Monitoring Information Controls During the Bali IGF October 21, 2013
Monitoring Information Controls During the Bali IGF Introduction On October 22-25, 2013, Indonesia will host the eighth annual Internet Governance Forum (IGF), a multi-stakeholder dialogue on the issues and policies of Internet governance. The main theme of this year’s IGF is “Building Bridges: Enhancing Multi-stakeholder Cooperation for Growth and Sustainable Development.” This post is the first in a series that will explore online freedom of expression and the state of information controls in Indonesia in the context of their role as host of the IGF, comparing Indonesia’s information controls with similar practices in the region, the rest of the world, and events similar to the IGF. We will also analyze how these practices are driven by Indonesia’s social, political, and cultural context, and the role that international norms play in influencing information controls. Major global events are frequently a focal point for the exercise of and contests over information controls, including Internet censorship and surveillance, disruptions to mobile and other communications systems, and tampering with Internet connectivity. Such information controls are often highly dynamic, responding to the changing situation on the ground when information can have the greatest impact. We have called such practices “just-in-time” information controls — denying, disrupting, manipulating or monitoring access to information during important political moments.1 High profile, global events can have significant political, social and economic consequences for host countries, and may come with new security and surveillance measures as a result.2 Several Citizen Lab researchers and associates who are attending the IGF are participating in the research for these posts, including those who have been situated in Indonesia for some time as part of the civil society stakeholder preparations for the 2013 IGF. Additionally, we are capitalizing on the expertise and input of Indonesian colleagues, including those who are part of the Cyber Stewards Network,3 to provide much-needed context and nuance around the analysis presented here. We are also mindful of others who are attending the IGF and are engaging in their own separate monitoring activities, and intend to reference their work as much as possible and when appropriate. Citizen Lab staff working remotely will be providing input into and support for network measurement and legal and policy analysis. We frame our analysis with the following topics and questions, which will in turn inform a series of forthcoming posts: Infrastructure and Governance: The application of information controls in a country is highly influenced by the domestic political, economic, and social context in which they are applied. Each country’s communication infrastructure is unique, differentiated by factors such as the number of Internet service providers (ISPs), telecommunication companies, the degree of market competition among them, and the overall level of Internet penetration and growth. In some countries numerous ISPs and a highly competitive market environment can act as a constraint on state-driven information controls, whereas in other countries with fewer ISPs and less democratic regimes, state regulations can be more centrally implemented and sometimes more constraining. International connectivity and upstream peering arrangements can also shape the nature of information controls, as do regional and international governance regimes of which the country may be a member. Most importantly, the regime type of the country in question can have a major influence over the nature of information controls. The Indonesian government has traditionally been supportive of ICT development. Internet penetration has increased since the beginning of the century, from less than one percent in 2000 to 15.36 per cent in 2012. Cellular phone penetration has increased at an exponential rate over the same time period, from 1.72 to 115.20 cellular phone subscriptions per 100 inhabitants from 2000 to 2012. The government is planning to increase basic telephone services to thousands of villages across the country and is trying to increase Internet penetration to the country’s easternmost islands. Indonesia has over 250 ISPs. The two largest telecommunications operators, PT Telekom and PT Indosat, were partially privatized in the mid-90s after years of state-control, although the government continues to own shares in both companies. As ICT penetration in Indonesia has increased, so have the regulations and laws, some having as their impetus the perceived necessities of dealing with growing cyber crime issues others having to do with content controls. ISPs and telecommunications companies have voiced their concerns that these laws lack clarity and may place burdens on their services.4 Our post will examine the following questions: How is cyberspace constituted in Indonesia? What is the political economy of Internet governance and use in the country? How are laws and regulations over the Internet implemented? What autonomy do ISPs have to implement laws and rules, and what practices inform implementation of controls in Indonesia? How do these practices compare to other countries? Is the Indonesian government developing a cyber security strategy? What policies does it include, and how will these impact information controls? How have issues of cyber crime been perceived in Indonesia and what have been the institutional and legal responses? Does the Indonesian government have a “regional” or “foreign policy” for cyberspace? Content Controls: Information controls include those whose aim is to control the content accessible to a population, including information posted online. Content controls can include laws and regulations that restrict free speech online or in certain media, as well as technical measures designed to limit access to information — otherwise known as “Internet filtering.” Since 2003, the Citizen Lab, as a founding member of the OpenNet Initiative,5 has conducted testing of Internet filtering in 74 countries, and has found that of these 74 countries, 42 engage in some form of content filtering. The type of content being filtered varies across countries, and depends on local political, legal, social, and cultural contexts. We employ a multidisciplinary approach that includes technical testing of government mandated Internet censorship policies and practices, field research by regional and country-level experts, as well as analysis of the country’s legal and regulatory filtering framework. The combination of technical investigation with political, social and legal contextual work is essential for understanding both how and why information controls are applied.6 We also aim to determine the specific techniques and, where possible, the products that are used to implement Internet content filtering. OpenNet Initiative testing in 2010 on four Indonesian ISPs found that pornographic content, which is illegal under the country’s 2008 Anti-Pornography Law, is heavily filtered. Testing also revealed that Internet filtering across ISPs is unsystematic and inconsistent, with some ISPs blocking more than others and targeting a wider range of content such as anonymizer and circumvention Web sites, and Web sites containing controversial political or religious content. In 2011, smartphone maker BlackBerry began censoring pornographic content on their networks in the country following demands by the Indonesian government. This research on content controls will be guided by the following questions: What content controls are applied in Indonesia? How are those content controls implemented or carried out? What do network measurements of Internet accessibility reveal about the scope, scale, and character of information controls in Indonesia? What restrictions are placed on free expression, both off and online, in Indonesia? What steps have civil society groups taken in response? What Internet users, if any, have been targeted for arrest and on what grounds? Surveillance and Control: Surveillance is one of the most effective, if less obvious, forms of information control. Governments and private companies engage in surveillance for a wide range of reasons, many of them beneficial for society. For example, surveillance is an essential component of government responses to health crises and natural emergencies, and is a critical component of effective large-scale network management and law enforcement. However, surveillance can also be used to target dissidents and undermine privacy. If surveillance is undertaken without proper accountability, it can lead to the abuse of power. Surveillance of the Internet and other communications is now a huge growth industry, with many companies supplying governments with passive and targeted surveillance products and services. Past Citizen Lab research has documented the use of surveillance technologies, products, and services in Indonesia. For example, command and control servers for the commercial malware product FinFisher were identified on the Indonesian ISPs PT Telkom, PT Matrixnet Global and Biznet, as were devices which can be used for filtering and surveillance manufactured by the US-headquartered Blue Coat Systems. Indonesia’s Ministry of Defence recently signed a USD 6.7 million contract with Gamma TSE to provide undisclosed “wiretapping equipment” for use by the Ministry’s Strategic Intelligence Agency. Gamma TSE is part of the Gamma Group, which includes Gamma Group International, the developer of FinFisher, a “lawful interception” product. Smartphone maker BlackBerry has come under pressure from Indonesian authorities to locate infrastructure within the country as a means of facilitating surveillance of users, although it is not clear what, if any, arrangements have been made between the company and the Indonesian government. Our post will examine the following questions: What type of surveillance is undertaken by Indonesian authorities? What oversight and accountability is associated with that monitoring? What range of equipment, products, services, etc., does Indonesia use to implement surveillance? And how is that surveillance targeted? Have any special security and surveillance measures been taken for the IGF? What type of surveillance, if any, exists at the venue and for what purpose? IGF Controls: Major global events like the IGF are often a significant focus of international attention and can have important political, economic and social consequences for host countries. Information controls are customarily loosened during the hosting of the IGF event — particularly at the venue itself. At the 2005 World Summit on the Information Society (WSIS) in Tunis, for example, unfettered access was provided within the conference venue, while filtering remained elsewhere in the country. Citizen Lab staff and associates have participated in every IGF since the first meeting was held in Athens in 2006, (as well as the WSIS meetings that preceded it in 2003 and 2005). At the 2005 WSIS meeting in Tunis, Citizen Lab researcher Nart Villeneuve’s presentation on Internet filtering was disrupted by Tunisian authorities and nearly cancelled. Our participation in the 2009 IGF in Egypt included having our book launch for the OpenNet Initiative’s Access Controlled disrupted by United Nations’ officials, following complaints by representatives for the government of China concerning our reference to Tibet and the Great Firewall of China in our published material. Our last post will focus on the dynamics surrounding the IGF itself: What are the interests of the various Indonesian stakeholders (government, private sector, civil society) in hosting the IGF? What do different stakeholders hope to accomplish? Where do these interests clash? What value does the Indonesian government place in the IGF relative to other international forums, such as ICANN, the ITU, or non-cyberspace related forums like APEC and ASEAN ? To what extent have Indonesian stakeholders been able to influence and shape the agenda and outcomes of the IGF? How did they prepare for the meeting, and what were the obstacles to overcome in making it happen (e.g., budgetary issues)? With the IGF underway in Indonesia, what impact does the forum have, if any, on Indonesian information controls and related practices? How does Internet accessibility in the venue of the forum, or in any other area where attendees may congregate (i.e. hotels, Internet cafes, etc.), compare to that which the average Indonesian user experiences? How have the stakeholders in Indonesia organized themselves to organize and host the IGF . What are the political dynamics of the IGF meeting itself? What were the processes to develop the agenda and program for the meeting — e.g., how did the multi-stakeholder advisory committee develop the key topics, agenda, and structures of the IGF? Which stakeholders held which positions, and who had input? What were the outcomes? Footnotes 1 For more background on “just-in-time” content controls, see Masashi Crete-Nishihata and Jillian C. York, “Egypt’s Internet Blackout: Extreme Example of Just-in-time Blocking,” OpenNet Initiative, January 28, 2011,https://opennet.net/blog/2011/01/egypt%E2%80%99s-internet-blackout-extreme-example-just-time-blocking; and Ronald Deibert and Rafal Rohozinski, “Good for Liberty, Bad for Security? Global Civil Society and the Securitization of the Internet,” in Access Denied: The Practice and Policy of Global Internet Filtering, eds. Ronald Deibert, John Palfrey, Rafal Rohozinski, and Jonathan Zittrain (Cambridge, Massachusetts: MIT Press, 2008), http://access.opennet.net/wp-content/uploads/2011/12/accessdenied-chapter-6.pdf. 2 Russia’s Surveillance State, a joint project between Citizen Lab, Agentura.Ru and Privacy International, has documented the growth of surveillance measures in preparation for the 2014 Sochi Winter Olympics. See Irina Borogan and Andrei Soldatov, “Surveillance at the Sochi Olympics 2014,” Agentura.ru, October 2013, http://www.agentura.ru/english/projects/Project_ID/sochi. 3 The Cyber Stewards program Cyber Stewards is a global network of organizations and individuals that use evidenced-based research for policy advocacy to ensure and promote a secure and open Internet. We are building bridges between researchers and activists in the global North and South to form a space of peers for collaboration and organization at local, regional, and international levels. 4 Mariel Grazella, “ICT Businesses to Tackle Policy at Global Internet Forum,” The Jakata Post, March 02, 2013, available athttp://www.thejakartapost.com/news/2013/03/02/ict-businesses-tackle-policy-global-forum-bali.html. 5 The OpenNet Initiative is a collaborative partnership of three institutions: the Citizen Lab at the Munk School of Global Affairs, University of Toronto; the Berkman Center for Internet & Society at Harvard University; and the SecDev Group (Ottawa). 6 See Masashi Crete-Nishihata, Ronald J. Deibert, and Adam Senft, “Not by Technical Means Alone: The Multidisciplinary Challenge of Studying Information Controls,” IEEE Internet Computing 17.3 (2013): 34-41. Ronald Deibert Director, the Citizen Lab and the Canada Centre for Global Security Studies Munk School of Global Affairs University of Toronto (416) 946-8916 PGP: http://deibert.citizenlab.org/pubkey.txt http://deibert.citizenlab.org/ twitter.com/citizenlab r.deib...@utoronto.ca
-- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
