Clash of the cyberworlds
In an increasingly digital world, the issue of Internet freedom and governance has become hugely contested. Censorship and denial of access occur across the political spectrum of nations, even in …
For months now a little-known UN agency, the International Telecommunication Union (ITU), has been looming large in cyberspace, portrayed as an evil force plotting to take over the Internet and threatening to destroy its freedom by rewriting archaic regulations. ITU, set up in 1865, is primarily a technical body that administers a 24-year-old treaty, International Telecommunication Regulations (ITRs), which are basic principles that govern the technical architecture of the global communication system.
How did the 193-nation ITU, which regulates radio spectrum, assigns satellite orbits and generally works to improve telecom infrastructure in the developing world, turn into everyone’s favourite monster in the digital world? The provocation was ITU’s World Conference on International Telecommunications (WCIT) in Dubai, where ITRs were proposed to be revised. Leaked documents of the proposals made to ITU had shown that statist countries like Russia and China, known for their crackdown on Internet freedom, had put forward proposals to regulate digital “crime” and “security” aspects that are currently not regulated at the global level for want of consensus on balancing enforcement with protection of individual rights.
Other proposals were about technical coordination and the setting up of standards that enable all the devices, networks and software across the Internet to communicate and connect with one another. Although ITU secretary general Hamadoun I Touré had emphasised that the Dubai WCIT was primarily attempting to chart “a globally agreed-upon roadmap that offers future connectivity to all, and ensures sufficient communications capacity to cope with the exponential growth in voice, video and data”, there was widespread scepticism among developed countries.
|Online subversion in India
India, with 125 million Internet users—a number that “is likely to grow to about half a billion over the next few years”—would be a key player in the cyberworld of tomorrow, he promised.
According to the minister, Internet governance was an oxymoron because the concept of governance was for dealing with the physical world and had no relevance in cyberspace. These were high sounding words that crashed against the reality of India’s paranoia over online subversion.
For starters, Sibal flew into a media blitz over Google’s transparency Report which ranked India second globally in accessing private details of its citizens. Even if it was a far second behind the US, it was an embarrassing revelation for the government which appears to have been rather enthusiastic in seeking information on the users of its various services. Such user data would include social networking profiles, complete gmail accounts and search terms used. In the first half of 2012, India made 2,319 requests related to 3,467 users compared with 7,969 requests by the US. Globally, Google clocked a total of 20,938 requests for user data.
A few days down the line there was a public explosion over the arrest of two young women in Palghar, near Mumbai, for posting a prosaic comment on Facebook over Bal Thackeray’s death. Thanks to the deliberately vague wording of Section 66A of the IT Act, such arrests have become common and Rajya Sabha devoted a whole afternoon to discuss the impugned legislation and seek its withdrawal. Sibal’s response has been to issue guidelines on the use of this Section which civil society organisations say will do nothing to sort out matters.
Then there are the IT (Intermediaries Guidelines) Rules, 2011, issued under Section 79 of the IT Act, which have been used indiscriminately by business interests to shut down websites, resulting in unbridled censorship of the Internet time and again. Although a motion for its annulment was moved in Parliament by Rajya Sabha member P Rajeeve, it was withdrawn after Sibal promised to talk to all stakeholders. A host of MPs have termed the rules a violation of right to freedom of speech besides going against the laws of natural justice. The promised meeting of stakeholders has not yielded any results and censorship on grounds of possible online piracy continues. In this regard, India is more restrained than the US which has pulled down huge numbers of domains on the ground they were violating intellectual property by selling pirated goods.
Western global powers, behemoth Internet companies, private telecom corporations and almost the entire pack of civil liberties organisations came together in a frenzied campaign to ensure that ITU kept its hands off the Internet. Massive online petitions were launched, backed by Internet companies such as search engine Google and social networking service Facebook. The Internet, they said, should not become an ITU remit because it would change the multi-stakeholder approach, which currently marks the way the Internet is governed, and replace it with government control that would curb digital freedom. Not only did the US administration oppose the revision of ITRs, the US Congress also passed a rare unanimous resolution against the WCIT proposals.
In the end, it was an anti-climax: nothing much came of these proposals. Although WCIT was marked by high drama—a walkout by the US and six European countries, a show of hands on a contested but innocuous resolution and an unexpected vote—the “final acts” (http://www.itu.int/en/wcit-12/Documents/final-acts-wcit-12.pdf) or the changes in ITRs make no mention of the I word. Not once. The 30-page document states at the outset that “these regulations do not address the content-related aspects of telecommunications” —an indirect reference to the Internet.
Ultimately, it was a triumph of the US-led position even if 89 of the 144 eligible countries signed it. Most of the developed countries refused to sign it. Nor, unexpectedly, did India, and thereby hangs a curious tale. Officials who were privy to the negotiations told Down To Earth that India was all set to sign the new ITRs when its delegation got last-minute instructions from Delhi not to endorse them. “It was unexpected and a let-down for India and our global allies,” confesses an official of the Ministry of Communications & IT. “There was nothing in the final document that we had objections to.” According to the grapevine, Minister for Communications and Information Technology Kapil Sibal was facing pressure from two sides: the US Administration and domestically from civil society, Internet service providers and the private telecom players who had objected to India’s proposals on ITRs. The US is known to be keeping a close eye on what India decides to do on the new treaty which it can still ratify.
In the Dubai treaty, the only ITR that does impinge on the Net is (Article 5B) on unsolicited bulk electronic communications or spam. But even here, what it merely states is that member-states should endeavour to take necessary measures to prevent the “propagation of unsolicited bulk electronic communications and minimize its impact on international telecommunication services.”
|Challenges of securing cyberworld
To beef up cyber security, the Union ministry plans to pump in Rs 45 crore in 2012-13. It also put up a draft cyber security policy for public comments in 2011. Currently, cases involving cyber security and crime are handled under the IT Act of 2000 (Amendment 2008) and the Indian Penal Code.
But will the government go about its business of securing the Net in a responsible manner? There is scepticism. Section 69 of the Act gives any government agency the right to “intercept, monitor or decrypt” information online. Chinmayi Arun, assistant professor of law at National Law University in Delhi, said at the Internet Governance Conference held at FICCI in October that crimes like defamation are not on the same page as cyber terrorism, and “we have to question whether they warranty invasion of privacy”. She added that the workings of the surveillance system has to be made more open to build public trust.
Pranesh Prakash, policy director at Centre for Internet and Society (CIS) in Bengaluru, draws attention to a fundamental flaw in the section. “Government is allowed to wire tap under the Telegraph Act, 1885. But the Act lays out specific guidelines for such an action. For example, you can only tap phones in the case of a ‘public emergency’ or ‘public safety’ situation. The IT Act does not put such limitations on interception of information,” he says.
Cyber security and ITU
A few months prior to the controversial World Conference on International Telecommunications in Dubai, countries, including Russia and Arab states, had proposed measures that would, through International Telecommunication Union (ITU), grant disproportional power to countries to control the Internet in the name of security measures. Several proposals, most notably those of India and Arab States, explicitly stated in the proposed Article 5A that countries should be able to “undertake appropriate measures, individually or in cooperation with other Member States” to tackle issues relating to “confidence and security of telecommunications/ICTs”. It raised alarm among civil society. US-based think tank Center for Democracy and Technology (CDT) said in its report dated September, 2012, that cyber security does not fall under the ambit of International Telecom Regulations, and some countries would misuse such privileges for “intrusive or repressive measures”.
The proposal by African member states recommended that nations should “harmonise their laws” on data retention. In other words, intermediaries would have to retain public data for a long period so that governments can access it whenever they please. With regard to this, CDT noted, “Not only do national laws on data retention vary greatly, but there is ongoing controversy about whether governments should impose data retention mandates at all.”
A clause in the Arab proposal on routing said, “A Member State has the right to know how its traffic is routed.” Currently, the way Internet works, senders and recipients do not know how data between their computers travels or is routed. However, enabling countries to have control over routing has its dangers. CDT notes, “(This) would simply not work and could fundamentally disrupt the operation of the Internet.” Internet traffic travels over an IP network. While travelling, it is fragmented into small packets. Packets generally take a different path across interconnected networks in many different countries before reaching the recipient’s computer. CDT notes providing routing information to countries would require “extensive network engineering changes, not only creating huge new costs, but also threatening the performance benefits and network efficiency of the current system”. Although routing was not part of India’s proposal, Ram Narain, deputy director general at the department of telecommunications, told Down To Earth it was one of the country’s concerns.
However, to civil society’s partial relief, such draconian cyber security clauses were not adopted in the new itr treaty. Two clauses added to the treaty, Article 5A and 5B, address some cyber security concerns. Titled “Security and robustness of networks”, Article 5A urges countries to “individually and collectively endeavour to ensure the security and robustness of international telecommunication networks”. Article 5B talks about keeping tabs on spam.
Prasanth Sugathan, senior advocate with Software Freedom Law Centre, an international network of lawyers, says while he would have preferred that the two clauses were kept out of the new treaty, they do not seem harmful. “They are a much toned down version of what Arab states and Russia had suggested,” he says.
This is one reason India, Brazil and other democracies from the developing world also want a change in ITRs. They want the Internet behemoths to pay for access to their markets so that such revenues can be used to build their own Internet infrastructure.
In the furious debate on keeping the Net free of international control even hawk-eyed civil society organisations prefer to ignore the monetary aspects of Net control. Some analysts believe that maintaining the status quo is not so much about protecting the values of the Internet as about safeguarding interests, both monetary and hegemonistic. Such an assessment may not be wide of the mark if one joins the dots. Google, says a Bloomberg report of December 10, “avoided about $2 billion in worldwide income taxes in 2011 by shifting $9.8 billion in revenues into a Bermuda shell company, almost double the total from three years before”. It also said that the French, Italian, British and Australian governments are probing Google’s tax avoidance in its borderless operations.
What is clear, however, is that a number of countries for reasons springing from different motivations, appear determined to undermine America’s control of the outfits that now define how the Internet works. Although the US maintains that ICANN (Internet Corporation for Assigned Names and Numbers) is a private, non-profit corporation, it is overseen by the US Commerce Department. According to People’s Daily, what the US spouts about Net freedom is so much humbug. In an August 2012 report, the leading Chinese daily claimed the US “controls and owns all cyberspaces in the world, and other countries can only lease Internet addresses and domain names from the US, leading to American hegemonic monopoly over the world’s Internet”.
It also highlighted a fact that has slipped below the radar. During the Iraq invasion, the US government asked ICANN to terminate services to Iraq’s top-level domain name “.iq” and thereafter all websites with the domain name “.iq” disappeared overnight. It charges the US with having “taken advantage of its control over the Internet to launch an invisible war against disobedient countries and to intimidate and threaten other countries”.
While this may be true, the irony is that China, with its great firewall of censorship, is in no shape to position itself as a champion of freedom. Like other authoritarian countries, it will do everything to police the Net and control it.
The right of countries and peoples to access the Net was highlighted in Dubai when some African countries raised the issue of US control of the global Internet. Some of these, such as Sudan, have long been complaining about Washington’s sanctions that entail denial of Internet services. ITU officials point out that Resolution 69, first passed in the 2008 meeting, invoked again in 2010 and dusted off once again for the WCIT negotiations, invoked “human rights” to argue for “non-discriminatory access to modern telecom/ ICT facilities, services and applications”. Says Paul Conneally, head of Communications & Partnership Promotion at ITU, “The real target of these resolutions are US sanctions imposed on nations that are deemed bad actors. These sanctions mean that people in those countries—not just the government, mind you, but everyone, innocent and guilty alike—are denied access to Internet services such as Google, Sourceforge, domain name registrars such as GoDaddy, software and services from Oracle, Windows Live Messenger, etc.”
The catalogue of Sudan’s complaints shows at least 27 instances in 2012 when companies from Google to Microsoft and Paypal to Oracle cut off their services to the African country. This might explain why major companies would be opposed to the resolution on a right to access Internet services. Such a right would allow countries to use ITRs to compel them to provide services they might otherwise have preferred not to. But so far all such sanctions appear to have been a decision of the US Administration.
The problem of the digital divide, in fact, did not get the headlines it should have. Africa accounts for just 7 per cent of the 2.4 billion people who use the Net worldwide and penetration in the region is just 15.6 per cent of the population. Compare this with North America where over 78 per cent are linked to the digital world and Touré’s logic about the ITU’s mandate appears reasonable.
|When Apple censors the drone war
The App Store rejected the product, calling it “objectionable and crude”. Drones+ (see photo) is an application that simply adds a location to a map every time a drone strike is reported in the media and added to a database maintained by the UK’s Bureau of Investigative Journalism. Josh Begley, a graduate student at New York University, who developed the app, says it shows no visuals of war or classified information.
All it does is to keep its users informed about when and where drone attacks are taking place in Pakistan and Afghanistan. “This is behavior I would expect of a company in a repressive country like China, not an iconic American company in the heart of Silicon Valley,” says a petition to the company CEO. Did Apple’s censorship have anything to do with the fact that it received huge contracts from the Pentagon? US legislators have joined the protests against Apple.
The most brazen act of corporate censorship occurred in August 2012 with NASA’s livestream coverage of the Curiosity rover’s landing on Mars in the space agency’s $2.5 billion mission. A news agency, Scripps, coolly claimed as its own the public domain video posted on NASA’s official YouTube channel that documented the epic landing (see our opening visuals). “This video contains content from Scripps Local News, who has blocked it on copyright grounds. Sorry about that,” said a message on NASA’s blackened screen. So much for the strict US laws aimed at curbing online piracy!
Touré noted that the revised ITRs would see greater transparency in global roaming charges, lead to “more investment in broadband infrastructure” and help those with disabilities. But he was hopeful that the new treaty signed in Dubai would make it possible for the 4.5 billion people still offline to be connected. “When all these people come online, we hope they will have enough infrastructure and connectivity so that traffic will continue to flow freely,” Touré said.
But should ITU govern the Net? Not in its entirety, according to experts. For one, ITU until the Dubai meeting was far from being transparent and does not allow participation of civil society or other stakeholders in its negotiations unless they are part of the official delegation of the member-states. In fact, even critics of the current system, who think the system is lopsided and hypocritical, believe ITU needs to reform itself and confine to the carrier/infrastructure layer of the Internet. Nor should it get into laying down standards which is done by Internet Engineering Task Force (IETF) and the naming and numbering that is managed by ICANN.
But Conneally counters this by asking what would happen if the US decided to deny domain name root zone to Iran because of its bad human rights record. “Suppose it ordered Verisign to remove .IR from the DNS root and make it non-functional. Would we want ICANN/the Internet governance regime to be used as a political/strategic tool to reform Iran? What happens to global interoperability when the core infrastructure gets used in that way?”
Who then should ensure that the Internet is run in a free and open manner? Should it be the Internet Governance Forum (IGF)? But IGF is to be an open consultative forum that cannot by itself govern. It brings in participation for any or all Internet-related policy processes but it by itself was never supposed to do policy or governance.
Parminder Jeet Singh, executive director of ItforChange, says whoever governs is the government for that purpose. “This truism is significant in the present context, because there is an attempt by those who really control/ govern the Internet at present, largely through illegitimate and often surreptitious ways, to confuse issues around Internet governance in all ways possible, including through abuse of established language and political principles and concepts.”
ITforChange is a Bengaluru institution working on information society theory and practice, especially from the standpoint of equity, social justice and gender equality, and it is that perspective which informs Singh’s suggestions. “What we need are safeguards as, for instance, with media regulation. The Internet, of course, is much more than media. It is today one of the most important factors that can and will influence distribution of economic, social and political power. Without regulation it will always be that those who currently dominate it will take away the biggest pie.”
Other critics of the current system concede that bringing governments on board, especially authoritarian and statist powers which the digital world threatens, would give them perverse incentives to control it. But this threat should be met not by insisting that the Internet needs no governance or regulation, but by safeguards that ensure equitable access and benefits, Singh stresses.
While the jury is out on the question whether the new ITRs will make any material difference to the way, and if at all, the Net will come under added government oversight and intervention, developments elsewhere show that ITU is not the main threat to digital freedom.
The irony is that while cyber security is contentious in ITU, other international organisations, such as the UN Office on Drugs and Crime (UNODC) and a clutch of influential telecom industry associations, are pushing for surveillance programmes that ensure policing of a high order with sophisticated infrastructure to monitor online communications. A host of countries already have such systems in place and are pressuring countries like India to fall in line.
A UNODC report, titled ‘The use of the Internet for terrorist purposes’, has detailed how countries can and should use new technology for online surveillance—all in the name of anti-terrorism. The report discusses sensitive issues such as blocking websites and using spyware to bypass encryption and also urges countries to cooperate on an agreed framework for data retention.
At the same time, powerful industry bodies, such as ATIS (Alliance for Telecommunications Industry Solutions) and the European Telecommunications Standards Institute (ETSI), are reported to be working with government and law enforcement agencies to integrate surveillance capabilities into communications infrastructure, according to Future Tense, a project which looks at emerging technologies and how these affect society, policy and culture. It says India is under pressure from another industry organisation, the Telecommunications Industry Association (TIA), “to adopt global standards for surveillance”, calling on the country’s government to create a “centralized monitoring system” and “install state-of-the-art legal intercept equipment”.
TIA is a Washington-based trade group which brings together companies such as Nokia, Siemens Networks and Verizon Wireless, and is focused on issues related to electronic surveillance and is developing standards for intercepting VOIP and data retention alongside with ETSI and ATIS. At least seven Indian companies are members of ETSI, which is said to hold international meetings on data interception thrice a year.
Add to this chilling list the International Chamber of Commerce. It is reported to be seeking the establishment of surveillance centre hubs of several countries to help governments intercept communications and obtain data that is stored in cloud servers in foreign jurisdictions. Given this backdrop why are the US and its cohorts creating a ruckus on ITRs?
It would also mean that by focusing on ITRs and ITU as a major threat to Internet freedom civil society may be jousting at windmills.
A year on, tangible impact has not been much. The number of accused in the civil case has come down to seven web agencies and in the criminal case the government is yet to issue summons to the companies concerned (see ‘The case so far’). However, these litigations are seen as landmarks in the recent history of the Internet and its interaction with societies and governments. The cases—especially off-the-record comments by the judiciary suggesting blanket ban and pre-screening of all content—provoked a debate on the freedom of expression and Indian cyber laws.
Malicious content exists on the web and may even need to be taken down, but the laws used to remove malicious content can also be used to curb political speech, thus, infringing on the right to freedom of expression, says Prasanth Sugathan, senior advocate with Software Freedom Law Centre, an international network of lawyers.
Some like Pranesh Prakash of non-profit Centre for Internet and Society believe the IT Rules are at odds with the IT Act and give powers for censorship. He explains that the IT Act, 2000, provides for protection of intermediaries; web browsers, social networking sites and websites cannot be held responsible for what a third party publishes on their forums—“similar to the way in which we cannot sue a telephone agency or a post office for someone else making use of these platforms to harass or defame another person”. But the IT rules of 2011 watered down this protection.
Supreme Court advocate and cyber law expert Pavan Duggal explains how. The Act states once a complaint is made against certain content, the web agency hosting it must notify the person who put up the content, verify the content and judge whether it needs to be removed. But the rules state that once the web agency is notified it must remove the content within 36 hours or it could be prosecuted for not acting on the complaint. The rules have gone beyond the Act’s scope, especially vis-a-vis privacy and data protection, leaving no scope for hearing out the accused, he says.
The disjunct between the Act and the rules is being contested in various spheres, including Parliament. But there is a bright side too. Duggal believes the cases have brought pertinent issues, like free speech and privacy concerns, into the public domain. Ramanjeet Chima, policy adviser for Google, says freedom of expression is paramount for Google but the recognition of local sentiments is also being given equal weightage.
Senior advocate Sidharth Luthra, who was representing Facebook in the Delhi High Court, wonders whether the existing Indian laws are in tune with the ever-changing online world. Unwilling to comment on the case, he says the law is limited in its scope, while technology is not. Refusing to comment on the cases, the Google adviser emphasised the need to use the existing provisions of big web agencies to address grievances regarding content.
The Internet “is not the wild wild west”; all content, users and viewers can be traced, Duggal cautions. Since the Internet can impact political issues government is increasingly looking for ways to control it. “There is no ideal solution but it is evident that some monitoring and regulation are required, and in all parts of the world all regimes are in the process of addressing this,” he says.
The Internet, it is believed, is vital to democracy, a channel that makes possible a continuous worldwide conversation. Its a veritable global commons where everyone is allowed access. It's the lifeline for brick-and-mortar companies and media outlets. Here writers find an audience, its a channel for music and film buffs, an emporium for photographers and artists. Here critics express their distaste or fondness, and friends separated by continents catch up on gossip. But in recent times, governments, corporations and some of the Net's most successful inhabitants are chipping away at features which made the Net an harbinger of creativity. In India, for instance, there has been a clampdown on some downloading and file sharing sites. Down To Earth invites Net buffs to respond.