IANA Transition: On track for 30th September

By Aarti Bhavana

With just a month left for the 30th September deadline, ICANN has been busy completing all the tasks required by NTIA to ensure a smooth transition. The question of whether or not the IANA transition will happen has been answered via a letter from Assistant Secretary Lawrence Strickling (in response to the Implementation Planning Status Report). He announced that the transition is moving according to plan, and that the NTIA will allow the IANA Functions contract to expire on 1st October. Though this response was expected, it is still reassuring to receive official confirmation that this will bring to an end the U.S. government’s stewardship role over the IANA Functions, barring any unforeseen circumstances. In light of this update, this post unpacks the various implementation processes that have been going on ahead of the transition.

On 10th March 2016, the ICANN Board transmitted the IANA Stewardship Transition Proposal to the NTIA, which consisted of two documents: the IANA Stewardship Transition Coordination Group (ICG) proposal and the CCWG-Accountability Work Stream 1 Report. This came two years after NTIA’s initial announcement about its intention to transfer the U.S. government’s stewardship role over the IANA Functions to a global multistakeholder body.

On 9th June 2016, after careful evaluation, the NTIA announced that the proposal met the criteria outlined by the NTIA in March 2014. These criteria were laid out in March 2014, to ensure that the proposal:

  1. Supports and enhances the multistakeholder model;
  2. Maintains the security, stability, and resiliency of the Internet DNS;
  3. Meets the needs and expectations of the global customers and partners of the IANA services;
  4. Maintains the openness of the internet; and
  5. Does not replace NTIA’s role with a government-led or intergovernmental organization solution

In the mean time, the ICANN community began working on the implementation of the recommendations proposed in the two reports, as they are a prerequisite for the transition to take place. This involved amending existing documents, drafting new contractual agreements, procedural changes and other organizational changes. In response to the NTIA’s request, ICANN prepared an Implementation Planning Status Report detailing the completed and ongoing implementation tasks.

The implementation process has been divided into three separate work tracks:

Track I: Root Zone Management (RZM)

In parallel to the work being done for the IANA Stewardship Transition is another track working on root zone management (RZM). The NTIA requested ICANN to work with Verisign to develop a proposal to transfer the NTIA’s role with respect to the RZM, while preserving the safety and stability of the DNS. Accordingly, Verisign and ICANN developed a proposal, which is part of the implementation process. A parallel root zone management system was built to simulate root zone functions in the absence of the NTIA, and has successfully completed its testing phase. Verisign and ICANN entered into a new agreement for root zone management functions, a service Verisign has been providing under a Cooperative Agreement with NTIA for decades. The ICG and CCWG-Accountability processes were developed by the community in keeping with the principle of multistakeholderism. However, the RZM process has been criticized for being closed. Only the draft agreement was open for public comment, while negotiations took place privately. This track has now been completed. 

Track II: Stewardship Transition

This track pertains to various implementation tasks required by the ICG proposal. One such task has been the incorporation of Public Technical Identifiers (PTI), the entity established to perform the IANA functions. This entity shall perform the IANA Functions according to the IANA Naming Functions Agreement (which is currently open for public comments). This track has also been working on the Service Level Agreement (SLA) for the IANA Numbering Services, which has been signed by the Regional Internet Registries and will come into effect on the date of the transition. A Customer Standing Committee (CSC) has been formed to ensure satisfactory performance of the IANA naming functions for its direct customers, in the absence of the NTIA. Further, a Root Zone Evolution Review Committee (RZERC) has also been formed to assist the ICANN Board with major architectural changes of the DNS root.

A few documents are yet to be finalized, but expect to be completed by 30th September. These are the PTI Bylaws, ICANN-PTI Services Agreement and the ICANN-PTI Naming Function Agreement.

Track III: Accountability Enhancement

This track relates to the Work Stream 1 tasks from the CCWG-Accountability report. In May, the ICANN Board of Directors passed a resolution approving the amended bylaws. Further, the Articles of Incorporation have also been amended and passed.

This track is also working on implementing enhancements to the Independent Review Process (IRP) for claims filed once the bylaws come into existence. Further, work is also underway on a number of other processes, such as updating the reconsideration process; initiating the new reviews required by the bylaws; incorporating the Affirmation of Commitments into the ICANN bylaws; and operationalizing the new community powers under the CCWG-Accountability report.[1]

Further details about the status of the three tracks can be found here.

[1] For more details about these processes, see the IANA Stewardship Transition Proposal IANA Stewardship Transition Proposal Implementation Planning Status Report, pp 23-24.

Accessing Blocked Websites: Why It Is Not a Crime

There have been various reports in past couple of days claiming that viewing a torrent site or even a blocked site could land you into jail for up to 3 years! Subsequent reports have attempted to clarify that no one is going to jail for simply visiting a blocked website. This post traces the reasons for these reports and attempts to shed some light on this issue.

De-mystifying the Message Displayed on Blocked URLs

The message displayed by Tata Communications Limited (an internet service provider) which gave rise to these many concerns is as follows:

“This URL has been blocked under the instructions of the Competent Government Authority or in compliance with the orders of a Court of competent jurisdiction. Viewing, downloading, exhibiting or duplicating an illicit copy of the contents under this URL is punishable as an offence under the laws of India, including but not limited to under Sections 63, 63-A, 65 and 65-A of the Copyright Act, 1957 which prescribe imprisonment for 3 years and also fine of upto Rs. 3,00,000/-. Any person aggrieved by any such blocking of this URL may contact at urlblock@tatacommunications.com who will, within 48 hours, provide you the details of relevant proceedings under which you can approach the relevant High Court or Authority for redressal of your grievance”

The message was a result of an ongoing litigation in the Bombay High Court regarding a John Doe order (an ex parte interim injunction commonly used to prevent piracy) for the movie ‘Dishoom’. On July 26 2016, in a path-breaking order (discussed here) Justice Patel had laid down a set of safeguards to reduce the growing abuse of John Doe orders in India. The order required the ISPs to display a default error page on the blocked URL specifying the relevant provisions of the Copyright Act that prescribe penalties for copyright violations. ISPs were also required to specify details of the suit and a statement specifying how persons affected by the order may approach the court. Tata Communications Limited (an ISP directed to block under the July 26 order) approached the court citing certain technical difficulties due to which it was unable to comply with the order. This finally resulted in a modified error message accepted by the court which is displayed in the text box above (SpicyIP has discussed TCL’s applications and subsequent order in detail here).

There is no new regulation, policy or court order making even viewing of a blocked URL punishable – rather only a badly drafted error message by the ISP. The error message correctly lays down the sections under the Copyright Act that prohibit infringement of copyright as per the safeguards prescribed by Justice Patel. However, due to use of overbroad language – specially ‘viewing’- it creates unnecessary confusion.

The Copyright Law and Prohibited Acts

Viewing a torrent website (blocked or otherwise) is not a punishable offence under the Copyright Act 1957.  Section 63 of the Copyright Act prohibits any person from knowingly infringing (or abetting) the copyright in a work. Section 51 which defines when copyright is infringed does not include ‘viewing’ copyrighted content within the scope – while acts such as distribution, exhibition to public, selling or import of such content are provided for. The section also prescribes that infringement of copyright occurs when someone does an act – the exclusive right of which belongs to the copyright owner. However, there is nothing to indicate that a person who is simply viewing the copyrighted content on the website would infringe this right. Section 63A provides for penalties in case of a repeat offence and Section 65 punishes anyone who is in possession of plate for making infringing copy.

Section 65A (also mentioned in the error message) prohibits circumvention of technological measures applied for protecting the rights of copyright owners. Therefore, attempts to access these blocked websites by circumventing the block for the purpose of copyright infringement would be punishable.

Simply viewing the websites/URLs, blocked or otherwise, is not punishable under the Copyright Act. Downloading, making copies, exhibiting or circumventing technological measures to infringe copyright may all amount to offences under the act.



Encryption in India: The Way Forward

Earlier this year, the Supreme Court of India dismissed a public interest litigation petition calling for the ban of messenger apps like Whatsapp, Telegram etc for their adoption of end-to-end encryption. In the months since, service providers and companies across the world are increasingly choosing to adopt higher and more secure standards of encryption for data and communications. Slowly and steadily, encryption is becoming ubiquitous in all forms of communications, and it is urgently necessary to reflect on the formulation of a legal framework on encryption.

Contrary to the Government’s stated commitment to the adoption of best practices relating to encryption and other emerging technologies in the National Telecom Policy of 2012, its engagement with encryption technology has been blinkered and confused. In September last year, a draft National Encryption Policy (“draft NEP”) was released, only to be hastily withdrawn following widespread criticism on the ambiguous and impractical standards it sought to impose.

Encryption is the scrambling of messages, information or data into a form which is unreadable by anyone except the intended recipient. Most commonly, encryption is applied to data on a device, data in transit such as in e-mail, messaging etc. or even data stored in a cloud. Today, the bulk of our communications and data are facilitated electronically and over the Internet. Encryption has been rendered an indispensable instrument to ensure that digital communications- ranging from personal phone conversations to e-mail to online financial transactions- are protected from interference. Encryption allows for the preservation of the authenticity and integrity of these communications. As the internet continues to expand in size, the significance of encryption in protecting data transmitted online, whether for storage or for commercial and financial transactions will also grow alongside. Encryption has been rightfully recognized as a leading instrument for online security, enabling the exercise of the rights to freedom of opinion and expression as well as the right to privacy in the digital age. In an age where governments across the world are expanding invasive surveillance, encryption allows for the preservation of a safe and private space for free expression.

Under Section 84A of the Information Technology Act, 2000, the Central Government is authorized to prescribe the modes and methods of encryption for the secure use of the electronic medium and for the promotion of e-governance and e-commerce. In the absence of specific rules/ policy on encryption enacted under the said provision, reliance is placed on the license agreements between the government and telecom or internet service providers to determine the legal limits of encryption. Under the license agreement for the provision of Internet services, internet service providers are prohibited from using bulk encryption. The agreement, which follows a template drafted nearly a decade ago, also limits the use of encryption up to only 40 bits- which has been decried as a very weak standard by technologists and industry. Additionally, the use of higher encryption tools requires permission from and the disclosure of the relevant decryption keys to the Department of Telecom. The inadequacy of this encryption limit is most amply demonstrated by the variable mandates for encryption usage and limits by sectoral regulators within the government. The RBI, for instance, prescribes a minimum level of encryption of 128-bits for Internet banking transactions, and SEBI also prescribes a 64-bit/128-bit encryption for network security in securities trading over mobile phones or wireless applications. It must also be noted that this limitation of 40-bit encryption is applicable only to ISPs, and not to other OTT service providers such as Whatsapp etc. even though the encryption technology used by the latter has been referred to in the TRAI’s Consultation Paper On Regulatory Framework for Over-the-top (OTT) services.

Companies and individual users continue to operate within this regulatory vacuum of conflicting prescriptions. In light of India’s growing vulnerability to cyber attacks and data breaches, a clear and unambiguous regulatory framework is indispensable to enable innovation and the employment of stronger encryption tools to protect data and networks. At the same time, such a framework must also make space for the accommodation for the dynamic nature of technologies and push for an industry driven framework with user choice and convenience being given importance. This need is only amplified when considered through the prism of the Government’s focus on schemes such as Digital India, Smart Cities Mission etc. which will substantially rely on secure and reliable data storage and communication networks.

The necessity for a specific framework on encryption is especially important in light of the increasing tendency of governments across the world to seek access to encrypted communications. The kinds and scope of encryption being introduced into mainstream communications and products have contributed to fears of these networks “going dark”- rendering them completely immune to any interception by intelligence or law enforcement authorities. It has been asserted that encrypted communications render the investigation of financial crimes, illicit drugs, child pornography and terrorism difficult. Concerns have also been expressed about the use of encrypted technologies to facilitate harassment and similar offences on the Internet. Thus, technological moves towards higher and more secure levels of encryption have inevitably been countered by efforts to break such encryption by state agencies, triggering the proverbial “crypto-wars”. In the Indian context, the government had controversially sought and gained access to encrypted communications over Blackberry Messenger in 2013. It was also reported that the government had similarly required companies like Skype and Google to allow for interception of their data. The draft NEP also had various provisions which have been criticized as detrimental to network security and data privacy.

In this context, the discourse on exceptional access for law enforcement agencies to encrypted communications has been framed in terms of the conflicting interests of privacy versus security. The repercussions of locking out legitimate government access from possibly criminal communications need to be addressed. On the other hand, technologists and civil society activists have pointed out that weakening or building vulnerabilities into encryption systems can have far reaching and unintended effects. It is necessary, therefore, to stop viewing encryption and national security as competing forces and to adopt a nuanced approach in understanding these issues.

The encryption debate is a multifaceted one- involving considerations relating not to only national security, but also the integrity and authenticity of data, the rights to privacy and freedom of opinion and expression and business and commercial interests of a very large number of entities. Even though the draft policy was withdrawn, the government has stated that a robust NEP is necessary and will be re-introduced soon. While inputs have been sought from industry bodies on the proposed policy, civil society and other stakeholders remain conspicuously absent from these deliberations. At this juncture, it is very essential for those who are interested in protecting citizens’ fundamental rights and ensuring government and industry accountability to critically weigh in on these policy and legal formulation processes. This would ensure that such a policy framework is not only robust and secure, but also cognizant of the human rights of citizens as well as business interests.

John Doe orders: The Balancing Act between Over-Blocking and Curbing Online Piracy

The Bombay High court recently passed a John Doe order laying down a set of safeguards to minimise over-blocking. The Delhi High Court on the other hand ordered blocking of 73 websites for showing “substantial” pirated content. This blog post traces the history of John Doe orders in India, their impact on free speech and evaluates the recent developments in this area.

John Doe Orders and their Impact on Freedom of Speech

John Doe or Ashok Kumar orders usually refer to ex-parte interim injunctions issued against defendants, some of who may be unknown or unidentified at the time of obtaining the order. Well recognised in commonwealth countries, this concept was imported to India in 2002 by an order passed against unknown cable operators to give relief to a TV channel in the case of Taj Television v. Rajan Mandal. The trend to issue John Doe orders to prevent piracy picked up pace in 2011 when the Delhi High Court passed a series of such orders. Since then, a stream of such orders has been passed authorising copyright holders to take action against unknown persons for violation of their right against piracy (in the future) without moving to the court again. The orders authorise copyright holders to intimate ISPs to take down the allegedly violating content. In 2012, the Madras High Court clarified an earlier order (which had resulted in blocking of a number of websites) stating that it pertained only to specific URLs and not websites. Despite this, John Doe orders for blocking of websites are common place.

John Doe orders are passed as ex-parte orders due to paucity of time and the difficulties in identifying defendants in such cases. However, these orders threaten to impair freedom of speech online due to a host of problems. First, these orders are given on the basis of a mere ‘possibility’ of piracy with no requirement to establish piracy before the court post blocking. This paves the way for negligence or misuse of the power to take down content by copyright holders. Second, these orders are usually passed on a minimal standard of evidence on the word of the plaintiff without sufficient scrutiny by the court of the URLs/websites submitted. Third, they do not require the copyright holders or ISPs to inform the reasons for blocking to the persons whose content is taken down – leaving almost no recourse to those whose website/URL may be blocked mistakenly. Fourth, the burden of carrying out these orders falls on the ISPs who block the websites/URLs erring on the side of caution.

The absence of scrutiny and the lack of safeguards lead to over-blocking of content. Users who suffer as a result of these over-broad orders often lack the knowledge or means to overturn these orders resulting in the loss of legal and legitimate speech online. Further, without any requirement for reaffirmation of the blocks from the court –private parties (the copyright holders) themselves become adjudicators of copyright violations hampering the rights of users affected by these orders.

Instances of over-blocking as a result of these orders are many. In May 2012, as a result of an order by the Madras High Court a range of websites were blocked including legitimate content on video sharing sites like Vimeo. In 2014, the Delhi High court had issued a John Doe order mandating blocking of 472 websites including Google documents in wake of the FIFA world cup. Many questioned such widespread blocking under the mere assumption that the websites would support pirated screening of the FIFA world cup especially without verification by the courts. The order was later tailored down.

The Bombay High Court Order

The jurisprudence regarding John Doe orders saw a shift when Justice Patel from the Bombay High Court took a huge step forward with his order dated July 26 2016 for the movie Dishoom. This order recognises both the harms of piracy and the adverse impact of John Doe orders on unknown defendants as it attempts to balance the ‘competing rights’. The order lays down a multi-tier process to minimise the negative impacts of John Doe orders and tailors down blocking from entire websites (except in certain conditions) to URLs (see chart below).

bombay high court final

The order sets in place a mechanism that provides for selective blocking of content, verification of the list of URLs as well as safeguards for the unknown defendants.  Such a mechanism helps ensure that freedom of speech online is not trampled in the fight against online piracy.

The Delhi High Court Judgement

The Delhi High Court in its judgement (not a John Doe order) dated July 29 2016 blocked 73 websites in a case regarding live streaming of pirated videos of cricket matches. While some lauded this judgement for its contribution to India’s fight against piracy, it is important to understand its many failings.

The high court blocked the websites on a ‘prima facie’ view of the material placed before it by the plaintiffs that the websites were entirely or to a large extent carrying out piracy. However, it remains unclear as to what standard was used by the court to determine the extent of piracy. Further, complete blocking of websites would encroach upon the right to carry on business and freedom of expression of the other party therefore the standard for placing such a restriction must be high and well defined. This was recognised by Justice Patel in the Bombay High Court order – where the court clarified that while there is no prohibition on blocking of entire website there is a need for a ‘most comprehensive audit or review reasonably possible’ to establish that the website contains ‘only’ illicit content.

Even though the judgment of the Delhi High Court is against 73 named defendants, the order was passed merely on a prima facie review of material laid before it which displays a lack of system for verification. A mere prima facie review of material is insufficient as a third party whose website is mistakenly blocked would suffer unnecessarily. With no directions to put out a notice of information to the defendants – he/she may not even be aware. Thus, the Delhi High Court order suffers from various problems that pave way for over-blocking of content. The judgement also places an unfair burden on the government and raises questions regarding the role of the intermediary– which has been articulated in detail in a post by Spicy IP here.

Questions for the Future

These developments raise a number of issues for the future – the most prominent being the need to reconcile the differing legal developments on the issue of online piracy across India. Further, there is a need for the courts to be more sensitive to the plight of unknown third parties while passing John Doe orders following the lead of Bombay High Court.

Two particular issues come to light amongst this mess. First, the need to develop a standard while blocking of complete websites that is sufficiently high to prevent misuse and over-blocking. Second, to develop a neutral body that can verify the lists for blocking on behalf of the courts – that ensures sufficient checks in the system while keeping in mind the paucity of time in these cases. However, any such body must possess the technical know-how to understand how these lists are put together and other related issues. The lag between technology and law is very real- as correctly pointed out by Justice Patel- and these small steps will go a long way in bridging these gaps.

(For some more reading on this issue you can look at a piece published in the Mint here and for a more detailed reading on the Bombay High Court order you can read the Spicy IP post here)

Aadhaar – Identity without Consent, Control or Security

By Kritika Bhardwaj

The Central Government notified certain sections of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (‘the Act’) last month. As of now, only the sections setting out the establishment, powers and functions of the Unique Identification Authority of India (UIDAI) have been brought into force.

Passed earlier this year, the Act is aimed at more efficient delivery of government subsidies and services by eliminating ghost identities and reducing corruption. It does so by obtaining and storing, in a centralized database, biometric and demographic information of all Indians who have been residing in India for more than one hundred and eighty-two days. This database, called the Central Identities Data Repository (CIDR), not only stores information parted with at the time of enrolment, but also keeps a record of every identification request sent to it. Thus, every time a resident is required to authenticate her identity by any service provider, the CIDR would maintain a record of it.  Significantly, (and contrary to three previous Supreme Court orders), there is little room for doubt that the scheme has been envisaged as being mandatory to avail the benefits attached to it.

If the lack of an overarching privacy law wasn’t enough reason to worry, the government’s submission before the Supreme Court that there is no fundamental right to privacy has raised legitimate concerns about the project and its implementation. A lot has been written about the problems with the Act and the larger scheme itself. But two aspects of the privacy debate under Aadhaar deserve urgent attention. First, as a mandatory scheme with no option to opt-out at a later stage, Aadhaar raises important issues of consent and one’s right to control the use of their personal information. This has famously been articulated as ‘informational self-determination’ in several European jurisdictions. The second concern is procedural and pertains to the method of collection and storage of sensitive personal information.

No Power to Consent or Opt-out

Biometric information such as fingerprints and iris scans form a core part of one’s bodily integrity. A requirement to part with such information as a condition precedent to availing essential services undermines basic constitutional values. While the enrolment form has a checkbox to verify consent, this is merely illusory, as failure to consent would amount to automatic exclusion from a host of benefits and services. Despite the fact that the Act mandates ‘enrolling agencies’ (discussed later) to explain the purpose of collecting demographic and biometric information at the time of enrolment, there is no legal obligation to inform residents of the extent of information being held about them. Aggregation of information within the CIDR as a result of a series of authentication requests over a long duration of time comes perilously close to creating a complete personality profile of every resident. This makes the state privy to a wide range of activities from buying an LPG cylinder to enrolling in a school, thereby drastically altering the individual-state power dynamic.

The Act further dilutes individual agency by creating statutory exceptions to how personal information can be used. Section thirty-three of the Act allows disclosure of personal information if a court (a District Judge or above) deems fit or if it is in the interest of “national security”. Both these caveats are problematic. To illustrate the first, in 2014, the CBI approached the Bombay High Court asking the UIDAI to run a fingerprint match on its database in order to enable it to identify culprits in a criminal investigation. Before the Court, the UIDAI had argued against sharing its data owing to privacy concerns. However, the Court felt differently. The Bombay High Court directed the Central Forensic and Scientific Laboratory to appoint an expert to determine if the Aadhaar database was technologically capable of matching fingerprints. This order has been stayed by the Supreme Court but the case is yet to be disposed off. The information shared with UIDAI was never envisaged to be used in criminal investigations. However, the Act explicitly allows information to be shared if a court allows it. As per UIDAI’s own statement, the system has a False Positive Identification Rate of 0.057 per cent. When applied to all residents within the country, a fingerprint search would have the effect of putting lakhs of residents under scrutiny.

Secondly, not only has the phrase “national security” not been defined in the Act (or in any other legal text for that matter), it would be the Executive’s sole prerogative to determine whether a situation qualifies for the exception. In both these situations, the individual whose information is actually at stake need not be consulted before her information is disclosed. These two exceptions are couched so broadly, that it is almost farcical to say that personal information will be used only for the authentication of one’s identity.

The Act contains broad exceptions to how personal information can be used and does not provide for any mechanism to opt-out or have one’s data deleted from the CIDR. In doing this, it diminishes one’s agency to consent, revoke consent and control how this information can be used. A society where individuals are unable to anticipate and predict the amount of information held about them and how it may be used is likely to have a chilling impact on democratic participation.

Dubious Collection and Storage of Personal Information

The issue of consent aside, organizational mechanisms in place to collect and store personal information of over a billion residents also give rise to multiple concerns. Prior to the passing of the Act, the UIDAI had outsourced the process for enrolment to various private entities which possessed the requisite know-how. Sensitive personal information such as biometrics has thus been captured, stored and retained by private companies using their own technology and without any oversight by government officials. In 2014, news reports of ‘Lord Hanuman’ having an Aadhaar card surfaced. Vijay Madan, the then Director General of the UIDAI later explained in a statement that this was ‘not a security issue’ but an instance of ‘malpractice’. The agency was then reportedly removed from the UIDAI panel. The Act has not only given legislative sanction to the practice of private companies collecting personal information, but also does not present the affected individual with any recourse in case of a breach.

Once the data is transferred to the UIDAI, it is maintained by it in the form of the CIDR. The perils of centralized storage of personal information have long been acknowledged. Any unauthorized security breach could jeopardize the information of all residents at once. This is vastly different from a smart-card system or Apple’s Touch ID, which stores biometric information locally on the device. Under European data protection jurisprudence, storage is an important element to ascertain whether the means used are proportionate to the aim sought to be achieved by the law. If the purpose of the system is only to authenticate identity in order to plug leakages in the distribution system, the need for centralized storage must be questioned.

Aadhaar has the potential to irreversibly alter the relationship between the government and people. As the world’s second most populous country, the desire to make the distribution system more efficient is an important goal to strive for. But in this case, the trade-off between privacy and efficiency is not only undesirable but also unnecessary. Finally, the manner in which the Act was passed and the government’s submissions before the Supreme Court display a lack of good faith that only add to the already long list of concerns associated with the project.


Reflecting on ICANN 56

By Gangesh Varma**

The ‘control-of-the-Internet’ rhetoric never lost its appeal. The domestic politics in United States, particularly the opposition from Republican Senators, is not a new obstacle to the IANA Transition. The Republican Party Platform for 2016 captures the key policy positions of the Republican Party for the Presidential elections and includes a section on “Protecting Internet Freedom”. It has been suggested that the individual efforts of some Senators has now been consolidated into an official party position. The Congress had earlier succeeded in blocking the NTIA from using any funds for executing the transition. Some fear that this delay tactic may arise as an issue in the form of a rider in a bill around this September when the NTIA’s contract with ICANN is set to expire. Waiting for the consequences of these blocking efforts to unravel provides an opportune moment to reflect on the 56th Public Meeting of ICANN, held in Helsinki, Finland from 27-30 June, 2016.

ICANN 56 was a meeting of many firsts: it was the first B-meeting format as per the new ICANN Meeting Strategy. It was also the first meeting after the NTIA approved and endorsed the IANA Transition Proposal and happens to be the first meeting since Göran Marby officially took over as CEO. As per the B-Meeting format, ICANN 56 was a policy forum. This meant that the meeting would focus purely on policy development and outreach. Stripping down the ICANN meeting to a much leaner format without the public forums, public board meetings, or exhibition areas provided a short but intense four days focussed on policy discussions. At the heart of the meeting were the three active Policy Development Processes (PDPs):

New gTLD Subsequent Procedures PDP

The New gTLD Subsequent Procedures PDP looks at the experiences of the New gTLD Program so far, and is tasked with making recommendations for changes and improvements, if any. During ICANN 56, the Working Group provided a recap of the discussions so far, and also engaged with the GAC in a session detailing the work pending and done so far. The Cross community session also saw interesting debates on multiple themes including use of country and territory names, geographic names, and public interest commitments. The PDP has been organized into four key work tracks. More details on this PDP can be found here.

The Next Generation Registration Directory Services (RDS) PDP

The Next Generation RDS PDP looks at the new service that is to replace the WHOIS, which provides the registration data of domain name registrants. At ICANN 56, this PDP was the site of extensive debates on privacy. Some argued for the need for more information from a domain name registrant, and more data on the directory service. Others argued the opposite and sought for collection of lesser information, and greater protection for a registrant’s privacy. The concerns of various stakeholders ranged from the need for reliable information for law enforcement to the protection of whistle-blowers. More details on this PDP are available here.

Rights Protection Mechanisms PDP

The Rights Protection Mechanism PDP is a large over-arching PDP that covers all rights protection mechanisms in all gTLDs. This PDP is split into two phases. Currently in its first phase, the working group is reviewing all the rights protection mechanisms developed for the New gTLD program. The second phase will review the Uniform Dispute Resolution Process. During ICANN 56, the working group discussions looked at community feedback on some of the RPMs to be reviewed in phase one, such as the Trademark Clearinghouse etc. More details on this PDP are available here.

IANA Transition related sessions

While the PDPs received significant amount of attention, some interesting sessions such as those on updates regarding implementation phase of the IANA Transition, never made it to the official schedule.  The sessions relating to the IANA Transition were rather muted in comparison to ICANN 55 at Marrakech. This could be because of two things. First, the transition proposal has already been approved, and endorsed by the NTIA. Whereas, at ICANN 55 the proposal was still being debated, and awaited the endorsement of the chartering organizations. Second, after the NTIA has approved the proposal, and asked ICANN to provide an update on the status of implementation by August 10, 2016. This implies that the ball is now in ICANN’s court to simply carry out the plan. Except that this illusion of the transition moving ahead without hurdles falls apart with the Republican efforts and possible requirement of approval from the US Congress.

The GAC, on the other hand, had a colourful discussion on its role in the post transition Empowered Community. The session saw reignited debates on the role of governments and had countries reinterpreting the ICANN 55 Communique. The ICANN 56 GAC Communique held no surprises nor was it as eagerly anticipated as the ICANN 55 GAC Communique. Members of the GAC also expressed the need for more time and formal work sessions particularly the need for more time to draft the communique.

Outside the Official Schedule

While the new meeting format can be appreciated for it unflinching focus on policy development, its ability to encourage all avenues of policy discussion is limited. For example, the Cross Community Working Party on Human Rights was not allotted a formal working session. It however had a joint session with the GAC Working Group on Human Rights and International Law where it discussed the progress of work so far, in addition to plans for future work.

Joining others that did not feature in the official schedule, the CCWG on Internet Governance had a session with ICANN Board Working Group on Internet Governance and ICANN CEO. This session discussed the role of ICANN in the larger internet governance ecosystem. With the formation of the Board Working Group on Internet Governance led by Markus Kummer, it is imperative that the CCWG on Internet Governance introspects its scope and function. With the bottom-up policy mantra that ICANN and its CEO ardently espoused, it is essential that ICANN’s role in the larger internet governance arena be developed with inputs from all stakeholders in the ICANN community. This is something the CCWG on IG can and should facilitate.

In some ways, ICANN 56 reflected the transformation ICANN is undergoing. Stakeholders were required to imagine their new roles and responsibilities in the post transition ICANN yet remain grounded in its current structure and policy making framework. ICANN is going about its work quietly, maintaining what some might call a low profile, until the domestic US political disturbances are settled. While the transition is yet to happen, the pre-requisite implementation work is almost complete. The impact of the IANA transition, if it does happen, will not only be felt within ICANN and its community, but will be a testament to multistakeholder processes and institutions in the internet governance ecosystem.

**The author is grateful for having been provided the Non-Commercial User Constituency (NCUC) Travel Support Funding for attending ICANN 56.

Dirty Picture Project: Two Bollywood Virgins (pro) Take Down Sultan

By Lily Xiao and Victoria Christie[1] for the Dirty Picture Project. For more details on this project, write to Aarti at aarti.bhavana@nludelhi.ac.in

Upon its release, the immensely popular Sultan was screening at our local PVR no less than ten times a day. With Salman Khan and Anushka Sharma at the helm, Sultan is a must see for many Indians this summer. Sultan follows the journey of the titular Sultan (Salman Khan) as he slow motion wrestles his way to glory no less than five times within three hours. After marrying fellow wrestler Aarfa (Anushka Sharma), Aarfa mourns the death of their newborn son while Sultan is in London, winning Olympic gold. To add to their misery, their son died from severe anaemia, and Sultan’s rare blood type was capable of saving him, had he not been away being a cocky, macho scumbag. The movie opens on this devastated version of Sultan, who has separated from Aarfa, and given up wrestling to fundraise for a blood bank in Haryana. Luckily for our hero, Sultan is asked to step back into the ring as the underdog in the fledgling Pro Take Down league, which pits boxers, wrestlers and other fighting styles against each other. After enduring his second Rocky-style training montage, life-threatening injuries, and crippling self-doubt, Sultan overcomes his demons to win the tournament and Aarfa’s heart once again.

While the plot was overwrought and, at times, ridiculous, these two Bollywood virgins had a fantastic time, and despite not understanding most of the dialogue, we were able to follow the narrative. However, as feminists, we took issue with the movie’s representation of Aarfa as merely an obstruction and accessory to Sultan’s path to glory.

Aarfa deserves better

Sultan features a single female character, and although she is the lead, Aarfa is framed only in terms of her male counterpart, Sultan. For example, when Aarfa falls pregnant before the Olympics, dashing her childhood dreams of winning a gold medal, her narrative quickly becomes one of a woman sacrificing her dreams for Sultan, while he is busy becoming a national hero. The movie focuses on Sultan’s journey to Olympic glory, while cutting back to Aarfa watching him win on TV, and little attention is given to Aarfa’s sacrifices and her emotional journey as a woman. Additionally, we were disappointed at the movie’s failure to acknowledge Aarfa as a wrestler in her own right. Although she is shown to be a national, and later world champion, Sultan fails to afford her the same heroic treatment as it does Sultan, with crowds chanting his name. This is reflective of how women are treated in sport worldwide, not just in India, who are paid less and treated as pale imitators of their male counterparts. Lastly, the movie doesn’t even put itself in a position to pass the Bechdel test, by failing to provide another female character for Aarfa to talk to about anything besides a man. These criticisms should not take away from Sharma’s performance, as she injects heart and sass into the one-dimensional character she is given, and utterly shines in comparison to Khan’s overdramatic and brutish performance.

We Salman Khan’t buy this movie’s romance

Although we are Bollywood virgins, we had heard of Salman Khan and his scandalous reputation as a womaniser, so we may have gone into Sultan a little wary of his hip-shaking ways. However, our bias doesn’t make Sultan’s pursuit of Aarfa anything less than harassment. Despite her repeated protestations and outright disgust towards Sultan’s advances, he pursues her aggressively, following her around, telling his friends she was his girlfriend, and stalking her to her father’s training centre. While we immensely enjoyed the boys vs. girls Bollywood song and dance number, it trivialised Sultan’s harassment and romanticised it as part of the inevitable love story between the two leads. It is disturbing how familiar this trope of the woman inevitably giving into the man’s advances is, even as Western viewers we could recognise that Aarfa’s initial rejection was going to lead to her eventually falling for him.

Another problem we have with Sultan’s romance is the fantasy Sultan has of Aarfa. When he first meets Aarfa she literally crashes into his life on her motorbike, and he is smitten because she doesn’t fit his expectations of a woman; she’s different. In a pivotal moment in the film, Sultan sees Aarfa smiling at him when he’s down-and-out in a fight. Her kind smile and encouraging eyes inspire him to get up and win the fight. However, she is shown to be merely a hallucination, a fantasy. She’s his manic pixie dream girl; she’s sporty, doesn’t care about her appearance (but miraculously always looks perfect), and inspires him to be better than who he thought he could be. Unfortunately, we’re not given enough time with Aarfa to know her outside this fantasy.

Sexy Sultan

We went into Sultan knowing that kissing was not common in Bollywood films, and yet were still shocked (and frankly, a little disappointed) that the two lovers were only ever able to touch foreheads suggestively. However, Sultan wins points in our book for sexualising Khan’s body far more than it does Sharma’s. We lost track of the number of slow motion fight scenes or scenes with Sultan looking at himself in a mirror, while the camera poured over Khan’s topless body. Comparatively, Aarfa’s wrestling scenes were shot as a tribute to her athletic prowess, rather than as a male fantasy. Unfortunately, just as there was little sexualisation of Aarfa, there was no exploration of Aarfa’s own sexuality. We recognise that this may be a symptom of Sultan being a Bollywood film made for wide release in India, but we are all for a greater recognition of female sexuality in Bollywood films, and films worldwide.

Overall, we’re glad we popped our Bollywood cherries, and Sultan was an enjoyable movie going experience with a rowdy Tuesday night crowd. However, from a feminist perspective, Sultan left a lot to be desired.

[1] Lily Xiao and Victoria Christie are students at the University of Melbourne. Lily interned with CCG this summer.