Centre for Internet and Society

FOEX Live: June 8-15, 2014

geetha — 2014-06-16T10:22:31Z

A weekly selection of news on online freedom of expression and digital technology from across India (and some parts of the world). Please email relevant news/cases/incidents to geetha[at]cis-india.org.

Karnataka:

A Hindu rightwing group demanded the arrest of a prominent activist, who during a speech on the much-debated Anti-superstition Bill, made comments that are allegedly blasphemous.

Kerala:

On June 10, the principal and six students of Government Polytechnic at Kunnamkulam, Thrissur, were arrested for publishing a photograph of Prime Minister Narendra Modi alongside photographs of Hitler, Osana bin Laden and Ajmal Kasab, under the rubric ‘negative faces’. An FIR was registered against them for various offences under the Indian Penal Code including defamation (Section 500), printing or engraving matter known to be defamatory (Section 501), intentional insult with intent to provoke breach of peace (Section 504), and concealing design to commit offence (Section 120) read with Section 34 (acts done by several persons in furtherance of common intention). The principal was later released on bail.

In a similarly unsettling incident, on June 14, 2014, a case was registered against the principal and 11 students of Sree Krishna College, Guruvayur, for using “objectionable and unsavoury” language in a crossword in relation to PM Narendra Modi, Rahul Gandhi, Shashi Tharoor, etc. Those arrested were later released on bail.

Maharashtra:

Facebook posts involving objectionable images of Dr. B.R. Ambedkar led to arson and vandalism in Pune. Police have sought details of the originating IP address from Facebook.

A Pune-based entrepreneur has set up a Facebook group to block ‘offensive’ posts against religious leaders. The Social Peace Force will use Facebook’s ‘Report Spam’ option to take-down of ‘offensive’ material.

Deputy Chief Minister Ajit Pawar suggested a ban on social media in India, and retracted his statement post-haste.

Punjab:

A bailable warrant was issued against singer Kailash Kher for failing to appear in court in relation to a case. The singer is alleged to have hurt religious sentiments of the Hindu community in a song, and a case registered under Sections 295A and 298, Indian Penal Code.

Uttar Pradesh:

The presence of a photograph on Facebook, in which an accused in a murder case is found posing with an illegal firearm, resulted in a case being registered against him under the IT Act.

News & Opinion:

Authors, civil society activists and other concerned citizens issued a joint statement questioning Prime Minister Modi’s silence over arrests and attacks on exercise of free speech and dissent. Signatories include Aruna Roy, Romila Thapar, Baba Adhav, Vivan Sundaram, Mrinal Pande, Jean Dreze, Jayati Ghosh, Anand Pathwardhan and Mallika Sarabhai.

In response to Mumbai police’s decision to take action against those who ‘like’ objectionable or offensive content on Facebook, experts say the freedom to ‘like’ or ‘share’ posts or tweets is fundamental to freedom of expression. India’s defamation laws for print and the Internet need harmonization, moreover.

While supporting freedom of expression, Minister for Information and Broadcasting Prakash Javadekar cautioned the press and all users of social media that the press and social media should be used responsibly for unity and peace. The Minister has also spoken out in favour of free publication, in light of recent legal action against academic work and other books.

Infosys, India’s leading IT company, served defamation notices on the Economic Times, the Times of India and the Financial Express, for “loss and reputation and goodwill due to circulation of defamatory articles”. Removal of articles and an unconditional apology were sought, and Infosys claimed damages amounting to Rs. 2000 crore. On a related note, Dr. Ashok Prasad argues that criminal defamation is a violation of freedom of speech.

Drawing on examples from the last 3 years, Ritika Katyal analyses India’s increasing violence and legal action against dissent and hurt sentiment, and concludes that Prime Minister Narendra Modi has both the responsibility and ability to “rein in Hindu hardliners”.

Discretionary powers resting with the police under the vaguely and broadly drafted Section 66A, Information Technology Act, are dangerous and unconstitutional, say experts.

Providing an alternative view, the Hindustan Times comments that the police ought to “pull up their socks” and understand the social media in order to effectively police objectionable and offensive content on the Internet.

Keeping Track:

Indconlawphil’s Free Speech Watch keeps track of violations of freedom of expression in India.

For more details visit http://editors.cis-india.org/internet-governance/blog/foex-live-june-8-15-2014

FOEX Live: June 1-7, 2014

geetha — 2014-06-07T13:33:45Z

A weekly selection of news on online freedom of expression and digital technology from across India (and some parts of the world).

Delhi NCR:

Following a legal notice from Dina Nath Batra, publisher Orient BlackSwan “set aside… for the present” Communalism and Sexual Violence: Ahmedabad Since 1969 by Dr. Megha Kumar, citing the need for a “comprehensive assessment”. Dr. Kumar’s book is part of the ‘Critical Thinking on South Asia’ series, and studies communal and sexual violence in the 1969, 1985 and 2002 riots of Ahmedabad. Orient BlackSwan insists this is a pre-release assessment, while Dr. Kumar contests that her book went to print in March 2014 after extensive editing and peer review. Dina Nath Batra’s civil suit led Penguin India to withdraw Wendy Doniger’s The Hindus: An Alternative History earlier this year.

The Delhi Police’s Facebook page aimed at reaching out to Delhi residents hailing from the North East proved to be popular.

Goa:

Shipbuilding engineer Devu Chodankar’s ordeal continued. Chodankar, in a statement to the cyber crime cell of the Goa police, clarified that his allegedly inflammatory statements were directed against the induction of the Sri Ram Sene’s Pramod Muthalik into the BJP. Chodankar’s laptop, hard-disk and mobile Internet dongle were seized.

Jammu & Kashmir:

Chief Minister Omar Abdullah announced the withdrawal of a four-year-old SMS ban in the state. The ban was instituted in 2010 following widespread protests, and while it was lifted for post-paid subscribers six months later, pre-paid connections were banned from SMSes until now.

Maharashtra:

In a move to contain public protests over ‘objectionable posts’ about Chhatrapati Shivaji, Dr. B.R. Ambedkar and the late Bal Thackeray (comments upon whose death led to the arrests of Shaheen Dhada and Renu Srinivasan under Section 66A), Maharashtra police will take action against even those who “like” such posts. ‘Likers’ may be charged under the Information Technology Act and the Criminal Procedure Code, say Nanded police.

A young Muslim man was murdered in Pune, apparently connected to the online publication of ‘derogatory’ pictures of Chhatrapati Shivaji and Bal Thackarey. Members of Hindu extremists groups celebrated his murder, it seems. Pune’s BJP MP, Anil Shirole, said, “some repercussions are natural”. Members of the Hindu Rashtra Sena were held for the murder, but it seems that the photographs were uploaded from foreign IP addresses. Across Maharashtra, 187 riotingcases have been registered against a total of 710 persons, allegedly in connection with the offensive Facebook posts.

On a lighter note, Bollywood hopes for a positive relationship with the new government on matters such as film censorship, tax breaks and piracy.

News & Opinion:

Shocking the world, Vodafone reported the existence of secret, direct-access wires that enable government surveillance on citizens. India is among 29 governments that sought access to its networks, says Vodafone.

I&B Minister Prakash Javadekar expressed his satisfaction with media industry self-regulation, and stated that while cross-media ownership is a matter for debate, it is the legality of transactions such as the Reliance-Network18 acquisition that is important.

Nikhil Pahwa of Medianama wrote of a ‘right to be forgotten’ request they received from a user in light of the recent European Court of Justice ruling. The right raises a legal dilemma in India, LiveMint reports. Medianama also comments on Maharashtra police’s decision to take action against Facebook ‘likes’, noting that at the very least, a like and a comment do not amount to the same thing.

The Hindu was scorching in its editorial on the Pune murder, warning that the new BJP government stands to lose public confidence if it does not clearly demonstrate its opposition to religious violence. The Times of India agrees.

Sanjay Hegde wrote of Section 66A of the Information Technology Act, 2000 (as amended in 2008) as a medium-focused criminalization of speech. dnaEdit also published its criticism of Section 66A.

Ajit Ranade of the Mumbai Mirror comments on India as a ‘republic of hurt sentiments’, criminalizing exercises of free speech from defamation, hate speech, sedition and Section 66A. But in this hurt and screaming republic, dissent is crucial and must stay alive.

A cyber security expert is of the opinion that the police find it difficult to block webpages with derogatory content, as servers are located outside India. But data localization will not help India, writes Jayshree Bajoria.

Dharma Adhikari tries to analyze the combined impact of converging media ownership, corporate patronage of politicians and elections, and recent practices of forced and self-censorship and criminalization of speech.

Elsewhere in the world:

In Pakistan, Facebook has been criticized for blocking pages of a Pakistani rock band and several political groups, primarily left-wing. Across the continent in Europe, Google is suffering from a popularity dip.

The National Council for Peace and Order, the military government in Thailand, has taken over not only the government,but also controls the media. The military cancelled its meetings with Google and Facebook. Thai protesters staged a quiet dissent. The Asian Human Rights Commission condemned the coup. For an excellent take on the coup and its dangers, please redirect here. For a round-up of editorials and op-eds on the coup, redirect here.

China has cracked down on Google, affecting Gmail, Translate and Calendar. It is speculated that the move is connected to the 25^th anniversary of the Tiananmen Square protests and government reprisal. At the same time, a Tibetan filmmaker who was jailed for six years for his film, Leaving Fear Behind, has been released by Chinese authorities. Leaving Fear Behind features a series of interviews with Tibetans of the Qinghai province in the run-up to the controversial Beijing Olympics in 2008.

Japan looks set to criminalize possession of child pornography. According to reports, the proposed law does not extend to comics or animations or digital simulations.

Egypt’s police is looking to build a social media monitoring system to track expressions of dissent, including “profanity, immorality, insults and calls for strikes and protests”.

Human rights activists asked Facebook to deny its services to the election campaign of Syrian President Bashar al-Assad, ahead of elections on June 3.

Call for inputs:

The Law Commission of India seeks comments from stakeholders and citizens on media law. The consultation paper may be found here. The final date for submission is June 19, 2014.

____________________________________________________________________________________________________________

For feedback and comments, Geetha Hariharan is available by email at geetha@cis-india.org or on Twitter, where her handle is @covertlight.

For more details visit http://editors.cis-india.org/internet-governance/blog/foex-live-june-1-7-2014

FOEX Live

geetha — 2014-07-07T12:36:49Z

Selections of news on online freedom of expression and digital technology from across India (and some parts of the world)

For feedback, comments and any incidents of online free speech violation you are troubled or intrigued by, please email Geetha at geetha[at]cis-india.org or on Twitter at @covertlight.

For more details visit http://editors.cis-india.org/internet-governance/blog/foex-live

DIDP Request #8: ICANN Organogram

geetha — 2015-03-17T11:39:16Z

CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of its oragnisational structure and headcount of all staff. CIS' request and ICANN's response are detailed below.

CIS Request

13 January 2015

To:

Mr. Steve Crocker, Chairman of the Board

Mr. Fadi Chehade, President and CEO

Mr. Samiran Gupta, ICANN India

Sub: ICANN organogram

In order to understand ICANN’s organizational structure, decision-making and day-to-day functioning, may we request an organogram of ICANN. We request that the organogram include ICANN’s reporting hierarchy, mentioning positions held in all departments. Wherever possible (such as middle and senior management), we request names of the ICANN staff holding the positions as well. Along with this, could you also provide a count per department of the number of ICANN staff employed in all departments as of this date?

We await your favorable response and the requested information within the prescribed time limit. Please do not hesitate to contact us should you require any clarifications.

Thank you very much.

Warm regards,

Geetha Hariharan

Centre for Internet & Society

W: http://cis-india.org

ICANN Response

ICANN does not provide all the information we requested, but it responded with the following:

First, ICANN has responded that its current staff headcount is approx. 310. ICANN states that it already makes publicly available an organisational chart. This is immensely useful, for it sets out the reporting hierarchies at senior and mid-managerial levels. However, it doesn't tell us the organisational structure categorised by all departments and staff in the said departments. The webpages of some of ICANN's departments list out some of its staff; for instance, Contractual Compliance, Global Stakeholder Engagement and Policy Development (scroll down).

What you will notice is that ICANN provides us a list of staff, but we cannot be sure whether the team includes more persons than those mentioned. Second, a quick glance at the Policy Development staff makes clear that ICANN selects from outside this pool to coordinate the policy development. For instance, the IANA Stewardship Transition (the CWG-IANA) is supported by Ms. Grace Abuhamad, who is not a member of the policy support staff, but coordinates the IANA mailing list and F2F meetings anyway. What this means is that we're no longer certain who within ICANN is involved in policy development and support, whom they report to, and where the Chinese walls lie. This is why an organogram is necessary: the policy-making and implementation functions in ICANN may be closely linked because of staff interaction, and effective Chinese walls would benefit from public scrutiny.

Now, ICANN says that one may explore staff profiles on the Staff page. While short biographies/profiles are available for most staff on the Staff page, it's unclear what departments they work in, how many staff members work each in department, whom they report to, and what the broad range of their responsibilities include.

Privacy concerns do not preclude the disclosure of such information for two reasons. First, staff profiles imply a consent to making staff information public (at least their place in the organisational structure, if not their salaries, addresses, phone extension numbers, etc.). Second, such information is necessary and helpful to scrutinise the effectiveness of ICANN's functioning. Like the example of the policy-making process mentioned above, greater transparency in internal functioning will itself serve as a check against hazards like partisanism, public comment aggregation, drafting of charters for policy-making and determining scope, etc. While the functioning itself may or need not change, scrutiny can ensure responsibility from ICANN and its staff.

ICANN's response to our DIDP request may be found here. A short summary of our request and ICANN's response may be found in this table (Request S. no. 8).

For more details visit http://editors.cis-india.org/internet-governance/blog/didp-request-8-organogram

DIDP Request #7: Globalisation Advisory Groups

geetha — 2015-03-17T10:07:26Z

CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking information regarding the creation and dissolution of the President's Globalisation Advisory Groups. The GAGs were created to advise the ICANN Board on its globalisation efforts, and to address questions on Affirmation of Commitments (AOC), policy structures, legal structure, root server system, the IANA multistakeholder accountability, and Internet governance. CIS' request and ICANN's response are detailed below.

CIS Request

12 January 2015

To:
Mr. Fadi Chehade, CEO and President

Mr. Steve Crocker, Chairman of the Board

Ms. Theresa Swineheart, Senior Advisor to the President on Strategy

Mr. Samiran Gupta, ICANN India

Sub: Creation and dissolution of the President’s Globalisation Advisory Groups

On 17 February 2014, at a Special Meeting of the ICANN Board, the Board passed a resolution creating the President’s Globalisation Advisory Groups.1 Six Globalisation Advisory Groups were created, including on IANA globalization, legal structures, Internet governance, the Affirmation of Commitments, policy structures and the root server system.2 According to the minutes of the meeting, the Advisory Groups were to meet with the community at ICANN49 (Singapore, March 2014), make recommendations to the Board, and the Board would present their reports at ICANN50 (London, June 2014).3 Mr. Chehade was vested with the authority to change the Advisory Groups and their composition without the need for a further resolution, but the manner of dissolution was not laid out.

ICANN lists the Advisory Groups on its “Past Groups” page, with no further information.4 Presumably, the Groups remained in existence for at most one month. No explanation is provided for the reasons regarding the dissolution of all the Advisory Groups. There are no reports or transcripts of meetings with the community at ICANN49 or recommendations to Mr. Chehade or the Board.

The Globalisation Advisory Groups covered issues crucial for ICANN and the global Internet governance community, including its seat (“Legal Structures”), the Affirmation of Commitments (considered critical for ICANN’s accountability), the IANA stewardship transition, and ICANN’s (increasing) involvement in Internet governance. Given this, we request the following information:

Of the six Globalisation Advisory Groups created, is any Group active as of today (12 January 2015)?
When and how many times did any of the Groups meet?
On what date were the Groups dissolved? Were all Groups dissolved on the same date?
By what mechanism did the dissolution take place (oral statement, email)? If the dissolution occurred by way of email or statement, please provide a copy of the same.
Did any of the six Globalisation Advisory Groups present any report, advice, or recommendations to Mr. Chehade or any member(s) of the Board, prior to their dissolution? If yes, please provide the report/recommendations (if available) and/or information regarding the same.
Why were the Advisory Groups dissolved? Has any reason been recorded, and if not, please provide an explanation.

We await your favorable response and the requested information within the prescribed time limit. Please do not hesitate to contact us should you require any clarifications.

Thank you very much.

Warm regards,
Geetha Hariharan
Centre for Internet & Society

ICANN Response

ICANN's response to this request is positive. ICANN states that the Board did indeed set up the six Globalisation Advisory Groups (GAGs) on 17 February 2014 to tackle issues surrounding ICANN's globalisation efforts. The Affirmation of Commitments (AOC), policy structures, legal structure, root server system, the IANA multistakeholder accountability, and Internet governance were issues taken up by the GAGs. However, after the NTIA made its announcement regarding the IANA transition in March 2014, the GAGs were disbanded so as to avoid duplication of work on issues that "had a home in the global multistakeholder discussions". As a result, by a Board resolution dated 27 March 2014, the GAGs were dissolved.

This is an example of a good response to an information request. Some documentation regarding the creation and dissolution of the GAGs existed, such as the Board resolutions. The response points us to these documents, and summarises the reasons for the GAGs' creation and dissolution.

It is possible that this response is clear/comprehensive because the GAGs no longer exist, and in any event, did not perform any work worth writing about. Queries about ICANN's involvement in Internet governance (NETmundial, the NETmundial Initiative, etc.) garner responses that are, to say it informally, cage-y and surrounded by legalese.

ICANN's response to our DIDP request may be found here. A short summary of our request and ICANN's response may be found in this table (Request S. no. 7).

[1] See Approved Board Resolutions | Special Meeting of the Board, https://www.icann.org/resources/board-material/resolutions-2014-02-17-en.

[2] See President’s Globalisation Advisory Groups, https://www.icann.org/en/system/files/files/globalization-19feb14-en.pdf.

[3] See Minutes | Special Meeting of the Board, https://www.icann.org/resources/board- material/minutes-2014-02-17-en.

[4] See Past Committees, Task Forces, and Other Groups, https://www.icann.org/resources/pages/past-2012-02-25-en.

For more details visit http://editors.cis-india.org/internet-governance/blog/didp-request-7-globalisation-advisory-groups

DIDP Request #6: Revenues from gTLD auctions

geetha — 2015-03-10T10:59:37Z

CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking information regarding revenues received from gTLD auctions. CIS' request and ICANN's response are detailed below.

CIS Request

12 January 2015

To:

Mr. Fadi Chehade, CEO and President

Mr. Steve Crocker, Chairman of the Board

Sub: Revenues from gTLD auctions

It is our understanding that an auction for a Generic Top Level Domain (gTLD) is used as a last-resort mechanism in order to resolve string contention, i.e., when there are groups of applications for same or confusingly similar new gTLDs. As of now, the ICANN website only furnishes information of the winning applicant and the winning price, as regards each new gTLD auction.[1] We have observed that information regarding the bids from all other applicants is not available. The revenue information provided to us[2] does not include revenues from new gTLDs.

In this regard, we request you to provide us with the following information:

(i) How many gTLDs have been sold via the auction process, since its inception?

(ii) What were the starting and winning bids in the ICANN auctions conducted?

(iii) What revenue has ICANN received from the gTLD auctions, since the first ICANN auction was conducted? Please also provide information about the winner (name, corporate information provided to/ available with ICANN).

(iv) How are proceeds from the gTLD auction process utilized?

We believe that this information will give us a framework for understanding the gTLD auction process within ICANN. Furthermore, it will assist us in understanding the manner and purpose for which the proceeds from the auctioning process are utilized, in the broader structure of ICANN transparency and accountability.

We hope that our request will be processed within the stipulated time period of 30 days. Do let us know if you require any clarifications on our queries.

Warm regards,

Lakshmi Venkataraman,

IV Year, NALSAR University of Law, Hyderabad,

for Centre for Internet & Society

W: http://cis-india.org

ICANN Response

ICANN's response to the above query is positive. ICANN states that all information surrounding the auctions is available on the New gTLDs microsite, and on the Auctions page: http://newgtlds.icann.org/en/applicants/auctions. The current status of auction proceeds and costs are available at http://newgtlds.icann.org/en/applicants/auctions/proceeds, and auction results are at https://gtldresult.icann.org/application-result/applicationstatus/auctionresults. The utilization of proceeds from the auctions is yet to be decided by the ICANN Board: “[auction] proceeds will be reserved and earmarked until the Board determines a plan for the appropriate use of the funds through consultation with the community. Auction proceeds are net of any Auction costs. Auction costs may include initial set-up costs, auction management fees, and escrow fees.”

ICANN's response to our DIDP request may be found here. A short summary of our request and ICANN's response may be found in this table (Request S. no. 6).

[1] See Auction Results, https://gtldresult.icann.org/application-result/applicationstatus/auctionresults.

[2] See ICANN reveals hitherto undisclosed details of domain names revenues, http://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014.

For more details visit http://editors.cis-india.org/internet-governance/blog/didp-request-6-revenues-from-gtld-auctions

DIDP Request #5: The Ombudsman and ICANN's Misleading Response to Our Request

geetha — 2015-03-06T11:11:31Z

CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of the complaints received and resolved, parties involved and the nature of complaints under the Ombudsman process. CIS' request and ICANN's response are detailed below. ICANN's response is misleading in its insistence on confidentiality of all Ombudsman complaints and resolutions.

CIS Request

26 December 2014

To:
Mr. Steve Crocker, Chairman of the Board

Mr. Fadi Chehade, CEO and President

Mr. Chris LaHatte, Ombudsman, ICANN

Sub: Details regarding complaints submitted to the ICANN Ombudsman

We are very pleased to note that ICANN’s transparency and accountability mechanisms include maintaining a free, fair and impartial ombudsman. It is our understanding that any person with a complaint against the ICANN Board, staff or organization, may do so to the designated ombudsman.[1] We also understand that there are cases that the ICANN ombudsman does not have the authority to address.

In order to properly assess and study the efficiency and effectiveness of the ombudsman system, we request you to provide us with the following information:

(i) A compilation of all the cases that have been decided by ICANN ombudsmen in the history of the organization.

(ii) The details of the parties that are involved in the cases that have been decided by the ombudsmen.

(iii)A description of the proceedings of the case, along with the party that won in each instance.

Further, we hope you could provide us with an answer as to why there have been no ombudsman reports since the year 2010, on the ICANN website.[2] Additionally, we would like to bring to your notice that the link that provides the ombudsman report for the year 2010 does not work.

In order to properly assess the mechanism that ICANN uses for grievance redressal, it would be necessary to examine the details of all the cases that ICANN ombudsmen have presided over in the past. In this regard, kindly provide us with the above information.

We do hope that you will be able to furnish this information to us within the stipulated time period of 30 days. Do not hesitate to contact us if you have any doubts regarding our queries. Thank you so much.

Yours sincerely,
Lakshmi Venkataraman
NALSAR University of Law, Hyderabad, for Centre for Internet & Society
W: http://cis-india.org

ICANN Response

In its response, ICANN declines our request on grounds of confidentiality. It refers to the ICANN Bylaws on the office of the Ombudsman to argue that all matters brought before the Ombudsman "shall be treated as confidential" and the Ombudsman shall "take all reasonable steps necessary to preserve the privacy of, and to avoid harm to, those parties not involved in the complaint being investigated by the Ombudsman". ICANN states that the Ombudsman publishes Annual Reports, in which he/she provides a "consolidated analysis of the year's complaints and resolutions", including "a description of any trends or common elements of complaints received". In sum, ICANN states that making Ombudsman Requests public would violate ICANN Bylaws, and topple the independence and integrity of the Ombudsman.

These are, perhaps, valid reasons to decline our DIDP request. But it is important to investigate ICANN's reasons. The ICANN Board appoints the Ombudsman for 2 year terms, under Article V of ICANN’s Bylaws. As we note in an earlier post, the Ombudsman’s principal function is to receive and dispose of complaints about unfair treatment by the ICANN Board, Staff or constituency. He/she reports to the ICANN Board alone. He/she also reports on the categories of complaints he receives, and statistics regarding decisions in his Annual Reports; no details are forthcoming for stated reasons of confidentiality and privacy. It is clear, therefore, that the Ombudsman receives and disposes of complaints under a procedure that is inadequately transparent.

ICANN argues, however, that for reasons of confidentiality and integrity of the Ombudsman office, ICANN is unable to disclose details regarding Ombudsman complaints, the complainants/respondents and a description of the proceedings (including the decision/resolution). Indeed, ICANN states its "Bylaws and the Ombudsman Framework obligates the Ombudsman to treat all matters brought before him as confidential and 'to take reasonable steps necessary to preserve the privacy of, and to avoid harm to, those parties not involved in the complaint being investigated by the Ombudsman'.” For this reason, ICANN considers that "Disclosing details about the parties involved and the nature of the cases that have been decided by the Ombudsmen would not only compromise the confidentiality of the Ombudsman process but would also violate the ICANN Bylaws and the Ombudsman Framework."

While the privacy of parties both involved and "not involved in the complaint" can be preserved (by redacting names, email addresses and other personal identification), how valid is ICANN's dogged insistence on confidentiality and non-disclosure? Let's look at Article V of ICANN's Bylaws and the Ombudsman Framework both.

Do ICANN Bylaws bind the Ombudsman to Confidentiality?

Under Article V, Section 1(2) of ICANN's Bylaws, the Ombudsman is appointed by the ICANN Board for a 2 year term (renewable). As noted earlier, the Ombudsman's principal function is to “provide an independent internal evaluation of complaints by members of the ICANN community who believe that the ICANN staff, Board or an ICANN constituent body has treated them unfairly” or inappropriately (Art. V, Section 2). The Ombudsman is not a judge; his conflict resolution tools are "negotiation, facilitation, and 'shuttle diplomacy'.

According to Art. V, Section 3(3), the Ombudsman has access to "all necessary information and records from staff and constituent bodies" to evaluate complaints in an informed manner. While the Ombudsman can access these records, he may not "publish if otherwise confidential". When are these records confidential, then? Section 3(3) supplies the answer. The confidentiality obligations are as "imposed by the complainant or any generally applicable confidentiality policies adopted by ICANN". For instance, the complainant can waive its confidentiality by publishing the text of its complaint and the Ombudsman's response to the same (such as the Internet Commerce Association's complaint regarding the Implementation Review Team under the new gTLD program), or a complaint may be publicly available on a listserv. In any event, there is no blanket confidentiality obligation placed on the Ombudsman under ICANN's Bylaws.

Moreover, the Ombudsman also publishes Annual Reports, in which he/she provides a "consolidated analysis of the year's complaints and resolutions", including "a description of any trends or common elements of complaints received". That is, the Ombudsman's Annual Report showcases a graph comparing the increase in the number of complaints, categories of complaints (i.e., whether the complaints fall within or outside of the Ombudsman's jurisdiction), and a brief description of the Ombudsman's scope of resolution and response. The Annual Reports indicate that the mandate of the Ombudsman's office is extremely narrow. In 2014, for instance, 75 out of 467 complaints were within Mr. LaHatte's jurisdiction (page 5), but he notes that his ability to intervene is limited to "failures in procedure". As an input to the ATRT2 Report noted, the Office of the Ombudsman “appears so restrained and contained” (page 53). As the ATRT2 noted, "ICANN needs to reconsider the Ombudsman’s charter and the Office’s role as a symbol of good governance to be further incorporated in transparency processes"; the Office's transparency leaves much to be desired.

But I digress.

The Ombudsman is authorised to make reports on any complaint and its resolution (or lack thereof) to the ICANN Board, and unless the Ombudsman says so in his sole discretion, his reports are to be posted on the website (Art. V, Section 4(4)). The Ombudsman can also report on individual requests, such as Mr. LaHatte's response to a complaint regarding a DIDP denial (cached). Some reports are actually available on the Ombudsman page; the last published report dates back to 2012, though in 2013 and 2014, the Ombudsman dealt with more complaints within his jurisdiction than in 2012 or prior. So ICANN's argument that disclosing the information we ask for in our DIDP Request would violate ICANN Bylaws and the confidentiality of the Ombudsman is misleading.

Does the Ombudsman Framework Prohibit Public Reporting?

So if ICANN Bylaws do not ipso facto bind the Ombudsman's complaint and conflict resolution process to confidentiality, does the Ombudsman Framework do so?

The Ombudsman does indeed have confidentiality obligations under the Ombudsman Framework (page 4). All matters brought before the Ombudsman shall be treated as confidential, and the identities of parties not involved in the complaint are required to be protected. The Ombudsman may reveal the identity of the complainant to the ICANN Board or Staff only to further the resolution of a complaint (which seems fairly obvious); this obligation is extended to ICANN Board and Staff as well.

As the Framework makes crystal clear, the identity of complainants are to be kept confidential. Nothing whatsoever binds the Ombudsman from revealing the stakeholder group or affiliation of the complainants - and these are possibly of more importance. What stakeholders most often receive unfair or inappropriate treatment from ICANN Board, Staff or constituent bodies? Does business suffer more, or do non-commercial users, or indeed, governments? It is good to know what countries the complaints come from (page 4-5), but given ICANN's insistence on its multi-stakeholder model as a gold standard, it is important to know what stakeholders suffer the most in the ICANN system.

In fact, in the first page, the Ombudsman Framework says this: "The Ombudsman may post complaints and resolutions to a dedicated portion of the ICANN website (http://www.icann.org/ombudsman/): (i) in order to promote an understanding of the issues in the ICANN community; (ii) to raise awareness of administrative fairness; and (iii) to allow the community to see the results of similar previous cases. These postings will be done in a generic manner to protect the confidentiality and privilege of communicating with the Office of Ombudsman." But the ICANN website does not, in fact, host records of any Ombudsman complaints or resolutions; it links you only to the Annual Reports and Publications.

As I've written before, the Annual Reports provide no details regarding the nature of each complaint, their origins or resolution, and are useful if the only information we need is bare statistics of the number of complaints received. That is useful, but it's not enough. Given that the Ombudsman Framework does allow complaint/resolution reporting, it is baffling that ICANN's response to our DIDP request chooses to emphasise only the confidentiality obligations, while conveniently leaving out the parts enabling and encouring reporting.

Should ICANN Report the Ombudsman Complaints?

Of course it should. The Ombudsman is aimed at filling an integral gap in the ICANN system - he/she listens to complaints about treatment by the ICANN Board, Staff or constituent bodies. As the discussions surrounding the appeal procedures in the CWG-Names show, and as the ATRT2 recommendations on Reconsideration and Independent Review show, conflict resolution mechanisms are crucial in any environment, not least a multi-stakeholder one. And in an organisation that leaves much desired by way of accountability and transparency, not reporting on complaints against the Board, staff or constituencies seems a tad irresponsible.

If there are privacy concerns regarding the identities of complainants, their personal identifying information can be redacted. Actually, in the complaint form, adding a waiver-of-confidentiality tick-box would solve the problem, allowing the complainant to choose whether to keep his/her complaint unreportable. But the details of the respondents ought to be reported; as the entity responsible and accountable, ICANN should disclose whom complaints have been made against.

ICANN's response to our DIDP request may be found here. A short summary of our request and ICANN's response may be found in this table (Request S. no. 5).

[1] See What the Ombudsman can do for you, https://www.icann.org/resources/pages/contact- 2012-02-25-en.

[2] See Annual Reports & Publications, https://www.icann.org/resources/pages/reports-96-2012- 02-25-en.

For more details visit http://editors.cis-india.org/internet-governance/blog/didp-request-5-the-ombudsman-and-icanns-misleading-response-to-our-request-1

DIDP Request #4: ICANN and the NETmundial Principles

geetha — 2015-03-05T08:28:44Z

CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of ICANN's implementation of the NETmundial Principles that it has endorsed widely and publicly. CIS' request and ICANN's response are detailed below.

CIS Request

27 December 2014

To:

Mr. Fadi Chehade, CEO and President

Mr. Steve Crocker, Chairman of the Board

Mr. Cherine Chalaby, Chair, Finance Committee of the Board

Mr. Xavier Calvez, Chief Financial Officer

Sub: Details of implementation by and within ICANN of the NETmundial Outcome Document (April ‘14)

We express our appreciation at ICANN’s prompt acknowledgement of our previous DIDP request, and await the information. We would, in the meanwhile, request information regarding ICANN’s internal measures to implement the NETmundial Outcome Document.[1]

In a post titled Turning Talk Into Action After NETmundial,[2] Mr. Chehade emphasized the imperative to carry forward the NETmundial principles to fruition. In nearly every public statement, Mr. Chehade and other ICANN representatives have spoken in praise and support of NETmundial and its Outcome Document.

But in the absence of binding value to them, self-regulation and organizational initiatives pave the way to adopt them. There must be concrete action to implement the Principles. In this regard, we request information about mechanisms or any other changes afoot within ICANN, implemented internally in recognition of the NETmundial Principles.

At the IGF in Istanbul, when CIS’ Sunil Abraham raised this query,[3] Mr. Chehade responded that mechanisms ought to and will be undertaken jointly and in collaboration with other organisations. However, institutional improvements are intra-organisational as well, and require changes within ICANN. An example would be the suggestions to strengthen the IGF, increase its term, and provide financial support (some of which are being achieved, though ICANN’s financial contribution to IGFSA is incongruous in comparison to its financial involvement in the NETmundial Initiative).

From ICANN, we have seen consistent championing of the controversial NETmundial Initiative,[4] and contribution to the IGF Support Association.[5] There are also mechanisms instituted for IANA Stewardship Transition and Enhancing ICANN Accountability,[6] as responses to the NTIA’s announcement to not renew the IANA functions contract and related concerns of accountability.

In addition to the above, we would like to know what ICANN has done to implement the NETmundial Principles, internally and proactively.

We hope that our request will be processed within the stipulated time period of 30 days. Do let us know if you require any clarifications on our queries.

Thank you very much.

Warm regards,

Geetha Hariharan

Centre for Internet & Society

W: http://cis-india.org

ICANN Response

ICANN's response to the above request disappointingly linked to the very same blogpost we note in our request, Turning Talk Into Action After NETmundial. Following this, ICANN points us to their involvement in the NETmundial Initiative. On the question of internal implementation, ICANN's response is defensive, to say the least. "ICANN is not the home for the implementation of the NETmundial Principles", they say. In any event, ICANN defends that it already implements the NETmundial Principles in its functioning, a response that comes as a surprise to us. "Many of the NETmundial Principles are high-level statements that permeate through the work of any entity – particularly a multistakeholder entity like ICANN – that is interested in the upholding of the inclusive, multistakeholder process within the Internet governance framework", notes ICANN's response. Needless to say, ICANN's response falls short of responding to our queries.

Finally, ICANN notes that our request is beyond the scope of the DIDP, as it does not relate to ICANN's operational activities. Notwithstanding that our query does in fact seek ICANN's operationalisation of the NETmundial Principles, we are now confused as to where to go to seek this information from ICANN. If the DIDP is not the effective transparency tool it is aimed to be, who in ICANN can provide answers to these questions?

ICANN's response may be found here. A short summary of our request and ICANN's response may be found in this table (Request S. no. 4).

[1] See NETmundial Multi-stakeholder Statement, http://netmundial.br/wp-content/uploads/2014/04/NETmundial-Multistakeholder-Document.pdf.

[2] See Chehade, Turning Talk Into Action After NETmundial, http://blog.icann.org/2014/05/turning-talk-into-action-after-netmundial/.

[3] See ICANN Open Forum, 9^th IGF 2014 (Istanbul, Turkey), https://www.youtube.com/watch?v=Cio31nsqK_A.

[4] See McCarthy, I’m Begging You To Join, The Register (12 December 2014), http://www.theregister.co.uk/2014/12/12/im_begging_you_to_join_netmundial_initiative_gets_desperate/.

[5] See ICANN Donates $50k to Internet Governance Forum Support Association, https://www.icann.org/resources/press-material/release-2014-12-18-en.

[6] See NTIA IANA Functions’ Stewardship Transition & Enhancing ICANN Accountability Processes, https://www.icann.org/stewardship-accountability.

For more details visit http://editors.cis-india.org/internet-governance/blog/didp-request-4-icann-and-the-netmundial-principles

DIDP Request #3: Cyber-attacks on ICANN

geetha — 2015-03-05T08:16:26Z

CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of cyber-attacks on ICANN, and ICANN's internal and external responses to the same. CIS' request and ICANN's response are detailed below.

CIS Request

24 December 2014

To:

Mr. Steve Crocker, Chairman of the Board

Mr. Fadi Chehade, CEO and President

Mr. Geoff Bickers, Team Lead, ICANN Computer Incident Response Team (CIRT) & Director of Security Operations

Mr. John Crain, Chief Security, Stability and Resiliency Officer

Members of the ICANN-CIRT & ICANN Security Team

Sub: Details of cyber-attacks on ICANN

We understand that ICANN recently suffered a spear-phishing attack that compromised contact details of several ICANN staff, including their email addresses; these credentials were used to gain access to ICANN’s Centralized Zone Data System (CZDS).[1] We are glad to note that ICANN’s critical functions and IANA-related systems were not affected.[2]

The incident has, however, raised concerns of the security of ICANN’s systems. In order to understand when, in the past, ICANN has suffered similar security breaches, we request details of all cyber-attacks suffered or thought/suspected to have been suffered by ICANN (and for which, therefore, investigation was carried out within and outside ICANN), from 1999 till date. This includes, naturally, the recent spear-phishing attack.

We request information regarding, inter alia,

(1) the date and nature of all attacks, as well as which ICANN systems were compromised,

(2) actions taken internally by ICANN upon being notified of the attacks,

(3) what departments or members of staff are responsible for security and their role in the event of cyber-attacks,

(4) the role and responsibility of the ICANN-CIRT in responding to cyber-attacks (and when policies or manuals exist for the same; if so, please share them),

(5) what entities external to ICANN are involved in the identification and investigation of cyber-attacks on ICANN (for instance, are the police in the jurisdiction notified and do they investigate? If so, we request copies of complaints or information reports),

(6) whether and when culprits behind the ICANN cyber-attacks were identified, and

(7) what actions were subsequently taken by ICANN (ex: liability of ICANN staff for security breaches should such a finding be made, lawsuits or complaints against perpetrators of attacks, etc.).

Finally, we also request information on the role of the ICANN Board and/or community in the event of such cyber-attacks on ICANN. Also, when was the ICANN-CIRT set up and how many incidents has it handled since its existence? Do there exist contingency procedures in the event of compromise of IANA systems (and if so, what)?

We hope that our request will be processed within the stipulated time period of 30 days. Do let us know if you require any clarifications on our queries.

Thank you very much.

Warm regards,

Geetha Hariharan

Centre for Internet & Society

W: http://cis-india.org

ICANN Response

ICANN responded to our request by noting that it is vague and broad in both time and scope. In response, ICANN has provided information regarding certain cyber-incidents already in the public domain, while noting that the term "cyber-attack" is both wide and vague. While the information provided is undoubtedly useful, it is anecdotal at best, and does not provide a complete picture of ICANN's history of vulnerability to cyber-attacks or cyber-incidents, or the manner of its internal response to such incidents, or of the involvement of external law enforcement agencies or CIRTs in combating cyber-incidents on ICANN.

ICANN's response may be found here. A short summary our request and ICANN's response may be found in this table (Request S. no. 3).

[1] See ICANN targeted in spear-phishing attack, https://www.icann.org/news/announcement-2-2014-12-16-en.

[2] See IANA Systems not compromised, https://www.icann.org/news/announcement-2014-12-19-en.

For more details visit http://editors.cis-india.org/internet-governance/blog/didp-request-3-cyber-attacks-on-icann

DIDP Request #2: Granular Revenue/Income Statements from ICANN

geetha — 2015-03-05T08:07:02Z

CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking current and historical details of ICANN's income/revenue from its various sources. CIS' request and ICANN's response are detailed below.

CIS Request

22 December 2014

To:

Mr. Cherine Chalaby, Chair, Finance Committee of the Board

Mr. Xavier Calvez, Chief Financial Officer

Mr. Samiran Gupta, ICANN India

All other members of Staff involved in accounting and financial tasks

Sub: Request for granular income/revenue statements of ICANN from 1999-2014

Earlier this month, on 3 December 2014, Mr. Samiran Gupta presented CIS with detailed and granular information regarding ICANN’s domain names income and revenues for the fiscal year ended June 30, 2014. This was in response to several requests made over a few months. The information we received is available on our website.[1]

The information mentioned above was, inter alia, extremely helpful in triangulating ICANN’s reported revenues, despite and in addition to certain inconsistencies between the Annual Report (FY14) and the information provided to us.

We recognize that ICANN makes public its current and historical financial information to a certain extent. Specifically, its Operating Plan and Budget, Audited Financial Statements, Annual Reports, Federal and State Tax Filings, Board Compensation Report and ccTLD Contributions Report are available on the website.[2]

However, a detailed report of ICANN’s income or revenue statement, listing all vendors and customers, is not available on ICANN’s website. Our research on accountability and transparency mechanisms in Internet governance, specifically of ICANN, requires information in such granularity. We request, therefore, historical data re: income and revenue from domain names (1999-2014), in a manner as detailed and granular as the information referenced in FN[1]. We would appreciate if such a report lists all legal entities and individuals who contribute to ICANN’s domain names income/ revenue.

We look forward to the receipt of this information within the stipulated period of 30 days. Please feel free to contact us in the event of any doubts regarding our queries.

Thank you very much.

Warm regards,

Geetha Hariharan

Centre for Internet & Society

W: http://cis-india.org

ICANN Response

ICANN's response to CIS's request can be found here. A short summary of our request and ICANN's response may be found in this table (Request S. no. 2).

[1] See ICANN reveals hitherto undisclosed details of domain names revenues, http://cis-india.org/internet-governance/blog/cis-receives-information-on-icanns-revenues-from-domain-names-fy-2014.

[2] See Historical Financial Information for ICANN, https://www.icann.org/resources/pages/historical-2012-02-25-en.

For more details visit http://editors.cis-india.org/internet-governance/blog/didp-request-2

DIDP Request #1: ICANN's Expenditures on "Travel & Meetings"

geetha — 2015-03-05T08:00:36Z

CIS sent ICANN a request under its Documentary Information Disclosure Policy, seeking details of expenditure by ICANN at its Meetings. CIS' request and ICANN's response are detailed below.

CIS' Request

18 December 2014

To:

Mr. Cherine Chalaby, Chair, Finance Committee of the Board

Mr. Xavier Calvez, Chief Financial Officer

Mr. Samiran Gupta, ICANN India

All other members of Staff involved in accounting and financial tasks

Sub: Request for itemized details of expenditure by ICANN at its Meetings

We would like to thank Mr. Calvez and Mr. Gupta for providing information regarding ICANN’s domain name revenues for the fiscal year ending June 30, 2014.[1] We would like to request further information through the DIDP.

In the Audited Financial Statements for the fiscal year ended June 30, 2014, the “statements of activities” provides Total Expenses (for ICANN and New gTLD) as USD 124,400,000.[2] For the fiscal year ended June 30, 2013, the Total Expenses (ICANN and New gTLD) noted is USD 150,362,000.

According to the statement, this covers expenses for Personnel, Travel and meetings, Professional services and Administration. Quarterly Reports note that the head “Travel and meetings” includes community support requests.[3] In addition to these heads, Quarterly Reports include “Bad debt expenses” and “Depreciation expenses”. The manner of accounting for these is explained in Note 2 to the Notes to Financial Statements.[4] Note 2 explains that the expenses statement is prepared by “functional allocation of expenses” to identifiable programs or support services, or otherwise by methods determined by the management.

For the purposes of our research into normative and practised transparency and accountability in Internet governance, we request, to begin with, current and historical information regarding itemized, detailed expenses under the head “Travel and meetings”. We request this information from 1999 till 2014. We request that such information be categorized and sub-categorised as follows:

Total and Individual Expenses for each meeting (categorised by meeting and year):

1. Total and individual expenses for ICANN staff (differentiated by department and name of each individual attending the event, including dates/duration of attendance);

- Also broken down into each individual expense (flights, accommodation, per diem or separate local transport, food and other expenses).

- Each ICANN staff member who attended the event to be named.

2. Total and individual expenses for members of ICANN Board (listed by each Board member and dates/duration of attendance);