Apply now for the 2018 Youth@IGF program fellowship

The Internet Society is now accepting applications for the  Youth fellowships to the IGF:

Internet governance topics
Internet Governance issues : Everything concerns you.

The Internet Governance Forum (IGF) takes place in a different country every year at the UN premises. Participants include leaders from Government, Business, Civil Society, Academic Community and the Internet Community from around the world. At the IGF, all participants are seated on the level in the multi-stakeholder model.

As a youth participant, you will have good opportunities to share your views on how important Internet is for you, on how you feel about the Internet, its freedom, about restrictions, if any, on the use of the Internet at your work or at school, and about the cost and quality of Internet bandwidth available to you.  You could share your thoughts on how secure you feel on the Internet or about your concerns if any on what appears to be Internet surveillance on you.  Or about your privacy needs.

This year, the IGF will take place in Paris, France. The Internet Society offers two different Youth fellowships to travel to Paris to attend the IGF, which covers travel, accommodation in a comfortable hotel and all expenses, including visa fees.

If you spend a lot of time on the Internet, and if you care about the Governance of the Internet, you are free to participate as a young person, without any specific policy expertise or technical expertise. Your participation would directly add value to the work of the Internet Governance Forum and would help preserve the Internet as a Free, Open and Global Internet, without any changes to the way it works.

There are 2 good news from ISOC Fellowship programme to 13th IGF
  1. Youth@IGF for 18 to 25 years old young people to apply. Link: https://www.internetsociety.org/youth/youth-igf-programme/
  2. IGF Ambassador Programme for 20s to 40 years old people to apply. Link :https://www.internetsociety.org/leadership/igf-ambassadors/

The Internet Society is now accepting submissions. If you have any questions, please contact isocindiachennai (at) Gmail (dot) com.

Thousands of companies spy on you

Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. He is the author of 13 books–including Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World–as well as hundreds of articles, essays, and academic papers. His influential newsletter “Crypto-Gram” and his blog “Schneier on Security” are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier FoundationAccessNow, and the Tor Project; an Advisory Board Member of the Electronic Privacy Information Center and VerifiedVoting.org; and a special advisor to IBM Security and the Chief Technology Officer at IBM Resilient.

Schneier says “Thousands of companies are spying on you” in his CNN Opinion. Some excerpts:

… while Facebook is one of the biggest players in this space, there are thousands of other companies that spy on and manipulate us for profit…It has existed in secret far too long, and it’s up to lawmakers to force these companies into the public spotlight, where we can all decide if this is how we want society to operate and — if not — what to do about it.

There are 2,500 to 4,000 data brokers in the United States whose business is buying and selling our personal data. [and a thousand in India, thousands in Europe and so on???]

…Smart phone is probably the most intimate surveillance device ever invented. It tracks our location continuously, so it knows where we live, where we work, and where we spend our time. It’s the first and last thing we check in a day, so it knows when we wake up and when we go to sleep. We all have one, so it knows who we sleep with. Uber used just some of that information to detect one-night stands; your smartphone provider and any app you allow to collect location data knows a lot more…

…None of this is new…

Surveillance capitalism is deeply embedded in our increasingly computerized society, and if the extent of it came to light there would be broad demands for limits and regulation. But because this industry can largely operate in secret, only occasionally exposed after a data breach or investigative report, we remain mostly ignorant of its reach.

This might change soon

More here

Roundtable on (Cyber)Security for stakeholder inputs to GCCS2017

Roundtable on security
Internet Society India Chennai Roundtable for stakeholder inputs to cybersecurity policy

The Internet Society India Chennai  Round Table for Stakeholder inputs was held on the on October 22 at The Raj, Residency Towers, Chennai during 6-9 pm. This event on 22nd gains added importance as an event that was  organised as a Preparatory event to the Global Conference on Cyberspace to be held at New Delhi, as a High Level global diplomaticand policy event later this year.

The Round Table topic goes well beyond Internet Security, and broadly and loosely examined how Internet Security measures spill over to everyday life and how various security concerns, valid and real, sometimes translate into restrictions that alter the way we live our lives. The intention has been to see if diverse view points could contribute to Security design and help evolve good Security policies. The session was open for remote participation and recorded. The recording of the session is accessed from the link below:

Roundtable for stakeholder inputs to Cyber(Security)

This Roundtable event was in follow up an earlier Roundtable event during an ISOC Chennai DNSSEC/KSK rollover policy session at GRT Grand Hotel aur earlier event during June at Chennai. The Report on July 9, 2017.  A writeup based on the June event was sent to the Internet Governance Forum (IGF) Best Practices on Cybersecurity as inputs and attached below for context.

Reference Documents from the earlier (July9) event: (links below)

Internet Society India Chennai Response to the Questionairre from the IGF Best Practices Forum on Cyber Security

Report on Internet Society India Chennai Roundtable on the policy aspects of Cybersecurity:

Comments on the TRAI consultation Paper on Regulatory framework for Over the Top services

The Telecom Regulatory Authority of India has called for comments on its consultation paper on regulatory framework for Over the Top services, which is accessible at page http://trai.gov.in/WriteReaddata/ConsultationPaper/Document/OTT-CP-27032015.pdf

I have submitted the following comments:

Comments on the Consultation Paper on Regulatory frameworks for Over the Top Services

The Regulatory framework as proposed by the Telecom Regulatory Authority of India is an alarm. The Members of Parliament and the common man alike needs to be concerned about the implications of TRAI’s sphere or authority expanded to include the Internet which would interfere to alter the fundamental nature of the Internet:

  1. TRAI seeks to favor Telecom companies at the consumer’s expense by this proposal to alter the core architecture of the Internet, and the core values that make the Internet a free, open and universally accessible eco-system. Internet has transformed the way we do business, the way we all communicate and relate to each other – within and beyond borders. Internet has brought the world together by its end-to-end architecture without a centralized form of control. As an eco-system, it is far more advanced than Telegraphs and Telephones, mostly runs on a business model that is benevolent to all, treats all traffic from every person or organization, big or small, irrespective of nationality or ideology equally. With its architecture and its core values, Internet offers the common man’s greatest hope for freedom of expression and civil liberties and offers the greatest hope for participation in Democracy in its fullest form, minimize conflicts, bridge technological gaps as also bring in a certain degree of equity in the World economy. What TRAI proposes to do is to destroy the very foundations on which the Internet eco-system is built.
  2. The Telecom Authority wishes to bring the Internet as part of the Telecom Regulation. This would gradually bring in Telecom-like commercial model to the Internet for the benefit of the Telecom companies which would make the Internet very similar to the Cable TV in terms of the high price the consumer pays for access.
  3. These harmful commercial models would cause net neutrality to erode. Telecom companies would become gatekeepers of Internet Traffic, interfere in Network Traffic which has so far been free of centralized forms of control. Telecom companies would introduce fast-laning for paid traffic which would invariably lead to “throttling” of free traffic, and would lead to situations of extortionist pricing by Telecom companies. Internet would become far more expensive for the common man.
  4. This would invariably lead to an Internet of walled gardens wherein large Internet companies would contain their users within their sphere of services, making it difficult for users to access the major part of the Internet not offered as part of the services they are subscribed to.
  5. There are some security concerns about the way the Internet is abused by a certain section of users. Some of the security threats are real, but politicized by Governments to bring in an excessive framework of surveillance both for legitimate and excessively political reasons. The TRAI proposal would enhance the surveillance capabilities of Telecom Companies in the process of enabling Telecom companies to inspect Internet traffic in packets (Deep Packet Inspection) for commercial reasons. DPI could be the ulterior motive for Governments to favor telecom companies. TRAI’s proposal not only favors the Telecom companies, but unseen, makes it easy for the Law and Order Agencies to legally or otherwise monitor on the common man’s Internet usage.
  6. Regulators dislike the end to end architecture of the Internet with no centralized form of control and wish to alter the architecture in the guise of making the Internet more secure. There have been similar harmful proposals to regulate the Internet in various countries, voted out by public opposition, but these very proposals come back around sometime later by a different name in a different place. The TRAI proposal wraps up elements of such regulatory moves already voted out in other countries. Moreover, in India, Airtel proposed to charge differential rates for different types of traffic, which were withdrawn by overwhelming public opposition. This was a move by a Telecom company that merited TRAI to intervene against the proposal, but it wasn’t TRAI that stopped it. Instead, TRAI brings it back, this time seeking to enable this by Government directive. TRAI’s consultation paper reads like a business case for the Telecom companies printed on Government paper. Rather than look into the regulatory issues concerning how Telcom companies operate, the Regulatory Authority pleads their business case with total disregard to the fact that the Internet has actually brought in newer opportunities for the Telecom companies to enhance their revenues, and these companies are already profitable on the existing Data pricing models. TRAI’s paper misleads the policy makers and common man with the spurious argument that extortive pricing models are necessary to keep telecommunications companies in business. “The worst thing policy makers could do to the Internet would be to allow telecom companies to mess with the Internet.” TRAI appears to argue that the Telecom companies have a right to impose a fanciful pricing model. The paper is partial on Internet companies and misguides the reader with the notion that large Internet companies such as Google and Facebook are profitable at the expense of the cable and phone companies. The Telecom companies do not incur loss on account of OTT traffic, the truth is that the OTT services have opened up the opportunity for Telecom Companies to sell Data plans that have enhanced their revenues. As Deepak Shenoy argues “Data is in fact driving their revenues up, far more than anything else” http://capitalmind.in/2015/04/telecom-companies-are-not-losing-money-to-data-services-the-net-neutrality-debate/ )

Rather than expand its sphere of reach to Internet which requires a completely different thinking, TRAI could focus on the gaps in Telecom regulation:

A. Telecom regulations, even within the Telecom sphere, have restrained consumer experience. For example, sometime ago, TRAI restrained Telecom companies from having peering arrangements among themselves for switching 3G traffic. This affected seamless connectivity for customers on the move.

B. If TRAI is concerned about the cost of communication services to customers, it could work to recommend to the Government to free the Wireless spectrum. After the recent spectrum controversy on spectrum mismanagement and loss of revenues, the Government wanted to be seen being correct, so made the wireless spectrum pricey by auction. The revenues so determined, would serve to increase the cost of communication services to customers. TRAI could recommend that this money is not collected or returned if already collected.

C. TRAI has not looked in the practices of Telecom companies concerning the bandwidth they offer to consumers in India which averages 1 Mbps of nominal connectivity, actually amounting to 256 Kbps of average connectivity which on the mobile phone streams at less than 56 kbps on 3G most of the time in most locations. This is way below the standards of a hundred other countries around the world, while the price charged per connection is almost on par with the rest of the world, TRAI could look into this.

D. One of the reasons why Telecom companies find it relatively less profitable to operate is that even the largest of the Telecom Companies have outsourced Network Management to overseas Telecom / Technology companies. TRAI could assist the Telecom companies in building up the required technical capabilities to manage Networks on their own.

E. International Mobile roaming pricing, both for Voice and Data, by Indian telecom companies is prohibitively expensive are extortionistic. TRAI could look into the reasons and assist the Telecom companies in rationalizing the pricing plans for International roaming.

F. TRAI could look for solutions for 100% connectivity across India with receptiveness.

Sivasubramanian M
President
Internet Society India Chennai
http://isocindiachennai.org
http://twitter.com/shivaindia
6.Internet@gmail.com

A document from 39 years ago: Western Concern for Privacy in the age of Computers

Common Concerns

[ This was in 1973, 39 years ago, when “when computers ran on steam and the internet was still largely mechanical”. I was led to this document from a message posted by Karl Auerbach in the At Large mailing list today ]

Most of the advanced industrial nations of Western Europe and North America share concerns about the social impact of computer-based personal data systems. Although there are minor differences in the focus and intensity of their concerns, it is clear that there is nothing peculiarly American about the feeling that the struggle of individual versus computer is a fixed feature of modern life. The discussions that have taken place in most of the industrial nations revolve around themes that are familiar to American students of the problem: loss of individuality, loss of control over information, the possibility of linking data banks to create dossiers, rigid decision making by powerful, centralized bureaucracies. Even though there is little evidence that any of these adverse social effects of computer-based record keeping have occurred on a noticeable scale, they have been discussed seriously since the late sixties, and the discussions have prompted official action by many governments as well as by international organizations.

western concern for privacy in the 70sConcern about the effects of computer-based record keeping on personal privacy appears to be related to some common characteristics of life in industrialized societies. In the first place, industrial societies are urban societies. The social milieu of the village that allowed for the exchange of personal information through face-to-face relationships has been replaced by the comparative impersonality of urban living. …

Concern about the effects of computer-based record keeping appears to have deep roots in the public opinion of each country, deeper roots than could exist if the issues were manufactured and merchandised by a coterie of specialists, or reflected only the views of a self-sustaining group of professional Cassandras. The fragility of computer-based systems may account for some of the concern… There are few computer systems designed to deal with the disruption that deliberately lost or mutilated punched cards in a billing system-to give a simple example-would cause. Thus, the very vulnerability of automated personal data systems, systems without which no modern society could function, may make careful attention to the human element transcend national boundaries.

The Response in Individual Nations

WEST GERMANY

On October 7, 1970, the West German State of Hesse adopted the world’s first legislative act directed specifically toward regulating automated data processing. This “Data Protection Act” applies to the official files of the government of Hesse; wholly private files are specifically exempted from control. The Act established a Data Protection Commissioner under the authority of the State parliament whose duty it is to assure that the State’s files are obtained, transmitted, and stored in such a way that they cannot be altered, examined, or destroyed by unauthorized persons…

Thus, the Data Protection Act of Hesse seems designed more to protect the integrity of State data and State government than to protect the interests of the people of the State…

SWEDEN

When strong opposition to the 1969 census erupted in Sweden, public mistrust centered not so much on the familiar features of the census itself as on the fact that, for the first time, much of the data gathering would be done in a form specifically designed to facilitate automated data processing. Impressed by the possibility that opposition might be so severe as to invalidate the entire census, the government added the task of studying the problems of computerized record keeping to the work of an official commission already studying policies with respect to the confidentiality of official records.

After a notably thorough survey of personal data holdings in both public and private systems, the commission issued a report containing draft legislation for a comprehensive statute for the regulation of computer-based personal data systems in Sweden.2 The aim of the act is specifically the protection of personal privacy. Its key provisions are these:

  • Establishment of an independent “Data Inspectorate,” charged with the responsibility for executing and enforcing the provisions of the Data Law.
  • No automated data system containing personal data may be set up without a license from the Data Inspectorate.
  • Data subjects have the right to be informed about all uses made of the data about them, and no new use of the data may be made without the consent of the subject.
  • Data subjects have the right of access without charge to all data about them, and if the data are found to be incorrect, incomplete, or otherwise faulty, they must either be corrected to the subject’s satisfaction, or a statement of rebuttal from the subject must be filed along with the data.
  • The Data Inspectorate will act as ombudsman in all matters regarding automated personal data systems.

The Data Law has been passed by the Swedish Parliament and will become effective on July 1, 1973. A transition period of one year will be allowed to implement all the provisions of the law.

FRANCE

Article 9 of the French Civil Code states plainly, “Everyone has the right to have his private life respected. 3 As legal scholars in all countries have noted, however, it is very difficult to define the precise limits of privacy in every case that comes before a court, and in spite of such explicit protection, the privacy of the French, both inside and outside of automated personal data systems, seems in practice no better defended than that of most other people…

One other development on the French scene deserves mention. The 1972 annual report of the Supreme Court of Appeals went considerably out of its way, after reviewing a case of literary invasion of privacy, to comment on the subject of computers and privacy:

… The progress of automation burdens society in each country with the menace of a computer which would centralize the information that each individual is obliged to furnish in the course of his life to the civil authorities, to his employer, his banker, his insurance company, to Internal Revenue, to Social Security, to the census, to university administrations, and, in addition, the data, correct or not, which is received about him by the various services of the police. When one thinks about the uses that might be made of that mass of data by the public powers, of the indiscretions of which that data might be the origin, and of the errors of which the subjects might be the victims, one becomes aware that there lies a very important problem, not only for the private life of everyone, but even for his very liberty.

It appears to us that this eventuality, an extremely probable one, ought to be made the object of consideration of the public power, . . .and that this consideration should take its place among the measures of precaution and of safeguard which should not lack for attention.7

To sum up, the situation in France is complex. The subject of computers and privacy has been given serious attention by a relatively small group of experts, but that group has an influence in government far out of proportion to its numbers. The attitude of the present government is strongly colored by another aspect of the privacy problem: It has been caught in a wiretap scandal, and its defensiveness in that regard appears to be influencing its actions on the computer front. The official report of the present working group is due before the end of 1973, but it does not seem realistic to expect that there will be any definitive action in France before, perhaps, mid-1974.

GREAT BRITAIN

Britain is unique among the countries reviewed in having recently completed a thorough study of the entire subject of privacy.8 Although the committee in charge of the study, the Younger Committee, was restricted in its terms of reference to private, rather than public, organizations that might threaten privacy, the committee’s report is a model of clarity and concern. In brief, the Committee found that both the customs of society and the Common law had evolved defenses against the traditional intrusions of nosey neighbors, unwelcome visitors, door-to-door salesmen, and the like. Against the new threats of technological intrusions-wiretaps, surveillance cameras, and, of course, computerized data banks-the Committee recognized that the traditional defenses are inadequate. To help deal with the threat of the computer, the Committee recommended specific safeguards to be applied to automated personal data systems, although it left the method of application up to the government to decide. The main features of the safeguards are:

  1. Information should be regarded as held for a specific purpose and not to be used, without appropriate authorization, for other purposes
  2. Access to information should be confined to those authorized to have it for the purpose for which it was supplied.
  3. The amount of information collected and held should be the minimum necessary for the achievement of the specified purpose.
  4. In computerized systems handling information for statistical purposes, adequate provision should be made in their design and programs for separating identities from the rest of the data.
  5. There should be arrangements whereby the subject could be told about the information held concerning him.
  6. The level of security to be achieved by a system should be specified in advance by the user and should include precautions against the deliberate abuse or misuse of information.
  7. A monitoring system should be provided to facilitate the detection of any violation of the security system.
  8. In the design of information systems, periods should be specified beyond which the information should not be retained.
  9. Data held should be accurate. There should be machinery for the correction of inaccuracy and the updating of information.
  10. Care should betaken in coding value judgments.9

CANADA

In its report, published in late 1972,11 the Canadian Task Force concluded that computer invasion of privacy is still far short of posing a social crisis. However, the rapidly rising volume of computerized personal data and the equally rapidly rising public expectation of a right to deeper and more secure privacy threaten to converge at the crisis level. To forestall that crisis, the Task Force recommends that a commissioner or ombudsman be established in a suitable administrative setting, that carefully prepared test cases on cogent issues be brought before the courts, and that the operation of government data systems be made to serve as a national model.

from http://aspe.hhs.gov/datacncl/1973privacy/appenb.htm