[governance] Russian Parliament Discussing "Digital Sovereignty"
parminder
parminder at itforchange.net
Wed Aug 7 09:50:40 EDT 2013
On Wednesday 07 August 2013 06:48 AM, michael gurstein wrote:
> http://ca.news.yahoo.com/russia-seeking-snowdens-help-data-security-17501860
> 3.html
>
> (I've retitled this...
>
> M
The responses of governments to Snowden revelations have many troubling
aspects. Soon, perhaps with a lot of regret, we will realise that the
Internet did not get balkanised because of attempts to put up democratic
(even if only relatively democratic) global Internet governance
structures - as the alarm has often been raised - but that it is
getting balkanised because we did not do enough to set up such
structures. It may still be time to make positive efforts in this regard.
Meanwhile, evidently, US already enforces complete 'digital
sovereignty'..... It only opposes other countries' attempt to have some
leverage over their own digital space, however legitimate their reason
may be.... Time that US's bluff is called.....
From the article below.. ( at
http://www.frontline.in/the-nation/indian-help/article4982631.ece?homepage=true
)
"Article 2, the key section of the agreement, clearly outlines the
obligations of the company regarding storage of information on
domestic communications. Section 2.4 states that unless otherwise
agreed to by the parties, Yipes shall store domestic communications,
transactional data, subscriber information, billing records,
domestic network and domestic network management information
exclusively in the U.S." [....] Article 1.3 of the agreement says
that VSNL shall ensure that all domestic telecommunications routed
over the Teleglobe network shall not be routed outside of the U.S.
and/or Canada except in emergency situations such as a natural
disaster."
parminder
*Surveillance: **Indian help*
Frontline
Network security agreements that Reliance Communications and VSNL
signed with U.S. government departments oblige them to share data
carried on their infrastructure and assist the U.S. in its
surveillance programme.
By SAGNIK DUTTA in New Delhi
EVEN as the storm set off by the whistle-blower Edward Snowden’s
revelations about the United States’ elaborate electronic
surveillance programme is raging, a set of documents accessed by
/Frontline /highlight the involvement of two major Indian telecom
companies in assisting the U.S. in carrying out the programmes.
A series of Network Security Agreements (NSAs) entered into by various
U.S. government departments with foreign communications infrastructure
providers from 1999 to 2011 allowed the U.S. access to a considerable
amount of data flowing through the cables of these companies.
Reliance Communications Limited and the erstwhile Videsh Sanchar Nigam
Limited (VSNL), which is now called Tata Communications Ltd, signed
network security agreements with the U.S. in November 2007 and April
2005 respectively. The U.S. government departments that were party to
this agreement include the Federal Bureau of Investigation (FBI), the
Department of Homeland Security (DHS), the Department of Justice (DoJ),
and the Department of the Treasury.
A close analysis of these agreements reflects an elaborate attempt to
control and monitor the flow of information through physical
infrastructure owned by these companies. A similar pattern is observed
in the agreements in terms of the mechanisms that are put in place to
not only control and monitor transactional and other information of
subscribers, but also protect access to the same by foreign governments
and even the management of the company. The agreements also attempt to
control foreign ownership of telecom companies. This illustrates
attempts by the U.S. to dominate the cyberspace.
These agreements have significant ramifications for cybersecurity policy
in India. A significant amount of Internet traffic across the world,
including from India, flows through the U.S. Internet infrastructure.
The existence of such agreements makes such data available to U.S.
government departments. What is noticeable in these agreements is the
degree to which foreign control of the telecom companies is monitored
and curbed.
Speaking to /Frontline/, Prabir Purkayastha, chairman of Knowledge
Commons, a body involved with Internet and free software issues, said:
“The attempt to gain control of telecom infrastructure
through surveillance is significant as 80 per cent of the Internet
traffic is routed through the U.S. Also, the contrast between India and
the U.S. in terms of telecom policy is significant. While India is
calling for lifting the ceiling on FDI [foreign direct investment] to
100 per cent, the U.S. is exercising considerable control over the
functioning of telecom companies.”
On July 22, /The Hindu/ reported that National Security Adviser
Shivshankar Menon, in an internal note, called for international
cooperation to counter cyber attacks. The note reportedly mentioned that
the security agencies of the U.S. and the United Kingdom were “extremely
stingy” in sharing information.
*Reliance Communications’ agreement *
An agreement signed by Reliance Communications Limited and its
subsidiaries (Reliance Gateway Net Limited, Yipes Holdings Limited and
FLAG Telecom Group Limited) with the DoJ and the DHS (referred to as USG
parties) in November 2007 provides that the communications service
providers will provide technical or other assistance upon lawful request
to facilitate electronic surveillance relating to domestic
communications infrastructure.
It is significant to note in this context that at the time of signing
this agreement, Yipes catered to financial, legal, government,
educational and health-care industries through a network of more than
22,000 route kilometres of optical fibre and associated equipment across
17 major U.S. metropolitan markets. The agreement also mentions that
Yipes had points of presence (PoPs) in London, Tokyo and Hong Kong and
was in the process of deploying additional PoPs in Frankfurt, Toronto
and London. Reliance Communications completed its acquisition of Yipes
in December 2007. The acquisition was announced in July.
Article 2, the key section of the agreement, clearly outlines the
obligations of the company regarding storage of information on domestic
communications. Section 2.4 states that unless otherwise agreed to by
the parties, Yipes shall store domestic communications, transactional
data, subscriber information, billing records, domestic network and
domestic network management information exclusively in the U.S. Article
2.5 of the agreement clearly puts an obligation on Yipes to share such
information on request with the U.S. government authorities. On a
request made by a government authority, Yipes will have to provide any
information in its possession and such information shall be stored
exclusively in the U.S.
The agreement envisages an elaborate security framework to guard
zealously this information accessed by the service providers. It states
that within 10 business days of the effective date, Yipes shall
designate a security officer to act as a point of contact between the
USG parties regarding compliance with this agreement. Article 3.1 of the
agreement says that the security officer will have to be a resident U.S.
citizen, hold a U.S. security clearance and possess the authority to
enforce the agreement. The security officer is given considerable powers
and access to information.
The agreement states that the security officer “shall have access to all
information necessary to perform his or her duties, including, without
limitation, security-related and technical information and business
information, including but not limited to information regarding the
existing and emerging products and services of Yipes and business plans
of the communications service providers affecting Yipes’ ability to
perform its obligations under this agreement”. It further states that if
any action of the security officer is blocked or if he is denied
relevant information, the officer shall immediately report the fact to
the USG parties within five days of such an incident occurring.
Further, Article 3.10 of the agreement provides that Yipes, upon a
request from the USG parties, shall provide the name, date of birth, and
other relevant requested information of each person who regularly
handles or deals with sensitive information. Also, the company is bound
by the agreement not to disclose sensitive information to any third
party, including those who serve in a supervisory, managerial or
executive role with respect to the employees working with the
information (Article 3.11).
Article 4 of the agreement outlines attempts to manage the structure of
the company and exert considerable control over ownership by foreign
entities. Article 4.2 of the agreement says that a member of the
management of Yipes acquiring information about a foreign entity
acquiring ownership in the company or the domestic communications
infrastructure above 10 per cent shall notify Yipes in writing within 10
business days. Also, Article 4.3 of the agreement states that if any
foreign government or foreign government-controlled entity participates
in the management of the company in a way so as to interfere with Yipes
performing the terms of the agreement, then a member of the management
aware of such developments will notify the USG parties within 10
business days of the timing and nature of the foreign government’s plans.
Article 4.7 allows the USG parties to visit any time any part of the
domestic communications infrastructure and Yipes’ security offices to
conduct on-site reviews regarding the implementation of this agreement.
Article 7.3 of the agreement says that violation of any obligations of
this agreement shall be considered irreparable injury and monetary
relief will not be adequate remedy. The agreement states that the USG
parties shall be entitled “to any remedy available to law or equity, to
specific performance and injunctive or other equitable relief”.
A detailed questionnaire addressed to Reliance Communications remained
unanswered at the time of writing this report.
*Agreement with VSNL *
A similar agreement was signed between VSNL and the U.S. government
departments which also provided an elaborate framework
of surveillance in collaboration with the telecom company. The agreement
was signed by VSNL and its subsidiaries (VSNL America and VSNL
Telecommunications (U.S.), or VSNL U.S.) with the DoJ, including the FBI
and the DHS, and the Department of Defence, collectively referred to as
the “Parties”, between April 5 and 7, 2005. This was to be followed up
by an agreement, dated July 25, among VSNL, VSNL Telecommunications
(Bermuda) Ltd and Teleglobe International Holdings Ltd and affiliated
entities to facilitate the filing of applications with the Federal
Communications Commission (FCC) for authorisation to assign and transfer
control of certain licences granted by the FCC. (VSNL acquired Teleglobe
in July 2005.)
The agreement provides the U.S. government departments a mechanism for
seamless and holistic access to information flowing through the physical
infrastructure of VSNL and Teleglobe. Article 1.3 of the agreement says
that VSNL shall ensure that all domestic telecommunications routed over
the Teleglobe network shall not be routed outside of the U.S. and/or
Canada except in emergency situations such as a natural disaster. The
agreement also grants the U.S. government departments unimpeded access
to information concerning technical matters and physical management or
other security measures and the right to ensure compliance with its terms.
Article 2.1 states that all domestic communications infrastructure shall
at all times be located in the U.S. and it shall pass through the
facility of VSNL America or VSNL U.S. located in the U.S. from which
electronic surveillance can be conducted. As per Article 2.3, these two
entities are obliged to store domestic communications, wire or
electronic communications, transactional data, subscriber information,
billing records of customers who are U.S.-domiciled, and network
management information.
This agreement also provides a similar elaborate security apparatus to
enable electronic surveillance and access to sensitive information.
Article 3.2 of the agreement states a security officer shall review
visits by non-U.S. persons to any domestic communications
infrastructure. A written request for approval of a visit was to be
submitted to the security officer no less than seven days prior to the
date of the proposed visit. Article 3.8 also talks about points of
contact to be assigned to VSNL America and VSNL U.S. security offices
who shall be available for 24 hours a day, seven days a week, and shall
be responsible for maintaining the security of classified, sensitive and
controlled unclassified information. The two companies are also obliged
to comply with any request from the U.S. government authorities for a
background check or a security clearance process to be completed for a
designated point of contact. The U.S. government departments are also
given considerable powers regarding the appointment and screening of
security officers handling sensitive information.
The clauses of Article 3.14 clearly point to the degree of penetration
that this agreement allows to the U.S. government departments. It
states: “Upon request, VSNL America or VSNL U.S. shall provide to the
investigation services of DHS, DOJ, FBI, and DOD, or in the alternative,
to the investigation service of the United States office of Personnel
Management (‘OPM’), all the information it collects in its screening
process of each candidate.”
This agreement also states that the breach of the terms will entail
“irreparable injury” (Article 4.3) caused to the U.S. government
departments and they will have the right to any other remedy available
at law, to “specific performance and injunctive or other equitable relief”.
An e-mail questionnaire to Tata Communications about the agreement did
not elicit any response at the time of writing this article.
The existence of these agreements highlights the concerted attempts by
the U.S. government departments to appropriate global telecom
infrastructure to establish dominance in the cyberspace.
The involvement of two major Indian telecom companies in this elaborate
framework of surveillance in collaboration with U.S. government
departments has significant implications for cyber security policy in
India. The larger question facing the advocates of Internet democracy
and privacy in communication is whether the Indian telecommunications
companies will be similarly appropriated by an overzealous Indian
government to obtain information about unsuspecting citizens and
eventually as an instrument to control and monitor forms of dissent both
in the real and in the virtual world.
***
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20130807/7ad5e388/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
governance at lists.igcaucus.org
To be removed from the list, visit:
http://www.igcaucus.org/unsubscribing
For all other list information and functions, see:
http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
http://www.igcaucus.org/
Translate this email: http://translate.google.com/translate_t
More information about the Governance
mailing list