Surveillance and Censorship in India

Chapter 9 opens with quotes from an infamous April 2011 BBC interview with RIM’s co-CEO Mike Lazaridis, in which he ends the interview abruptly after the BBC’s Rory Cellan-Jones presses him to answer questions about RIM’s “arguments with the Indian government and various other governments in the Middle East” over those governments’ desire to gain access to Blackberry messages and e-mails.  In August 2010, the United Arab Emirates and Saudi Arabia  threatened to ban BlackBerry services until RIM agreed to allow a satisfactory level of government access to communications sent through RIM devices within the country. India soon followed suit with its own demands for access. Late last month, the Wall Street Journal reported that RIM has set up a facility in Mumbai “to help the Indian government carry out lawful surveillance of its BlackBerry services.” The report further quotes a RIM statement which says that “we believe the government of India is now applying its security policy in a consistent manner to all handset makers and service providers in India, which means that RIM should not be singled out any more than any other provider.”

There is a larger problem, however. When it comes to censorship in India, the hardworking folks at the Centre for Internet and Society in Bangalore recently concluded that the Indian government is violating not only Indian laws but also the Indian Constitution in the way it handles censorship demands to companies. What are the chances, then, that the Indian government is not violating its citizens’ rights in similar ways when it comes to demands for user information to RIM and other mobile service providers?

CIS’s Pranesh Prakash compared Google’s most recent Transparency Report, which reveals the number of content removal and user data requests made between January and June 2011 by the Indian government, and compared that information with an official response to CIS queries on content removal and blocking by the Ministry of Communications & Information Department of Information Technology. Prakash’s conclusion:

…it would seem that law enforcement agencies are operating outside the bounds set up under the Indian Penal Code, the Code of Criminal Procedure, as also the Information Technology Act, when they send requests for removal of content to companies like Google. While a company might comply with it because it appears to them to violate their own terms of service (which generally include a wide clause about content being in accordance with all local laws), community guidelines, etc., it would appear that it is not required under the law to do so if the order itself is not legal.

However, anecdotal evidence has it that most companies comply with such ‘requests’ even when they are not under any legal obligation to do so.

This way the intention of Parliament in enacting s.69A of the IT Act—to regulate government censorship of the Internet and bring it within the bounds laid down in the Constitution—is defeated.

As I reported in the book, in April 2011, the Ministry of Communications and Information Technology issued new rules under which Internet companies are expected to remove within thirty-six hours any content regulators designated as “grossly harmful,” “harassing,” or “ethnically objectionable.” Indian free speech advocates have vowed to challenge the rules’ constitutionality. Google publicly protested the rules in a statement warning that “if Internet platforms are held liable for third party content, it would lead to self-censorship and reduce the free flow of information.” As Prakash put it then, “The Indian Constitution limits how much the government can regulate citizens’ fundamental right to freedom of speech and expression. Any measure afoul of the constitution is invalid.”

More details about surveillance and censorship in India can be found in the India-focused chapter of a new book, Access Contested: Security, Identity, and Resistance in Asian Cyberspace, produced by the Open Net Initiative, coming out in December from MIT Press. The India chapter is not currently available online but I discuss India’s issues in a related chapter titled “Corporate Accountability in Networked Asia” (The Citizenlab, one of ONI’s partners, has made that chapter, along with all of Part I of the book, available online here.) I wrote it late last year and it went into production before the new April 2011 rules came out (academic presses take a long time), but I think the larger point remains very relevant. I compare the role played by companies in facilitating government censorship and surveillance in China to the role of companies in two Asian democracies: South Korea and India. I argue that “efforts to hold companies accountable for free speech and privacy in authoritarian countries like China will face an uphill battle unless companies in Asia’s democracies are pushed by domestic civil society actors to defend and protect user rights in a more robust manner than is currently the case.”

The first step is for companies to follow Google’s lead in being more transparent about how they respond to government demands. Then civil society organizations in democracies, like India’s CIS, will be equipped and empowered with the information they need to push their governments to stop using companies as an opaque and unaccountable extension of state power. RIM can and must recognize that by being evasive with the public it is standing firmly on the wrong side of history.

Here is the video of Lazaridis’ interview:

Surveillance technologies and “apolitical” corporations

Since the book’s manuscript was finalized in August, there has been a steady stream of headlines recently about the use of Western surveillance technology by repressive regimes, adding to the cases I described in Chapter 4 and elsewhere. One of the biggest stories has been the revelation by the hacktivist group Telecomix that the Syrian government continues to use censorship and monitoring devices manufactured by the California-based company Blue Coat. Late last month the company has finally acknowledged that at least thirteen of its devices are being used by Syria.

Today, The Guardian has an amazing article titled “Governments turn to hacking techniques for surveillance of citizens.” It describes the annual Intelligence Support Systems (ISS) World Americas  conference, at which surveillance firms share tips on the latest “lawful interception” techniques used to spy on citizens. The companies showed little concern for how this technology can be and is being abused around the world. An excerpt:

Jerry Lucas, the president of the company behind ISS World, TeleStrategies, does not deny surveillance developers that attend his conference supply to repressive regimes. In fact, he is adamant that the manufacturers of surveillance technology, such as Gamma International, SS8 and Hacking Team, should be allowed to sell to whoever they want.

“The surveillance that we display in our conferences, and discuss how to use, is available to any country in the world,” he said. “Do some countries use this technology to suppress political statements? Yes, I would say that’s probably fair to say. But who are the vendors to say that the technology is not being used for good as well as for what you would consider not so good?”

Would he be comfortable in the knowledge that regimes in Zimbabwe and North Korea were purchasing this technology from western companies? “That’s just not my job to determine who’s a bad country and who’s a good country. That’s not our business, we’re not politicians … we’re a for-profit company. Our business is bringing governments together who want to buy this technology.”

The Electronic Frontier Foundation has proposed a two-part “know your customer” framework for surveillance equipment:

  1. Companies selling surveillance technologies to governments need to affirmatively investigate and “know your customer” before and during a sale.  We suggest something for human rights similar to what most of these companies are already required to do under the Foreign Corrupt Practices Act and the export regulations for other purposes, and
  2. Companies need to refrain from participating in transactions where their “know your customer” investigations reveal either objective evidence or credible concerns that the technologies provided by the company will be used to facilitate human rights violations.

Click here for further details. One of the broader problems, of course, is that the market for ever-more sophisticated surveillance equipment feeds unaccountable abuses of power not only by authoritarian regimes but also by democratic governments.

As long as engineers and companies claim to have no responsibility for the political context in which their inventions and products are used, the problem is going to grow worse. This problem of “amoral” technology being used for immoral purposes has been exacerbated in the Internet age, but it has been around a lot longer. In a talk I gave last week at the Silicon Valley Human Rights Conference, I played a video clip from Tom Lehrer‘s early 1960’s song about ex-Nazi rocket scientist Wernher von Braun:

The lyrics :

Gather round while I sing you of Wernher von Braun,
A man whose allegiance
Is ruled by expedience.
Call him a Nazi, he won’t even frown.
“Ha, Nazi Schmazi,” says Wernher von Braun.

Don’t say that he’s hypocritical,
Say rather that he’s apolitical.

“Once the rockets are up, who cares where they come down?
That’s not my department,” says Wernher von Braun.

Some have harsh words for this man of renown,
But some think our attitude
Should be one of gratitude,
Like the widows and cripples in old London town
Who owe their large pensions to Wernher von Braun.

You too may be a big hero,
Once you’ve learned to count backwards to zero.
“In German oder English I know how to count down,
Und I’m learning Chinese,” says Wernher von Braun

Kudos and Concerns for Google

Earlier this week, Google published an update of its Transparency Report, which among other things discloses the number of government requests received for user information as well as requests to remove content. The latest report contains more granular data than ever before, including the number of actual users targeted by the government requests. (China remains a black hole because releasing the data would break China’s “state secrets” law and expose Chinese employees to prosecution.) As The Guardian points out, the data show a 70% increase in requests by the U.S. government or police. The company has also refused some takedown requests, including video of police brutality.  In the first half of 2011, Brazil topped the list with the most requests for content removal, followed by Germany, the U.S., and South Korea.

In the book I argue that inadequate transparency and accountability at the nexus between state and corporate power is one of the most insidious threats to democracy in the Internet age. All Internet and telecommunications companies should be required to report regularly and systematically to the public on how content is policed, and under what circumstances it gets removed or blocked and at whose behest. All companies serious about building public credibility and trust should waste no time in following Google’s lead.

Google still has a long way to go, however, when it comes to managing the development and rollout of its various services in a way that does not hurt its most vulnerable users. As Chapter 10 described, the implementation and enforcement of the real-name identity policy on Google Plus has thus far been a fiasco, resulting in dissidents and other vulnerable users around the world being booted from the service. Google’s Senior VP of Social Vic Gundotra recently announced that the social network will “soon” provide support for pseudonyms and other forms of alternative identity not tied to people’s government-issued ID. However it remains unclear what “soon” means.

Meanwhile, Google has announced that it will soon make major changes to Google Reader (an RSS reader used by many people to follow, manage, and share content from a large volume of news and blog feeds). Some of the social sharing functions will be eliminated and Reader will be integrated more closely into Google Plus. What Google staff apparently did not anticipate is how these changes will hurt some users including Iranian users struggling to share information despite harsh censorship. Because Google Reader is encrypted with https, it is harder for the Iranian government to block than most other overseas sites and services. As one Iranian blogger explains:

Google Reader acts like a news spreading website. Easy access to Google reader made it suitable for Iranian community and through all these years, specially after June 2009 election, developed an strong community for spreading the news.

Elimination of Reader’s sharing functions will put an end to this. Even worse, if Reader is integrated with Google Plus before the company finds a way to accommodate pseudonymous users and other forms identity not tied to people’s government-issued identity, Iranian users will be left even further in the cold.

Tunisia and the Internet: A chance to get things right?

This coming Sunday (October 23rd, 2011), Tunisia will hold elections for the constituent assembly that will be tasked with re-writing the country’s constitution. While this election is only the first step in a long and winding path that may or may not succeed in establishing a vibrant Arab democracy in North Africa, reports are quoting election observers and human rights groups who are optimistic that people are serious about the process of holding a real election.

Censorship is a major topic in the Tunisian political discoure. There have recently been protests by conservatives demanding censorship of all media including TV, film, and Internet and protests by liberals against censorship. After  Internet censorship was ended when President Zine El Abidine Ben Ali fled the country in January, some censorship of pornographic and incendiary web content resumed in May of this year, prompting heated debates over who has the authority to decide what goes on the censorship list and whether that power will inevitably be abused.

At the Third Arab Bloggers Meeting in Tunis earlier this month, Moez Chakchouk, Chairman and CEO of the Tunisian Internet Agency, gave an amazing presentation (slideshow included) in which he revealed that under Ben Ali, his agency had secretly tested censorship and surveillance software for Western companies. He would not say which ones, although according to Jillian York of the Electronic Frontier Foundation, Tunisia long used McAfee’s SmartFilter to censor the Internet under the Ben Ali regime, and controversially has resumed some filtering  in a much more limited way during the transition.

ATI (as the Tunisian Internet Agency is known according to its French acronym) was much reviled by activists under Ben Ali and nicknamed “Ammar 404” – the Arabic equivalent of “Joe 404,” with “404” referring to the “404 page not found” error message that appears on browsers when a web page has been blocked. Now Mr. Chakchouk says he is trying to turn the agency into a “transparent” and “neutral” Internet exchange point (IXP) that can support a robust public discourse in an evolving new democracy. He wants to put an end to web filtering at the network level and instead provide tools and services for households to filter their home Internet if they so desire, without engaging in blanket censorship for the entire nation. In general, he believes that Tunisia must foster competition and innovation in Internet services. He wants Tunisia adopt global “best practices” in Internet governance.

After a Tunisian court ruled in May that some websites must be blocked, the ATI appealed the ruling twice, but lost both appeals. It is making a further appeal to the highest court.

Click here for a video of Chakchouk’s entire speech in French (perhaps somebody will give it English and Arabic subtitles at some point). Here is a shorter English interview he did immediately afterwards with Tunisia Online:

Whether Mr. Chakchouk will succeed or even keep his job, or whether the ATI will survive as an independent agency, Tunisian activists told me at the conference, will depend in no small part on the outcome of this weekend’s elections and the continued political jockeying beyond.

Riadh Guerfali, co-founder of the citizen media platform Nawaat.org which played a key role in spreading protest information and who is now running as an independent candidate from his home town of Bizerte (and who features prominently in chapters 1 and 14 of the book), has made Internet access and online free expression a key goal, as have many other former activists who are now running for office. On the other hand, there are other candidates – on both the left and the right – calling for Internet censorship as part of an effort to attract more conservative religious voters. Who will prevail in the election remains to be seen… and how the constituent assembly will choose to handle the questions of censorship and civil liberties when they write the constitution is even less clear.

“Information infrastructure is politics,” writes Philip N. Howard of Washington State University in a recently published Brookings Institution report on authoritarian regimes and Internet controls. Tunisian politics over the coming year are likely to determine the shape of the country’s information infrastructure – and decide just how different it will be from the past, or not. The shape of the infrastructure will in turn shape political discourse to the extent that it enables a full range of political viewpoints, debates, and even whistleblowing; or whether it enshrines censorship and surveillance mechanisms that can enable  power-holders to subtly (or not so subtly) manipulate information and surveil Internet users.