No Recognition for the New Generation of Digital Rights

The original article was published on The Wire on 5th January, 2016.

308357541_222d1b2e2a_b

Plenty of Loose Ends. Credit: Pascal Charest/Flickr CC BY-NC-ND 2.0

The international community’s attempt to shape a new agenda for the Information Society by taking forward the Declaration of Principles and the Tunis Agenda adopted over a decade ago has produced a mixed bag that disappoints more than it pleases.

The WSIS was a two-phase summit which was initiated in 2003 at Geneva and had its second phase in 2005 at Tunis. The summit was a reaction to the growing importance of information and communication technologies (ICTs) in development and a recognition of the crucial role the Internet played in shaping the landscape of the information society. The first phase in Geneva focused on a wide range of issues affecting the information society including human rights, and ICTs for development. The Tunis Agenda in 2005 was focused on developing financing mechanisms for ICT for development and governance of the Internet. The Tunis Agenda was also the first time a globally negotiated instrument articulated a definition of Internet governance and incorporated the notion of multistakeholder governance. However, it was a negotiated outcome in the debate between multilateral and multistakeholder models in global governance. This resulted in the inclusion of the ambiguous concept of  ‘Enhanced Cooperation’ which was conceived as a device to discuss unresolved contentions.

The ten-year review in 2015 was meant to take stock of the changes in the information society since Tunis and create a new agenda for the next decade. The conclusion of the high level meeting with an agreed outcome document means the negotiations were completed successfully. But the outcome itself is a qualified success at best.

Outcome document

The review process has revealed that while there are new concerns that have emerged from the evolution of the Internet and its uses, the underlying debates still remain the same. For instance, human rights and cybersecurity were both issues that were covered by the Tunis Agenda. But the fact that they have their own sections in 2015 highlights the increased importance of both these issues. Internet governance, on the other hand is an issue that has not moved in the last 10 years.

World leaders at WSIS 2003, Geneva, where the original Declaration of Principles were adopted. Credit: Jean-Marc Ferré

World leaders at WSIS 2003, Geneva, where the original Declaration of Principles were adopted. Credit: Jean-Marc Ferré

The inclusion of a separate section on human rights has received praise from all quarters. It is also a testament to the increasing importance of human rights in the information society. The acknowledgement of human rights resolutions from other fora like the Human Rights Council and human rights instruments like the International Covenant on Civil and Political Rights and the Universal Declaration of Human Rights is encouraging. This means that nations have an additional mandate to respect human rights obligations while dealing with the Internet and ICT issues. At the same time, it must be noted that no reference was made to the International Covenant on Economic, Social and Cultural Rights which is especially pertinent for countries from the Global South.

It is also disappointing that the document fails to recognise a new generation of ‘digital rights’ that have increased in importance over the last decade. There is only a passing reference to privacy and there is no mention of network neutrality at all. It appears from the statements at the General Assembly that countries like the US and UK were not very keen on privacy and network neutrality. On the other hand, many European countries, notably the Netherlands, were pushing for stronger language on these issues. The outcome text is a negotiated compromise on many issues and the human rights language is the best example of this. But the fact that it ignores widespread public sentiment on issues that will be at the forefront over the next decade is worrying.

On Internet governance, the outcome text calls for immediate, concrete action on Enhanced Cooperation and greater participation in Internet governance institutions. But if this section of the outcome document is compared with the Tunis Agenda, it would seem like nothing has changed in the last decade. The outcome document is an attempt to update many foundational concepts in Internet governance such as Enhanced Cooperation and multistakeholderism. India for its part, reiterated support for a multistakeholder model but also drew attention to the importance of greater representation and participation of actors from the developing world in multistakeholder platforms.  One such platform is the Internet Governance Forum (IGF), whose mandate was extended for another 10 years. Unfortunately the conditionalities of the extension, including showing tangible outcomes on issues like accountability and representation, were diluted during the final negotiations. The outcome document thus failed to adequately address many pressing issues like the need for greater accountability and meaningful participation on Internet governance platforms.

Increasing threats to cybersecurity and the difficulty in dealing with cybersecurity is a concern that all countries were alive to. For developing countries, the capacity to deal with such threats heightened the importance of this issue. The outcome document reflects this position with a separate section on cybersecurity. It recognises the central role of states in dealing with cybersecurity issues, but also acknowledges the role other stakeholders have to play. The role that cybersecurity measures have to play in securing development projects through ICTs and the Internet has also been highlighted. However, the cybersecurity language fails to acknowledge the need to create a safe and secure Internet ecosystem for all users. As it stands, this section takes a securitised view of the Internet. This is unfortunate given that an earlier version of the document circulated last week took a more nuanced approach that focussed on the cyberspace as a safe platform whereas the outcome document takes a protectionist approach . However, like the human rights text, it appears that this was a casualty of negotiated compromise.

India’s Role

India played a critical role in negotiations, and contributed to an international agreement around the idea that all stakeholders, and not just governments, need to be a part of conversations about Internet governance. Speaking at the high level meeting of the 10-year review of the World Summit on Information Society (WSIS), the Indian delegation emphasised the role the Internet and ICTs have played in the country’s remarkable growth story over the last decade. India, along with other developing nation delegations were also quick to point out there is still a lot of work to be done in connecting the four billion people worldwide who have no access to the Internet.

Broadly speaking, India played a crucial role in these negotiations as a key swing state. On many contentious issues, the country played a facilitative role. On issues where the stated government policy aligned with the middle ground, like multistakeholderism and human rights, India took strong positions that helped achieve consensus. This was evident from its statement at the General Assembly supporting multistakeholderism but calling for greater representation. Similarly, India supported the outcome document on many issues like Internet governance, access and development but highlighted its own priorities in the process.

India’s role in bringing the WSIS negotiations to a successful conclusion has not gone unnoticed. Its unequivocal positions on contentious issues have come in for praise in the international community. However, the most difficult part of the process lies ahead in realising the WSIS vision and achieving the SDGs (sustainable development goals) over the next decade. India certainly has a big role to play in fulfilling both these international mandates and domestic development goals. It remains to be seen if it can rise to the challenge.

E-Health, Digital India and Cyber (In)Security

By Shalini S

Under the government’s flagship initiative, Digital India, healthcare has been flagged as a sector awaiting reformation through enabling digital access. Across the world, the internet has increasingly come to serve as a platform for organized public healthcare delivery and has also demonstrated its potential in effectively increasing access to timely, specialized medical care in remote areas. Both e-health and m-health, public health models that use information and communications technology (ICTs) for the provision of both healthcare services and information, have been employed extensively to support physical healthcare infrastructure in several countries and is now finding its way into the Indian public health framework.[1]

The health initiative under the project, attempts to transform healthcare from an event-based intervention to an integrated, continuous delivery model by employing ICTs to remedy information asymmetry and substandard access. The initiative is also expected to partially remedy healthcare access issues extant due to insufficient healthcare infrastructure and manpower. However, the use of ICTs exposes the sector to a range of unique challenges that must be dealt with in order to harness the potential of ICTs for the healthcare sector. This brief post seeks to outline the dangers of digitally storing and transmitting electronic health records and suggests strengthening security and risk management capability to avoid breaches.

E-health Initiative

The health limb of the Digital India project aims to increase access to quality healthcare for all citizens by enabling information flow, facilitating collaboration through the use of ICTs and providing timely, economic health services. It seeks to do so by increasing transparency in healthcare delivery, eliminating structural opacity and multiple intermediaries. Additionally, it envisions the use of emerging technology in bridging the healthcare divide by connecting patients with specialized health professionals, who are geographically far-removed, for online diagnosis. E-health programs are expected to benefit those that have little access to quality healthcare services such as the urban poor and rural populations.

Using hospital management information systems (HMIS), healthcare delivery limb of the Digital India Initiative’s online registration system (ORS) rightly attempts to simplify registration and appointment process. However, each new registrant is assigned a Unique Health Identification (UHID) number which is linked to their Aadhaar number used primarily to seek appointments at registered hospitals and subsequently to access their health records including lab reports. Under the initiative patient’s health records are digitized and uploaded electronically in order to better maintain records and make it easily accessible to health professionals. Further, these health records are to be integrated into a digital locker that can be accessed both by the government and private establishments.

As a part of the above-mentioned Digital India program, the Government of India also proposed to setup a National eHealth Authority (NeHA) under which a “centralized electronic healthcare record repository” containing comprehensive health information of all citizens could be fashioned.[2] While this proposed statutory authority will be vested with the responsibility of managing the complexities birthed by use of ICTs in the healthcare sector and also act as a regulatory authority to ensure privacy, confidentiality and security of patient information, it is yet to be created. In the absence of demonstrable, technical cybersecurity capability and regulatory or legislative cybersecurity framework, this statutory body might remain an insufficient effort. Further, the implementation of privacy and security norms evolved by NeHA by healthcare providers could take years and sensitive patient information might be stolen by persons who stand to benefit from the use or sale of such personal information.

Sensitivity of health records

Healthcare records are primarily attractive to criminals as they contain personally identifiable information and are therefore highly vulnerable. In addition to threat of stolen health data being misused in multiple ways, health records stored and transmitted online can be tampered with and this can have implications on patient health. With the E-health initiative, this holds especially true as the Aadhaar linkage connects health records to other personal information. The proposed healthcare record repository must also address these concerns. Hosting of personal information, especially healthcare records on any internet-based platforms without adequate cybersecurity measures in place is an invitation for large-scale breach.

Why digitize health records and information

Public health has arguably been raised as a national security priority and a centralized information database will undoubtedly be a prodigious healthcare intelligence tool that will allow researchers to engage in disease surveillance in order to better understand the state of public health in any nation. This information is critical to the medical fraternity and policymakers in ensuring medical preparedness and developing prevention and responsive capabilities.

Independently, most private healthcare providers have already made the move to digitizing health records that contain sensitive patient data and storing them electronically on often poorly-secured hospital networks, fueling pertinent privacy and security concerns. These health information systems are designed to host big data in a highly accessible manner in order to leverage speedy access to patient information for newer modalities of treatment that are time and cost effective.[3]

While the potential of information technology in radically transforming healthcare is indisputable, protecting healthcare data against misuse, without impeding healthcare professionals’ access to patient information, remains the biggest security concern.

Way forward

While it might not be necessary to view cybersecurity in healthcare delivery as a novel issue, patient information must be recognized as sensitive information that needs to be protected from breaches. Thus, the overarching Digital India initiative must necessarily account for vulnerabilities in digitally storing healthcare records and develop risk management capabilities as a part of its existing governance. Further, as the healthcare initiative under Digital India hinges on collaboratively partnering with private healthcare providers to bridge the gap in access to advanced medical technology and specialized care, a minimum standard of cybersecurity must be mandated to be followed by all participating private healthcare providers to prevent localized breaches.

[1] Sanjeev Davey & Anuradha Davey, m-Health- Can IT improve Indian Public Health System, 4 National Journal of Community Medicine (2013), http://njcmindia.org/uploads/4-3_545-549.pdf.

[2] The Indian Express, Digital India programme: Govt mulls setting up eHealth Authority, 2015, http://indianexpress.com/article/india/india-others/digital-india-programme-govt-mulls-setting-up-ehealth-authority/ (last visited Nov 7, 2015).

[3] How technology is changing the face of Indian Healthcare, The Economic Times, 2014, http://articles.economictimes.indiatimes.com/2014-04-02/news/48801172_1_indian-healthcare-collaborative-data-exchange-healthcare-information-technology-market (last visited Nov 7, 2015).

CCG’s Analysis of the WSIS+10 Draft Outcome Document- Initial Thoughts

The draft outcome document for the World Summit on Information Society (WSIS) High Level Meeting in December has been released today (it can be accessed here). This draft is a revision of the Zero Draft based on discussions held in New York last month i.e., the 2nd Preparatory Meeting and the 2nd Informal Consultations. Our coverage of those two meetings can be found here. The Outcome Document will be the basis for informal multilateral discussions to be held from 19-20 and 24-25 November. As per our understanding at this point, these discussions will be closed door meetings between country representatives and will not be open to other stakeholders. Below is a summary of the major changes from the Zero Draft to the Outcome Document:

New Section on Human Rights

Easily the most contentious part of the Zero Draft which had subsumed Human Rights discussions under the heading of Internet Governance. This had attracted criticism from civil society groups and many Member countries. The Draft Outcome Document now contains a separate section on human rights. In terms of content, this new section on Human Rights is notable for the explicit recognition in Paragraph 38 of journalists, bloggers and civil society actors in supporting freedom of expression and plurality. This is a big and welcome change from the Zero draft which only cited the freedom of press in the limited context of journalists. Paragraph 38 is also important given the recent attacks against bloggers in many countries who have been targeted for expressing their views online.

Also notable is the explicit recognition of the Right to Development in Paragraph 40 and the reaffirmation of the universality, indivisibility, interdependence and interrelation of all human rights. The latter is a concept enshrined in the Universal Declaration on Human Rights and an integral component of International Human Rights Law. Its recognition in the Outcome Document is important as these concepts need to be reinforced in the Information Society. This is because many of the rights based discussions online are often connected to other issues such as development, access and security. These cannot be discussed in isolation. This idea has been discussed in some detail in CCG’s comment on the non-paper.

The emphasis placed on the right to privacy on the context of mass surveillance in Paragraph 42 is also a new addition. This expands on the earlier Paragraph 43 from the Zero Draft which merely encouraged stakeholders to respect privacy and the protection of personal information. The expanded Paragraph 42 in the outcome Document is a vast improvement, calling on countries to respect International Human Rights law as it relates to mass surveillance. Para 42 also explicitly cites General Assembly Resolution 69/166 which recognised the Right to Privacy in the Digital Age.

Though the improvements to the Human Rights paragraphs in the document are welcome, Human Rights is still listed as the 2nd section which is contrary to the calls made by civil society groups to list it as the first.

Linkages with Sustainable Development Goals (SDGs)

A common concern across stakeholder groups in the October meetings was to link the WSIS process with the SDGs. While earlier drafts cited the SDGs, they failed to identify specific goals that could be linked with the WSIS process. Though the SDGs do not a have a separate goal that mentions ICTs or the internet, the understanding was that as a cross-cutting issue there are many potential linkages between the two processes.

The capacity of ICTs to facilitate the fulfillment of all SDGs has been mentioned in Paragraph 14. It also lists Goal 4b on Education and Scholarships, Goal 5b on Women’s Empowerment, Goal 9c on Infrastructure and Access and Goal 17.8 on Technology Bank and Capacity Building as specific goals where this linkages can be particularly useful. In Follow Up and Review, the document in Paragraph calls for the CSTD review to feed into the SDG process in Paragraph 58. Additionally, Paragraph 62 designates the High Level Meeting in 2025 as an input process into the 2030 Review of the SDGs.

ICT for Development

In this section, the Outcome document takes a more nuanced view of development issues and the Digital Divide, however a few key ideas are still missing.

Paragraph 19 on cultural expression and Paragraph 23 on Local Content in different languages highlight the need for greater diversity online. The discussion on the Digital divide has also improved from the Zero Draft with Paragraph 22 calling for the creation of knowledge societies and for UN bodies to analyse the nature of the digital divide.  Paragraph 25 dedicated to the Gender divide is a much needed addition and it calls for immediate measures to address this divide. However, the discussion on the digital divide is lacking in that it fails to recognise that the digital divide is a manifestation of existing socio-economic inequalities. It also fails to reognise that access to the internet and ICTs should be rights based and equitable. While the role of ICTs in development is not disputed, having differential access to ICTs or the internet can actually serve to exacerbate the digital divide. Though this point has been made repeatedly, the draft outcome document does not acknowledge it.

Paragraph 36 is also notable as it calls for new mechanisms to fund ICT4D as opposed to the Zero Draft which called for the Digital Solidarity Fund to be reviewed. The position on the DSF has since changed as States and other stakeholders in October recognized that the DSF cannot be strengthened and a new mechanism is necessary.

New Section on Security

Much like human rights, many countries- especially the G77+China- called for a separate section on security issues. Thus, the outcome document has a new section 3 on Building Confidence and Security in the use of ICTs which was the erstwhile Section 2.3 in the Zero Draft.

Paragraph 45 is a change from the earlier Paragraph 46 in the Zero Draft. It notes the ‘leading role’ of governments in cybersecurity as opposed to the Zero Draft which called on them to play an enhanced role. The recognition of the need for security measures to be consistent with Human Rights is a much needed change.

Paragraph 46 of the Draft Outcome Document on cyber-ethics has been expanded to explicitly refer to the need to protect and empower children, women and girls.

Paragraphs 48 and 49 call for greater cooperation among States on cybersecurity matters. In a change from the Zero draft, these paragraphs have placed greater emphasis on cooperation and information sharing across stakeholders and between States. The call for an international cybercrimes convention in the Zero Draft has been changed to an acknowledgment of the call for such a convention.

Internet Governance

The absence of the mention of multistakeholderism or multistakeholder approaches is conspicuous in this Section. In fact Paragraph 50 suggests that internet governance is a multilateral process with “the full involvement of all stakeholders”.

The mandate of the IGF should be extended by 10 years according to Paragraph 54. However, it calls on the IGF to incorporate the findings of the CSTD Working Group on Improvements to the IGF and that the IGF should show progress on these lines. On Enhanced Cooperation, Paragraph 56 calls on the Secretary General to provide a report to the next (71st) General Assembly on the implementation and means to improve Enhanced Cooperation.

Follow-Up and Review

The most notable addition is the call for a High Level Meeting in 2025 to Review the WSIS Outcomes in Paragraph 62. This suggests some sort of a compromise between States as there were multiple proposals on whether there should be a Summit or a High Level Meeting. The section is also notable for the explicit recognition of the ways in which the WSIS Process can be linked with the SDGs. Other than the linkages mentioned above, Paragraph 52 calls for the WSIS Action Lines to be closely linked to the SDG process.

The Outcome Document is a more complete Document than the Zero Draft in many ways. However, there are a few issues that need to be ironed out before the High Level Meeting. With the process closed for stakeholders from now on , most of these changes will largely come from States. Though the co-facilitators have called for comments to be sent on the Draft Outcome Document, it is not on the same scale as the public comment periods and it is not clear how much these suggestions will be taken into consideration by them. In the absence of another Informal Consultation, their interaction with stakeholders at the IGF may be the last opportunity to participate in this process before the High Level Meeting.

Index of CCG’s WSIS+10 Review Coverage

To help readers navigate our coverage of the 2nd Preparatory Meeting, we have indexed our posts from the last 3 days. Please find them below:

  • Summary of Day 1

https://ccgnludelhi.wordpress.com/2015/10/20/2nd-preparatory-meeting-of-wsis10-review-summary-of-day-1/

  • India’s Statement on Day 1

https://ccgnludelhi.wordpress.com/2015/10/20/wsis10-zero-draft-indias-statement-at-the-2nd-preparatory-meeting/

  • Summary of Day 2- ICT4D

https://ccgnludelhi.wordpress.com/2015/10/21/2nd-preparatory-meeting-of-wsis10-review-summary-of-ict4d-discussions-on-day-2/

  • Summary of Day 2- Internet Governance

https://ccgnludelhi.wordpress.com/2015/10/22/2nd-preparatory-meeting-of-wsis10-review-summary-of-internet-governance-discussions-on-day-2/

  • India’s Statements on Day 2

https://ccgnludelhi.wordpress.com/2015/10/21/indias-statements-on-day-2-of-the-2nd-preparatory-meeting-of-the-wsis-review/

  • India’s Statements on Day 3

https://ccgnludelhi.wordpress.com/2015/10/22/indias-statement-on-cybersecurity-on-day-3-of-2nd-preparatory-meeting-for-wsis-review/

https://ccgnludelhi.wordpress.com/2015/10/22/indias-second-statement-on-cyber-security-references-digital-india/

https://ccgnludelhi.wordpress.com/2015/10/23/indian-statements-on-implementation-and-follow-up-at-2nd-preparatory-meeting/

Indian Statements on Implementation and Follow up at 2nd Preparatory Meeting

India made a third statement today, this time on the Implementation and Follow up of the WSIS Review. Below is the Statement:

The essence of what we’ve been discussing is Implementation and Follow-up. Talking about action lines is also talking about implementation. It is an assessment of whether we have succeeded or not. The WSIS document is commendable as it stands. We are in favour of an ongoing review process. But also support a High Level Meeting to look at these at some point. We do not understand approach of not changing anything or changing Action Lines. We’re talking about a dynamic platform like the internet, the manner in which it has changed the economy, lifestyles of people around the world would tell us that more is yet to come. Therefore we must be talking constantly about Cybersecurity, ICT4D and human rights as change is happening at rapid pace. Not being ready to review Action Lines or High Level Meeting that brings to attention issues that needs to be addressed is not understandable. Support Review Process and High Level Meeting at a period agreeable to Member states.”

In response to a query from the US on why a Review was needed the Indian delegation had the following to say:

This Review platform is a different one from the ongoing review. If ongoing review was efficient we wouldn’t be sitting here. Review must happen at the UNGA in 2020. We will continue to call for it.We urge the reconsideration of the approach that Review or High Level Meeting is not needed. Societies that have reached a certain level of development and want to manage growth over the next 10 years like India need Review. India is targeting internet for all by 2020. There will be several consequences for all. It will be mostly positive, but there might be negative as well. We are an open democracy. Voices are expressed and encouraged in India. UNGA must have Review in 2020.

India’s Second Statement on Cyber Security, References Digital India

India made a 2nd statement on cyber security and the WSIS today, highlighting the importance of a secure environment for development programmes for ICTs. India highlighted the Digital India programme in its statement. The summary is below:

India re-emphasized the importance of cybersecurity both from the point of view of economic development and national security. India also disagreed with Japan on the importance of cybersecurity for development pointing to the Digital india Initiative. India argued that the Digital India Initiative, which is taking e-services to all citizens in country needs to be supported by a secure environment and cybersecurity is an important part of this. India also stressed the importance of protecting  critical internet resources for India. India went on to Encourage Member States to present concrete, clear proposals on cybersecurity. India suggested having more Confidence Building Measures and raising awareness. India also supported Brazil on finding that the Budapest Convention as it stands is not sufficient to tackle cybercrimes.

India’s Statement on Cybersecurity on Day 3 of 2nd Preparatory Meeting for WSIS+10 Review

During discussions on cybersecurity in the Zero Draft of the WSIS+10, the Indian government made a statement calling attention to the increasing cyber threat and “malicious activities” online. Below is a summary of the statement:

We must recognize that Cyberspace is now the 5th domain as there is increasing innovation with information technology and cyber technology. However, we must protect existing infrastructure and information contained in infrastructure as malicious activities online are increasing exponentially with improvement in technology. Hence, the security of infrastructure is paramount, we must work together to prevent this through exchange of information and collaboration. Steps must be taken in comprehensive manner to improve R&D and technology transfer to counter cyber threats.