Improving Technical Security

The Role of South Asia’s NOGs in Community Building

At the recently concluded 34th South Asia Network Operators Group (SANOG 34), it was interesting not only to hear about the evolution of digital infrastructure, technology, and the economy in South Asia, including the opportunities it presents to network operators, but also to hear how community-led national Network Operating Groups (NOGs) in South Asia are working to build technical community knowledge, capacity, and engagement in their respective economies.

SANOG, which was set up as a sub-regional, community-led initiative in 2003, has played a significant role in bringing operators from the region together for knowledge sharing and cooperation. It is a biannual event, rotated among economies for maximum reach and participation.

While the NOGs of developed economies in the Asia Pacific began forming in the late 1990s, the NOGs in South Asia are quite recent: Bangladesh (bdNOG) and Bhutan (btNOG) were set up in 2014; Nepal (npNOG) in 2016; Sri Lanka (LKNOG) in 2017; and India (INNOG) in 2017.

The objectives of these NOGs are to encourage knowledge sharing within their respective economies and discuss global and regional technical developments, while addressing local requirements and issues. This, in turn, helps members of the operator community acquire the necessary skills to equip them for the present and the future. NOG meetings also provide a common ground for networking among participants, which helps in the exchange of ideas and thoughts. While most of the NOGs in South Asia have an annual event, it is only bdNOG that is held twice a year. The NOG meetings are normally rotated across cities in order to cater to more people.

While most NOGs organize both workshops and conferences during their events, depending on the requirement of the region and availability of trainers, the number of conference and workshop days at a NOG meeting vary: bdNOG has a half-day conference and four days of workshops; INNOG has a one-day conference and three days of workshops; npNOG has a half-day conference and three days of workshops; and LKNOG has a one-day conference and a one-day workshop.

Topics for discussion and training are normally decided based on global and regional trends, keeping domestic requirements in mind. IPv6, IXPs, MPLS, DNS, routing security, network monitoring and management, and SDN are some of the workshop topics you can expect to find at a NOG meeting in South Asia.

Most NOG meetings are paid entry events, with an average of around 150 participants attending.

We can look to the larger and more established NOGs in the Asia Pacific region for inspiration for what we want our South Asian NOG meetings to become. Holding hackathons and expanding the topics of discussion to more cutting-edge topics like next-generation data centre architecture and segment routing are just two ideas. Some very large NOGs are even able to run meetings without registration fees, attracting large numbers of attendees.

To encourage participation, NOGs such as LKNOG, btNOG, and bdNOG have provided fellowships. As women and youth are still less represented in such meetings, diversity initiatives have been taken by NOGs in the sub-region, including providing fellowships for women and young students in btNOG, organizing a networking panel for women, to promote women in tech at LKNOG, and so on.

While most of the NOGs aspire to increase their participation further and provide fellowships to deserving candidates, they face issues such as the uncertainty or inadequacy of sponsorships and unavailability of trainers (especially local). NOGs in South Asia can be particularly hindered by these issues.

Despite the odds, however, the NOGs are finding innovative ways to encourage more participation and help build a community of  trained and knowledgeable network operators, who are connected and can support one another when required.

This article reprinted with permission by the Asia Pacific Network Information Centre (APNIC), the Regional Internet Registry for the Asia-Pacific region.

Building Trust Privacy

CCAOI-ISOC Delhi Webinar on the Draft National e-Commerce Policy

The Indian government’s Department for Promotion of Industry and Internal Trade has released a draft of the National e-Commerce Policy for public comments by 29 March 2019. The CCAOI, with support from the Internet Society India Delhi Chapter, organized a webinar to discuss the draft policy on 18 March. The objective of the discussion was to inform various stakeholders of the provisions of the draft policy and highlight issues of concern. Watch the recording here.

The session was moderated by Subhashish Panigrahi and myself. It was attended by over 45 participants from different stakeholder communities across the country. The speakers that participated in the session were Devika Aggarwal from NASSCOM, Ankit Anand from Reliance Jio, Nikhil Pahwa from MediaNama, Parminder Singh from IT for Change, and Dr. Mahesh Uppal from ComFirst (India) Private Limited.

To kick off the webinar, Smitha Krishna Prasad of the Centre for Communication Governance at the National Law University presented an overview of the draft policy, following which the speakers shared their perspectives on the draft policy. Towards the end of the webinar, speakers answered questions from the participants in a lively and interactive Q&A session.

Some of the key issues discussed were on the shortcomings of the draft, such as the ambiguity of terms used in the draft, issues related to ownership and categorization of data, data sharing and data localization, and concerns of undermining user consent in cross-border data sharing. Other issues discussed relate to intellectual property rights, conflicting regulatory frameworks, network effects, and disclosure of source codes.

The key takeaways from the webinar were as follows:

  • There are several ambiguities in the draft policy that need to be addressed so as to provide clarity to businesses and users engaging in e-commerce activities.
  • The draft policy in its present form, contains provisions in conflict with prevailing laws in India and needs to be streamlined with all applicable statutes.
  • Although the policy is an unenforceable document, several of the issues highlighted in it fall under the domain of existing regulatory frameworks and agencies. These regulators could bring into effect the recommendations of the draft policy by issuing appropriate directions. Therefore, the implementation process needs to be clarified.
  • The draft policy must not become a complex document dealing with the intricacies of the conduct of e-commerce operations in India, but should suggest the favorable approaches to e-commerce and provide incentives to businesses to comply with the suggested approaches.
Building Trust Encryption Improving Technical Security Privacy

Internet Society Delhi Chapter and CCAOI Organize Webinar on India’s Draft Intermediary Rules

On 10 January, the Internet Society Delhi Chapter and CCAOI jointly organised an interactive webinar on the draft Information Technology [Intermediary Guidelines (Amendment) Rules] 2018 (“the draft Intermediary Rules”) to improve understanding of it and to encourage members and other Indian stakeholders to submit their comments to the Ministry of Electronics and Information Technology (MeitY) during their public comment period. The draft Intermediary Rules seeks to modify Section 79(2)(c) of the Information Technology Act, 2000 (the IT Act). Section 79 of the IT Act introduces obligations for intermediaries to meet to gain exemption from liability over the third-party information that they “receive, store, transmit, or provide any service with respect to.” These proposed changes were developed by MeitY to try to address misinformation and harmful content on social media, which have been connected with lynching and other recent violent acts of vigilantism.

The session was moderated by Subhashish Panigrahi, chapter development manager for Asia-Pacific at the Internet Society, and Amrita Choudhury, treasurer of the Internet Society Delhi Chapter and director of the CCAOI.

The changes to the IT Act proposed in the draft Intermediary Rules would require intermediaries to provide monthly notification to users on content they should not share; ensure that the originator of unlawful content is traceable; deploy automated tools for proactively identifying and disabling unlawful information or content; and obligate intermediaries with over 5,000,000 users to set up office in India and appoint a nodal officer (for coordination with law enforcement agencies).

An “intermediary” under the IT Act includes any person or entity who on behalf of another receives, stores, or transmits a message or provides any service with respect to a message. Under the IT Act, intermediaries include ISPs, cybercafés, online companies, social media, etc. Looking at the broad definition of intermediaries, some argue that the proposed changes to the IT Act would be difficult for many intermediaries to comply with. Other concerns include whether the draft Intermediary Rules have the capacity to affect the fundamental rights of free speech and privacy or may erode the safe harbor protection for intermediaries which Section 79 of the IT Act provides.

During the interactive webinar organized by the Delhi Chapter and CCAOI:

  • Shashank Misra, Senior Associate at Shardul Amarchand Mangaldas & Co, gave an introduction to the draft Intermediary Rules, the definition of intermediaries under the IT Act, and obligations for intermediaries. He presented an overview of the draft Intermediary Rules, categorizing the amendments under five broad themes, and reiterated the importance of commenting on the draft now before it becomes a law.
  • Nehaa ChaudhariPublic Policy Lead at Ikigai Law, highlighted the draft Intermediary Rules’ lack of clarity on oversight mechanisms for the state and central government. She called attention to the lack of safeguards on take down requests under Section 5 of the draft Intermediary Rules. She also questioned the introduction of some obligations as part of “delegated legislation,” instead arguing that these should be proposed under new legislation. (In India, delegated legislation occurs when an executive authority is given the power to make laws to implement a primary legislation.) The Intermediary Rules are a form of delegated legislation to implement the IT Act. She also questioned the necessity of some of the proposed suggestions, such as the monthly user notification by all intermediaries, and whether it achieves its objective.
  • Arjun Sinha, a tech lawyer, argued that the government needs to adopt a graded approach for requesting for information or assistance from online platforms, rather than adopting a 72-hour timeline. Using this approach, different grades would be based on the importance of the information requested. He also questioned the metrics used to calculate the 5,000,000 users, including how the government would independently verify the number and ensure compliance.
  • Gurshabad Grover, Policy Officer at CIS India, highlighted that the draft rules may exceed the scope of what is allowed to be “delegated legislation.” In addition, he argued that the draft rule 3.9, which asks for deploying automated tools for “proactively identifying and removing or disabling public access to unlawful information or content,” is technically impossible for some intermediaries to implement.
  • Paul BrooksChair of Internet Australia, an Internet Society Chapter, shared the Australian chapter’s experience and lessons learned during their own advocacy on Australian regulations and policies that could impact Internet security. In 2018, the Chapter engaged in an advocacy campaign to inform lawmakers and the public on the issues that could arise from proposed legislation on encryption. During their campaign, Internet Australia’s activities included holding a public workshop, making submissions on draft legislation, and conducting interviews with media outlets about the legislation.
  • Subhashish Panigrahi emphasized the Internet Society’s commitment to support Indian chapters in making their submissions on the draft Intermediary Rules. He also gave an overview of the work done by the Internet Society on encryption, such as the Encryption Policy Brief. He encouraged participants to visit the Internet Society’s encryption issues page for more resources.

With nearly fifty people attending the webinar, there were various questions raised by the participants, which were responded to by the experts.  Based on interest, another discussion may be held just after the submission deadline so that counter comments can be submitted.

All are encouraged to submit their comments on the draft guidelines by 31 January to:

  • gccyberlaw[at]meity[dot]gov[dot]in
  • pkumar[at]meity[dot]gov[dot]in
  • dhawal[at]gov[dot]in

Watch the Livestream of the event!