<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-forward-container"><br>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<br>
From the Indian Express, of yesterday..... The author recently
retired as India's Permanent Representative to the UN. <br>
<br>
<div class="gmail_quote"><br>
<br>
<br>
<div>
<div style="font-family:Times;font-size:medium">
<h1 style="margin:0px;padding:5px
0px;border-top-width:8px;border-top-style:solid;border-top-color:rgb(139,83,48);color:rgb(1,68,107);font-weight:normal;font-size:24px;line-height:28px;font-family:Georgia,'Times
New Roman',Times,serif"> Wide asleep on the net</h1>
</div>
<div
style="font-size:12px;line-height:20px;font-family:Arial,Helvetica,sans-serif"><b>Hardeep
S Puri</b> Posted online: Thu Jun 27 2013, 05:15 hrs</div>
<div
style="font-size:13px;line-height:20px;font-family:Arial,Helvetica,sans-serif"><strong></strong><i>The
Snowden revelations point to the urgency to overhaul the
current architecture of global internet governance</i>
<p>Disclosures by Edward Snowden of the PRISM project by the
National Security Agency of the United States government
have revived discussions about the need for
democratisation of the current architecture of global
internet governance. Notwithstanding the sophistry and
grandstanding about preserving the multi-stakeholder
model, freedom of expression and avoiding control of
content, the current system is anything but any of these.
Behind this veneer, the economic, commercial and political
interests of a powerful group are sought to be entrenched.</p>
<p>The US not only possesses the capacity to keep our
citizens under surveillance, but in fact tracks telephone
calls, emails, chats and other communications based on the
internet every month, in the name of counter-terrorism.
Being ranked fifth, bracketed with Jordan and Pakistan and
ahead of Saudi Arabia, China and Russia, should be a
matter of concern for India.</p>
<p>Apologists among Indian IT majors and industry
associations can be expected to rise in defence of the
current model of internet governance; after all, many of
them depend on global internet majors for their business,
and have always spoken and acted on behalf of the latter.
Whenever discussions are held on the subject, the former
find ways of occupying the space and manipulating opinions
that echo the interests of the latter.</p>
<p>India called for democratisation of global internet
governance and proposed in October 2011 the setting up of
a Committee for Internet-Related Policies (CIRP),
accountable to the United Nations General Assembly, to
deal with international public policies relating to the
internet. Instead of discussing the pros and cons of
different elements of the proposal, there was an
orchestrated cacophony in the media designed to drown any
reasoned debate. Calls were made to force India to
withdraw the proposal. India’s proposal was characterised
as catastrophic, threatening a “UN takeover of the
internet”, and doomed to bring down Indian IT firms.</p>
<p>India’s policy on this subject of considerable strategic
significance has been consistent for over a decade. The
initial calls for democratisation of global internet
governance were made by then ministers Arun Shourie in
December 2003 in Geneva and Dayanidhi Maran in Tunis in
November 2005, at the World Summit on Information Society
(WSIS). India pursued the implementation of the report of
the Working Group on Internet Governance (WGIG) chaired by
Nitin Desai on the subject during the 2003 -05 period and
the Tunis Agenda, which mandated that the “International
management of the internet should be multilateral,
transparent and democratic”. The report got implemented
only in parts, through the setting up of the Internet
Governance Forum whose ineffectiveness has been
increasingly recognised in recent months even by Western
commentators and academics. The more important
recommendations on dealing with public policy issues were
buried deep, without any meaningful discussion of the
options presented in the report.</p>
<p>The WGIG had identified significant governance gaps with
regard to the internet: these included unilateral control
of the root zone files and systems and lack of
accountability of root zone operators; concerns over
allocation policies for IP addresses and domain names;
confusion about application of intellectual property
rights in cyberspace; substantially higher connectivity
costs in developing countries located far from internet
backbones; lack of multilateral mechanisms to ensure
network stability and security; lack of effective
mechanisms to prevent and prosecute internet crimes and
spam; barriers to multi-stakeholder participation;
restrictions on freedom of expression; inconsistent
application of privacy and data-protection rights; absence
of global standards for consumer rights; insufficient
progress towards multilingualism; and insufficient
capacity-building in developing countries. The Indian
proposal had only suggested that these very same issues,
as well as policy issues that have evolved since WSIS, be
considered by the CIRP; it had not proposed that the UN
“take over the internet”, or that the current technical
arrangements be overturned, as argued by the detractors.</p>
<p>We need to recognise the implications of the current
model. On the one hand, India is asked to ratify the
Budapest Convention on Cybercrime, in the negotiation of
which India played no part, in order for us to be eligible
to be qualified as a “data-secure” country. On the other,
India is sought to be excluded from any forum or
deliberations where the global rules for governance of the
internet or management of critical internet resources and
logical infrastructure are evolved. Another aspect that is
seldom appreciated here is the discomfort that European
countries have with the current US-dominated model of
global governance of the internet, as demonstrated by
statements emanating from their officials, the number of
legal disputes European bodies have launched against US
internet majors, and attempts by countries like France to
modify the existing system.</p>
<p>Well before the Snowden disclosures, the security,
socio-economic and legal implications of the current model
of internet governance had become quite apparent. Just to
take one example, the Julian Assange phenomenon and the
WikiLeaks disclosures had amply demonstrated some of them.
Concerns about shell companies and tax avoidance by global
internet majors provide another instance. The use of
Stuxnet was a third one.</p>
<p>The US is clearly determined to continue its relentless
pursuit of the current model of global internet
governance, for preserving its economic and strategic
interests. It is unlikely that there will be any change in
its policy even after the Snowden disclosures.</p>
<p>Some representatives of Indian industry associations have
been warning that Indian IT companies are heavily
dependent on global internet majors and that they will
suffer by India’s championing of the cause of
democratisation of internet governance. This lie needs to
be nailed. First, there has been no evidence of any such
impact. Second, independent of India’s proposal, Indian IT
companies have been demonstrating that they have more or
less reached the maximum of the current models of their
growth. Third, we need to work for the next generation of
Indian IT companies, which can move up the value chain by
creating their own branded services and products and
leading global innovation in IT. In other words, we need
to produce the next generation of Murthys and Premjis.
This requires modifying the eco-system, architecture and
infrastructure, both nationally and internationally, where
such ventures can grow. This makes it imperative for India
to become a lead player and shape the global ICT industry
architecture that helps Indian ICT companies of the
future.</p>
<p>None of this is going to be easy, however. We need a
dedicated group of people — within the establishment,
industry, technical and scientific community, academia,
civil society and media — who can reflect upon and define
India’s long-term interests in advancing the cause of
democratising global internet governance and free
ourselves from the current model where the space for
discussion is arrogated by apologists for the current
model of unilateral control.</p>
<p>The UN has launched a process for observing the 10th
anniversary of WSIS in 2015. This provides an opportunity
for India to work with other leading democratic countries
like Brazil and South Africa within the IBSA platform and
with other like-minded countries in the UN for
democratising global internet governance to make it truly
“multilateral, transparent and democratic”, as envisioned
in the Tunis Agenda.</p>
<p>The writer, a retired diplomat, was India’s permanent
representative to the UN</p>
<p>***</p>
</div>
</div>
</div>
<br>
<br>
<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On Wednesday 26 June 2013 03:54 PM,
parminder wrote:<br>
</div>
<blockquote cite="mid:51CAC150.60205@itforchange.net" type="cite">
<meta content="text/html; charset=UTF-8"
http-equiv="Content-Type">
<br>
While building on the past is important, I think, there is also
a keen realisation that we are passing - and mostly, missing -
a series of what could be 'constitutional moments' for a new
Internet mediated society... And that the global civil society
should pause, and retrospect. I see this from emails of Gene,
Andrew, Michael, Marianne and others - on diverse issues,
ranging from the recently concluded meeting of ITU WG on
Internet related public policy issues to PRISM plus disclosures.
<br>
<br>
Let me try to pick what in my view are some 'big points' of the
present moment... and then drill downwards. The biggest I think
is that we need to get over that age of innocence, whereby most
civil society took the stance that less rather than more global
IG is better..... That was a mistake, and continues to be a
mistake... Internet is big, it is global, it transforms
everything. And the prescription of less rather than more -
appropriate - governance of it can only serve dominant
interests. We need to accept that - whether it is human rights,
or it is distributional issues - we need more global IG. And
since Internet itself is new, its global governance too will
involve many new elements. It is, to a good measure, up to the
civil society to be innovative and brave in this regard.....
Something, unfortunately, we have consistently shrunk from
doing...<br>
<br>
First of all, we urgently need an appropriate focal point - and
around it a webbed architecture - of global IG.... And that
focal point I think should be body like the OECD's Committee on
Computers, Information and Communication Policy, which can be
attached to the UN General Assembly, and should be new age in
its structure, form, participation avenues etc... And this
committee should be fed in by the IGF. Everyone who knows about
the OECD's CCICP, knows how intensively it works, and what
quality of output it produces, and how how consultative,
multi-stakeholder etc it is.....<br>
<br>
We simply must create a similar focal point at the global level,
right away..... Lets at least discuss it... I have raised this
proposal several times, but have have no real response on why
such a body at the global level is not appropriate, and why is
it appropriate at OECD level.... This single step would go a
long way it setting us on the right direction....<br>
<br>
And then, this is the second imperative, we need to go down to
some real work.... not just the highest level principles that
have been around but seem not to really work... For example,
Andrew quotes privacy principles from GNI document. Well, its
provisions clearly were violated what what Snowden tells us...
So?? Nothing happens. Right. We have provisions in the IRP doc
as well....<br>
<br>
What we need to do now is to move to the next serious level....
Speak about actual due process, guarantees for transit data. how
these guarantees operate, and the such. We were informed
recently on the IGC list that EU does not subject data that is
merely in transit to data retention requirements. How this
obligation can be extended to others. ... What disclosures can
and should the telecom and application companies share about
data hosting and transit, and applicability of different
jursidictions over the data they carry and process.... We need
to drill down to such real issues. And that kind of thing
happens only when there are clear focal points for policy
development that exist (See for instance the real work that is
going on right now in Marrakesh for writing out a new treaty
guaranteeing access to printed material for the visually
impaired).... We have on the other hand seen the kind of joke
that the IGF has rendered itself into as a policy dialogue
forum.... We need to take preventive action against such
motivated obfuscations.... <br>
<br>
So, as I said, two things - (1) look for a real institutional
focal point for global IG, where all can participate, and (2),
work on real norms, policy frameworks, in the manner OECD's
CCICP does.... I see no other option... but as always wiling, to
hear about them, if they exist....<big><br>
<br>
parminder </big> <br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On Wednesday 26 June 2013 02:45 PM,
Andrew Puddephatt wrote:<br>
</div>
<blockquote
cite="mid:F605C05AD40650428A0434B4926B399CBD570C05B9@COLO-MB-CLUSTER.ethical.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:inherit;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.highlight
{mso-style-name:highlight;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Entirely
agree Marianne – this seems a sensible way of
proceeding<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"
style="margin-top:7.0pt;line-height:115%;text-autospace:none"><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">Andrew
Puddephatt</span></b><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";mso-fareast-language:EN-US">
</span></b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";mso-fareast-language:EN-US">|
</span><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">GLOBAL
PARTNERS</span></b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">
DIGITAL<o:p></o:p></span></p>
<p class="MsoNormal"
style="line-height:115%;text-autospace:none"><span
style="font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">Executive
Director</span><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#FF2126;mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"
style="line-height:115%;text-autospace:none"><span
style="font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#7F7F7F;mso-fareast-language:EN-US">Development
House, 56–64 Leonard Street, London EC2A 4LT<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#7F7F7F">T:
+44 (0)20 7549 0336 | M: +44 (0)771 339 9597 | Skype:
andrewpuddephatt</span><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#7F7F7F"><br>
<b>gp-digital.org</b><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US"> Marianne Franklin [<a
moz-do-not-send="true"
class="moz-txt-link-freetext"
href="mailto:m.i.franklin@gold.ac.uk">mailto:m.i.franklin@gold.ac.uk</a>]
<br>
<b>Sent:</b> 26 June 2013 08:30<br>
<b>To:</b> Andrew Puddephatt<br>
<b>Cc:</b> 'parminder'; <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:bestbits@lists.bestbits.net">bestbits@lists.bestbits.net</a>;
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:governance@lists.igcaucus.org">governance@lists.igcaucus.org</a>;
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:irp@lists.internetrightsandprinciples.org">irp@lists.internetrightsandprinciples.org</a><br>
<b>Subject:</b> Re: [bestbits] PRISM - is it about
the territorial location of data or its legal
ownership<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Dear
Andrew<br>
<br>
Have been following the conversation with interest. The
point Parminder raises about the responsibilities of
companies in ensuring that human rights in the fullest
sense of the term are not jeopardised at the deepest
levels of the internet's architecture is one that indeed
needs attention. However, the conversation so far is
proceeding as if no work at all has been done around human
rights norms and principles for the internet. This is not
the case. A lot of work has been done, indeed stretching
back many year into the WSIS period. If we choose to
forget or ignore what came before we are all doomed to
repeat past mistakes (as a great sage once remarked)! <br>
<br>
With the Bali IGF as a venue for meeting and moving
forward I do think it is important to note that the
Charter of Human Rights and Principles already goes a
*long* way in defining these 'global' (I use the term
advisedly) norms and principles carefully. The reason for
the cautious approach in 2010-2011 when the IRP Coalition
was drafting this current version was precisely in order
to be precise and coherent. Many people on all these lists
were involved in this process and can share the credit for
what has been achieved. The cautiousness then, criticised
at the time, has paid off in retrospect. <br>
<br>
As a wide-ranging Charter of human rights and principles
focusing on the online environment, then picked up by
Frank La Rue thanks to the work of the then IRP Coalition
Chairs, Lisa Horner and Dixie Hawtin in turn, based on the
UDHR and its successors it was, and is not intended to be
a prescriptive, or one-size-fits-all document. What was
intended and to my mind has been achieved is rather a
baseline, inspirational framing for the work that is now
emerging around specific cases and situations such as
privacy, freedom of expression and so on that have been
thrown into relief by the events around PRISM. The IRP
Charter is also careful to include the responsibility of
companies as integral to these emerging norms. Events have
underscored that the IRP Charter was a project worth
engaging in and for that the 'we' on these lists did
achieve something quite remarkable. <br>
<br>
Moving the IRP Charter up a level is a focus for two
workshops at least in Bali, and the IRP Meeting there I
would like to propose that these are very suitable places
to continue these discussions, online and of course in
person. The Best Bits meeting prior to the IGF is in this
respect a great way to get started as the next stage of
the IRP Charter in substantive terms gets underway i.e.
addressing the weaker parts of the current Beta version (<a
moz-do-not-send="true"
href="http://internetrightsandprinciples.org/site/charter/">http://internetrightsandprinciples.org/site/charter/</a>)
and widen awareness amongst the human rights community and
inter-govn organizations. A huge step in the latter has
already been achieved in recent weeks and I would like to
add these moves to the work being done through Best Bits.
<br>
<br>
Finally, on principles seeing as this focus is also on the
IGF agenda, here too the IRP Charter developed precursor
models (such as the APC Bill of Rights, the Marco Civil
principles too) the IRP Ten Principles are intended as an
educational, outreach version of the actual Charter. So
here the work being initiated around Internet Goverance
Principles (however defined) is something the IRP
coalition supports implicitly. <br>
<br>
The only question I am getting from members is about how
better to work together, which is why the current Charter
goes quite some way in establishing the sort of framework
that is being advocated here. No need to reinvent the
wheel in other words! <br>
<br>
best<br>
MF<o:p></o:p></p>
<div>
<p class="MsoNormal">On 25/06/2013 17:59, Andrew
Puddephatt wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0">Just
welcoming Parminder’s focus on companies here. I feel
that the current situation is an opportunity to push
the companies a lot more rigorously than we have been
able to do so far. I like the idea of global norms
and principles and I wonder if anyone has done any
detailed work on this in relation to
security/surveillance and jurisdictional questions –
specifically the role of global companies rooted in
one jurisdiction (principally the US I would
guess?). I note that some German MPs are calling
for US companies to establish a German cloud distinct
and separate from US jurisdiction..</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0">I
think we can strategically link the two issues that
Parminder has flagged up – we can reinforce the push
for norms and principles pointing out this is a way
for country’s to escape the US orbit – as long as we
can avoid the danger of breaking the internet into
separate national infrastructures – which is where the
norms and principles need to be carefully defined.
Is this something we can discuss online and then
discuss in person at Bali?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0">Looking
at the GNI principle on privacy it says:</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0"> </span><o:p></o:p></p>
<p style="margin-left:30.0pt;background:white"><span
style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333">Privacy
is a human right and guarantor of human dignity.
Privacy is important to maintaining personal security,
protecting identity and promoting freedom of
expression in the digital age.<br>
<br>
Everyone should be free from illegal or arbitrary
interference with the right to privacy and should have
the right to the protection of the law against such
interference or attacks.<br>
<br>
The right to privacy should not be restricted by
governments, except in narrowly defined circumstances
based on internationally recognized laws and
standards. These restrictions should be consistent
with international human rights laws and standards,
the rule of law and be necessary and proportionate for
the relevant purpose.<br>
<br>
<span class="highlight">Participating companies will
employ protections with respect to personal
information in all countries where they operate in
order to protect the privacy rights of users.</span></span><o:p></o:p></p>
<p style="margin-left:30.0pt;background:white;orphans:
auto;text-align:start;widows:
auto;-webkit-text-stroke-width: 0px;word-spacing:0px"><span
class="highlight"><span
style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333">Participating
companies will respect and protect the privacy
rights of users when confronted with government
demands, laws or regulations that compromise privacy
in a manner inconsistent with internationally
recognized laws and standards.</span></span><o:p></o:p></p>
<p style="background:white"><span class="highlight"><span
style="font-family:"Calibri","sans-serif";color:#0070C0">Is
this something to build upon? The final clause is
interesting – it implies that signatory companies
will respect privacy even when asked to comply with
laws that breach internationally recognized laws and
standards which I assume everyone thinks that FISA
does?</span></span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0"> </span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"
style="margin-top:7.0pt;line-height:115%;text-autospace:none"><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">Andrew
Puddephatt</span></b><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";mso-fareast-language:EN-US">
</span></b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";mso-fareast-language:EN-US">|
</span><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">GLOBAL
PARTNERS</span></b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">
DIGITAL</span><o:p></o:p></p>
<p class="MsoNormal"
style="line-height:115%;text-autospace:none"><span
style="font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">Executive
Director</span><o:p></o:p></p>
<p class="MsoNormal"
style="line-height:115%;text-autospace:none"><span
style="font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#7F7F7F;mso-fareast-language:EN-US">Development
House, 56–64 Leonard Street, London EC2A 4LT</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#7F7F7F">T:
+44 (0)20 7549 0336 | M: +44 (0)771 339 9597 |
Skype: andrewpuddephatt</span><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#7F7F7F"><br>
<b>gp-digital.org</b></span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US"> <a moz-do-not-send="true"
href="mailto:bestbits-request@lists.bestbits.net">bestbits-request@lists.bestbits.net</a>
[<a moz-do-not-send="true"
href="mailto:bestbits-request@lists.bestbits.net">mailto:bestbits-request@lists.bestbits.net</a>]
<b>On Behalf Of </b>parminder<br>
<b>Sent:</b> 25 June 2013 09:25<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:bestbits@lists.bestbits.net">bestbits@lists.bestbits.net</a>;
<a moz-do-not-send="true"
href="mailto:governance@lists.igcaucus.org">governance@lists.igcaucus.org</a><br>
<b>Subject:</b> Re: [bestbits] PRISM - is it about
the territorial location of data or its legal
ownership</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<span
style="font-family:"Verdana","sans-serif"">This
is how I think it works overall - the digital
imperialist system..... Global Internet companies -
mostly US based - know that much of their operations
worldwide legally are on slippery grounds.... They
find it safest to hang on to the apron strings of the
one superpower in the world today, the US... They know
that the US establishement is their best political and
legal cover. The US of course finds so much military,
political, economic, social and cultural capital in
being the team leader... It is an absolutely win
win... That is what PRISM plus has been about. And
this is what most global (non) Internet governance has
been about - with the due role of the civil society
often spoken of here. <br>
<br>
Incidentally, it was only a few days before these
disclosures that Julian Assange spoke of "<a
moz-do-not-send="true"
href="http://www.nytimes.com/2013/06/02/opinion/sunday/the-banality-of-googles-dont-be-evil.html?pagewanted=all&_r=0">technocratic
imperialism</a>" led by the US-Google combine... How
quite to the point he was... Although so many of us
are so eager to let the big companies off the hook
with respect to the recent episodes. <br>
<br>
What got to be done now? If we indeed are eager to do
something, two things (1) do everything to
decentralise the global Internet's architecture, and
(2) get on with putting in place global norms,
principles, rules and where needed treaties that will
govern our collective Internet behaviour, and provide
us with our rights and responsibilities vis a vis the
global Internet.<br>
<br>
But if there are other possible prescriptions, one is
all ears.<br>
<br>
parminder<br>
<br>
<br>
</span><o:p></o:p></p>
<div>
<p class="MsoNormal">On Tuesday 25 June 2013 01:04 PM,
parminder wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On Monday 24 June 2013 08:18 PM,
Katitza Rodriguez wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Only answering one of the
questions on jurisdictional issues: The answer is
somewhat complex<br>
<br>
<span style="font-size:10.5pt">if data is hosted
in the US by US companies (or hosted in the US
by companies based overseas), the government has
taken the position that it is subject to U.S.
legal processes, including National Security
Letters, 2703(d) Orders, Orders under section
215 of the Patriot Act and regular warrants and
subpoenas, regardless of where the user is
located.</span><br>
<br>
<span style="font-size:10.5pt">The legal standard
for production of information by a third party,
including cloud computing services under US
civil (</span><a moz-do-not-send="true"
href="http://www.law.cornell.edu/rules/frcp/rule_45"><span
style="font-size:10.5pt;font-family:inherit;border:none
windowtext
1.0pt;padding:0cm;text-decoration:none">http://www.law.cornell.edu/rules/frcp/rule_45</span></a><span
style="font-size:10.5pt">) and criminal (</span><a
moz-do-not-send="true"
href="http://www.law.cornell.edu/rules/frcrmp/rule_16"><span
style="font-size:10.5pt;font-family:inherit;border:none
windowtext
1.0pt;padding:0cm;text-decoration:none">http://www.law.cornell.edu/rules/frcrmp/rule_16</span></a><span
style="font-size:10.5pt">) law is whether the
information is under the "possession, custody or
control" of a party that is subject to US
jurisdiction. It doesn’t matter where the
information is physically stored, where the
company is headquartered or, importantly, where
the person whose information is sought is
located. The issue for users is whether the US
has jurisdiction over the cloud computing
service they use, and whether the cloud
computing service has “possession, custody or
control” of their data, wherever it rests
physically. For example, one could imagine a
situation in which a large US-based company was
loosely related to a subsidiary overseas, but
did not have “possession, custody, or control”
of the data held by the subsidiary and thus the
data wasn’t subject to US jurisdiction.</span><o:p></o:p></p>
</div>
</blockquote>
<p class="MsoNormal"><br>
Interesting, although maybe somewhat obvious! So, even
if an European sends a email (gmail) to another
European, and the transit and storage of the content
never in fact reaches US borders, Google would still
be obliged to hand over the contents to US officials
under PRISM...... Can a country claim that Google
broke its law in the process, a law perhaps as serious
as espionage, whereby the hypothesized European to
European email could have carried classified
information! Here, Google, on instructions of US
authorities would have actually transported a piece of
classified - or otherwise illegal to access -
information from beyond US borders into US borders. <br>
<br>
What about US telcos working in other countries, say
in India. AT&T (through a majority held JV) claims
to be the largest enterprise service provider in
India. And we know AT & T has been a somewhat over
enthusiastic partner in US's global espionage (for
instance see <a moz-do-not-send="true"
href="http://www.techdirt.com/articles/20100121/1418107862.shtml">here</a>
)... Would all the information that AT & T has the
"possession. custody and control" of in India in this
matter not be considered fair game to access by the
US...... All this looks like a sliding progression to
me. Where are the limits, who lays the rules in this
global space.... <br>
<br>
parminder <br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal"><br>
On 6/24/13 5:28 AM, parminder wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hi All<br>
<br>
There was some demand on the bestbits list that we
still need to ask a lot of questions from the
involved companies in terms of the recent PRISM plus
disclosures. We are being too soft on them. I refuse
to believe that everything they did was forced upon
on them. Apart from the fact that there are <a
moz-do-not-send="true"
href="http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html">news
reports</a> that US based tech companies regularly
share data with US gov for different kinds of
favours in return, or even simply motivated by
nationalistic feeling, we should not forget that
many of these companies have strong political agenda
which are closely associated with that of the US
gov. You must all know about '<a
moz-do-not-send="true"
href="http://en.wikipedia.org/wiki/Google_Ideas">Google
Ideas</a>', its revolving doors with US gov's
security apparatus, and its own aggressive <a
moz-do-not-send="true"
href="http://www.informationclearinghouse.info/article34535.htm">regime
change ideas</a>. Facebook also is known to 'like'
some things, say in MENA region, and not other
things in the same region.....<br>
<br>
<span
style="font-family:"Verdana","sans-serif"">Firstly,
one would want to know </span>whether the
obligations to share data with US government
extended only to such data that is actually located
in, or flows, through, the US. Or, does it extend to
all data within the legal control/ ownership of
these companies wherever it may reside. (I think,
certainly hope, it must be the former, but still I
want to be absolutely sure, and hear directly from
these companies.)<br>
<br>
Now, if the obligation was to share only such data
that actually resided in servers inside the US, why
did these companies, in face of what was obviously
very broad and intrusive demands for sharing data
about non US citizens, not simply locate much of
such data outside the US. For instance, it could
pick up the top 10 countries, the data of whose
citizens was repeatedly sought by US authorities,
and shift all their data to servers in other
countries that made no such demand? Now, we know
that many of the involved companies have set up near
fictitious companies headquartered in strange places
for the purpose of tax avoidance/ evasion. Why could
they not do for the sake of protecting human rights,
well, lets only say, the trust, of non US citizens/
consumers, what they so very efficiently did for
enhancing their bottom-lines? <br>
<br>
Are there any such plan even now? While I can
understand that there can be some laws to force a
company to hold the data of citizens of a country
within its border, there isnt any law which can
force these companies to hold foreign data within a
country's borders... Or would any such act perceived
to be too unfriendly an act by the US gov?<br>
<br>
<br>
I am sure others may have other questions to ask
these companies.....<br>
<br>
parminder <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>Katitza Rodriguez<o:p></o:p></pre>
<pre>International Rights Director<o:p></o:p></pre>
<pre>Electronic Frontier Foundation<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:katitza@eff.org">katitza@eff.org</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:katitza@datos-personales.org">katitza@datos-personales.org</a> (personal email)<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Please support EFF - Working to protect your digital rights and freedom of speech since 1990<o:p></o:p></pre>
<p class="MsoNormal"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>Dr Marianne Franklin<o:p></o:p></pre>
<pre>Reader <o:p></o:p></pre>
<pre>Convener: Global Media & Transnational Communications Program<o:p></o:p></pre>
<pre>Co-Chair Internet Rights & Principles Coalition (UN IGF)<o:p></o:p></pre>
<pre>Goldsmiths, University of London<o:p></o:p></pre>
<pre>Dept. of Media & Communications<o:p></o:p></pre>
<pre>New Cross, London SE14 6NW<o:p></o:p></pre>
<pre>Tel: +44 20 7919 7072<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:m.i.franklin@gold.ac.uk"><m.i.franklin@gold.ac.uk></a><o:p></o:p></pre>
<pre>@GloComm<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://twitter.com/GloComm">https://twitter.com/GloComm</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://www.gold.ac.uk/media-communications/staff/franklin/">http://www.gold.ac.uk/media-communications/staff/franklin/</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://www.gold.ac.uk/pg/ma-global-media-transnational-communications/">https://www.gold.ac.uk/pg/ma-global-media-transnational-communications/</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://www.internetrightsandprinciples.org">www.internetrightsandprinciples.org</a><o:p></o:p></pre>
<pre>@netrights<o:p></o:p></pre>
</div>
</blockquote>
<br>
</blockquote>
<br>
<br>
</div>
<br>
</body>
</html>