25 Oct 13 | Asia and Pacific, Digital Freedom, India, News and features
Just days before the United Nation’s led Internet Governance Forum in Indonesia, India, held its own – and first of its kind – conference on cyber governance and cyber security.
With the support of the National Security Council Secretariat of the Government of India, the two-day conference was organized by private think-tank Observer Research Foundation and industry body, Federation of Indian Chambers of Commerce and Industry, (FICCI). Speakers were from a host of countries including Estonia, Germany, Belgium, Australia, Russia, Israel, and of course, India.
It was ironic, that in a post-Snowden world, buried under allegations of the extent of the NSA’s spying, US officials were unable to attend the conference due to their government’s shutdown. Instead, other views took center stage, and India also visibly demonstrated the various positions its stakeholders take around the questions of governance and security.
Right at the kickoff, India’s Minister for Communications and Technology, Kapil Sibal, challenged the question of sovereignty and jurisdiction in cyberspace. “If there is a cyber space violation and the subject matter is India because it impacts India, then India should have jurisdiction. For example, if I have an embassy in New York, then anything that happens in that embassy is Indian territory and there applies Indian Law.”
India has, over the last few years, flirted with the idea of an UN-lead internet governance structure, and subsequently backed away from it. Minister Sibal said that India believes in “complete freedom of the internet”, however, at the same time needs to acknowledge that along with cyber freedoms come cyber gangsters, and the state and its citizens need to be protected from them.
India, with its 860 million mobile subscriptions (although, the numbers of users would be lower than this figure) is looking more and more to the internet as a delivery platform of socio-economic programs and a tool to boost the economy. That the internet can raise GDP by 10% is a much favored figure for those who promote the internet for economic reasons. The fact is that as the remaining unconnected population of India begins to acquire net connections through desktops and smart phones, the government is increasingly looking at security and surveillance over the internet as a necessary and inevitable route. This also means that the government needs to rely on industry to help them with this gigantic task.
The possible synergy between businesses and government in India was a central theme for discussion; as industry bodies asked the government to invest in training more cyber security specialists and also start moving towards uniform security standards and protocols. In fact, Indian industry most certainly wants to be relived of the financial burden of training personnel, and to an extent, investment in security R&D, and is keen to partner with the government to achieve both ends. Indian industry is often in the news because it appears almost universally under prepared for cyber attacks, both from within the country and externally. Suggestions of a government-led cyber awareness program were made as well, with calls to allocate funds for these exercises in the budget.
However, as has been the case in India, the real source of friction still lies between civil society and the government over the question of surveillance and monitoring. In a session entitled ‘Privacy and National Security’; perhaps the only India-centric panel of the entire conference, the debate became overheated. The panel consisted of a senior police officer involved in surveillance, India’s director-general of CERT (Computer Emergency Response Team), a representative from the mobile industry and a privacy expert. The government official was pushed by civil society members and journalists to explain the workings of the Central Monitoring System, still very opaque to the public, and later the official definition of privacy. He did neither. Unsurprisingly, India is yet to really define what privacy is, leading to simultaneous furor in the room and twitter (#cyfy13) about why this hasn’t been done as yet.
The sense in the room was that surveillance, while necessary to protect citizens, is only really effective when it is conducted in a targeted manner. Mass surveillance leads to self-censorship and is, in the end, counter productive. The other bone of contention was the question of identity, with the government making arguments that verifiable cyber identity is a possible solution to cyber crime. However, other participants found the issue troubling, as anonymity is necessary for a number of reasons, including as we have seen around the world, political dissent.
Finally, panelists discussed how best to inculcate a multistakeholder approach when legislating the internet. It was pointed out more than once that the internet was a product of private enterprise, made on open standards and principles, but now governments are attempting to control this resource. However, while public calls for multistakeholderism were made for many reasons; human rights, protection of privacy and even to benefit business in the long run (as they would not risk being caught up in lengthy court cases in the future if they took civil society on board from the start), there was still an elephant in the room. Offline, many official participants wondered why Chatham House Rules were not observed, or why there were no closed-door meetings only for government officials. It was clear that much of the weighty – and honest – discussions still don’t involve the public. Perhaps not where the question of governance is, but certainly when the question of security is.
Ultimately, there are two broad outcomes of this conference. The first is that India has indicated its willingness to start shouldering discussions to do with the global cyberspace. The other is, as India’s National Security Advisor put it, — ““India has a national cybersecurity policy not a national cybersecurity strategy.” This is certainly a start to building a consensus for that strategy.
This article was posted at indexoncensorship.org on 25 Oct 2013.
18 Oct 13 | Bulgaria, Digital Freedom, Germany, News and features, United States
On 30 September, Bulgarian-German author Ilija Trojanow was travelling from Brazil to the US for a conference on German literature. That was his plan, anyway. At the airport in Salvador da Bahia, he was told his entry to the US had been denied. No explanation was provided then, and none has been provided since.
Trojanow is one of the main forces behind a 74,000 strong and growing petition against mass surveillance. Initiated and signed by some Germany’s biggest writers, the petition argues the government is bound by the constitution to protect its citizens against foreign spying.
His experience in Brazil exploded in the German media, but Trojanow seems more bemused than anything else.
“It wasn’t bad enough that governments are spying on everybody!” he says with a laugh. “What this shows is that general attacks on everybody and not individual victims, are too abstract. An individual case, even if it’s a minor one, can get more attention.”
While the incident did create more discussion around mass surveillance and caused a spike in the number of signatures, there is no doubt the petition already had widespread support. The issue of mass surveillance seems to have struck a particular chord in Germany. Trojanow believes this is due to their history.
“East Germany more than any other country in the former Soviet block has discussed its secret service files. It has been a dominant issue in the media. The archives are easy to access. Germans know how horrendous it is when the secret service is not under real control.”
He also thinks the famous German efficiency shines through even in this case. Many felt that something needed to be done about the mass surveillance, and when Germans set out to do something, they do it properly.
“It is quite ironic,” he adds: “Germans had democracy beaten into them. They were educated in democracy by the US and the UK. It seems they were good students!”
Trojanov himself has long been interested in the issue of state surveillance, with his 2009 book “Freedom Under Attack”, for instance, becoming a bestseller in Germany. For him, the issue carries a more personal dimension. Growing up in a Bulgaria, parts of his family were engaged in the struggle against the communist authorities.
“I am in the situation now where I am able to read transcripts of what adults in my family were saying, as our apartment was bugged.”
“What you realise is that when you have the attention of the secret service pointed at you, whatever you do is in some way proof of guilt. Even completely innocent things become potentially implicating.”
The petition was formally presented to the German government on 18 September, back when when it had 63,000 signatures. A month and ten thousand additional names later, they have still have yet to receive any sort of official reply. Still open, Trojanow and his compatriots now plan to take it global. As he says, mass surveillance is a worldwide challenge and cannot be tackled simply by and within one nation.
“I don’t understand why we wait until situation is completely unbearable. You start safeguarding your freedoms when they are attacked on the edges.”
This article was originally posted on 18 Oct 2013 at indexoncensorship.org
24 Sep 13 | Campaigns, Events, United Kingdom
The possible consequences of using social media should be taught to children as young as 10, although who should be responsible for doing so is still unclear. This was one conclusion from “Speak now: Regret Later?”, a Social Media Week event where as a specialist panel discussed how young people represent themselves online and what implications this may have on their future employability options.
A collaboration between Index on Censorship, The Student Journals and Youth Media Agency, the discussion was chaired by Index CEO Kirsty Hughes, with Asa Bennett, Huffington Post business reporter, Maya Wolfe-Robinson, commissioning editor on Guardian law and Comment is Free, and Siraj Datoo, co-founder of The Student Journals, making up the panel.
The majority of the audience who engaged in the discussion, all under the age of 25, felt they had evolved with the changes in social media and adapted their privacy settings and self-censored accordingly. This quickly lead the debate on the floor to progress to the question of the next generation of social media users; how should they be taught about the possible implications of what they post online and whose responsibility it should be to do this.
“Older people need to have an understanding of social media so that they can properly teach young people how to use it effectively,” commented Datoo, who admitted his own father had a Facebook account but no idea how to use it. He urged that it should be a collective engagement by all of those in contact with children to make them aware of the possible risks they take in using social media.
However, a comment from the floor argued that it should be the responsibility of parents – those buying their children the tablets, laptops and mobile phones on which they have access to social media – to educate them on how they could jeopardise future employment possibilities from what they share online.
One observation made was greeted with nods from around the room; how to use social media safely and without repercussions should be taught alongside sexual education in primary schools. Despite Facebook setting a minimum age of 13, a report by the London School of Economics found that almost half of all British children aged 9 to 12 are using social media networking sites. Many of these users do not take on board that the internet lasts forever- even some of the audience themselves were shocked to hear that Facebook and Snapchat, an app used to send images that supposedly dissolve from the screen after a set time, own and keep all photos posted or sent by their users.
“My heart bleeds for this generation growing up with their baby photos being posted online by their parents; they are born digital and the rest of their lives will be documented across social media,” said Wolfe-Robinson, with agreement from the panel that employers should take this into account in the future. “I fully support the idea for a right to be forgotten, for us not to be judged on comments we made in our youth, but I understand this is probably an unrealistic expectation.”
12 Aug 13 | Digital Freedom, India, News and features
The New Delhi High Court has given Facebook and Google one month to submit suggestions on how minors can be protected online in India.
This move is in response to a Public Interest Litigation (PIL) filed by KN Govinacharya, a senior member of the right wing political party, the Rashtriya Swayamsevak Sangh.
The PIL seeks to protect citizens of India from cyber crimes, which according to the government, has cost the exchequer $4 billion last year. Some of the highlights include the PIL pointing out that despite guidelines given by the government for companies to follow the KYC normal (“know your customer”), social networking companies do not follow them. The PIL believes that Facebook is not verifying its users, and instead allowing minors to set up accounts because it uses them for marketing, advertising, and data mining purposes.
Under Indian law, children under 13 are incompetent to enter into any legal contract, yet it states that Facebook allows children to sign into its website unverified because it seeks to make revenue from them through online gaming – and this is a direct reference to a contract between Facebook and Zynga to provide gaming applications to kids that accounts for 12.5% of Facebook revenue. The PIL stipulates that through incessant data mining through the unauthorized use of emails, photographs, passwords, chats, and so on, Facebook is infringing on the right to privacy of the Indian subscriber.
The bench of the Delhi High Court took the PIL seriously in light of the allegation that minors are entering into social media networking sites and are then being lured into illegal activities, either knowingly or unknowingly. According to reports the court’s direction came after counsel for Facebook 
submitted that the site operated under the US law Children’s Online Privacy Protection Act (COPPA) as per which a child below 13 is not allowed to open an account. The Court expressed unhappiness that there is no mechanism that currently exists to verify the age of a child online, and that while children were protected in the US, what of the children in India.
Facebook filed a counter-affidavit to the PIL and argued that limiting social media can limit an individual’s freedom of speech and expression. Drawing on the UN Human Rights Council’s resolution that internet is a human right, Facebook has argued that the “internet is increasingly becoming a platform for citizens including minors to interact and voice their opinions and, therefore, a meaningful interpretation of the right to freedom of speech and expression would include the freedom to access social media.”
However, cyber lawyer Pavan Duggal points out that despite the freedom of expression argument, “the issue still remains that a minor doesn’t have the capacity to act under the Contract Act.” Others have pointed out that users enter into agreements with Facebook and social networking sites, not contracts. Further, law professor Saurav Datta feels that the PIL’s suggestion that all users be verified itself impinges on their privacy, and that it, “the goal of the PIL is wrong. We need to protect children, not keep people out.”
Moving ahead, it remains to be seen what social networking sites can suggest for protecting minors online. At the same time, it seems educating minors about the dangers of the internet is a good way forward as well. Facebook has joined the Internet and Mobile Association of India to bring an Internet Safety Education programme for children between the ages of 13-17. Even though this was not designed as a response to the PIL, it certainly seems a step in the right direction, regardless of the Court’s decision.
