[governance] Re: [bestbits] PRISM - is it about the territorial location of data or its legal ownership

Suresh Ramasubramanian suresh at hserus.net
Thu Jun 27 05:06:24 EDT 2013


I just left this comment on the Indian Express website where it is
currently awaiting moderation

http://www.indianexpress.com/news/wide-asleep-on-the-net/1134254/4

--------

With respect - there are several issues (or shall we say, alternate
perspectives) with this article that I would like to point out.

So, before I begin, in the interests of full disclosure - My job role at
my workplace absolutely does not involve internet governance issues, and
while I work for an IT major, my involvement with internet governance and
cybersecurity issues predates any industry job that I have been in. And
here, I am speaking absolutely for myself.

To start with, let me take issue with the "apologists who depend on global
internet majors for their income". Tarring those who have an alternate
perspective with a brush of "selfish commercial interest" is hardly the
way to make your point.

Despite any "orchestraed cacophony in the media",- the CIRP proposal could
not find consensus among other governments either, and has since then been
specifically disclaimed by Minister Pilot, who has rightly reaffirmed his
commitment to a multistakeholder process, rather than one where control
rests exclusively in the hands of an intergovernmental committee, with
other stakeholders only present in an advisory capacity. An article in the
Hindu "On Internet rules, India now more willing to say ICANN" published
on October 13, 2012, describes how, after detailed inter ministerial and
multi stakeholder consultation, and reaffirmed india's commitment to
multistakeholderism.

To quote Minister Pilot, Mr. Pilot also confirmed, “We are moving ahead
with new proposals. While the existing system certainly needs to be
changed, India’s position will include multi-stakeholder involvement and
not inter-governmental bodies that may have been proposed in the past.”

I also remember Minister Sibal reaffirming India's commitment to
multistakeholderism at multiple venues (such as the recent East West
Institute Cyber Summit in New Delhi, last October).

In short, trying to resurrect a repudiated proposal like CIRP, which did
not gain sufficient consensus either within India or among ITU member
states, may not be the most productive way forward.

In addition, though the ITU can and should play a vital role in
engagement, over the past several years since 2007-08, it has steadily
stepped away from a widespread advocacy of multistakeholderism (witness,
for example, the collegial atmosphere created during their WSIS thematic
meetings on C5 - cybersecurity, in those years - and the gradual
detirioration of the beginnings of a cordial relationship with the
multistakeholder community).

Mr.Puri further states that US "hegemony over the Internet" leads to "a
lack of accountability" in root zone operators, several of whom are not US
based - and who have, to my personal knowledge, spent the past decades
working very hard to maintain the security, stability and integrity of
DNS, and who have engaged in substantial outreach to place mirrors of the
root servers around the world, including several in India. Indeed, I am
typing this from Chennai, with an instance (mirror) of the F root server
located within a twenty minute walk from my residence.

Most of the issues in India and elsewhere, with international connectivity
being expensive, are, if I may refresh Mr. Puri's memory, more to do with
the past history of telecom being a government monopoly in India, and with
an long standing lack of awareness of best practices such as peering. This
has gradually changed in the recent past with the NIXI (National Internet
Exchange of India) set up in close cooperation with the GoI, indian ISPs
as well as stakeholders from around the world.

As for the lack of "multilateral mechanisms" to ensure network stability -
this is also a multistakeholder effort that goes on every day. involving
close "operational" coordination between people from across stakeholder
communities including government organizations such as national CERTs and
law enforcement, and multiple venues - none of which is, I regret to
inform Mr.Puri, anywhere related to the UN, In fact if there's a problem
with this, the problem is an absolute multiplicity of venues where such
active cooperation takes place day in and day out.

Indian organizations tend not to attend these for various reasons
(possibly travel budget related - though I seriously doubt that there'd be
a positive difference made in this regard by attempting to centralize
governance of the Internet in Geneva, one of the most expensive cities in
the world for visitors whose expenses are not borne by their national
governments).

So, organizations routinely make every effort to reach out to India.
M3AAWG, the Messaging, Malware and Mobile Anti Abuse Working Group,
organized a day long event at the FICCI headquarters in New Delhi on the
sidelines of the East West Institute Cyber Summit in October 2012, and has
since then hosted local events to reach out to Indian ISPs, messaging and
mobile providers and datacenter operators to spread awareness on best
practices in spam control and cybersecurity. http://www.maawg.org/india/
for more details.

As for the Budapest convention on cybercrime, it simply formalizes a setup
that has existed as a set of mutual agreements (MoUs called MLATs, Mutual
Legal Assistance Treaties) among law enforcement bodies around the world,
and is founded on a principle of dual criminality. Several countries have
signed on to it in the years since its inception, and do have the option
to sign on to only those specific terms from the convention that they are
in agreement with.

That is not the only reason India would not be declared a "data secure"
country. There is no privacy law in India at this moment, though
organizations from industry and civil society appear to be working on
draft bills that can be circulated among lawmakers to gather support.

Moreover, there is a widespread lack of privacy protection in practice,
with data theft being rampant, as evidenced by everything from customer
data of service providers ending up in the hands of telemarketers and
spammers, to, in some cases, even street food vendors who can be found
wrapping bhelpuri in credit card statements and photocopies of PAN cards.

With respect, I will submit that it is in the public interest for India to
crack down on such gross abuses of privacy - whether or not we meet the
incidental goal of being declared a data secure nation so that EU based
organizations can be allowed to outsource work here.

In conclusion, we in India - across stakeholder communities, need to
increase and broaden our level of engagement in the multistakeholder
internet, across stakeholder communities instead of working towards a
retrograde, silo'ed structure of internet governance.

Thank you.
--srs

On Thu, June 27, 2013 10:52 am, Suresh Ramasubramanian wrote:
> Thanks for sharing this. Looks like a further rebuttal of some long
> recycled canards is in order. Now for a letter to the editor of the indian
>  express
>
> --srs (htc one x)
>
>
>
>
> On 27 June 2013 10:43:20 AM parminder <parminder at itforchange.net> wrote:
>
>>
>> From the Indian Express, of yesterday..... The author recently retired
>> as India's Permanent Representative to the UN.
>>
>>
>>
>>
>> Wide asleep on the net
>>
>>
>> *Hardeep S Puri* Posted online: Thu Jun 27 2013, 05:15 hrs
>> **/The Snowden revelations point to the urgency to overhaul the current
>> architecture of global internet governance/
>>
>> Disclosures by Edward Snowden of the PRISM project by the National
>> Security
>> Agency of the United States government have revived discussions about
>> the need for democratisation of the current architecture of global
>> internet governance. Notwithstanding the sophistry and grandstanding
>> about preserving the multi-stakeholder model, freedom of expression and
>> avoiding control of content, the current system is anything but any of
>> these. Behind this veneer, the economic, commercial and political
>> interests of a powerful group are sought to be entrenched.
>>
>> The US not only possesses the capacity to keep our citizens under
>> surveillance, but in fact tracks telephone calls, emails, chats and
>> other communications based on the internet every month, in the name of
>> counter-terrorism. Being ranked fifth, bracketed with Jordan and
>> Pakistan
>> and ahead of Saudi Arabia, China and Russia, should be a matter of
>> concern for India.
>>
>> Apologists among Indian IT majors and industry associations can be
>> expected to rise in defence of the current model of internet governance;
>> after all, many of them depend on global internet majors for their
>> business, and have always spoken and acted on behalf of the latter.
>> Whenever discussions are
>> held on the subject, the former find ways of occupying the space and
>> manipulating opinions that echo the interests of the latter.
>>
>> India called for democratisation of global internet governance and
>> proposed in October 2011 the setting up of a Committee for
>> Internet-Related Policies
>> (CIRP), accountable to the United Nations General Assembly, to deal with
>>  international public policies relating to the internet. Instead of
>> discussing the pros and cons of different elements of the proposal,
>> there was an orchestrated cacophony in the media designed to drown any
>> reasoned debate. Calls were made to force India to withdraw the
>> proposal. India’s proposal was characterised as catastrophic,
>> threatening a “UN takeover of the internet”, and doomed to bring down
>> Indian IT firms.
>>
>>
>> India’s policy on this subject of considerable strategic significance
>> has been consistent for over a decade. The initial calls for
>> democratisation of global internet governance were made by then
>> ministers Arun Shourie in December 2003 in Geneva and Dayanidhi Maran in
>> Tunis in November 2005, at
>> the World Summit on Information Society (WSIS). India pursued the
>> implementation of the report of the Working Group on Internet
>> Governance
>> (WGIG) chaired by Nitin Desai on the subject during the 2003 -05 period
>> and the Tunis Agenda, which mandated that the “International management
>> of the internet should be multilateral, transparent and democratic”. The
>> report got implemented only in parts, through the setting up of the
>> Internet
>> Governance Forum whose ineffectiveness has been increasingly recognised
>> in recent months even by Western commentators and academics. The more
>> important recommendations on dealing with public policy issues were
>> buried deep, without any meaningful discussion of the options presented
>> in the report.
>>
>> The WGIG had identified significant governance gaps with regard to the
>> internet: these included unilateral control of the root zone files and
>> systems and lack of accountability of root zone operators; concerns over
>>  allocation policies for IP addresses and domain names; confusion about
>>  application of intellectual property rights in cyberspace;
>> substantially higher connectivity costs in developing countries located
>> far from internet backbones; lack of multilateral mechanisms to ensure
>> network stability and security; lack of effective mechanisms to prevent
>> and prosecute internet crimes and spam; barriers to multi-stakeholder
>> participation; restrictions on freedom of expression; inconsistent
>> application of privacy and data-protection rights; absence of global
>> standards for consumer rights; insufficient progress towards
>> multilingualism; and insufficient capacity-building in developing
>> countries. The Indian proposal had only suggested that these very same
>> issues, as well as policy issues that have evolved since WSIS, be
>> considered by the CIRP; it had not proposed that the UN “take over the
>> internet”, or that the current technical arrangements be overturned, as
>> argued by the detractors.
>>
>> We need to recognise the implications of the current model. On the one
>> hand, India is asked to ratify the Budapest Convention on Cybercrime, in
>>  the negotiation of which India played no part, in order for us to be
>> eligible to be qualified as a “data-secure” country. On the other,
>> India is
>> sought to be excluded from any forum or deliberations where the global
>> rules for governance of the internet or management of critical internet
>>  resources and logical infrastructure are evolved. Another aspect that
>> is seldom appreciated here is the discomfort that European countries
>> have with the current US-dominated model of global governance of the
>> internet, as demonstrated by statements emanating from their officials,
>> the number of legal disputes European bodies have launched against US
>> internet majors, and attempts by countries like France to modify the
>> existing system.
>>
>> Well before the Snowden disclosures, the security, socio-economic and
>> legal implications of the current model of internet governance had
>> become quite apparent. Just to take one example, the Julian Assange
>> phenomenon and the WikiLeaks disclosures had amply demonstrated some of
>> them. Concerns about shell companies and tax avoidance by global
>> internet majors provide another instance. The use of Stuxnet was a third
>> one.
>>
>> The US is clearly determined to continue its relentless pursuit of the
>> current model of global internet governance, for preserving its economic
>>  and strategic interests. It is unlikely that there will be any change
>> in its policy even after the Snowden disclosures.
>>
>> Some representatives of Indian industry associations have been warning
>> that Indian IT companies are heavily dependent on global internet majors
>> and that they will suffer by India’s championing of the cause of
>> democratisation of internet governance. This lie needs to be nailed.
>> First,
>> there has been no evidence of any such impact. Second, independent of
>> India’s proposal, Indian IT companies have been demonstrating that they
>>  have more or less reached the maximum of the current models of their
>> growth. Third, we need to work for the next generation of Indian IT
>> companies, which can move up the value chain by creating their own
>> branded services and products and leading global innovation in IT. In
>> other words, we need to produce the next generation of Murthys and
>> Premjis. This
>> requires modifying the eco-system, architecture and infrastructure, both
>>  nationally and internationally, where such ventures can grow. This
>> makes it imperative for India to become a lead player and shape the
>> global ICT industry architecture that helps Indian ICT companies of the
>> future.
>>
>> None of this is going to be easy, however. We need a dedicated group of
>>  people — within the establishment, industry, technical and scientific
>> community, academia, civil society and media — who can reflect upon and
>>  define India’s long-term interests in advancing the cause of
>> democratising global internet governance and free ourselves from the
>> current model where the space for discussion is arrogated by apologists
>> for the current model of unilateral control.
>>
>> The UN has launched a process for observing the 10th anniversary of
>> WSIS in
>> 2015. This provides an opportunity for India to work with other leading
>> democratic countries like Brazil and South Africa within the IBSA
>> platform and with other like-minded countries in the UN for
>> democratising global internet governance to make it truly “multilateral,
>> transparent and democratic”, as envisioned in the Tunis Agenda.
>>
>> The writer, a retired diplomat, was India’s permanent representative to
>> the UN
>>
>> ***
>>
>>
>>
>>
>>
>>
>>
>>
>> On Wednesday 26 June 2013 03:54 PM, parminder wrote:
>>
>>>
>>> While building on the past is important, I think, there is also a
>>> keen
>> realisation  that we are passing - and mostly, missing - a series of
>> what could be 'constitutional moments' for a new Internet mediated
>> society... And that the global civil society should pause, and
>> retrospect. I see this from emails of Gene, Andrew, Michael, Marianne
>> and others - on diverse issues, ranging from the recently concluded
>> meeting of ITU WG on Internet related public policy issues to PRISM plus
>> disclosures.
>>>
>>> Let me try to pick what in my view are some 'big points' of the
>>> present
>> moment... and then drill downwards. The biggest I think is that we need
>> to get over that age of innocence, whereby most civil society took the
>> stance that less rather than more global IG is better..... That was a
>> mistake, and continues to be a mistake... Internet is big, it is global,
>> it transforms everything. And the prescription of less rather than more
>> - appropriate -
>> governance of it can only serve dominant interests. We need to accept
>> that - whether it is human rights, or it is distributional issues - we
>> need more global IG. And since Internet itself is new, its global
>> governance too will involve many new elements. It is, to a good measure,
>> up to the civil society to be innovative and brave in this regard.....
>> Something,
>> unfortunately, we have consistently shrunk from doing...
>>>
>>> First of all, we urgently need an appropriate focal point - and
>>> around it
>> a webbed architecture - of global IG.... And that focal point I think
>> should be body like the OECD's Committee on Computers, Information and
>> Communication Policy, which can be attached to the UN General Assembly,
>> and should be new age in its structure, form, participation avenues
>> etc... And this committee should be fed in by the IGF. Everyone who
>> knows about the OECD's CCICP, knows how intensively it works, and what
>> quality of output it produces, and how how consultative,
>> multi-stakeholder etc it is.....
>>>
>>> We simply must create a similar focal point at the global level,
>>> right
>> away..... Lets at least discuss it... I have raised this proposal
>> several times, but have have no real response on why such a body at the
>> global level is not appropriate, and why is it appropriate at OECD
>> level.... This single step would go a long way it setting us on the
>> right direction....
>>>
>>> And then, this is the second imperative, we need to go down to some
>>> real
>> work.... not just the highest level principles that have been around
>> but seem not to really work... For example, Andrew quotes privacy
>> principles from GNI document. Well, its provisions clearly were violated
>> what what Snowden tells us... So?? Nothing happens. Right. We have
>> provisions in the IRP doc as well....
>>
>>>
>>> What we need to do now is to move to the next serious level.... Speak
>>>
>> about actual due process, guarantees for transit data. how these
>> guarantees operate, and the such. We were informed recently on the IGC
>> list that EU does not subject data that is merely in transit to data
>> retention requirements. How this obligation can be extended to others.
>> ... What
>> disclosures can and should the telecom and application companies share
>> about data hosting and transit, and applicability of different
>> jursidictions over the data they carry and process.... We need to drill
>>  down to such real issues. And that kind of thing happens only when
>> there are clear focal points for policy development that exist  (See for
>> instance the real work that is going on right now in Marrakesh for
>> writing out a new treaty  guaranteeing access to printed material for
>> the visually impaired).... We have on the other hand seen the kind of
>> joke that the IGF has rendered itself into as a policy dialogue
>> forum.... We need to take preventive action against such motivated
>> obfuscations....
>>>
>>> So, as I said, two things - (1) look for a real institutional focal
>>> point
>> for global IG, where all can participate, and (2), work on real norms,
>> policy frameworks, in the manner OECD's CCICP does.... I see no other
>> option... but as always wiling, to hear about them, if they exist....
>>>
>>> parminder
>>>
>>>
>>>
>>> On Wednesday 26 June 2013 02:45 PM, Andrew Puddephatt wrote:
>>>
>>>>
>>>> Entirely agree Marianne – this seems  a sensible way of proceeding
>>>>
>>>>
>>>> *Andrew Puddephatt***| *GLOBAL PARTNERS*DIGITAL
>>>>
>>>>
>>>> Executive Director
>>>>
>>>>
>>>> Development House, 56–64 Leonard Street, London EC2A 4LT
>>>>
>>>>
>>>> T: +44 (0)20 7549 0336 | M: +44 (0)771 339 9597 | Skype:
>>>> andrewpuddephatt *gp-digital.org*
>>>>
>>>>
>>>> *From:*Marianne Franklin [mailto:m.i.franklin at gold.ac.uk]
>>>> *Sent:* 26 June 2013 08:30
>>>> *To:* Andrew Puddephatt
>>>> *Cc:* 'parminder'; bestbits at lists.bestbits.net;
>>>>
>> governance at lists.igcaucus.org;
>> irp at lists.internetrightsandprinciples.org
>>>> *Subject:* Re: [bestbits] PRISM - is it about the territorial
>>>> location
>> of data or its legal ownership
>>>>
>>>> Dear Andrew
>>>>
>>>>
>>>> Have been following the conversation with interest. The point
>>>> Parminder
>>>>
>> raises about the responsibilities of companies in ensuring that human
>> rights in the fullest sense of the term are not jeopardised at the
>> deepest levels of the internet's architecture is one that indeed needs
>> attention. However, the conversation so far is proceeding as if no work
>> at all has been done around human rights norms and principles for the
>> internet. This is not the case. A lot of work has been done, indeed
>> stretching back many year into the WSIS period. If we choose to forget
>> or ignore what came before we are all doomed to repeat past mistakes (as
>> a great sage once remarked)!
>>>>
>>>> With the Bali IGF as a venue for meeting and moving forward I do
>>>> think
>> it is important to note that the Charter of Human Rights and Principles
>>  already goes a *long* way in defining these 'global' (I use the term
>> advisedly) norms and principles carefully. The reason for the cautious
>> approach in 2010-2011 when the IRP Coalition was drafting this current
>> version was precisely in order to be precise and coherent. Many people
>> on all these lists were involved in this process and can share the
>> credit for what has been achieved. The cautiousness then, criticised at
>> the time, has paid off in retrospect.
>>>>
>>>> As a wide-ranging Charter of human rights and principles focusing
>>>> on the
>> online environment, then picked up by Frank La Rue thanks to the work
>> of the then IRP Coalition Chairs, Lisa Horner and Dixie Hawtin in turn,
>> based on the UDHR and its successors it was, and is not intended to be a
>>  prescriptive, or one-size-fits-all document. What was intended and to
>> my mind has been achieved is rather a baseline, inspirational framing
>> for the work that is now emerging around specific cases and situations
>> such as privacy, freedom of expression and so on that have been thrown
>> into relief by the events around PRISM. The IRP Charter is also careful
>> to include the responsibility of companies as integral to these emerging
>> norms. Events have underscored that the IRP Charter was a project worth
>> engaging in and for that the 'we' on these lists did achieve something
>> quite remarkable.
>>>>
>>>> Moving the IRP Charter up a level is a focus for two workshops at
>>>> least
>> in Bali, and the IRP Meeting there I would like to propose that these
>> are very suitable places to continue these discussions, online and of
>> course in person. The Best Bits meeting prior to the IGF is in this
>> respect a great way to get started as the next stage of the IRP Charter
>> in substantive terms gets underway i.e. addressing the weaker parts of
>> the current Beta version
>> (http://internetrightsandprinciples.org/site/charter/) and widen
>> awareness amongst the human rights community and inter-govn
>> organizations. A huge step in the latter has already been achieved in
>> recent weeks and I would like to add these moves to the work being done
>> through Best Bits.
>>>>
>>>> Finally, on principles seeing as this focus is also on the IGF
>>>> agenda,
>> here too the IRP Charter developed precursor models (such as the APC
>> Bill
>> of Rights, the Marco Civil principles too) the IRP Ten Principles are
>> intended as an educational, outreach version of the actual Charter. So
>> here the work being initiated around Internet Goverance Principles
>> (however
>> defined) is something the IRP coalition supports implicitly.
>>>>
>>>> The only question I am getting from members is about how better to
>>>> work
>> together, which is why the current Charter goes quite some way in
>> establishing the sort of framework that is being advocated here. No
>> need to reinvent the wheel in other words!
>>>>
>>>> best MF
>>>>
>>>>
>>>> On 25/06/2013 17:59, Andrew Puddephatt wrote:
>>>>
>>>>
>>>> Just welcoming Parminder’s focus on companies here.  I feel that
>>>> the current situation is an opportunity to push the companies a lot
>>>> more rigorously than we have been able to do so far.   I like the
>>>> idea of global norms and principles and I wonder if anyone has done
>>>> any detailed work on this in relation to security/surveillance and
>>>> jurisdictional questions – specifically the role of global companies
>>>> rooted in one jurisdiction (principally the US I would guess?).    I
>>>> note that some German MPs are calling for US companies to establish
>>>> a German cloud distinct and separate from US jurisdiction..
>>>>
>>>> I think we can strategically link the two issues that Parminder
>>>> has flagged up – we can reinforce the push for norms and principles
>>>> pointing out this is a way for country’s to escape the US orbit – as
>>>> long as we can avoid the danger of breaking the internet into
>>>> separate national infrastructures – which is where the norms and
>>>> principles need to be carefully defined.   Is this something we can
>>>> discuss online and then discuss in person at Bali?
>>>>
>>>> Looking at the GNI principle on privacy it says:
>>>>
>>>>
>>>> Privacy is a human right and guarantor of human dignity. Privacy
>>>> is important to maintaining personal security, protecting identity
>>>> and promoting freedom of expression in the digital age.
>>>>
>>>> Everyone should be free from illegal or arbitrary interference
>>>> with the right to privacy and should have the right to the protection
>>>> of the law against such interference or attacks.
>>>>
>>>> The right to privacy should not be restricted by governments,
>>>> except in narrowly defined circumstances based on internationally
>>>> recognized laws and standards. These restrictions should be
>>>> consistent with international human rights laws and standards, the
>>>> rule of law and be necessary and proportionate for the relevant
>>>> purpose.
>>>>
>>>> Participating companies will employ protections with respect to
>>>> personal information in all countries where they operate in order to
>>>> protect the privacy rights of users.
>>>>
>>>> Participating companies will respect and protect the privacy
>>>> rights of users when confronted with government demands, laws or
>>>> regulations that compromise privacy in a manner inconsistent with
>>>> internationally recognized laws and standards.
>>>>
>>>> Is this something to build upon?   The final clause is
>>>> interesting – it implies that signatory companies will respect
>>>> privacy even when asked to comply with laws that breach
>>>> internationally recognized laws and standards which I assume
>>>> everyone thinks that FISA does?
>>>>
>>>> *Andrew Puddephatt***| *GLOBAL PARTNERS*DIGITAL
>>>>
>>>>
>>>> Executive Director
>>>>
>>>>
>>>> Development House, 56–64 Leonard Street, London EC2A 4LT
>>>>
>>>>
>>>> T: +44 (0)20 7549 0336 | M: +44 (0)771 339 9597 | Skype:
>>>> andrewpuddephatt *gp-digital.org*
>>>>
>>>>
>>>> *From:*bestbits-request at lists.bestbits.net
>>>> <mailto:bestbits-request at lists.bestbits.net>
>>>> [mailto:bestbits-request at lists.bestbits.net] *On Behalf Of
>>>> *parminder
>>>> *Sent:* 25 June 2013 09:25
>>>> *To:* bestbits at lists.bestbits.net
>>>> <mailto:bestbits at lists.bestbits.net>;
>>>> governance at lists.igcaucus.org <mailto:governance at lists.igcaucus.org>
>>>>  *Subject:* Re: [bestbits] PRISM - is it about the territorial
>>>> location of data or its legal ownership
>>>>
>>>>
>>>> This is how I think it works overall - the digital imperialist
>>>> system..... Global Internet companies - mostly US based -  know that
>>>> much of their operations worldwide legally are on slippery
>>>> grounds.... They find it safest to hang on to the apron strings of
>>>> the one superpower in the world today, the US... They know that the
>>>> US establishement is their best political and legal
>>>> cover.  The US of course finds so much military, political, economic,
>>>> social and cultural capital in being the team leader... It is an
>>>> absolutely win win... That is what PRISM plus has been about. And
>>>> this is what most global (non) Internet governance has been about -
>>>> with the due role of the civil society often spoken of here.
>>>>
>>>> Incidentally, it was only a few days before these disclosures
>>>> that Julian Assange spoke of "technocratic imperialism
>>>>
>> <http://www.nytimes.com/2013/06/02/opinion/sunday/the-banality-of-googl
>> es-dont-be-evil.html?pagewanted=all&_r=0>"
>>>> led by the US-Google combine... How quite to the point he was...
>>>> Although so many of us are so eager to let the big companies off
>>>> the hook with respect to the recent episodes.
>>>>
>>>> What got to be done now? If we indeed are eager to do something,
>>>> two things (1) do everything to decentralise the global Internet's
>>>> architecture, and (2) get on with putting in place global norms,
>>>> principles, rules and where needed treaties that will govern our
>>>> collective Internet behaviour, and provide us with our rights and
>>>> responsibilities vis a vis the global Internet.
>>>>
>>>> But if there are other possible prescriptions, one is all ears.
>>>>
>>>>
>>>> parminder
>>>>
>>>>
>>>> On Tuesday 25 June 2013 01:04 PM, parminder wrote:
>>>>
>>>>
>>>> On Monday 24 June 2013 08:18 PM, Katitza Rodriguez wrote:
>>>>
>>>>
>>>> Only answering one of the questions on jurisdictional
>>>> issues: The answer is somewhat complex
>>>>
>>>>
>>>> if data is hosted in the US by US companies (or hosted in the US by
>>>> companies based overseas), the government has taken the position
>>>> that it is subject to U.S. legal processes, including National
>>>> Security Letters, 2703(d)
>>>> Orders, Orders under section 215 of the Patriot Act and
>>>> regular warrants and subpoenas, regardless of where the user is
>>>> located.
>>>>
>>>> The legal standard for production of information by a
>>>> third party, including cloud computing services under US civil
>>>> (http://www.law.cornell.edu/rules/frcp/rule_45) and
>>>> criminal (http://www.law.cornell.edu/rules/frcrmp/rule_16) law is
>>>> whether the information is under the "possession, custody or
>>>> control" of a party that is subject to US jurisdiction. It doesn’t
>>>> matter where the information is physically stored, where the company
>>>> is headquartered or, importantly, where the person whose information
>>>> is sought is located. The issue for users is whether the US has
>>>> jurisdiction over the cloud computing service they use, and whether
>>>> the cloud computing service has “possession, custody or control” of
>>>> their data, wherever it rests physically. For example, one could
>>>> imagine a situation in which a large US-based company was loosely
>>>> related to a subsidiary overseas, but did not have “possession,
>>>> custody, or control” of the data held by the subsidiary and thus the
>>>> data wasn’t subject to US jurisdiction.
>>>>
>>>>
>>>> Interesting, although maybe somewhat obvious! So, even if an
>>>> European sends a email (gmail) to another European, and the
>>>> transit and storage of the content never in fact reaches US borders,
>>>> Google would still be obliged to hand over the
>>>> contents to US officials under PRISM...... Can a country claim that
>>>> Google broke its law in the process, a law perhaps
>>>> as serious as espionage, whereby the hypothesized European to
>>>> European email could have carried classified information!
>>>> Here, Google, on instructions of US authorities would have
>>>> actually transported a piece of classified - or otherwise illegal to
>>>> access - information from beyond US borders into US borders.
>>>>
>>>>
>>>> What about US telcos working in other countries, say in
>>>> India. AT&T (through a majority held JV) claims to be the
>>>> largest enterprise service provider in India. And we know AT & T has
>>>> been a somewhat over enthusiastic partner in US's global espionage
>>>> (for instance see here
>>>> <http://www.techdirt.com/articles/20100121/1418107862.shtml>
>>>> )... Would all the information that AT & T has the
>>>> "possession. custody and control" of in India in this matter
>>>> not be considered fair game to access by the US...... All this looks
>>>> like a sliding progression to me.  Where are the limits, who lays
>>>> the rules in this global space....
>>>>
>>>> parminder
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 6/24/13 5:28 AM, parminder wrote:
>>>>
>>>>
>>>> Hi All
>>>>
>>>>
>>>> There was some demand on the bestbits list that we still
>>>> need to ask a lot of questions from the involved companies in terms
>>>> of the recent PRISM plus disclosures. We are being too soft on them.
>>>> I refuse to believe that
>>>> everything they did was forced upon on them. Apart from the fact that
>>>> there are news reports
>>>>
>> <http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-dat
>> a-with-thousands-of-firms.html>
>>>> that US based tech companies regularly share data with US gov for
>>>> different kinds of favours in return, or even simply motivated by
>>>> nationalistic feeling, we should not forget that many of these
>>>> companies have strong political agenda which are closely associated
>>>> with that of the US gov.   You must all know about 'Google Ideas
>>>> <http://en.wikipedia.org/wiki/Google_Ideas>', its
>>>> revolving doors with US gov's security apparatus, and its own
>>>> aggressive regime change ideas
>>>> <http://www.informationclearinghouse.info/article34535.htm>.
>>>> Facebook also is known to 'like' some things, say in MENA
>>>> region, and not other things in the same region.....
>>>>
>>>> Firstly, one would want to know whether the obligations
>>>> to share data with US government extended only to such data that is
>>>> actually located in, or flows, through, the US. Or, does it extend
>>>> to all data within the legal control/ ownership of these companies
>>>> wherever it may reside.  (I think, certainly hope, it must be the
>>>> former, but still I want to be absolutely sure, and hear directly
>>>> from these companies.)
>>>>
>>>> Now, if the obligation was to share only such data that
>>>> actually resided in servers inside the US, why did these companies,
>>>> in face of what was obviously very broad and intrusive demands for
>>>> sharing data about non US citizens, not simply locate much of such
>>>> data outside the US. For instance, it could pick up the top 10
>>>> countries, the data of whose citizens was repeatedly sought by US
>>>> authorities, and shift all their data to servers in other countries
>>>> that made no such demand? Now, we know that many of the involved
>>>> companies have set up near fictitious companies headquartered in
>>>> strange places for the purpose of tax avoidance/ evasion. Why could
>>>> they not do for the sake of protecting human rights, well, lets only
>>>> say, the trust, of non US citizens/ consumers, what they so very
>>>> efficiently did for enhancing their bottom-lines?
>>>>
>>>> Are there any such plan even now? While I can understand
>>>> that there can be some laws to force a company to hold the data of
>>>> citizens of a country within its border, there isnt any law which
>>>> can force these companies to hold foreign data within a country's
>>>> borders... Or would any such act perceived to be too unfriendly an
>>>> act by the US gov?
>>>>
>>>>
>>>>
>>>> I am sure others may have other questions to ask these
>>>> companies.....
>>>>
>>>> parminder
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> -- >>
>>>> Katitza Rodriguez
>>>>
>>>>
>>>> International Rights Director
>>>>
>>>>
>>>> Electronic Frontier Foundation
>>>>
>>>>
>>>> katitza at eff.org  <mailto:katitza at eff.org>
>>>>
>>>> katitza at datos-personales.org
>> <mailto:katitza at datos-personales.org>  (personal email)
>>
>>>>
>>>>>>
>>>> Please support EFF - Working to protect your digital rights and
>>>>
>> freedom of speech since 1990
>>>>
>>>>
>>>>
>>>> -- Dr Marianne Franklin
>>>> Reader
>>>> Convener: Global Media & Transnational Communications Program
>>>> Co-Chair Internet Rights & Principles Coalition (UN IGF)
>>>> Goldsmiths, University of London
>>>> Dept. of Media & Communications
>>>> New Cross, London SE14 6NW
>>>> Tel: +44 20 7919 7072
>>>> <m.i.franklin at gold.ac.uk>  <mailto:m.i.franklin at gold.ac.uk>
>>>> @GloComm
>>>> https://twitter.com/GloComm
>>>> http://www.gold.ac.uk/media-communications/staff/franklin/
>>>> https://www.gold.ac.uk/pg/ma-global-media-transnational-communicatio
>>>> ns/ www.internetrightsandprinciples.org
>> <http://www.internetrightsandprinciples.org>
>>
>>>> @netrights
>>>>
>>>
>>
>


-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t


More information about the Governance mailing list