<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
From the Indian Express, of yesterday..... The author recently
retired as India's Permanent Representative to the UN. <br>
<br>
<div class="gmail_quote"><br>
<br>
<br>
<div>
<div style="font-family:Times;font-size:medium">
<h1 style="margin:0px;padding:5px
0px;border-top-width:8px;border-top-style:solid;border-top-color:rgb(139,83,48);color:rgb(1,68,107);font-weight:normal;font-size:24px;line-height:28px;font-family:Georgia,'Times
New Roman',Times,serif">
Wide asleep on the net</h1>
</div>
<div
style="font-size:12px;line-height:20px;font-family:Arial,Helvetica,sans-serif"><b>Hardeep
S Puri</b> Posted online: Thu Jun 27 2013, 05:15 hrs</div>
<div
style="font-size:13px;line-height:20px;font-family:Arial,Helvetica,sans-serif"><strong></strong><i>The
Snowden revelations point to the urgency to overhaul the
current architecture of global internet governance</i>
<p>Disclosures by Edward Snowden of the PRISM project by the
National Security Agency of the United States government
have revived discussions about the need for democratisation
of the current architecture of global internet governance.
Notwithstanding the sophistry and grandstanding about
preserving the multi-stakeholder model, freedom of
expression and avoiding control of content, the current
system is anything but any of these. Behind this veneer, the
economic, commercial and political interests of a powerful
group are sought to be entrenched.</p>
<p>The US not only possesses the capacity to keep our citizens
under surveillance, but in fact tracks telephone calls,
emails, chats and other communications based on the internet
every month, in the name of counter-terrorism. Being ranked
fifth, bracketed with Jordan and Pakistan and ahead of Saudi
Arabia, China and Russia, should be a matter of concern for
India.</p>
<p>Apologists among Indian IT majors and industry associations
can be expected to rise in defence of the current model of
internet governance; after all, many of them depend on
global internet majors for their business, and have always
spoken and acted on behalf of the latter. Whenever
discussions are held on the subject, the former find ways of
occupying the space and manipulating opinions that echo the
interests of the latter.</p>
<p>India called for democratisation of global internet
governance and proposed in October 2011 the setting up of a
Committee for Internet-Related Policies (CIRP), accountable
to the United Nations General Assembly, to deal with
international public policies relating to the internet.
Instead of discussing the pros and cons of different
elements of the proposal, there was an orchestrated
cacophony in the media designed to drown any reasoned
debate. Calls were made to force India to withdraw the
proposal. India’s proposal was characterised as
catastrophic, threatening a “UN takeover of the internet”,
and doomed to bring down Indian IT firms.</p>
<p>India’s policy on this subject of considerable strategic
significance has been consistent for over a decade. The
initial calls for democratisation of global internet
governance were made by then ministers Arun Shourie in
December 2003 in Geneva and Dayanidhi Maran in Tunis in
November 2005, at the World Summit on Information Society
(WSIS). India pursued the implementation of the report of
the Working Group on Internet Governance (WGIG) chaired by
Nitin Desai on the subject during the 2003 -05 period and
the Tunis Agenda, which mandated that the “International
management of the internet should be multilateral,
transparent and democratic”. The report got implemented only
in parts, through the setting up of the Internet Governance
Forum whose ineffectiveness has been increasingly recognised
in recent months even by Western commentators and academics.
The more important recommendations on dealing with public
policy issues were buried deep, without any meaningful
discussion of the options presented in the report.</p>
<p>The WGIG had identified significant governance gaps with
regard to the internet: these included unilateral control of
the root zone files and systems and lack of accountability
of root zone operators; concerns over allocation policies
for IP addresses and domain names; confusion about
application of intellectual property rights in cyberspace;
substantially higher connectivity costs in developing
countries located far from internet backbones; lack of
multilateral mechanisms to ensure network stability and
security; lack of effective mechanisms to prevent and
prosecute internet crimes and spam; barriers to
multi-stakeholder participation; restrictions on freedom of
expression; inconsistent application of privacy and
data-protection rights; absence of global standards for
consumer rights; insufficient progress towards
multilingualism; and insufficient capacity-building in
developing countries. The Indian proposal had only suggested
that these very same issues, as well as policy issues that
have evolved since WSIS, be considered by the CIRP; it had
not proposed that the UN “take over the internet”, or that
the current technical arrangements be overturned, as argued
by the detractors.</p>
<p>We need to recognise the implications of the current model.
On the one hand, India is asked to ratify the Budapest
Convention on Cybercrime, in the negotiation of which India
played no part, in order for us to be eligible to be
qualified as a “data-secure” country. On the other, India is
sought to be excluded from any forum or deliberations where
the global rules for governance of the internet or
management of critical internet resources and logical
infrastructure are evolved. Another aspect that is seldom
appreciated here is the discomfort that European countries
have with the current US-dominated model of global
governance of the internet, as demonstrated by statements
emanating from their officials, the number of legal disputes
European bodies have launched against US internet majors,
and attempts by countries like France to modify the existing
system.</p>
<p>Well before the Snowden disclosures, the security,
socio-economic and legal implications of the current model
of internet governance had become quite apparent. Just to
take one example, the Julian Assange phenomenon and the
WikiLeaks disclosures had amply demonstrated some of them.
Concerns about shell companies and tax avoidance by global
internet majors provide another instance. The use of Stuxnet
was a third one.</p>
<p>The US is clearly determined to continue its relentless
pursuit of the current model of global internet governance,
for preserving its economic and strategic interests. It is
unlikely that there will be any change in its policy even
after the Snowden disclosures.</p>
<p>Some representatives of Indian industry associations have
been warning that Indian IT companies are heavily dependent
on global internet majors and that they will suffer by
India’s championing of the cause of democratisation of
internet governance. This lie needs to be nailed. First,
there has been no evidence of any such impact. Second,
independent of India’s proposal, Indian IT companies have
been demonstrating that they have more or less reached the
maximum of the current models of their growth. Third, we
need to work for the next generation of Indian IT companies,
which can move up the value chain by creating their own
branded services and products and leading global innovation
in IT. In other words, we need to produce the next
generation of Murthys and Premjis. This requires modifying
the eco-system, architecture and infrastructure, both
nationally and internationally, where such ventures can
grow. This makes it imperative for India to become a lead
player and shape the global ICT industry architecture that
helps Indian ICT companies of the future.</p>
<p>None of this is going to be easy, however. We need a
dedicated group of people — within the establishment,
industry, technical and scientific community, academia,
civil society and media — who can reflect upon and define
India’s long-term interests in advancing the cause of
democratising global internet governance and free ourselves
from the current model where the space for discussion is
arrogated by apologists for the current model of unilateral
control.</p>
<p>The UN has launched a process for observing the 10th
anniversary of WSIS in 2015. This provides an opportunity
for India to work with other leading democratic countries
like Brazil and South Africa within the IBSA platform and
with other like-minded countries in the UN for democratising
global internet governance to make it truly “multilateral,
transparent and democratic”, as envisioned in the Tunis
Agenda.</p>
<p>The writer, a retired diplomat, was India’s permanent
representative to the UN</p>
<p>***</p>
</div>
</div>
</div>
<br>
<br>
<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On Wednesday 26 June 2013 03:54 PM,
parminder wrote:<br>
</div>
<blockquote cite="mid:51CAC150.60205@itforchange.net" type="cite">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<br>
While building on the past is important, I think, there is also a
keen realisation that we are passing - and mostly, missing - a
series of what could be 'constitutional moments' for a new
Internet mediated society... And that the global civil society
should pause, and retrospect. I see this from emails of Gene,
Andrew, Michael, Marianne and others - on diverse issues, ranging
from the recently concluded meeting of ITU WG on Internet related
public policy issues to PRISM plus disclosures. <br>
<br>
Let me try to pick what in my view are some 'big points' of the
present moment... and then drill downwards. The biggest I think is
that we need to get over that age of innocence, whereby most civil
society took the stance that less rather than more global IG is
better..... That was a mistake, and continues to be a mistake...
Internet is big, it is global, it transforms everything. And the
prescription of less rather than more - appropriate - governance
of it can only serve dominant interests. We need to accept that -
whether it is human rights, or it is distributional issues - we
need more global IG. And since Internet itself is new, its global
governance too will involve many new elements. It is, to a good
measure, up to the civil society to be innovative and brave in
this regard..... Something, unfortunately, we have consistently
shrunk from doing...<br>
<br>
First of all, we urgently need an appropriate focal point - and
around it a webbed architecture - of global IG.... And that focal
point I think should be body like the OECD's Committee on
Computers, Information and Communication Policy, which can be
attached to the UN General Assembly, and should be new age in its
structure, form, participation avenues etc... And this committee
should be fed in by the IGF. Everyone who knows about the OECD's
CCICP, knows how intensively it works, and what quality of output
it produces, and how how consultative, multi-stakeholder etc it
is.....<br>
<br>
We simply must create a similar focal point at the global level,
right away..... Lets at least discuss it... I have raised this
proposal several times, but have have no real response on why such
a body at the global level is not appropriate, and why is it
appropriate at OECD level.... This single step would go a long way
it setting us on the right direction....<br>
<br>
And then, this is the second imperative, we need to go down to
some real work.... not just the highest level principles that have
been around but seem not to really work... For example, Andrew
quotes privacy principles from GNI document. Well, its provisions
clearly were violated what what Snowden tells us... So?? Nothing
happens. Right. We have provisions in the IRP doc as well....<br>
<br>
What we need to do now is to move to the next serious level....
Speak about actual due process, guarantees for transit data. how
these guarantees operate, and the such. We were informed recently
on the IGC list that EU does not subject data that is merely in
transit to data retention requirements. How this obligation can be
extended to others. ... What disclosures can and should the
telecom and application companies share about data hosting and
transit, and applicability of different jursidictions over the
data they carry and process.... We need to drill down to such real
issues. And that kind of thing happens only when there are clear
focal points for policy development that exist (See for instance
the real work that is going on right now in Marrakesh for writing
out a new treaty guaranteeing access to printed material for the
visually impaired).... We have on the other hand seen the kind of
joke that the IGF has rendered itself into as a policy dialogue
forum.... We need to take preventive action against such motivated
obfuscations.... <br>
<br>
So, as I said, two things - (1) look for a real institutional
focal point for global IG, where all can participate, and (2),
work on real norms, policy frameworks, in the manner OECD's CCICP
does.... I see no other option... but as always wiling, to hear
about them, if they exist....<big><br>
<br>
parminder </big> <br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On Wednesday 26 June 2013 02:45 PM,
Andrew Puddephatt wrote:<br>
</div>
<blockquote
cite="mid:F605C05AD40650428A0434B4926B399CBD570C05B9@COLO-MB-CLUSTER.ethical.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:inherit;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.highlight
{mso-style-name:highlight;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
color:black;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Entirely
agree Marianne – this seems a sensible way of proceeding<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"
style="margin-top:7.0pt;line-height:115%;text-autospace:none"><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">Andrew
Puddephatt</span></b><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";mso-fareast-language:EN-US">
</span></b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";mso-fareast-language:EN-US">|
</span><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">GLOBAL
PARTNERS</span></b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">
DIGITAL<o:p></o:p></span></p>
<p class="MsoNormal"
style="line-height:115%;text-autospace:none"><span
style="font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">Executive
Director</span><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#FF2126;mso-fareast-language:EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"
style="line-height:115%;text-autospace:none"><span
style="font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#7F7F7F;mso-fareast-language:EN-US">Development
House, 56–64 Leonard Street, London EC2A 4LT<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#7F7F7F">T:
+44 (0)20 7549 0336 | M: +44 (0)771 339 9597 | Skype:
andrewpuddephatt</span><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#7F7F7F"><br>
<b>gp-digital.org</b><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US"> Marianne Franklin [<a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="mailto:m.i.franklin@gold.ac.uk">mailto:m.i.franklin@gold.ac.uk</a>]
<br>
<b>Sent:</b> 26 June 2013 08:30<br>
<b>To:</b> Andrew Puddephatt<br>
<b>Cc:</b> 'parminder'; <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:bestbits@lists.bestbits.net">bestbits@lists.bestbits.net</a>;
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:governance@lists.igcaucus.org">governance@lists.igcaucus.org</a>;
<a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:irp@lists.internetrightsandprinciples.org">irp@lists.internetrightsandprinciples.org</a><br>
<b>Subject:</b> Re: [bestbits] PRISM - is it about the
territorial location of data or its legal ownership<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Dear Andrew<br>
<br>
Have been following the conversation with interest. The
point Parminder raises about the responsibilities of
companies in ensuring that human rights in the fullest sense
of the term are not jeopardised at the deepest levels of the
internet's architecture is one that indeed needs attention.
However, the conversation so far is proceeding as if no work
at all has been done around human rights norms and
principles for the internet. This is not the case. A lot of
work has been done, indeed stretching back many year into
the WSIS period. If we choose to forget or ignore what came
before we are all doomed to repeat past mistakes (as a great
sage once remarked)! <br>
<br>
With the Bali IGF as a venue for meeting and moving forward
I do think it is important to note that the Charter of Human
Rights and Principles already goes a *long* way in defining
these 'global' (I use the term advisedly) norms and
principles carefully. The reason for the cautious approach
in 2010-2011 when the IRP Coalition was drafting this
current version was precisely in order to be precise and
coherent. Many people on all these lists were involved in
this process and can share the credit for what has been
achieved. The cautiousness then, criticised at the time, has
paid off in retrospect. <br>
<br>
As a wide-ranging Charter of human rights and principles
focusing on the online environment, then picked up by Frank
La Rue thanks to the work of the then IRP Coalition Chairs,
Lisa Horner and Dixie Hawtin in turn, based on the UDHR and
its successors it was, and is not intended to be a
prescriptive, or one-size-fits-all document. What was
intended and to my mind has been achieved is rather a
baseline, inspirational framing for the work that is now
emerging around specific cases and situations such as
privacy, freedom of expression and so on that have been
thrown into relief by the events around PRISM. The IRP
Charter is also careful to include the responsibility of
companies as integral to these emerging norms. Events have
underscored that the IRP Charter was a project worth
engaging in and for that the 'we' on these lists did achieve
something quite remarkable. <br>
<br>
Moving the IRP Charter up a level is a focus for two
workshops at least in Bali, and the IRP Meeting there I
would like to propose that these are very suitable places to
continue these discussions, online and of course in person.
The Best Bits meeting prior to the IGF is in this respect a
great way to get started as the next stage of the IRP
Charter in substantive terms gets underway i.e. addressing
the weaker parts of the current Beta version (<a
moz-do-not-send="true"
href="http://internetrightsandprinciples.org/site/charter/">http://internetrightsandprinciples.org/site/charter/</a>)
and widen awareness amongst the human rights community and
inter-govn organizations. A huge step in the latter has
already been achieved in recent weeks and I would like to
add these moves to the work being done through Best Bits. <br>
<br>
Finally, on principles seeing as this focus is also on the
IGF agenda, here too the IRP Charter developed precursor
models (such as the APC Bill of Rights, the Marco Civil
principles too) the IRP Ten Principles are intended as an
educational, outreach version of the actual Charter. So here
the work being initiated around Internet Goverance
Principles (however defined) is something the IRP coalition
supports implicitly. <br>
<br>
The only question I am getting from members is about how
better to work together, which is why the current Charter
goes quite some way in establishing the sort of framework
that is being advocated here. No need to reinvent the wheel
in other words! <br>
<br>
best<br>
MF<o:p></o:p></p>
<div>
<p class="MsoNormal">On 25/06/2013 17:59, Andrew Puddephatt
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0">Just
welcoming Parminder’s focus on companies here. I feel
that the current situation is an opportunity to push the
companies a lot more rigorously than we have been able
to do so far. I like the idea of global norms and
principles and I wonder if anyone has done any detailed
work on this in relation to security/surveillance and
jurisdictional questions – specifically the role of
global companies rooted in one jurisdiction (principally
the US I would guess?). I note that some German MPs
are calling for US companies to establish a German cloud
distinct and separate from US jurisdiction..</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0">I
think we can strategically link the two issues that
Parminder has flagged up – we can reinforce the push for
norms and principles pointing out this is a way for
country’s to escape the US orbit – as long as we can
avoid the danger of breaking the internet into separate
national infrastructures – which is where the norms and
principles need to be carefully defined. Is this
something we can discuss online and then discuss in
person at Bali?</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0">Looking
at the GNI principle on privacy it says:</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0"> </span><o:p></o:p></p>
<p style="margin-left:30.0pt;background:white"><span
style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333">Privacy
is a human right and guarantor of human dignity. Privacy
is important to maintaining personal security,
protecting identity and promoting freedom of expression
in the digital age.<br>
<br>
Everyone should be free from illegal or arbitrary
interference with the right to privacy and should have
the right to the protection of the law against such
interference or attacks.<br>
<br>
The right to privacy should not be restricted by
governments, except in narrowly defined circumstances
based on internationally recognized laws and standards.
These restrictions should be consistent with
international human rights laws and standards, the rule
of law and be necessary and proportionate for the
relevant purpose.<br>
<br>
<span class="highlight">Participating companies will
employ protections with respect to personal
information in all countries where they operate in
order to protect the privacy rights of users.</span></span><o:p></o:p></p>
<p style="margin-left:30.0pt;background:white;orphans:
auto;text-align:start;widows:
auto;-webkit-text-stroke-width: 0px;word-spacing:0px"><span
class="highlight"><span
style="font-size:9.0pt;font-family:"Arial","sans-serif";color:#333333">Participating
companies will respect and protect the privacy rights
of users when confronted with government demands, laws
or regulations that compromise privacy in a manner
inconsistent with internationally recognized laws and
standards.</span></span><o:p></o:p></p>
<p style="background:white"><span class="highlight"><span
style="font-family:"Calibri","sans-serif";color:#0070C0">Is
this something to build upon? The final clause is
interesting – it implies that signatory companies will
respect privacy even when asked to comply with laws
that breach internationally recognized laws and
standards which I assume everyone thinks that FISA
does?</span></span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-family:"Calibri","sans-serif";color:#0070C0"> </span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"
style="margin-top:7.0pt;line-height:115%;text-autospace:none"><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">Andrew
Puddephatt</span></b><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";mso-fareast-language:EN-US">
</span></b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";mso-fareast-language:EN-US">|
</span><b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">GLOBAL
PARTNERS</span></b><span
style="font-size:11.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">
DIGITAL</span><o:p></o:p></p>
<p class="MsoNormal"
style="line-height:115%;text-autospace:none"><span
style="font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#253741;mso-fareast-language:EN-US">Executive
Director</span><o:p></o:p></p>
<p class="MsoNormal"
style="line-height:115%;text-autospace:none"><span
style="font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif";color:#7F7F7F;mso-fareast-language:EN-US">Development
House, 56–64 Leonard Street, London EC2A 4LT</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#7F7F7F">T:
+44 (0)20 7549 0336 | M: +44 (0)771 339 9597 | Skype:
andrewpuddephatt</span><span
style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#7F7F7F"><br>
<b>gp-digital.org</b></span><o:p></o:p></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"
lang="EN-US"> <a moz-do-not-send="true"
href="mailto:bestbits-request@lists.bestbits.net">bestbits-request@lists.bestbits.net</a>
[<a moz-do-not-send="true"
href="mailto:bestbits-request@lists.bestbits.net">mailto:bestbits-request@lists.bestbits.net</a>]
<b>On Behalf Of </b>parminder<br>
<b>Sent:</b> 25 June 2013 09:25<br>
<b>To:</b> <a moz-do-not-send="true"
href="mailto:bestbits@lists.bestbits.net">bestbits@lists.bestbits.net</a>;
<a moz-do-not-send="true"
href="mailto:governance@lists.igcaucus.org">governance@lists.igcaucus.org</a><br>
<b>Subject:</b> Re: [bestbits] PRISM - is it about
the territorial location of data or its legal
ownership</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<span
style="font-family:"Verdana","sans-serif"">This
is how I think it works overall - the digital
imperialist system..... Global Internet companies -
mostly US based - know that much of their operations
worldwide legally are on slippery grounds.... They find
it safest to hang on to the apron strings of the one
superpower in the world today, the US... They know that
the US establishement is their best political and legal
cover. The US of course finds so much military,
political, economic, social and cultural capital in
being the team leader... It is an absolutely win win...
That is what PRISM plus has been about. And this is what
most global (non) Internet governance has been about -
with the due role of the civil society often spoken of
here. <br>
<br>
Incidentally, it was only a few days before these
disclosures that Julian Assange spoke of "<a
moz-do-not-send="true"
href="http://www.nytimes.com/2013/06/02/opinion/sunday/the-banality-of-googles-dont-be-evil.html?pagewanted=all&_r=0">technocratic
imperialism</a>" led by the US-Google combine... How
quite to the point he was... Although so many of us are
so eager to let the big companies off the hook with
respect to the recent episodes. <br>
<br>
What got to be done now? If we indeed are eager to do
something, two things (1) do everything to decentralise
the global Internet's architecture, and (2) get on with
putting in place global norms, principles, rules and
where needed treaties that will govern our collective
Internet behaviour, and provide us with our rights and
responsibilities vis a vis the global Internet.<br>
<br>
But if there are other possible prescriptions, one is
all ears.<br>
<br>
parminder<br>
<br>
<br>
</span><o:p></o:p></p>
<div>
<p class="MsoNormal">On Tuesday 25 June 2013 01:04 PM,
parminder wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On Monday 24 June 2013 08:18 PM,
Katitza Rodriguez wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">Only answering one of the
questions on jurisdictional issues: The answer is
somewhat complex<br>
<br>
<span style="font-size:10.5pt">if data is hosted in
the US by US companies (or hosted in the US by
companies based overseas), the government has
taken the position that it is subject to U.S.
legal processes, including National Security
Letters, 2703(d) Orders, Orders under section 215
of the Patriot Act and regular warrants and
subpoenas, regardless of where the user is
located.</span><br>
<br>
<span style="font-size:10.5pt">The legal standard
for production of information by a third party,
including cloud computing services under US civil
(</span><a moz-do-not-send="true"
href="http://www.law.cornell.edu/rules/frcp/rule_45"><span
style="font-size:10.5pt;font-family:inherit;border:none
windowtext
1.0pt;padding:0cm;text-decoration:none">http://www.law.cornell.edu/rules/frcp/rule_45</span></a><span
style="font-size:10.5pt">) and criminal (</span><a
moz-do-not-send="true"
href="http://www.law.cornell.edu/rules/frcrmp/rule_16"><span
style="font-size:10.5pt;font-family:inherit;border:none
windowtext
1.0pt;padding:0cm;text-decoration:none">http://www.law.cornell.edu/rules/frcrmp/rule_16</span></a><span
style="font-size:10.5pt">) law is whether the
information is under the "possession, custody or
control" of a party that is subject to US
jurisdiction. It doesn’t matter where the
information is physically stored, where the
company is headquartered or, importantly, where
the person whose information is sought is located.
The issue for users is whether the US has
jurisdiction over the cloud computing service they
use, and whether the cloud computing service has
“possession, custody or control” of their data,
wherever it rests physically. For example, one
could imagine a situation in which a large
US-based company was loosely related to a
subsidiary overseas, but did not have “possession,
custody, or control” of the data held by the
subsidiary and thus the data wasn’t subject to US
jurisdiction.</span><o:p></o:p></p>
</div>
</blockquote>
<p class="MsoNormal"><br>
Interesting, although maybe somewhat obvious! So, even
if an European sends a email (gmail) to another
European, and the transit and storage of the content
never in fact reaches US borders, Google would still be
obliged to hand over the contents to US officials under
PRISM...... Can a country claim that Google broke its
law in the process, a law perhaps as serious as
espionage, whereby the hypothesized European to European
email could have carried classified information! Here,
Google, on instructions of US authorities would have
actually transported a piece of classified - or
otherwise illegal to access - information from beyond US
borders into US borders. <br>
<br>
What about US telcos working in other countries, say in
India. AT&T (through a majority held JV) claims to
be the largest enterprise service provider in India. And
we know AT & T has been a somewhat over enthusiastic
partner in US's global espionage (for instance see <a
moz-do-not-send="true"
href="http://www.techdirt.com/articles/20100121/1418107862.shtml">here</a>
)... Would all the information that AT & T has the
"possession. custody and control" of in India in this
matter not be considered fair game to access by the
US...... All this looks like a sliding progression to
me. Where are the limits, who lays the rules in this
global space.... <br>
<br>
parminder <br>
<br>
<br>
<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal"><br>
On 6/24/13 5:28 AM, parminder wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hi All<br>
<br>
There was some demand on the bestbits list that we
still need to ask a lot of questions from the involved
companies in terms of the recent PRISM plus
disclosures. We are being too soft on them. I refuse
to believe that everything they did was forced upon on
them. Apart from the fact that there are <a
moz-do-not-send="true"
href="http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html">news
reports</a> that US based tech companies regularly
share data with US gov for different kinds of favours
in return, or even simply motivated by nationalistic
feeling, we should not forget that many of these
companies have strong political agenda which are
closely associated with that of the US gov. You must
all know about '<a moz-do-not-send="true"
href="http://en.wikipedia.org/wiki/Google_Ideas">Google
Ideas</a>', its revolving doors with US gov's
security apparatus, and its own aggressive <a
moz-do-not-send="true"
href="http://www.informationclearinghouse.info/article34535.htm">regime
change ideas</a>. Facebook also is known to 'like'
some things, say in MENA region, and not other things
in the same region.....<br>
<br>
<span
style="font-family:"Verdana","sans-serif"">Firstly,
one would want to know </span>whether the
obligations to share data with US government extended
only to such data that is actually located in, or
flows, through, the US. Or, does it extend to all data
within the legal control/ ownership of these companies
wherever it may reside. (I think, certainly hope, it
must be the former, but still I want to be absolutely
sure, and hear directly from these companies.)<br>
<br>
Now, if the obligation was to share only such data
that actually resided in servers inside the US, why
did these companies, in face of what was obviously
very broad and intrusive demands for sharing data
about non US citizens, not simply locate much of such
data outside the US. For instance, it could pick up
the top 10 countries, the data of whose citizens was
repeatedly sought by US authorities, and shift all
their data to servers in other countries that made no
such demand? Now, we know that many of the involved
companies have set up near fictitious companies
headquartered in strange places for the purpose of tax
avoidance/ evasion. Why could they not do for the sake
of protecting human rights, well, lets only say, the
trust, of non US citizens/ consumers, what they so
very efficiently did for enhancing their bottom-lines?
<br>
<br>
Are there any such plan even now? While I can
understand that there can be some laws to force a
company to hold the data of citizens of a country
within its border, there isnt any law which can force
these companies to hold foreign data within a
country's borders... Or would any such act perceived
to be too unfriendly an act by the US gov?<br>
<br>
<br>
I am sure others may have other questions to ask these
companies.....<br>
<br>
parminder <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>Katitza Rodriguez<o:p></o:p></pre>
<pre>International Rights Director<o:p></o:p></pre>
<pre>Electronic Frontier Foundation<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:katitza@eff.org">katitza@eff.org</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:katitza@datos-personales.org">katitza@datos-personales.org</a> (personal email)<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Please support EFF - Working to protect your digital rights and freedom of speech since 1990<o:p></o:p></pre>
<p class="MsoNormal"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"> <o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>Dr Marianne Franklin<o:p></o:p></pre>
<pre>Reader <o:p></o:p></pre>
<pre>Convener: Global Media & Transnational Communications Program<o:p></o:p></pre>
<pre>Co-Chair Internet Rights & Principles Coalition (UN IGF)<o:p></o:p></pre>
<pre>Goldsmiths, University of London<o:p></o:p></pre>
<pre>Dept. of Media & Communications<o:p></o:p></pre>
<pre>New Cross, London SE14 6NW<o:p></o:p></pre>
<pre>Tel: +44 20 7919 7072<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:m.i.franklin@gold.ac.uk"><m.i.franklin@gold.ac.uk></a><o:p></o:p></pre>
<pre>@GloComm<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://twitter.com/GloComm">https://twitter.com/GloComm</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://www.gold.ac.uk/media-communications/staff/franklin/">http://www.gold.ac.uk/media-communications/staff/franklin/</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://www.gold.ac.uk/pg/ma-global-media-transnational-communications/">https://www.gold.ac.uk/pg/ma-global-media-transnational-communications/</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="http://www.internetrightsandprinciples.org">www.internetrightsandprinciples.org</a><o:p></o:p></pre>
<pre>@netrights<o:p></o:p></pre>
</div>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>