditures publicly available. Perhaps ICANN could provide the necessary information during its regular Quarterly Stakeholder Reports, as well as on its website. This would go a long way in ascertaining and improving ICANN’s accountability and transparency.

The documents:

For more details visit http://editors.cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014

ICANN accountability, IANA transition and open questions

geetha — 2015-02-06T11:39:21Z

On February 3, 2015, the Centre for Communication Governance (NLU, Delhi) hosted a pre-event briefing in light of ICANN52 (Singapore, February 7-12, 2015). Geetha Hariharan attended the event.

At a briefing on ICANN52 organized by the Centre for Communication Governance (NLU, Delhi) on 3 February, 2015 (‘CCG Briefing Event’), consensus was seen on two broad things: ICANN’s processes on IANA transition and accountability are crucial for Internet governance this year, and India’s participation (both municipal and international) is wanting. The meeting, which saw discussion following the Chatham House rules, was attended by members from industry associations, government and civil society. A light parsing of the current proposals from the CWG-Names and CRISP (the names and numbers communities) for IANA transition brought the composition of the transition proposals under scrutiny.

CRISP and the proposed Service Level Agreements:

The proposal from the numbers community, the CRISP, suggests that ICANN and the five RIRs enter into Service Level Agreements. Under the proposal, existing accountability, oversight and policy development mechanisms remain unchanged, with ICANN agreeing to perform IANA functions to meet requisite service levels. If it fails to meet such standards, the RIRs may terminate the contract or refuse to renew it.

The CRISP proposal does not look beyond ICANN for an IANA functions operator, and places its faith entirely in ICANN’s past performance of numbering IANA functions. As so many have said before, the CRISP proposal is blithe in its lack of review mechanism or safeguards, having even fewer safeguards than the CWG-Names proposal. Doubtless, a cause for concern.

CWG-Names and the Four New Entities:

The CWG-Names proposal suggests that four new entities be created to replace the NTIA’s role under the IANA Functions Contract. Under the proposal, ICANN will continue to be the IANA Functions Operator for the present. It will enter into an IANA Functions Contract with “Contract Co.”, a new shell entity which will replace NTIA as the contracting party. Contract Co. is to be a lightweight entity, with few staff or administrative capabilities.

At present, the NTIA performs what it considers a “clerical role” in its oversight of the DNS. However, the IANA Functions Contract also includes review functions, such as the rebidding and renewal process to determine whether ICANN (or some other entity) ought to continue as the IANA functions operator. Under the CWG-Names proposal, these review functions, which also include budget reviews, reporting, etc. are to be carried out by a “Multi-stakeholder Review Team (MRT)”, the terms of whose composition are as yet undecided.

The composition of the MRT is crucial to an independent and representative oversight of IANA. At the CCG Briefing Event, concerns were raised as to the representation of ccTLDs on the MRT. Not all ccTLDs are represented in the ICANN ecosystem, in the ccNSO; 152 ccTLDs are members of the ccNSO. Of course, one may argue that this concern exists under the present IANA functions contract as well. But the devil is in the details, or lack thereof. We don’t know, for instance, who will populate the MRT, whether they will enjoy immunities normally reserved for diplomatic or consular agents, or most importantly, what relationship the MRT will enjoy with ICANN. Will there be a contract with ICANN, or a memorandum of understanding that sets out ICANN’s responsibilities, failing which the IANA contract may be terminated?

The third new creation of the CWG-Names proposal is the “Customer Standing Committee (CSC)”. While the CSC’s composition is also nebulous, its functions are to work with the MRT to establish Service Levels and Performance Indicators for the naming functions, and to receive performance reports from the IANA operator (ICANN). Clause C.2.8 of the present IANA functions contract requires that the IANA operator (ICANN) develop performance standards for all enumerated IANA functions (see Clause C.2.9.1 to C.2.9.4), and also to report on them (Clause C.4). Presumably, the CSC will fill the role of the NTIA’s Contracting Officer’s Representative in receiving these performance reports.

The fourth and final new entity is the “Independent Appeals Panel (IAP)”, the composition of which is also undecided. The IAP is intended to hear and adjudicate all actions related to the root zone or root zone WHOIS, and under the present proposal, the CWG-Names suggests it should be constituted from time to time in the manner of a binding arbitration process. However, it should be noted that the CWG-Names proposal is unclear whether the IAP decisions are binding on or advisory to the ICANN Board. Concerns of the IAP’s composition aside, dangers of making its decisions only advisory to the ICANN Board loom large and real, and the CCG Briefing Event reflected this.

Already, the ICANN Board wields extensive power with regard to policy decisions. For instance, policies developed under the global policy development process by Regional Internet Registries (RIRs) may be rejected by the ICANN Board by a 2/3rds majority vote. Such a rejection may result in a mediation process according to agreed procedure. Another instance is the change in the ICANN Board’s treatment of GAC advice. Prior to the amendment to ICANN’s Bye-laws, the Board was not required to provide reasons for its rejection of GAC advice. In its present form, Article XI, Section 2(1) of ICANN’s Bye-laws make such reasons mandatory. How ought IAP decisions be treated, as binding or advisory? If they are to be binding, ICANN or any other IANA functions operator will have to enter into a legal arrangement (by contract or MoU, or in the best case, an amendment to ICANN Bye-laws).

Dodging the real issues: ICANN incumbency, IANA separation and where will all the money come from?

Both the CWG-Names and CRISP proposals skim past certain issues relating to ICANN’s incumbency in the IANA role. The first concern, of course, is whether ICANN should continue to be the IANA functions operator. Both proposals accept ICANN’s role, suggesting no change. While there are compelling reasons for ICANN’s continued role as IANA functions operator, unquestioning incumbency is equal to lack of accountability. And as neither proposal sets out a review process (the CWG-Names proposal only mentions that the MRT shall have this function), it is a concern.

Perhaps the CCWG-Accountability, convened under the Enhancing ICANN Accountability process, is better equipped to provide suggestions. However, the CCWG-Accountability is hard-pressed for time. Its two Workstreams, dealing with IANA transition related accountability mechanisms and ICANN’s internal accountability, are unlikely to see desired progress before the transition deadline of September 2015. For instance, within the CCWG-Accountability, a debate is ongoing as to ICANN’s composition. At the time of its incorporation, a suggestion that ICANN ought to have statutory members was floated, but turned down. The suggestion has reared its head again in the CCWG-Accountability, to consider checks and balances on the ICANN Board.

The second concern relates to IANA’s continued existence within ICANN, without separation of policy and implementation. This concern has been clamouring for attention for many months. Milton Mueller, for instance, has recommended structural separation of IANA and ICANN, as did I and others during the course of the face-to-face meetings of the CWG-Names (I attended remotely).

A structural separation is beneficial for many reasons. It enforces a simple separation of powers. “When”, as Montesquieu stated, “the legislative and the executive powers are united in the same person, or in the same body of magistrates, there can be no liberty; because apprehensions may rise, lest the same monarch or senate should enact tyrannical laws, to execute them in a tyrannical manner”. Tyranny is speaking in terms too extreme for ICANN, perhaps, it is undeniable that ICANN has grown larger in scope and size from its original incorporation. It was incorporated, as Professor DeNardis has noted [Protocol Politics, 161], to perform technical coordination of the global DNS and other functions performed originally by Jon Postel as IANA.

Today, in addition to technical coordination and policy-setting for names and numbers (through the gPDP), ICANN is a major player in the Internet governance institutional space; its involvement in and aggressive marketing of the NETmundial Initiative is but an example. For instance, ICANN budgets for less than US $10 million for providing core Internet functions out of a US $160 million strong budget (FY2015). It has budgeted, in comparison, US $13 million for travel and meetings alone (FY2015). Separating IANA from ICANN will, as others have suggested, protect it from political or other influences within ICANN.

In any event, once the NTIA terminates the IANA functions contract, IANA is not strictly required to be within the US. At the moment, Clause C.2.1 of the IANA functions contract requires that the IANA functions operator be “a wholly U.S. owned and operated firm or fully accredited United States University or College operating in one of the 50 states of the United States or District of Columbia; b) incorporated within one of the fifty (50) states of the United States or District of Columbia; and c) organized under the laws of a state of the United States or District of Columbia”.

Were structural separation to be achieved, IANA could be incorporated in another, neutral jurisdiction. Not only would be assuage optical considerations and ensure separation of powers, but as our experience with filtering on the Internet shows (see, for instance, the Open Net Initiative’s research), unilateral controls are much harder to enforce when the apparatus is decentralized.

The third concern raised at the CCG Briefing Event concerned the funding of the new entities proposed by the CWG-Names. Would these entities be self-financing, or perhaps ICANN would support them? While some participants felt ICANN could also provide financial support, this would, in my view, bring ICANN too close to its oversight entities, and increase chances of influence.

For more details visit http://editors.cis-india.org/internet-governance/blog/icann-accountability-iana-transition-and-open-questions

IANA Transition Recommendatory Brief

geetha — 2014-06-22T09:21:57Z

Policy brief with recommendations for process-design principles for IANA transition

For more details visit http://editors.cis-india.org/internet-governance/blog/cis-policy-brief-ii-iana-transition-suggestions-for-process-design

IANA Transition - Descriptive Brief

geetha — 2014-06-22T03:32:08Z

A brief describing the IANA transition process so far, and outlining the Indian government's views on the same.

For more details visit http://editors.cis-india.org/internet-governance/blog/iana-transition-descriptive-brief

High Level Track

geetha — 2014-06-20T13:20:52Z

Opening Ceremony, WSIS+10 High Level Event

For more details visit http://editors.cis-india.org/internet-governance/blog/copy2_of_HighLevelTrack.jpg

High Level Track

geetha — 2014-06-20T13:14:42Z

Opening Ceremony, WSIS+10 High Level Event

For more details visit http://editors.cis-india.org/copy_of_HighLevelTrack.jpg

High Level Track

geetha — 2014-06-20T13:13:46Z

Opening Ceremony, WSIS+10 High Level Event

For more details visit http://editors.cis-india.org/HighLevelTrack.jpg

High Level Dialogues

geetha — 2014-06-20T13:23:05Z

Prof. Vladimir Minkin delivers a statement.

For more details visit http://editors.cis-india.org/internet-governance/blog/HighLevelDialogues.jpg

Good Intentions, Recalcitrant Text – II: What India’s ITU Proposal May Mean for Internet Governance

geetha — 2014-11-03T07:07:16Z

The UN's International Telecommunications Union (ITU) is hosting its Plenipotentiary Conference (PP-14) this year in South Korea. At PP-14, India introduced a new draft resolution on ITU's Role in Realising Secure Information Society. The Draft Resolution has grave implications for human rights and Internet governance. Geetha Hariharan explores.

Disclaimer and update (2 November 2014): India's Draft Resolution was discussed during the meeting of the Ad Hoc Working Group on Internet-related Resolutions at the ITU Plenipot on the evening of November 1, 2014 (KST). After the discussion, India revised the text of the resolution, seeking to address concerns raised by ITU member states. The revised resolution may be found here. However, this blog post was written with reference to the original text of India's Draft Resolution.

***

As I mentioned in my last post, India’s Draft Resolution on ‘ITU’s Role in Realising Secure Information Society’ raises security and equity concerns. The Draft Resolution has 3 security concerns: (i) security weaknesses in the network architecture that permit “camouflaging the identity of the originator of the communication” and make “tracing of communication difficult”; (ii) non-systematic, non-contiguous allocation of naming, numbering and addressing resources on the Internet, which makes it difficult to identify both the users and what states the IP addresses are located in; (iii) non-local routing and address resolution relating to traffic originating and terminating in the same country. Op. §§1, 3-7 seek to address these. It also identifies the present system of allocation of naming, numbering and addressing resources as inequitable, unfair, unjust and undemocratic (Op. §2 of the Draft Resolution offers a solution). I discussed some human rights implications of India’s Draft Resolution in my last post.

In this post, I explore the implications of the Draft Resolution for Internet governance and multi-stakeholder approaches (most notably, an equal footing model).[1] Given the uncertainties around defining multi-stakeholderism for Internet governance, this is rather ambitious. So I will try to point to concerns with certain textual interpretations of the Draft Resolution, map that against the positions India’s representatives have taken on Internet governance in the past, and the motivations/concerns that underlie the tabling of the Draft Resolution. This Resolution may not be the best way to allay India's concerns, for there are technical and rights implications. But the concerns it raises are worth discussion and knowledge, and at forums where concerns are heard, acknowledged and discussed collectively. The text of the Draft Resolution and its attendant implications are not, then, the sole subjects of this post.

The Draft Resolution and Internet governance:

The text of the Draft Resolution is problematic. Many of its clauses may be seen as taking positions against multi-stakeholder approaches to Internet governance. Introducing such a resolution at the ITU may itself bring back memories of the controversies surrounding Resolution 3 of the World Conference on International Telecommunications (WCIT), 2012.[2] In 3 ways, the text of the Draft Resolution has indications for multi-stakeholder approaches.

First, the Draft Resolution frames issues primarily from the perspective security. In its preamble, the Draft Resolution makes several references to security threats posed by and on the Internet. For instance, it points to the ability of the network to “camouflage the identity of the originator of the communication” (Pream. §(e) [recognizing]), as well as national security concerns in the present-day system of routing Internet traffic through multiple countries (Pream. §§(f) and (g), [recognizing]). The apparent difficulty in tracing IP addresses, due to their random allocation, is another concern (Pream. §(h), [recognizing]). Among the “significant public policy issues” identified in telecom/ICT management, “security and safety of the Telecom/ICTs” is specifically noted (Pream. §(i) [considering]). In the Context note to the Draft Resolution and in several places in the Preamble, there are references to ITU Resolution 130 (‘Strengthening the role of ITU in building confidence and security in the use of information and communication technologies’) and ITU’s Cyber-security Agenda. Given the (legitimate or otherwise) disproportionate involvement of governments and not other stakeholders in matters of cyber-security, the framing of issues from a security perspective may lend itself to worries for multi-stakeholderism. Specifically, the Draft Resolution notes: “ensuring security of ICT networks is sovereign right of Member States” (Pream. §(b) [recognizing]).

Second, the Draft Resolution emphasizes the sovereign right of states to regulate and control telecom/ICT. It says, for instance, “it is the sovereign right of each state to regulate its telecommunication” (Pream. §(b) [considering]). With regard to the Internet, the Context note to the Draft Resolution (page 1) considers the Internet to be synonymous with telecom/ICTs: “the Telecom/ICTs, which in common lexicon is used interchangeably many times as Internet…”. Public telecom networks managed by telecom service providers, interconnected with other networks, are necessary for “proper functioning of a telecom network resources namely, among others, naming, numbering and addressing” (Pream. §(k) [considering]). It is worth noting that the sovereign authority of states over Internet public policy issues is settled text from §35 of the Tunis Agenda, though expressing it as synonymous with telecom may lead to possibilities of licensing and registration, which Bulgaria, for instance, does not do.

Third, the Draft Resolution identifies issues of equity and fairness in the allocation of Internet resources such as naming, numbering and addressing (Pream. §(g) [consdering], Op. §2). It states that to correct this inequity, “facilitation and collaboration among international, inter-governmental organizations and individual member states to ensure planning, implementation, monitoring and cooperation in its policies” is required (Pream. §(g) [considering]). In operative paragaphs, our Draft Resolution calls for collaboration with “all the concerned stakeholders including International and intergovernmental organizations to develop policies for allocation, assignment and management of IP resources including naming, numbering and addressing which is systematic, equitable, fair, just, democratic and transparent” (Op. §2). One may pay attention to the oversight over implementation and the necessity of inter-governmental involvement in planning and monitoring as problematic to iterations of multi-stakeholderism.

These concerns are valid and legitimate, and it is desirable that the text of the resolution be altered to address them. The text should also be altered to address the human rights concerns I point out in my previous post. But human rights enforcement or implementation is within the domain of states, though civil society may be a careful watchdog. The Draft Resolution's text, most certainly, will face certain oppositions: for instance, that it is outside the scope and mandate of the ITU. That the ITU does not deal with content regulation – and this issue touches upon content – will be mentioned. That Internet governance is already being discussed and performed in multiple other multi-stakeholder fora, such as ICANN, the NRO and RIRs, IGF and WSIS, will be emphasized. That the Draft Resolution implicates national security concerns will be mentioned as well. But as an aside, on national security: under international law, states always mention their prerogative over national security, and so as a matter of international custom, national security is outside the scope of agreements unless expressly surrendered.

At the same time, debates around the role of ITU in Internet governance are not new, and those familiar will remember the ITU’s views right before the creation of ICANN (also see Mueller, Ruling the Root 145-48 (2002)), Resolution 3 of the WCIT, and the constant tug-of-war since then. The new Secretary-General of the ITU, Mr. Houlin Zhao, wrote a note in October 2004, before the Tunis phase of the WSIS, justifying ITU’s involvement in Internet governance, advocating that IPv6 address blocks be allocated to countries. Mr. Zhao describes, with specific examples, ITU's role in the development and widespread growth of the Internet. He takes the examples of standards developed within the ITU and ITU's policy role in liberalisation and spread of telecommunications (such as Articles 4 & 9 of the 1988 ITRs).

Mr. Zhao’s concrete proposals are rendered inapplicable by the creation of the NRO and RIRs, and the growth and entrenchment of ICANN. But it may be argued that his principled justifications for ITU involvement remain. It is these that India hopes to highlight, I was told, along with the inequities in resource allocation (IPv4 was spoken of), and the disproportionate weight some states enjoy in Internet governance. Her concerns are, I am told, also shared by some other states. Given that the text exhibits a less-than-friendly approach to multi-stakeholderism, India's previous positions on the issue are of interest. While this would not correct the snags in the Draft Resolution's text, allaying these concerns may be ideal to craft an inclusive and transparent multi-stakeholder model for Internet governance.

India and Multi-stakeholderism in Internet Governance:

India’s position on multi-stakeholder models for Internet governance is a matter of some obscurity. Statements at various forums exhibit a certain disagreement – or at the least, lack of engagement – among India’s ministries on our position on multi-stakeholder approaches, particularly the Ministry of External Affairs (MEA), the Department of Telecommunications (DOT) and the Department of Electronics and Information Technology (DeitY), both within the Ministry of Communications and Information Technology (MCIT). While both the MEA and DOT have been cautious supporters of a diluted form of multi-stakeholderism (they have repeatedly emphasized §35 of the Tunis Agenda), DeitY has been more open in entertaining multi-stakeholder approaches for Internet governance.

At the 66^th session of UN General Assembly, Mr. Dushyant Singh, Member of India’s Parliament from the Bharatiya Janata Party, presented our proposal for a Committee on Internet-related Policies. The proposal sought the establishment of a UN committee comprising 50 member-states, with advisory groups including the private sector and civil society, to deal with Internet-related matters.[3] Though India was not opposed to multi-stakeholder advisories in its CIRP proposal, it was less than inviting in this regard.

At NETmundial (April 2014), the Indian government’s contribution document highlighted §35 of the Tunis Agenda, which delineates ‘roles and responsibilities’ of ‘respective stakeholders’ – i.e., governments (with whom reside “sovereign policy authority”), the private sector (technical and economic development of the Internet) and civil society (grassroots participation). At NETmundial, Mr. Vinay Kwatra of the MEA echoed this, also noting the lack of consensus on what multi-stakeholderism means for Internet governance (page 64).

Admittedly, this is a legitimate concern. Internet governance at various fora does not seem to have a clear answer on what multi-stakeholderism means. The debate was/is alive, for instance, at NETmundial 2014, the ICANN-convened IANA transition process, the World Economic Forum’s new NETmundial Initiative, and in the many calls and suggestions (pages 38-46) made over the years on strengthening the IGF (see also, Malcolm, Multi-stakeholder Governance and the IGF (2008), chapter 6). It is hardly surprising then, that India and other states raise this as a concern.

With regard to multi-stakeholderism, the DeitY in India has been the outlier. Speaking at the 2014 IGF in Istanbul, Mr. R.S. Sharma, Secretary (DeitY), expressed “no doubt that Internet Governance mechanism require the involvement of all the stakeholders, since the evolution of Internet has been a product of many different diverse groups working together in a loosely coordinated manner”, advocating strengthening of the IGF and pointing to India’s proposed India-IGF as an example of multi-stakeholderism at home. Most interestingly, Mr. Sharma did not focus on international Internet-related policies being the “sovereign policy authority of states”. Also in the transcripts of the four meetings of the Working Group on Enhanced Cooperation under the Committee for Science, Technology and Development (CSTD), I have been unable to find outright rejections of multi-stakeholder approaches, though India has not advocated multi-stakeholderism unequivocally either.

But this – the emphasis on “sovereign policy authority of states” in Internet governance – has been a consistent position for India, especially the MEA and DOT. Here at the ITU PP-14 as well, members of the Indian delegation also emphasized states’ sovereign monopoly over policy matters. “Why not take this to the ITU”, I was asked, as “many governments are uncomfortable” with the way Internet governance is being conducted at other fora. There are grave concerns, I was told, about the possibility of excessive control some governments have over both user and government data of other states (government-speak, of course, for the Snowden revelations).

These are, of course, concerns similar to those of authoritarian governments, or those reluctant to open up to multi-stakeholderism and looking for excuses to retain/increase government control. But it is equally possible that these concerns need not be limited only to such states. Perhaps for developing countries as well, these are real concerns. In conversation with members of the Indian delegation at the ITU Plenipot, I was able to discern 3 broad concerns. First, the definition of multi-stakeholderism in Internet governance. India has not shown herself comfortable with an all-out endorsement of multi-stakeholderism. This is troubling. Civil society and the private sector in India will attest to the difficulties in engaging with our government at all levels. For instance, seeking a place on India's delegation for the Plenipot proved a disheartening exercise for some members of India's civil society.

But there are also conflicting indications. India is in the process of instituting an India-IGF, and CIS' Executive Director, Sunil Abraham, is on the MAG. India expressed agreement, at least in informal conversation, to opening up ITU documents to the public on grounds of public interest. The Law Commission of India recently conducted a multi-stakeholder consultation on media laws in India, and Telecom Regulatory Authority of India (TRAI) regularly conducts consultations, though the private sector is more active there. What is lacking in India, however, is a set of clear procedures and processes for multi-stakeholder engagement, particularly on Internet issues. Clear, public, accessible, foreseeable and predictable set of rules or processes on participation from civil society, private sector and academia would make a world of difference to multi-stakeholderism within India. But this lack should not blind states or other stakeholders to the genuineness of privacy/security or equity concerns - for instance, of the protection of our information from mass surveillance or the feasibility and actual participation of developing countries at many Internet governance fora.

Second, members of the delegation expressed concern over inequalities in the allocation of naming, numbering and addressing resources. While I am uncertain how IPv6 allocation falls within this concern, the inequalities of IPv4 allocations are well documented. To gather a sense of this, it would be useful to read chapter 5 of Professor DeNardis’ Protocol Politics, and to glance at Figure 5.7 (page 173). Africa controls, for instance, a mere 1% of all available IPv4 addresses, while North America and Europe control about 63%. A study on engagement from the Asia-Pacific in Internet standards organisations shows, for instance, greater participation from Western countries and from some states like Japan.[4] India and other states from Asia and Africa have lesser participation. Even at ICANN, with efforts to increase participation, meaningful engagement is still from a majority of Western countries. Perhaps states and other stakeholders on the other side of the table can address these concerns through clear, inclusive, non-discriminatory commitments and implementation.

Third, India emphasized how the Draft Resolution does not propose that ITU be involved in content management or resources control, but only seeks to systematize allocation by asking the ITU Secretary General to collaborate and coordinate with other Internet governance organisations to create a set of principles for fair, equitable, transparent and democratic - as well as secure - allocation of resources. ITU Resolution 101 already instructs the Secretary General to collaborate with relevant Internet governance organisations, and the Draft Resolution merely seeks to spell out his tasks. However, as I pointed out in my previous post, the text of the Draft Resolution is at odds with this intention of India's. By dint of its drafting, it gravely implicates human rights, as well as touching upon resource allocation oversight ("needs to be adhere to" in Op. §2). To reflect the above stated intention, the Draft Resolution would need to be redrafted.

Finally, the text of the Draft Resolution exhibits, unfortunately, a certain disregard for existing network architecture and efficiency within the Internet, and to the principles of a free, open and inter-operable and unified Internet, when it seeks to develop a network architecture that facilitates (domestic) localization of traffic-routing, address resolution and allocation of naming, numbering and addressing. An argument may, of course, be made in favour of efficiency and costs, including reduced latency. But it is clear that this has the potential to increase domestic surveillance capabilities and government censorship of content. In any case, traffic localization (if not local address resolution) can be achieved without ITU coordination: through Internet Exchange Points, and through more efficient and better-negotiated peering and transit arrangements (pages 14-17). Internationally coordinated rules for localized traffic routing is not necessary; you just need to have a more efficient Internet Exchange Point. How to get more ISPs to interconnect through India’s National Internet Exchange (NIXI) is one of the very questions that India’s Telecom Regulatory Authority has taken up in its recent consultation on expanding broadband access (page 49). So it is possible that India's concerns could be addressed without ITU involvement, though I am unsure of its impact on the global Internet.

The Draft Resolution will be discussed at the ITU Plenipot today. The discussion will allow India and sympathetic countries to raise several of their concerns relating to the present system of Internet governance, and the direction of its progress. I will report on these discussions upon their completion.

A Note on Limitations:

The aim of this post is to clarify. I would caution against its being the last word on anything, much less India’s positions on Internet governance. An issue as important as this needs far greater access to and confirmation from India’s government – and a more in-depth understanding of the politics – than I do, at the moment.

At the same time, India has not been a model for civil society engagement, as illustratively, the Narmada Bachao Andolan and/or P. Sainath’s evaluation of government policies in Everybody Loves a Good Drought reveal. It has been harder to effectively engage with India’s government than in many states in North America, Latin America and Europe. But I believe the complex dynamics of that is not unique to India. The NSA and GCHQ revelations (as an example of governmental trust deficit of unmatched proportions) have shown that where governments want to keep everyone out and oblivious, they do it well.

I am not in favour of a purely multilateral approach to Internet governance. But at the same time, I share concerns over definition and the evolution of processes as well, as I am sure others in civil society also do. Particularly on the issue of Internet governance and multi-stakeholderism, evidence reveals inconsistency among India’s various ministries. Until this is addressed by our government (hopefully in consultation with all concerned stakeholders), an open mind would probably be the best thing we - including states - could keep.

Acknowledgements: I would like to thank Sunil Abraham, Pranesh Prakash, Rishabh Dara, Arun Sukumar, Anja Kovacs and Parminder Jeet Singh for the freedom to bounce ideas, feedback and the many discussions about multi-stakeholder approaches and Internet governance. I also wish to acknowledge Samir Saran’s article in CFR, which offers an interesting perspective on India’s Draft Resolution.

[1] For this post, I will use ‘multi-stakeholder approaches’ as an umbrella term, but would urge readers to keep in mind the many uncertainties and disagreements about defining multi-stakeholderism for Internet governance. These disagreements exist among and within all stakeholders, including government and civil society. In addition to various iterations of the ‘equal footing model’, the model proposed in §35 of the Tunis Agenda is also multi-stakeholder, albeit in a different – and for many in civil society, less desirable – sense.

[2] For those unacquainted with WCIT, see Mueller, ITU Phobia: Why WCIT was derailed, Internet Governance Blog (18 December 2012), http://www.internetgovernance.org/2012/12/18/itu-phobia-why-wcit-was-derailed/; Kleinwächter, WCIT and Internet governance: Harmless resolution or Trojan horse?, CircleID Blog (17 December 2012), http://www.circleid.com/posts/20121217_wcit_and_internet_governance_harmless_resolution_or_trojan_horse/.

[3] For a commentary, see Mueller, A United Nations Committee for Internet-related Policies? A Fair Assessment, Internet Governance Blog (29 October 2011), http://www.internetgovernance.org/2011/10/29/a-united-nations-committee-for-internet-related-policies-a-fair-assessment/.

[4] Contreras, Divergent Patterns of Engagement in Internet Standardization: Japan, Korea and China. I am unable to find this paper online. Please email me for information.

For more details visit http://editors.cis-india.org/internet-governance/blog/good-intentions-recalcitrant-text-2013-ii-what-india2019s-itu-proposal-may-mean-for-internet-governance

Good Intentions, Recalcitrant Text - I: Why India’s Proposal at the ITU is Troubling for Internet Freedoms

geetha — 2014-11-02T15:13:45Z

At the 2014 Plenipotentiary Conference (‘PP-14’ or ‘Plenipot’) of the International Telecommunications Union (ITU), India has tabled a draft proposal on “ITU’s Role in Realising Secure Information Society” [Document 98, dated 20 October 2014] (“Draft Resolution”). India’s proposal has incited a great deal of concern and discussion among Plenipot attendees, governments and civil society alike. Before offering my concerns and comments on the Draft Resolution, let us understand the proposal.

Our Draft Resolution identifies 3 security concerns with exchange of information and resource allocation on the Internet:

First, it is troubling for India that present network architecture has “security weaknesses” such as “camouflaging the identity of the originator of the communication”;[1] random IP address distribution also makes “tracing of communication difficult”;[2]
Second, India is concerned that under the present allocation system of naming, numbering and addressing resources on the Internet, it is impossible or at the very least, cumbersome to identify the countries to which IP address are allocated;[3]
Third, India finds it insecure from the point of view of national security that traffic originating and terminating in the same country (domestic traffic) often routes through networks overseas;[4] similarly, local address resolution also routes through IP addresses outside the country or region, which India finds troubling.[5]

In an effort to address these concerns, the Draft Resolution seeks to instruct the ITU Secretary General:

First, to develop and recommend a ‘traffic routing plan’ that can “effectively ensure the traceability of communication”;[6]
Second, to collaborate with relevant international and intergovernmental organisations to develop an “IP address plan” which facilitates identification of locations/countries to which IP addresses are allocated and coordinates allocation accordingly;[7]
Third, to develop and recommend “a public telecom network architecture” that localizes both routing[8] as well as address resolution[9] for local/domestic traffic to “within the country”.

Admittedly, our Draft Resolution is intended to pave a way for “systematic, fair and equitable allocation” of, inter alia, naming, numbering and addressing resources,[10] keeping in mind security and human rights concerns.[11] In an informal conversation, members of the Indian delegation echoed these sentiments. Our resolution does not, I was told, raise issues about the “concentration of control over Internet resources”, though “certain governments” have historically exercised more control. It also does not, he clarified, wish to make privacy or human rights a matter for discussion at the ITU. All that the Draft Resolution seeks to do is to equip the ITU with the mandate to prepare and recommend a “roadmap for the systematization” of allocation of naming, numbering and addressing resources, and for local routing of domestic traffic and address resolution. The framework for such mandate is that of security, given the ITU’s role in ‘building confidence and security in the use of ICTs’ under Action Line C5 of the Geneva Plan of Action, 2003.

Unfortunately, the text of our Draft Resolution, by dint of imprecision or lack of clarity, undermines India’s intentions. On three issues of utmost importance to the Internet, the Draft Resolution has unintended or unanticipated impacts. First, its text on tracing communication and identity of originators, and systematic allocation of identifiable IP address blocks to particular countries, has impacts on privacy and freedom of expression. Given Edward Snowden’s NSA files and the absence of adequate protections against government incursions or excesses into privacy,[12] either in international human rights law or domestic law, such text is troublesome. Second, it has the potential to undermine multi-stakeholder approaches to Internet governance by proposing text that refers almost exclusively to sovereign monopolies over Internet resource allocation, and finally, displays a certain disregard for network architecture and efficiency, and to principles of a free, open and unified Internet, when it seeks to develop global architecture that facilitates (domestic) localization of traffic-routing, address resolution and allocation of naming, numbering and addressing.

In this post, I will address the first concern of human rights implications of our Draft Resolution.

Unintended Implications for Privacy and Freedom of Expression:

India’s Draft Resolution has implications for individual privacy. At two different parts of the preamble, India expresses concerns with the impossibility of locating the user at the end of an IP address:

Pream. §(e): “recognizing… that the modern day packet networks, which at present have many security weaknesses, inter alia, camouflaging the identity of originator of the communication”;
Pream. §(h): “recognizing… that IP addresses are distributed randomly, that makes the tracing of communication difficult”.

The concerns here surround difficulties in tracking IP addresses due to the widespread use of NATs, as also the existence of IP anonymisers like Tor. Anonymisers like Tor permit individuals to cover their online tracks; they conceal user location and Internet activity from persons or governments conducting network surveillance or traffic analysis. For this reason, Tor has caused much discomfort to governments. Snowden used Tor while communicating with Laura Poitras. Bradley (now Chelsea) Manning of Wikileaks fame is reported to have used Tor (page 24). Crypto is increasingly the safest – perhaps the only safe – avenue for political dissidents across the world; even Internet companies were coerced into governmental compliance. No wonder, then, that governments are doing all they can to dismantle IP anonymisers: the NSA and GCHQ have tried to break Tor; the Russian government has offered a reward to anyone who can.

Far be it from me to defend Tor blindly. There are reports suggesting that Tor is being used by offenders, and not merely those of the Snowden variety. But governments must recognize the very obvious trust deficit they face, especially after Snowden’s revelations, and consider the implications of seeking traceability and identity/geolocation for every IP address, in a systematic manner. The implications are for privacy, a right guaranteed by Article 17 of the International Covenant on Civil and Political Rights (ICCPR). Privacy has been recognized by the UN General Assembly as applicable in cases of surveillance, interception and data collection, in Pream. §4 of its resolution The Right to Privacy in the Digital Age. But many states do not have robust privacy protections for individuals and data. And while governments may state the necessity to create international policy to further effective criminal investigations, such an aim cannot be used to nullify or destroy the rights of privacy and free speech guaranteed to individuals. Article 5(1), ICCPR, codifies this principle, when it states that States, groups or persons may not “engage in any activity or perform any act aimed at the destruction of any of the rights and freedoms recognized herein…”.

Erosion of privacy has a chilling effect on free speech [New York Times v. Sullivan, 376 U.S. 254], so free speech suffers too. Particularly with regard to Tor and identification of IP address location and users, anonymity in Internet communications is at issue. At the moment, most states already have anonymity-restrictions, in the form of identification and registration for cybercafés, SIM cards and broadband connections. For instance, Rule 4 of India’s Information Technology (Guidelines for Cyber Cafe) Rules, 2011, mandates that we cannot not use computers in a cybercafé without establishing our identities. But our ITU Draft Resolution seeks to dismantle the ability of Internet users to operate anonymously, be they political dissidents, criminals or those merely acting on their expectations of privacy. Such dismantling would be both violative of international human rights law, as well as dangerous for freedom of expression and privacy in principle. Anonymity is integral to democratic discourse, held the US Supreme Court in McIntyre v. Ohio Elections Commission [514 U.S. 334 (1995)].[13] Restrictions on Internet anonymity facilitate communications surveillance and have a chilling effect on the free expression of opinions and ideas, wrote Mr. Frank La Rue, Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression (¶¶ 48-49).

So a law or international policy for blanket identification and traceability of IP addresses has grave consequences for and prima facie violates privacy, anonymity and freedom of speech. But these rights are not absolute, and can be validly restricted. And because these human rights are implicated, the ITU with its lack of expertise in the area may not be the adequate forum for discussion or study.

To be valid and justified interference, any law, policy or order interfering with privacy and free speech must meet the standards of reasonableness and proportionality, even if national security were the government’s legitimate aim, laid down in Articles 19(3) and 17 of the Covenant on Civil and Political Rights (CCPR) [Toonen v. Australia, Communication No. 488/1992, U.N. Doc CCPR/C/50/D/488/1992 (1994), ¶6.4]. And as the European Court of Human Rights found in Weber & Saravia v. Germany [Application no. 54934/00, 29 June 2006 (ECHR), ¶95], law or executive procedure that enables surveillance without sufficient safeguards is prima facie unreasonable and disproportionate. Re: anonymity, in Delfi AS v. Estonia [Application no. 64569/09, 17 February 2014, ¶83], while considering the liability of an Internet portal for offensive anonymous comments, the ECHR has emphasized the importance of balancing freedom of expression and privacy. It relied on certain principles such as “contribution to a debate of general interest, subject of the report, the content, form and consequences of the publication” to test the validity of government’s restrictions.

The implications of the suggested text of India’s Draft Resolution should then be carefully thought out. And this is a good thing. For one must wonder why governments need perfect traceability, geolocation and user identification for all IP addresses. Is such a demand really different from mass or blanket surveillance, in scale and government tracking ability? Would this not tilt the balance of power strongly in favour of governments against individuals (citizens or non-citizens)? This fear must especially arise in the absence of domestic legal protections, both in human rights, and criminal law and procedure. For instance, India’s Information Technology Act, 2000 (amended in 2008) has Section 66A, which criminalizes offensive speech, as well as speech that causes annoyance or inconvenience. Arguably, arrests under Section 66A have been arbitrary, and traceability may give rise to a host of new worries.

In any event, IP addresses and users can be discerned under existing domestic law frameworks. Regional Internet Registries (RIR) such as APNIC allocate blocks of IP addresses to either National Internet Registries (NIR – such as IRINN for India) or to ISPs directly. The ISPs then allocate IP addresses dynamically to users like you and me. Identifying information for these ISPs is maintained in the form of WHOIS records and registries with RIRs or NIRs, and this information is public. ISPs of most countries require identifying information from users before Internet connection is given, i.e., IP addresses allocated (mostly by dynamic allocation, for that is more efficient). ISPs of some states are also regulated; in India, for instance, ISPs require a licence to operate and offer services.

If any government wished, on the basis of some reasonable cause, to identify a particular IP address or its user, then the government could first utilize WHOIS to obtain information about the ISP. Then ISPs may be ordered to release specific IP address locations and user information under executive or judicial order. There are also technical solutions, such as traceroute or IP look-up that assist in tracing or identifying IP addresses. Coders, governments and law enforcement must surely be aware of better technology than I.

If we take into account this possibility of geolocation of IP addresses, then the Draft Resolution’s motivation to ‘systematize’ IP address allocations on the basis of states is unclear. I will discuss the implication of this proposal, and that of traffic and address localization, in my next post.

[1] Pream. §(e), Draft Resolution: “recognizing… that the modern day packet networks, which at present have many security weaknesses, inter alia, camouflaging the identity of originator of the communication”.

[2] Pream. §(h), Draft Resolution: “recognizing… that IP addresses are distributed randomly, that makes the tracing of communication difficult”.

[3] Op. §1, Draft Resolution: “instructs the Secretary General… to collaborate with all stakeholders including International and intergovernmental organizations, involved in IP addresses management to develop an IP address plan from which IP addresses of different countries are easily discernible and coordinate to ensure distribution of IP addresses accordingly”.

[4] Pream. §(g), Draft Resolution: “recognizing… that communication traffic originating and terminating in a country also many times flows outside the boundary of a country making such communication costly and to some extent insecure from national security point of view”.

[5] Pream. §(f), Draft Resolution: “recognizing… that even for local address resolution at times, system has to use resources outside the country which makes such address resolution costly and to some extent insecure from national security perspective”.

[6] Op. §6, Draft Resolution: “instructs the Secretary General… to develop and recommend a routing plan of traffic for optimizing the network resources that could effectively ensure the traceability of communication”.

[7] Op. §1, Draft Resolution; see note 3.

[8] Op. §5, Draft Resolution: “instructs the Secretary General… to develop and recommend public telecom network architecture which ensures that effectively the traffic meant for the country, traffic originating and terminating in the country remains within the country”.

[9] Op. §4, Draft Resolution: “instructs the Secretary General… to develop and recommend public telecom network architecture which ensures effectively that address resolution for the traffic meant for the country, traffic originating and terminating in the country/region takes place within the country”.

[10] Context Note to Draft Resolution, ¶3: “Planning and distribution of numbering and naming resources in a systematic, equitable, fair and just manner amongst the Member States…”

[11] Context Note to Draft Resolution, ¶2: “…there are certain areas that require critical attention to move in the direction of building the necessary “Trust Framework” for the safe “Information Society”, where privacy, safety are ensured”.

[12] See, for instance, Report of the Office of the High Commission for Human Rights (“OHCHR”), Right to Privacy in the Digital Age, A/HRC/27/37 (30 June 2014), ¶34-35, http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf. See esp. note 30 of the Report, ¶35.

[13] Many thorny political differences exist between the US and many states (including India and Kenya, who I am told has expressed preliminary support for the Draft Resolution) with regard to Internet governance. Irrespective of this, the US Constitution’s First Amendment and judicial protections to freedom of expression remain a yardstick for many states, including India. India, for instance, has positively referred to the US Supreme Court’s free speech protections in many of its decisions; ex. see Kharak Singh v. State of Uttar Pradesh, 1963 Cri. L.J. 329; R. Rajagopal v. State of Tamil Nadu, AIR 1995 SC 264.

For more details visit http://editors.cis-india.org/internet-governance/blog/good-intentions-going-awry-i-why-india2019s-proposal-at-the-itu-is-troubling-for-internet-freedoms

FY14 Customer Payments summary

geetha — 2014-12-08T05:48:18Z

ICANN's FY14 domain name revenue summary

For more details visit http://editors.cis-india.org/internet-governance/blog/fy14-customer-payments-summary

FY14 Customer Payments final version

geetha — 2014-12-08T05:46:58Z

ICANN's detailed list of revenues from domain names

For more details visit http://editors.cis-india.org/internet-governance/blog/fy14-customer-payments-final-version