IGF 2018 WS #222 Open Source for Privacy, Data Protection and Anonymity

Organizer 1: Civil Society, African Group
Organizer 2: Civil Society, African Group

Speaker 1: Glenn McKnight, Civil Society, Western European and Others Group (WEOG)
Speaker 2: Judith Ann Okite, Civil Society, African Group
Speaker 3: Sarah Kiden, Civil Society, African Group
Speaker 4: Sunil Abraham, Civil Society, Asia-Pacific Group
Speaker 5: Mishi Choudhary, Civil Society, Asia-Pacific Group

We are living in a historic time where the issues of privacy, anonymity, and the use and misuse of personal & behavioural data have become mainstream concerns. Until now, companies could indiscriminately collect and promiscuously share personal data of their users with little or no repercussions. For some companies, such data formed their main revenue model, and these firms have seen no ethical problem in using and monetizing personal data. Many companies that offered "free" online services, therefore, were actually extracting payments--not in terms of money, but in terms of data. End-user licenses were so written as to provide sweeping rights to the company and no rights to the individual user.

GDPR has made a significant difference to this situation, but only in one part of the world, and in a part that is mostly well-developed, socially and economically. The rest of the world is still grappling with these problems. There are no clear solutions that emerge, and it is likely that there will be a significant turbulence--for users as well as for companies--as States begin to implement different laws. In the short run, these laws may be conflicting in nature, as for instance, the situation in Hong Kong demonstrates. Any Hong Kong company that has users from EU have to comply with two laws, the GDPR and the Chinese law, which appear to be polar opposites (the Chinese law reportedly requires companies to hand over all information on users to the Government, irrespective of their location, whereas the GDPR prohibits such sweeping use of data even to Governments).

Given the fact that harmonizing of these laws are going take time and effort, billions of users in different parts of the world are likely to find it difficult to protect their personal data.

It is here that Free and Open Source Software (FOSS) provides a way out. FOSS provides an ethical framework to approach privacy and also an extremely powerful set of tools and methodologies whereby users can be empowered to protect their own data whether or not GDPR exists. In fact, these tools can be leveraged even under the GDPR for an added layer of protection while using the Internet.

Given that the Internet is today "...the horizontal fabric that supports permissionless, borderless innovation" and also given that individuals--ranging from the richest industrialist to the poorest farmer or fisher--are using it for personal, informational, educational, recreational and transactional uses, it is important to ensure that all these users are equally empowered to use the Internet safely and privately.

The proposed 90-minutes panel will address the role of FOSS in empowering users so as to enable them to use the Internet as an free and open medium and tool.

Format: 

Panel - 90 Min

Interventions: 

Confirmed speakers at this time are:
1. Ms. Judy Okite, FOSS Foundation for Africa (FOSSFA), Africa
2. Ms. Sarah Kiden, Ford-Mozilla Open Web Fellow, South Africa, Africa
3. Mr. Sunil Abraham, Centre for Internet and Society, India
4. Ms. Mishi Choudhary, Software Freedom Law Centre (SFLC), New York, US
5. Mr. Glenn McKnight, FOSS Consultant, and Member - Board of Trustees, Internet Society, Canada
6. Mr. Satish Babu, Founder-Director, International Centre for Free/Open Source Software (ICFOSS), India, and Chair, APRALO, ICANN

The proposed session schedule (using confirmed speakers) is as follows:

A. Welcome and Session Objectives (Onsite Moderator, 5 min)

B. Response to Questions (provided in Section VIII) by Practitioners & Experts (5 speakers x 8 min = 40 min)

C. Open Discussions (40 min)

D. Conclusions (5 min)

Diversity: 

Of the six panelists, three are women. The panel also has good representation of emerging economies (South Africa, Kenya, India). We also hope to attract several online speakers (going by past IGF workshops) as well as good audience thereby further increasing diversity.

Almost 30 years ago, Richard Stallman--the founder of the GNU Project and the Free Software movement--pointed out the need for access to the source code of programmes in order to ensure that the privacy of users was protected. As he predicted, many later developments such as Smart Phones, Cloud Computing, Software-As-A-Service (SaaS) and the rise of social media, ironically tended to disempower the user than to empower her.

The fundamental ethos of FOSS is to empower both the software developer and the user, which it does by ensuring access to source code under the terms of a license such as the GPL. Later developments within the Free Software movement--Creative Commons, Open Hardware, Open Access Publishing, for instance--continued to uphold these legal and ethical principles.

The session will look at the following questions:
1. How does FOSS approach the matter of personal data protection, privacy and anonymity?
2. What makes the FOSS approach available, accessible and free of entry barriers (such as cost, license) to end-users?
3. What are some of the successful cases of FOSS protecting users?
4. What are the existing FOSS tools available that can be used by end-users (eg., TOR, Wikipedia, Protonmail, Linux)?
5. As we go forward towards a post-GDPR world, how does the role of FOSS change (if at all)?

Discussion Facilitation: 

The onsite moderator is a seasoned participant at IGF, having attended 8 IGFs in the period 2009-2017. The primary responsibility areas of the onsite moderator are to ensure the following:

a. All speakers speak for a reasonable time and no one dominates (recommended time is 8 minutes continuously and 12 min in the whole session)
b. Remote participants get priority over onsite participants
c. Gender and Geographical diversity will be kept in mind while allocating speaking time
d. The time for participant discussions will not be cut (even if some speakers' time has to be cut)

Online Participation: 

Online/Remote participation will be facilitated and encouraged. The services of a trained and experienced online moderator (who has been associated with the organizers for several workshops in past IGFs) will be used this time as well. Care will be taken to ensure that remote participants are accommodated and specially provided for, even if network disruptions occur.

All speakers are part of multiple communities involved with the Free and Open Source community as well as the Internet Governance communities (ICANN, IGF and Internet Society). Other community members in different parts of the world, from Latin America and the Caribbean, Asia-Pacific, Africa, Europe and North America will be informed through email, and where possible, remote hubs will be set up (for instance, at ISOC Chapters).

On the whole, remote and online participation will be taken up as an essential aspect of the workshop.