Centre for Internet and Society

Facebook

praskrishna — 2016-01-27T02:44:28Z

Facebook

For more details visit http://editors.cis-india.org/home-images/copy2_of_Facebook.png

Facebook

praskrishna — 2012-02-17T06:25:41Z

For more details visit http://editors.cis-india.org/home-images/Fshare.jpg

Facebook

praskrishna — 2015-09-29T16:16:40Z

Facebook

For more details visit http://editors.cis-india.org/home-images/Facebook.png

Eye on Mumbai

praskrishna — 2016-10-02T10:22:20Z

The feeds will be beamed to a video wall that stretches 21 feet across at the police’s command and control room.

The article by Tariq Engineer was published in Mumbai Mirror today. Sunil Abraham was quoted.

When seven bombs exploded on local trains between Khar and Borivali killing 209 people and injuring 714 in 2006, the Maharashtra police looked for CCTV footage but couldn’t find any because no cameras existed at railway stations back then.

When terrorists landed near Machimar colony in Cuffe Parade in 2008 and proceeded to slaughter hundreds of people in the city, CCTV footage was found only at the Taj and Trident hotels, Chhatrapati Shivaji Terminus and near the Times of India building. Places like Cama Hospital, Nariman House and Leopold Café were simply off the grid.

When Mumbai journalist J Dey was gunned down in Powai in 2011, the police obtained CCTV footage from a shopping centre nearby but it was so blurry, it was useless.

In each of these situations, a fully functioning high-definition CCTV system could have altered the outcome or aided the investigation in critical ways. That glaring gap in Mumbai’s security has now been filled by the Mumbai City Surveillance Project, which officially goes live today.

Over the last 20 months, a total of 4697 cameras have been installed at 1510 locations around Mumbai city. In addition to these, another 146 will survey the Bandra Kurla Complex. The tender for the project was issued in 2015 and won by a consortium led by construction major Larsen & Toubro with MTNL, CMS Computers and Infinova, which supplied the cameras, as partners.

The project is actually an outcome of the 26/11 attacks, having been recommended by the Ram Pradhan Committee, which was appointed to evaluate the city administration’s responses to the terror strike. According to Additional Chief Secretary (Home) KP Bakshi these cameras will ensure roughly 80 per cent of Mumbsi will be watched 24 hours a day, seven days a week. The city’s inhabitants will now have to be on their best behaviour.

“It was the police’s call to decide what they want to observe,” Bakshi said. “Do they want to look at the traffic or at a place where people gamble or do a lot of drinking?” The policeman in charge of selection of spots for installation of cameras was former additional commissioner of police Vasant Dhoble. Calling him a “game-changer”, one of the project managers said it was thanks to Dhoble that all the locations were surveyed in just twoand-a-half months. Dhoble was also instrumental in ensuring that the cameras were installed at the appropriate angles.

While the initial estimate was for 6,000 cameras, it was eventually determined that 4,697 were sufficient at this stage. The cameras have been placed on poles similar to street lights — 2290 of them — some with multiple cameras. “Let’s say there is a pole at Haji Ali Juice Center,” Bakshi said. “It may have three cameras — one looking towards Heera Panna, the other looking towards Mahalaxmi, the third looking towards Worli.”

The vast majority of the cameras — roughly 4200 — will be fixed and stare unblinkingly in one direction. The other 500 will be PTZ, or pan/tilt/zoom cameras, so those watching can scan an area or take a closer look at something that seems suspicious. All of the cameras can see in high definition, with visibility ranging from 50m to 120m. Some of them also have thermal imaging and night vision.

According to those involved in the project, the cameras have been built to withstand the rigours of Mumbai’s weather — specifically the heat and rain. Larsen & Toubro and CMS Computers are responsible for the maintenance of the system. Once the system is fully operational, the target is to have 99% of the cameras live at all times barring accidents. The responsibility for this lies with the service providers.

A smart system

The software that runs the cameras includes a Picture Intelligence Unit (PIU) that will conduct facial recognition analysis. If there is an image of a wanted person in the database, the program will scan the footage for matches and send a signal if it finds any. It will also send an alert if it notices a suspicious object, say one that has been left unattended for a pre-specified amount of time, so the cops can check it out. Tracking police vehicles — like you can follow the path of an Uber or Ola — is yet another feature, so if there is trouble, the nearest vehicle can be dispatched.

By Bakshi’s reckoning, if it is a small crime, then the police should be on the scene in five to ten minutes. If it is something like a bomb blast, then a Quick Response Team will be deployed, which will take a little longer – say 10 to 15 minutes.

Who will be watching you?

The feeds from these cameras will be fed to a video wall that stretches 21 feet across in a control room that has been set up in the Commissioner of Police Headquarters at Crawford Market. The footage will be monitored by about 20 observers who have been specially trained for the job.

However, a project manager said, watching the wall for more than eight minutes “would make anyone mad” because it is so chaotic. Therefore, each observer has his own workstation with three computer screens where he can only watch the feeds he has been assigned.

Entry to the control room is also strictly monitored. It requires five fingerprint access just to get in the room and a thumb print to turn individual workstations on. Mobile phones and personal effects are banned and the computers have no USB ports, so data can’t be copied.

In addition, there are viewing screens in each of the additional commissioner’s zonal offices and in all 23 police stations and roughly 200 observers will eventually be required to operate them. A project manager said he hoped to have a 60-40 or 50-50 split between male and female observers. The observers are monitored by the police, who will decide what actions to take depending on what alerts are generated.

The manpower is being provided by CMS Computers, with applicants having their resumes verified by the police. Observers will spend anywhere from four to six weeks in training before they get on the job, one of the project managers said.

Keeping the data secure

The images from the standard cameras will be stored for 90 days, while those taken with PTZ cameras will be stored for 30 days. “If you store for longer periods, it involves more cost,” Bakshi said. “We feel that if something has to be reported to us, it will be reported within 90 days.”

MTNL has set up a data centre in Worli and a disaster recovery centre in Belapur. If something goes wrong in Worli, there will still be connectivity via Belapur. Both centres have been “tied-up” to make the data as safe as possible. At the test lab at Larsen & Toubro’s project headquarters in Mallet Bunder, they even have a rodent detection device that broadcasts an ultrasonic frequency to drive away rats and stop them from chewing up the wires.

False starts

The project took some time to get off the ground because getting the details worked out was a painstaking elaborate process, former Maharashtra chief secretary ( home) Amitabh Rajan, told Mumbai Mirror. The committee wanted to make sure everything was transparent and that there were no allegations against the project. Control and security were also zealously guarded. “No compromise on security, not even cost,” Rajan said. “Like titration in chemistry, we eventually got the right concentration.”

There was also a battle between a lobby that wanted the system to be set up using dedicated fibre optic cables, and a lobby of technology providers that wanted to use wireless technology. The cops backed cables, which are not only safer but make it easy to add additional bandwidth, whereas wireless networks have limited bandwidth. It was a battle the cops would eventually win but at the cost of time.

The tender process didn’t go smoothly either. Larsen and Toubro were actually the winners of the fourth tender the Maharashtra government put forward. The first tender had to be cancelled because the winning consortium had not properly disclosed its ownership structure — one of the companies turned out to be controlled by a subsidiary of Reliance Industries. The second was cancelled when the vendor’s bank guarantee cheque of Rs 2 crore bounced and the owner disappeared. He was eventually found and arrested two years later.

The third tender received no bidders because it did not offer up-front payment for capital expenditure, according to then IT secretary Rajesh Aggarwal, who was part of the committee. It was finally on the fourth occasion, when the committee decided to offer a certain percentage of the project cost at the start and the rest over the remaining five years as maintenance fees, that a deal could be sealed.

Coordination headache

The next hurdle was coordinating the work between all the different organisations that populate Mumbai. The final total was around 35 or 40 bodies, including the Municipal Corporation of Greater Mumbai (MCGM), BEST and Reliance Power, the police, MMRDA, the Government of India and the High Court. “To explain to everyone that it is a security project and please don’t go by normal rules, you have to give concessions for all these things, all this co-ordination was a big job,” Bakshi said.

It led to delays, which is why the project had to take the extraordinary step of getting permission from the MCGM to dig up roads during the monsoon to lay the fibre-optic cables. It was the only way the project could make its deadline.

“If we had done it like a normal project, it would have taken five years,” an engineer said.

A question of privacy

Two experts in privacy issues that Mirror spoke to said that such a system is in the public interest, but safeguards must be built to prevent abuse. “If the data falls into the wrong hands, it can create havoc,” said Pavan Duggal, an expert in the field of cyber law. “Large scale surveillance of the public should not be the norm, it should be the exemption to the norm.” he said. “It can create unease and lessen the enjoyment of living in a democratic society.”

According to Sunil Abraham, director of the Centre for Internet and Society, the biggest problem is that India does not have an “omnibus privacy law”.

Instead, it has about 50 different laws across sectors and therefore privacy regulations are not consistent, which has created a legal thicket. “110 countries have passed privacy laws to European Union standards. India is really far behind,” he said.

He also listed a number of principles that he hoped the project would abide by, such as the principles of notice (CCTV cameras should be advertised as such), of openness (details of the system should be made public), security (“if you don’t have security, you can’t ensure privacy”) and of access (“we should have a right to get the footage of ourselves”). He also warned against the footage being shared between different security agencies without due process.

Additional Chief Secretary (Home) Bakshi said most of these principles were part of the system. There would be boards demarcating the CCTV cameras, the system would be publicly launched, it was being made as secure as possible and footage could be handed over depending on the circumstances. “If it is your own, then no problem,” Bakshi said. “If it is someone else’s then there are privacy issues. Is it because of criminal intent or you want to track your girlfriend’s other boyfriend to see if he is following her? These are issues. If you want yours, on merit we can give. No issue.”

Another concern Abraham raised is unique to India and the Aadhaar card, which uses biometric data as passwords, not identification. Since the CCTV cameras are high resolution, it raises the risk of someone recreating your iris or finger prints from a captured image and then “somebody could empty your Aadhaarlinked bank accounts,” Abraham said.

This is not as far-fetched as it sounds. Abraham pointed out that in 2014 a member of the Chaos Collective Club, the largest association of hackers in Europe, recreated the finger print of a German minister from a photograph they took of her hand.

“Other risks are smaller, a revealing photograph or someone trying to blackmail you,” Abraham said.

Not just for crime

The camera feed has other applications too, beginning with traffic management. An automatic number plate recognition system will be installed as well. If you look around the corner, don’t see a cop and jump a light, you could still get in trouble. “6000 [sic] police in the sky are watching you and you will get a challan sitting at home,” Aggarwal said. Other uses include tracking of encroachments by the Municipal Corporation of Greater Mumbai which will have an additional viewing centre. Also garbage disposal and other civic issues such as water logging and a subject dear to Mumbai citizens — potholes. “Somebody complains that this road has a pothole, immediately you can zoom in and see that yes, there is a pothole on this road,” Bakshi said.

There is also a provision to allow a further 103 locations to plug-in and play. For example, if the Taj Mahal Hotel wants the police to survey the hotel for a period of time, the hotel’s CCTV system can be hooked up to the main control room within 48 hours. The same goes for the airport or the railway stations.

Effect of CCTV surveillance

Worldwide the academic literature on CCTV surveillance suggests its effectiveness, especially on crime prevention, is uncertain or limited. “Post crime it really, really helps,” Aggarwal said, “but for prevention, we have to wait and watch. If it reduces sexual harassment for example, then that is priceless. Time will tell how people try to beat the system and how the system tries to catch up.”

Joint Commissioner of Police, Law and Order, Deven Bharti said he was already seeing an improvement in traffic management and in prevention and detection of crimes thanks to the 3000-plus cameras that were live when Mirror spoke to him two days ago, though he said he could not provide details. “The system is working to our satisfaction,” Bharti said.

Bakshi said the effects of the system should start showing roughly a month after the project is fully operational. “In Pune, results started being seen within a month. Once all 4700 [cameras] are live, you will start seeing the results on traffic violations, street crimes, and at general discipline level. [First] Let the people know they are under surveillance, that they are completely covered in Mumbai by CCTV.”

The total cost of the project is Rs 1008 crore. Out of this, about Rs 400 crore has already been spent. The balance will be paid out in regular installments until October 2021. At that point the Maharashtra government and Mumbai police will take complete control of the project. “We presume that in five years’ time, we will have enough trained people to run it ourselves,” Bakshi said.

For more details visit http://editors.cis-india.org/internet-governance/news/mumbai-mirror-tariq-engineer-october-2-2016-eye-on-mumbai

Extending The Spectrum Of Openness To Include The Moral Right To Share

praskrishna — 2013-08-19T04:50:15Z

from the now-there's-a-thought dept.

Glyn Moody of Techdirt covers Sunil's David Eaves interview.

Prefixing concepts with the epithet "open" has become something of a fashion over the last decade. Beginning with open source, we've had open content, open access, open data, open science, and open government to name but a few. Indeed, things have got to the point where "openwashing" -- the abuse of the term in order to jump on the openness bandwagon -- is a real problem. But a great post by David Eaves points out that the spectrum of openness actually extends well beyond the variants typically encountered in the West:

While sharing and copying technologies are disrupting some of the ways we understanding "content," when you visit a non-Western country like India, the spectrum of choices become broader. There is less timidity wrestling with questions like: should poor farmers pay inflated prices for patented genetically-engineered seeds? How long should patents be given for life-saving medicines that cost more than many make in a year? Should Indian universities spend millions on academic journals and articles? In the United States or other rich countries we may weigh both sides of these questions -- the rights of the owner vs. the moral rights of the user -- but there's no question people elsewhere, such as in India, weigh them different given the questions of life and death or of poverty and development.

Consequently, conversations about open knowledge outside the supposedly settled lands of the "rich" often stretch beyond permission-based "fair use" and "creative commons" approaches. There is a desire to explore potential moral rights to use "content" in addition to just property rights that may be granted under statutes.

He then goes on to write about the ideas of Sunil Abraham, founder and executive director of the Centre for Internet & Society (CIS) in India. Abraham has created an interesting representation showing the extended gamut of openness, which reaches from proprietary to counterfeiting and false attribution:

Eaves's post examines some of the details of Abraham's map:

Particularly interesting is Sunil's decision to include non-legal "permissions" such as ignoring the property holders rights in his spectrum of openness. He sees this as the position of the Pirate Party, which he suggests advocates that people should have the right to do what they want with intellectual property even if they don't have permission, with the exception, interestingly, of ignoring attribution.

This is something that several Techdirt posts have touched on before. One of the most telling facts about unauthorized sharing online is that people preserve attribution -- there's no attempt to hide who made the song or film. That's probably why survey after survey shows that sharing materials online increases their sales -- something that would be unlikely if attribution were stripped from files. Eaves notes that this aspect ties into a particularly hot topic at the moment -- surveillance:

To Sunil, the big dividing line is less about legal vs. illegal but around this issue of attribution. "This is the most exciting area because this (the non-attribution area) is where you escape surveillance," he declares.

"All the modern day regulation over IP is trying to pin an individual against their actions and then trying to attach responsibility so as to prosecute them," Sunil says. "All that is circumvented when you play with the attribution layer."

This matters a great deal for individuals and organizations trying to create counter power -- particularly against the state or large corporate interests. In this regard Sunil is actually linking the tools (or permissions) along the open spectrum to civil disobedience.

It's a fascinating piece that brings some fresh ideas to an area that has been steadily gaining in importance for some time. I hope that Abraham builds on these thoughts, and publishes some more extended and worked-out explorations of them -- ultimately, perhaps, as a book.

For more details visit http://editors.cis-india.org/news/techdirt-august-14-2013-glyn-moody-extending-spectrum-openness-to-include-moral-right-to-share

Extending Aadhaar to more areas is a hare-brained idea, it should be dropped

praskrishna — 2016-08-24T03:05:01Z

News reports that the mandatory use of Aadhaar could be extended to a host of new areas are extremely disturbing. According to these reports, the Unique Identification Authority of India (UIDAI) has identified 20 new areas for which Aadhaar can be made mandatory. This includes registration of companies and NGOs, insurance, competitive examinations and property and vehicle registration.

The article by Seetha was published in First Post on August 23, 2016. CIS article by Pranesh Prakash and Amber Sinha was quoted.

If this happens, then it confirms the worst suspicions of all those who are opposed to Aadhaar – and this spans ideological divides – that it can be used to seriously compromise individual privacy.

A villager scanning fingerprint for Aadhaar. Reuters file photo

The defenders of Aadhaar – mainly the previous and current governments, the UIDAI and Nandan Nilekani, the father of the Aadhaar – have always argued that these concerns are exaggerated. They have pointed out that Aadhaar does not take any details that are not already in the public domain – name, date of birth and permanent address – and that the biometric data is not shared with any of the authorities that seek verification by Aadhaar. That data remains with the UIDAI and it only confirms that a person with a particular Aadhaar number is who he claims he is.

But Aadhaar’s opponents have argued that the extensive use of Aadhaar allows disparate bits of information to be linked and this could become a genuine concern if this hare-brained idea gets official approval.

Now, there is certainly no doubt that Aadhaar is, in the absence of anything better, the best technological tool for establishing identity. It is not entirely fool-proof – there are issues relating to the fingerprints of manual labourers and iris scan of aged people or those with cataract – a solution needs to be found for this. According to this report by the Centre for Internet and Society, there was fingerprint authentication failure in 290 of 790 ration card holders in Andhra Pradesh who did not lift rations, and there was an ID mismatch in 93 instances. These problems notwithstanding, there is no denying that Aadhaar has helped in significantly containing (perhaps not entirely eliminating) the problem of identity theft for diversion of government doles and other benefits.

So making Aadhaar compulsory for such cases is perfectly justifiable. Indeed, the Act giving legal status to Aadhaar is called Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.

Mandatory quoting of Aadhaar can even be justified in the cases where duplication or falsification of identity can be used by criminals or those who fall foul of the law. Passports, for example, can be brought under the ambit of Aadhaar. Or even driving licences. A person whose licence has been suspended for repeated traffic violations should not be allowed to get another one under the same name or an assumed name.

But why should it be mandatory for bank accounts, if an individual is not interested in getting government doles? The quoting of Aadhaar for property transactions also does not make sense. If the idea is to prevent fraudulent transactions, it will not be foolproof. A person intending to sell an already sold property or one he does not own can do so even with an Aadhaar number, since people are allowed to own more than one piece of property. What will prevent this from happening is compulsory registration and digitisation of records as well as mandatory property titling; there has been little progress on both.

When filing of income tax returns is not possible without a PAN, there is little rationale for making Aadhaar mandatory for filing returns and even for PAN. It is not clear how quoting of Aadhaar is going to help in ensuring that fly-by-night companies and NGOs do not get established.

The insistence of Aadhaar on purchase of vehicles, landline and mobile phone connections and demat accounts is seriously violative of individual privacy and has enormous potential for misuse. The Act does give the government unbridled power to access data in the name of national security. This itself is worrying, since it can allow security agencies to go an random fishing expeditions to access personal financial transactions. Making it mandatory for even buying cars and phone connections (even though it is not illegal to own more than one vehicle or telephone connection) makes it even riskier – private agencies get access to one’s Aadhaar number. Forget security agencies, even unscrupulous private persons can track an individual’s personal activities, especially financial transactions.

As it is, investigating agencies want to tap Aadhaar and biometric data at the drop of a hat. The UIDAI had to approach the Supreme Court in 2014 against a Goa High Court order ordering it to share biometric details of everyone enrolled in the state for solving a gang rape case. Even after the Supreme Court ruled in favour of UIDAI, a Kerala special investigation team wanted it to share biometric details to solve another rape case. If Aadhaar now becomes mandatory for a host of financial and other transactions, the points of potential privacy breaches only increase.

The move to extend the mandatory use of Aadhaar has to be stopped in its tracks. The mandatory use should be limited to delivery of government welfare benefits and doles (after ensuring that glitches are eliminated) and security-related services like passports. For everything else, it should be purely voluntary. There can be no compromise on this.

For more details visit http://editors.cis-india.org/internet-governance/news/first-post-august-23-2016-seetha-extending-aadhaar-to-more-areas-is-a-hare-brained-idea-it-should-be-dropped

Exposing Data: Art Slash Activism

praskrishna — 2011-12-29T13:31:12Z

Tactical Tech and the Centre for Internet and Society (CIS) organised a public discussion on the intersection of Art and Activism at the CIS office in Bangalore on 28 November 2011. Videos of the event are now online. Ward Smith (Lecturer, University of California, LA), Stephanie Hankey and Marek Tuszinsky (Co-founders, Tactical Technology Collective), Ayisha Abraham (Film maker, Srishti School of Art Design) and Zainab Bawa (Research Fellow, Centre for Internet and Society) spoke in this event.

In the information societies that we live in, data is the new currency. While data – objective enumerations of life – has been around as the basis of providing evidence in research, practice and art, there is a renewed attention on data as the digital technologies start mediating our everyday lives. Digitization (like electronification in earlier times) is a process by which messy, chaotic, everyday life can be sorted, classified, arranged and built into clean taxonomies that flatten the experiential and privilege the objective. In many ways, the process of ubiquitous digitization goes back to the Cartesian dualism of the immaterial mind over the emergent materiality of the body. Historically, different disciplines and practices within the social and natural sciences, humanities, arts, development work, and governmentality, etc. have established protocols to create robust, rigorous, efficient and reliable data that can be used as evidence for thought and action. These protocols are not permanent and are often questioned within the disciplinary framework but especially with interdisciplinary dialogues where conflicting methodologies and reading practices often render the same data sets unintelligible to each other.

With the rise of the digital, these disciplines and practices start new negotiations with the world of databases, networks and archives. There is a growing anxiety that data, which was supposed to be an objective representation of reality, is increasingly becoming opaque in how it is structured. There is also an increasing awareness that the work that we make the —‘idea of data’— is not transparent. The Exposing Data Project came as a response to these anxieties, as we seek to unpack the processes, methodologies, challenges and implications of living in a data-rich, data-based world mediated by digital and internet technologies through a cross-disciplinary multi-sectoral dialogue.

Exposing Data is a curated practice of bringing together differently located researchers, academics, practitioners, policy actors, artists and public interlocutors to tease out the tensions and conflicts that digital data brings to their own practice and thought, especially when talking to people who are ‘not like us’.

For its first conversation titled ‘Art Slash Activism’, we decided to look at the tensions that often split communities and practices across historically drawn battle lines. There has been a huge tension between artists and activists, who, even though they often use same kind of data sets, are often at logger-heads when it comes to using that data for their practice. Artists, especially those dealing with public and community art projects, often work in the same spaces and communities as the activists, in making strong political statements and working towards a progressive liberal ideology. Activism has depended on artistic expressions – especially those around free speech, censorship, surveillance, human rights, etc. – in order to not only find peer support but also to oppose authoritarian forces that often seek to quell artistic voices. And yet, within the larger communities, the idea of political art – art that makes direct political statements – or activism as an art form – activism that takes the form of cultural production and overt subversion – often emerges as problematic. ‘Art Slash Activism’ brought together four people, identified (reluctantly, because they wear so many different hats) as an academic, as a researcher, as an activist and as an artist, who all straddle these chasms in their own work, to unpack the tensions through the lens of digital data.

Zainab Bawa, who is a research fellow at the Centre for Internet and Society, working on a monograph that deals with politics of transparency in Indian e-governance systems, set out the terms of the debate as she questioned the very meaning of the word ‘data’. Zainab, by looking at case-studies of land-record digitization in the country, started to look at how the word ‘data’, despite its apparent transparency and objectivity, is actually an opaque concept that eclipsed the politics of data formation – what gets identified as data? What gets discarded as noise? Who gets to identify something as data? What happens to things which are not data? What happens to people who cannot be identified through data? What are the systems of rationality that we inherit to talk of data?

Video of Zainab Bawa Talk

These questions persisted through the different conversations but were brought into plain site when Ayisha Abraham, a film and video artist who also teaches at the Sristhi School of Art Design, showed us a digitally restored piece of an old film that disintegrated even as it was being saved. Heidegger in his Basic Writings had proposed that “Art assumes that the truth that discloses itself in the work can never be derived from outside.” Ayisha built on this idea to look at material historicity and physical presence of data to question the easy availability of data that has been established for data in art practices. When does data come into being? What precedes data? What happens to data when it decays beyond belief? How do we restructure reality in the absence of data? She mapped the role of affective restructuring, historical reconstruction and creative fictions in our everyday life when we deal with realities which cannot be supported by data.

Video of Ayisha Abraham Talk

Ward Smith added a layer of complication in his questioning of the established cause-effect relationship that data has with Reality. Within activism as well as in development and policy work, there is an imagination that data always followed reality – that it is a distilled set of abstractions based on experiences, information, knowledge, analyses, etc. However, Ward presented us with a case-study that shows that data is not benign. It doesn’t exist in a vacuum. Often, the creation of data sets and databases leads to construction of alternative and new material realities. Even within existing realities, the introduction of a data set or an attempt to account for the reality using data, produces new and evolved forms of reality. Drawing partly from the discussions within digital taxanomies and partly from conversations in quantum philosophy (remember Schrodinger’s Cat?) Ward showed how data realities need to be unpacked to reveal what lies underneath.

Video of Ward Smith Talk

Marek Tuszinsky rounded up the conversations by introducing us to different ways of looking at data. Drawing from a rich ethnographic and experience data set at the Tactical Technology Collective, Marek questioned how our relationships and reading practices – looking at data side-ways, for example – influences the shape, form, structure and meaning of the data under consideration. What came up was a compendium questions around data ethics, data values, our own strategies and reflectivity in dealing with a data-mediated and data-informed world. What are the kinds of imperatives that lead us to produce data? What methodologies do we deploy to render data intelligible? What kind of data manipulations do we engage in, in order to make it comprehensible to digital systems of archives and storage?

Video of Marek Tuzinsky Talk

What are the politics of exclusion, inclusion and making invisible of data sets?

The conversation further opened up to the other participants in the conversation to crystalise around three areas of concern:

Data Decay

An audience member pointed out that one is always confronted with the physical decay of data. While old film is an incredibly fragile medium, it has survived over 70 years to become a part of Ayisha’s work. A digital format, on the other hand, would likely become inaccessible within six years due to format changes and problems with compatibility. The discussion shifted to the temporary aspect of data. The digitization of data allows one to illuminate it in significant ways by adding new components and blowing up details of focus. Such options are not available in analogue form.

However, the fact that digital media has a limited lifespan is something that one must consider. Are we depicting data for immediate attention and action, or for future reference? How far down the timeline of history do we want our records to stretch? Regardless of whether the producers of the film that turned out to be a hidden treasure for Ayisha asked these questions, the persistence of the film 70 years later served to illuminate an important moment in history and spoke of lives and stories the knowledge of which is still of interest and inspiration in our time. The future accessibility of data can be seen as our legacy and the inheritance of the generations to come.

Data Realities / Subjects

At the same time, can we be sure of the factual nature of recovered and existing data? It is important to ask who commissioned the source of information, who collected the data, who depicted and disseminated it? When asking “who”, one should also ask what their motives were, what resources they had and what settings they were working in. These are only several factors that influence the accuracy, message and understanding of the presented data.

Data has political power, being used as a catalyst and a justifying factor for various policies and interventions. However, data that is collected and presented by policy makers, research organizations, NGO’s, and other institutions may not reflect the realities as they are experienced by the population represented by the data. Researchers may be asking the wrong questions, or seeking answers in the wrong places, as it was the case in the Atlanta homeless programs discussed in Ward’s presentation. Inaccurate or incomplete data can confuse cause and effect, as well as become the cause in and of itself by feeding into stereotypes and creating faulty convictions that shape conventional views and social action.

Data Values

The importance of deconstructing the nature of how data is presented was remarked on by an audience member. The question posed was how, in the process of data collection and presentation, one can make data more reflective of reality as it is experienced by the studied population through incorporating grassroots efforts to create a community-based ownership of data.

To tackle this question, Marek brought up the example of mapping out the Kibera slum in Kenya. An open source approach was used in the project, where locals actively participated in the process of mapping. However, as Marek pointed out, it was still an intervention from outside the community. Somebody funded the project, someone gave the equipment, and they followed a certain methodology for reasons of their own. A completely unbiased and neutral representation of the slum was not possible due to the various agendas and perspectives of the parties involved, the dominant agenda being that of the project funders. Complete objectivity, even when efforts are made, is impossible.

Is it really more data that we need then? Even though information exists, it may not be accurate and not everyone within the society has an equal reach to it. A worker from a village lacking in literacy skills has significantly less access to data than a PHD student from a renowned university, even though they both navigate within the same system. Access to data stems farther than what is put up on a website or a file that can be picked up from a government office. More important than having access to open data, Zainab believes that one should look for relationships and systems where there is responsiveness and responsibility of negotiating.

However, what came clear from the discussion is that there are existent infrastructures that enable researchers and activists in their quest for information and its fair representation. People, in their interactions with each other, in the institutions and ad hoc organizations we develop, take part in creating these enabling infrastructures. Being embedded in the system within which one is collecting information allows one to understand and manoeuvre the necessary avenues. Questions of data collection, representation, and dissemination are multidisciplinary, spanning across issues that touch all members of our society. From land property records, old abandoned film, government statistics, classifications, and artists’ quest for truth, data takes many forms and defines our lives in ways we cannot always control. Through revaluation and questioning of these processes we gain a better understanding of what shapes societal views, government action, and how we can take control and use data to illuminate the unseen and wheel social change.

This has been the first of our experiments at creating dialogues around Exposing Data. We invite people interested in these questions, to not only participate in the future conversations, but also help us draw upon different disciplines, questions and concerns around the subject of Data. The next conversation seeks to address the question of “Whose data is it anyway?” and we hope that the momentum of talk carries on.

Nishant Shah
Maya Ganesh
Yelena Gulkhandanyan

For more details visit http://editors.cis-india.org/internet-governance/art-slash-activism

Exploring Open Hardware in Mass Produced Mobile Phones

praskrishna — 2016-09-28T14:19:32Z

For more details visit http://editors.cis-india.org/a2k/blogs/exploring-open-hardware-in-mass-produced-mobile-phones

Explore money apps but watch your data

praskrishna — 2017-06-08T12:46:11Z

Financial apps may appear to be free but before you install them, read their privacy policies to know what you may be signing away.

The article by Shaikh Zoaib Saleem was published in Livemint on June 8, 2017. Pranesh Prakash was quoted.

With the increasing usage of smartphones and other smart devices, our use of and dependence on mobile applications also increases. These apps, while being installed on your device, ask for a lot of permissions. Most users do not take a detailed look at all the permissions being granted to any particular app’s publisher. Moreover, even fewer users look at the privacy policies and terms of use of apps, which detail how the publisher intends to utilize the data you share.

In most cases, the data collected is analysed and used for targeted marketing campaigns by the apps’ publishers, based on the users’ profiles and habits. Read more about it here: bit.ly/2q3ByA3. While this phenomena is spread across the board for all categories of apps, we take a look at the privacy policies and terms of use of the top 10 Android financial apps in India (top 10 as of June 1, according to App Annie, a mobile apps market research company based in California). The 10 apps are: PhonePe, BHIM, SBI Anywhere Personal, Kotak – 811 and Mobile Banking, JioMoney Wallet, Money View Money Manager, State Bank Buddy, Bank Balance Check, All Bank Balance Enquiry, iMobile by ICICI Bank.

Collecting information

The common theme across privacy policies of these apps is that the information is collected to enhance customer experience while using an app, respond to customer complaints and resolve disputes. Another theme is tracking consumer behaviour. For instance, PhonePe, in its privacy policy states, “We may automatically track certain information about you based upon your behaviour on our app. We use this information to do internal research on our users’ demographics, interests, and behaviour to better understand, protect and serve our users. This information is compiled and analysed on an aggregated basis.”

Similarly, the privacy policy of BHIM app says, “…once you give us your personal information, you are not anonymous to us. We may automatically track certain information about you based upon your behaviour on our app to the extent we deem fit.” It further adds that if you choose to transact on the app, then “we collect information about your transaction behaviour.” All the apps collect some or the other information like device IDs and location.

Sharing Information

The information gathered by the apps is not just used by these companies themselves, but also shared with third parties, subsidiaries, parent companies and agents of the companies. iMobile by ICICI Bank, for instance, in its privacy policy states that the bank will limit the collection and use of customer information only on a need-to-know basis to deliver better service to the customers. “ICICI Bank may use and share the information provided by the customers with its affiliates and third parties for providing services and any service-related activities such as collecting subscription fees for such services, and notifying or contacting the customers regarding any problem with, or the expiration of, such services. In this regard, it may be necessary to disclose the customer information to one or more agents and contractors of ICICI Bank and their sub-contractors, but such agents, contractors, and sub-contractors will be required to agree to use the information obtained from ICICI Bank only for these purposes,” the policy reads.

Similarly, PhonePe in its privacy policy has said that the company may share personal information with its other corporate entities and affiliates. “We and our affiliates will share/sell some or all of your personal information with another business entity should we (or our assets) plan to merge with, or be acquired by that business entity, or re-organization, amalgamation, restructuring of business. Should such a transaction occur that other business entity (or the new combined entity) will be required to follow this privacy policy with respect to your personal information,” it reads.

While installing, the Kotak app seeks your “irrevocable consent” to its privacy policy, which, among others things, states: “We may disclose the customer information to third parties for following, among other purposes, and will make reasonable efforts to bind them to obligation to keep the same secure and confidential and an obligation to use the information for the purpose for which the same is disclosed, and you hereby give your irrevocable consent for the same.”

JioMoney Wallet, while disclosing upfront that the publishing company and its affiliates do not sell or rent personal information to any third-party entities, also adds that the company “engages a number of vendors, consultants, contractors and takes support of our group companies or affiliates. We may provide our partners access to or share your personal information to enable them to provide the services subscribed by you.” Terms and conditions of the BHIM app state: “For the protection of both the parties, and as a tool to correct misunderstandings, the user understands, agrees and authorises NPCI, at its discretion, and without further prior notice to the user, to monitor and record any or all telephone conversations between the user(s) and NPCI only.”

It is imperative to note that most of these apps announce it upfront in their privacy policies that the policy could change anytime without prior information to the users. At the same time, it should be noted that sharing of some data is required for proper functioning of many apps. While most app publishers may not misuse the data being gathered, you should know exactly what data is being used.

Pranesh Prakash, policy director at the Centre for Internet and Society said that their research outputs show that laws to deal with misuse of personal data are very weak in India. “We need a strong privacy law to address these issues, of which we have proposed a citizens’ draft. Clearly, the prevailing situation shows that the industry is not taking enough initiative on self-regulation. At the same time, even the government isn’t taking much interest in consumer protection.”

For more details visit http://editors.cis-india.org/internet-governance/news/livemint-june-8-2017-shaikh-zoaib-saleem-explore-money-apps-but-watch-your-data

Explanatory Note on Article 6 bis

praskrishna — 2013-12-30T15:27:28Z

For more details visit http://editors.cis-india.org/a2k/blogs/explanatory-note-on-article-6-bis

Expiry of Licenses

praskrishna — 2013-03-04T04:54:51Z

Expiry of Licenses

For more details visit http://editors.cis-india.org/home-images/ExpiryofLicenses.png

Experts' committee moots law to protect privacy

praskrishna — 2012-10-22T10:18:34Z

In its report submitted to the Planning Commission on Thursday, the first ever experts’ group to identify the privacy issues and prepare a report to facilitate authoring of the privacy bill, has said that existing laws have created an ‘unclear regulatory regime’ which allows a state to be intrusive.

Saikat Datta's article was published in DNA on October 19, 2012

The report has been prepared by experts led by justice AP Shah, former chief justice of the Delhi high court.

In its exceptions to the proposed law on privacy, the experts’ group has recommended that national security, public order and disclosures made in ‘public interest’ will be exempted from the limitations of privacy. Several members of the group unsuccessfully argued to bring in the Intelligence agencies which are empowered to legally tap phones, intercept emails and conduct surveillance on citizens under the ambit of the Privacy Act.

The report, a copy of which is available with DNA, recognises that there are major differences in the existing laws that permit intrusive phone-tapping or surveillance of private citizens by the government.The group feels that “these differences have created an unclear regulatory regime that is inconsistent, non-transparent, and prone to misuse and does not provide remedy or compensation to aggrieved individuals.”

Therefore, the group has recommended that when the government conducts any intrusive surveillance like phone tapping, it must adhere to the principles of proportionality, legality and remain within the boundaries of a democratic state.

“The limitation (on tapping phones, etc) should be in proportion to the harm that has been caused or will be caused,” the report states.

Interestingly, the report also exempts the disclosure of personal or private information for journalistic or historical and scientific purposes from being curbed under the proposed Privacy Act. Interestingly, this will give journalists a legal cover from being hauled up under the proposed privacy laws when they file stories.

The government is keen to enact a privacy law quickly because of two major issues. The fallout of the leakage of the tapes of Niira Radia speaking to industry heads like Ratan Tata which led to a renewed clamour for a comprehensive Privacy Act. Ironically, anything related to phone-tapping has now been left out of the provisions of such an Act.

The other reason was the pressure from the industry that is keen to get business from abroad that deals with sensitive personal data. In the absence of any personal data protection laws, Indian companies were not getting any business from European or American firms. With this law, India can look forward to getting substantial business that involves personal data.

With this framework in mind the experts’ group has recommended that notice be given to any individual from whom personal information will be sought. With intrusive government projects like the UID or the NATGRID, the group was worried that this kind of massive data in the hands of the government could turn this into a police state.

It has also mandated that the choice and consent of the individual must be taken before collecting this information. Also, there has to be a limitation on collecting this information and anything that has been collected will use the data for only a limited purpose. A data controller should be appointed to collect, maintain and use the data under strict stipulations.

Therefore, the data controller will be made accountable for any lapse in handling or disclosure of the data. To ensure that this kind of control can be exercised, the group has suggested the appointment of privacy commissioners who will adjudicate on any matter of illegal disclosures and mete out server punishment.

Recommendations

National security, public order and disclosures made in ‘public interest’ will be exempted from the limitations of privacy
The limitation (on tapping phones, etc) should be in proportion to the harm caused or will be caused
Disclosure of personal or private information for journalistic or historical and scientific purposes should be exempted from being curbed under the proposed Act
Notice be given to individual from whom information has to be sought
A data controller should be appointed to collect, maintain and use the data
Privacy commissioners who will adjudicate on any matter of illegal disclosures be appointed

Note: The Centre for Internet & Society was part of the expert committee even though not explicitly mentioned.

For more details visit http://editors.cis-india.org/news/dna-india-october-19-2012-saikat-datta-experts-committee-moots-law-to-protect-privacy

Experts stress on need for enhanced security

praskrishna — 2017-05-20T06:13:19Z

With more and more people falling prey to phishing scams, experts believe that lack of adequate security features in online payment systems will only increase the number of such cases in the coming days. While admitting that the rise in such crimes would be hard to stop or control, cyber security consultants also blame the lack of preparedness before taking the digital economy route as a cause for such problems.

The article was published in the New Indian Express on May 6, 2017. Pranesh Prakash was quoted.

Speaking to Express, Dr A Nagarathna of the Advanced Centre on Cyber Law and Forensics, National Law School of India University, said that apart from the push for digital payment solutions, the merger of various State Bank entities also provided chances for criminals to exploit gullible people.

“People tend to give away critical information since cyber criminals seem so convincing. But they should remember that banks never collect such information over phone,” she said.

The cyber security features of banks and e-wallets are also questionable. Banks and e-wallet service providers should be held accountable for such crimes, so that they make an effort to ensure necessary safety measures, she said.

Pranesh Prakash, Policy Director at the Centre for Internet and Society, noted that there were security concerns with e-wallets. “Many e-wallet apps compromise on security in favour of convenience, but, at the same time, have terms of service that hold customers liable for financial losses. There have been many reports of criminals working with rogue telecom company employees to clone SIM cards and steal money via UPI and BHIM,” he said.

He also criticised the use of biometrics as the only factor for authorising payments to merchants using Aadhaar Pay. He noted, “Your fingerprints cannot be changed, unlike a PIN. So, if a merchant clones your fingerprint, you cannot revoke it or replace it the way you can with a debit card and a PIN.”

Another activist said the recommendations of Watal Committee, which looked into digital payments, should be implemented. “As of now, the law does not focus on the need for consumer protection in digital payments. The Payment and Settlement Systems Act, 2007, needs to be updated,” he said.

For more details visit http://editors.cis-india.org/internet-governance/news/new-indian-express-may-6-2017-experts-stress-on-need-for-enhanced-security

Expert Roundtable on Reconciling Policy Priorities of the Global North and South: Implications for Norms of Responsible State Behaviour in Cyberspace

praskrishna — 2015-05-01T16:35:50Z

For more details visit http://editors.cis-india.org/internet-governance/news/expert-roundtable-on-reconciling-policy-priorities-of-global-north-and-south

Expert Meeting on Freedom of Expression and Intellectual Property Rights

praskrishna — 2012-03-16T07:41:39Z

This report provides an overview of the discussion from the Expert Meeting on Freedom of Expression and Intellectual Property Rights, organized by ARTICLE 19 in London on November 18, 2011.

At the meeting, nineteen international scholars, experts and human rights activists met to explore the antagonistic relationship between Intellectual Property (IP) and the rights to freedom of expression and information (FoE). This conversation is timely if not overdue, as governments are increasingly using the pretext of IP protection to place unjustified restrictions on the exercise of FoE, particularly on the Internet. ARTICLE 19 believes that increasing the profile of the human rights perspective in debates on IP law and policy is essential to protecting FoE, particularly in the digital environment. The objective of the meeting was therefore to develop an appropriate rights framework for evaluating IP law and enforcement mechanisms, to advance a policy paper on the issue and eventually to establish a set of key principles on IP and FoE.

This report outlines:

A summary of the discussions that took place during the meeting; and
Outstanding issues and those requiring follow-up discussion in order to conceptualise and complete a position paper on the subject.

List of Participants

Andrew Puddephatt: Director, Global Partners & Associates
Brett Soloman: Executive Director, ACCESS.
Dinah PoKempner: General Counsel, Human Rights Watch.
Jérémie Zimmermann: Co-founder and spokesperson, LaQuadrature du Net: Internet & Libertés
Jeremy Malcolm: Project Coordinator for IP and Communications; Consumer International.
Jim Killock: Executive Director, Open Rights Group
Michael Camilleri: Human Rights Specialist, Office of the Special Rapporteur for Freedom of Expression at OAS.
Michael Geist: Chair of Internet and E-commerce Law, Univesity of Ottowa.
Pranesh Prakash: Programme Manager, Center for Internet and Society
Raegan MacDonald: Policy Analyst, ACCESS (Brussels)
Saskia Walzel: Senior Policy Advocate, Consumer Focus
Yaman Akdeniz: Associate Professor in Law; Human Rights Law Research Center, Faculty of Law, Istanbul Bilgi University.
Walter van Holst: IT legal consultant, Mitopics
Agnes Callamard: Executive Director, ARTICLE 19
Barbora Bukovska: Senior Direct for Law and Policy, ARTICLE 19
David Banisar: Senior Legal Counsel, ARTICLE 19
Gabrielle Guillemin: Legal Officer, ARTICLE 19
Andrew Smith: Lawyer, ARTICLE 19
Michael Polak: Intern, ARTICLE 19

Welcome, Introductions, Purpose

Agnès Callamard opened the meeting with a welcome and introduction, giving a brief overview of ARTICLE 19’s extensive experience over twenty years bringing together coalitions to increase the profile of various advocacy issues and develop key policy documents, including the Camden Principles on FoE and equality, and the Johannesburg Principles on FoE and national security.

In the last three years, the Internet has increasingly come to the forefront of ARTICLE 19’s work. During this time it has become clear that the agenda for protecting IP negatively impacts FoE, and that there is a notable absence of traditional human rights groups engaged with the IP agenda or campaigning on its implications for human rights. ARTICLE 19 believes that there is a clear need for this gap to be filled, for us to enter this dialogue and challenge current preconceptions with an alternative human rights narrative that counters that promoted by IP industries.

The purpose of this meeting, therefore, is to develop a strategy for promoting the FoE perspective in debates on IP. To do this, it is important to first conceptualise the relationship between FoE and IP within a rights framework: to identify how or if these interests should be balanced and what the areas of conflict and conciliation are. This discussion should clarify the best way to proceed, with a view to arrive at a policy paper and eventually a set of principles on how to best protect FoE in the IP context.

Session 1: Brief comments by participants on issues of concern for freedom of expression campaigners in relation to IPR

The objective of the first session was for all participants to identify the most significant issues in current debates on freedom of expression and IP, and the extent to which some issues may have been overlooked, underestimated, or over-emphasised. These issues, ideas and perspectives would then guide discussions during the remainder of the meeting and at future meetings.

All participants agreed that applying a human rights framework to this debate is an important and worthwhile endeavour. The following issues were identified during the discussions:

Conceptual starting point

Participants agreed that the status quo should not be the “starting point” for discussions, and that we should avoid being trapped in the narrative that has been developed and imposed by IP rights holders. This requires questioning accepted language and norms, pushing the boundaries of the debate and thinking outside the box. The proliferation of terms such as “piracy”, “theft” and other criminal law language to describe non-commercial copyright infringement demonstrates the extent to which corporate interest groups have controlled the agenda. We should reject these terms and instead adopt positive language that emphasises the cultural and economic value of information sharing, and frame IP as a potential obstacle to these values. This dialogue should recognise that the relationship between people and information has changed in the digital age, and that a new generation of people express themselves through sharing media online and creating new works such as video mash-ups.

A human right to IP?
Several participants questioned whether we should accept interests in IP as “human rights”, particularly as the concept is one born from censorship. Rejecting IP as a human right would require challenging accepted language such as “intellectual property rights” and “rights holder”. If we speak of IP interests or claims, rather than human rights, then it is also inaccurate to speak of their interaction with other rights as a “conflict between rights” that requires “balancing”. Instead, certain IP claims, and the detection or enforcement mechanisms that support them, should be framed as restrictions on the right to freedom of expression.

Some participants expressed doubts over the value of advocating that IP is not a human right when the idea is already embedded and various regional courts have already recognised it as such. Such a campaign would be difficult and achieve little, particularly as it may require changing established agreements such as Berne and TRIPS that would take decades to reform. Staying within the existing legal framework may be the only pragmatic way to achieve change in the short and medium-term. There was agreement that understanding how different treaties and human rights instruments or bodies understand IP is important before proceeding.

In the alternative, it was suggested that IP could be viewed as a “human right” to the extent that it complements other human rights, such as FoE. Copyright is often justified on terms that it is essential for incentivising creativity and that it is an “engine” of free speech – this argument needs further exploration, as it shows that the two rights may sometimes be complementary. ARTICLE 19 is familiar with a strategy focussed on complementarity, as the Camden Principles promoted a similar approach to advocate that the right to equality and right to FoE were mutually reinforcing rather than contradictory. Similarly, participants spoke about a “social value” approach to viewing IP as a human right, i.e. the greater the social value behind the IP protection, the more weight it would have in a rights “balancing” exercise.

Other suggestions on reframing or reversing IP preconceptions included recommending a system where the “public domain” is the norm and any monopoly interest the exception. Exceptions would have to be argued on a case-by-case basis and would be granted only when it would be in the public interest to do so.

A consensus seemed to develop that rejecting the idea of IP as a right would not be a helpful strategy. However, between the various alternative suggestions the only agreement seemed to be that the issue requires more exploration so that the nature of IP as a right can be better understood. It is anticipated that reaching a definite conclusion on this issue will inevitably not satisfy everyone, but would be necessary to proceed with an advocacy campaign.

The Right to Culture
As well as the right to property and the right to freedom of expression, there is also the right to culture in Article 27 of the UDHR and Article 15 of the ICESCR. Both instruments reflect the tension between a right to access culture and the competing right of individuals to protect the material interests in their intellectual property. Participants recommended further exploration of the economic, social and cultural rights perspective on IP issues and integrating this into a campaign.

Pulling apart multiple IP issues
Participants identified a number of ways in which IP engages freedom of expression, and that it is therefore important that a FoE analysis dealt with these issues separately. One focus should be on the IP protections themselves – these give individuals monopolies over information and thereby restrict others’ FoE. Within this, the breadth of exceptions regimes is important, as these vary significantly between countries, in particular the duration of copyright protection and how ‘fair use’ or ‘fair dealing’ type exceptions are defined. The use of digital rights management systems (DRMS) as preventative measures also relate to this area. A second focus, and a current “hot topic” in IP circles, is the enforcement agenda. This includes the criminalisation of non-commercial IP infringement, the privatisation of policing IP infringement and its impact on net neutrality, and criminal and civil law protections for DRMS.

The difference between types of IP was also discussed. There are different rationales behind copyright, trademarks, and patents. Our approach should be as nuanced and specific as possible – when we are criticising copyright we should only refer to copyright and not IP generally. Unpacking the issues in relation to the different types of IP will be important for developing a coherent policy.

The way that international trade agreements have consistently augmented IP rights was also highlighted. In relation to electronic data, the copyright holder now has so much control over the use of the information, particularly through digital rights management systems protected by the criminal law, that purchasing such products is increasingly more like renting than owning. This augmentation should be tracked and highlighted in an advocacy campaign.

Advocacy Strategy
It was also noted that developing a human rights perspective on IP is not only an intellectual pursuit but needs to be viewed in terms of a citizen movement capable of achieving outcomes. Participants identified several further issues that should be considered when developing an advocacy strategy.

One consideration would be how we develop campaigning alliances. Some industries are potential allies, in particular Internet intermediaries that are increasingly under pressure to be the private police of copyright holders. Some artists themselves are also sympathetic to FoE arguments. More obviously, consumers and information users should be mobilised by a campaign. It is important to develop distinct strategies for targeting identified groups that reflects our understanding of their diverse interests; this would allow us to build commonalities between actors who may normally be regarded as having divergent objectives, and mobilise each to push for change in a direction that supports our ultimate goal.

Central to a campaign strategy is also the idea of having a clear message as to what the problem is and how it impacts people on a day to day basis. The utility of graphics illustrating the inequitable geographic distribution of IP interests was recommended as a useful tool to demonstrate the scale of this global problem. Ways of countering campaigns conducted by IP holders over the last two decades were also discussed, in particular how to push back against the idea of copyright infringement as “theft”, as has been promoted through slogans such as “you wouldn’t steal a handbag.” Illustrative analogies were discussed, including viewing IP infringement as mere trespass rather than theft and as “copying” rather than depriving a person of property. However, it was concluded that these analogies were helpful for developing our understanding of the issues, but would not be as effective as campaign tools. An effective campaign would have to distinguish between background issues and our actual advocacy points, which would be focussed on a clear set of key fundamental principles.

Participants also identified the importance of engaging governments and the media on the inconsistency of their policies and coverage of FoE and IP. The US, in particular, is loudly proclaiming its commitments to FoE on-line whilst simultaneously promoting aggressive enforcements mechanisms for IP that directly undermine FoE rights.

The campaign against ACTA in the European Parliament (EP) was also recommended as a platform from which to launch further dialogue on FoE and IP. Since the meeting, ARTICLE 19 has released a statement on ACTA that we have shared with all participants, and plans to circulate this statement to various EP committees and MEPs in the coming weeks.[1]

Opportunities for strategic litigation were also identified. In particular, there are a number of Article 10 ECHR cases pending before the European Court of Human Rights on the blocking of websites, many being from Turkey.

Session 2: The tension between freedom of expression and IPR

The second session began with a presentation by Gabrielle of the background paper on intellectual property and freedom of expression. Participants gave feedback on issues raised in the paper and suggested ways of developing it into a policy paper to compliment an advocacy campaign.

Gabrielle’s opening comments acknowledged that the background paper is very much focussed on FoE in the digital age, and is centred more on copyright rather than trademarks and patents. Gabrielle outlined the way in which conflicts between tangible property rights and freedom of expression have been dealt with by the ECHR. She also identified key challenges to reframing understandings of IP, in particular in relation to the notion that the public domain and information sharing should be the norm while information monopolies should be the exception. Gabrielle also highlighted the timeliness of this discussion as significant changes to the enforcement agenda are taking place; including the criminalisation of copyright infringement and DRMS circumvention.

Participants agreed that the policy paper was an excellent starting point for discussions on FoE and IP, and recommended a number of areas for further elaboration in future drafts:

The objective tone of the paper, placing ARTICLE 19 as an impartial arbiter, is a productive starting point.
The legal framework for IP/FoE should be elaborated to acknowledge the right to culture as contained in Article 27 of the UDHR and Article 15 of the IESCR. The ways that states periodically report their IESCR compliance could be explored.
Intermediaries should be referred to in broader terms than just as ISPs. “Information society service providers” is an umbrella phrase that includes search engines, advertisers, payment services.
The Scarlett decision by the ECJ should be incorporated once it is released.[2]
The concept of “filtering” is essentially a type of “blocking”, both may be referred to as censorship to clarify their immediate impact on FoE.
Some participants felt that explaining why the FoE implications are different for civil and criminal law would be helpful.
Participants felt that the section on the implications of the ACTA regime could be built upon.[3]
In developing the section on FoE rights, the Latin American view of FoE as a collective right may also be worth emphasising. It may also be worth comparing the potential balance between IP and FoE to other balancing exercises related to privacy or reputational rights.
The differences between copyright, trademarks and patents should be explained.
A section outlining the philosophical foundations of these protections, in particular the difference between the US (incentivise creation) and European (natural rights) approach to IP might also be helpful.
It should be stressed that the failure of IP law to adapt to new technologies is the problem, not new technologies themselves. This failure undermines the justifications for protecting IP rights.
Greater emphasis should be placed on the way in which the current legal framework is based on an ideal of an 18th century author, and does not acknowledge the impact of IP on scientific research and collaboration, indigenous knowledge, peer-to-peer sharing, the creative power of new technology etc.
Positive examples of IP infringement would be useful for illustrating why IP protection shouldn’t be safeguarded at all costs. In particular, efforts to make works more accessible to minority language speakers (crowd-sourcing methods in particular) and the impact that IP law has on blind people’s access to information.
Similarly, examples of censorship that make the impact of IP protections of FoE clearer to policy makers would be helpful in debunking the myth that the interests of the IP industry giants are synonymous with those of the individual creators.
It would also be helpful to illustrate that IP protection is also a geographic concentration of wealth issues as much as a moral issue.[4]
The role of de minimis exception regimes in protecting FoE should also be explored in greater depth.
Several sources were also recommended, including the Association littéraire et artistique internationale (ALAI)[5], the International Federation of Libraries Association (Stuart Hamilton identified as a contact)[6] and the OSCE study on Internet Freedom.[7]

Session 3: Key questions, issues and challenges

Dave chaired a third session to elaborate upon the key issues discussed prior to lunch, with a view to reaching some level of consensus on the appropriate scope of restrictions on freedom of expression in defence of IPR.

Gabrielle offered comments on the balance that could be applied between the right to property (Article 1 of Protocol 1 to the ECHR) and the right to freedom of expression (Article 10 of the ECHR). However, as the European Court of Human Rights has not ruled on the balance that ought to be struck between these two rights in the context of intellectual property, it is difficult to speculate on how it would be litigated.

Participants agreed that the ‘public interest’ is central to assessing when property rights can be restricted to promote other rights, including FoE. The need to stress the importance of the Internet as a public forum was also identified.

The participants also discussed what limitations are appropriate to place on IP rights. Various ideas were suggested, but it was concluded that any recommended framework on the substance of IP rights would have to be compliant with the Berne Convention. This means that in terms of copyright duration, the minimum that could be recommended is 50 years. It was also stated that any system that recommends a default public domain with a system of registration for copyright “exceptions” would not be compliant with Berne. The augmentation of IP rights through these international agreements was again referenced, as there appears to have been a pattern of the US and EU exporting the worst aspects of their IP regimes abroad through trade arrangements without elaborating on how exceptions to IP rights should be developed. It was also noted that copyright holders will continue to support this process, as their business model depends upon having as much control over the use of information as possible.

Again participants identified the need to distinguish between the limitations that are imposed on FoE by the IP rights themselves, those limitations imposed by preventative technological measures and those imposed by enforcement mechanisms.

The importance of distinguishing the different actors involved was also emphasised, i.e. whether we are discussing competing rights between private creators (e.g. original creator vs. derivative creator) or the direct relationship between the state and individuals (e.g. enforcement of criminal provisions against an individual infringing IP). It is important that our analysis does not conflate private actors with state actors, and that it is clear what positive and negative obligations are on these parties and the rationale for their application.

It was suggested that an approach that balances competing human rights is appropriate where the interests of two creators are in conflict, but perhaps not when the state intervenes to prevent or punish IP infringements. Where the state acts to restrict an individual’s access to the Internet, it is not a balance issue but an unnecessary and disproportionate interference with the right to freedom of expression.

Participants stressed the economic and social significance of blanket (and even many specific) restrictions on Internet access. Blanket prohibitions on access to the Internet was compared to solitary confinement, and participants agreed that sanctions such as these are never necessary or proportionate responses to IP infringement. An analogy was made to a statement recently issued by ARTICLE 19 on services to counterfeit mobile telephones being shut down in Kenya.[8] Participants also indicated that these blanket measures are increasingly rare, but that states still violate the principles of necessity and proportionality through limitations that they impose.

Further FoE concerns were raised in relation to the enforcement of IP rights in the digital environment. In order to monitor the Internet for IP infringement, it is necessary to monitor the content of all Internet communications. This has implications for FoE rights and privacy rights, and has a potential chilling effect on all on-line expression.

There was also some discussion on defining what our working definition of FoE should be in this context, particularly in relation to use of new technologies and DRMS. Does FoE necessarily include the right to scan a document, to use translation technology on it, to copy and paste, to save in various formats etc?

Participants also discussed that the ordinary de minimis exceptions cannot simply be transplanted and applied as ‘exceptions’ or defences to DRMS circumvention offences. DRMS limit the use of works severely, and unless you have the technical knowledge to circumvent these devices, it is not possible to take advantage of exceptions or defences.

There were also discussions on access to justice issues, due to the prohibitively expensive cost of contesting litigation against large corporations.

Several participants mentioned that discussions on these issues have a tendency to become too narrow in their focus. Examples given were that the focus drifts to copyright rather than trademarks and patents, that peer2peer sharing gets more attention than other technology uses, and that artistic expression is talked about but not technical or scientific forms of expression. At the same time, some participants expressed an aversion to a “kitchen sink” approach in any campaign, as it may result in an incoherent message.

Various sources were recommended for further reading. These included a report by Consumers International on best state practices (Brazil, Canada and South Africa mentioned for enacting progressive legislation recently),[9] and the UN guidelines on consumer protection.[10]

Session 4: Measures for protecting and enforcing IP rights on the Internet: finding a better balance with FOE

At the fourth session, Barbora chaired a discussion on procedural issues that pose a threat to freedom of expression and Internet freedom. Key issues identified at the outset were whether sticking to a human rights view that judicial oversight is the best option or is there a human rights compliant alternative model? As it was decided in the previous session that disconnection is disproportionate, are all forms of criminal liability for Internet use disproportionate? And what limits should be placed on civil remedies, such as damages-award ceilings.

Discussions began on whether an administrative model for notice and takedown would be appropriate. Advantages that were identified of non-judicial models include:

An administrative system is more effective in terms of time and cost. The number of notice and takedown requests that happen on-line would overwhelm a traditional judicial organ.
Protections for intermediaries from liability can be built into the system.
Guidelines can ensure compliance with legal certainty, transparency, due process, specificity of remedies, protections for the identities of users.
Could also be subject to judicial oversight.
That limitations on cost would also “disarm” corporations who would not be able to threaten expensive court procedures that intimidate individuals into prematurely settling civil actions.
The need for fast remedies in digital infringements was also stressed. For example, a website may be created only for the 90 minutes of a football game and then disappear – traditional judicial methods cannot be used to provide redress in these circumstances. Although this may appear to be a “shoot first, aim later” approach, one needs to consider these pragmatic concerns. An administrative model is better suited to this than a judicial system.
Alternatives to an administrative model included the use of non-legal ombudsmen or arbitration proceedings. These measures could also keep costs low.

A number of participants disagreed that an administrative model was appropriate. Their concerns focussed on the following issues:

That the independence of an administrative body could not be guaranteed.
That an administrative procedure should never be used to impose criminal liability.
The procedural guarantees in an administrative system are less robust, particularly in countries that do not have a strong separation of powers.
That the time and cost of a judicial system is necessary to comply with international human rights standards.

Concerns were also raised about recommending any boilerplate solution that should be ‘copy and pasted’ into all national contexts without adequate consideration being paid to that country’s legal system or traditions. In terms of accuracy of language, it was also commented that notice and takedown affects hosts of content, and not ISPs, who are mere conduits.

Systems in place in Canada and Japan for “notice and notice” were also discussed. In these systems, the IP holder notifies the intermediary, who notifies the user, who has a time to reply before action is taken. The role of the intermediary in this system is to facilitate communications and they are not subject to liability. The accommodation of “emergency requests” could also be considered within this system.

With any notice and takedown system it would also be important to make it clear to those controlling the content how you object to a takedown notice. Access to justice principles are important here, particularly considering the amount of misinformation that has circulated in recent years on the nature of IP infringement.

Various examples were given of forum shopping by IP owners in provincial courthouses where judges are less experienced in IP law and therefore more responsive to the arguments of IP holders.

There was also a discussion on why copyright holders would favour criminal sanctions as opposed to civil remedies. On the one hand, it seems intuitive that the rights holder would rather receive damages than have a person fined or imprisoned by the government. It was suggested that the criminal law has the advantage of having a more significant chilling effect. Also, in criminal cases, the costs of detection and enforcement can be placed on the state.

A number of initial principles were identified through this discussion:

Intermediaries should be immunised from civil liability.
There should not be liability for hyperlinking. It must be distinguished from “re-publication”.
Non-commercial infringement should not be criminalized. It was noted that TRIPS requires commercial scale infringement to be criminalized. Narrowly defining what is meant by “commercial” is important:

Peer-to-peer sharing should not be considered commercial.
IP infringement committed by individuals should not be considered commercial.

The need for clarity in the law and for information on IP law to be available to end-users facing litigation threats from copyright holders. In particular, states should educate individuals in the exceptions to copyright protections that serve the public interest.
Possible limitations on damages could be developed.

Session 5: Political developments and strategies of response

The purpose of the fifth session was to provide participants with the opportunity to discuss developing strategies for working together to better combat governments’ attempts at restricting FoE on the basis of protecting IP.

The first priority that was identified was to finalise a policy paper on the issue. This would perhaps take some time to formulate, and may require further meetings to discuss key issues.

A second priority for advocacy was identified in relation to ACTA, which will be voted upon by the European Parliament in the coming months. ARTICLE 19 has issued a statement on ACTA that will also be circulated among participants.

A third discussion concerned the possibility of uncovering a wikileaks-type “scandal” in which the hypocrisy of copyrights holders, and their true motivations, could be exposed. Receiving internal emails from whistleblowers interested in exposing such a story would provide a good media storm in which to launch an advocacy campaign. Examples of IP industries illegally lobbying governments or interfering with the administration of justice would be helpful. The involvement of the British Phonographic Industry in lobbying for the Digital Economy Act was referenced in this discussion.

The utility of engaging with the copyright industries was also discussed. These industries have a reputation for not negotiating– they want as much control over information as possible, as control is essential to their business model. There may be some utility in identifying who our enemies’ enemies are. It was mentioned that the occupy movements may be interested in pursuing a human rights narrative against corporate property interests. These groups are very much engaged in promoting FoE rights. The traditional media was also identified as a group that may be interested in supporting a movement for greater FoE protections against IP.

In terms of developing strategy, it was also recommended that we look at successful human rights campaigns from the past, particularly any in the field of cultural rights. Potential partners for coalition building need to be looked at, and many of these partners may be within emerging economies such as BRIC or South Africa.

As we develop a strategy, we need to remain focussed on framing this battle as a human rights fight. We need to identify victims, perpetrators, and a call to action. A different plan may be needed for each audience that we identify. From the experience of activists at the meeting, theoretical arguments will not succeed in rousing a people-driven campaign. The use of new media, such as campaign videos on youtube, that clearly outline the human rights case would be helpful. It is also necessary to bridge the gap between popular campaigns and videos, and getting those campaigns into the mainstream media and creating a political issue out of it. As technology users that would be interested in this campaign tend not to vote, making this a political issue means making people who do vote understand the issue as one that is a mass-scale human rights violation.

Concluding comments and closing

Agnès closed the session by identifying several key steps:

The need to revise the policy paper in light of discussions throughout the day’s sessions.
The need to meet again to discuss the revised policy paper and to continue these discussions.
The objective of developing our role as advocates, identifying what we can initiate, what existing efforts we can support, and what our overall strategy should be.

[1].ARTICLE 19 statement “European Parliament must reject ACTA”, see: http://www.article19.org/resources.php/resource/2901/en/european-parliament:-reject-anti-counterfeiting-trade-agreement-%28acta%29

[2].This judgment has since been released. See ARTICLE 19 press release: http://www.article19.org/resources.php/resource/2872/en/landmark-digital-free-speech-ruling-at-european-court-of-justice

[3].ARTICLE 19 has since released a statement on ACTA. See: http://www.article19.org/resources.php/resource/2901/en/european-parliament:-reject-anti-counterfeiting-trade-agreement-(acta)

[4].http://www.worldmapper.org/images/largepng/167.png was recommended for its map of patent distribution in 2002.

[5].ALAI homepage: http://alaiorg.vincelette.net/index.php?option=com_content&task=view&id=50&Itemid=24

[6].See a list of publications at: http://www.ifla.org/en/publications

[7].OSCE study “Freedom of Expression on the Internet” (2010): http://www.osce.org/fom/80723

[8].ARTICLE 19 statement on FoE and counterfeit mobile telephones: http://www.article19.org/resources.php/resource/2762/en/kenya:-free-expression-standards-should-guide-fight-against-%E2%80%9Ccounterfeit%E2%80%9D-mobile-phones

[9].http://a2knetwork.org/watchlist

[10].http://www.un.org/esa/sustdev/publications/consumption_en.pdf

For more details visit http://editors.cis-india.org/a2k/freedom-of-expression-and-ipr-meeting