Pathways to Higher Education
https://cis-india.org
These are the search results for the query, showing results 61 to 75.
Indian Newspapers' Digital Transition
https://cis-india.org/raw/indian-newspapers-digital-transition
<b>This report examines the digital transition underway at three leading newspapers in India, the Dainik Jagran in Hindi, English-language Hindustan Times, and Malayala Manorama in Malayalam. Our focus is on how they are changing their newsroom organisation and journalistic work to expand their digital presence and adapt to a changing media environment. The report comes out of a collaboration between the CIS and the Reuters Institute for the Study of Journalism, University of Oxford, and was supported by the latter. The research was undertaken by Zeenab Aneez, with contributions from Rasmus Kleis Nielsen, Vibodh Parthasarathi, and Sumandro Chattapadhyay.</b>
<p> </p>
<h4>Download: <a href="http://reutersinstitute.politics.ox.ac.uk/sites/default/files/Indian%20Newspapers%27%20Digital%20Transition.pdf">PDF</a>.</h4>
<p>Cross-posted from the <a href="http://reutersinstitute.politics.ox.ac.uk/publication/indian-newspapers-digital-transition">Reuters Institute for the Study of Journalism</a> (December 08, 2016).</p>
<hr />
<h2>Executive Summary</h2>
<p>This report examines the digital transition underway at three leading newspapers in India, the <em>Dainik Jagran</em> in Hindi, English-language <em>Hindustan Times</em>, and <em>Malayala Manorama</em> in Malayalam. Our focus is on how they are changing their newsroom organisation and journalistic work to expand their digital presence and adapt to a changing media environment.</p>
<p>The background for the report is the rapid and continued growth in digital media use in India. Especially since 2010, internet use has grown at an explosive pace, driven by the spread of mobile web access, also outside large urban areas and the more affluent and highly educated English-language minority that have historically represented a large part of India’s internet users. Some analysts estimate more than 30% of Indians had some form of internet access by the end of 2015 (IAMAI-IMRB, 2015). With this growth has come a perceptible shift of audience attention and advertising investment away from legacy media like print and television and towards digital media. This shift has been accompanied by the launch of a number of new digital media start-ups in India and, especially, the growing role of large international technology companies investing in the Indian market.</p>
<p>These developments present Indian newspapers with new challenges and opportunities. Print circulation and advertising is still growing in India, but more slowly than in the past, and especially the English-language market
seems saturated and ripe for the shift towards digital media that has happened elsewhere. From 2014 to 2015, the Indian advertising market grew by 13%. Print grew 8%, but English-language newspaper advertising only half of that. Digital advertising, in contrast, grew by 38%, and is projected to continue to grow for years to come as digital media become more central to India’s overall media environment (KPMG-FICCI, 2016).</p>
<p>If they want to secure their long-term future and continued editorial and commercial success, Indian newspapers have to adapt to these changes. The three case studies in this report represent three different examples of how major newspapers are navigating this transition.</p>
<p>Based on over 30 interviews conducted with senior management, editors, and rank-and-file reporters from three major newspapers, as well as other senior journalists and researchers who have wider experience in the Indian
news industry, plus secondary sources including industry reports and academic research, we show the following.</p>
<ul><li>All three newspapers are proactively investing in digital media technology and expertise, and adapting their editorial priorities, parts of their daily workflow, distribution strategies, and business model to the
rise of digital media. Tools like Chartbeat are now commonplace; search engine optimisation, social media optimisation, and audience analytics are part of everyday work; and some are experimenting with new
formats (<em>Hindustan Times</em> was a launch partner for Facebook Instant Articles; <em>Manorama Online</em> has produced both Virtual Reality and 360 videos, an Apple watch app, and is on Amazon Echo).<br /><br /></li>
<li>Given that the print newspaper industry is still growing in India, especially in Indian-language markets, these newspapers are innovating from a position of relative strength in comparison to their North American and European counterparts. However, this is done with the awareness that that print is becoming a relatively less important part of the Indian media environment, and digital media more important. Short-term, reach and profits come from print, but longer term, all have to build a strong digital presence to succeed editorially and commercially.<br /><br /></li>
<li>All three newspapers aim to do this by building on the assets they have as legacy media organisations, and trying to leverage their brand reputation, audience reach, and editorial resources to maintain an edge over digital news start-ups and international news providers. Their legacy, however, offers not only assets, but also liabilities. As successful incumbents, all of them struggle with the inertia that comes from established organisational structures and professional cultures. To change their organisation and culture, and thus more effectively combine new technologies and skills with existing core competences, each newspaper is not only investing in digital media and personnel, but also trying to change at least parts of the existing newspaper to adapt to an increasingly digital media environment.<br /><br /></li>
<li>They do this in different ways. At <em>Dainik Jagran</em> and <em>Malayala Manorama</em>, the focus has been on building up separate digital operations at Jagran.com and Manorama Online, apart from the printed newspaper itself. At the <em>Hindustan Times</em>, in contrast, the aim has been to integrate print and digital in a joint operation working across platforms and channels. <em>Dainik Jagran</em> and <em>Malayala Manoroma</em> have thus focused mostly on building up new digital assets, whereas the <em>Hindustan Times</em> has been transforming existing assets to work across platforms. At <em>Dainik Jagran</em> and <em>Malayala Manorama</em>, much of the push for change has come from management, whereas there has been a stronger editorial involvement at the <em>Hindustan Times</em>, and a greater attempt to engage rank-and-file reporters through training sessions and other initiative designed to demonstrate not only the commercial importance, but also the editorial potential, of digital media.<br /><br /></li>
<li>All three newspapers have found that expanding their digital operations requires investment of money in new technologies and in staff with new skills. But it is also clear that this is not enough. Investment in technology has to be accompanied by a change in organisation and culture to effectively leverage existing assets in a digital media environment. In their attempts to do this, the most significant barriers have been a perceived cultural hierarchy, deeply ingrained especially in the newsroom, that print journalism is somehow inherently superior to
digital journalism, and a lack of effective synergy between editorial leaders and managers, often combined with a lack of technical know-how. Money can buy new tools and bring in new expertise, but it cannot on its own change culture, ensure synergy, or align the organisation with new priorities. This requires leadership and broad-based change. Long-term, senior editors, management, and rank-and-file reporters will have to work and change together to secure Indian newspapers’ role in an increasingly digital media environment.</li></ul>
<p>Digital media thus present Indian newspapers with challenges and opportunities similar to those newspapers have faced elsewhere. Only they face these from a position of greater strength, because of the continued growth in their print business, and with the benefit of having seen how things have developed in more technologically developed markets. We hope this report will help them navigate the digital transition ahead.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/raw/indian-newspapers-digital-transition'>https://cis-india.org/raw/indian-newspapers-digital-transition</a>
</p>
No publisherzeenabDigital NewsRAW PublicationsResearchers at WorkResearchDigital MediaFeaturedPublicationsHomepage2016-12-09T07:12:53ZBlog EntryThe Technology behind Big Data
https://cis-india.org/internet-governance/blog/technology-behind-big-data
<b>The authors undertakes a high-level literature review of the most commonly used technological tools and processes in the big data life cycle. The big data life cycle is a conceptual construct that can be used to study the various stages that typically occur in collecting, storing and analysing big data, along with the principles that can govern these processes.</b>
<p> </p>
<h4><a class="external-link" href="http://cis-india.org/internet-governance/files/technology-behind-big-data.pdf/view">Download the Paper</a> (PDF, 277 kb)</h4>
<hr />
<h2 style="text-align: justify;">Introduction</h2>
<p style="text-align: justify;">Defining big data is a disputed area in the field of computer science<a name="_ftnref1" href="#_ftn1"><sup><sup>[1]</sup></sup></a>, there is some consensus on a basic structure to its definition<a name="_ftnref2" href="#_ftn2"><sup><sup>[2]</sup></sup></a>. Big data is data that is collected in the form of datasets that has three main criteria: size, variety & velocity, all of which operate at an immense scale<a name="_ftnref3" href="#_ftn3"><sup><sup>[3]</sup></sup></a>. It is ‘big’ in size, often running into petabytes of information, has vast variety within its components, and is created, captured and analysed at an incredibly rapid velocity. All of this also makes big data difficult to handle using traditional technological tools and techniques.</p>
<p style="text-align: justify;">This paper will attempt to perform a high-level literature review of the most commonly used technological tools and processes in the big data life cycle. The big data life cycle is a conceptual construct that can be used to study the various stages that typically occur in collecting, storing and analysing big data, along with the principles that can govern these processes. The big data life cycle consists of four components, which will also be the key structural points of the paper, namely: Data Acquisition, Data Awareness, Data Analytics & Data Governance.<strong><sup>4</sup> </strong>The paper will focus on the aspects that the author believes are relevant for analysing the technological impact of big data on both technology itself and society at large.</p>
<p style="text-align: justify;"><strong>Scope: </strong>The scope of the paper is to study the technology used in big data using the "Life Cycle of Big Data" as model structure to categorise & study the vast range of technologies that are involved in big data. However, the paper will be limited to the study of technology related directly to the big data life cycle. It shall specifically exclude the use/utilisation of big data from its scope since big data is most often being fed into other, unrelated technologies for consumption leading to rather limitless possibilities.</p>
<p style="text-align: justify;"><strong>Goal:</strong> Goal of the paper is twofold: a.) to use the available literature on the technological aspects of big data, to perform a brief overview of the technology in the field and b.) to frame the relevant research questions for studying the technology of big data and its possible impact on society.</p>
<h2 style="text-align: justify;">Data Acquisition</h2>
<p style="text-align: justify;">Acquiring big data has two main sub components to it, the first being sensing the existence of the data’ itself and the second, the stage of collecting and storing this data. Both of these subcomponents are incredibly diverse fields, with lots of rapid change occurring in the technology utilised to carry out these tasks. The section will provide a brief overview of the subcomponents and then discuss the technology used to fulfil the tasks.</p>
<h2 style="text-align: justify;">Data Sensing</h2>
<p style="text-align: justify;">Data does not exist in a vacuum and is always created as a part of a larger process, especially in the aspect of modern technology. Therefore, the source of the data itself plays a vital role in determining how it can be captured and analysed in the larger scheme of things. Entities constantly emit information into the environment that can be utilised for the purposes of big data, leading to two main kinds of data: data that is “born digital” or “born analogue.”<a name="_ftnref4" href="#_ftn4"><sup><sup>[4]</sup></sup></a></p>
<h3 style="text-align: justify;">Born Digital Data</h3>
<p style="text-align: justify;">Information that is “born digital,” is created, by a user or by a digital system, specifically for use by a computer or data‐processing system. This is a vast range of information and newer fields are being added to this category on a daily basis. It includes, as a short, indicative list: email and text messaging, any form of digital input, including keyboards, mouse interactions and touch screens, GPS location data, data from daily home appliances (Internet of Things), etc. All of this data can be tracked and tagged to users as well as be aggregated to form a larger picture, massively increasing the scope of what may constitute the ‘data’ in big data.</p>
<p style="text-align: justify;">Some indicative uses of how such born digital data is catalogued by technological solutions on the user side, prior to being sent for collection/storage are:</p>
<p style="text-align: justify;">a.) Cookies - There are small, often just text, files that are left on user devices by websites in order to that visit, task or action (for example, logging into an email account) with a subsequent event.<a name="_ftnref5" href="#_ftn5"><sup><sup>[5]</sup></sup></a> (for example, revisiting the website)</p>
<p style="text-align: justify;">b.) Website Analytics<a name="_ftnref6" href="#_ftn6"><sup><sup>[6]</sup></sup></a> - Various services, such as Google Analytics, Piwik, etc., can use JavaScript and other web development languages to record a very detailed, intimate track of a user's actions on a website, including how long a user hovers above a link, the time spent on the website/application and in some cases, even the time spent specific aspects of the page.</p>
<p style="text-align: justify;">c.) GPS<a name="_ftnref7" href="#_ftn7"><sup><sup>[7]</sup></sup></a> - With the almost pervasive usage of smartphones with basic location capabilities, GPS sensors on these devices are used to provide regular, minute driven updates to applications, operating systems and even third parties about the user's location. Modern variations such as A-GPS can be used to provide basic positioning information even without satellite coverage, vastly expanding the indoor capabilities of location collection.</p>
<p style="text-align: justify;">All of these instances of sensing born digital data are common terms, used in daily parlance by billions of people from all over the world, which is a symbolic of just how deeply they have pervaded into our daily lifestyle. Apart from privacy & security concerns this in turn also leads to an exponential increase in the data available to collect for any interested party.</p>
<h3 style="text-align: justify;">Sensor Data</h3>
<p style="text-align: justify;">Information is said to be “analogue” when it contains characteristics of the physical world, such as images, video, heartbeats, etc. Such information becomes electronic when processed by a “sensor,” a device that can record physical phenomena and convert it into digital information. Some examples to better illustrate information that is born analogue but collected via digital means are:</p>
<p style="text-align: justify;">a.) Voice and/or video content on devices - Apart from phone calls and other forms communication, video and voice based interactions have started to regularly be captured to provide enhanced services. These include Google Now<a name="_ftnref8" href="#_ftn8"><sup><sup>[8]</sup></sup></a>, Cortana<a name="_ftnref9" href="#_ftn9"><sup><sup>[9]</sup></sup></a> and other digital assistants as well as voice guided navigation systems in cars, etc.</p>
<p style="text-align: justify;">b.) Personal health data such as heartbeats, blood pressure, respiration, velocity, etc. - This personal, potentially very powerful information is collected by dedicated sensors on devices such as Fitbit<a name="_ftnref10" href="#_ftn10"><sup><sup>[10]</sup></sup></a>, Mi Band<a name="_ftnref11" href="#_ftn11"><sup><sup>[11]</sup></sup></a>, etc. as well as by increasingly sophisticated smartphone applications such as Google Fit that can do so without any special device.</p>
<p style="text-align: justify;">c.) Camera on Home Appliances - Cameras and sensors on devices such as video game consoles (Kinect<a name="_ftnref12" href="#_ftn12"><sup><sup>[12]</sup></sup></a> being a relevant example) can record detailed human interactions, which can be mined for vast amounts of information apart from carrying out the basic interactions with the devices itself.</p>
<p style="text-align: justify;">While not as vast a category as born digital data, the increasingly lower costs of technology and ubiquitous usage of digital, networked devices is leading to information that was traditionally analogue in nature to be captured for use at a rapidly increasing rate.</p>
<h2 style="text-align: justify;">Data Collection & Storage</h2>
<p style="text-align: justify;">Traditional data was normally processed using the Extract, Transform, Load (ETL) methodology, which was used to collect the data from outside sources, modify the data to fit needs, and then upload the data into the data storage system for future use.<a name="_ftnref13" href="#_ftn13"><sup><sup>[13]</sup></sup></a> Technology such as spreadsheets, RDBMS databases, Structured Query Languages (SQL), etc. were all initially used to carry out these tasks, more often than not manually. <a name="_ftnref14" href="#_ftn14"><sup><sup>[14]</sup></sup></a></p>
<p style="text-align: justify;">However, for big data, the methodology traditionally followed is both inefficient and insufficient to meet the demands of modern use. Therefore, the Magnetic, Agile, Deep (MAD) process is used to collect and store data<a name="_ftnref15" href="#_ftn15"><sup><sup>[15]</sup></sup></a><a name="_ftnref16" href="#_ftn16"><sup><sup>[16]</sup></sup></a>. The needs and benefits of such a system are: attracting all the data sources regardless of their quality (magnetic), logical and physical contents of storage systems adapting to the rapid data evolution in big data (agile) and complex algorithmic statistical analysis required of big data on a very short notice<a name="_ftnref17" href="#_ftn17"><sup><sup>[17]</sup></sup></a>. (deep)</p>
<p style="text-align: justify;">The technology used to perform data storage using the MAD process requires vast amount of processing power, which is very difficult to create in a single, physical space/unit for nonstate or research entities, who cannot afford supercomputers. Therefore, most solutions used in big data rely on two major components to store data: distributed systems and Massive Parallel Processing<a name="_ftnref18" href="#_ftn18"><sup><sup>[18]</sup></sup></a> (MPP) that run on non-relational (in-memory) database systems. Database performance and reliability is traditionally gauged using pure performance metrics (FLOPS per second, etc.) as well as the Atomicity, consistency, isolation, durability (ACID) criteria.<a name="_ftnref19" href="#_ftn19"><sup><sup>[19]</sup></sup></a> The most commonly used database systems for big data applications are given below. The specific operational qualities and performance of each of these databases is beyond the scope of this review but the common criteria that makes them well suited for big data storage have been delineated below.</p>
<h3 style="text-align: justify;">Non-relational databases</h3>
<p style="text-align: justify;">Databases traditionally used to be structured entities that operated solely on the ability to correlate information stored in them using explicitly defined relationships. Even prior to the advent of big data, this outlook was turning out to be a limiting factor in how large amounts of stored information could be leveraged, this led to the evolution of non relational database systems. Before going into them in detail, a basic primer on their data transfer protocols will be helpful in understanding their operation.</p>
<p style="text-align: justify;">A protocol is a model that structures instructions in a particular manner so that it can be reproduced from one system to another<a name="_ftnref20" href="#_ftn20"><sup><sup>[20]</sup></sup></a><a name="_ftnref21" href="#_ftn21"><sup><sup>[21]</sup></sup></a>. The protocols which govern technology in the case of big data have gone through many stages of evolution, starting off with simple HTML based systems<a name="_ftnref22" href="#_ftn22"><sup><sup>[22]</sup></sup></a>, which then evolved to XML driven SOAP systems<a name="_ftnref23" href="#_ftn23"><sup><sup>[23]</sup></sup></a>, which led to JavaScript Object Notation, or JSON<a name="_ftnref24" href="#_ftn24"><sup><sup>[24]</sup></sup></a>, the currently used form for in most big database systems. JSON is an open format used to transfer data objects, using human-readable text and is the basis for most of the commonly used non-relational database management systems. Examples of Non-relational databases also known as NoSQL databases, include MongoDB<a name="_ftnref25" href="#_ftn25"><sup><sup>[25]</sup></sup></a>, Couchbase<a name="_ftnref26" href="#_ftn26"><sup><sup>[26]</sup></sup></a>, etc. They were developed for both managing as well as storing unstructured data. They aim for scaling, flexibility, and simplified development. Such databases rather focus on the high-performance scalable data storage, and allow tasks to be written in the application layer instead of databases specific languages, allowing for greater interoperability.<a name="_ftnref27" href="#_ftn27"><sup><sup>[27]</sup></sup></a></p>
<h3 style="text-align: justify;">In-Memory Databases</h3>
<p style="text-align: justify;">In order to overcome performance limitation of traditional database systems, some modern databases now use in-memory databases. These systems manage the data in the RAM memory of the server, thus eliminating storage disk input/output. This allows for almost realtime responses from the database, in comparisons to minutes or hours required on traditional database systems. This improvement in the performance is so massive that, entirely new applications are being developed for using IMDB systems.<a name="_ftnref28" href="#_ftn28"><sup><sup>[28]</sup></sup></a> These IMDB systems are also being used for advanced analytics on big data, especially to increase the access speed to data and increase the scoring rate of analytic models for analysis.<a name="_ftnref29" href="#_ftn29"><sup><sup>[29]</sup></sup></a> Examples of IMDB include VoltDB<a name="_ftnref30" href="#_ftn30"><sup><sup>[30]</sup></sup></a>, NuoDB<a name="_ftnref31" href="#_ftn31"><sup><sup>[31]</sup></sup></a>, SolidDB<a name="_ftnref32" href="#_ftn32"><sup><sup>[32]</sup></sup></a> and Apache Spark<a name="_ftnref33" href="#_ftn33"><sup><sup>[33]</sup></sup></a>.</p>
<h2 style="text-align: justify;">Hybrid Systems</h2>
<p style="text-align: justify;">These are the two major systems used to store data prior to it being processed or analysed in a big data application. However, the divide between data storage and data management is a slim one and most database systems also contain various unique attributes that cater them to specific kinds of analysis. (as can be seen from the IMDB example above) One example of a very commonly used Hybrid system that deals with storage as well as awareness of the data is Apache Hadoop<sup>33</sup>, which is detailed below.</p>
<h2 style="text-align: justify;">Apache Hadoop</h2>
<p style="text-align: justify;">Hadoop consists of two main components: the HDFS for the big data storage, and MapReduce for big data analytics, each of which will be detailed in their respective section.</p>
<ol style="text-align: justify;">
<li>The HDFS<a name="_ftnref34" href="#_ftn34"><sup><sup>[34]</sup></sup></a><a name="_ftnref35" href="#_ftn35"><sup><sup>[35]</sup></sup></a> storage function in Hadoop provides a reliable distributed file system, stored across multiple systems for processing & redundancy reasons. The file system is optimized for large files, as single files are split into blocks and spread across systems known as cluster nodes.<a name="_ftnref36" href="#_ftn36"><sup><sup>[36]</sup></sup></a> Additionally, the data is protected among the nodes by a replication mechanism, which ensures availability even if any node fails. Further, there are two types of nodes: Data Nodes and Name Nodes.<a name="_ftnref37" href="#_ftn37"><sup><sup>[37]</sup></sup></a> Data is stored in the form of file blocks across the multiple Data Nodes while the Name Node acts as an intermediary between the client and the Data Node, where it directs the requesting client to the particular Data Node which contains the requested data.</li></ol>
<p style="text-align: justify;">This operating structure for storing data also has various variations within Hadoop such as HBase for key/value pair type queries (a NoSQL based system), Hive for relational type queries, etc. Hadoop’s redundancy, speed, ability to run on commodity hardware, industry support and rapid pace of development have led to it being almost co-equivalently associated with big data.<a name="_ftnref38" href="#_ftn38"><sup><sup>[38]</sup></sup></a></p>
<h2 style="text-align: justify;">Data Awareness</h2>
<p style="text-align: justify;">Data Awareness, in the context of big data, is the task of creating a scheme of relationships within a set of data, to allow different users of the data to determine a fluid yet valid context and utilise it for their desired tasks.<a name="_ftnref39" href="#_ftn39"><sup><sup>[39]</sup></sup></a> It is a relatively new field, in which most of the work is currently being done on semantic structures to allow data to gain context in an interoperable format, in contrast to the current system where data is given context using unique, model specific constructs.<a name="_ftnref40" href="#_ftn40"><sup><sup>[40]</sup></sup></a> (such as XML Schemes, etc.)</p>
<p style="text-align: justify;">Some of the original work on this field was carried out in the form of utilising the Resource Description Framework (RDF), which was built primarily to allow describing of data in a portable manner, especially being agnostic towards platforms and systems for Semantic Web at the W3C. SPARQL is the language used to implement RDF based designs but both largely remain underutilised in both the public domain as well as big data. Authors such as Kurt</p>
<p style="text-align: justify;">Cagle<a name="_ftnref41" href="#_ftn41"><sup><sup>[41]</sup></sup></a> and Bob DuCharme<a name="_ftnref42" href="#_ftn42"><sup><sup>[42]</sup></sup></a> predict its explosion in the next couple of years. Companies have also started realising the value of interoperable context, with Oracle Spatial<a name="_ftnref43" href="#_ftn43"><sup><sup>[43]</sup></sup></a> and IBM’s DB2<a name="_ftnref44" href="#_ftn44"><sup><sup>[44]</sup></sup></a> already including RDF and SPARQL support in the past 3 years.</p>
<p style="text-align: justify;">While underutilised, the rapid developments taking place in the field will make the impact that data awareness may have on big data as big as Hadoop and maybe even SQL. Some aspects of it are already beginning to be used in Artificial Intelligence, Natural Language Processing, etc. with tremendous scope for development.<a name="_ftnref45" href="#_ftn45"><sup><sup>[45]</sup></sup></a></p>
<h2 style="text-align: justify;">Data Processing & Analytics</h2>
<p style="text-align: justify;">Data Processing largely has three primary goals: a. determines if the data collected is internally consistent; b. make the data meaningful to other systems or users using either metaphors or analogy they can understand; and (what many consider most importantly) provide predictions about future events and behaviours based upon past data and trends.<a name="_ftnref46" href="#_ftn46"><sup><sup>[46]</sup></sup></a></p>
<p style="text-align: justify;">Being a very vast field with rapidly changing technologies governing its operation, this section will largely concentrate on the most commonly used technologies in data analytics.</p>
<p style="text-align: justify;">Data analytics requires four primary conditions to be met in order to carry out effective processing: fast, data loading, fast query processing, efficient utilisation of storage and adaptivity to dynamic workload patterns. The analytical model most commonly associated with meeting this criteria and with big data in general is MapReduce, detailed below. There are other, more niche models and algorithms (such as Project Voldemort<a name="_ftnref47" href="#_ftn47"><sup><sup>[47]</sup></sup></a> used by LinkedIn), which are used in big data but they are beyond the scope of the review, and more information about them can be read at article linked in the previous citation. (Reference architecture and classification of technologies, products and services for big data system)</p>
<h2 style="text-align: justify;">MapReduce</h2>
<p style="text-align: justify;">MapReduce is a generic parallel programming concept, derived from the “Map” and “Reduce” of functional programming languages, which makes it particularly suited for big data operations. It is at the core of Hadoop<a name="_ftnref48" href="#_ftn48"><sup><sup>[48]</sup></sup></a>, and performs the data processing and analytics functions in other big data systems as well.<a name="_ftnref49" href="#_ftn49"><sup><sup>[49]</sup></sup></a> The fundamental premise of MapReduce is scaling out rather than scaling up, i.e., (adding more numerical resources, rather than increasing the power of a single system)<a name="_ftnref50" href="#_ftn50"><sup><sup>[50]</sup></sup></a></p>
<p style="text-align: justify;">MapReduce operates by breaking a task down into steps and executing the steps in parallel, across many systems. This comes with two advantages, a reduction in the time needed to finish the task and also a decrease in the amount of resources one has to expend to perform the task, in both power and energy. This model makes it ideally suited for the large data sets and quick response times required of big data operations generally.</p>
<p style="text-align: justify;">The first step of a MapReduce job is to correlate the input values to a set of keys/value pairs as output. The “Map” function then partitions the processing tasks into smaller tasks, and assigns them to the appropriate key/value pairs.<a name="_ftnref51" href="#_ftn51"><sup><sup>[51]</sup></sup></a> This allows unstructured data, such as plain text, to be mapped to a structured key/value pair. As an example, the key could be the punctuation in a sentence and the value of the pair could be the number of occurrences of the punctuation overall. This output of the Map function is then passed on “Reduce” function.<a name="_ftnref52" href="#_ftn52"><sup><sup>[52]</sup></sup></a> Reduce then collects and combines this output, using identical key/value pairs, to provide the final result of the task.<a name="_ftnref53" href="#_ftn53"><sup><sup>[53]</sup></sup></a> These steps are carried using the Job Tracker & Task Tracker in Hadoop but different systems have different methodologies to carry out similar tasks.</p>
<h2 style="text-align: justify;">Data Governance</h2>
<p style="text-align: justify;">Data Governance is the act of managing raw big data as well as the processed information that arises from big data in order to meet legal, regulatory and business imposed requirements. While there is no standardized format for data governance, there have been increasing call with various sectors (especially healthcare) to create such a format to ensure reliable, secure and consistent big data utilisation across the board. The following tactics and techniques have been utilised or suggested for data governance, with varying degrees of success:</p>
<ol style="text-align: justify;">
<li><strong>Zero-knowledge systems</strong>: This technological proposal maintains secrecy with respect to the low-level data while allowing encrypted data to be examined for certain higherlevel abstractions.<a name="_ftnref54" href="#_ftn54"><sup><sup>[54]</sup></sup></a> For the system to be zero-knowledge, the client’s system will have to encrypt the data and send it to the storage provider. Due to this, the provider stores the data in the encrypted format and cannot decipher the same unless he/she is in possession of the key which will decrypt the data into plaintext. This allows the individual to store his data with a storage provider while also maintaining anonymity of the details contained in such information. However, these are currently just beginning to be used in simple situations. As of now, they are not expandable to unstructured and complex cases and have to be developed marginally before they can be used for research and data mining purposes.</li>
<li><strong>Homomorphic encryption</strong>: Homomorphic encryption is a privacy preserving technique which performs searches and other computations over data that is encrypted while also protecting the individual’s privacy.<a name="_ftnref55" href="#_ftn55"><sup><sup>[55]</sup></sup></a> This technique has however been considered to be impractical and is deemed to be an unlikely policy alternative for near future purposes in the context of preserving privacy in the age of big data.<a name="_ftnref56" href="#_ftn56"><sup><sup>[56]</sup></sup></a></li>
<li><strong>Multi-party computation</strong>: In this technique, computation is done on encrypted distributed data stores.<a name="_ftnref57" href="#_ftn57"><sup><sup>[57]</sup></sup></a> This mechanism is closely related to homomorphic encryption where individual data is kept private using encryption algorithms called “collusion-robust” while the same is used to calculate statistics.<a name="_ftnref58" href="#_ftn58"><sup><sup>[58]</sup></sup></a> The parties involved are aware of some private data and each of them use a protocol which produces results based on the information they are aware of and the information they are not aware of, without revealing the data they are not already aware of.<a name="_ftnref59" href="#_ftn59"><sup><sup>[59]</sup></sup></a> Multi-party computations thus help in generating useful data for statistical and research purposes without compromising the privacy of the individuals.</li></ol>
<ol style="text-align: justify;">
<li><strong>Differential Privacy</strong>: Although this technological development is related to encryption, it follows a different technique. Differential privacy aims at maximizing the precision of computations and database queries while reducing the identifiability of the data owners who have records in the database, usually through obfuscation of query results.<a name="_ftnref60" href="#_ftn60"><sup><sup>[60]</sup></sup></a> This is widely applied today in the existence of big data in order to ensure preservation of privacy while trying to reap the benefits of large scale data collection.<a name="_ftnref61" href="#_ftn61"><sup><sup>[61]</sup></sup></a></li>
<li><strong>Searchable encryption</strong>: Through this mechanism, the data subject can make certain data searchable while minimizing exposure and maximizing privacy.<a name="_ftnref62" href="#_ftn62"><sup><sup>[62]</sup></sup></a> The data owner can make his information available through search engines by providing the data in an encrypted format but by adding tags consisting of certain keywords which can be deciphered by the search engine. This encrypted data shows up in the search results when searched with these particular keywords but can only be read when the person is in possession of the key which is required for decrypting the information.</li></ol>
<p style="text-align: justify;">This technique of encryption provides maximum security to the individual’s data and preserves privacy to the greatest possible extent.</p>
<ol style="text-align: justify;">
<li><strong>K-anonymity</strong>: The property of k-anonymity is being applied in the present day in order to preserve privacy and avoid re-identification.<a name="_ftnref63" href="#_ftn63"><sup><sup>[63]</sup></sup></a> A certain data set is said to possess the property of k-anonymity if individual specific data can be released and used for various purposes without re-identification. The analysis of the data should be carried out without attributing the data to the individual to whom it belongs and should give scientific guarantees for the same.</li>
<li><strong>Identity Management Systems</strong>: These systems enable the individuals to establish and safeguard their identities, explain those identities with the help of attributes, follow the activity of their identities and also delete their identities if they wish to.<a name="_ftnref64" href="#_ftn64"><sup><sup>[64]</sup></sup></a> It uses cryptographic schemes and protocols to make anonymous or pseudonymous the identities and credentials of the individuals before analysing the data.</li>
<li><strong>Privacy Preserving Data Publishing</strong>: This is a method in which the analysts are provided with the individual’s personal information with the ability to decipher particular information from the database while preventing the inference of certain other information which might lead to a breach of privacy.<a name="_ftnref65" href="#_ftn65"><sup><sup>[65]</sup></sup></a> Data which is essential for the analysis will be provided for processing while sensitive data will not be disclosed. This tool primarily focuses on microdata.</li>
<li><strong>Privacy Preserving Data Mining</strong>: This mechanism uses perturbation methods and randomization along with cryptography in order to permit data mining on a filtered version of the data which does not contain any form of sensitive information. PPDM focuses on data mining results unlike PPDP.<a name="_ftnref66" href="#_ftn66"><sup><sup>[66]</sup></sup></a> </li></ol>
<h2 style="text-align: justify;">Conclusion</h2>
<p style="text-align: justify;">Studying the technology surrounding big data has led to two major observations: the rapid pace of development in the industry and the stark lack of industry standards or government regulations directed towards big data technologies. These observations have been the primary motivating factor for framing further research in the field. Understanding how to deal with big data technologically, rather than just the potential regulation of possible harms after the technological processes have been performed might be critical for the human rights dialogue as these processes become even more extensive, opaque and technologically complicated.</p>
<hr style="text-align: justify;" />
<p style="text-align: justify;"><a name="_ftn1" href="#_ftnref1">[1]</a> EMC: Data Science and Big Data Analytics. In: EMC Education Services, pp. 1–508 (2012)</p>
<p style="text-align: justify;"><a name="_ftn2" href="#_ftnref2">[2]</a> Bakshi, K.: Considerations for Big Data: Architecture and Approaches. In: Proceedings of the IEEE Aerospace Conference, pp. 1–7 (2012)</p>
<p style="text-align: justify;"><a name="_ftn3" href="#_ftnref3">[3]</a> Adams, M.N.: Perspectives on Data Mining. International Journal of Market Research 52(1), 11–19 (2010) <sup>4</sup> Elgendy, N.: Big Data Analytics in Support of the Decision Making Process. MSc Thesis, German University in Cairo, p. 164 (2013)</p>
<p style="text-align: justify;"><a name="_ftn4" href="#_ftnref4">[4]</a> Big Data and Privacy: A Technological Perspective - President’s Council of Advisors on Science and</p>
<p style="text-align: justify;">Technology (May 2014)</p>
<p style="text-align: justify;"><a name="_ftn5" href="#_ftnref5">[5]</a> Chen, Hsinchun, Roger HL Chiang, and Veda C. Storey. "Business Intelligence and Analytics: From Big Data to Big Impact." MIS quarterly 36.4 (2012): 1165-1188.</p>
<p style="text-align: justify;"><a name="_ftn6" href="#_ftnref6">[6]</a> Chandramouli, Badrish, Jonathan Goldstein, and Songyun Duan. "Temporal analytics on big data for web advertising." 2012 IEEE 28th international conference on data engineering. IEEE, 2012.</p>
<p style="text-align: justify;"><a name="_ftn7" href="#_ftnref7">[7]</a> Laurila, Juha K., et al. "The mobile data challenge: Big data for mobile computing research." Pervasive Computing. No. EPFL-CONF-192489. 2012.</p>
<p style="text-align: justify;"><a name="_ftn8" href="#_ftnref8">[8]</a> Lazer, David, et al. "The parable of Google flu: traps in big data analysis." <em>Science</em> 343.6176 (2014): 12031205.</p>
<p style="text-align: justify;"><a name="_ftn9" href="#_ftnref9">[9]</a> <em>ibid</em></p>
<p style="text-align: justify;"><a name="_ftn10" href="#_ftnref10">[10]</a> Banaee, Hadi, Mobyen Uddin Ahmed, and Amy Loutfi. "Data mining for wearable sensors in health monitoring systems: a review of recent trends and challenges." <em>Sensors</em> 13.12 (2013): 17472-17500.</p>
<p style="text-align: justify;"><a name="_ftn11" href="#_ftnref11">[11]</a> <em>ibid</em></p>
<p style="text-align: justify;"><a name="_ftn12" href="#_ftnref12">[12]</a> Chung, Eric S., John D. Davis, and Jaewon Lee. "Linqits: Big data on little clients." <em>ACM SIGARCH Computer Architecture News</em>. Vol. 41. No. 3. ACM, 2013.</p>
<p style="text-align: justify;"><a name="_ftn13" href="#_ftnref13">[13]</a> Kornelson, Kevin Paul, et al. "Method and system for developing extract transform load systems for data warehouses." U.S. Patent No. 7,139,779. 21 Nov. 2006.</p>
<p style="text-align: justify;"><a name="_ftn14" href="#_ftnref14">[14]</a> Henry, Scott, et al. "Engineering trade study: extract, transform, load tools for data migration." <em>2005 IEEE Design Symposium, Systems and Information Engineering</em>. IEEE, 2005.</p>
<p style="text-align: justify;"><a name="_ftn15" href="#_ftnref15">[15]</a> Cohen, Jeffrey, et al. "MAD skills: new analysis practices for big data." <em>Proceedings of the VLDB Endowment</em></p>
<p style="text-align: justify;"><a name="_ftn16" href="#_ftnref16">[16]</a> .2 (2009): 1481-1492.</p>
<p style="text-align: justify;"><a name="_ftn17" href="#_ftnref17">[17]</a> Elgendy, Nada, and Ahmed Elragal. "Big data analytics: a literature review paper." <em>Industrial Conference on Data Mining</em>. Springer International Publishing, 2014.</p>
<p style="text-align: justify;"><a name="_ftn18" href="#_ftnref18">[18]</a> Wu, Xindong, et al. "Data mining with big data." <em>IEEE transactions on knowledge and data engineering</em> 26.1 (2014): 97-107.</p>
<p style="text-align: justify;"><a name="_ftn19" href="#_ftnref19">[19]</a> Supra Note 17</p>
<p style="text-align: justify;"><a name="_ftn20" href="#_ftnref20">[20]</a> Hu, Han, et al. "Toward scalable systems for big data analytics: A technology tutorial." <em>IEEE Access</em> 2 (2014):</p>
<p style="text-align: justify;"><a name="_ftn21" href="#_ftnref21">[21]</a> -687.</p>
<p style="text-align: justify;"><a name="_ftn22" href="#_ftnref22">[22]</a> Kurt Cagle, Understanding the Big Data Lifecycle - LinkedIn Pulse (2015)</p>
<p style="text-align: justify;"><a name="_ftn23" href="#_ftnref23">[23]</a> Coyle, Frank P. <em>XML, Web services, and the data revolution</em>. Addison-Wesley Longman Publishing Co., Inc., 2002.</p>
<p style="text-align: justify;"><a name="_ftn24" href="#_ftnref24">[24]</a> Pautasso, Cesare, Olaf Zimmermann, and Frank Leymann. "Restful web services vs. big'web services: making the right architectural decision." <em>Proceedings of the 17th international conference on World Wide Web</em>. ACM, 2008.</p>
<p style="text-align: justify;"><a name="_ftn25" href="#_ftnref25">[25]</a> Banker, Kyle. <em>MongoDB in action</em>. Manning Publications Co., 2011</p>
<p style="text-align: justify;"><a name="_ftn26" href="#_ftnref26">[26]</a> McCreary, Dan, and Ann Kelly. "Making sense of NoSQL." <em>Shelter Island: Manning</em> (2014): 19-20.</p>
<p style="text-align: justify;"><a name="_ftn27" href="#_ftnref27">[27]</a> <em>ibid</em></p>
<p style="text-align: justify;"><a name="_ftn28" href="#_ftnref28">[28]</a> Zhang, Hao, et al. "In-memory big data management and processing: A survey." <em>IEEE Transactions on Knowledge and Data Engineering</em> 27.7 (2015): 1920-1948.</p>
<p style="text-align: justify;"><a name="_ftn29" href="#_ftnref29">[29]</a> <em>ibid</em></p>
<p style="text-align: justify;"><a name="_ftn30" href="#_ftnref30">[30]</a> <em>ibid</em></p>
<p style="text-align: justify;"><a name="_ftn31" href="#_ftnref31">[31]</a> Supra Note 20</p>
<p style="text-align: justify;"><a name="_ftn32" href="#_ftnref32">[32]</a> Ballard, Chuck, et al. <em>IBM solidDB: Delivering Data with Extreme Speed</em>. IBM Redbooks, 2011.</p>
<p style="text-align: justify;"><a name="_ftn33" href="#_ftnref33">[33]</a> Shanahan, James G., and Laing Dai. "Large scale distributed data science using apache spark." <em>Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining</em>. ACM, 2015. <sup>33</sup> Shvachko, Konstantin, et al. "The hadoop distributed file system." <em>2010 IEEE 26th symposium on mass storage systems and technologies (MSST)</em>. IEEE, 2010.</p>
<p style="text-align: justify;"><a name="_ftn34" href="#_ftnref34">[34]</a> Borthakur, Dhruba. "The hadoop distributed file system: Architecture and design." <em>Hadoop Project Website</em></p>
<p style="text-align: justify;"><a name="_ftn35" href="#_ftnref35">[35]</a> .2007 (2007): 21.</p>
<p style="text-align: justify;"><a name="_ftn36" href="#_ftnref36">[36]</a> <em>ibid</em></p>
<p style="text-align: justify;"><a name="_ftn37" href="#_ftnref37">[37]</a> <em>ibid</em></p>
<p style="text-align: justify;"><a name="_ftn38" href="#_ftnref38">[38]</a> Zikopoulos, Paul, and Chris Eaton. <em>Understanding big data: Analytics for enterprise class hadoop and streaming data</em>. McGraw-Hill Osborne Media, 2011.</p>
<p style="text-align: justify;"><a name="_ftn39" href="#_ftnref39">[39]</a> Bizer, Christian, et al. "The meaningful use of big data: four perspectives--four challenges." <em>ACM SIGMOD Record</em> 40.4 (2012): 56-60.</p>
<p style="text-align: justify;"><a name="_ftn40" href="#_ftnref40">[40]</a> Kaisler, Stephen, et al. "Big data: issues and challenges moving forward." <em>System Sciences (HICSS), 2013 46th Hawaii International Conference on</em>. IEEE, 2013.</p>
<p style="text-align: justify;"><a name="_ftn41" href="#_ftnref41">[41]</a> Supra Note 21</p>
<p style="text-align: justify;"><a name="_ftn42" href="#_ftnref42">[42]</a> DuCharme, Bob. "What Do RDF and SPARQL bring to Big Data Projects?." <em>Big Data</em> 1.1 (2013): 38-41.</p>
<p style="text-align: justify;"><a name="_ftn43" href="#_ftnref43">[43]</a> Zhong, Yunqin, et al. "Towards parallel spatial query processing for big spatial data." <em>Parallel and </em></p>
<p style="text-align: justify;"><em>Distributed Processing Symposium Workshops & PhD Forum (IPDPSW), 2012 IEEE 26th International</em>. IEEE, 2012.</p>
<p style="text-align: justify;"><a name="_ftn44" href="#_ftnref44">[44]</a> Ma, Li, et al. "Effective and efficient semantic web data management over DB2." <em>Proceedings of the 2008 ACM SIGMOD international conference on Management of data</em>. ACM, 2008.</p>
<p style="text-align: justify;"><a name="_ftn45" href="#_ftnref45">[45]</a> Lohr, Steve. "The age of big data." <em>New York Times</em> 11 (2012).</p>
<p style="text-align: justify;"><a name="_ftn46" href="#_ftnref46">[46]</a> Pääkkönen, Pekka, and Daniel Pakkala. "Reference architecture and classification of technologies, products and services for big data systems." <em>Big Data Research</em> 2.4 (2015): 166-186.</p>
<p style="text-align: justify;"><a name="_ftn47" href="#_ftnref47">[47]</a> Sumbaly, Roshan, et al. "Serving large-scale batch computed data with project voldemort." <em>Proceedings of the 10th USENIX conference on File and Storage Technologies</em>. USENIX Association, 2012.</p>
<p style="text-align: justify;"><a name="_ftn48" href="#_ftnref48">[48]</a> Bar-Sinai, Michael. "Big Data Technology Literature Review." <em>arXiv preprint arXiv:1506.08978</em> (2015).</p>
<p style="text-align: justify;"><a name="_ftn49" href="#_ftnref49">[49]</a> ibid</p>
<p style="text-align: justify;"><a name="_ftn50" href="#_ftnref50">[50]</a> Condie, Tyson, et al. "MapReduce Online." <em>Nsdi</em>. Vol. 10. No. 4. 2010.</p>
<p style="text-align: justify;"><a name="_ftn51" href="#_ftnref51">[51]</a> Supra Note 47</p>
<p style="text-align: justify;"><a name="_ftn52" href="#_ftnref52">[52]</a> Dean, Jeffrey, and Sanjay Ghemawat. "MapReduce: a flexible data processing tool." <em>Communications of the ACM</em> 53.1 (2010): 72-77.</p>
<p style="text-align: justify;"><a name="_ftn53" href="#_ftnref53">[53]</a> ibid</p>
<p style="text-align: justify;"><a name="_ftn54" href="#_ftnref54">[54]</a> Big Data and Privacy: A Technological Perspective, White House,</p>
<p style="text-align: justify;">https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy__may_2014</p>
<p style="text-align: justify;"><a name="_ftn55" href="#_ftnref55">[55]</a> Tene, Omer, and Jules Polonetsky. "Big data for all: Privacy and user control in the age of analytics." <em>Nw. J. Tech. & Intell. Prop.</em> 11 (2012): xxvii.</p>
<p style="text-align: justify;"><a name="_ftn56" href="#_ftnref56">[56]</a> Big Data and Privacy: A Technological Perspective, White House,</p>
<p style="text-align: justify;">https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy__may_2014</p>
<p style="text-align: justify;"><a name="_ftn57" href="#_ftnref57">[57]</a> Privacy by design in big data, ENISA</p>
<p style="text-align: justify;"><a name="_ftn58" href="#_ftnref58">[58]</a> Big Data and Privacy: A Technological Perspective, White House,</p>
<p style="text-align: justify;">https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy__may_2014</p>
<p style="text-align: justify;"><a name="_ftn59" href="#_ftnref59">[59]</a> Id</p>
<p style="text-align: justify;"><a name="_ftn60" href="#_ftnref60">[60]</a> Id</p>
<p style="text-align: justify;"><a name="_ftn61" href="#_ftnref61">[61]</a> Tene, Omer, and Jules Polonetsky. "Privacy in the age of big data: a time for big decisions." <em>Stanford Law Review Online</em> 64 (2012): 63.</p>
<p style="text-align: justify;"><a name="_ftn62" href="#_ftnref62">[62]</a> Lane, Julia, et al., eds. <em>Privacy, big data, and the public good: Frameworks for engagement</em>. Cambridge University Press, 2014.</p>
<p style="text-align: justify;"><a name="_ftn63" href="#_ftnref63">[63]</a> Crawford, Kate, and Jason Schultz. "Big data and due process: Toward a framework to redress predictive privacy harms." <em>BCL Rev.</em> 55 (2014): 93.</p>
<p style="text-align: justify;"><a name="_ftn64" href="#_ftnref64">[64]</a> http://homes.esat.kuleuven.be/~sguerses/papers/DanezisGuersesSurveillancePets2010.pdf</p>
<p style="text-align: justify;"><a name="_ftn65" href="#_ftnref65">[65]</a> Seda Gurses and George Danezis, A critical review of 10 years of privacy technology, August 12th 2010, http://homes.esat.kuleuven.be/~sguerses/papers/DanezisGuersesSurveillancePets2010.pdf</p>
<p style="text-align: justify;"><a name="_ftn66" href="#_ftnref66">[66]</a> Id</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/technology-behind-big-data'>https://cis-india.org/internet-governance/blog/technology-behind-big-data</a>
</p>
No publisherGeethanjali Jujjavarapu and Udbhav TiwariBig DataPrivacyInternet GovernanceFeaturedHomepage2016-12-04T09:53:43ZBlog Entry Internet Researchers' Conference 2017 (IRC17) - Selection of Sessions
https://cis-india.org/raw/irc17-selection
<b>We have a wonderful range of session proposals for the second Internet Researchers' Conference (IRC17) to take place in Bengaluru on March 03-05, 2017. From the 23 submitted session proposals, we will now select 10 to be part of the final Conference agenda. The selection will be done through votes casted by the teams that have proposed the sessions. This will take place in December 2016. Before that, we invite the session teams and other contributors to share their comments and suggestions on the submitted sessions. Please share your comments by December 14, either on session pages directly, or via email (sent to raw at cis-india dot org).</b>
<p> </p>
<p>The Internet Researchers' Conference 2017 (IRC17) will be organised by the Centre for Internet and Society (CIS) in partnership with the <a href="http://citapp.iiitb.ac.in/">Centre for Information Technology and Public Policy</a> at the International Institute of Information Technology Bangalore (IIIT-B).</p>
<hr />
<h3><strong>Proposed Sessions</strong></h3>
<h4>01. <a href="https://cis-india.github.io/irc/irc17/sessions/notfewnotweird.html" target="_blank">#NotFewNotWeird</a> (Surfatial: Malavika Rajnarayan, Prayas Abhinav, and Satya Gummuluri)</h4>
<h4>02. <a href="https://cis-india.github.io/irc/irc17/sessions/virtualfringe.html" target="_blank">#VirtualFringe</a> (Ritika Pant, Sagorika Singha, and Vibhushan Subba)</h4>
<h4>03. <a href="https://cis-india.github.io/irc/irc17/sessions/studentindicusageonline.html" target="_blank">#StudentIndicUsageOnline</a> (Shruti Nagpal and Sneha Verghese)</h4>
<h4>04. <a href="https://cis-india.github.io/irc/irc17/sessions/speakmylanguageinternet.html" target="_blank">#SpeakMyLanguageInternet</a> (Anubhuti Yadav, Sunetra Sen Narayan, Shalini Narayanan, Anand Pradhan, and Shashwati Goswami)</h4>
<h4>05. <a href="https://cis-india.github.io/irc/irc17/sessions/archivesforstorytelling.html" target="_blank">#ArchivesForStorytelling</a> (V Jayant, Venkat Srinivasan, Chaluvaraju, Bhanu Prakash, and Dinesh)</h4>
<h4>06. <a href="https://cis-india.github.io/irc/irc17/sessions/selfiesfromthefield.html" target="_blank">#SelfiesFromTheField</a> (Kavitha Narayanan, Oindrila Matilal and Onkar Hoysala)</h4>
<h4>07. <a href="https://cis-india.github.io/irc/irc17/sessions/openaccessscholarlypublishing.html" target="_blank">#OpenAccessScholarlyPublishing</a> (Nirmala Menon, Abhishek Shrivastava and Dibyaduti Roy)</h4>
<h4>08. <a href="https://cis-india.github.io/irc/irc17/sessions/digitalpedagogies.html" target="_blank">#DigitalPedagogies</a> (Nidhi Kalra, Ashutosh Potdar, and Ravikant Kisana)</h4>
<h4>09. <a href="https://cis-india.github.io/irc/irc17/sessions/digitalmusicanddigitalreactions.html" target="_blank">#DigitalMusicAndDigitalReactions</a> (Shivangi Narayan and Sarvpriya Raj)</h4>
<h4>10. <a href="https://cis-india.github.io/irc/irc17/sessions/renarrationweb.html" target="_blank">#RenarrationWeb</a> (Dinesh, Venkatesh Choppella, Srinath Srinivasa, and Deepak Prince)</h4>
<h4>11. <a href="https://cis-india.github.io/irc/irc17/sessions/indiclanguagesandinternetcohabitation.html" target="_blank">IndicLanguagesAndInternetCoHabitation</a> (Sreedhar Kallahalla, Ranjeet Kumar, Mohan Rao, and Anjali K. Mohan)</h4>
<h4>12. <a href="https://cis-india.github.io/irc/irc17/sessions/digitalpedagogy.html" target="_blank">#DigitalPedagogy</a> (Padmini Ray Murray and Dibyaduti Roy)</h4>
<h4>13. <a href="https://cis-india.github.io/irc/irc17/sessions/copyleftrightleft.html" target="_blank">#CopyLeftRightLeft</a> (Ravishankar Ayyakkannu and Srikanth Lakshmanan)</h4>
<h4>14. <a href="https://cis-india.github.io/irc/irc17/sessions/objectsofdigitalgovernance.html" target="_blank">#ObjectsofDigitalGovernance</a> (Marine Al Dahdah, Rajiv K. Mishra, Khetrimayum Monish Singh, and Sohan Prasad Sha)</h4>
<h4>15. <a href="https://cis-india.github.io/irc/irc17/sessions/materializingwriting.html" target="_blank">#MaterializingWriting</a> (Sneha Puthiya Purayil, Padmini Ray Murray, Dibyadyuti Roy, and Indrani Roy)</h4>
<h4>16. <a href="https://cis-india.github.io/irc/irc17/sessions/dotbharatadoption.html" target="_blank">#DotBharatAdoption</a> (V. Sridhar and Amit Prakash)</h4>
<h4>17. <a href="https://cis-india.github.io/irc/irc17/sessions/digitaldesires.html" target="_blank">#DigitalDesires</a> (Dhiren Borisa, Akhil Kang, and Dhrubo Jyoti)</h4>
<h4>18. <a href="https://cis-india.github.io/irc/irc17/sessions/thedigitalcommonplace.html" target="_blank">#TheDigitalCommonplace</a> (Ammel Sharon and Sujeet George)</h4>
<h4>19. <a href="https://cis-india.github.io/irc/irc17/sessions/digitalidentities.html" target="_blank">#DigitalIdentities</a> (Janaki Srinivasan, Savita Bailur, Emrys Schoemaker, Jonathan Donner, and Sarita Seshagiri)</h4>
<h4>20. <a href="https://cis-india.github.io/irc/irc17/sessions/toolstoamultitextuniverse.html" target="_blank">#ToolsToAMultitextUniverse</a> (Spandana Bhowmik and Sunanda Bose)</h4>
<h4>21. <a href="https://cis-india.github.io/irc/irc17/sessions/digitalisingknowledge.html" target="_blank">#DigitalisingKnowledge</a> (Sneha Ragavan)</h4>
<h4>22. <a href="https://cis-india.github.io/irc/irc17/sessions/ICTDethics.html" target="_blank">#ICTDEthics</a> (Bidisha Chaudhuri, Andy Dearden, Linus Kendall, Dorothea Kleine, and Janaki Srinivasan)</h4>
<h4>23. <a href="https://cis-india.github.io/irc/irc17/sessions/representationandpower.html" target="_blank">#RepresentationAndPower</a> (Bidisha Chaudhuri, Andy Dearden, Linus Kendall, Dorothea Kleine, and Janaki Srinivasan)</h4>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/raw/irc17-selection'>https://cis-india.org/raw/irc17-selection</a>
</p>
No publishersumandroInternet StudiesInternet Researcher's ConferenceResearchers at WorkFeaturedLearningIRC17Homepage2016-12-12T13:37:23ZBlog EntryBig Data in India: Benefits, Harms, and Human Rights - Workshop Report
https://cis-india.org/internet-governance/big-data-in-india-benefits-harms-and-human-rights-a-report
<b>The Centre for Internet and Society held a one-day workshop on “Big Data in India: Benefits, Harms and Human Rights” at India Habitat Centre, New Delhi on the 1st of October, 2016. This report is a compilation of the the issues discussed, ideas exchanged and challenges recognized during the workshop. The objective of the workshop was to discuss aspects of big data technologies in terms of harms, opportunities and human rights. The discussion was designed around an extensive study of current and potential future uses of big data for governance in India, that CIS has undertaken over the last year with support from the MacArthur Foundation.</b>
<p> </p>
<p><strong>Contents</strong></p>
<p><a href="#1"><strong>Big Data: Definitions and Global South Perspectives</strong></a></p>
<p><a href="#2"><strong>Aadhaar as Big Data</strong></a></p>
<p><a href="#3"><strong>Seeding</strong></a></p>
<p><a href="#4"><strong>Aadhaar and Data Security</strong></a></p>
<p><a href="#5"><strong>Aadhaar’s Relational Arrangement with Big Data Scheme</strong></a></p>
<p><a href="#6"><strong>The Myths surrounding Aadhaar</strong></a></p>
<p><a href="#7"><strong>IndiaStack and FinTech Apps</strong></a></p>
<p><a href="#8"><strong>Problems with UID</strong></a></p>
<hr />
<h2 id="1">Big Data: Definitions and Global South Perspectives</h2>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">“Big Data” has been defined by multiple scholars till date. The first consideration at the workshop was to discuss various definitions of big data, and also to understand what could be considered Big Data in terms of governance, especially in the absence of academic consensus. One of the most basic ways to define it, as given by the National Institute of Standards and Technology, USA, is to take it to be the data that is beyond the computational capacity of current systems. This definition has been accepted by the UIDAI of India. Another participant pointed out that Big Data is not only indicative of size, but rather the nature of data which is unstructured, and continuously flowing. The Gartner definition of Big Data relies on the three Vs i.e. Volume (size), Velocity (infinite number of ways in which data is being continuously collected) and Variety (the number of ways in which data can be collected in rows and columns).</p>
<p style="text-align: justify;" dir="ltr">The presentation also looked at ways in which Big Data is different from traditional data. It was pointed out that it can accommodate diverse unstructured datasets, and it is ‘relational’ i.e. it needs the presence of common field(s) across datasets which allows these fields to be conjoined. For e.g., the UID in India is being linked to many different datasets, and they don’t constitute Big Data separately, but do so together. An increasingly popular definition is to define data as “Big Data” based on what can be achieved through it. It has been described by authors as the ability to harness new kinds of insight which can inform decision making. It was pointed out that CIS does not subscribe to any particular definition, and is still in the process of coming up with a comprehensive definition of Big Data.</p>
<p style="text-align: justify;" dir="ltr">Further, discussion touched upon the approach to Big Data in the Global South. It was pointed out that most discussions about Big Data in the Global South are about the kind of value that it can have, the ways in which it can change our society. The Global North, on the other hand, has moved on to discussing the ethics and privacy issues associated with Big Data.</p>
<p style="text-align: justify;" dir="ltr">After this, the presentation focussed on case studies surrounding key Central Government initiatives and projects like Aadhaar, Predictive Policing, and Financial Technology (FinTech).</p>
<h2 id="2">Aadhaar as Big Data</h2>
<p style="text-align: justify;" dir="ltr">In presenting CIS’ case study on Aadhaar, it was pointed out that initially, Aadhaar, with its enrollment dataset was by itself being seen as Big Data. However, upon careful consideration in light of definitions discussed above, it can be seen as something that enables Big Data. The different e-governance projects within Digital India, along with Aadhaar, constitute Big Data. The case study discussed the Big Data implications of Aadhaar, and in particular looked at a ‘cradle to grave’ identity mapping through various e-government projects and the datafication of various transaction generated data.</p>
<h2 id="3">Seeding</h2>
<p style="text-align: justify;" dir="ltr">Any digital identity like Aadhaar typically has three features: 1. Identification i.e. a number or card used to identify yourself; 2. Authentication, which is based on your number or card and any other digital attributes that you might have; 3. Authorisation: As bearers of the digital identity, we can authorise the service providers to take some steps on our behalf. The case study discussed ‘seeding’ which enables the Big Data aspects of Digital India. In the process of seeding, different government databases can be seeded with the UID number using a platform called Ginger. Due to this, other databases can be connected to UIDAI, and through it, data from other databases can be queried by using your Aadhaar identity itself. This is an example of relationality, where fractured data is being brought together. At the moment, it is not clear whether this access by UIDAI means that an actual physical copy of such data from various sources will be transferred to UIDAI’s servers or if they will just access it through internet, but the data remains on the host government agency’s server. An example of even private parties becoming a part of this infrastructure was raised by a participant when it was pointed out that Reliance Jio is now asking for fingerprints. This can then be connected to the relational infrastructure being created by UIDAI. The discussion then focused on how such a structure will function, where it was mentioned that as of now, it cannot be said with certainty that UIDAI will be the agency managing this relational infrastructure in the long run, even though it is the one building it.</p>
<h2 id="4">Aadhaar and Data Security</h2>
<p style="text-align: justify;" dir="ltr">This case study also dealt with the sheer lack of data protection legislation in India except for S.43A of the IT Act. The section does not provide adequate protection as the constitutionality of the rules and regulations under S.43A is ambivalent. More importantly, it only refers to private bodies. Hence, any seeding which is being done by the government is outside the scope of data protection legislation. Thus, at the moment, no legal framework covers the processes and the structures being used for datasets. Due to the inapplicability of S.43A to public bodies, questions were raised as to the existence of a comprehensive data protection policy for government institutions. Participants answered the question in the negative. They pointed out that if any government department starts collecting data, they develop their own privacy policy. There are no set guidelines for such policies and they do not address concerns related to consent, data minimisation and purpose limitation at all. Questions were also raised about the access and control over Big Data with government institutions. A tentative answer from a participant was that such data will remain under the control of the domain specific government ministry or department, for e.g. MNREGA data with the Ministry of Rural Development, because the focus is not on data centralisation but rather on data linking. As long as such fractured data is linked and there is an agency that is responsible to link them, this data can be brought together. Such data is primarily for government agencies. But the government is opening up certain aspects of the data present with it for public consumption for research and entrepreneurial purposes.The UIDAI provides you access to your own data after paying a minimal fee. The procedure for such access is still developing.</p>
<h2 id="5">Aadhaar’s Relational Arrangement with Big Data Scheme</h2>
<p style="text-align: justify;" dir="ltr">The various Digital India schemes brought in by the government were elucidated during the workshop. It was pointed out that these schemes extend to myriad aspects of a citizen’s daily life and cover all the essential public services like health, education etc. This makes Aadhaar imperative even though the Supreme Court has observed that it is not mandatory for every citizen to have a unique identity number. The benefits of such identity mapping and the ecosystem being generated by it was also enumerated during the discourse. But the complete absence of any data ethics or data confidentiality principles make us unaware of the costs at which these benefits are being conferred on us. Apart from surveillance concerns, the knowledge gap being created between the citizens and the government was also flagged. Three main benefits touted to be provided by Aadhaar were then analysed. The first is the efficient delivery of services. This appears to be an overblown claim as the Aadhaar specific digitisation and automation does not affect the way in which employment will be provided to citizens through MNREGA or how wage payment delays will be overcome. These are administrative problems that Aadhaar and associated technologies cannot solve. The second is convenience to the citizens. The fallacies in this assertion were also brought out and identified. Before the Aadhaar scheme was rolled in, ration cards were issued based on certain exclusion and inclusion criteria.. The exclusion and inclusion criteria remain the same while another hurdle in the form of Aadhaar has been created. As India is still lacking in supporting infrastructure such as electricity, server connectivity among other things, Aadhaar is acting as a barrier rather than making it convenient for citizens to enroll in such schemes.The third benefit is fraud management. Here, a participant pointed out that this benefit was due to digitisation in the form of GPS chips in food delivery trucks and electronic payment and not the relational nature of Aadhaar. Aadhaar is only concerned with the linking up or relational part. About deduplication, it was pointed out how various government agencies have tackled it quite successfully by using technology different from biometrics which is unreliable at the best of times.</p>
<h2 id="6">The Myths surrounding Aadhaar</h2>
<p style="text-align: justify;" dir="ltr">The discussion also reflected on the fact that Aadhaar is often considered to be a panacea that subsumes all kinds of technologies to tackle leakages. However, this does not take into account the fact that leakages happen in many ways. A system should have been built to tackle those specific kinds of leakages, but the focus is solely on Aadhaar as the cure for all. Notably, participants who have been a part of the government pointed out how this myth is misleading and should instead be seen as the first step towards a more digitally enhanced country which is combining different technologies through one medium.</p>
<h2 id="7">IndiaStack and FinTech Apps</h2>
<h3 id="71">What is India Stack?</h3>
<p style="text-align: justify;" dir="ltr">The focus then shifted to another extremely important Big Data project, India Stack, being conceptualised and developed by a team of private developers called iStack, for the NPCI. It builds on the UID project, Jan Dhan Yojana and mobile services trinity to propagate and develop a cashless, presence-less, paperless and granular consent layer based on UID infrastructure to digitise India.</p>
<p style="text-align: justify;" dir="ltr">A participant pointed out that the idea of India Stack is to use UID as a platform and keep stacking things on it, such that more and more applications are developed. This in turn will help us to move from being a ‘data poor’ country to a ‘data rich’ one. The economic benefits of this data though as evidenced from the TAGUP report - a report about the creation of National Information Utilities to manage the data that is present with the government - is for the corporations and not the common man. The TAGUP report openly talks about privatisation of data.</p>
<h3 id="72">Problems with India Stack</h3>
<p style="text-align: justify;" dir="ltr">The granular consent layer of India Stack hasn’t been developed yet but they have proposed to base it on MIT Media Lab’s OpenPDS system. The idea being that, on the basis of the choices made by the concerned person, access to a person’s personal information may be granted to an agency like a bank. What is more revolutionary is that India Stack might even revoke this access if the concerned person expresses a wish to do so or the surrounding circumstances signal to India Stack that it will be prudent to do so. It should be pointed out that the the technology required for OpenPDS is extremely complex and is not available in India. Moreover, it’s not clear how this system would work. Apart from this, even the paperless layer has its faults and has been criticised by many since its inception, because an actual government signed and stamped paper has been the basis of a claim.. In the paperless system, you are provided a Digilocker in which all your papers are stored electronically, on the basis of your UID number. However, it was brought to light that this doesn’t take into account those who either do not want a Digilocker or UID number or cases where they do not have access to their digital records. How in such cases will people make claims?</p>
<h3 id="73">A Digital Post-Dated Cheque: It’s Ramifications</h3>
<p style="text-align: justify;" dir="ltr">A key change that FinTech apps and the surrounding ecosystem want to make is to create a digital post-dated cheque so as to allow individuals to get loans from their mobiles especially in remote areas. This will potentially cut out the need to construct new banks, thus reducing the capital expenditure , while at the same time allowing the credit services to grow. The direct transfer of money between UID numbers without the involvement of banks is a step to further help this ecosystem grow. Once an individual consents to such a system, however, automatic transfer of money from one’s bank accounts will be affected, regardless of the reason for payment. This is different from auto debt deductions done by banks presently, as in the present system banks have other forms of collateral as well. The automatic deduction now is only affected if these other forms are defaulted upon. There is no knowledge as to whether this consent will be reversible or irreversible. As Jan Dhan Yojana accounts are zero balance accounts, the account holder will be bled dry. The implication of schemes such as “Loan in under 8 minutes” were also discussed. The advantage of such schemes is that transaction costs are reduced.The financial institution can thus grant loans for the minimum amount without any additional enquiries. It was pointed out that this new system is based on living on future income much like the US housing bubble crash. Interestingly, in Public Distribution Systems, biometrics are insisted upon even though it disrupts the system. This can be seen as a part of the larger infrastructure to ensure that digital post-dated cheques become a success.</p>
<h3 id="74">The Role of FinTech Apps</h3>
<p style="text-align: justify;" dir="ltr">FinTech ‘apps’ are being presented with the aim of propagating financial inclusion. The Technology Advisory Group for Unique Projects report stated that as managing such information sources is a big task, just like electricity utilities, a National Information Utilities (NIU) should be set up for data sources. These NIUs as per the report will follow a fee based model where they will be charging for their services for government schemes. The report identified two key NIUs namely the National Payments Corporation of India (NPCI) and the Goods and Services Tax Network (GSTN). The key usage that FinTech applications will serve is credit scoring. The traditional credit scoring data sources only comprised a thin file of records for an individual, but the data that FinTech apps collect - a person’s UID number, mobile number. and bank account number all linked up, allow for a far more comprehensive credit rating. Government departments are willing to share this data with FinTech apps as they are getting analysis in return. Thus, by using UID and the varied data sources that have been linked together by UID, a ‘thick file’ is now being created by FinTech apps. Banking apps have not yet gone down the route of FinTech apps to utilise Big Data for credit scoring purposes.</p>
<p style="text-align: justify;" dir="ltr"> </p>
<p style="text-align: justify;" dir="ltr">The two main problems with such apps is that there is no uniform way of credit scoring. This distorts the rate at which a person has to pay interest. The consent layer adds another layer of complication as refusal to share mobile data with a FinTech app may lead to the app declaring one to be a risky investment thus, subjecting that individual to a higher rate of interest .</p>
<div style="text-align: justify;" dir="ltr"> </div>
<h3 id="75">Regulation of FinTech Apps and the UID Infrastructure</h3>
<p style="text-align: justify;" dir="ltr"> India Stack and the applications that are being built on it, generate a lot of transaction metadata that is very intimate in nature. The privacy aspects of the UID legislation doesn't cover such data. The granular consent layer which has been touted to cover this still has to come into existence. Also, Big Data is based on sharing and linking of data. Here, privacy concerns and Big Data objectives clash. Big Data by its very nature challenges privacy principles like data minimisation and purpose limitation.The need for regulation to cover the various new apps and infrastructure which are being developed was pointed out.</p>
<h2 id="8">Problems with UID</h2>
<p style="text-align: justify;" dir="ltr">It has been observed that any problem present with Aadhaar is usually labelled as a teething problem, it’s claimed that it will be solved in the next 10 years. But, this begs the question - why is the system online right now?</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Aadhaar is essentially a new data condition and a new exclusion or inclusion criteria. Data exclusion modalities as observed in Rajasthan after the introduction of biometric Point of Service (POS) machines at ration shops was found to be 45% of the population availing PDS services. This number also includes those who were excluded from the database by being included in the wrong dataset. There is no information present to tell us how many actual duplicates and how many genuine ration card holders were weeded out/excluded by POS.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">It was also mentioned that any attempt to question Aadhaar is considered to be an attempt to go back to the manual system and this binary thinking needs to change. Big Data has the potential to benefit people, as has been evidenced by the scholarship and pension portals. However, Big Data’s problems arise in systems like PDS, where there is centralised exclusion at the level of the cloud. Moreover, the quantity problem present in the PDS and MNREGA systems persists. There is still the possibility of getting lesser grains and salary even with analysis of biometrics, hence proving that there are better technologies to tackle these problems. Presently, the accountability mechanisms are being weakened as the poor don’t know where to go to for redressal. Moreover, the mechanisms to check whether the people excluded are duplicates or not is not there. At the time of UID enrollment, out of 90 crores, 9 crore were rejected. There was no feedback or follow-up mechanism to figure out why are people being rejected. It was just assumed that they might have been duplicates.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Another problem is the rolling out of software without checking for inefficiencies or problems at a beta testing phase. The control of developers over this software, is so massive that it can be changed so easily without any accountability.. The decision making components of the software are all proprietary like in the the de-duplication algorithm being used by the UIDAI. Thus, this leads to a loss of accountability because the system itself is in flux, none of it is present in public domain and there are no means to analyse it in a transparent fashion..</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">These schemes are also being pushed through due to database politics. On a field study of NPR of citizens, another Big Data scheme, it was found that you are assumed to be an alien if you did not have the documents to prove that you are a citizen. Hence, unless you fulfill certain conditions of a database, you are excluded and are not eligible for the benefits that being on the database afford you.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Why is the private sector pushing for UIDAI and the surrounding ecosystem?</p>
<p style="text-align: justify;" dir="ltr">Financial institutions stand to gain from encouraging the UID as it encourages the credit culture and reduces transaction costs.. Another advantage for the private sector is perhaps the more obvious one, that is allows for efficient marketing of products and services..</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">The above mentioned fears and challenges were actually observed on the ground and the same was shown through the medium of a case study in West Bengal on the smart meters being installed there by the state electricity utility. While the data coming in from these smart meters is being used to ensure that a more efficient system is developed,it is also being used as a surrogate for income mapping on the basis of electricity bills being paid. This helps companies profile neighbourhoods. The technical officer who first receives that data has complete control over it and he can easily misuse the data. This case study again shows that instruments like Aadhaar and India Stack are limited in their application and aren’t the panacea that they are portrayed to be.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">A participant pointed out that in the light of the above discussions, the aim appears to be to get all kinds of data, through any source, and once you have gotten the UID, you link all of this data to the UID number, and then use it in all the corporate schemes that are being started. Most of the problems associated with Big Data are being described as teething problems. The India Stack and FinTech scheme is coming in when we already know about the problems being faced by UID. The same problems will be faced by India Stack as well.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Can you opt out of the Aadhaar system and the surrounding ecosystem?</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">The discussion then turned towards whether there can be voluntary opting out from Aadhaar. It was pointed out that the government has stated that you cannot opt out of Aadhaar. Further, the privacy principles in the UIDAI bill are ambiguously worded where individuals only have recourse for basic things like correction of your personal information. The enforcement mechanism present in the UIDAI Act is also severely deficient. There is no notification procedure if a data breach occurs. . The appellate body ‘Cyber Appellate Tribunal’ has not been set up in three years.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">CCTNS: Big Data and its Predictive Uses</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">What is Predictive Policing?</p>
<p style="text-align: justify;" dir="ltr">The next big Big Data case study was on the Crime and Criminal Tracking Network & Systems (CCTNS). Originally it was supposed to be a digitisation and interconnection scheme where police records would be digitised and police stations across the length and breadth of the country would be interconnected. But, in the last few years some police departments of states like Chandigarh, Delhi and Jharkhand have mooted the idea of moving on to predictive policing techniques. It envisages the use of existing statistical and actuarial techniques along with many other tropes of data to do so. It works in four ways: 1. By predicting the place and time where crimes might occur; 2. To predict potential future offenders; 3. To create profiles of past crimes in order to predict future crimes; 4. Predicting groups of individuals who are likely to be victims of future crimes.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">How is Predictive Policing done?</p>
<p style="text-align: justify;" dir="ltr">To achieve this, the following process is followed: 1. Data collection from various sources which includes structured data like FIRs and unstructured data like call detail records, neighbourhood data, crime seasonal patterns etc. 2. Analysis by using theories like the near repeat theory, regression models on the basis of risk factors etc. 3. Intervention</p>
<div style="text-align: justify;" dir="ltr"> </div>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Flaws in Predictive Policing and questions of bias</p>
<p style="text-align: justify;" dir="ltr">An obvious weak point in the system is that if the initial data going into the system is wrong or biased, the analysis will also be wrong. Efforts are being made to detect such biases. An important way to do so will be by building data collection practices into the system that protect its accuracy. The historical data being entered into the system is carrying on the prejudices inherited from the British Raj and biases based on religion, caste, socio-economic background etc.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">One participant brought about the issue of data digitization in police stations, and the impact of this haphazard, unreliable data on a Big Data system. This coupled with paucity of data is bound to lead to arbitrary results. An effective example was that of black neighbourhoods in the USA. These are considered problematic and thus they are policed more, leading to a higher crime rate as they are arrested for doing things that white people in an affluent neighbourhood get away with. This in turn further perpetuates the crime rate and it becomes a self-fulfilling prophecy. In India, such a phenomenon might easily develop in the case of migrants, de-notified tribes, Muslims etc. A counter-view on bias and discrimination was offered here. One participant pointed out that problems with haphazard or poor quality of data is not a colossal issue as private companies are willing to fill this void and are actually doing so in exchange for access to this raw data. It was also pointed out how bias by itself is being used as an all encompassing term. There are multiplicities of biases and while analysing the data, care should be taken to keep it in mind that one person’s bias and analysis might and usually does differ from another. Even after a computer has analysed the data, the data still falls into human hands for implementation.</p>
<p style="text-align: justify;" dir="ltr">The issue of such databases being used to target particular communities on the basis of religion, race, caste, ethnicity among other parameters was raised. Questions about control and analysis of data were also discussed, i.e. whether it will be top-down with data analysis being done in state capitals or will this analysis be done at village and thana levels as well too. It was discussed as topointed out how this could play a major role in the success and possible persecutory treatment of citizens, as the policemen at both these levels will have different perceptions of what the data is saying. . It was further pointed out, that at the moment, there’s no clarity on the mode of implementation of Big Data policing systems. Police in the USA have been seen to rely on Big Data so much that they have been seen to become ‘data myopic’. For those who are on the bad side of Big Data, in the Indian context, laws like preventive detention can be heavily misused.There’s a very high chance that predictive policing due to the inherent biases in the system and the prejudices and inefficiency of the legal system will further suppress the already targeted sections of the society. A counterpoint was raised and it was suggested that contrary to our fears, CCTNS might lead to changes in our understanding and help us to overcome longstanding biases.</p>
<p style="text-align: justify;" dir="ltr">Open Knowledge Architecture as a solution to Big Data biases?</p>
<p style="text-align: justify;" dir="ltr">The conference then mulled over the use of ‘Open Knowledge’ architecture to see whether it can provide the solution to rid Big Data of its biases and inaccuracies if enough eyes are there. It was pointed out that Open Knowledge itself can’t provide foolproof protection against these biases as the people who make up the eyes themselves are predominantly male belonging to the affluent sections of the society and they themselves suffer from these biases.</p>
<p style="text-align: justify;" dir="ltr">Who exactly is Big Data supposed to serve?</p>
<p style="text-align: justify;" dir="ltr">The discussion also looked at questions such as who is this data for? Janata Information System (JIS), is a concept developed by MKSS where the data collected and generated by the government is taken to be for the common citizens. For e.g. MNREGA data should be used to serve the purposes of the labourers. The raw data as is available at the moment, usually cannot be used by the common man as it is so vast and full of information that is not useful for them at all. It was pointed out that while using Big Data for policy planning purposes, the actual string of information that turned out to be needed was very little but the task of unravelling this data for civil society purposes is humongous. By presenting the data in the right manner, the individual can be empowered. The importance of data presentation was also flagged. It was agreed upon that the content of the data should be for the labourer and not a MNC, as the MNC has the capability to utilise the raw data on it’s own regardless.</p>
<p style="text-align: justify;" dir="ltr">Concerns about Big Data usage</p>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Participants pointed out that privacy concerns are usually brushed under the table due to a belief that the law is sufficient or that the privacy battle has already been lost. </p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">In the absence of knowledge of domain and context, Big Data analysis is quite limited. Big Data’s accuracy and potential to solve problems needs to be factually backed.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">The narrative of Big Data often rests on the assumption that descriptive statistics take over inferential statistics, thus eliminating the need for domain specific knowledge. It is claimed that the data is so big that it will describe everything that we need to know.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Big Data is creating a shift from a deductive model of scientific rigour to an inductive one. In response to this, a participant offered the idea that troves of good data allow us to make informed questions on the basis of which the deductive model will be formed. A hybrid approach combining both deductive and inductive might serve us best.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">The need to collect the right data in the correct format, in the right place was also expressed.</p>
</li></ol>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Potential Research Questions & Participants’ Areas of Research</p>
<p style="text-align: justify;" dir="ltr">Following this discussion, participants brainstormed to come up with potential areas of research and research questions. They have been captured below:</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Big Data, Aadhaar and India Stack:</p>
<div style="text-align: justify;" dir="ltr"> </div>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Has Aadhaar been able to tackle illegal ways of claiming services or are local negotiations and other methods still prevalent?</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Is the consent layer of India Stack being developed in a way that provides an opportunity to the UID user to give informed consent? The OpenPDS and its counterpart in the EU i.e. the My Data Structure were designed for countries with strong privacy laws. Importantly, they were meant for information shared on social media and not for an individual’s health or credit history. India is using it in a completely different sphere without strong data protection laws. What were the granular consent layer structures present in the West designed for and what were they supposed to protect?</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">The question of ownership of data needs to be studied especially in context of a globalised world where MNCs are collecting copious amounts of data of Indian citizens. What is the interaction of private parties in this regard?</p>
</li></ol>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Big Data and Predictive Policing:</p>
<div style="text-align: justify;" dir="ltr"> </div>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">How are inequalities being created through the Big Data systems? Lessons should be taken from the Western experience with the advent of predictive policing and other big data techniques - they tend to lead to perpetuation of the current biases which are already ingrained in the system.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">It was also pointed out how while studying these topics and anything related to technology generally, we become aware of a divide that is present between the computational sciences and social sciences. This divide needs to be erased if Big Data or any kind of data is to be used efficiently. There should be a cross-pollination between different groups of academics. An example of this can be seen to be the ‘computational social sciences departments’ that have been coming up in the last 3-4 years.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Why are so many interim promises made by Big Data failing? A study of this phenomenon needs to be done from a social science perspective. This will allow one to look at it from a different angle.</p>
</li></ol>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Studying Big Data:</p>
<div style="text-align: justify;" dir="ltr"> </div>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">What is the historical context of the terms of reference being used for Big Data? The current Big Data debate in India is based on parameters set by the West. For better understanding of Big Data, it was suggested that P.C. Mahalanobis’ experience while conducting the Indian census, (which was the Big Data of that time) can be looked at to get a historical perspective on Big Data. This comparison might allow us to discover questions that are important in the Indian context. It was also suggested that rather than using ‘Big Data’ as a catchphrase to describe these new technological innovations, we need to be more discerning.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">What are the ideological aspects that must be considered while studying Big Data? What does the dialectical promise of technology mean? It was contended that every time there is a shift in technology, the zeitgeist of that period is extremely excited and there are claims that it will solve everything. There’s a need to study this dialectical promise and the social promise surrounding it.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Apart from the legitimate fears that Big Data might lead to exclusion, what are the possibilities in which it improve inclusion too?</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">The diminishing barrier between the public and private self, which is a tangent to the larger public-private debate was mentioned.</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">How does one distinguish between technology failure and process failure while studying Big Data? </p>
</li></ol>
<div style="text-align: justify;" dir="ltr"> </div>
<div style="text-align: justify;" dir="ltr"> </div>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Big Data: A Friend?</p>
<p style="text-align: justify;" dir="ltr">In the concluding session, the fact that the Big Data moment cannot be wished away was acknowledged. The use of analytics and predictive modelling by the private sector is now commonplace and India has made a move towards a database state through UID and Digital India. The need for a nuanced debate, that does away with the false equivalence of being either a Big Data enthusiast or a luddite is crucial.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">A participant offered two approaches to solving a Big Data problem. The first was the Big Data due process framework which states that if a decision has been taken that impacts the rights of a citizen, it needs to be cross examined. The efficacy and practicality of such an approach is still not clear. The second, slightly paternalistic in nature, was the approach where Big Data problems would be solved at the data science level itself. This is much like the affirmative algorithmic approach which says that if in a particular dataset, the data for the minority community is not available then it should be artificially introduced in the dataset. It was also suggested that carefully calibrated free market competition can be used to regulate Big Data. For e.g. a private personal wallet company that charges higher, but does not share your data at all can be an example of such competition. </p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">Another important observation was the need to understand Big Data in a Global South context and account for unique challenges that arise. While the convenience of Big Data is promising, its actual manifestation depends on externalities like connectivity, accurate and adequate data etc that must be studied in the Global South.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<p style="text-align: justify;" dir="ltr">While the promises of Big Data are encouraging, it is also important to examine its impacts and its interaction with people's rights. Regulatory solutions to mitigate the harms of big data while also reaping its benefits need to evolve.</p>
<div style="text-align: justify;" dir="ltr"> </div>
<div style="text-align: justify;" dir="ltr"> </div>
<p><span id="docs-internal-guid-90fa226f-6157-27d9-30cd-050bdc280875"></span></p>
<div style="text-align: justify;" dir="ltr"> </div>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/big-data-in-india-benefits-harms-and-human-rights-a-report'>https://cis-india.org/internet-governance/big-data-in-india-benefits-harms-and-human-rights-a-report</a>
</p>
No publisherVidushi Marda, Akash Deep Singh and Geethanjali JujjavarapuHuman RightsUIDBig DataPrivacyArtificial IntelligenceInternet GovernanceMachine LearningFeaturedDigital IndiaAadhaarInformation TechnologyE-Governance2016-11-18T12:58:19ZBlog EntryRBI Directions on Account Aggregators
https://cis-india.org/internet-governance/blog/rbi-directions-on-account-aggregators
<b>The Reserve Bank of India's (RBI) Directions for account aggregator services in India seem to lay great emphasis on data security by allowing only direct access between institutions and do away with data scraping techniques.</b>
<p style="text-align: justify; ">These days’ people have access to various financial services and manage their finances in a diverse manner while dealing with a large number of financial service providers, each providing one or more services that the user may need such as banking, credit card services, investment services, etc. This multiplicity of financial service providers could make it inconvenient for the users to keep track of their finances since all the information cannot be provided at the same place. This problem is sought to be solved by the account aggregators by providing all the financial data of the user at a single place. Account aggregation is the consolidation of online financial account information (e.g., from banks, credit card companies, etc.) for online retrieval at one site. In a typical arrangement, an intermediary (e.g., a portal) agrees with a third party service provider to provide the service to consumers, the intermediary would then generally privately label the service and offer consumers access to it at the intermediary’s website.<a href="#_ftn1" name="_ftnref1">[1]</a> There are two major ways in which account aggregation takes place, (i) <i>direct access</i>: wherein the account aggregator gets direct access to the data of the user residing in the computer system of the financial service provider; and (ii) <i>scraping</i>: where the user provides the account aggregator the username and password for its account in the different financial service providers and the account aggregator scrapes the information off the website/portal of the different financial service providers.</p>
<p style="text-align: justify; ">Since account aggregation involves the use and exchange of financial information there could be a number of potential risks associated with it such as (i) loss of passwords; (ii) frauds; (iii) security breaches at the account aggregator, etc. It is for this reason that on the advice of the Financial Stability and Development Council,<a href="#_ftn2" name="_ftnref2">[2]</a> the Reserve Bank of India (“<b>RBI</b>”) felt the need to regulate this sector and on September 2, 2016 issued the Non-Banking Financial Company - Account Aggregator (Reserve Bank) Directions, 2016 to provide a framework for the registration and operation of Account Aggregators in India (the “<b>Directions</b>”). The Directions provide that no company shall be allowed to undertake the business of account aggregators without being registered with the RBI as an NBFC-Account Aggregator. The Directions also specify the conditions that have to be fulfilled for consideration of an entity as an Account Aggregator such as:</p>
<ol style="text-align: justify; ">
<li>the company should have a net owned fund of not less than rupees two crore, or such higher amount as the Bank may specify;</li>
<li>the company should have the necessary resources and wherewithal to offer account aggregator services;</li>
<li>the company should have adequate capital structure to undertake the business of an account aggregator;</li>
<li>the promoters of the company should be fit and proper individuals;</li>
<li>the general character of the management or proposed management of the company should not be prejudicial to the public interest;</li>
<li>the company should have a plan for a robust Information Technology system;</li>
<li>the company should not have a leverage ratio of more than seven;</li>
<li>the public interest should be served by the grant of certificate of registration; and</li>
<li>Any other condition that made be specified by the Bank from time to time.<a href="#_ftn3" name="_ftnref3">[3]</a></li>
</ol>
<p style="text-align: justify; ">The Direction further talk about the responsibilities of the Account Aggregators and specify that the account aggregators shall have the duties such as: (a) Providing services to a customer based on the customer’s explicit consent; (b) Ensuring that the provision of services is backed by appropriate agreements/ authorisations between the Account Aggregator, the customer and the financial information providers; (c) Ensuring proper customer identification; (d) Sharing the financial information only with the customer or any other financial information user specifically authorized by the customer; (e) Having a Citizen's Charter explicitly guaranteeing protection of the rights of a customer.<a href="#_ftn4" name="_ftnref4">[4]</a></p>
<p style="text-align: justify; ">The Account Aggregators are also prohibited from indulging in certain activities such as: (a) Support transactions by customers; (b) Undertaking any other business other than the business of account aggregator; (c) Keeping or “residing” with itself the financial information of the customer accessed by it; (d) Using the services of a third party for undertaking its business activities; (e) Accessing user authentication credentials of customers; (f) Disclosing or parting with any information that it may come to acquire from/ on behalf of a customer without the explicit consent of the customer.<a href="#_ftn5" name="_ftnref5">[5]</a> The fact that there is a prohibition on the information accessed from actually residing with the Account Aggregator will ensure greater security and protection of the information.</p>
<p style="text-align: justify; "><b>Consent Framework</b></p>
<p style="text-align: justify; ">The Directions specify that the function of obtaining, submitting and managing the customer’s consent should be performed strictly in accordance with the Directions and that no information shall be retrieved, shared or transferred without the explicit consent of the customer.<a href="#_ftn6" name="_ftnref6">[6]</a> The consent is to be taken in a standardized artefact, which can also be obtained in electronic form,<a href="#_ftn7" name="_ftnref7">[7]</a> and shall contain details as to (i) the identity of the customer and optional contact information; (ii) the nature of the financial information requested; (iii) purpose of collecting the information; (iv) the identity of the recipients of the information, if any; (v) URL or other address to which notification needs to be sent every time the consent artefact is used to access information; (vi) Consent creation date, expiry date, identity and signature/ digital signature of the Account Aggregator; and (vii) any other attribute as may be prescribed by the RBI.<a href="#_ftn8" name="_ftnref8">[8]</a> The account aggregator is required to inform the customer of all the necessary attributes to be contained in the consent artefact as well as the customer’s right to file complaints with the relevant authorities.<a href="#_ftn9" name="_ftnref9">[9]</a> The customers shall also be provided an option to revoke consent to obtain information that is rendered accessible by a consent artefact, including the ability to revoke consent to obtain parts of such information.<a href="#_ftn10" name="_ftnref10">[10]</a></p>
<p style="text-align: justify; ">Comments: While the Directions have specific provisions regarding how the financial data shall be dealt with, it is pertinent to note that the actual consent artefact also has personal information and it is not clear whether Account Aggregators are allowed disclose that information to third parties are not.</p>
<p style="text-align: justify; "><b>Disclosure and sharing of financial information</b></p>
<p style="text-align: justify; ">Financial information providers such as banks, mutual funds, etc. are allowed to share information with account aggregators only upon being presented with a valid consent artifact and also have the responsibility to verify the consent as well as the credentials of the account aggregator.<a href="#_ftn11" name="_ftnref11">[11]</a> Once the verification is done, the financial information provider shall digitally sign the financial information and transmit the same to the Account Aggregator in a secure manner in real time, as per the terms of the consent.<a href="#_ftn12" name="_ftnref12">[12]</a> In order to ensure smooth flow of data, the Directions also impose an obligation on financial information providers to:</p>
<ul style="text-align: justify; ">
<li>implement interfaces that will allow an Account Aggregator to submit consent artefacts, and authenticate each other, and enable secure flow of financial information;</li>
<li>adopt means to verify the consent including digital signatures;</li>
<li>implement means to digitally sign the financial information; and</li>
<li>maintain a log of all information sharing requests and the actions performed pursuant to such requests, and submit the same to the Account Aggregator.<a href="#_ftn13" name="_ftnref13">[13]</a></li>
</ul>
<p style="text-align: justify; ">Comments: The Directions provide that the Account Aggregator will not support any transactions by the customers and this seems to suggest that in case of any mistakes in the information the customer would have to approach the financial information provider and not the Account Aggregator.</p>
<p style="text-align: justify; "><b>Use of Information</b></p>
<p style="text-align: justify; ">The Directions provide that in cases where financial information has been provided by a financial information provider to an Account Aggregator for transferring the same to a financial information user with the explicit consent of the customer, the Account Aggregator shall transfer the same in a secure manner in accordance with the terms of the consent artefact only after verifying the identity of the financial information user.<a href="#_ftn14" name="_ftnref14">[14]</a> Such information, as well as information which may be provided for transferring to the customer, shall not be used or disclosed by the Account Aggregator or the Financial Information user except as specified in the consent artefact.<a href="#_ftn15" name="_ftnref15">[15]</a></p>
<p style="text-align: justify; "><b>Data Security</b></p>
<p style="text-align: justify; ">The Directions specify that the business of an Account Aggregator will be entirely Information Technology (IT) driven and they are required to adopt <b>required IT framework</b> and interfaces to ensure secure data flows from the financial information providers to their own systems and onwards to the financial information users.<a href="#_ftn16" name="_ftnref16">[16]</a> This technology should also be scalable to cover any other financial information or financial information providers as may be specified by the RBI in the future.<a href="#_ftn17" name="_ftnref17">[17]</a> The IT systems should also have adequate safeguards to ensure they are protected against unauthorised access, alteration, destruction, disclosure or dissemination of records and data.<a href="#_ftn18" name="_ftnref18">[18]</a> Information System Audit of the internal systems and processes should be in place and be conducted at least once in two years by CISA certified external auditors whose report is to be submitted to the RBI.<a href="#_ftn19" name="_ftnref19">[19]</a> The Account Aggregators are prohibited from asking for or storing customer credentials (like passwords, PINs, private keys) which may be used for authenticating customers to the financial information providers and their access to customer’s information will be based only on consent-based authorisation (for scraping).<a href="#_ftn20" name="_ftnref20">[20]</a></p>
<p style="text-align: justify; "><b>Grievance Redressal</b></p>
<p style="text-align: justify; ">The Directions require the Account Aggregator to put in place a policy for handling/ disposal of customer grievances/ complaints, which shall be approved by its Board and also have a dedicated set-up to address customer grievances/ complaints which shall be handled and addressed in the manner prescribed in the policy.<a href="#_ftn21" name="_ftnref21">[21]</a> The Account Aggregator also has to display the name and details of the Grievance Redressal Officer on its website as well as place of business.<a href="#_ftn22" name="_ftnref22">[22]</a></p>
<p style="text-align: justify; "><b>Supervision</b></p>
<p style="text-align: justify; ">The Directions require the Account Aggregators to put in place various internal checks and balances to ensure that the business of the Account Aggregator does not violate any laws or regulations such as constitution of an Audit Committee, a Nomination Committee to ensure the “fit and proper” status of its Directors, a Risk Management Committee and establishment of a robust and well documented risk management framework.<a href="#_ftn23" name="_ftnref23">[23]</a> The Risk Management Committee is required to (a) give due consideration to factors such as reputation, customer confidence, consequential impact and legal implications, with regard to investment in controls and security measures for computer systems, networks, data centres, operations and backup facilities; and b) have oversight of technology risks and ensure that the organisation’s IT function is capable of supporting its business strategies and objectives.<a href="#_ftn24" name="_ftnref24">[24]</a> Further the RBI also has the power to inspect any Account Aggregator at any time.<a href="#_ftn25" name="_ftnref25">[25]</a></p>
<p style="text-align: justify; "><b>Penalties</b></p>
<p style="text-align: justify; ">The Directions themselves do not provide for any penalties for non compliance, however since the Directions are issued under Section 45JA of the Reserve Bank of India Act, 1934 (“<b>RBI Act</b>”), this means that any contravention of these directions will be punishable under Section 58B of the RBI Act which provides for an imprisonment of upto 3 years as well as a fine for any contravention of such directions.</p>
<p style="text-align: justify; "><b>Conclusion</b></p>
<p style="text-align: justify; ">The Directions by the RBI provide a number of regulations and checks on Account Aggregators with the view to ensure safety of customer financial data. These Directions appear to be quite trendsetting in the sense that in most other jurisdictions such as the United States or even Europe there are no specific regulations governing Account Aggregators but their activities are mainly being governed under existing privacy or consumer protection legislations.<a href="#_ftn26" name="_ftnref26">[26]</a></p>
<p style="text-align: justify; ">The entire regulatory regime for Account Aggregators seems to suggest that the RBI wants Account Aggregators to be like funnels to channel information from various platforms right to the customer (or financial information user) and it does not want to take a chance with the information actually residing with the Account Aggregators. Further, by prohibiting Account Aggregators from accessing user authentication credentials, the RBI is trying to eliminate the possibility of this information being leaked or stolen. Although this may make it more onerous for Account Aggregators to provide their services, it is a great step to ensure the safety and security of customer data.</p>
<p style="text-align: justify; ">In recent months the RBI has been trying to actively engage with the various new products being introduced in the financial sector owing to various technological advancements, be it the circular informing the public about the risks of virtual currencies including Bitcoin, the consultation paper on P2P lending platforms or these current guidelines on Account Aggregators. These recent actions of the RBI seem to suggest that the RBI is well aware of various technological advancements in the financial sector and is keeping a keen eye on these technologies and products, but appears to be taking a cautious and weighted approach regarding how to deal with them.</p>
<hr />
<p style="text-align: justify; "><a href="#_ftnref1" name="_ftn1">[1]</a> Ann S. Spiotto, <i>Financial Account Aggregation: The Liability Perspective</i>, Fordham Journal of Corporate & Financial Law, 2006, Volume 8, Issue 2, Article 6, available at <a href="http://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=1181&context=jcfl">http://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=1181&context=jcfl</a></p>
<p style="text-align: justify; "><a href="#_ftnref2" name="_ftn2">[2]</a> <a href="https://rbi.org.in/scripts/BS_PressReleaseDisplay.aspx?prid=34345">https://rbi.org.in/scripts/BS_PressReleaseDisplay.aspx?prid=34345</a></p>
<p style="text-align: justify; "><a href="#_ftnref3" name="_ftn3">[3]</a> Clause 4.2.2 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref4" name="_ftn4">[4]</a> Clause 5 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref5" name="_ftn5">[5]</a> Clause 5 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref6" name="_ftn6">[6]</a> Clauses 6.1 and 6.2 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref7" name="_ftn7">[7]</a> Clause 6.4 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref8" name="_ftn8">[8]</a> Clause 6.3 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref9" name="_ftn9">[9]</a> Clause 6.5 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref10" name="_ftn10">[10]</a> Clause 6.6 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref11" name="_ftn11">[11]</a> Clauses 7.1 and 7.2 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref12" name="_ftn12">[12]</a> Clauses 7.3 and 7.4 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref13" name="_ftn13">[13]</a> Clause 7.5 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref14" name="_ftn14">[14]</a> Clause 7.6.1 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref15" name="_ftn15">[15]</a> Clause 7.6.2 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref16" name="_ftn16">[16]</a> Clause 9(a) of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref17" name="_ftn17">[17]</a> Clause 9(c) of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref18" name="_ftn18">[18]</a> Clause 9(d) of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref19" name="_ftn19">[19]</a> Clause 9(f) of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref20" name="_ftn20">[20]</a> Clause 9(b) of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref21" name="_ftn21">[21]</a> Clauses 10.1 and 10.2 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref22" name="_ftn22">[22]</a> Clause 10.3 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref23" name="_ftn23">[23]</a> Clauses 12.2, 12.3 and 12.4 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref24" name="_ftn24">[24]</a> Clause 12.4 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref25" name="_ftn25">[25]</a> Clause 15 of the Directions.</p>
<p style="text-align: justify; "><a href="#_ftnref26" name="_ftn26">[26]</a> <a href="http://www.canadiancybersecuritylaw.com/2016/07/german-regulator-finds-banks-data-rules-impede-non-bank-competitors/">http://www.canadiancybersecuritylaw.com/2016/07/german-regulator-finds-banks-data-rules-impede-non-bank-competitors/</a></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/rbi-directions-on-account-aggregators'>https://cis-india.org/internet-governance/blog/rbi-directions-on-account-aggregators</a>
</p>
No publisherVipul Kharbanda and Elonnai HickokBankingFeaturedInternet GovernancePrivacy2016-10-21T15:25:01ZBlog EntryInternet Researchers' Conference 2017 (IRC17) - Call for Sessions
https://cis-india.org/raw/irc17-call
<b>It gives us great pleasure to announce that the second Internet Researchers' Conference (IRC17) will take place in Bengaluru on March 03-05, 2017. It will be organised by the Centre for Internet and Society (CIS) in partnership with the Centre for Information Technology and Public Policy at the International Institute of Information Technology Bangalore (IIIT-B). It is a free and open conference. Sessions must be proposed by teams of two or more members on or before Friday, October 28. All submitted session proposals will go though an open review process, followed by each team that has proposed a session being invited to select ten sessions of their choice to be included in the Conference agenda. Final sessions will be chosen through these votes, and be announced on January 09, 2017.</b>
<p> </p>
<h4>IRC17 Call for Sessions: <a href="https://github.com/cis-india/irc/raw/master/IRC17_Call-for-Sessions.pdf">Download</a> (PDF)</h4>
<h4>IRC17 Selection of Sessions: <a href="http://cis-india.org/raw/irc17-selection">http://cis-india.org/raw/irc17-selection</a></h4>
<h4><em>Deadline for submission was Friday, October 28.</em></h4>
<hr />
<h3><strong>IRC17: Key Provocations</strong></h3>
<p>Two critical questions that emerged from the conversations at the previous edition of the Conference (IRC16) were about the <strong>digital objects of research</strong>, and the <strong>digital/internet experiences in Indic languages</strong>. As we discussed various aspects and challenges of 'studying internet in India', it was noted that we have not sufficiently explored how ongoing research methods, assumptions, and analytical frames are being challenged (if at all) by the <strong>becoming-digital</strong> of the objects of research across disciplines: from various artifacts and traces of human and machinic interactions, to archival entries and sites of ethnography, to practices and necessities of collaboration.</p>
<p>We found that the analyses of such <strong>digital objects of research</strong> often tend to assume either an aesthetic and functional <strong>uniqueness</strong> or <strong>sameness</strong> vis-à-vis the pre-/proto-digital objects of research, while neither of these positions are discussed in detail. Further, we tend to universalise the English-speaking user's/researcher's experience of working with such digital objects, without sufficiently considering their lives and functions in other (especially, Indic) languages.</p>
<p>These we take as the key provocations of the 2017 edition of IRC:</p>
<ul>
<li>How does the <strong>becoming-digital</strong> of the research objects challenge our current research practices, concerns, and assumptions?</li>
<li>How do we appreciate, study, and theorise the functioning of and meaning-making by digital objects in <strong>Indic languages</strong>?</li>
<li>What <strong>research tools and infrastructures</strong> are needed to study, document, annotate, analyse, archive, cite, and work with (in general) digital objects, especially those in Indic languages?</li></ul>
<h3><strong>Call for Sessions</strong></h3>
<p>We invite teams of two or more researchers and practitioners to propose sessions for IRC17. We do understand that finding team members for a session you have in mind might be difficult in certain cases. Please feel free to share initial sessions ideas on the <strong>researchers@cis-india</strong> mailing list <strong>[1]</strong>. Also, please keep an eye on the list to see what potential topics are being discussed.</p>
<p>All sessions will be one and half hours long, and will be fully designed and facilitated by the team concerned, including moderation (if any). The sessions are expected to drive conversations on the topic concerned. They may include presentation of research papers but this is <strong>not at all</strong> mandatory.</p>
<p>If you plan to organise a session structured around presentation of research papers, please note that we are exploring potential publication outlets for a collection of full-length research papers. If your session is selected for IRC17, we will notify you of guidelines to be followed for the submission and review of full-length papers prior to the conference. If you are interested in this publication possibility, <strong>please indicate</strong> that in your session proposal submission.</p>
<p>Sessions that involve collaborative work (either in group or otherwise), including discussions, interactions, documentation, learning, and making, are <strong>most welcome</strong>.</p>
<p>Further, we look forward to sessions conducted in <strong>Indic languages</strong>. The proposing team, in such a case, should consider how participants who do not understand the language can participate in it. IRC organisers and other participants will play an active role in making such engagements possible.</p>
<p>The only <strong>eligibility criteria</strong> for proposing sessions are that they must be proposed by a <strong>team of at least two members</strong>, and that they must engage with <strong>one (or more) of the three key provocations</strong> mentioned above. Further, the teams whose sessions are selected for IRC17 must commit to producing at least <strong>one post-conference essay/documentation</strong> on the topic of their session.</p>
<p>The <strong>deadline</strong> for submission of sessions proposals for IRC17 is <strong>Friday, October 28</strong>.</p>
<p>To propose a session, please send the following documents (as attached text files) to <strong>raw[at]cis-india[dot]org</strong>:</p>
<ul>
<li><strong>Title and Description of the Session:</strong> The session should be named in the form of a hashtag (check the IRC16 sessions for reference <strong>[2]</strong>). The description of the session should clearly state what the key focus of the session is, and which of the three central concerns it will address. The description should be approximately <strong>300 words</strong> long.</li>
<li><strong>Session plan:</strong> This should describe how the session will be conducted and moderated. Any specific requirements (technical, language support, etc.) of the session should also be noted here. This should not be more than <strong>200 words</strong> long. If your session plan involves presentation of research papers, please indicate whether you would be interested in having these papers considered for academic publication.</li>
<li><strong>Documentation plan:</strong> This should indicate how documentation will be done during the session, and more importantly what form the post-conference essay/documentation will take and what issue(s) it will address. This should not be more than <strong>100 words</strong> long.</li>
<li><strong>Short Abstracts (Only for Sessions with Paper Presentations):</strong> If your session involves presentation of research papers, please share a <strong>250 words</strong> abstract for each paper.</li>
<li><strong>Details of the Team:</strong> Please share brief biographic notes of each member of the session team, and contact details.</li></ul>
<h3><strong>Session Selection Process</strong></h3>
<p><strong>October 28:</strong> Deadline of submission of session proposals.</p>
<p><strong>October 31:</strong> All submitted sessions will be posted on the CIS website, along with the names, biographic brief, and contact details of the members of the session teams.</p>
<p><strong>November 01 - December 24:</strong> Open review period. All session teams, as well as other interested contributors, may review the submitted proposals and share comments directly with the session teams, or discuss the session on the researchers@cis-india list. The session teams may fully and continuously edit the proposal during this period, including adding/changing session teams.</p>
<p><strong>December 25:</strong> Open review ends and voting begins. All session teams will select 10 sessions to be included in the IRC17 programme. The votes will be anonymous, that is which session team has voted for which set of sessions will not be made public.</p>
<p><strong>January 05:</strong> Voting ends.</p>
<p><strong>January 09:</strong> Announcement of selected sessions.</p>
<p><strong>February 12:</strong> Deadline for selected session teams to submit a detailed session plan, information about which will be shared later. If a selected session involves presentation of papers, then the draft papers are to be submitted by this date (no need to submit a detailed session plan in that case).</p>
<h3><strong>Venue, Accommodation, and Travel</strong></h3>
<p>The conference will take place at the International Institute of Information Technology Bangalore (IIIT-B) during March 03-05, 2017 <strong>[3]</strong>.</p>
<p>The conference does <strong>not</strong> have any participation fees. The organisers will cover <strong>all</strong> costs related to accommodation and hospitality during the conference. We look forward to offer a limited number of (domestic) travel fellowships for students and other deserving applicants. We will also confirm this on <strong>January 02, 2017</strong>.</p>
<h3><strong>About the IRC Series</strong></h3>
<p>The Researchers at Work (RAW) programme <strong>[4]</strong> at the Centre for Internet and Society (CIS) initiated the Internet Researchers' Conference (IRC) series to address these concerns, and to create an annual temporary space in India, for internet researchers to gather and share experiences.</p>
<p>The IRC series is driven by the following interests:</p>
<ul>
<li>creating discussion spaces for researchers and practitioners studying internet in India and in other comparable regions,</li>
<li>foregrounding the multiplicity, hierarchies, tensions, and urgencies of the digital sites and users in India,
accounting for the various layers, conceptual and material, of experiences and usages of internet and networked digital media in India, and</li>
<li>exploring and practicing new modes of research and documentation necessitated by new (digital) objects of power/knowledge.</li></ul>
<p>The first edition of the Internet Researchers' Conference series was held in February 2016 <strong>[5]</strong>. It was hosted by the Centre for Political Studies at Jawaharlal Nehru University <strong>[6]</strong>, and was supported by the CSCS Digital Innovation Fund <strong>[7]</strong>. The Conference was constituted by eleven discussion sessions (majority of which were organised around presentation of several papers), four workshop sessions (which involved group discussions, activities, and learnings), a book sprint over three sessions to develop an outline of a (re)sourcebook for internet researchers in India, and a concluding round table. The audio recordings and notes from IRC16 are now being compiled into an online Reader. A detailed reflection note on the IRC16 has already been published <strong>[8]</strong>.</p>
<h3><strong>Endnotes</strong></h3>
<p><strong>[1]</strong> See: <a href="https://lists.ghserv.net/mailman/listinfo/researchers">https://lists.ghserv.net/mailman/listinfo/researchers</a>.</p>
<p><strong>[2]</strong> See: <a href="http://cis-india.org/raw/irc16">http://cis-india.org/raw/irc16</a>.</p>
<p><strong>[3]</strong> See: <a href="http://iiitb.ac.in/">http://iiitb.ac.in/</a>.</p>
<p><strong>[4]</strong> See: <a href="http://cis-india.org/raw/">http://cis-india.org/raw/</a>.</p>
<p><strong>[5]</strong> See: <a href="http://cis-india.org/raw/irc16">http://cis-india.org/raw/irc16</a>.</p>
<p><strong>[6]</strong> See: <a href="http://www.jnu.ac.in/SSS/CPS/">http://www.jnu.ac.in/SSS/CPS/</a>.</p>
<p><strong>[7]</strong> See: <a href="http://cis-india.org/raw/cscs-digital-innovation-fund">http://cis-india.org/raw/cscs-digital-innovation-fund</a>.</p>
<p><strong>[8]</strong> See: <a href="http://cis-india.org/raw/iirc-reflections-on-irc16">http://cis-india.org/raw/iirc-reflections-on-irc16</a>.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/raw/irc17-call'>https://cis-india.org/raw/irc17-call</a>
</p>
No publishersumandroResearchers at WorkInternet Researcher's ConferenceFeaturedLearningIRC17Homepage2016-12-12T13:40:08ZBlog EntrySubmitted Comments on the Telangana State Open Data Policy 2016
https://cis-india.org/openness/comments-on-the-telangana-state-open-data-policy-2016
<b>Last month, the Information Technology, Electronics & Communications Department of the Government of Telangana released the first public draft of the Telangana State Open Data Policy 2016, and sought comments from various stakeholders in the state and outside. The draft policy not only aims to facilitate and provide a framework for proactive disclosure of data created by the state government agencies, but also identify the need for integrating such a mandate within the information systems operated by these agencies as well. CIS is grateful to be invited to submit its detailed comments on the same. The submission was drafted by Anubha Sinha and Sumandro Chattapadhyay.</b>
<p> </p>
<p><strong>Download the submitted document: <a href="http://cis-india.org/openness/files/cis-telangana-state-open-data-policy-v-1-submission/at_download/file">PDF</a>.</strong></p>
<hr />
<h3><strong>1. Preliminary</strong></h3>
<p><strong>1.1.</strong> This submission presents comments and recommendations by the Centre for Internet and Society (“CIS”) <strong>[1]</strong> on the proposed draft of the Telangana Open Data Policy 2016 (“the draft policy”). This submission is based on Version 1 of the draft policy shared by the Information Technology, Electronics & Communications Department, Government of Telangana (“the ITE&C Department”).</p>
<p><strong>1.2.</strong> CIS commends the ITE&C Department for its generous efforts at seeking inputs from various stakeholders to draft an open data policy for the state of Telangana. CIS is thankful for this opportunity to provide a clause-by-clause submission.</p>
<h3><strong>2. The Centre for Internet and Society</strong></h3>
<p><strong>2.1.</strong> The Centre for Internet and Society, CIS, is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfiguration of social processes and structures through the internet and digital media technologies, and vice versa.</p>
<p>2.2. This submission is consistent with CIS’ commitment to safeguarding general public interest, and the interests and rights of various stakeholders involved. The comments in this submission aim to further the principle of citizens’ right to information, instituting openness-by-default in governmental activities, and to realise the various kinds of public goods that can emerge from greater availability of open (government) data. The submission is limited to those clauses that most directly have an impact on these principles.</p>
<h3><strong>3. Comments and Recommendations</strong></h3>
<p><em>This section presents comments and recommendations directed at the draft policy as a whole, and in certain places, directed at specific clauses of the draft policy.</em></p>
<h3>3.1. Defining the Scope of the Policy in the Preamble</h3>
<p><strong>3.1.1.</strong> CIS observes and appreciates that the ITE&C Department has identified the open data policy as a catalyst for, and as dependent upon, a larger transformation of the information systems implemented in the state, to specifically ensure that these information systems.</p>
<p><strong>3.1.2.</strong> CIS commends the endeavour of the draft policy to share data in open and machine-readable standards. To further this, it will be useful for the preamble to explicitly mandate proactive disclosure in both human-readable and machine-readable formats, using open standards, and under open license(s).</p>
<p><strong>3.1.3.</strong> CIS recommends that the draft policy state the scope of the policy at the outset, i.e. in the Preamble section of the document. This will provide greater clarity to the stakeholders who are trying to ascertain applicability of the draft policy to their data.</p>
<p><strong>3.1.4.</strong> CIS commends the crucial mandate of creating data inventory within every state government ministry / department. We further recommend that the draft policy also expressly states the need to make these inventories publicly accessible.</p>
<p><strong>3.1.5.</strong> CIS commends the draft policy’s aim to build a process to engage with data users for better outcomes. We suggest that the draft policy also enumerates the “outcomes” of such engagement, in order to provide more clarity. We recommend that these “outcomes” include greater public supply of open government data in an effective, well-documented, timely, and responsible manner.</p>
<p><strong>3.1.6.</strong> Further, CIS suggests that the draft policy define “information centric and customer centric data” to provide more clarity to the document, as well as its scope and objectives.</p>
<h3>3.2. Provide Legal and Policy References</h3>
<p><strong>3.2.1.</strong> Strengthening transparency, predictability, and legal certainty of rules benefits all stakeholders. Thus, as far as possible, terms in the draft policy should use pre-existing legal definitions. In case of ambiguities arising after the implementation of the policy, consistency in definitions will also lead to greater interpretive certainty. It must be noted that good quality public policies which promote legal certainty, lead to better implementation.</p>
<p><strong>3.2.2.</strong> CIS observes that the draft policy re-defines various terms in Section 4 that have already been defined in National Data Sharing and Accessibility Policy (“NDSAP”) 2012 <strong>[2]</strong>, the Right to Information 2005 (“RTI Act”) <strong>[3]</strong>, and IT (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 <strong>[4]</strong>. We strongly recommend that the draft policy uses the pre-existing definitions in these acts, rules, and policies.</p>
<p><strong>3.2.3.</strong> Further, CIS observes that while certain sections accurately reflect definitions and parts from other acts, rules and policies, such sections are not referenced back to the latter. These sections include, but are not limited to: Sections 3, 7, 8, 4 (definitions of Data set, Data Archive, Negative list, Sensitive Personal data). We strongly recommend that accurate legal references be added to the draft policy after careful study of the language used.</p>
<h3>3.3. Need for More Focused Objective Statement</h3>
<p><strong>3.3.1.</strong> While the draft policy has a very comprehensive statement of its objectives, including "<em>all issues related to data in terms of the available scope of sharing and accessing spatial and non-spatial data under broad frameworks of standards and interoperability</em>," it may consider offering a more focused statement of its key objective, which is to provide a policy framework for proactive disclosure of government data by the various agencies of the Government of Telangana.</p>
<p><strong>3.3.2.</strong> Further, the objective statement must clearly state that the policy enables publication of data created by the agencies of the Government of Telangana, and/or by private agencies working in partnership with public agencies, using public funds as open data (that is, using open standards, and under open license). The present version of the objective statement mentions "<em>sharing</em>" and "<em>accessing</em>" the data concerned under "<em>broad frameworks of standards and interoperability</em>" but does not make it clear if such shared data will be available in open standards, under open licenses, and for royalty-free adaptation and redistribution by the users concerned.</p>
<h3>3.4. Suggestions related to the Definitions</h3>
<p><strong>3.4.1.</strong> The term “Data” has not been defined in accordance with NDSAP 2012. We suggest that the definition provided in NDSAP is followed so as to ensure legal compatibility.</p>
<p><strong>3.4.2.</strong> The term “Sensitive Personal Data” seems to have been defined on the basis of the definition provided in the IT (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011. Please add direct reference so as to make this clear. We further suggest that the term “Personal Information”, also defined in the same IT Rules, is also included and referred to in the draft policy, so that not only Sensitive Personal Data is barred from disclosure under this policy, but also Personal Information (that is "<em>any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person</em>") <strong>[5]</strong>.</p>
<p><strong>3.4.3.</strong> The term “Negative List” is defined in a manner that allows the state government ministries and agencies to identify which data are to be considered as non-shareable without any reference to an existing policy framework that list acceptable grounds for such identification. The term must be defined more restrictively, as this definition can allow an agency to avoid disclosure of data that may not be legally justifiable as non-shareable or sensitive. Thus, we recommend a more limited definition which may draw upon the RTI Act 2005, and specifically consider the factors mentioned in Sections 8 and 9 of the Act as the (only) set of acceptable reasons for non-disclosure of government data.</p>
<p><strong>3.4.4.</strong> The terms “Shareable Data” and “Sensitive Data” are used in several places in the draft policy but are not defined in Section 4. Both these terms are defined in NDSAP 2012. We suggest that both these terms be listed in Section 4, in accordance with the respective definitions provided in NDSAP 2012.</p>
<p><strong>3.4.5.</strong> The terms “Data Archive”, “Data Acquisition”, “Raw Data”, “Standards-Compliant Applications”, and “Unique Data” are defined in Section 4, but none of these terms appear elsewhere in the draft policy. We suggest that these terms are either better integrated into the document, or may not be defined at all.</p>
<h3>3.5. Rename Section 6 to Focus on Implementation of the Policy</h3>
<p><strong>3.5.1.</strong> Though the Section 6 is named as “Shareable Data”, it instead categorically lists down how the policy is to be implemented. This is a very welcome step, but the Section title should reflect this purpose of the Section.</p>
<p><strong>3.5.2.</strong> The decision proposed in the draft policy to make it mandatory for "<em>each funding organization</em>" to "<em>highlight data sharing policy as preamble in its RFPs as well as Project proposal formats</em>" is much appreciated and commendable. For a clearer and wider applicability of this measure, we recommend that this responsibility should apply to all state government agencies, including agencies where the state government enjoys significant stake, and all public-private partnerships entered into by the state government agencies, and not only to "<em>funding organizations</em>" (a term that has also not been defined in the draft policy).</p>
<p><strong>3.5.3.</strong> While the Section details out various measures and steps of implementation of the policy, it does not clarify which agency and/or committee would have the authority and responsibility to coordinate, monitor, facilitate, and ensure these measures and steps. Not only governmental representatives but also non-governmental representatives may be considered for such a committee.</p>
<h3>3.6. Host All Open Government Data in the State Portal</h3>
<p><strong>3.6.1.</strong> We observe that the Section 6 indicates that , the designated domain for the open government data portal for the state of Telangana, will only store metadata related to the proactive disclosed data sets but not the data sets themselves. This is further clarified in Section 10. We strongly urge the ITE&C Department to reconsider this decision to not to store the actual open data sets in the state open government data portal itself but in the departmental portals. A central archive of the open data assets, hosted by the state open government data portal, will allow for more effective and streamlined management of the open data assets concerned, including their systematic backing-up, better security and integrity, permanent and unique disclosure, and rule-driven updation. This would also reduce the burden upon all the government agencies, especially those that do not have a substantial IT team, to run independent department-specific open data portals.</p>
<h3>3.7. Reconsider the Section on Data Classification</h3>
<p><strong>3.7.1.</strong> While it is clear that the Section 7 on Data Classification follows the classification of various data sets created, managed, and/or hosted by government agencies offered in the NDSAP 2012, it is not very clear what role this classification plays in functioning and implementation of the draft policy. While Open Access and Registered Access data may both be considered as open government data that is to be proactively disclosed by the state government agencies via the state open government data portal, the Restricted Access data overlaps with the kinds of data already included in the Negative List defined in the draft policy (and elsewhere, like the RTI Act 2005). Further, the final sentence in this Section ensures that all data users provide appropriate attribution of the source(s) of the data set concerned, which (though is an important statement) should not be part of this Section on Data Classification. We suggest reconsideration of inclusion of this Section.</p>
<h3>3.8. Reconsider the Section on Technology for Sharing and Access</h3>
<p><strong>3.8.1.</strong> While it is clear that the Section 8 on Technology for Sharing and Access is adapted from the Section 9 of the NDSAP 2012, the text in this Section seems to be not fully compatible with other statements in this draft policy. For example, the Section states that "<em>[t]his integrated repository will hold data of current and historical nature and this repository over a period of time will also encompass data generated by various State Government departments</em>." However, the draft policy states in Section 10 that "<em>data.telangana.gov.in will only have the metadata and data itself will be accessed from the portals of the departments</em>."</p>
<p><strong>3.8.2.</strong> We strongly urge the ITE&C Department to revise this Section through close discussion with the NDSAP Project Management Unit, National Informatics Centre, which is the technical team responsible for developing and managing the portal, since the present version of this Section lists the original feature set of the portal as envisioned in 2012 but does not reflect the most recent feature set that has been already implemented in the portal concerned.</p>
<h3>3.9. Current Legal Framework (Section 9) should List to Relevant Acts, Rules, Policies, and Guidelines</h3>
<p><strong>3.9.1.</strong> CIS observes that the draft policy attempts to lay out the applicable legal framework in Section 2 and 9 of the draft policy, and submits that the legal framework is incomplete and recommends that the draft policy lists all the following relevant acts, rules, policies and guidelines:</p>
<ol type="A">
<li>National Data Sharing and Accessibility Policy, 2012<br /><br /></li>
<li>Right to Information Act, 2005<br /><br /></li>
<li>Information Technology Act, 2002<br /><br /></li>
<li>Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.<br /></li></ol>
<p><strong>3.9.2.</strong> CIS submits that apart from the policies mentioned above, the implementation of the draft policy is intricately linked to concepts of "open standards," "open source software," "open API," and "right to information." These concepts are governed by specific acts and policies, and are applicable to government owned data, as follows:</p>
<ol type="A">
<li><strong>Adoption of Open Standards:</strong> CIS observes that the draft policy draws on the importance of building information systems for interoperability and greater information accessibility. Interoperability is achieved by appropriate implementation of open standards. Thus, CIS submits that the Policy on Open Standards for e-Governance <strong>[6]</strong> which establishes the guidelines for usage of open standards to ensure seamless interoperability, and the Implementation Guidelines of the National Data Sharing and Accessibility Policy, 2012 <strong>[7]</strong> should be mentioned in the draft policy.<br /><br /></li>
<li><strong>Adoption of Open Source Software:</strong> The Policy on Adoption of Open Source Software for Government of India states that the "<em>Government of India shall endeavour to adopt Open Source Software in all e-Governance systems implemented by various Government organizations, as a preferred option in comparison to Closed Source Software</em> <strong>[8]</strong>." As the draft policy proposed to guide the development of information systems to share open data is being developed and implemented both by the Government of Telangana and by other agencies (academic, commercial, and otherwise), it must include an explicit reference and embracing of this mandate for adoption of Open Source Software, for reasons of reducing expenses, avoiding vendor lock-ins, re-usability of software components, enabling public accountability, and greater security of software systems.<br /><br /></li>
<li><strong>Implementation of Open APIs:</strong> CIS observes that the draft policy refers to Standard compliant applications in Section 4. CIS suggests that final version of the policy refer to and operationalise the Policy on Open Application Programming Interfaces (APIs) for Government of India <strong>[9]</strong>. This will ensure that the openly available data is available to the public, as well as to all the government agencies, in a structured digital format that is easy to consume and use on one hand, and is available for various forms of value addition and innovation on the other. Refer to Official Secrets Act, 1923: The Official Secrets Act penalises a person if he/she "<em>obtains, collects, records or publishes or communicates to other person any secret official code or password, or any sketch, plan, model, article or note or other document or information which is calculated to be or might be or is intended to be, directly or indirectly, useful to an enemy for which relates to a matter the disclosure of which is likely to affect the sovereignty and integrity of India, the security of the State or friendly relations with foreign States</em> <strong>[10]</strong>." CIS submits that this Act should be referred to in this context of ensuring non-publication of the aforementioned data.<br /></li></ol>
<h3>3.10. Mandate a Participatory Process for Developing the Implementation Guidelines</h3>
<p><strong>3.10.1.</strong> We highly appreciate and welcome the fact that the draft policy emphasises rapid operationalisation of the policy by mandating that the ITE&C Department will prepare a detailed implementation guideline within 6 months of the notification of this policy, and all state government departments will publish at least 5 high value datasets within the next three months. Just as an addition to this mandate, we would like to propose that it can be suggested that the ITE&C Department undertakes a participatory process, with contributions from both government agencies and non-government actors, to develop this implementation guideline document. We believe that opening up government data in an effective and sustainable manner, for most government agencies, involves a systematic change in how the agency undertakes day-to-day data management practices. Hence, to develop productive and practical implementation guidelines, the ITE&C Department needs to gather insights from the other state government agencies regarding their existing data (and metadata) management practices <strong>[11]</strong>. Further, participation of the non-government actors in this process is crucial to ensure that the implementation guidelines appropriately identify the high value data sets, that is data sets that should be published on a priority basis.</p>
<h3>3.11. Defer the Decision about Roles of Data Owners, Generators, and Controllers</h3>
<p><strong>3.11.1.</strong> As the draft policy does not specifically define the terms “Data Owners”, “Data Generators”, and “Data Controllers”, and the Section 11 only briefly describes some of the roles of these types of actors, we suggest removal of this discussion and the decision regarding the specific roles and functions of the Data Owners / Generators / Controllers from the draft policy itself. It will be perhaps more appropriate and effective to define these terms, as well as their roles and functions, in the implementation guidelines to be prepared by the ITE&C Department after the notification of the open data policy, since these terms relate directly to the final designing of the implementation process.</p>
<p><strong>3.12.</strong> CIS is grateful to the ITE&C Department for this opportunity to provide comments, and would be honoured to provide further assistance on the matter.</p>
<h3><strong>Endnotes</strong></h3>
<p><strong>[1]</strong> See: <a href="http://cis-india.org/" target="_blank">http://cis-india.org/</a>.</p>
<p><strong>[2]</strong> See: <a href="http://data.gov.in/sites/default/files/NDSAP.pdf" target="_blank">http://data.gov.in/sites/default/files/NDSAP.pdf</a>.</p>
<p><strong>[3]</strong> See: <a href="http://rti.gov.in/webactrti.htm" target="_blank">http://rti.gov.in/webactrti.htm</a>.</p>
<p><strong>[4]</strong> See: <a href="http://meity.gov.in/sites/upload_files/dit/files/GSR313E_10511(1).pdf" target="_blank">http://meity.gov.in/sites/upload_files/dit/files/GSR313E_10511(1).pdf</a>.</p>
<p><strong>[5]</strong> See Section 2 (1) (i) of IT (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011.</p>
<p><strong>[6]</strong> See: <a href="https://egovstandards.gov.in/sites/default/files/Published%20Documents/Policy_on_Open_Standards_for_e-Governance.pdf" target="_blank">https://egovstandards.gov.in/sites/default/files/Published%20Documents/Policy_on_Open_Standards_for_e-Governance.pdf</a>.</p>
<p><strong>[7]</strong> See: <a href="https://data.gov.in/sites/default/files/NDSAP_Implementation_Guidelines_2.2.pdf" target="_blank">https://data.gov.in/sites/default/files/NDSAP_Implementation_Guidelines_2.2.pdf</a>.</p>
<p><strong>[8]</strong> See: <a href="http://deity.gov.in/sites/upload_files/dit/files/policy_on_adoption_of_oss.pdf" target="_blank">http://deity.gov.in/sites/upload_files/dit/files/policy_on_adoption_of_oss.pdf</a>.</p>
<p><strong>[9]</strong> See: <a href="http://deity.gov.in/sites/upload_files/dit/files/Open_APIs_19May2015.pdf" target="_blank">http://deity.gov.in/sites/upload_files/dit/files/Open_APIs_19May2015.pdf</a>.</p>
<p><strong>[10]</strong> See: <a href="http://www.archive.india.gov.in/allimpfrms/allacts/3314.pdf" target="_blank">http://www.archive.india.gov.in/allimpfrms/allacts/3314.pdf</a>, Sections 2 (2) and 3 (1) (c).</p>
<p><strong>[11]</strong> A similar process was undertaken by the IT Department of the Government of Sikkim when developing the implementation guideline document. The ITE&C Department may consider discussing the matter with the said department to exchange relevant learnings.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/openness/comments-on-the-telangana-state-open-data-policy-2016'>https://cis-india.org/openness/comments-on-the-telangana-state-open-data-policy-2016</a>
</p>
No publishersumandroOpen DataOpen Government DataFeaturedPoliciesOpennessHomepage2016-09-01T05:49:51ZBlog EntryAnalysis of the Report of the Group of Experts on Developments in the Field of Information and Telecommunications in the Context of International Security and Implications for India
https://cis-india.org/internet-governance/blog/analysis-report-experts-information-telecommunications-security-implications-india
<b>This paper analyses the report of the Group of Experts and and India’s compliance with its recommendations based on existing laws and policies. Given the global nature of these challenges and the need for nations to holistically address such challenges from a human rights and security perspective, CIS believes that the Group of Experts and similar international forums are useful and important forums for India to actively engage with.</b>
<p> </p>
<p>The United Nations Group of Experts on ICT issued their report on Developments in the Field of Information and Telecommunications in the Context of International Security in June, 2015. This paper analyses the report of the Group of Experts and and India’s compliance with its recommendations based on existing laws and policies. CIS believes that the report of the Group of Experts provides important minimum standards that countries could adhere to in light of challenges to international security posed by ICT developments. Given the global nature of these challenges and the need for nations to holistically address such challenges from a human rights and security perspective, CIS believes that the Group of Experts and similar international forums are useful and important forums for India to actively engage with.</p>
<p><strong>Download: <a href="https://cis-india.org/internet-governance/files/ict-paper.pdf" class="internal-link">PDF</a> (627 kb)</strong></p>
<hr />
<p>1. <a href="#1">Introduction</a></p>
<p>2. <a href="#2">Analysis of the Recommendations</a></p>
<p>2a. <a href="#2a">Consistent with the purposes of the United Nations, including to maintain international
peace and security, States should cooperate in developing and applying measures to increase stability and security in the use of ICTs and to prevent ICT practices that are acknowledged to be harmful or that may pose threats to international peace and security</a></p>
<p>2b. <a href="#2b">In case of ICT incidents, States should consider all relevant information, including the
larger context of the event, the challenges of attribution in the ICT environment and the nature and extent of the consequences</a></p>
<p>2c. <a href="#2c">States should not knowingly allow their territory to be used for internationally wrongful acts using ICTs; of the Recommendations</a></p>
<p>2d. <a href="#2d">States should consider how best to cooperate to exchange information, assist each other, prosecute terrorist and criminal use of ICTs and implement other cooperative measures to address such threats. States may need to consider whether new measures need to be developed in this respect</a></p>
<p>2e. <a href="#2e">States, in ensuring the secure use of ICTs, should respect Human Rights Council resolutions 20/8 and 26/13 on the promotion, protection and enjoyment of human rights on the Internet, as well as General Assembly resolutions 68/167 and 69/166 on the right to privacy in the digital age, to guarantee full respect for human rights, including the right to freedom of expression</a></p>
<p>2f. <a href="#2f">A State should not conduct or knowingly support ICT activity contrary to its obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public</a></p>
<p>2g. <a href="#2g">States should take appropriate measures to protect their critical infrastructure from ICT threats, taking into account General Assembly resolution 58/199 on the creation of a global culture of cybersecurity and the protection of critical information infrastructures, and other relevant resolutions</a></p>
<p>2h. <a href="#2h">States should respond to appropriate requests for assistance by another State whose critical infrastructure is subject to malicious ICT acts. States should also respond to appropriate requests to mitigate malicious ICT activity aimed at the critical infrastructure of another State emanating from their territory, taking into account due regard for sovereignty</a></p>
<p>2i. <a href="#2i">States should take reasonable steps to ensure the integrity of the supply chain so that end users can have confidence in the security of ICT products. States should seek to prevent the proliferation of malicious ICT tools and techniques and the use of harmful hidden functions</a></p>
<p>2j. <a href="#2j">States should encourage responsible reporting of ICT vulnerabilities and share associated information on available remedies to such vulnerabilities to limit and possibly eliminate potential threats to ICTs and ICT-dependent infrastructure</a></p>
<p>2k. <a href="#2k">States should not conduct or knowingly support activity to harm the information systems of the authorized emergency response teams (sometimes known as computer emergency response teams or cyber security incident response teams) of another State. A State should not use authorized emergency response teams to engage in malicious international activity</a></p>
<p>3. <a href="#3">Conclusion</a></p>
<hr />
<h3 id="1">1. Introduction</h3>
<p style="text-align: justify;">Cyberspace<a name="_ftnref1" href="#_ftn1">[1]</a> touches every aspect of our lives, has enormous benefits, but is also accompanied by a number of risks. The international community at large has realized that cyberspace can be made stable and secure only through international cooperation. Traditionally, though there are a number of bilateral agreements and forms of cooperation the foundation of this cooperation has been the international law and the principles of the Charter of the United Nations.</p>
<p style="text-align: justify;">To this end, on December 27, 2013 the United Nations General Assembly adopted Resolution No. 68/243 requesting the" <em> Secretary General, with the assistance of a group of governmental experts,…… to continue to study, with a view to promoting common understandings, existing and potential threats in the sphere of information security and possible cooperative measures to address them, including norms, rules or principles of responsible behaviour of States and confidence-building measures, the issues of the use of information and communications technologies in conflicts and how international law applies to the use of information and communications technologies by States……. and to submit to the General Assembly at its seventieth session a report on the results of the study.</em> "In pursuance of this resolution the Secretary General established a Group of Experts on Developments in the Field of Information and Telecommunications in the Context of International Security; the report was agreed upon by the Group of Experts in June, 2015. On 23 December 2015, the UN General Assembly unanimously adopted resolution 70/237<a name="_ftnref2" href="#_ftn2">[2]</a> which welcomed the outcome of the Group of Experts and requested the Secretary-General to establish a new GGE that would report to the General Assembly in 2017.</p>
<p style="text-align: justify;">The report developed by governmental experts from 20 States addresses existing and emerging threats from uses of ICTs, by States and non-State actors alike. These threats have the potential to jeopardize international peace and security. The experts gave recommendations which have built on consensus reports issued in 2010 and 2013, and offer ideas on norm-setting, confidence-building, capacity-building and the application of international law for the use of ICTs by States. Among other recommendations, the Report lays down recommendations for States for voluntary, non-binding norms, rules or principles of responsible behaviour to promote an open, secure, stable, accessible and peaceful ICT environment.</p>
<p style="text-align: justify;">As larger international dialogues around cross border sharing of information and cooperation for cyber security purposes take place between the US and EU, it is critical that India begin to participate in these discussions.<a name="_ftnref3" href="#_ftn3">[3]</a> It is also necessary to take cognizance of the importance of implementing internal practices and policies that are recognized and set strong standards at the international level.</p>
<p style="text-align: justify;">This paper marks the beginning of a series of questions we will be asking and processes we will be analysing with the aim of understanding the role of international cooperation for cyber security and the interplay between privacy and security. The report analyses the existing norms in India in the backdrop of the recommendations in the Report of Experts to discover how interoperable Indian law and policy is vis-à-vis the recommendations made in this report as well as making recommendations towards ways India can enhance national policies, practices, and approaches to enable greater collaboration at the international level with respect to issues concerning ICTs and security.</p>
<h3 id="2">2. Analysis of the Recommendations</h3>
<p style="text-align: justify;">The Group of Experts took into account existing and emerging threats, risks and vulnerabilities, in the field of ICT and offered the following recommendations for consideration by States for voluntary, non-binding norms, rules or principles of responsible behaviour.</p>
<h4 id="2a">2a. Consistent with the purposes of the United Nations, including to maintain international peace and security, States should cooperate in developing and applying measures to increase stability and security in the use of ICTs and to prevent ICT practices that are acknowledged to be harmful or that may pose threats to international peace and security</h4>
<p style="text-align: justify;">1. India has been working with a number of countries such as Belarus, Canada, China, Egypt, and France on a number of ICT-related isues thereby increasing international cooperation in the ICT sector, such as:</p>
<p style="text-align: justify;">(i) setting up the India-Belarus Digital Learning Centre (DLC-ICT) to promote</p>
<p style="text-align: justify;">development of ICT in Belarus;</p>
<p style="text-align: justify;">(ii) sending an official business delegation to Canada to attend the 2<sup>nd</sup>Joint Working Group meeting in ICTE;</p>
<p style="text-align: justify;">(iii) holding Joint Working Groups on ICT with China.<a name="_ftnref4" href="#_ftn4">[4]</a></p>
<p style="text-align: justify;">As can be seen from this, most of the cooperation with other countries is currently government to government (or government institution to government institution) cooperation. However, it must be noted that the entire digital revolution, including ICT necessarily involves ICT companies, and thus the role of the private sector in participating in these negotiations as well as the responsibilities of private sector ICT companies in cross border cooperation. Furthermore, the above examples are a few of the many agreements, Memoranda of Understanding (MOU), and negotiations that India has with other countries on cross border cooperation. It is important that, to the extent possible, these negotiations and transparent and easily publicly available.</p>
<p style="text-align: justify;">2. The primary legislation governing ICT in India is the Information Technology Act, 2000 ("IT Act") which was passed to provide legal recognition for the transactions carried out by means of electronic data interchange and other means of electronic communication. The IT Act contains a number of provisions that declare illegal activities that threatenICT infrastructure, data, and individuals as illegal and provide for penalties for the same. These activities are:</p>
<p style="text-align: justify;"><strong>Section 43 - </strong> <em>Penalty and Compensation for damage to computer, computer system, etc.: </em> If any person without permission: (i) accesses a computer, computer system or network; (ii) downloads, copies or extracts any data from such computer, computer system or network; (iii) introduces any computer contaminant or computer virus into, destroys, deletes or alters any information on, damages or disrupts any computer, computer system or network; (iv) denies or causes the denial of access to any computer, computer system or network by any means; (v) helps any person to access a computer, computer system or network in contravention of the Act; (vi) charges the services availed of by a person to the account of another person through manipulation; or (vii) Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage, he shall be liable to pay damages by way of compensation to the person so affected.</p>
<p style="text-align: justify;"><strong>Section 66 </strong> <em>- Computer Related Offences: </em> If any person, dishonestly, or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to two three years or with fine which may extend to Rs. 5,00,000/- or with both.</p>
<p style="text-align: justify;"><strong>Section 66B </strong> <em>- Punishment for dishonestly receiving stolen computer resource or communication device:</em> Whoever dishonestly receives or retains any stolen computer resource or communication device knowing or having reason to believe the same to be stolen computer resource or communication device, shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to Rs. 1,00,000/- or with both.</p>
<p style="text-align: justify;"><strong>Section 66C - </strong> <em>Punishment for identity theft:</em> Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.</p>
<p style="text-align: justify;"><strong>Section 66D - </strong> <em>Punishment for cheating by personation by using computer resource:</em> Whoever, by means of any communication device or computer resource cheats by personation, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to Rs. 1,00,000/-.</p>
<p style="text-align: justify;"><strong>Section 66E - </strong> <em>Punishment for violation of privacy:</em> Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding Rs. 2,00,000 or with both.</p>
<p style="text-align: justify;"><strong>Section 66F - </strong> <em>Punishment for cyber terrorism:</em> (1) Whoever,- (A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by -</p>
<ul style="text-align: justify;">
<li>Denying or cause the denial of access to computer resource; or</li>
<li>Attempting to penetrate a computer resource; or</li>
<li>Introducing or causing to introduce any computer contaminant and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure, or</li></ul>
<p style="text-align: justify;">(B) knowingly or intentionally penetrates a computer resource and by by doing so obtains access to information that is restricted for reasons of the security of the State or foreign relations; or any restricted information with reasons to believe that such information may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism.</p>
<p style="text-align: justify;">(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life.</p>
<p style="text-align: justify;"><strong> Section 67 - </strong> <em>Publishing of information which is obscene in electronic form:</em> Whoever publishes or transmits in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons, shall be punished on first conviction with a maximum imprisonment upto 2 years and a maximum fine upto Rs. 5,00,000 and for a second or subsequent conviction with a maximum imprisonment upto 5 years and also a maximum with fine upto Rs. 10,00,000.</p>
<p style="text-align: justify;"><strong> Section 67A - </strong> <em>Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form:</em> Whoever publishes or transmits in the electronic form any material which contains sexually explicit act or conduct shall be punished on 1st conviction with a maximum imprisonment for 5 years and a maximum fine of upto Rs. 10,00,000 and for a 2nd or subsequent conviction with a maximum imprisonment of 7 years and a maximum fine upto Rs. 10,00,000.</p>
<p style="text-align: justify;"><strong>Section 67B - </strong> <em>Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form: </em> Whoever,- (a) publishes or transmits material in any electronic form which depicts children engaged in sexually explicit act or conduct; or (b) creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges or distributes material in any electronic form depicting children in obscene or indecent or sexually explicit manner; or (c) cultivates, entices or induces children to online relationship with one or more children for and on sexually explicit act or in a manner that may offend a reasonable adult on the computer resource; or (d) facilitates abusing children online; or (e) records in any electronic form own abuse or that of others pertaining to sexually explicit act with children, shall be punished on first conviction with a maximum imprisonment upto 5 years and a maximum fine upto Rs. 10,00,000 and in the event of a 2nd or subsequent conviction with a maximum imprisonment upto 7 years and also a maximum fine upto Rs. 10,00,000.<a name="_ftnref5" href="#_ftn5">[5]</a></p>
<p style="text-align: justify;"><strong>Section 72 - </strong> <em>Breach of confidentiality and privacy: </em> Any person who, in pursuance of any of the powers conferred under this Act, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses the same to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to Rs. 1,00,000 or with both.</p>
<p style="text-align: justify;"><strong>Section 72-A - </strong> <em>Punishment for Disclosure of information in breach of lawful contract:</em> Any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses such material to any other person shall be punished with imprisonment for a term which may extend to three years, or with a fine which may extend to Rs. 5,00,000 or with both.</p>
<p style="text-align: justify;">3. The broad language and wide terminology used IT Act seems to cover most of the cyber crimes faced in India as of now, though the technical abilities to prevent the crimes still leave a lot to be desired. The prevention of cyber crime is not the domain of the IT Act and is rather the responsibility of the law enforcement authorities (note: there is no specific authority created under the IT Act, the Act is enforced by the police and other law enforcement authorities). That said, it may be a useful exercise to briefly compare these provisions with the crimes mentioned in the Convention on Cybercrime, 2001 (Budapest Convention), an international treaty that seeks to addresses threats in cyber space by promoting the harmonization of national laws and cooperation across jurisdictions, to examine if there are any that are not covered by the IT Act. A comparison of the principles in Budapest Convention and the IT Act is below:</p>
<table style="text-align: justify;" class="grid listing">
<tbody>
<tr>
<td>
<p>S. No.</p>
</td>
<td>
<p>Article of the Budapest Convention</p>
</td>
<td>
<p>Provisions of the IT Act which cover the same</p>
</td>
</tr>
<tr>
<td>
<p>1</p>
</td>
<td>
<p>Article 2 - Illegal Access</p>
</td>
<td>
<p>Section 43(a) read with Section 66</p>
</td>
</tr>
<tr>
<td>
<p>2</p>
</td>
<td>
<p>Article 3 - Illegal Interception</p>
</td>
<td>
<p>Section 69 of the IT Act read with section 45 as well as Section 24 of the Telegraph Act, 1885</p>
</td>
</tr>
<tr>
<td>
<p>3</p>
</td>
<td>
<p>Article 4 - Data interference</p>
</td>
<td>
<p>Sections 43(d) and 43(f) read with section 66</p>
</td>
</tr>
<tr>
<td>
<p>4</p>
</td>
<td>
<p>Article 5 - System interference</p>
</td>
<td>
<p>Sections 43(d), (e) and (f) read with section 66</p>
</td>
</tr>
<tr>
<td>
<p>5</p>
</td>
<td>
<p>Article 6 - Misuse of devices</p>
</td>
<td>
<p>Not specifically covered</p>
</td>
</tr>
<tr>
<td>
<p>6</p>
</td>
<td>
<p>Article 7 - Computer related forgery</p>
</td>
<td>
<p>Computer related forgery is not specifically covered, but it is possible that when such a case comes to light, the provisions of Section 43 read with section 66 as well as provisions of the Indian Penal Code, 1860 would be pressed into service to cover such crimes</p>
</td>
</tr>
<tr>
<td>
<p>7</p>
</td>
<td>
<p>Article 8 - Computer related fraud</p>
</td>
<td>
<p>While not specifically covered by the IT Act, it is possible that when such a case comes to light, the provisions of Section 43 read with section 66 as well as provisions of the Indian Penal Code, 1860 would be pressed into service to cover such crimes</p>
</td>
</tr>
<tr>
<td>
<p>8</p>
</td>
<td>
<p>Article 9 - Offences relating to child pornography</p>
</td>
<td>
<p>Section 67B</p>
</td>
</tr>
</tbody>
</table>
<p style="text-align: justify;">As can be seen from the above discussion, most of the criminal acts elucidated in the Budapest Convention are covered under the IT Act except for the provision on misuse of devices, which requires the production, dealing, trading, etc. in devices whose sole objective is to violate the provisions of the IT Act, though it is possible that provisions of the Indian Penal Code, 1860 dealing with conspiracy and aiding and abetment may be pressed into service to cover such incidents.</p>
<p style="text-align: justify;">4. Further, there are a number of laws which deal with critical infrastructure in India, however since these are mostly sectoral laws dealing with specific infrastructure sectors, the one most relevant to ICT is the Telegraph Act, 1885, which makes it illegal to interfere with or damage critical telegraph infrastructure. The specific penal provisions are listed below:</p>
<p style="text-align: justify;"><strong>Section 23 - </strong> <em>Intrusion into signal-room, trespass in telegraph office or obstruction: </em> If any person - (a) without permission of competent authority, enters the signal room of a telegraph office of the Government, or of a person licensed under this Act, or (b) enters a fenced enclosure round such a telegraph office in contravention of any rule or notice not to do so, or (c) refuses to quit such room or enclosure on being requested to do so by any officer or servant employed therein, or (d) wilfully obstructs or impedes any such officer or servant in the performance of his duty, he shall be punished with fine which may extend to Rs. 500.</p>
<p style="text-align: justify;"><strong>Section 24</strong> - <em>Unlawfully attempting to learn the contents of messages:</em> If any person does any of the acts mentioned in section 23 with the intention of unlawfully learning the contents of any message, or of committing any offence punishable under this Act, he may (in addition to the fine with which he is punishable under section 23) be punished with imprisonment for a term which may extend to one year.</p>
<p style="text-align: justify;"><strong>Section 25</strong> - <em>Intentionally damaging or tampering with telegraphs: </em>If any person, intending - (a) to prevent or obstruct the transmission or delivery of any message, or (b) to intercept or to acquaint himself with the contents of any message, or (c) to commit mischief, damages, removes, tampers with or touches any battery, machinery, telegraph line, post or other thing whatever, being part of or used in or about any telegraph or in the working thereof, he shall be punished with imprisonment for a term which may extend to three years, or with fine or with both.</p>
<p style="text-align: justify;"><strong>Section 25A - </strong> <em>Injury to or interference with a telegraph line or post: </em> If, in any case not provided for by section 25, any person deals with any property and thereby wilfully or negligently damages any telegraph line or post duly placed on such property in accordance with the provisions of this Act, he shall be liable to pay the telegraph authority such expenses (if any) as may be incurred in making good such damage, and shall also, if the telegraphic communication is by reason of the damage so caused interrupted, be punishable with a fine which may extend to Rs. 1000:</p>
<p style="text-align: justify;">5. The telecom service providers in India have to sign a license agreement with the Department of Telecommunications for the right to provide telecom services in various parts of India. The telecom regulatory regime in India has gone through a lot of turmoil and evolution and currently any service provider wanting to provide telecom services is issued a Unified License (UL) and has to abide by the terms of the UL. Whilst most of the prohibited activities under the UL refer to specific terms under the UL itself such as non payment of fees and not fulfilling obligations under the UL, section 38 provides for certain specific prohibited activities which may be relevant for the ICT sector. These prohibited activities include:</p>
<p style="text-align: justify;">(i) Carrying objectionable, obscene, unauthorized or any other content, messages or communications infringing copyright and intellectual property right etc., which may be prohibited by the laws of India;</p>
<p style="text-align: justify;">(ii) Provide tracing facilities to trace nuisance, obnoxious or malicious calls, messages or communications transported through his equipment and network, to the authorised government agencies;</p>
<p style="text-align: justify;">(iii) Ensuring that the Telecommunication infrastructure or installation thereof, carried out by it, should not become a safety or health hazard and is not in contravention of any statute, rule, regulation or public policy;</p>
<p style="text-align: justify;">(iv) not permit any telecom service provider whose license has been revoked to use its services. Where such services are already provided, i.e. connectivity already exists, the license is required to immediately sever connectivity immediately.</p>
<h4 id="2b">2b. In case of ICT incidents, States should consider all relevant information, including the larger context of the event, the challenges of attribution in the ICT environment and the nature and extent of the consequences</h4>
<p style="text-align: justify;">The Department of Electronics and Information Technology (DEITY) has released the XIIth Five Year Plan on the information technology sector and the report of the Sub-Group on Cyber Security in the plan recognizes that cyber security threats emanate from a wide variety of sources and manifest themselves in disruptive activities that target individuals, businesses, national infrastructure and Governments alike. <a name="_ftnref6" href="#_ftn6">[6]</a> The primary objectives of the plan for securing the country's cyber space are preventing cyber attacks, reducing national vulnerability to cyber attacks, and minimizing damage and recovery time from cyber attacks. The plan takes into account a number of focus areas to achieve its stated objectives, which are described briefly below:</p>
<ul style="text-align: justify;">
<li><em>Enabling Legal Framework</em> - Setting up think tanks in Public-Private mode to identify gaps in the existing policy and frameworks and take action to address them including addressing the privacy concerns of online users.</li>
<li><em>Security Policy, Compliance and Assurance</em> - Enhancement of IT product security assurance mechanism (Common Criteria security test/evaluation, ISO 15408 & Crypto Module Validation Program), establishing a mechanism for national cyber security index leading to national risk management framework.</li>
<li><em>Security Resarch&Development (R&D)</em> - Creation of Centres of Excellence in identified areas of advanced Cyber Security R&D and Centre for Technology Transfer to facilitate transition of R&D prototypes to production, supporting R&D projects in thrust areas.</li>
<li><em>Security Incident</em> - Early Warning and Response - Comprehensive threat assessment and attack mitigation by means of net traffic analysis and deployment of honey pots, development of vulnerability database.</li>
<li><em>Security awareness, skill development and training</em> - Launching formal security education, skill building and awareness programs.</li>
<li><em>Collaboration</em> - Establishing a collaborative platform/ think-tank for cyber security policy inputs, discussion and deliberations, operationalisation of security cooperation arrangements with overseas CERTs and industry, and seeking legal cooperation of international agencies on cyber crimes and cyber security.</li></ul>
<h4 id="2c">2c. States should not knowingly allow their territory to be used for internationally wrongful acts using ICTs</h4>
<p style="text-align: justify;">As mentioned in response to (a) above, the primary legislation in India that deals with information technology and hence ICT as well is the Information Technology Act, 2000. The IT Act contains a number of penal provisions which make it illegal to indulge in a number of practices such as hacking, online fraud, etc. which have been recognised internationally as wrongful acts using ICT ( <em>Please refer to answer under section (a) above for details of the penal provisions</em>). Further section 1(2) of the IT Act provides that it also applies to any offence or contravention hereunder committed outside India by any person. This means that the IT Act also covers internationally wrongful acts using ICTs.</p>
<h4 id="2d">2d. States should consider how best to cooperate to exchange information, assist each other, prosecute terrorist and criminal use of ICTs and implement other cooperative measures to address such threats. States may need to consider whether new measures need to be developed in this respect</h4>
<p style="text-align: justify;">There are a number of ways in which states can share information by using widely accepted formal processes precisely for this purpose. Some of the most common methods of international exchange used by India are given below.</p>
<p style="text-align: justify;"><strong>MLATs</strong></p>
<p style="text-align: justify;">Although the exact process by which intelligence agencies in India share information with other agencies internationally is unclear, India is a member of Interpol and the Central Bureau of Investigation, which is a Federal/Central investigating agency functioning under the Central Government, Department of Personnel & Training and is designated as the National Central Bureau of India. A very useful tool in the effort to establish cross-border cooperation is Mutual Legal Assistance Treaties (MLATs). MLATs are extremely important for law enforcement agencies, governments and the private sector, since they act as formal mechanisms for access to data which falls under different jurisdictions. India currently has MLATs with the following 39 countries <a name="_ftnref7" href="#_ftn7">[7]</a></p>
<p style="text-align: justify;">Although MLATs are considered to be a useful mechanism to ensure international cooperation, there are certain criticisms of the MLAT mechanism, such as:</p>
<ul><li><strong>The Lack of Clear Time Tables:</strong> Although MLATs do provide for broad time frames, they do not provide for more specific time tables and usually do not have any provision for an expedited process, for eg. it is believed that for requests to the U.S., processing can take from six weeks (for requests with minimal issues complying with U.S. legal standards) to 10 months.<a name="_ftnref8" href="#_ftn8">[8]</a> Such a long time frame is clearly a burden on the investigation process and has been criticised for being ineffectual as they may not provide information fast enough;</li>
<li><strong>Variation in Legal Standards:</strong> The legal standards for requesting information, for eg. the circumstances under which information can be requested or what information can be requested, differ from jurisdiction to jurisdiction. These differences are often not understood by requesting nations thus causing problems in accessing information;<a name="_ftnref9" href="#_ftn9">[9]</a></li>
<li><strong>Inefficient Legal Process:</strong> The legal process to carry out requests through the MLAT process is often considered too cumbersome and inefficient.</li>
<li><strong>Non-incorporation of Technological Challenges:</strong> MLATs have not been updated to meet the challenges brought about by technology, especially with the advent of networked infrastructure and ICT which raise issues of attribution and cross-jurisdictional access to information. <a name="_ftnref10" href="#_ftn10">[10]</a></li></ul>
<p style="text-align: justify;"><strong>Extradition</strong></p>
<p style="text-align: justify;">Extradition generally refers to the surrender of an alleged or convicted criminal by one State to another. More precisely, it may be defined as the process by which one State upon the request of another surrenders to the latter a person found within its jurisdiction for trial <s> and punishment </s> or, if he has been already convicted, only for punishment, on account of a crime punishable by the laws of the requesting State and committed outside the territory of the requested State. Extradition plays an important role in the international battle against crime and owes its existence to the so-called principle of territoriality of criminal law, according to which a State will not apply its penal statutes to acts committed outside its own boundaries except where the protection of special national interests is at stake. India currently has extradition treaties with 37 countries and extradition arrangements with an additional 8 countries.<a name="_ftnref11" href="#_ftn11">[11]</a></p>
<p style="text-align: justify;"><strong>Letters Rogatory</strong></p>
<p style="text-align: justify;">A Letter Rogatory is a formal communication in writing sent by the Court in which an action is pending to a foreign court or Judge requesting that the testimony of a witness residing within the jurisdiction of that foreign court be formally taken under its direction and transmitted to the issuing court making the request for use in a pending legal contest or action. This request entirely depends upon the comity of courts towards each other and usages of the court of another nation.</p>
<p style="text-align: justify;">Apart from the above methods, India also regularly signs Bilateral MoUs with various countries on law enforcement and information sharing specially in cases related to terrorism. India also regularly helps and gets helps from Interpol, the International Criminal Police Organisation for purposes of investigation, arrests and sharing of information.<a name="_ftnref12" href="#_ftn12">[12]</a></p>
<p style="text-align: justify;">Other than these formal methods states sometimes share information on an informal basis, where the parties help each other purely on the basis of goodwill, or sometimes even coercion. A recent example of informal cooperation between the security agencies of India and Nepal, although not in the realm of cyber space, was the arrest of YasinBhatkal, leader of the banned organisation Indian Mujahideen (IM) where the Indian security agencies allegedly sought informal help from their Neapaelese counterparts to arrest a person who was wantedhad long been wanted by the Indian security agencies for a long time. <a name="_ftnref13" href="#_ftn13">[13]</a></p>
<p style="text-align: justify;">In the current environment of growing ICT and increased cross-border information sharing between individuals, the role of private companies who carry this information has become much more pronounced. This changed dynamic raises new problems, especially because manyin light of thesefact that a number of these companies do not have a physical presence in all the countries where they offer services over the internet. This leads to problems for states in terms of law enforcement, speciallyespecially if they want information from these companies who do not have an incentive or desire to provide itagainst their will. These circumstances lead to a number of prickly situations where states are often frustrated in using legal and formal means and often resort to informal pressure to get the companies to agree to data localization requests, encryption/decryption standards and keys, back doors, and other requests. etc., Tthe most famous of these in the Indian context being the disagreement/ heated exchange between the Indian government and Canada based Blackberry Limited (formerly Research in Motion) for data requests on their Blackberry enterprise platform.</p>
<h4 id="2e">2e. States, in ensuring the secure use of ICTs, should respect Human Rights Council resolutions 20/8 and 26/13 on the promotion, protection and enjoyment of human rights on the Internet, as well as General Assembly resolutions 68/167 and 69/166 on the right to privacy in the digital age, to guarantee full respect for human rights, including the right to freedom of expression</h4>
<p><strong>Right to Privacy</strong></p>
<ol><li>
<p style="text-align: justify;">The right to privacy has been recognised as a constitutionally protected fundamental right in India through judicial interpretation of the right to life which is specifically guaranteed under the Constitution of India. Since the right to privacy was read into the constitution by judicial pronouncements, it could be said that the right to privacy in India is a creature of the courts at least in the Indian context. For this reason it may be useful to list out some of the major cases which deal with the right to privacy in India:</p>
<p style="text-align: justify;">i. <em>Kharak Singh</em> v. <em>Union of India</em>¸<a name="_ftnref14" href="#_ftn14">[14]</a> (1962)</p>
<p style="text-align: justify;">a. For the first time, the courts recognized the right to privacy as a fundamental right, although in a minority opinion.</p>
<p style="text-align: justify;">b. The decision lLocated the right to privacy under both the right to personal liberty as well as freedom of movement.</p>
<p style="text-align: justify;">ii. <em>Govind</em> v. <em>State of M.P.</em>,<a name="_ftnref15" href="#_ftn15">[15]</a> (1975)</p>
<p style="text-align: justify;">a. Adopted the minority opinion of <em>Kharak Singh </em>as the opinion of the Supreme Court and held that the right to privacy is a fundamental right.</p>
<p style="text-align: justify;">b. An individual deDerivesd the right to privacy from both the right to life and personal liberty as well as freedom of speech and movement.</p>
<p style="text-align: justify;">c. The right to privacy was said to encompass and protect the personal intimacies of the home, the family marriage, motherhood, procreation and child rearing.</p>
<p style="text-align: justify;">d. The court established that the rRight to privacy can be violated in the following circumstances (i) important countervailing interest which is superior, (ii) compelling state interest test, and (iii) compelling public interest.</p>
<p style="text-align: justify;">iii. <em>R. Rajagopal</em> v. <em>Union of India</em>,<a name="_ftnref16" href="#_ftn16">[16]</a> (1994)</p>
<p style="text-align: justify;">a. Recognised that the rRight to privacy is a part of the right to personal liberty guaranteed under the constitution.</p>
<p style="text-align: justify;">b. Recognizeds that the right to privacy can be both a tort (actionable claim) as well as a fundamental right.</p>
<p style="text-align: justify;">c. Established that aA citizen has a right to safeguard the privacy of his own, his family, marriage, procreation, motherhood, child-bearing and education among other matters and nobody can publish anything regarding the same unless (i) he consents or voluntarily thrusts himself into controversy, (ii) the publication is made using material which is in public records (except for cases of rape, kidnapping and abduction), or (iii) he is a public servant and the matter relates to their discharge of official duties.</p>
<p style="text-align: justify;">iv. <em>People's Union for Civil Liberties</em> v. <em>Union of India</em>,<a name="_ftnref17" href="#_ftn17">[17]</a> (1996)</p>
<p style="text-align: justify;">a. Extended the right to privacy to include communications privacy..</p>
<p style="text-align: justify;">b. Laid down guidelines which form the backbone for checks and balances in interception provisions.</p>
<p style="text-align: justify;">v. <em>District Registrar and Collector, Hyderabad and another</em> v. <em>Canara Bank and another</em>, <a name="_ftnref18" href="#_ftn18">[18]</a> (2004)</p>
<p style="text-align: justify;">a. Refers to personal liberty, freedom of expression and freedom of movement as the fundamental rights which give rise to the right to privacy.</p>
<p style="text-align: justify;">b. The rRight to privacy deals with persons and not places.</p>
<p style="text-align: justify;">c. Intrusion into privacy may be by - (1) legislative provisions, (2) administrative/executive orders and (3) judicial orders.</p>
<p style="text-align: justify;">vi. <em>Selvi and others</em> v. <em>State of Karnataka and others</em>,<a name="_ftnref19" href="#_ftn19">[19]</a> (2010)</p>
<p style="text-align: justify;">a. The Court acknowledged the distinction between bodily/physical privacy and mental privacy</p>
<p style="text-align: justify;">b. Subjecting a person to techniques such as narcoanalysis, polygraph examination and the Brain Electrical Activation Profile (BEAP) test without consent violates the subject's mental privacy</p>
</li>
<li>
<p style="text-align: justify;">Although the judgements in the above cases (except for the case of <em>People's Union for Civil Liberties</em> v. <em>Union of India</em>) were pronounced given in a non telecomnot delivered in a telecommunications context, however the ease with which these principles were applied in the case of <em>People's Union for Civil Liberties</em> v. <em>Union of India</em>, suggests that these principles, where applicable, would be applied even in the context of ICT and are not limited to only the non-digital world.</p>
</li>
<li>
<p style="text-align: justify;">It must however be noted that dueDue to some incongruities in the interpretation of the earlier judgments, the Supreme Court has recently referred the matter regarding the existence and scope of the right to privacy in India to a larger bench so as to bring clarity regarding the exact scope of the right to privacy in Indian law. The very concept that the Constitution of India guarantees a right to privacy was challenged due to an "unresolved contradiction" in judicial pronouncements. This "unresolved contradiction" arose because in the cases of <em>M.P. Sharma & Others v. Satish Chandra & Others</em>,<a name="_ftnref20" href="#_ftn20">[20]</a> and <em>Kharak Singh v. State of U.P. & Others,</em> <a name="_ftnref21" href="#_ftn21">[21]</a>(decided by<em>Eigh</em>eight<em>t</em>andsix<em>Six</em>Judges respectively) the majority judgment of the Supreme Court had categorically denied the existence of a right to privacy under the Indian Constitution.</p>
<p style="text-align: justify;">However somehow the later case of Gobind v. <em>State of M.P. and another</em>,<a name="_ftnref22" href="#_ftn22">[22]</a> (which was decided by a two Judge Bench of the Supreme Court) relied upon the opinion given by the minority of two judges in <em>Kharak Singh </em>to hold that a right to privacy does exist and is guaranteed as a fundamental right under the Constitution of India without addressing the fact that this was a minority opinion and that the majority opinion had denied the existeance of the right to privacy. Thereafter a large number of cases have held the right to privacy to be a fundamental right, the most important of which are <em>R. Rajagopal& Another </em>v. <em>State of Tamil Nadu & Others</em>,<a name="_ftnref23" href="#_ftn23">[23]</a> (popularly known as <em>Auto Shanker's case</em>) and <em>People's Union for Civil Liberties (PUCL) </em>v. <em>Union of India & Another</em>.<a name="_ftnref24" href="#_ftn24">[24]</a> However, as was noticed by the Supreme Court in its August 11, 2015 order, all these judgments were decided by two or three Judges only which could not have overturned the judgments given by larger benches.<a name="_ftnref25" href="#_ftn25">[25]</a> It was to resolve this judicial incongruity that the Supreme Court referred this issue to a larger bench to decide on the existence and scope of the right to privacy in India.</p>
</li></ol>
<p><strong>Freedom of Expression</strong></p>
<ol start="4"><li>
<p style="text-align: justify;">Freedom of expression is one of the most important fundamental rights guaranteed under the constitution and has been vehemently protected by the judiciary on a number of occasions whenever it has been threatened. With the advent of social media, the entire dynamics of the freedom of speech and expression have changed in that it is now possible for every individual, with an internet connection and a Facebook/Twitter/Whatsapp account to reach millions of people without spending any extra money. This ability to reach a much larger and wider audience also led to greater friction between people holding different opinions. As the ease of the internet removed the otherwise filtering effects of geography and made it easier for people to communicate with each other, the advent of social media made it easier for them to communicate with a larger number of people at the same time. This ability to communicate within a group also gave rise to "debates" which often turngot ugly, highlighting giving way to concerns of how easy it is to harass people on social media.</p>
</li>
<li>
<p style="text-align: justify;">This concern over of harassment led a number of people to call for greater censorship of social media and it was perhaps this concern which gave rise to the biggest challenge to the freedom of speech and expression in the online world, in the form of section 66A of the Information Technology Act, 2000 which made it an offense to send information which was "grossly offensive" (s.66A(a)) or caused "annoyance" or "inconvenience" while being known to be false (s.66A(c)). This section was used widely seen by Oonline activists, including the Centre for Internet and Society, widely considered this section as a tool for the government to silence those who criticised it. In fact, statistics compiled by the National Crime Records Bureau from 2014 revealed that 2,402 people, including 29 women, were arrested in 4,192 cases under section 66A which accounted for nearly 60% of all arrests under the IT Act, and 40% of arrests for cyber crimes in 2014. <a name="_ftnref26" href="#_ftn26">[26]</a></p>
</li>
<li>
<p style="text-align: justify;">The section was finally struck down by the Supreme Court in 2015 in the case of <em>Shreya Singhal</em>v. <em>Union of India</em>, <a name="_ftnref27" href="#_ftn27">[27]</a> on the ground of being too vague. This decision was seen as a huge victory for the campaign for freedom of speech and expression in the virtual world since this section was frequently used by the state (or rather government in power) to muzzle free speech against the incumbent government or political leaders. The offending section 66A made it an offence to send any information that was "grossly offensive or has menacing character" or "which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by makinguse of such computer resource or a communication device,". These terms quoted above were held by the Court to be too vague and wide and falling foul of the limited restrictions constitutionally imposed on the freedom of expression. The Supreme Court therefore, and were therefore struck down section 66A by the Supreme Court.</p>
</li></ol>
<h4 id="2f">2f. A State should not conduct or knowingly support ICT activity contrary to its obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public</h4>
<p style="text-align: justify;">The researchers of this report could not locate any norms in India which address this issue. To the best of their knowledge, India does not support any ICT activity that intentionally damages critical infrastructure or impairs the use and operation of critical infrastructure.</p>
<h4 id="2g">2g. States should take appropriate measures to protect their critical infrastructure from ICT threats, taking into account General Assembly resolution 58/199 on the creation of a global culture of cybersecurity and the protection of critical information infrastructures, and other relevant resolutions</h4>
<p style="text-align: justify;">1. Section 70 of the IT Act gives the government the authority to declare any computer system which directly affects any critical information infrastructure to be a protected system. The term "critical information infrastructure" (CII) is defined in the IT Act "the computer resource, the incapacitation or destruction of which, shall have debilitating impact on national security, economy, public health or safety." Once the government declares any computer resource as a protected system it gets the authority to prescribe information security practices for such as system as well as identify the persons who are authorised to access such systems. Any person who accesses a protected system in contravention of the provision of Section 70 of the IT Act shall be liable to be imprisoned for a maximum period of 10 years and also pay a fine. Further, section 70A of the IT Act gives the government the power to name a national nodal agency in respect of CII and also prescribe the manner for such agency to perform its duties. In pursuance of the powers under sections 70A the government has designated the National Critical Information Infrastructure Protection Centre (NCIIPC) situated in the JNU campus as the nodal agency <a name="_ftnref28" href="#_ftn28">[28]</a>. This agency is a part of and under the administrative control of the National Technical Research Organisation (NTRO) <a name="_ftnref29" href="#_ftn29">[29].</a></p>
<p style="text-align: justify;">2. The functions and manner of performing such functions by the NCIIPC has been prescribed in the Information Technology (National Critical Information Infrastructure Protection Centre and Manner of Performing Functions and Duties) Rules, 2013.<a name="_ftnref30" href="#_ftn30">[30]</a> According to these Rules the functions of the NCIIPC include, inter alia, (i) the protecting and giving advice to reduce the vulnerabilities of CII against cyber terrorism, cyber warfare and other threats; (ii) identification of all critical infrastructure elements so that they can be notified by the government; (iii) providing strategic leadership and coherence across the government to respond to cyber security threats against CII; (iv) coordinating, sharing, monitoring, analysing and forecasting national level threats to CII for policy guidance, expertiese sharing and situational awareness for early warning alerts; (v) assisting in the development of appropriate plans, adoption of standards, sharing best practices and refinining procurement processes for CII; (vi) undertaking and funding research and development to innovate future technologies and collaborate with PSUs, academia and international partners for protection of CII; (vii) organising training and awareness programmes and development of audit and certification agencies for protection of CII; (viii) developing and executing national and international cooperation strategies for protection of CII; (ix) issuing guidelines, advisories and vulnerability notes relating to CII and practices, procedures, prevention and responses in consultation with CERT-In and other organisations; (x) exchanging information with CERT-In, especially in relation to cyber incidents; and (xi) calling for information and giving directions to critical sectors or persons having a critical impact on CII, in the event of any threat to CII.<a name="_ftnref31" href="#_ftn31">[31]</a></p>
<p style="text-align: justify;">3. The NCIIPC had in the year 2013 released (non publicly) Guidelines for the Protection of National Critical Information Infrastructure <a name="_ftnref32" href="#_ftn32">[32]</a> (CII Guidelines) which presented 40forty controls and respective guiding principles for the protection of CII. It is expected that these controls and guiding principles will help critical sectors to draw a CII protection roadmap to achieve safe, secure and resilient CII for India. The 'Guidelines for forty Critical Controls' is considered by the NCIIPC to be a significant milestone in its efforts for the protection of nation's critical information assets. These fort controls can be found in Section 6 (Best Practices, Controls and Guidelines) of the CII Guidelines. It must be noted that the CII Guidelines were drafted after taking inputs from a number of stakeholders such as the national Stock Exchange, the Airports Authority of India, National Thermal Power Corporation, Reserve Bank of India, Indian Railways, Telecom Regulatory Authority of India, Bharat Sanchar Nigam Limited, etc. This exercise of taking inputs from different stakeholders as well as developing a standard of as many as 40forty aspects of security seems to suggest that the NCIIPC is taking steps in the right direction.</p>
<p style="text-align: justify;">4. The Recommendations on Telecommunication Infrastructure Policy issued by the Telecom Regulatory Authority of India in April, 2011 are silent on the issue of security of critical information infrastructure.s. However, the National Policy on Information Technology, 2012 (NPIT) does address the issue of security of cyber space by saying that the government should make efforts to do the following:</p>
<p style="text-align: justify;">"9.1 To undertake policy, promotion and enabling actions for compliance to international security best practices and conformity assessment (product, process, technology & people) and incentives for compliance.</p>
<p style="text-align: justify;">9.2 To promote indigenous development of suitable security techniques & technology through frontier technology research, solution oriented research, proof of concept, pilot development etc. and deployment of secure IT products/processes</p>
<p style="text-align: justify;">9.3 To create a culture of cyber security for responsible user behavior & actions including building capacities and awareness campaigns.</p>
<p style="text-align: justify;">9.4 To create, establish and operate an 'Information Security Assurance Framework'."</p>
<p style="text-align: justify;">5. The Department of Information and Technology has formed the Computer Emergency Response Term of India (CERT-In) to enhance the security of India's Communications and Information Infrastructure through proactive action and effective collaboration. The Information Security Policy on Protection of Critical Infrastructure released by the CERT-In considers information recorded, processed or stored in electronic medium as a valuable asset and is geared towards protection of such "valuable asset". The policy recognises the importance of critical information infrastructure network and says that any disruption of the operation of such networks is likely to have devastating effects. The policy prescribes that personnel with program delivery responsibilities should also recognise the importance of security of information resources and their management. Thus Ddue to this recognition of the growing networked nature of government as well as critical organisations and the need to have a proper vulnerability analysis as well as effective management of information security risks, the Department of Technology prescribes the following information security policy:</p>
<p style="text-align: justify;">"In order to reduce the risk of cyber attacks and improve upon the security posture of critical information infrastructure, Government and critical sector organizations are required to do the following on priority:</p>
<ul style="text-align: justify;">
<li>Identify a member of senior management, as Chief Information Security Officer (CISO), knowledgeable in the nature of information security & related issues and designate him/her as a 'Point of contact', responsible for coordinating security policy compliance efforts and to regularly interact with the Indian Computer Emergency Response Team (CERT-In), Department of Information Technology (DIT), which is the nodal agency for coordinating all actions pertaining to cyber security;</li>
<li>Prepare information security plan and implement the security control measures as per ISI/ISO/IEC 27001: 2005 and other guidelines/standards, as appropriate;</li>
<li>Carry out periodic IT security risk assessments and determine acceptable level of risks, consistent with criticality of business/functional requirements, likely impact on business/ functions and achievement of organisational goals/objectives;</li>
<li>Periodically test and evaluate the adequacy and effectiveness of technical security control measures implemented for IT systems and networks. Especially, Test and evaluation may become necessary after each significant change to the IT applications/systems/networks and can include, as appropriate the following:</li></ul>
<p style="text-align: justify;">➢ Penetration Testing (both announced as well as unannounced)</p>
<p style="text-align: justify;">➢ Vulnerability Assessment</p>
<p style="text-align: justify;">➢ Application Security Testing</p>
<p style="text-align: justify;">➢ Web Security Testing</p>
<ul style="text-align: justify;">
<li>Carry out Audit of Information infrastructure on an annual basis and when there is major upgradation/change in the Information Technology Infrastructure, by an independent IT Security Auditing organization;..........</li></ul>
<ul style="text-align: justify;">
<li>Report to CERT-In the cyber security incidents, as and when they occur and the status of cyber security, periodically."</li></ul>
<p style="text-align: justify;">6. The Department of Electronics and Information Technology (DEITY) released the National Policy on Electronics in 2012 which contained the government's take on the electronics industry in India. Section 5 of the said policy talks about cCyber sSecurity and states that to create a complete secure cyber eco-system in the country, careful and due attention is required for creation of well-d defined technology and systems, use of appropriate technology and more importantly development of appropriate products and& solutions. The priorities for action should be suitable design and development of indigenous appropriate products through frontier technology/product oriented research, testing and& validation of security of products meeting the protection profile requirements needed to secure the ICT infrastructure and cyber space of the country.</p>
<p style="text-align: justify;">7. In addition the CERT-In has issued an Information Security Management Implementation Guide for Government Organisations. <a name="_ftnref33" href="#_ftn33">[33]</a> CERT-In has also prescribed progressive steps for implementation of Information Security Management System in Government & Critical Sectors as per ISO 27001. The steps prescribed are as follows:</p>
<ul style="text-align: justify;">
<li>Identification of a Point-of-Contact (POC) / Chief Information Security Officer (CISO) for coordinating information security policy implementation efforts and communication with CERT-In</li>
<li>Information Security Awareness Programme</li>
<li>Determination of general Risk environment of the organization (low / medium / hHigh) depending on the nature of web and& networking environment, criticality of business functions and impact of information security incidents on the organization, business activities, assets / resources and individuals</li>
<li>Status appraisal and gap analysis against ISO 27001 based best information security practices</li>
<li>Risk assessment covering evaluation of threat perception and technical and &operational vulnerabilities</li>
<li>Comprehensive risk mitigation plan including selection of appropriate information security controls as per ISO 27001 based best information security practices</li>
<li>Documentation of agreed information security control measures in the form of information security policy manual, procedure manual and work instructions</li>
<li>Implementation of information security control measures (Managerial, Technical and& operational)</li>
<li>Testing & evaluation of technical information security control measures for their adequacy & effectiveness and audit of IT applications/systems/networks by an independent information security auditing organization (penetration testing, vulnerability assessment, application security testing, web security testing, LAN audits, etc)</li>
<li>Information Security Management assessment and certification against ISO 27001 standard, preferably by an independent & accredited organization</li></ul>
<p style="text-align: justify;">8. The Unified License for providing various telecommunication services also discusses contains certain terms which talk about how to engagedeal with telecommunication infrastructure in light of national security, which include the following recommendations:</p>
<ul style="text-align: justify;">
<li>Providing necessary facilities to the Government to counteract espionage, subversive act, sabotage or any other unlawful activity;</li>
<li>Giving full access to its network and equipment to the authorised persons for technical scrutiny and inspection;</li>
<li>Obtaininggettting security clearance for all foreign nationals deployed on for installation, operation and maintenance of the network;</li>
<li>Being completely responsible for the security of its network and having organizational policy on security and security management of its network including Network forensics, Network Hardening, Network penetration test, Risk assessment;</li>
<li>Auditing its network or getting the network audited from security point of view once in a financial year from a network audit and certification agency;</li>
<li>Inducting only those network elements into its telecommunications network, which have been got tested according tos per relevant contemporary Indian or International Security Standards;</li>
<li>Including all contemporary security related features (including communication security) as prescribed under relevant security standards while procuring the equipment and implementing all such contemporary features into the network;</li>
<li>Keeping requisite records of operations in the network;</li>
<li>Monitoring of all intrusions, attacks and frauds on his technical facilities and provide reports on the same to the Licensor.</li></ul>
<p style="text-align: justify;">Further statutory restrictions on tampering critical infrastructure are already contained in the Telegraph Act and have been discussed above, though the penalties provided may need to be increased if they are to act as a deterrent in this age where the stakes are much higher.</p>
<h4 id="2h">2h. States should respond to appropriate requests for assistance by another State whose critical infrastructure is subject to malicious ICT acts. States should also respond to appropriate requests to mitigate malicious ICT activity aimed at the critical infrastructure of another State emanating from their territory, taking into account due regard for sovereignty</h4>
<p style="text-align: justify;">There is yet to be a publicly acknowledged request from a foreign government asking the Indian government to take steps to prevent malicious ICT acts originating from its territory.</p>
<h4 id="2i">2i. States should take reasonable steps to ensure the integrity of the supply chain so that end users can have confidence in the security of ICT products. States should seek to prevent the proliferation of malicious ICT tools and techniques and the use of harmful hidden functions;
<p> </p>
<p style="text-align: justify;">Section 4 of the National Electronics Policy, 2012 talks about "Developing and Mandating Standards" and says that in order to curb the inflow of sub-standard and unsafe electronic products the government should mandate technical and safety standards which conform to international standards and do the following:</p>
<ul style="text-align: justify;">
<li>Develop Indian standards to meet specific Indian conditions including climatic, power supply, and handling and other conditions etc., by suitably reviewing existing standards.</li>
<li>Mandate technical standards in the interest of public health and safety.</li>
<li>Set up an institutional mechanism within Department of Information Technology for mandating compliance to standards for electronics products.</li>
<li>Develop a National Policy Framework for enforcement and use of Standards and Quality Management Processes.</li>
<li>Strengthen the lab infrastructure for testing of electronic products and encouraging development of conformity assessment infrastructure by private participation.</li>
<li>Create awareness amongst consumers against sub-standard and spurious electronic products.</li>
<li>Build capacity within the Government and public sector for developing and mandating standards.</li>
<li>Actively participate in the international development of standards in the Electronic System Design and Manufacturing sector.</li></ul>
</h4>
<h4 id="2j">2j. States should encourage responsible reporting of ICT vulnerabilities and share associated information on available remedies to such vulnerabilities to limit and possibly eliminate potential threats to ICTs and ICT-dependent infrastructure</h4>
<p style="text-align: justify;">Under section 70B of the IT Act, India has established a Computer Emergency Response Team (CERT-In) to serve as the national agency for incident responses. The functions mandated to be performed by CERT-In as per the IT Act are:</p>
<ul style="text-align: justify;">
<li>Collection, analysis and dissemination of information on cyber incidents;</li>
<li>Forecasting and alerts of cyber security incidents;</li>
<li>Emergency measures for handling cyber security incidents;</li>
<li>Coordination of cyber incidents response activities;</li>
<li>Issuing ofe guidelines, advisories, vulnerability notes and white papers relating to information security practices, procedures, prevention, response and reporting of cyber incidents;</li>
<li>Such other functions relating to cyber security as may be prescribed. </li></ul>
<p style="text-align: justify;">CERT-In also publishes information regarding various cyber threats on its websites so as to keep internet users aware of the latest threats in the online world. Such information can be accessed both on the main page of the CERT-In website or under the Advisories section on the website. <a name="_ftnref34" href="#_ftn34">[34]</a></p>
<h4 id="2k">2k. States should not conduct or knowingly support activity to harm the information systems of the authorized emergency response teams (sometimes known as computer emergency response teams or cyber security incident response teams) of another State. A State should not use authorized emergency response teams to engage in malicious international activity.</h4>
<p style="text-align: justify;">There are no official or public reports of India using its CERT-In to harm the information systems of another state, although it is highly unlikely that any state would publicly acknowledge such activities even if it was indulging in them.</p>
<h3 id="3">3. Conclusion</h3>
<p style="text-align: justify;">As can be seen from the discussion above, the statutory, regulatory and policy regime in India does seem to address most of the cyber security norms in some manner or the other, but these efforts almost always fall short of meeting some of the norms. While the Information Technology Act along with the Rules thereunder, as being the umbrella legislation for digital transactions in India, does address some of the issues mentioned above, it does not address some of the problems that arise out of a greater reliance on the internet such as spamming, trolling, and, online harassment, etc. Although some of these acts may be addressed by regular legislation by applying them in the online world however this does not always take into account the unique features and complexities of committing these acts/crimes in the online world.</p>
<p style="text-align: justify;">In the area of exchange of information between states, India has entered into a number of MLATs and extradition treaties, and frequently issues Letters of Rogatory. Yet however these mechanisms may not be adequate to address the needs of crime prevention of crimes in the age of ICT, as crime prevention it often requires exchange of information inon r a real time basis which is not possible with the bureaucratic procedures involved in the MLAT process. There also needsd to be stronger standards which are applicable to ICT equipment, including imported equipment especially in light of the fact that security concerns related to Chinese ICT equipment that from China have been raised quite frequently in the past. There also needs to be a better system of reporting ICT vulnerabilities to CERT-In or other authorized agencies so that mitigation measure can be implemented in time.</p>
<p style="text-align: justify;">It should be noted that the work of the Group of Experts is not complete since the General Assembly has asked the Secretary General to form a new Group of Experts which would report back to the Secretary General in 2017. It is imperative that the Government of India realise the importance of the work being done by the Group of Experts and take measures to ensure that a representative from India is included in or atleast the comments and concerns of India are included and addressed by the Group of Experts. Meanwhile, India can begin by strengthening domestic privacy safeguards, improving transparency and efficiency of relevant policies and processes, and looking towards solutions that respect rights and strengthen security. Brutent force solutions such as demands for back doors, unfair and unreasonable encryption regulation, and data localization requirements will not help propel India forward in international discussions, dialogues, or agreements on cross-border sharing of information. Though the recommendations from the Group of Experts are welcome, beyond a preliminary mention of privacy and freedom of expression, the rights of individuals - and the ways in which these can be protected, various components that go into supporting those rights including redress, transparency, and due process measures - was inadequately addressed.</p>
<div style="text-align: justify;">
<hr />
<div id="ftn1">
<p><a name="_ftn1" href="#_ftnref1">[1]</a> The terms "cyberspace" has been defined in the Oxford English Dictionary as the notional environment in which communication over computer networks occurs. Although the scope of this paper is not to discuss the meaning of this term, it was felt that a simple definition of the term would be useful to better define the parameters of the discussion.</p>
</div>
<div id="ftn2">
<p><a name="_ftn2" href="#_ftnref2">[2]</a> <a href="https://s3.amazonaws.com/unoda-web/wp-content/uploads/2016/01/A-RES-70-237-Information-Security.pdf"> https://s3.amazonaws.com/unoda-web/wp-content/uploads/2016/01/A-RES-70-237-Information-Security.pdf </a></p>
</div>
<div id="ftn3">
<p><a name="_ftn3" href="#_ftnref3">[3]</a> https://www.justsecurity.org/29203/british-searches-america-tremendous-opportunity/</p>
</div>
<div id="ftn4">
<p><a name="_ftn4" href="#_ftnref4">[4]</a> <a href="http://deity.gov.in/content/country-wise-status">http://deity.gov.in/content/country-wise-status</a></p>
</div>
<div id="ftn5">
<p><a name="_ftn5" href="#_ftnref5">[5]</a> Provided that the provisions of section 67, section 67A and this section does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form-</p>
<p>(i) The publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper writing, drawing, painting, representation or figure is in the interest of science, literature, art or learning or other objects of general concern; or</p>
<p>(ii) which is kept or used for <em>bona fide</em> heritage or religious purposes</p>
<p>Explanation: For the purposes of this section, "children" means a person who has not completed the age of 18 years.</p>
</div>
<div id="ftn6">
<p><a name="_ftn6" href="#_ftnref6">[6]</a> <a href="http://deity.gov.in/sites/upload_files/dit/files/Plan_Report_on_Cyber_Security.pdf"> http://deity.gov.in/sites/upload_files/dit/files/Plan_Report_on_Cyber_Security.pdf </a></p>
</div>
<div id="ftn7">
<p><a name="_ftn7" href="#_ftnref7">[7]</a> List of the countries is available at <a href="http://cbi.nic.in/interpol/mlats.php">http://cbi.nic.in/interpol/mlats.php</a></p>
</div>
<div id="ftn8">
<p><a name="_ftn8" href="#_ftnref8">[8]</a> <a href="https://www.lawfareblog.com/mlat-reform-some-thoughts-civil-society"> https://www.lawfareblog.com/mlat-reform-some-thoughts-civil-society </a></p>
</div>
<div id="ftn9">
<p><a name="_ftn9" href="#_ftnref9">[9]</a> Peter Swire<sup> </sup>& Justin D. Hemmings, "Re-Engineering the Mutual Legal Assistance Treaty Process", <a href="http://www.heinz.cmu.edu/~acquisti/SHB2015/Swire.docx">http://www.heinz.cmu.edu/~acquisti/SHB2015/Swire.docx</a>, <em>cf. </em> <a href="https://www.lawfareblog.com/mlat-reform-some-thoughts-civil-society"> https://www.lawfareblog.com/mlat-reform-some-thoughts-civil-society </a> .</p>
</div>
<div id="ftn10">
<p><a name="_ftn10" href="#_ftnref10">[10]</a> MLATS and International Cooperation for Law Enforcement Purposes, available at <a href="http://cis-india.org/internet-governance/blog/presentation-on-mlats.pdf"> http://cis-india.org/internet-governance/blog/presentation-on-mlats.pdf </a></p>
</div>
<div id="ftn11">
<p><a name="_ftn11" href="#_ftnref11">[11]</a> The full list of the countries with which India has agreed an MLAT is available at <a href="http://cbi.nic.in/interpol/extradition.php">http://cbi.nic.in/interpol/extradition.php</a></p>
</div>
<div id="ftn12">
<p><a name="_ftn12" href="#_ftnref12">[12]</a> <a href="http://cbi.nic.in/interpol/assist.php">http://cbi.nic.in/interpol/assist.php</a></p>
</div>
<div id="ftn13">
<p><a name="_ftn13" href="#_ftnref13">[13]</a> <a href="http://www.firstpost.com/india/how-the-police-tracked-and-arrested-im-founder-yasin-bhatkal-1071755.html"> http://www.firstpost.com/india/how-the-police-tracked-and-arrested-im-founder-yasin-bhatkal-1071755.html </a></p>
</div>
<div id="ftn14">
<p><a name="_ftn14" href="#_ftnref14">[14]</a> <a href="http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=3641">http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=3641</a></p>
</div>
<div id="ftn15">
<p><a name="_ftn15" href="#_ftnref15">[15]</a> <a href="http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=6014">http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=6014</a></p>
</div>
<div id="ftn16">
<p><a name="_ftn16" href="#_ftnref16">[16]</a> <a href="http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=11212">http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=11212</a></p>
</div>
<div id="ftn17">
<p><a name="_ftn17" href="#_ftnref17">[17]</a> <a href="http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=14584">http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=14584</a></p>
</div>
<div id="ftn18">
<p><a name="_ftn18" href="#_ftnref18">[18]</a> <a href="http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=26571">http://www.judis.nic.in/supremecourt/imgs1.aspx?filename=26571</a></p>
</div>
<div id="ftn19">
<p><a name="_ftn19" href="#_ftnref19">[19]</a> <a href="http://dspace.judis.nic.in/bitstream/123456789/26592/1/36303.pdf">http://dspace.judis.nic.in/bitstream/123456789/26592/1/36303.pdf</a></p>
</div>
<div id="ftn20">
<p><a name="_ftn20" href="#_ftnref20">[20]</a> AIR 1954 SC 300. In para 18 of the Judgment it was held: "A power of search and seizure is in any system of jurisprudence an overriding power of the State for the protection of social security and that power is necessarily regulated by law. When the Constitution makers have thought fit not to subject such regulation to constitutional limitations by recognition of a fundamental right to privacy, analogous to the American Fourth Amendment, we have no justification to import it, into a totally different fundamental right, by some process of strained construction."</p>
</div>
<div id="ftn21">
<p><a name="_ftn21" href="#_ftnref21">[21]</a> AIR 1963 SC 1295. In para 20 of the judgment it was held: "… Nor do we consider that Art. 21 has any relevance in the context as was sought to be suggested by learned counsel for the petitioner. As already pointed out, the right of privacy is not a guaranteed right under our Constitution and therefore the attempt to ascertain the movement of an individual which is merely a manner in which privacy is invaded is not an infringement of a fundamental right guaranteed by Part III."</p>
</div>
<div id="ftn22">
<p><a name="_ftn22" href="#_ftnref22">[22]</a> (1975) 2 SCC 148.</p>
</div>
<div id="ftn23">
<p><a name="_ftn23" href="#_ftnref23">[23]</a> (1994) 6 SCC 632.</p>
</div>
<div id="ftn24">
<p><a name="_ftn24" href="#_ftnref24">[24]</a> (1997) 1 SCC 301.</p>
</div>
<div id="ftn25">
<p><a name="_ftn25" href="#_ftnref25">[25]</a> <a href="http://cis-india.org/internet-governance/blog/right-to-privacy-in-peril"> http://cis-india.org/internet-governance/blog/right-to-privacy-in-peril </a></p>
</div>
<div id="ftn26">
<p><a name="_ftn26" href="#_ftnref26">[26]</a> <a href="http://cis-india.org/internet-governance/news/hindustan-times-august-20-2015-aloke-tikku-stats-from-2014-reveal-horror-of-scrapped-section-66-a-of-it-act"> http://cis-india.org/internet-governance/news/hindustan-times-august-20-2015-aloke-tikku-stats-from-2014-reveal-horror-of-scrapped-section-66-a-of-it-act </a></p>
</div>
<div id="ftn27">
<p><a name="_ftn27" href="#_ftnref27">[27]</a> <a href="http://supremecourtofindia.nic.in/FileServer/2015-03-24_1427183283.pdf"> http://supremecourtofindia.nic.in/FileServer/2015-03-24_1427183283.pdf </a></p>
</div>
<div id="ftn28">
<p><a name="_ftn28" href="#_ftnref28">[28]</a> <a href="http://deity.gov.in/sites/upload_files/dit/files/S_O_18(E).pdf">http://deity.gov.in/sites/upload_files/dit/files/S_O_18(E).pdf</a></p>
</div>
<div id="ftn29">
<p><a name="_ftn29" href="#_ftnref29">[29]</a></p>
</div>
<div id="ftn30">
<p><a name="_ftn30" href="#_ftnref30">[30]</a> <a href="http://deity.gov.in/sites/upload_files/dit/files/GSR_19(E).pdf">http://deity.gov.in/sites/upload_files/dit/files/GSR_19(E).pdf</a></p>
</div>
<div id="ftn31">
<p><a name="_ftn31" href="#_ftnref31">[31]</a> Rule 4 of the Information Technology (National Critical Information Infrastructure Protection Centre and Manner of Performing Functions and Duties) Rules, 2013.</p>
</div>
<div id="ftn32">
<p><a name="_ftn32" href="#_ftnref32">[32]</a> Since these Guidelines were not publicly released they are not available on any government website. In this paper we have relied on a version available on a private website at <a href="http://perry4law.org/cecsrdi/wp-content/uploads/2013/12/Guidelines-For-Protection-Of-National-Critical-Information-Infrastructure.pdf"> http://perry4law.org/cecsrdi/wp-content/uploads/2013/12/Guidelines-For-Protection-Of-National-Critical-Information-Infrastructure.pdf </a></p>
</div>
<div id="ftn33">
<p><a name="_ftn33" href="#_ftnref33">[33]</a> Available at <a href="http://www.cert-in.org.in/">http://www.cert-in.org.in/</a></p>
</div>
<div id="ftn34">
<p><a name="_ftn34" href="#_ftnref34">[34]</a> <a href="http://www.cert-in.org.in/">http://www.cert-in.org.in/</a></p>
</div>
</div>
<hr />
<h2>List of Acronyms</h2>
<ul>
<li><strong>ICTs</strong> – Information Communication Technologies</li>
<li><strong>GGE</strong> – Group of Experts</li>
<li><strong>EU</strong> – European Union</li>
<li><strong>DLC-ICT</strong> – India-Belarus Digital Learning Center</li>
<li><strong>IT Act</strong> – Information Technology Act, 2000</li>
<li><strong>UL</strong> - Unified License</li>
<li><strong>DEITY</strong> – Department of Electronics and Information Technology</li>
<li><strong>IT</strong> – Information Technology</li>
<li><strong>ISO</strong> – International Organization for Standardisation</li>
<li><strong>CERT</strong> – Computer Emergency Response Team</li>
<li><strong>CERT-In</strong> - Computer Emergency Response Team, India</li>
<li><strong>MLAT</strong> – Mutual Legal Assistance Treaty</li>
<li><strong>CII</strong> – Critical Information Infrastructure</li>
<li><strong>NCIIPC</strong> - National Critical Information Infrastructure Protection Centre</li>
<li><strong>NTRO</strong> - National Technical Research Organisation</li>
<li><strong>NPIT</strong> - National Policy on Information Technology</li>
<li><strong>CISO</strong> - Chief Information Security Officer</li></ul>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/analysis-report-experts-information-telecommunications-security-implications-india'>https://cis-india.org/internet-governance/blog/analysis-report-experts-information-telecommunications-security-implications-india</a>
</p>
No publisherElonnai Hickok and Vipul KharbandaFeaturedHomepageInternet GovernancePrivacy2016-08-11T09:58:59ZBlog EntrySubmitted Comments on the 'Government Open Data Use License - India'
https://cis-india.org/openness/submitted-comments-on-the-government-open-data-use-license-india
<b>The public consultation process of the draft open data license to be used by Government of India has ended yesterday. Here we share the text of the submission by CIS. It was drafted by Anubha Sinha, Pranesh Prakash, and Sumandro Chattapadhyay.</b>
<p> </p>
<p><em>The following comments on the 'Government Open Data Use License - India' was drafted by Anubha Sinha, Pranesh Prakash, and Sumandro Chattapadhyay, and submitted through the <a href="https://www.mygov.in/group-issue/public-consultation-government-open-data-use-license-india/">MyGov portal</a> on July 25, 2016. The original submission can be found <a href="https://www.mygov.in/sites/default/files/mygov_146946521043358971.pdfh">here</a>.</em></p>
<hr />
<h2>I. Preliminary</h2>
<ol>
<li>This submission presents comments by the Centre for Internet and Society (“<strong>CIS</strong>”) <strong>[1]</strong> on the draft Government Open Data Use License - India (“<strong>the draft licence</strong>”) <strong>[2]</strong> by the Department of Legal Affairs.<br /><br /></li>
<li>This submission is based on the draft licence released on the MyGov portal on June 27, 2016 <strong>[3]</strong>.<br /><br /></li>
<li>CIS commends the Department of Ministry of Law and Justice, Government of India for its efforts at seeking inputs from various stakeholders prior to finalising its open data licence. CIS is thankful for the opportunity to have been a part of the discussion during the framing of the licence; and to provide this submission, in furtherance of the feedback process continuing from the draft licence.</li></ol>
<h2>II. Overview</h2>
<ol start="4">
<li>The Centre for Internet and Society is a non-governmental organisation engaged in research and policy work in the areas of, inter alia, access to knowledge and openness. This clause-by-clause submission is consistent with CIS’ commitment to safeguarding general public interest, and the interests and rights of various stakeholders involved. Accordingly, the comments in this submission aim to further these principles and are limited to those clauses that most directly have an impact on them.</li></ol>
<h2>III. Comments and Recommendations</h2>
<ol start="5">
<li><strong>Name of the Licence:</strong> CIS recommends naming the licence “Open Data Licence - India” to reflect the nomenclature already established for similar licences in other nations like the UK and Canada. More importantly, the inclusion of the word ‘use’ in the original name “Government Open Data Use License” is misleading, since the licence permits use, sharing, modification and redistribution of open data.<br /><br /></li>
<li><strong>Change Language on Permissible Use of Data:</strong> The draft licence uses the terms “Access, use, adapt, and redistribute,” which are used in UNESCO’s definition of open educational resources, whereas, under the Indian Copyright Act <strong>[4]</strong>, it should cover “reproduction, issuing of copies,” etc. To resolve this difference, we suggest the following language be used: “Subject to the provisions of section 7, all users are provided a worldwide, royalty-free, non-exclusive licence to all rights covered by copyright and allied rights, for the duration of existence of such copyright and allied rights over the data or information.”<br /><br /></li>
<li><strong>Add Section on the Scope of Applicability of the Licence:</strong> It will be useful to inform the user of the licence on its applicability. The section may be drafted as: “This licence is meant for public use, and especially by all Ministries, Departments, Organizations, Agencies, and autonomous bodies of Government of India, when publicly disclosing, either proactively or reactively, data and information created, generated, collected, and managed using public funds provided by Government of India directly or through authorized agencies.”<br /><br /></li>
<li><strong>Add Sub-Clause Specifying that the Licence is Agnostic of Mode of Access:</strong> As part of the section 4 of the draft licence, titled ‘Terms and Conditions of Use of Data,’ a sub-clause should be added that specifies that users may enjoy all the freedom granted under this licence irrespective of their preferred mode of access of the data concerned, say manually downloaded from the website, automatically accessed via an API, collected from a third party involved in re-sharing of this data, accessed in physical/printed form, etc.<br /><br /></li>
<li><strong>Add Sub-Clause on Non-Repudiability and Integrity of the Published Data:</strong> To complement the sub-clause 6.e. that notes that data published under this licence should be published permanently and with appropriate versioning (in case of the published data being updated and/or modified), another sub-clause should be added that states that non-repudiability and integrity of published data must be ensured through application of real/digital signature, as applicable, and checksum, as applicable. This is to ensure that an user who has obtained the data, either in physical or digital form, can effectively identify and verify the the agency that has published the data, and if any parts of the data have been lost/modified in the process of distribution and/or transmission (through technological corruption of data, or otherwise).<br /><br /></li>
<li><strong>Combine Section 6 on Exemptions and Section 7 on Termination:</strong> Given that the licence cannot reasonably proscribe access to data that has already been published online, it is suggested that it would be better to simply terminate the application of the licence to that data or information that ought not to have been published for grounds provided under section 8 of the RTI Act, or have been inadvertently published. It should also be noted that section 8 of the RTI Act cannot be “violated” (as stated in Section 6.g. of the draft licence), since it only provides permission for the public authority to withhold information, and does not impose an obligation on them (or anyone else) to do so. The combined clause can read: “Upon determination by the data provider that specific data or information should not have been publicly disclosed for the grounds provided under Section 8 of the Right to Information Act, 2005, the data provider may terminate the applicability of the licence for that data or information, and this termination will have the effect of revocation of all rights provided under Section 3 of this licence.”<br /><br /></li>
<li>It will be our pleasure to discuss these submissions with the Department of Legal Affairs in greater detail, supplement these with further submissions if necessary, and offer any other assistance towards the efforts at developing a national open data licence.</li></ol>
<hr />
<p><strong>[1]</strong> See: <a href="http://cis-india.org/">http://cis-india.org/</a>.</p>
<p><strong>[2]</strong> See: <a href="https://www.mygov.in/sites/default/files/mygov_1466767582190667.pdf">https://www.mygov.in/sites/default/files/mygov_1466767582190667.pdf</a>.</p>
<p><strong>[3]</strong> See: <a href="https://www.mygov.in/group-issue/public-consultation-government-open-data-use-license-india/">https://www.mygov.in/group-issue/public-consultation-government-open-data-use-license-india/</a>.</p>
<p><strong>[4]</strong> See: <a href="http://www.copyright.gov.in/Documents/CopyrightRules1957.pdf">http://www.copyright.gov.in/Documents/CopyrightRules1957.pdf</a>.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/openness/submitted-comments-on-the-government-open-data-use-license-india'>https://cis-india.org/openness/submitted-comments-on-the-government-open-data-use-license-india</a>
</p>
No publishersinhaOpen Government DataOpen LicenseOpen DataNDSAPFeaturedOpennessHomepage2016-07-26T09:23:48ZBlog Entry Studying Internet in India (2016): Selected Abstracts
https://cis-india.org/raw/studying-internet-in-india-2016-selected-abstracts
<b>We received some great submissions and decided to select twelve abstracts, and not only ten as we planned earlier. Here are the abstracts.</b>
<p> </p>
<h3><strong>Abhimanyu Roy</strong></h3>
<p><strong><em>The Curious Incidents on Matrimonial Websites in India</em></strong></p>
<p>What is love? Philosophers have argued over it, biologists have researched it and in the age of the internet, innovators have disrupted it. In the west, dating websites such as OKCupid and eHarmony use all manner of algorithms to find its users their optimal match. In India’s conservative society though, dating is fast-tracked or skipped altogether in favor of marriage. This gives rise to a plethora of matrimonial sites such as Jeevansathi.com and Shaadi.com. This is where things get tricky.</p>
<p>Matrimonial websites are different from other internet-enabled services. The gravity of the decision and the major impact that it has on the lives of users brings in pressure and a range of emotions that are not there on casual transactions such as an Uber ride or a foodpanda order. From outright fraud to online harassment newspaper back pages are filled with nightmare stories that begin on a matrimonial website. So much so, that in November of last year, the Indian government decided to set up a panel to regulate matrimonial sites in order to curb abuse. The essay will analyze India’s social stand on marriage, the role of matrimonial websites in modern day India, the problems this awkward amalgamation of the internet and love gives rise to and the steps authorities and matrimonial companies are taking to prevent these issues from occurring.</p>
<h3><strong>Anita Gurumurthy, Nandini Chami, and Deepti Bharthur</strong></h3>
<p><strong><em>Internet as Sutradhar: The Aesthetics and Politics of Digital Age Counter-power</em></strong></p>
<p>The open Internet is now a feeble, wannabe, digital age meme. The despots have grabbed it and capitalism has colonised it. But the network that engulfs its users is also a multi-headed organism; the predictables have to make peace with the unpredictables, both arising as they do with the unruly affordances of the network. The much celebrated public domain of open government data, usually meant for geeks and software gurus dedicated to the brave new 'codeful' future, has meant little for marginal subjects of India's development project. Data on government websites have been critiqued worldwide for often being too clunky to catalyse civic use or too obscure to pin down government efficacy. However, as an instrument of accountable governance, data in the public domain can help hold the line, fuelling vanguard action to foster democracy. Activists engaged in the right to food movement in India had reason to rejoice recently when the Supreme Court of India pulled up the central government for delay in release of funds under the MGNREGA scheme and violating the food security law. The series of actions leading to this victory enjoins deeper examination of the MGNREGS website, the design principles of the MIS that generates reports based on the data, and the truth claims that arose in the contingent context marking this struggle. <em>What were the ingredients of this happy irony; the deployment of the master's tools to disband the master's house? What aesthetics and principles made for a public data structure that allowed citizens to hack into state impunity? And what do such practices around the digital tell us about the performativity of the Internet - not as a grand, open, phenomenon for the network to access the multitude, but as the inane, local, Sutradhar (alchemist who produces the narrative), who allows truths to be told?</em></p>
<h3><strong>Aishwarya Panicker</strong></h3>
<p><strong><em>How Green is the Internet? The Good, the Bad and the Ugly</em></strong></p>
<p>Groceries at your doorstep, data on your fingertips, an Uber at the tap of a button and information overload- human negotiations with the internet have definitely changed drastically in the past few decades. Research in the area, too, has transformed to not just the supply of internet to the masses, but has evolved to include innovative and revolutionary ideas in terms of internet infrastructure and governance. With over 3.2 Billion internet users in the world, and over 400 million of these from India, this is no surprise.</p>
<p>However, while environmental sustainability remains at the forefront of many-a-government, there is little data / debate / analysis / examination of the environmental impact of the internet. This is true especially for India. In 2011, Joel Gombiner wrote an academic paper on the problem of the Internets carbon footprint, with a premise based on the lesser known fact that the ICT industry has been ‘responsible for two to four percent of the global greenhouse gas emissions’- an area that the Climate Group’s Smart 2020 report had focused on back in 2008 as well. Clearly this is a war on the environment that is yet to receive large-scale attention.</p>
<p>How can we move beyond particular fascinations with the internet and engage holistically with the internet? By moving towards a dimension of internet infrastructure studies, that has large policy and implementation benefits. This paper, then, will seek to elucidate four central issue areas: first, as the third highest country in terms of internet use, what is the current environmental impact of internet usage in India? Second, are there any regulatory provisions that give prescriptive measures to data centres and providers? Third, do any global standards
exist in this regard and finally, what future steps can be taken (by the government, civil society
and individuals) to address this?</p>
<h3><strong>Deepak Prince</strong></h3>
<p>One of the most important effects of increasing internet connectivity coupled with universal electronic display screens, multimedia digital objects and supple graphic interfaces, is the proliferation of systems of enunciation. The business letter, typewriter, electric telegraph and radio, each in its own time, transformed how humans make sense in different forms of writing. Some of these survive to this day (forms of address from letters, the abbreviations and ‘cablese’ from telegraph operators etc). Now, we find new spaces of networked sociality emerging at rapid speeds, and everyday, we forget many others that are now outdated, no longer ‘supported’ or desired. How does one study this supple flow of discourse? Deleuze and Guattari’s concept of tracing collective assemblages of enunciation (the structuring structures of discourse) and Gilbert Simondon’s Law of relaxation (where technical elements created by complex ensembles are released into a path of technological evolution where they may or may not crystallize the formation of new ensembles) are two philosophical notions that seek to address this problem. The anthropologist Ilana Gershon suggests that new social media platforms like Facebook have a detrimental effect on sociality because they impose a neo-liberal notion of personhood on its users, through the interface. I take this as my point of departure, and based on ethnographic fieldwork conducted at a new media marketing agency, I attempt to draw out how ‘posting’ is modulated on facebook, about how subjectivity is configured within the complex matrix comprising a constant flow of posts, the economy of ‘liking’, algorithmic sorting and affects that do not cross the threshold of the screen.</p>
<h3><strong>Maitrayee Mukerji</strong></h3>
<p>By some latest estimates, around 35% of the population access the Internet in India using multiple devices. As Indians browse, search, transact and interact online, one can observe the increasing intertwining of the Internet in their everyday lives. But, how much do we know about the influence and impact of the Internet on Indian and in India? Advances in big data technologies provide an exciting opportunity for social science researchers to study the Internet. So, trends can be detected, opinions and sentiments can be calibrated, social networks can be discovered by using technologies for collecting and mining data on people online. But are social science researchers in India equipped enough to do a rigorous and detailed study of the India? Leaving aside debates on epistemology, ontology and methodology of researching Internet using big data analytics, the very first challenge is
limited access to data. A cursory scan of the available research would indicate that the data – tweets, trends, comments, memes etc. have generally been collected manually. The bulk of the data is collected by private companies and available either at a price or by writing programs to access them through APIs. The latter allows only limited extraction of data and more often than not has a learning curve. Access to raw data, through institutional repositories or special permission, if available is only to select few. Legal and ethical issues arise if one considers scrapping websites for data. The essay is an attempt to articulate the challenges in accessing data while making attempts to study the Internet using big data analytics.</p>
<h3><strong>Muhammed Afzal P</strong></h3>
<p><strong><em>Internet Memes as Effective Means of Social and Political Criticism</em></strong></p>
<p>By looking at the user-generated memes posted from the Malayalam Facebook pages “Troll Malayalam” and “International Chalu Union”, this essay argues that political memes function as effective means of social and political criticism in Kerala. In a society where conversations often tend to feature examples from popular films, memes from these pages use images from popular culture including television to respond to current affairs as well as contemporary social and political questions. Often described mistakenly as 'trolls' by the practitioners themselves, a major portion of the memes have a progressive content in terms of discussing questions related to religion, sexuality, nationalism, etc. It won’t be an exaggeration to state that many Malayalis see these memes as instant 'news analysis' of current affairs. The argument of this essay will be advanced through an analysis of the memes that were produced in relation to contemporary socio-political and cultural questions such as beef ban, the rise of right-wing politics in Kerala, the question of religious conservatism, etc. Through this the essay seeks to investigate how internet memes creatively contribute to social movements and also to see how critical questions in cultural criticism are translated into "the popular.'</p>
<h3><strong>Dr. Ravikant Kisana</strong></h3>
<p><strong><em>Archetyping the 'Launda' Humor on the Desi Internet</em></strong></p>
<p>Humor on the internet has proven a massive social unifying force for young, upper class Indian millennials. The humor is not just consumed via Western (mainly US) humor collectives such as 9GAG, Cracked, etc - the proliferation of 'Indian' humor pages on the Facebook and the countless YouTube comedy channels is testament to the localisation of this content. However, the humor which is seen as a unifying force is largely 'launda' aka. 'heteronormative-upper caste-male' in its sensibilities. Comedy collectives like TVF, with its popular channel 'Q-tiyapa' had to create a separate handle 'Girliyapa' to cater to feminist themes. The idea is that humor by default is male, and 'feminist humor' needs a separate space.</p>
<p>This essay seeks to study the 'launda'-cultural attributes of online Indian humor. It will seek to document and wean archetypes of comedy tropes which fit this mode. The area of the documentation will be YouTube comedy channels and Facebook humor pages—however, the same can be extended to Twitter handles and the suchlike.</p>
<h3><strong>Siddharth Rao and Kiran Kumar</strong></h3>
<p><strong><em>Chota Recharge and the Chota Internet</em></strong></p>
<p>Uniform and affordable Internet is emerging as one of the fundamental civil rights in developing countries. However in India, the connectivity is far from uniform across the regions, where the disparity is evident in the infrastructure, the cost of access and telecommunication services to provide Internet facilities among different economic classes. In spite of having a large mobile user base, the mobile Internet are still remarkably slower in some of the developing countries. Especially in India, it falls below 50% even in comparison with the performance of its developing counterparts!</p>
<p>This essay presents a study of connectivity and performance trends based on an exploratory analysis of mobile Internet measurement data from India. In order to assess the state of mobile networks and its readiness in adopting the different mobile standards (2G, 3G, and 4G) for commercial use, we discuss the spread, penetration, interoperability and the congestion trends.</p>
<p>Based on our analysis, we argue that the network operators have taken negligible measures to scale the mobile Internet. Affordable Internet is definitely for everyone. But, the affordability of the Internet in terms of cost
does not necessarily imply the rightful access to Internet services. Chota recharge is possibly leading us to chota (shrunken) Internet!</p>
<h3><strong>Smarika Kumar</strong></h3>
<p><strong><em>Why Mythologies are Crucial to Understand Governance on the Internet: The Case of Online Maps</em></strong></p>
<p>How does one study internet in India? This essay proposes to provide one possible answer to this question through its central argument that internet, like other technologies, is very much a part of a “mythological” or “fictional” narrative of the history of this country, and without an understanding of these mythologies, the development of internet governance in the country cannot be hoped to be understood. This central argument is traced in the essay through the debates and discussions on law and policymaking around online maps. The essay, in its first part, explores what a “mythological” account of the history of India might mean, and what role technological developments play in it. It does so by tracing the narrative of mapmaking in medieval India and its deep ties with magic, secrecy and mythical stories. It then surveys how modern mapping surveys in the colonial period interacted with the idea of the “native”, and argues that such interactions created a dichotomy between “native” sciences, folklore on the one hand, and colonial achievements, national security on the other. It argues that it is this latter strand of a certain “national security” vision of technology which found dominant voice in the regulation
of maps in India post-independence, yet the sense of the unknown, mystical, or “mythological” in such technological deployment as mapmaking requires, survived. The essay finally uses such evidence to trace how even in online
interactions, and internet governance design in India- this aspect of the mystical and the fear of it often sustains, driven by a (repressed?) memory of mythology, through the use of analogies. And it is within this twilight
zone, within this frontier between “mythology” and nation-building, that a governance design for online maps is being presently constructed in India. The essay then argues that it becomes crucial to understand such mythologies around technology generally and internet specifically and the manner they interact with law and policymaking in order to really get a sense of a 21st century India’s experience of the internet.</p>
<h3><strong>Sujeet George</strong></h3>
<p><strong><em>Understanding Reddit: The Indian Context</em></strong></p>
<p>Even as social networking sites like Facebook and Twitter seek to carve a niche within the Indian social media landscape, the presence and impact of news aggregator website reddit seems relatively unnoticed. Known for its excessive self-referentiality and inability to emerge from a restricted pool of informational flow, reddit nevertheless has come to be a major focal point of convergence of news and public opinion, especially in the United States. The web interface, which allows for users with overlapping interests to converge under a common platform namely the “subreddit,” allows the possibility of understanding questions of user taste and the directions in which information and user attention flow.</p>
<p>This paper seeks to offer a preliminary gesture towards understanding reddit’s usage and breadth in the Indian context. Through an analysis of the “India” subreddit and examining the manner and context in which information and ideas are shared, proposed, and debunked, the paper aspires to formulate a methodology for interrogating sites like reddit that offer the possibilities of social mediation, even as users maintain a limited amount of privacy. At the
same time, to what extent can such news aggregator sites direct the ways in which opinions and news flows change course as a true marker of information generation responding to user inputs.</p>
<h3><strong>Supratim Pal</strong></h3>
<p>India, being a multilingual country, owes a lot to the Internet for adding words to the vocabulary of everyday use in different languages.</p>
<p>This paper would critically examine how Net words like "selfie", "wall", "profile" and others have changed the way Indians write or talk. For example, a word like "nijaswi" was not there in Bengali language five years back but is used across several platforms as a translation of "selfie".</p>
<p>On one hand, computer-mediated communication (CMC) has helped us to express in short messages and on the other, we all have picked up use of punctuation marks like colon or a semicolon to express our emotion - which have got another name, "emoticons".</p>
<p>The paper would be more practical in approach than theoretical. For example, it would feature chat (another example of CMC) conversations 10 years ago when hardly an emoticon was used, and that of today's when we cannot think of a chat without a "smiley" or a "sticker". Even the linguist, David Crystal, probably could not have thought that in 15 years, the language (not just lingua franca, English) would change worldwide since he first tried to theorize Internet language in 2001.</p>
<p>Today, a linguist need not to have a proper publication to introduce a word in any language but Netizens can re-invent words like "troll" or "roast" to criticize one or "superlike" to celebrate an achievement or even "unfriend" someone to just relax.</p>
<h3><strong>Surfatial</strong></h3>
<p>Surfatial is a trans-local collective that operates through the internet. We use conversations to aid learning outside established structures. We are concerned with enabling disinhibition through the internet, for expressing
what may not be feasible in physical reality. What role does partial or complete anonymity play in this process of seeking “safe” zones of expression? Fake profiles on social media offer such zones, while perhaps also operating to propagate, mislead or troll.</p>
<p>Our essay would argue:</p>
<ol><li>That there is a desire to participate in speculative fora in the Indian cultural context and the internet has created space for philosophical questioning among contemporary Indian participants which can develop further, despite common assertions that online spaces are largely uncivil and abusive.</li>
<li>That anonymous and pseudonymous content production offers a method for exploring and expressing with a certain degree of freedom.</li>
<li>Spam-like methods used in sub-cultural outreach efforts on social media have proved effective in puncturing filter bubbles.</li></ol>
<p>Our essay would be drawn from experiments via Surfatial’s online engagement platforms (Surfatial’s Study groups and post_writer project) to examine:</p>
<ol><li>Extent of participation.</li>
<li>Disinhibition facilitation and dialoguing.</li>
<li>Reach.</li>
<li>Emergence and development of ideas.</li>
<li>Creating an archive of internet activity and re-processing it into new forms of presentation.</li></ol>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/raw/studying-internet-in-india-2016-selected-abstracts'>https://cis-india.org/raw/studying-internet-in-india-2016-selected-abstracts</a>
</p>
No publishersumandroResearchers at WorkFeaturedInternet StudiesRAW Blog2016-07-06T06:24:42ZBlog EntryCIS Submission to TRAI Consultation on Free Data
https://cis-india.org/internet-governance/blog/cis-submission-trai-consultation-free-data
<b>The Telecom Regulatory Authority of India (TRAI) held a consultation on Free Data, for which CIS sent in the following comments.</b>
<p> </p>
<p>The Telecom Regulatory Authority of India (TRAI) asked for <a href="http://trai.gov.in/WriteReadData/ConsultationPaper/Document/CP_07_free_data_consultation.pdf">public comments on free data</a>. Below are the comments that CIS submitted to the four questions that it posed.</p>
<p> </p>
<h2 id="question-1">Question 1
<p><em>Is there a need to have TSP agnostic platform to provide free data or suitable reimbursement to users, without violating the principles of Differential Pricing for Data laid down in TRAI Regulation? Please suggest the most suitable model to achieve the objective.</em></p>
</h2>
<h3 id="is-there-a-need-for-free-data">Is There a Need for Free Data?</h3>
<p>No, there is no <em>need</em> for free data, just as there is no <em>need</em> for telephony or Internet. However, making provisions for free data would increase the amount of innovation in the Internet and telecom sector, and there is a good probability that it would lead to faster adoption of the Internet, and thus be beneficial in terms of commerce, freedom of expression, freedom of association, and many other ways.</p>
<p>Thus the question that a telecom regulator should ask is not whether there is a <em>need</em> for TSP agnostic platforms, but whether such platforms are harmful for competition, for consumers, and for innovation. The telecom regulator ought not undertake regulation unless there is evidence to show that harm has been caused or that harm is likely to be caused. In short, TRAI should not follow the precautionary principle, since the telecom and Internet sectors are greatly divergent from environmental protection: the burden of proof for showing that something ought to be prohibited ought to be on those calling for prohibition.</p>
<h3 id="goal-regulating-gatekeeping">Goal: Regulating Gatekeeping</h3>
<p>TRAI wouldn’t need to regulate price discrimination or Net neutrality if ISPs were not “gatekeepers” for last-mile access. “Gatekeeping” occurs when a single entity establishes itself as an exclusive route to reach a large number of people and businesses or, in network terms, nodes. It is not possible for Internet services to reach their end customers without passing through ISPs (generally telecom networks). The situation is very different in the middle-mile and for backhaul. Even though anti-competitive terms may exist in the middle-mile, especially given the opacity of terms in “transit agreements”, a packet is usually able to travel through multiple routes if one route is too expensive (even if that is not the shortest network path, and is thus inefficient in a way). However, this multiplicity of routes is generally not possible in the last mile.<a id="fnref1" class="footnoteRef" href="#fn1"><sup>1</sup></a> This leaves last mile telecom operators (ISPs) in a position to unfairly discriminate between different Internet services or destinations or applications, while harming consumer choice.</p>
<p>However, the aim of regulation by TRAI cannot be to prevent gatekeeping, since that is not possible as long as there are a limited number of ISPs. For instance, even by the very act of charging money for access to the Internet, ISPs are guilty of “gatekeeping” since they are controlling who can and cannot access an Internet service that way. Instead, the aim of regulation by TRAI should be to “regulate gatekeepers to ensure they do not use their gatekeeping power to unjustly discriminate between similarly situated persons, content or traffic”, as we proposed in our submission to TRAI (on OTTs) last year.</p>
<h3 id="models-for-free-data">Models for Free Data</h3>
<p>There are multiple models possible for free data, none of which TRAI should prohibit unless it would enable OTTs to abuse their gatekeeping powers.</p>
<h4 id="government-incentives-for-non-differentiated-free-data">Government Incentives For Non-Differentiated Free Data</h4>
<p>The government may opt to require all ISPs to provide free Internet to all at a minimum QoS in exchange for exemption from paying part of their USO contributions, or the government may pay ISPs for such access using their USO contributions.</p>
<p>TRAI should recommend to DoT that it set up a committee to study the feasibility of this model.</p>
<h4 id="isp-subsidies">ISP subsidies</h4>
<p>ISP subsidies of Internet access only make economic sense for the ISP under the following ‘Goldilocks’ condition is met: the experience with the subsidised service is ‘good enough’ for the consumers to want to continue to use such services, but ‘bad enough’ for a large number of them to want to move to unsubsidised, paid access.</p>
<ol style="list-style-type: decimal;">
<li>Providing free Internet to all at a low speed.
<ol style="list-style-type: lower-alpha;">
<li>This naturally discriminates against services and applications such as video streaming, but does not technically bar access to them.</li></ol>
</li>
<li>Providing free access to the Internet with other restrictions on quality that aren’t discriminatory with respect to content, services, or applications.</li></ol>
<h4 id="rewards-model">Rewards model</h4>
<p>A TSP-agnostic rewards platform will only come within the scope of TRAI regulation if the platform has some form of agreement with the TSPs, even if it is collectively. If the rewards platform doesn’t have any agreement with any TSP, then TRAI does not have the power to regulate it. However, if the rewards platform has an agreement with any TSP, it is unclear whether it would be allowed under the Differential Data Tariff Regulation, since the clause 3(2) read with paragraph 30 of the Explanatory Memorandum might disallow such an agreement.</p>
<p>Assuming for the sake of argument that platforms with such agreements are not disallowed, such platforms can engage in either post-purchase credits or pre-purchase credits, or both. In other words, it could be a situation where a person has to purchase a data pack, engage in some activity relating to the platform (answer surveys, use particular apps, etc.) and thereupon get credit of some form transferred to one’s SIM, or it could be a situation where even without purchasing a data pack, a consumer can earn credits and thereupon use those credits towards data.</p>
<p>The former kind of rewards platform is not as useful when it comes to encouraging people to use the Internet, since only those who already see worth in using in the Internet (and can afford it) will purchase a data pack in the first place. The second form, on the other hand is quite useful, and could be encouraged. However, this second model is not as easily workable, economically, for fixed line connections, since there is a higher initial investment involved.</p>
<h4 id="recharge-api">Recharge API</h4>
<p>A recharge API could be fashioned in one of two ways: (1) via the operating system on the phone, allowing a TSP or third parties (whether OTTs or other intermediaries) to transfer credit to the SIM card on the phone which have been bought wholesale. Another model could be that of all TSPs providing a recharge API for the use of third parties. Only the second model is likely to result in a “toll-free” experience since in the first model, like in the case of a rewards platform that requires up-front purchase of data packs, there has to be a investment made first before that amount is recouped. This is likely to hamper the utility of such a model.</p>
<p>Further, in the first case, TRAI would probably not have the powers to regulate such transactions, as there would be no need for any involvement by the TSP. If anti-competitive agreements or abuse of dominant position seems to be taking place, it would be up to the Competition Commission of India to investigate.</p>
<p>However, the second model would have to be overseen by TRAI to ensure that the recharge APIs don’t impose additional costs on OTTs, or unduly harm competition and innovation. For instance, there ought to be an open specification for such an API, which all the TSPs should use in order to reduce the costs on OTTs. Further, there should be no exclusivity, and no preferential treatment provided for the TSPs sister concerns or partners.</p>
<h4 id="example-sites">“0.example” sites</h4>
<p>Other forms of free data, for instance by TSPs choosing not to charge for low-bandwidth traffic should be allowed, as long as it is not discriminatory, nor does it impose increased barriers to entry for OTTs. For instance, if a website self-certifies that it is low-bandwidth and optimized for Internet-enabled feature phones and uses 0.example.tld to signal this (just as wap.* were used in for WAP sites and m.* are used for mobile-optimized versions of many sites), then there is no reason why TSPs should be prohibited from not charging for the data consumed by such websites, as long as the TSP does so uniformly without discrimination. In such cases, the TSP is not harming competition, harming consumers, nor abusing its gatekeeping powers.</p>
<h4 id="ott-agnostic-free-data">OTT-agnostic free data</h4>
<p>If a TSP decides not to charge for specific forms of traffic (for example, video, or for locally-peered traffic) regardless of the Internet service from which that traffic emanates, as as long as it does so with the end customer’s consent, then there is no question of the TSP harming competition, harming consumers, nor abusing its gatekeeping powers. There is no reason such schemes should be prohibited by TRAI unless they distort markets and harm innovation.</p>
<h4 id="unified-marketplace">Unified marketplace</h4>
<p>One other way to do what is proposed as the “recharge API” model is to create a highly-regulated market where the gatekeeping powers of the ISP are diminished, and the ISP’s ability to leverage its exclusive access over its customers are curtailed. A comparison may be drawn here to the rules that are often set by standard-setting bodies where patents are involved: given that these patents are essential inputs, access to them must be allowed through fair, reasonable, and non-discriminatory licences. Access to the Internet and common carriers like telecom networks, being even more important (since alternatives exist to particular standards, but not to the Internet itself), must be placed at an even higher pedestal and thus even stricter regulation to ensure fair competition.</p>
<p>A marketplace of this sort would impose some regulatory burdens on TRAI and place burdens on innovations by the ISPs, but a regulated marketplace harms ISP innovation less than not allowing a market at all.</p>
<p>At a minimum, such a marketplace must ensure non-exclusivity, non-discrimination, and transparency. Thus, at a minimum, a telecom provider cannot discriminate between any OTTs who want similar access to zero-rating. Further, a telecom provider cannot prevent any OTT from zero-rating with any other telecom provider. To ensure that telecom providers are actually following this stipulation, transparency is needed, as a minimum.</p>
<p>Transparency can take one of two forms: transparency to the regulator alone and transparency to the public. Transparency to the regulator alone would enable OTTs and ISPs to keep the terms of their commercial transactions secret from their competitors, but enable the regulator, upon request, to ensure that this doesn’t lead to anti-competitive practices. This model would increase the burden on the regulator, but would be more palatable to OTTs and ISPs, and more comparable to the wholesale data market where the terms of such agreements are strictly-guarded commercial secrets. On the other hand, requiring transparency to the public would reduce the burden on the regulator, despite coming at a cost of secrecy of commercial terms, and is far more preferable.</p>
<p>Beyond transparency, a regulation could take the form of insisting on standard rates and terms for all OTT players, with differential usage tiers if need be, to ensure that access is truly non-discriminatory. This is how the market is structured on the retail side.</p>
<p>Since there are transaction costs in individually approaching each telecom provider for such zero-rating, the market would greatly benefit from a single marketplace where OTTs can come and enter into agreements with multiple telecom providers.</p>
<p>Even in this model, telecom networks will be charging based not only on the fact of the number of customers they have, but on the basis of them having exclusive routing to those customers. Further, even under the standard-rates based single-market model, a particular zero-rated site may be accessible for free from one network, but not across all networks: unlike the situation with a toll-free number in which no such distinction exists.</p>
<p>To resolve this, the regulator may propose that if an OTT wishes to engage in paid zero-rating, it will need to do so across all networks, since if it doesn’t there is risk of providing an unfair advantage to one network over another and increasing the gatekeeper effect rather than decreasing it.</p>
<h2 id="question-2">Question 2</h2>
<p><em>Whether such platforms need to be regulated by the TRAI or market be allowed to develop these platforms?</em></p>
<p>In many cases, TRAI would have no powers over such platforms, so the question of TRAI regulating does not arise. In all other cases, TRAI can allow the market to develop such platforms, and then see if any of them violates the Discriminatory Data Tariffs Regualation. For government-incentivised schemes that are proposed above, TRAI should take proactive measure in getting their feasibility evaluated.</p>
<h2 id="question-3">Question 3</h2>
<p><em>Whether free data or suitable reimbursement to users should be limited to mobile data users only or could it be extended through technical means to subscribers of fixed line broadband or leased line?</em></p>
<p>Spectrum is naturally a scarce resource, though technological advances (as dictated by Cooper’s Law) and more efficient management of spectrum make it less so. However, we have seen that fixed-line broadband has more or less stagnated for the past many years, while mobile access has increased. So the market distortionary power of fixed-line providers is far less than that of mobile providers. However, competition is far less in fixed-line Internet access services, while it is far higher in mobile Internet access. Switching costs in fixed-line Internet access services are also far higher than in mobile services. Given these differences, the regulation with regard to price discrimination might justifiably be different.</p>
<p>All in all, for this particular issue, it is unclear why different rules should apply to mobile users and fixed line users.</p>
<h2 id="question-4">Question 4</h2>
<p><em>Any other issue related to the matter of Consultation.</em></p>
<p>None.</p>
<div class="footnotes">
<hr />
<ol>
<li id="fn1">
<p>In India’s mobile telecom sector, according to a Nielsen study, an estimated 15% of mobile users are multi-SIM users, meaning the “gatekeeping” effect is significantly reduced in both directions: Internet services can reach them via multiple ISPs, and conversely they can reach Internet services via multiple ISPs. <em>See</em> Nielsen, ‘Telecom Transitions: Tracking the Multi-SIM Phenomena in India’, http://www.nielsen.com/in/en/insights/reports/2015/telecom-transitions-tracking-the-multi-sim-phenomena-in-india.html<a href="#fnref1">↩</a></p>
</li></ol>
</div>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/cis-submission-trai-consultation-free-data'>https://cis-india.org/internet-governance/blog/cis-submission-trai-consultation-free-data</a>
</p>
No publisherpraneshTelecomHomepageTRAINet NeutralityFeaturedInternet GovernanceSubmissions2016-07-01T16:04:27ZBlog EntryPublic Consultation for the First Draft of 'Government Open Data Use License - India' Announced
https://cis-india.org/openness/public-consultation-for-the-first-draft-of-government-open-data-use-license-india-announced
<b>The first public draft of the open data license to be used by Government of India was released by the Department of Legal Affairs earlier this week. Comments are invited from general public and stakeholders. These are to be submitted via the MyGov portal by July 25, 2016. CIS was a member of the committee constituted to develop the license concerned, and we contributed substantially to the drafting process.
</b>
<p> </p>
<h4>Please read the call for comments <a class="external-link" href="https://www.mygov.in/group-issue/public-consultation-government-open-data-use-license-india/">here</a>.</h4>
<h4>The PDF version of the draft license document can be accessed <a class="external-link" href="https://www.mygov.in/sites/default/files/mygov_1466767582190667.pdf">here</a>.</h4>
<h4><em>Comments are to be submitted by July 25, 2016.</em></h4>
<hr />
<h4 style="text-align: center;"><strong>Government Open Data Use License - India</strong></h4>
<h4 style="text-align: center;"><strong>National Data Sharing and Accessibility Policy</strong></h4>
<h4 style="text-align: center;"><strong>Government of India</strong></h4>
<h2>1. Preamble</h2>
<p style="text-align: justify;">Structured data available in open format and open license for public access and use, usually termed as “Open Data,” is of prime importance in the contemporary world. Data also is one of the most valuable resources of modern governance, sharing of which enables various and non-exclusive usages for both commercial and non-commercial purposes. Licenses, however, are crucial to ensure that such data is not misused or misinterpreted (for example, by insisting on proper attribution), and that all users have the same and permanent right to use the data.</p>
<p style="text-align: justify;">The open government data initiative started in India with the notification of the National Data Sharing and Accessibility Policy (NDSAP), submitted to the Union Cabinet by the Department of Science and Technology, on 17th March 2012 <strong>[1]</strong>. The NDSAP identified the Department of Electronics & Information Technology (DeitY) as the nodal department for the implementation of the policy through National Informatics Centre, while the Department of Science and Technology continues to be the nodal department on policy matters. In pursuance of the Policy, the Open Government Data Platform India <strong>[2]</strong> was launched in 2012.</p>
<p style="text-align: justify;">While, the appropriate open formats and related aspects for implementation of the Policy has been defined in the “NDSAP Implementation Guidelines” prepared by an inter- ministerial Task Force constituted by the National Informatics Centre <strong>[3]</strong>, the open license for data sets published under NDSAP and through the OGD Platform remained unspecified till now.</p>
<h2>2. Definitions</h2>
<p style="text-align: justify;">a. <strong>“Data”</strong> means a representation of Information, numerical compilations and observations, documents, facts, maps, images, charts, tables and figures, concepts in digital and/or analog form, and includes metadata <strong>[4]</strong>, that is all information about data, and/or clarificatory notes provided by data provider(s), without which the data concerned cannot be interpreted or used <strong>[5]</strong>.</p>
<p style="text-align: justify;">b. <strong>“Information”</strong> means processed data <strong>[6]</strong>.</p>
<p style="text-align: justify;">c. <strong>“Data Provider(s)”</strong> means person(s) publishing and providing the data under this license.</p>
<p style="text-align: justify;">d. <strong>“License”</strong> means this document.</p>
<p style="text-align: justify;">e. <strong>“Licensor”</strong>means any data provider(s) that has the authority to offer the data concerned under the terms of this licence.</p>
<p style="text-align: justify;">f. <strong>“User”</strong> means natural or legal persons, or body of persons corporate or incorporate, acquiring rights in the data (whether the data is obtained directly from the licensor or otherwise) under this licence.</p>
<p style="text-align: justify;">g. <strong>“Use”</strong> includes lawful distribution, making copies, adaptation, and all modification and representation of the data, subject to the provisions of this License.</p>
<p style="text-align: justify;">h. <strong>“Adapt”</strong> means to transform, build upon, or to make any use of the data by itsre-arrangement or alteration <strong>[7]</strong>.</p>
<p style="text-align: justify;">i. <strong>“Redistribute”</strong> means sharing of the data by the user, either in original or in adapted form (including a subset of the original data), accompanied by appropriate attribute statement, under the same or other suitable license.</p>
<p style="text-align: justify;">j. <strong>“Attribution Statement”</strong> means a standard notice to be published by all users of data published under this license, that contains the details of the provider, source, and license of the data concerned <strong>[8]</strong>.</p>
<p style="text-align: justify;">k. <strong>“Personal Information”</strong> means any Information that relates to a natural person,which, either directly or indirectly, in combination with other Information available or likely to be available with a body corporate, is capable of identifying such person <strong>[9]</strong>.</p>
<h2>3. Permissible Use of Data</h2>
<p style="text-align: justify;">Subject to the conditions listed under section 7, the user may:</p>
<p style="text-align: justify;">a. Access, use, adapt, and redistribute data published under this license for all lawful and non-exclusive purposes, without payment of any royalty or fee;</p>
<p style="text-align: justify;">b. Apply this license worldwide, and in perpetuity;</p>
<p style="text-align: justify;">c. Access, study, copy, share, adapt, publish, redistribute and transmit the data in any medium or format; and</p>
<p style="text-align: justify;">d. Use, adapt, and redistribute the data, either in itself, or by combining it with other data, or by including it within a product/application/service, for all commercial and/or non-commercial purposes.</p>
<h2>4. Terms and Conditions of Use of Data</h2>
<p style="text-align: justify;">a. <strong>Attribution:</strong> The user must acknowledge the provider, source, and license of data by explicitly publishing the attribution statement, including the DOI (Digital Object Identifier), or the URL (Uniform Resource Locator), or the URI (Uniform Resource Identifier) of the data concerned.</p>
<p style="text-align: justify;">b. <strong>Attribution of Multiple Data:</strong> If the user is using multiple data together and/or listing of sources of multiple data is not possible, the user may provide a link to a separate page/list that includes the attribution statements and specific URL/URI of all data used.</p>
<p style="text-align: justify;"> c. <strong>Non-endorsement:</strong> The User must not indicate or suggest in any manner that the data provider(s) endorses their use and/or the user.</p>
<p style="text-align: justify;">d. <strong>No Warranty:</strong> The data provider(s) are not liable for any errors or omissions, and will not under any circumstances be liable for any direct, indirect, special, incidental, consequential, or other loss, injury or damage caused by its use or otherwise arising in connection with this license or the data, even if specifically advised of the possibility of such loss, injury or damage. Under any circumstances, the user may not hold the data provider(s) responsible for: i) any error, omission or loss of data, and/or ii) any undesirable consequences due to the use of the data as part of an application/product/service (including violation of any prevalent law).</p>
<p style="text-align: justify;">e. <strong>Permanent Disclosure and Versioning:</strong> The data provider(s) will ensure that a data package once published under this license will always remain publicly available for reference and use. If an already published data is updated by the provider, then the earlier appropriate version(s) must also be kept publicly available with accordance with the archival policy of the National Informatics Centre.</p>
<p style="text-align: justify;">f. <strong>Continuity of Provision:</strong>The data provider(s) will strive for continuously updating the data concerned, as new data regarding the same becomes available. However, the data provider(s) do not guarantee the continued supply of updated or up-to-date versions of the data, and will not be held liable in case the continued supply of updated data is not provided.</p>
<h2>5. Template for Attribution Statement</h2>
<p style="text-align: justify;">Unless the user is citing the data using an internationally accepted data citation format <strong>[10]</strong>, an attribution notice in the following format must be explicitly included:</p>
<p>“Data has been published by [Name of Data Provider] and sourced from Open Government Data (OGD) Platform of India: [Name of Data]. ([date of Publication: dd/mm/yyyy]) .[DOI / URL / URI]. Published under Open Government Data License - India: [URL of Open Data License – India].”</p>
<p>For example, “Data has been published by Ministry of Statistics and Programme Implementation and sourced from Open Government Data (OGD) Platform of India: Overall Balance of Payments. (08/09/2015). <a href="https://data.gov.in/catalog/overall-balance-payments">https://data.gov.in/catalog/overall-balance-payments</a>. Published under Open Government Data License - India: [URL of Open Data License - India].”</p>
<h2>6. Exemptions</h2>
<p style="text-align: justify;">The license does not grant the right to access, use, adapt, and redistribute the following kinds of data:</p>
<p style="text-align: justify;">a. Personal information;</p>
<p style="text-align: justify;">b. Data that the data provider(s) is not authorised to licence;</p>
<p style="text-align: justify;">c. Names, crests, logos and other official symbols of the data provider(s);</p>
<p style="text-align: justify;">d. Data subject to other intellectual property rights, including patents, trade-marks and official marks;</p>
<p style="text-align: justify;">e. Military insignia;</p>
<p style="text-align: justify;">f. Identity documents; and</p>
<p style="text-align: justify;">g. Any data publication of which may violate section 8 of the Right to Information Act, 2005 <strong>11</strong>.</p>
<h2>7. Termination</h2>
<p style="text-align: justify;">a. Failure to comply with stipulated terms and conditions will cause the user’s rights under this license to end automatically.</p>
<p style="text-align: justify;">b. Where the user’s rights to use data have terminated under the aforementioned clauses or any other Indian law, it reinstates:</p>
<p style="text-align: justify;">i. automatically, as of the date the violation is cured, provided it is cured within 30 days of the discovery of the violation; or</p>
<p style="text-align: justify;">ii. upon express reinstatement by the Licensor.</p>
<p style="text-align: justify;">c. For avoidance of doubt, this section does not affect any rights the licensor may have to seek remedies for violation of this license.</p>
<h2>8. Dispute Redressal Mechanism</h2>
<p style="text-align: justify;">This license is governed by Indian law, and the copyright of any data shared under this license vests with the licensor, under the Indian Copyright Act.</p>
<h2>9. Endnotes</h2>
<p><strong>[1]</strong> Ministry of Science and Technology. 2012. National Data Sharing and Accessibility Policy (NDSAP) 2012. Gazette of India. March 17. <a href="http://data.gov.in/sites/default/files/NDSAP.pdf">http://data.gov.in/sites/default/files/NDSAP.pdf</a>.</p>
<p><strong>[2]</strong> See: <a href="https://data.gov.in/">https://data.gov.in/</a>.</p>
<p><strong>[3]</strong> See section 3.2 of the Implementation Guidelines for National Data Sharing and Accessibility Policy (NDSAP) Version 2.2. <a href="https://data.gov.in/sites/default/files/NDSAP_Implementation_Guidelines_2.2.pdf">https://data.gov.in/sites/default/files/NDSAP_Implementation_Guidelines_2.2.pdf</a>.</p>
<p><strong>[4]</strong> See section 2.1 of NDSAP 2012.</p>
<p><strong>[5]</strong> See section 2.6 of NDSAP 2012.</p>
<p><strong>[6]</strong> See section 2.7 of NDSAP 2012.</p>
<p><strong>[7]</strong> See section 2 (a) of Indian Copyright Act 1957. <a href="http://copyright.gov.in/Documents/CopyrightRules1957.pdf">http://copyright.gov.in/Documents/CopyrightRules1957.pdf</a>.</p>
<p><strong>[8]</strong> The template of the attribution statement is given in section 5 of the license.</p>
<p><strong>[9]</strong> See section 2 (i) of Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. <a href="http://deity.gov.in/sites/upload_files/dit/files/GSR313E_10511%281%29.pdf">http://deity.gov.in/sites/upload_files/dit/files/GSR313E_10511%281%29.pdf</a>.</p>
<p><strong>[10]</strong>For example, those listed in the DOI Citation Formatter tool developed by DataCite, CrossRef and others: <a href="http://crosscite.org/citeproc/">http://crosscite.org/citeproc/</a>.</p>
<p><strong>[11]</strong> See: <a href="http://rti.gov.in/webactrti.htm">http://rti.gov.in/webactrti.htm</a>.</p>
<div> </div>
<p>
For more details visit <a href='https://cis-india.org/openness/public-consultation-for-the-first-draft-of-government-open-data-use-license-india-announced'>https://cis-india.org/openness/public-consultation-for-the-first-draft-of-government-open-data-use-license-india-announced</a>
</p>
No publishersinhaOpen Government DataOpen LicenseOpen DataNDSAPFeaturedOpenness2016-06-30T09:41:07ZBlog EntrySubmission by the Centre for Internet and Society on Revisions to ICANN Expected Standards of Behavior
https://cis-india.org/internet-governance/submission-by-the-centre-for-internet-and-society-on-revisions-to-icann-expected-standards-of-behavior
<b>Prepared by Vidushi Marda, with inputs from Dr. Nirmita Narasimhan and Sunil Abraham.</b>
<p> </p>
<p>We at the Centre for Internet and Society (“CIS”) are grateful for the opportunity to comment on the proposed revisions to ICANN’s Expected Standards of Behavior (“Standards”).</p>
<p>Before providing specific comments on the proposed revisions, CIS would like to state for the record our extreme disappointment while noting that there is no indication of the intention to draft and adopt a dedicated anti - harassment policy. We are of the firm opinion that harassment, and particularly sexual harassment, is not only a sensitive topic, but also a deeply complex one. Such a policy should consider scope, procedural questions, redressal and remedies in cases of harassment in general and sexual harassment in particular. A mere change in language to these Standards, however well intentioned, cannot go too far in preventing and dealing with cases of harassment in the absence of a framework within which such instances can be addressed.</p>
<p>Some of the issues that arose at ICANN55 were confusion surrounding the powers and limits of the Ombudsman’s office in dealing with cases of harassment, the exact procedure to be followed for redressal surrounding such incidents, and the appropriate conduct of parties to the matter. There will be no clarity in these respects, even if these proposed changes are to be adopted.</p>
<p>Specifically, the proposed language is problematic and completely inadequate for the following reasons:</p>
<ol><li>
<p><strong>Vague</strong></p>
<p>Terms like “professional conduct” and “appropriate behavior” mean little in the absence of a definition that entails such conduct. These terms could mean vastly different things to each community member and such language will only encourage a misalignment of expectation of conduct between community members. The “general” definition of harassment is at best, an ineffective placeholder, as it does not encompass exactly what kind of behavior would fall under its definition.</p>
</li>
<li>
<p><strong>Fails to consider important scenarios</strong></p>
<p>The proposed language fails to consider situations where some attempts or advances at communication, sexual or otherwise, occur. For example, consider a situation in which one community member stalks another online, and catalogues his/her every move. This is most certainly foreseeable, but will not be adequately covered by the proposed language. Further, terms like “speech or behavior that is sexually aggressive or intimidates” could or could not include types of speech such as art, music, photography etc, depending on who you ask. It also does not explain the use of the word behavior - physical, emotional, professional, online behavior are all possible, but the scope of this term would depend on the interpretation one chooses to apply. In part 4 below, we will demonstrate how ICANN has applied a far more detailed framework for harassment elsewhere.</p>
</li>
<li>
<p><strong>Ignores complexity</strong></p>
<p>In discussions surrounding the incident at ICANN55, a number of issues of arose. These included, inter alia, the definition of harassment and sexual harassment, what constituted such conduct, the procedure to be followed in such cases, the appropriate forum to deal with such incidents and the conduct that both parties are expected to maintain. These questions cannot, and have not been answered or addressed in the proposed change to the Standards. CIS emphasizes the need to understand this issue as one that must imbibe differences in culture, expectation, power dynamics, and options for redressal. If ICANN is to truly be a safe space, such issues must be substantively and procedurally fair for both the accused and the victim. This proposed definition is woefully inadequate in this regard.</p>
</li>
<li>
<p><strong>Superficial understanding of harassment, sexual harassment</strong></p>
<p>The proposed changes do not define harassment, and sexual harassment in an adequate fashion. The change currently reads, “Generally, harassment is considered unwelcome hostile or intimidating behavior -- in particular, speech or behavior that is sexually aggressive or intimidates based on attributes such as race, gender, ethnicity, religion, age, color, national origin, ancestry, disability or medical condition, sexual orientation, or gender identity.” These are subject to broad interpretation, and we have already highlighted the issues that may arise due to this in 1, above. Here, we would like to point to a far more comprehensive definition.</p>
</li></ol>
<p>ICANN’s own Employment Policy includes within the scope of sexual harassment “verbal, physical and visual conduct that creates an intimidating, offensive or hostile working environment, or interferes with work performance.” The policy also states:</p>
<blockquote>Harassing conduct can take many forms and includes, but is not limited to, the following:<br />
<ol><li>Slurs, jokes, epithets, derogatory comments, statements or gestures;</li>
<li>Assault, impeding or blocking another’s movement or otherwise physically interfering with normal work;</li>
<li>Pictures, posters, drawings or cartoons based upon the characteristics mentioned in the first paragraph of this policy.</li></ol>
Sexually harassing conduct includes all of the above prohibited actions, as well as other unwelcome conduct, such as requests for sexual favors, conversation containing sexual comments, and unwelcome sexual advances.”</blockquote>
<p>This definition is not perfect, it does not comprehensively consider advances or attempts at communication, sexual or otherwise, which are unwelcome by the target. Nonetheless, CIS believes that this is a far more appropriate definition that does not include vague metrics that the proposed changes do. Since it is one ICANN has already adopted, it can act as an important stepping stone towards a comprehensive framework.</p>
<p>Like ICANN, UNESCO’s organisational approach has been to adopt a comprehensive <a href="http://www.un.org/womenwatch/osagi/UN_system_policies/(UNESCO)Anti-harassment_Policy.pdf">Anti-Harassment Policy</a> which lays down details of definition, prevention, complaint procedure, investigations, sanctions, managerial responsibility, etc. Acknowledging the cultural sensitivity of harassment particularly in international situations, the policy also recognizes advances or attempts at communication, sexual or otherwise. Most importantly, it states that for conduct to come within the definition of sexual harassment, it “must be unwelcome, i.e. unsolicited and regarded as offensive or undesirable by the victim.”</p>
<h3>Conclusion</h3>
<p>In conclusion, we would like to reiterate the importance of adopting and drafting a dedicated anti-harassment policy and framework. The benefits of safety, certainty and formal redressal mechanisms in cases of harassment cannot be over emphasized.</p>
<p>Importantly, such measures have already been taken elsewhere. The IETF has adopted an <a href="http://tools.ietf.org/html/rfc7776">instrument</a> to address issues of harassment that occur at meetings, mailing lists and social events. This instrument contemplates in detail, problematic behavior, unacceptable conduct, the scope of the term harassment, etc. It further envisages a framework for redressal of complaints, remediation, and even contemplates issues that may arise with such remediation. It is particularly important to note that while it provides a definition of harassment, it also states that "[a]ny definition of harassment prohibited by an applicable law can be subject to this set of procedures, recognising harassment as a deeply personal and subjective experience, and thus encouraging members to take up issues of harassment as per their cultural norms and national laws, which are then considered as per procedures laid down."</p>
<p>A similar effort within the ICANN community is critical.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/submission-by-the-centre-for-internet-and-society-on-revisions-to-icann-expected-standards-of-behavior'>https://cis-india.org/internet-governance/submission-by-the-centre-for-internet-and-society-on-revisions-to-icann-expected-standards-of-behavior</a>
</p>
No publishervidushiPublic AccountabilityInternet GovernanceFeaturedICANNIANA TransitionHomepage2016-06-30T06:07:37ZBlog EntryJurisdiction: The Taboo Topic at ICANN
https://cis-india.org/internet-governance/blog/jurisdiction-the-taboo-topic-at-icann
<b>The "IANA Transition" that is currently underway is a sham since it doesn't address the most important question: that of jurisdiction. This article explores why the issue of jurisdiction is the most important question, and why it remains unaddressed.</b>
<br />
<p>In March 2014, the <a href="https://www.ntia.doc.gov/press-release/2014/ntia-announces-intent-transition-key-internet-domain-name-functions">US government announced</a> that they were going to end the contract they have with ICANN to run the <a href="https://www.iana.org/">Internet Assigned Numbers Authority</a> (IANA), and hand over control to the “global multistakeholder community”. They insisted that the plan for transition had to come through a multistakeholder process and have stakeholders “across the global Internet community”.</p>
<h2 id="why-is-the-u.s.-government-removing-the-ntia-contract">Why is the U.S. government removing the NTIA contract?</h2>
<p>The main reason for the U.S. government's action is that it will get rid of a political thorn in the U.S. government's side: keeping the contract allows them to be called out as having a special role in Internet governance (with the Affirmation of Commitments between the U.S. Department of Commerce and ICANN, the IANA contract, and the cooperative agreement with Verisign), and engaging in unilateralism with regard to the operation of the root servers of the Internet naming system, while repeatedly declaring that they support a multistakeholder model of Internet governance.</p>
<p>This contradiction is what they are hoping to address. Doing away with the NTIA contract will also increase — ever so marginally — ICANN’s global legitimacy: this is something that world governments, civil society organizations, and some American academics have been asking for nearly since ICANN’s inception in 1998. For instance, here are some demands made <a href="https://www.itu.int/net/wsis/docs2/pc3/contributions/sca/hbf-29.doc">in a declaration by the Civil Society Internet Governance Caucus at WSIS, in 2005</a>:</p>
<blockquote>
<p>“ICANN will negotiate an appropriate host country agreement to replace its California Incorporation, being careful to retain those aspects of its California Incorporation that enhance its accountability to the global Internet user community. "ICANN's decisions, and any host country agreement, must be required to comply with public policy requirements negotiated through international treaties in regard to, inter alia, human rights treaties, privacy rights, gender agreements and trade rules. … "It is also expected that the multi-stakeholder community will observe and comment on the progress made in this process through the proposed [Internet Governance] Forum."</p>
</blockquote>
<p>In short: the objective of the transition is political, <a href="https://cis-india.org/internet-governance/blog/">not technical</a>. In an ideal world, we <em>should</em> aim at reducing U.S. state control over the core of the Internet's domain name system.<a href="#fn1" class="footnoteRef" id="fnref1"><sup>1</sup></a></p>
<p>It is our contention that <strong>U.S. state control over the core of the Internet's domain name system is <em>not</em> being removed</strong> by the transition that is currently underway.</p>
<h2 id="why-is-the-transition-happening-now">Why is the Transition Happening Now?</h2>
<p>Despite the U.S. government having given commitments in the past that were going to finish the IANA transition by "September 30, 2000", (the <a href="https://www.icann.org/resources/unthemed-pages/white-paper-2012-02-25-en">White Paper on Management of Internet Names and Addresses</a> states: "The U.S. Government would prefer that this transition be complete before the year 2000. To the extent that the new corporation is established and operationally stable, September 30, 2000 is intended to be, and remains, an 'outside' date.") and later by "fall of 2006",<a href="#fn2" class="footnoteRef" id="fnref2"><sup>2</sup></a> those turned out to be empty promises. However, this time, the transition seems to be going through, unless the U.S. Congress manages to halt it.</p>
<p>However, in order to answer the question of "why now?" fully, one has to look a bit at the past.</p>
<p>In 1998, through the <a href="https://www.icann.org/resources/unthemed-pages/white-paper-2012-02-25-en">White Paper on Management of Internet Names and Addresses</a> the U.S. government <a href="http://www.icannwatch.org/archive/mueller_icann_and_internet_governance.pdf">asserted it’s control over the root</a>, and asserted — some would say arrogated to itself — the power to put out contracts for both the IANA functions as well as the 'A' Root (i.e., the Root Zone Maintainer function that Network Solutions Inc. then performed, and continues to perform to date in its current avatar as Verisign). The IANA functions contract — a periodically renewable contract — was awarded to ICANN, a California-based non-profit corporation that was set up exclusively for this purpose, but which evolved around the existing IANA (to placate the Internet Society).</p>
<p>Meanwhile, of course, there were criticisms of ICANN from multiple foreign governments and civil society organizations. Further, despite it being a California-based non-profit on contract with the government, domestically within the U.S., there was pushback from constituencies that felt that more direct U.S. control of the DNS was important.</p>
<p>As Goldsmith and Wu summarize:</p>
<blockquote>
<p>"Milton Mueller and others have shown that ICANN’s spirit of “self-regulation” was an appealing label for a process that could be more accurately described as the U.S. government brokering a behind-the-scenes deal that best suited its policy preferences ... the United States wanted to ensure the stability of the Internet, to fend off the regulatory efforts of foreign governments and international organizations, and to maintain ultimate control. The easiest way to do that was to maintain formal control while turning over day-to-day control of the root to ICANN and the Internet Society, which had close ties to the regulation-shy American technology industry." [footnotes omitted]</p>
</blockquote>
<p>And that brings us to the first reason that the NTIA announced the transition in 2014, rather than earlier.</p>
<h3 id="icann-adjudged-mature-enough">ICANN Adjudged Mature Enough</h3>
<p>The NTIA now sees ICANN as being mature enough: the final transition was announced 16 years after ICANN's creation, and complaints about ICANN and its legitimacy had largely died down in the international arena in that while. Nowadays, governments across the world send their representatives to ICANN, thus legitimizing ICANN. States have largely been satisfied by participating in the Government Advisory Council, which, as its name suggests, only has advisory powers. Further, unlike in the early days, there is <a href="http://www.internetgovernance.org/2012/05/24/threat-analysis-of-itus-wcit-part-1-historical-context/">no serious push for states assuming control of ICANN</a>. Of course they grumble about the ICANN Board not following their advice, but no government, as far as I am aware, has walked out or refused to participate.</p>
<h3 id="laffaire-snowden">L'affaire Snowden</h3>
<p>Many within the United States, and some without, believe that the United States not only plays an exceptional role to play in the running of the Internet — by dint of historical development and dominance of American companies — but that <em>it ought to</em> have an exceptional role because it is the best country to exercise 'oversight' over 'the Internet' (often coming from <a href="http://www.wsj.com/articles/SB10001424052702303563304579447362610955656">clueless commentators</a>), and from dinosaurs of the Internet era, like <a href="http://www.circleid.com/posts/20140316_if_the_stakeholders_already_control_the_internet_netmundial_iana/">American IP lawyers</a> and <a href="http://www.lawfareblog.com/2014/03/who-controls-the-internet-address-book-icann-ntia-and-iana/">American 'homeland' security hawks</a>, Jones Day, who are ICANN's lawyers, and other <a href="http://homepages.wmich.edu/~cooneys/poems/cummings.nextto.html">jingoists</a> and those policymakers who are controlled by these narrow-minded interests.</p>
<p>The Snowden revelations were, in that way, a godsend for the NTIA, as it allowed them a fig-leaf of <a href="http://www.ft.com/cms/s/0/4529516c-c713-11e3-889e-00144feabdc0.html">international</a> <a href="https://www.rt.com/usa/nsa-fallout-relinquish-internet-oversight-002/">criticism</a> <a href="https://twitter.com/carolinegreer/status/454253411576598528">with which</a> to counter these domestic critics and carry on with a transition that they have been seeking to put into motion for a while. The Snowden revelations led Dilma Rousseff, President of Brazil, to state in September 2013, at the 68th U.N. General Assembly, that Brazil would "present proposals for the establishment of a <a href="https://gadebate.un.org/sites/default/files/gastatements/68/BR_en.pdf">civilian multilateral framework for the governance and use of the Internet</a>", and as <a href="https://icannwiki.com/Diego_Canabarro">Diego Canabarro</a> points out this catalysed the U.S. government and the technical community into taking action.</p>
<p>Given this context, a few months after the Snowden revelations, the so-called <a href="https://www.apnic.net/community/ecosystem/i*orgs">I* organizations</a> met — seemingly with the blessing of the U.S. government<a href="#fn3" class="footnoteRef" id="fnref3"><sup>3</sup></a> — in Montevideo, and put out a <a href="https://www.apnic.net/publications/news/2013/montevideo-statement-on-future-of-internet-cooperation">'Statement on the Future of Internet Governance'</a> that sought to link the Snowden revelations on pervasive surveillance with the need to urgently transition the IANA stewardship role away from the U.S. government. Of course, the signatories to that statement knew fully well, as did most of the readers of that statement, that there is no linkage between the Snowden revelations about pervasive surveillance and the operations of the DNS root, but still they, and others, linked them together. Specifically, the I* organizations called for "accelerating the globalization of ICANN and IANA functions, towards an environment in which all stakeholders, including all governments, participate on an equal footing."</p>
<p>One could posit the existence of two other contributing factors as well.</p>
<p>Given political realities in the United States, a transition of this sort is probably best done before an ultra-jingoistic President steps into office.</p>
<p>Lastly, the ten-yearly review of the World Summit on Information Society was currently underway. At the original WSIS (as seen from the civil society quoted above) the issue of US control over the root was a major issue of contention. At that point (and during where the 2006 date for globalization of ICANN was emphasized by the US government).</p>
<h2 id="why-jurisdiction-is-important">Why Jurisdiction is Important</h2>
<p>Jurisdiction has a great many aspects. <em>Inter alia</em>, these are:</p>
<ul>
<li>Legal sanctions applicable to changes in the root zone (for instance, what happens if a country under US sanctions requests a change to the root zone file?)</li>
<li>Law applicable to resolution of contractual disputes with registries, registrars, etc.</li>
<li>Law applicable to labour disputes.</li>
<li>Law applicable to competition / antitrust law that applies to ICANN policies and regulations.</li>
<li>Law applicable to disputes regarding ICANN decisions, such as allocation of gTLDs, or non-renewal of a contract.</li>
<li>Law applicable to consumer protection concerns.</li>
<li>Law applicable to financial transparency of the organization.</li>
<li>Law applicable to corporate condition of the organization, including membership rights.</li>
<li>Law applicable to data protection-related policies & regulations.</li>
<li>Law applicable to trademark and other speech-related policies & regulations.</li>
<li>Law applicable to legal sanctions imposed by a country against another.</li>
</ul>
<p>Some of these, but not all, depend on where bodies like ICANN [the policy-making body], the IANA functions operator [the proposed "Post-Transition IANA"], and the root zone maintainer are incorporated or maintain their primary office, while others depend on the location of the office [for instance, Turkish labour law applies for the ICANN office in Istanbul], while yet others depend on what's decided by ICANN in contracts (for instance, the resolution of contractual disputes with ICANN, filing of suits with regard to disputes over new generic TLDs, etc.).</p>
<p>However, an issue like sanctions, for instance, depends on where ICANN/PTI/RMZ are incorporated and maintain their primary office.</p>
<p>As <a href="http://content.netmundial.br/contribution/roadmap-for-globalizing-iana-four-principles-and-a-proposal-for-reform-a-submission-to-the-global-multistakeholder-meeting-on-the-future-of-internet-governance/96">Milton Mueller notes</a>, the current IANA contract "requires ICANN to be incorporated in, maintain a physical address in, and perform the IANA functions in the U.S. This makes IANA subject to U.S. law and provides America with greater political influence over ICANN."</p>
<p>He further notes that:</p>
<blockquote>
<p>While it is common to assert that the U.S. has never abused its authority and has always taken the role of a neutral steward, this is not quite true. During the controversy over the .xxx domain, the Bush administration caved in to domestic political pressure and threatened to block entry of the domain into the root if ICANN approved it (Declaration of the Independent Review Panel, 2010). It took five years, an independent review challenge and the threat of litigation from a businessman willing to spend millions to get the .xxx domain into the root.</p>
</blockquote>
<p>Thus it is clear that even if the NTIA's role in the IANA contract goes away, jurisdiction remains an important issue.</p>
<h2 id="u.s.-doublespeak-on-jurisdiction">U.S. Doublespeak on Jurisdiction</h2>
<p>In March 2014, when NTIA finally announced that they would hand over the reins to “the global multistakeholder community”. They’ve laid down two procedural condition: that it be developed by stakeholders across the global Internet community and have broad community consensus, and they have proposed 5 substantive conditions that any proposal must meet:</p>
<ul>
<li>Support and enhance the multistakeholder model;</li>
<li>Maintain the security, stability, and resiliency of the Internet DNS;</li>
<li>Meet the needs and expectation of the global customers and partners of the IANA services; and,</li>
<li>Maintain the openness of the Internet.</li>
<li>Must not replace the NTIA role with a solution that is government-led or an inter-governmental organization.</li>
</ul>
<p>In that announcement there is no explicit restriction on the jurisdiction of ICANN (whether it relate to its incorporation, the resolution of contractual disputes, resolution of labour disputes, antitrust/competition law, tort law, consumer protection law, privacy law, or speech law, and more, all of which impact ICANN and many, but not all, of which are predicated on the jurisdiction of ICANN’s incorporation), the jurisdiction(s) of the IANA Functions Operator(s) (i.e., which executive, court, or legislature’s orders would it need to obey), and the jurisdiction of the Root Zone Maintainer (i.e., which executive, court, or legislature’s orders would it need to obey).</p>
<p>However, Mr. Larry Strickling, the head of the NTIA, in his <a href="https://www.youtube.com/watch?v=8v-yWye5I0w&feature=youtu.be">testimony before the U.S. House Subcommittee on Communications and Technology</a>, made it clear that,</p>
<blockquote>
<p>“Frankly, if [shifting ICANN or IANA jurisdiction] were being proposed, I don't think that such a proposal would satisfy our criteria, specifically the one that requires that security and stability be maintained.”</p>
</blockquote>
<p>Possibly, that argument made sense in 1998, due to the significant concentration of DNS expertise in the United States. However, in 2015, that argument is hardly convincing, and is frankly laughable.<a href="#fn4" class="footnoteRef" id="fnref4"><sup>4</sup></a></p>
<p>Targetting that remark, in ICANN 54 at Dublin, we asked Mr. Strickling:</p>
<blockquote>
<p>"So as we understand it, the technical stability of the DNS doesn't necessarily depend on ICANN's jurisdiction being in the United States. So I wanted to ask would the US Congress support a multistakeholder and continuing in the event that it's shifting jurisdiction."</p>
</blockquote>
<p>Mr. Strickling's response was:</p>
<blockquote>
<p>"No. I think Congress has made it very clear and at every hearing they have extracted from Fadi a commitment that ICANN will remain incorporated in the United States. Now the jurisdictional question though, as I understand it having been raised from some other countries, is not so much jurisdiction in terms of where ICANN is located. It's much more jurisdiction over the resolution of disputes.</p>
<p>"And that I think is an open issue, and that's an appropriate one to be discussed. And it's one I think where ICANN has made some movement over time anyway.</p>
<p>"So I think you have to ... when people use the word jurisdiction, we need to be very precise about over what issues because where disputes are resolved and under what law they're resolved, those are separate questions from where the corporation may have a physical headquarters."</p>
</blockquote>
<p>As we have shown above, jurisdiction is not only about the jurisdiction of "resolution of disputes", but also, as Mueller reminds us, about the requirement that ICANN (and now, the PTI) be "incorporated in, maintain a physical address in, and perform the IANA functions in the U.S. This makes IANA subject to U.S. law and provides America with greater political influence over ICANN."</p>
<p>In essence, the U.S. government has essentially said that they would veto the transition if the jurisdiction of ICANN or PTI's incorporation were to move out of the U.S., and they can prevent that from happening <em>after</em> the transition, since as things stand ICANN and PTI will still come within the U.S. Congress's jurisdiction.</p>
<h2 id="why-has-the-icg-failed-to-consider-jurisdiction">Why Has the ICG Failed to Consider Jurisdiction?</h2>
<p>Will the ICG proposal or the proposed new ICANN by-laws reduce existing U.S. control? No, they won't. (In fact, as we will argue below, the proposed new ICANN by-laws make this problem even worse.) The proposal by the names community ("the CWG proposal") still has a requirement (in Annex S) that the Post-Transition IANA (PTI) be incorporated in the United States, and a similar suggestion hidden away as a footnote. Further, the proposed by-laws for ICANN include the requirement that PTI be a California corporation. There was no discussion specifically on this issue, nor any documented community agreement on the specific issue of jurisdiction of PTI's incorporation.</p>
<p>Why wasn't there greater discussion and consideration of this issue? Because of two reasons: First, there were many that argued that the transition would be vetoed by the U.S. government and the U.S. Congress if ICANN and PTI were not to remain in the U.S. Secondly, the ICANN-formed ICG saw the US government’s actions very narrowly, as though the government were acting in isolation, ignoring the rich dialogue and debate that’s gone on earlier about the transition since the incorporation of ICANN itself.</p>
<p>While it would be no one’s case that political considerations should be given greater weightage than technical considerations such as security, stability, and resilience of the domain name system, it is shocking that political considerations have been completely absent in the discussions in the number and protocol parameters communities, and have been extremely limited in the discussions in the names community. This is even more shocking considering that the main reason for this transition is, as has been argued above, political.</p>
<p>It can be also argued that the certain IANA functions such as Root Zone Management function have a considerable political implication. It is imperative that the political nature of the function is duly acknowledged and dealt with, in accordance with the wishes of the global community. In the current process the political aspects of the IANA function has been completely overlooked and sidelined. It is important to note that this transition has not been a necessitated by any technical considerations. It is primarily motivated by political and legal considerations. However, the questions that the ICG asked the customer communities to consider were solely technical. Indeed, the communities could have chosen to overlook that, but they did not choose to do so. For instance, while the IANA customer community proposals reflected on existing jurisdictional arrangements, they did not reflect on how the jurisdictional arrangements should be post-transition , while this is one of the questions at the heart of the entire transition. There were no discussions and decisions as to the jurisdiction of the Post-Transition IANA: the Accountability CCWG's lawyers, Sidley Austin, recommended that the PTI ought to be a California non-profit corporation, and this finds mention in a footnote without even having been debated by the "global multistakeholder community", and subsequently in the proposed new by-laws for ICANN.</p>
<h2 id="why-the-by-laws-make-things-worse-why-work-stream-2-cant-address-most-jurisdiction-issues">Why the By-Laws Make Things Worse & Why "Work Stream 2" Can't Address Most Jurisdiction Issues</h2>
<p>The by-laws could have chosen to simply stayed silent on the matter of what law PTI would be incorporated under, but instead the by-law make the requirement of PTI being a California non-profit public benefit corporation part of the <em>fundamental by-laws</em>, which are close to impossible to amend.</p>
<p>While "Work Stream 2" (the post-transition work related to improving ICANN's accountability) has jurisdiction as a topic of consideration, the scope of that must necessarily discount any consideration of shifting the jurisdiction of incorporation of ICANN, since all of the work done as part of CCWG Accountability's "Work Stream 1", which are now reflected in the proposed new by-laws, assume Californian jurisdiction (including the legal model of the "Empowered Community"). Is ICANN prepared to re-do all the work done in WS1 in WS2 as well? If the answer is yes, then the issue of jurisdiction can actually be addressed in WS2. If the answer is no — and realistically it is — then, the issue of jurisdiction can only be very partially addressed in WS2.</p>
<p>Keeping this in mind, we recommended specific changes in the by-laws, all of which were rejected by CCWG's lawyers.</p>
<h2 id="the-transition-plan-fails-the-netmundial-statement">The Transition Plan Fails the NETmundial Statement</h2>
<p>The <a href="http://netmundial.br/wp-content/uploads/2014/04/NETmundial-Multistakeholder-Document.pdf">NETmundial Multistakeholder Document</a>, which was an outcome of the NETmundial process, states:</p>
<blockquote>
<p>In the follow up to the recent and welcomed announcement of US Government with regard to its intent to transition the stewardship of IANA functions, the discussion about mechanisms for guaranteeing the transparency and accountability of those functions after the US Government role ends, has to take place through an open process with the participation of all stakeholders extending beyond the ICANN community</p>
<p>[...]</p>
<p>It is expected that the process of globalization of ICANN speeds up leading to a truly international and global organization serving the public interest with clearly implementable and verifiable accountability and transparency mechanisms that satisfy requirements from both internal stakeholders and the global community.</p>
<p>The active representation from all stakeholders in the ICANN structure from all regions is a key issue in the process of a successful globalization.</p>
</blockquote>
<p>As our past analysis has shown, the IANA transition process and the discussions on the mailing lists that shaped it <a href="https://cis-india.org/internet-governance/blog/cis-india.org/internet-governance/blog/global-multistakeholder-community-neither-global-nor-multistakeholder">were neither global nor multistakeholder</a>. The DNS industry represented in ICANN is largely US-based. 3 in 5 registrars are from the United States of America, whereas less than 1% of ICANN-registered registrars are from Africa. Two-thirds of the Business Constituency in ICANN is from the USA. While ICANN-the-corporation has sought to become more global, the ICANN community has remained insular, and this will not change until the commercial interests involved in ICANN can become more diverse, reflecting the diversity of users of the Internet, and a TLD like .COM can be owned by a non-American corporation and the PTI can be a non-American entity.</p>
<h2 id="what-we-need-jurisdictional-resilience">What We Need: Jurisdictional Resilience</h2>
<p>It is no one's case that the United States is less fit than any other country as a base for ICANN, PTI, or the Root Zone Maintainer, or even as the headquarters for 9 of the world's 12 root zone operators (Verisign runs both the A and J root servers). However, just as having multiplicity of root servers is important for ensuring technical resilience of the DNS system (and this is shown in the uptake of Anycast by root server operators), it is equally important to have immunity of core DNS functioning from political pressures of the country or countries where core DNS infrastructure is legally situated and to ensure that we have diversity in terms of legal jurisdiction.</p>
<p>Towards this end, we at CIS have pushed for the concept of "jurisdictional resilience", encompassing three crucial points:</p>
<ul>
<li>Legal immunity for core technical operators of Internet functions (as opposed to policymaking venues) from legal sanctions or orders from the state in which they are legally situated.</li>
<li>Division of core Internet operators among multiple jurisdictions</li>
<li>Jurisdictional division of policymaking functions from technical implementation functions</li>
</ul>
<p>Of these, the most important is the limited legal immunity (akin to a greatly limited form of the immunity that UN organizations get from the laws of their host countries). This kind of immunity could be provided through a variety of different means: a host-country agreement; a law passed by the legislature; a U.N. General Assembly Resolution; a U.N.-backed treaty; and other such options exist. We are currently investigating which of these options would be the best option.</p>
<p>And apart from limited legal immunity, distribution of jurisdictional control is also valuable. As we noted in our submission to the ICG in September 2015:</p>
<blockquote>
<p>Following the above precepts would, for instance, mean that the entity that performs the role of the Root Zone Maintainer should not be situated in the same legal jurisdiction as the entity that functions as the policymaking venue. This would in turn mean that either the Root Zone Maintainer function be taken up Netnod (Sweden-headquartered) or the WIDE Project (Japan-headquartered) [or RIPE-NCC, headquartered in the Netherlands], or that if the IANA Functions Operator(s) is to be merged with the RZM, then the IFO be relocated to a jurisdiction other than those of ISOC and ICANN. This, as has been stated earlier, has been a demand of the Civil Society Internet Governance Caucus. Further, it would also mean that root zone servers operators be spread across multiple jurisdictions (which the creation of mirror servers in multiple jurisdictions will not address).</p>
</blockquote>
<p>However, the issue of jurisdiction seems to be dead-on-arrival, having been killed by the United States government.</p>
<p>Unfortunately, despite the primary motivation for demands for the IANA transition being those of removing the power the U.S. government exercises over the core of the Internet's operations in the form of the DNS, what has ended up happening through the IANA transition is that these powers have not only not been removed, but in some ways they have been entrenched further! While earlier, the U.S. had to specify that the IANA functions operator had to be located in the U.S., now ICANN's by-laws themselves will state that the post-transition IANA will be a California corporation. Notably, while the Montevideo Declaration speaks of "globalization" of ICANN and of the IANA functions, as does the NETmundial statement, the NTIA announcement on their acceptance of the transition proposals speaks of "privatization" of ICANN, and not "globalization".</p>
<p>All in all, the "independence" that IANA is gaining from the U.S. is akin to the "independence" that Brazil gained from Portugal in 1822. Dom Pedro of Brazil was then ruling Brazil as the Prince Regent since his father Dom João VI, the King of United Kingdom of Portugal, Brazil and the Algarves had returned to Portugal. In 1822, Brazil declared independence from Portugal (which was formally recognized through a treaty in 1825). Even after this "independence", Dom Pedro continued to rule Portugal just as he had before indepedence, and Dom João VI was provided the title of "Emperor of Brazil", aside from being King of the United Kingdom of Portugal and the Algarves. The "indepedence" didn't make a whit of a difference to the self-sufficiency of Brazil: Portugal continued to be its largest trading partner. The "independence" didn't change anything for the nearly 1 million slaves in Brazil, or to the lot of the indigenous peoples of Brazil, none of whom were recognized as "free". It had very little consequence not just in terms of ground conditions of day-to-day living, but even in political terms.</p>
<p>Such is the case with the IANA Transition: U.S. power over the core functioning of the Domain Name System do not stand diminished after the transition, and they can even arguably be said to have become even more entrenched. Meet the new boss: same as the old boss.</p>
<div class="footnotes">
<hr />
<ol>
<li id="fn1"><p>It is an allied but logically distinct issue that U.S. businesses — registries and registrars — dominate the global DNS industry, and as a result hold the reins at ICANN.<a href="#fnref1">↩</a></p></li>
<li id="fn2"><p>As Goldsmith & Wu note in their book <em>Who Controls the Internet</em>: "Back in 1998 the U.S. Department of Commerce promised to relinquish root authority by the fall of 2006, but in June 2005, the United States reversed course. “The United States Government intends to preserve the security and stability of the Internet’s Domain Name and Addressing System (DNS),” announced Michael D. Gallagher, a Department of Commerce official. “The United States” he announced, will “maintain its historic role in authorizing changes or modifications to the authoritative root zone file.”<a href="#fnref2">↩</a></p></li>
<li id="fn3"><p>Mr. Fadi Chehadé revealed in an interaction with Indian participants at ICANN 54 that he had a meeting "at the White House" about the U.S. plans for transition of the IANA contract before he spoke about that when <a href="http://articles.economictimes.indiatimes.com/2013-10-22/news/43288531_1_icann-internet-corporation-us-centric-internet">he visited India in October 2013</a> making the timing of his White House visit around the time of the Montevideo Statement.<a href="#fnref3">↩</a></p></li>
<li id="fn4"><p>As an example, <a href="https://www.nlnetlabs.nl/projects/nsd/">NSD</a>, software that is used on multiple root servers, is funded by a Dutch foundation and a Dutch corporation, and written mostly by European coders.<a href="#fnref4">↩</a></p></li>
</ol>
</div>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/jurisdiction-the-taboo-topic-at-icann'>https://cis-india.org/internet-governance/blog/jurisdiction-the-taboo-topic-at-icann</a>
</p>
No publisherpraneshIANAInternet GovernanceFeaturedICANNIANA Transition2016-06-29T07:51:05ZBlog EntrySmart City Policies and Standards: Overview of Projects, Data Policies, and Standards across Five International Smart Cities
https://cis-india.org/internet-governance/blog/policies-and-standards-overview-of-five-international-smart-cities
<b>This blog post aims to review five Smart Cities across the globe, namely Singapore, Dubai, New York City, London and Seoul, the Data Policies and Standards adopted. Also, the research seeks to point the similarities, differences and best practices in the development of smart cities across jurisdictions.</b>
<p> </p>
<h4>Download the brief: <a href="http://cis-india.org/internet-governance/files/SmartCitiesPoliciesStandards-20160608/at_download/file">PDF</a>.</h4>
<hr />
<h2 style="text-align: justify;">Introduction</h2>
<p style="text-align: justify;">Smart City as a concept is evolutionary in nature, and the key elements like Information and Communication Technology (ICT), digitization of services, Internet of Things (IoT), open data, big data, social innovation, knowledge, etc., would be intrinsic to defining a Smart City <a href="#_ftn1">[1]</a>.</p>
<p style="text-align: justify;">A Smart City, as a “system of systems”, can potentially generate vast amounts of data, especially as cities install more sensors, gain access to data from sources such as mobile devices, and government and other agencies make more data accessible. Consequently, Big Data techniques and concepts are highly relevant to the future of Smart Cities. It was noted by Kenneth Cukier, Senior Editor of Digital Products at The Economist, that Big Data techniques can be used to enhance a number of processes essential to cities - for example, big data can be used to spot business trends, determine quality of research, prevent diseases, tack legal citations, combat crime, and determine real-time roadway traffic conditions <a href="#_ftn2">[2]</a>. Having said this, data is deemed to be the lifeblood of a Smart City and its availability, use, cost, quality, analysis, associated business models and governance are all areas of interest for a range of actors within a smart city <a href="#_ftn3">[3]</a></p>
<p style="text-align: justify;">This blog reviews five Smart Cities namely Singapore, Dubai, New York City, London and Seoul. In doing so, the research seeks to point the similarities, differences and best practices in the development of smart cities across jurisdictions. To achieve this, the research reviews:</p>
<ul style="text-align: justify;">
<li>The definition of a Smart City in a given context or project (if any).</li>
<li>Existing policy/regulations around data or notes the lack thereof.</li>
<li>The cities adherence to the International standards and providing an update on the current status of the Smart City programme.</li></ul>
<p> </p>
<h2 style="text-align: justify;">Singapore</h2>
<h3 style="text-align: justify;"><strong> </strong><strong>Introduction</strong></h3>
<p style="text-align: justify;"><strong> </strong>The Smart Nation programme in Singapore was launched on 24th November, 2014. The programme is being driven by the Infocomm Development Authority of Singapore, through which Singapore seeks to harness ICT, networks and data to support improved livelihoods, stronger communities and creation of new opportunities for its residents <a href="#_ftn4">[4]</a> According to the IDA, a Smart Nation is a city where <em>“people and businesses are empowered through increased access to data, more participatory through the contribution of innovative ideas and solutions, and a more anticipatory government that utilises technology to better serve citizens’ needs”</em> <a href="#_ftn5">[5]</a>. The Smart Nation programme is driven by a designated Office in the Prime Minister’s Office <a href="#_ftn6">[6]</a>. As a core component to the Smart Nation Programme, the Smart Nation Platform has been developed as the technical architecture to support the Programme. This Platform enables greater pervasive connectivity, better situational awareness through data collection, and efficient sharing and access to collected sensor data, allowing public bodies to use such data to develop policy and practical interventions <a href="#_ftn7">[7]</a> Such access would allow for anticipatory governance - a goal of the Smart Nation Programme as noted by Dr. Yaacob Ibrahim, Minister for Communications and Information stating “Insights gained from this data would enable us to better anticipate citizens’ needs and help in better delivery of services” <a href="#_ftn8">[8]</a>.</p>
<h3 style="text-align: justify;"><strong>Status of the Project</strong></h3>
<div style="text-align: justify;"><strong> </strong>The Smart Nation Programme is an ongoing initiative, being built on the past programme Intelligent Nation 2015 (iN2015 masterplan). The plan involves putting in place the infrastructure, policies, ecosystem and capabilities to enable a Smart Nation, by adopting a people-centric approach <a href="#_ftn9">[9]</a>. A number of co-creating solutions adopted by the Government include:</div>
<ul style="text-align: justify;">
<li>Development of Mobile Apps to facilitate communication between the public and the providers of public services.</li>
<li>Organization of Hackathons by government agencies or corporations in collaboration with schools and industry partners to ideate and develop solutions to tackle real-world challenges.</li>
<li>Adopt measure for smart mobility to create a more seamless transport experience and providing greater access to real-time transport information so that citizens can better plan their journeys.</li>
<li>Smart technologies are also being introduced to the housing estates <a href="#_ftn10">[10]</a>.</li></ul>
<h3 style="text-align: justify;"><strong>Policies and Regulations</strong></h3>
<p style="text-align: justify;"><strong> </strong>The Smart Nation plan derives its legitimacy from the constitution of Singapore, holding the Prime Minister responsible to take charge of the subject ‘Smart Nation’ blueprint under the Statutory body of ‘Smart Nation’ Programme Office <a href="#_ftn11">[11]</a>. Singapore has a comprehensive data protection law – the Personal Data Protection Act 2012, rules governing the collection, use, disclosure and care of personal data. The Personal Data Protection Commission of Singapore has committed to work closely with the private sector, and also to support the Smart Nation vision on data privacy and cyber security ecosystem <a href="#_ftn12">[12]</a> <a href="#_ftn13">[13]</a>.</p>
<p style="text-align: justify;">Towards achieving the Smart Nation vision the government has also promoted the use of open data. In 2015 the Department of Statistics has made a vast amount of data available (across multiple themes say transport, infocomm, population, etc.) for free to the public in order to encourage innovation and facilitate the Smart Nation <a href="#_ftn14">[14]</a>. Prior to this initiative, the government had adopted the Open Data Policy in 2011, enabling public data for analysis, research and application development <a href="#_ftn15">[15]</a>. The concept of Virtual Singapore, which is a part of the Smart Nation Initiative, has been developed to adopt and simulate solutions on a virtual platform using big data analytics <a href="#_ftn16">[16]</a>.</p>
<h3 style="text-align: justify;"><strong>Adoption of International Standards</strong></h3>
<p style="text-align: justify;"><strong> </strong>The Smart Nation initiative follows the standards laid under the purview of the Singapore Standards Council (SSC). It specifies three types of Internet of Things (IoT) Standards – sensor network standards (TR38 - for public areas & TR40 - for homes), IoT foundational standards (common set of guidelines for IoT requirements and architecture, information and service interoperability, security and data integrity) and domain-specific standards (healthcare, mobility, urban living, etc.) <a href="#_ftn17">[17]</a>.</p>
<p style="text-align: justify;">Singapore is part of ISO/IEC JTC 1/WG7 Sensor Networks and ISO/IEC JTC 1/WG10 Internet of Things (IoT) <a href="#_ftn18">[18]</a>. <a href="https://www.itsc.org.sg/standards/singapore-it-standards">Singapore IT standards</a> abides to the international standards as defined by ISO, ITU, etc.Singapore is a member of many international standards forums (see <a href="https://www.itsc.org.sg/international-participation/memberships-in-iso-iec-jtc1">Singapore International Standards Committee</a>) which includes JTC1/WG9 - Big Data; JTC1/WG10 - Internet of Things; JTC1/WG11 - Smart Cities.</p>
<p> </p>
<h2 style="text-align: justify;">Dubai, United Arab Emirates</h2>
<h3><strong> </strong><strong>Introduction</strong></h3>
<p style="text-align: justify;"><strong> </strong>The Dubai Smart City strategy was launched as part of the Dubai Plan 2021 vision, in the year 2015 <a href="#_ftn19">[19]</a>. Dubai Plan 2021 describes the future of Dubai evolving through holistic and complementary perspectives, starting with the people and the society and places the government as the custodian of the city’s development. Within the Plan, the smart city theme envisions a platform that is fully connected and integrated infrastructure that enables easy mobility for all residents and tourists, and provides easy access to all economic centers and social services, in line with the world’s best cities <a href="#_ftn20">[20]</a>. Center to the smart city platform is data and data analytics, particularly cross functional data and big data techniques to give a complete view of the city <a href="#_ftn21">[21]</a> As envisioned, the Dubai Data portal would provide a gateway to empower relevant stakeholders to understand the nuances of the city and pursue questions that will result in the greatest impact from the city’s data <a href="#_ftn22">[22]</a>. The platform will be based on current data and existing services, initiatives, and networks to identify opportunities for a smart city <a href="#_ftn23">[23]</a>. The Smart City Plan also includes a framework for aligning districts of Dubai with the Smart City vision and dimensions <a href="#_ftn24">[24]</a>.</p>
<p style="text-align: justify;">The Smart Dubai roadmap 2015 provides a consolidated report and planned smart city services, its status and the stage of its implementation, for e.g. Smart Grid, Mobile Payment, Smart Water, Health applications, Public Wi-Fi, Municipality, E-Traffic solutions, etc <a href="#_ftn25">[25]</a>.</p>
<h3 style="text-align: justify;"><strong>Status of the Project</strong></h3>
<p style="text-align: justify;"><strong> </strong>The Smart Dubai strategy is envisioned to be completed by the year 2020, and currently it’s ongoing. The first phase of Smart Dubai masterplan is expected to end by 2016. Between 2017 and 2019, the plan aims to deliver new initiatives and services. The second phase of the masterplan is expected to be completed by the year 2020 <a href="#_ftn26">[26]</a>.</p>
<h3 style="text-align: justify;"><strong>Policies and Regulations</strong></h3>
<p style="text-align: justify;">The Smart City Plan is being driven by the <strong>Dubai Smart City Office</strong> – which has been established under Law No. (29) of 2015 on the establishment of Dubai Smart City Office; Law No. (30) of 2015 on the establishment of Dubai Smart City Establishment; Decree No. (37) of 2015 on the formation of the Board of the Dubai Smart City Office; and Decree No (38) of 2015- appointing a Director General for the Office, which will develop overall policies and strategic plans, supervise the smart transformation process and approve joint initiatives, projects and services <a href="#_ftn27">[27]</a>. Also, an open data law called <strong>Dubai Open Data Law</strong> was issued to complete the legislative framework for transforming Dubai into a Smart City <a href="#_ftn28">[28]</a>. This law will enable the sharing of non-confidential data between public entities and other stakeholders.</p>
<h3 style="text-align: justify;"><strong>Adoption of International Standards</strong></h3>
<p style="text-align: justify;">In 2015 the Smart Dubai Executive Committee has collaborated through an agreement with the International Telecommunications Union (ITU) adopt the performance indicators by the ITU Focus Group on Smart Sustainable Cities to evaluate the feasibility of the indicators <a href="#_ftn29">[29]</a>. The Focus Group is working towards identifying global best practices for the development of smart cities <a href="#_ftn30">[30]</a>.</p>
<p> </p>
<h2 style="text-align: justify;">New York City, United States of America</h2>
<h3 style="text-align: justify;"><strong>Introduction</strong></h3>
<p style="text-align: justify;">The ‘One New York Plan’ announced in the year 2015 is a comprehensive plan for a sustainable and resilient city. It includes the adoption of digital technology and considers the importance of the role of data in transforming every aspect of the economy, communications, politics, and individual and family life <a href="#_ftn31">[31]</a>. Furthermore, through a publication on '<a href="http://www1.nyc.gov/site/forward/innovations/smartnyc.page">Building a Smart+Equitable City</a>', the Mayor’s Office of Technology and Innovation (MOTI) describes efforts to leverage new technologies to build Smart city.</p>
<p style="text-align: justify;">Accordingly, the plan seeks to establish better lives through establishing principles and strategic frameworks to guide connected device and Internet of Things (IoT) implementation; MOTI serving as the coordinating entity for new technology and IoT deployments across all City agencies; collaborating with academia and the private sector on innovative pilot projects, and partnering with municipal governments and organizations around the world to share best practices and leverage the impact of technological advancements <a href="#_ftn32">[32]</a>.</p>
<h3 style="text-align: justify;"><strong>Status of the Project</strong></h3>
<p style="text-align: justify;">OneNYC represents a unified vision for a sustainable, resilient, and equitable city developed with cross-cutting interagency collaboration, public engagement, and consultation with leading experts in their respective fields. The Mayor’s Office of Sustainability oversees the development of OneNYC and now shares responsibility with the Mayor’s Office of Recovery and Resiliency for ensuring its implementation <a href="#_ftn33">[33]</a>.</p>
<h3 style="text-align: justify;"><strong>Policies and Regulations</strong></h3>
<p style="text-align: justify;">As per the Local Law 11 of 2012, each City entity must identify and ultimately publish all of its digital public data for citywide aggregation and publication by 2018. In adherence to this law, there exists a NYC Open Data Plan which requires annual data updation <a href="#_ftn34">[34]</a>.</p>
<p style="text-align: justify;">The LinkNYC initiative, one of the key projects to make New York a ‘smart’ city, aims to connect everyone through a city wide wi-fi network. The LinkNYC initiative will retrofit payphones with kiosks to provide high-speed WiFi hotspots and charging stations for increased connectivity <a href="#_ftn35">[35]</a>. Data Privacy in the initiative is addressed through the customer first privacy policy, which considers user’s privacy on priority and will not sell any personal information or share with third parties for their own use. LinkNYC will use anonymized, aggregate data to make the system more efficient and to develop insights to improve your Link experience <a href="#_ftn36">[36]</a>.</p>
<h3 style="text-align: justify;"><strong>Adoption of International Standards</strong></h3>
<p style="text-align: justify;">The ANSI Network on Smart and Sustainable Cities (ANSSC) is a forum for information sharing and coordination on voluntary standards, conformity assessment and related activities for smart and sustainable cities in the US <a href="#_ftn37">[37]</a>. The US is a signatory of the ISO/ITU defined standards on smart cities <a href="#_ftn38">[38]</a>.</p>
<p> </p>
<h2 style="text-align: justify;">London, United Kingdom</h2>
<h3><strong>Introduction</strong></h3>
<p style="text-align: justify;">The Smart London Plan was unveiled in the year 2013 by the Mayor of London. The plan is being driven through the Greater London Authority, with the advice of the Smart London Board. The Smart London Plan envisions <em>‘Using the creative power of new technologies to serve London and improve Londoner’s lives</em>’ <a href="#_ftn39">[39]</a>. ‘Smart London’ is about harnessing new technology and data so that businesses, Londoners and visitors experience the city in a better way, and do not face bureaucratic hassle and congestion. Smart London seeks to improve the city as a whole and focuses on city macro functions that result from the interplay between city subsystems - such as local labour markets to financial markets, from local government to education, healthcare, transportation and utilities. According to strategy documents, a smarter London recognises and employs data as a service and will leverage data to enable informed decision making and the design of new activities.</p>
<h3 style="text-align: justify;"><strong>Status of the Project</strong></h3>
<p style="text-align: justify;">This project is currently ongoing. Since its formation in March 2013, the Smart London Board has been advising the Greater London Authority.The Plan sits within the overarching framework of the Mayor’s Vision 2020 <a href="#_ftn40">[40]</a>.</p>
<h3 style="text-align: justify;"><strong>Policies and Regulations</strong></h3>
<p style="text-align: justify;">The Smart London Plan incorporates the existing open data platform called ‘London DataStore’. The rules and guidelines for this platform are defined by the Greater London Authority, which includes working with public and private sector organisations to create, maintain and utilise it, enabling common data standards, identify and prioritise which data are needed to address London’s growth challenges, establish a Smart London Borough Partnership to encourage boroughs to free up London’s local level data. Also, privacy is protected and there is transparent use of data - to ensure data use is managed in the best interests of the public rather than private enterprise.<sup>42</sup> The Smart London Plan aims to build on this existing datastore to identify and publish data that addresses specific growth challenges, with an emphasis on working with companies and communities to create, maintain, and use this data <a href="#_ftn41">[41]</a>.</p>
<p style="text-align: justify;">The Open Data White Paper, issued by the Office of Paymaster General, seeks to build a transparent society by releasing public data through open data platforms and leveraging the potential of emerging technologies <a href="#_ftn42">[42]</a>. The Greater London Authority processes personal data in accordance with the Data Protection Act 1998 <a href="#_ftn43">[43]</a>.</p>
<h3 style="text-align: justify;"><strong>Adoption of International Standards</strong></h3>
<p style="text-align: justify;">The British Standards Institution (BSI) has already established Smart City standards and has associated with the ISO Advisory Group on smart city standards. The UK subscribes to the BSI standards for smart cities and has adopted the same <a href="#_ftn44">[44]</a>. The following standards and publications help address various issues for a city to become a smart city:</p>
<ul style="text-align: justify;">
<li>The development of a standard on <a href="http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PAS-180-smart-cities-terminology/">Smart city terminology (PAS 180)</a></li>
<li>The development of a <a href="http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PAS-181-smart-cities-framework/">Smart city framework standard (PAS 181)</a></li>
<li>The development of a <a href="http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PAS-182-smart-cities-data-concept-model/">Data concept model for smart cities (PAS 182)</a></li>
<li>A <a href="http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PD-8100-smart-cities-overview/">Smart city overview document (PD 8100)</a></li>
<li>A <a href="http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PD-8101-smart-cities-planning-guidelines/">Smart city planning guidelines document (PD 8101)</a></li>
<li>BS 8904 Guidance for community sustainable development provides a decision-making framework that will help setting objectives in response to the needs and aspirations of city stakeholders</li>
<li>BS 11000 Collaborative relationship management</li>
<li>BSI BIP 2228:2013 Inclusive urban design - A guide to creating accessible public spaces.</li></ul>
<p style="text-align: justify;">Further, the Smart London Plan incorporates open data standards in accordance with London DataStore <a href="#_ftn45">[45]</a>. Various government reports – Smart Cities background paper, Open Data White Paper, etc., have suggested the use of standards related to Internet of Things (IoT), open data standards, etc <a href="#_ftn46">[46]</a>.</p>
<p> </p>
<h2 style="text-align: justify;">Seoul, Korea</h2>
<h3 style="text-align: justify;"><strong>Introduction</strong></h3>
<p style="text-align: justify;"><strong></strong>Smart Seoul 2015 was announced in June 2011 by the Seoul Metropolitan Government, which envisions integrating IT services into every field, including administration, welfare, industry and living. Through this, the Seoul Metropolitan Government plans to create a Seoul that uses smart technologies by 2015 <a href="#_ftn47">[47]</a>. Towards this, the Seoul Metropolitan Government plans to make use of Big Data in policy development, and through scientific analytics, will provide customized administrative services and reduce wasteful spending. Also, the government is utilising Big Data to analyse trends emerging from existing services <a href="#_ftn48">[48]</a>. Examples of projects that leverage big data that the government has undertaken include the Taxi Matchmaking Project – analyzes the data related to taxi stands and passengers, the Owl Bus <a href="#_ftn49">[49]</a> - maps the bus routes, etc.</p>
<h3 style="text-align: justify;"><strong>Status of the Project</strong></h3>
<p style="text-align: justify;"><strong></strong>Building on the Smart Seoul 2015, the Seoul Metropolitan Government plans to establish 'Global Digital Seoul 2020 – New Connections, Different Experiences' vision in next five-years. In this multi-objective plan, it aims to establish a ’Big Data campus’ providing win-win cooperation among public, private, industry and university <a href="#_ftn50">[50]</a>.</p>
<h3 style="text-align: justify;"><strong>Policies and Regulations </strong></h3>
<p style="text-align: justify;"><strong></strong>The Smart Seoul 2015 aims to create a ‘Seoul Data Mart’, which will be an open platform that makes public information available for data processing <a href="#_ftn51">[51]</a>. Furthermore, Seoul has opened the Seoul Open Data Plaza <a href="#_ftn52">[52]</a>, an online channel to share and provide citizens with all of Seoul’s public data, such as real-time bus operation schedules, subway schedules, non-smoking areas, locations of public Wi-Fi services, shoeshine shops, and facilities for disabled people, and the information registered in Seoul Open Data Plaza is provided in the open API format.<sup>45</sup></p>
<p style="text-align: justify;">South Korea has a comprehensive law governing data privacy – Personal Information Protection Act, 2011. The law includes data protection rules and principles, including obligations on the data controller and the consent of data subjects, rights to access personal data or object to its collection, and security requirements. It also covers cookies and spam, data processing by third parties and the international transfer of data <a href="#_ftn53">[53]</a>.</p>
<h3 style="text-align: justify;"><strong>International Standards</strong></h3>
<p style="text-align: justify;"><strong></strong>The smart city standards are adopted in the development of smart cities in Korea <a href="#_ftn54">[54]</a>. Korea has adopted the ISO/TC 268, which is focused on sustainable development in communities. Korea also has one working group developing city indicators and another working group developing metrics for smart community infrastructures <a href="#_ftn55">[55]</a>.</p>
<p> </p>
<h2>Conclusion</h2>
<p style="text-align: justify;">The smart city projects studied are at different levels of implementation and have both similarities and differences. Below is an analysis of some of the key similarities and differences between smart city projects, a comparison of these points to India’s 100 Smart City Mission, and a summary of best practices around the development of smart city frameworks.</p>
<h3><strong>Nodal Agency</strong></h3>
<p style="text-align: justify;">All cities studied have nodal agencies driving the smart city initiatives and many have policies in place backing these initiatives. For example, while the Smart Nation programme in Singapore is being driven by the Infocomm Development Authority, in London the smart city project is governed by the Great London Authority. The Smart Seoul Project in Korea is governed by the Seoul Metropolitan Government and New York has the Mayor’s Office of Technology and Innovation serving as the coordinating entity for new technology and IoT deployments across all City agencies. In India, the nodal agency driving the 100 Smart Cities Project is the Ministry of Urban Development under the Indian Government. In India, the implementation of the Mission at the City level will be done by a Special Purpose Vehicle (SPV), which will be a limited company and will plan, appraise, approve, release funds, implement, manage, operate, monitor and evaluate the Smart City development projects.</p>
<h3><strong>Policies</strong></h3>
<p style="text-align: justify;">Many of the cities had open data policies and data protection policies that pertain to the Smart City initiatives. In Dubai, an open data law called Dubai Open Data Law has been issued to complete the legislative framework for transforming Dubai into a Smart City and the Smart City Establishment will develop policies for the project. New York also has an Open Data Plan in place and LinkNYC will use anonymized, aggregate data to address data privacy of users. In London, the Smart London Plan incorporates the existing open data platform called ‘London DataStore’, the rules for which are defined by the Greater London Authority, which also ensures privacy and transparent use of data by processing personal data in accordance with the Data Protection Act 1998. For regulation of data in Seoul, a ‘Seoul Data Mart’ will be established to make public information available for data processing and the Seoul Open Data Plaza is an existing online channel to share and provide citizens with all of Seoul’s public data. South Korea has a comprehensive law governing data privacy in place as well. In Singapore, the Personal Data Protection Commission has committed to work and support the Smart Nation vision on data privacy and cyber security ecosystem. To achieve the vision of the project, the government has also promoted the use of open data. It can be said the these countries , with clearly laid out policies to support and guide the project, have well planned ecosystem for regulation and governance of systems, technologies and cities. All cities have incorporated open data into smart cities and many have developed guidelines for its use. All cities have similar goals of enhancing the lives of citizens and developing anticipatory regulation, however, there appears to be little discussion on the need to amend existing law or enable new law around privacy and data protection in light of data collection through smart cities. In India, no enabling legislation or policy has been formulated by the Government, apart from releasing “Mission Statement and Guidelines”, which provides details about the Project and vision, excluding a definition of a ‘smart city’ or the relevant applicable laws and policies. No information is publicly available regarding deployment of open data, use of specific technologies like cloud, big data, etc., the relevant policies and applicability of laws. Unlike India, all cities recognize the importance of big data techniques in enabling smart city visions, technology and policies. On the lines of these cities, India must work towards addressing the need for an open data framework in light of the 100 Smart Cities Mission to enable the sharing of non-confidential data between public entities and other stakeholders. This requires co-ordination to incorporate, enable and draw upon open data architecture in the cities by the Government with the existing open data framework in India, like the National Data Sharing and Accessibility Policy, 2012. Use of technology in the form of IoT and Big Data entails access to open data, bringing another policy area in its ambit which needs consideration. Also, identification and development of open standards for IoT must be looked at. Also, as data in smart cities will be generated, collected, used, and shared by both the public and private sector. It is essential that India’s existing data protection standards and regime must be amended to extend the data regulation beyond a body corporate and oversee the collection and use of data by the Government, and its agencies.</p>
<h3><strong>Standards</strong></h3>
<p style="text-align: justify;">In Singapore, the Smart Nation initiative follows the standards laid under the purview of the Singapore Standards Council (SSC)and the <a href="https://www.itsc.org.sg/standards/singapore-it-standards">Singapore IT standards</a> abides to the international standards as defined by ISO, ITU, etc. The Country is also a member of many international standards forums (see <a href="https://www.itsc.org.sg/international-participation/memberships-in-iso-iec-jtc1">Singapore International Standards Committee</a>) which includes JTC1/WG9- Big Data; JTC1/WG10 - Internet of Things; JTC1/WG11 - Smart Cities. In Dubai, the Smart Dubai Executive Committee with the International Telecommunications Union (ITU) to adopt the performance indicators by the ITU Focus Group on Smart Sustainable Cities to evaluate the feasibility of the indicators. For the purpose of standards, the ANSI Network on Smart and Sustainable Cities (ANSSC) in New York is a forum smart and sustainable cities, along with US being a signatory of the ISO/ITU defined standards on smart cities. Also, The British Standards Institution (BSI) has already established Smart City standards and has associated with the ISO Advisory Group on smart city standards. The UK subscribes to the BSI standards for smart cities and has adopted the same and the Smart London Plan incorporates open data standards in accordance with London DataStore. For development of smart cities, Korea has adopted the ISO/TC 268, which is focused on sustainable development in communities and also has one working group developing city indicators and another working group developing metrics for smart community infrastructures. However, in India, the Bureau of Indian Standards (BIS) has undertaken the task to formulate standardised guidelines for central and state authorities in planning, design and construction of smart cities by setting up a technical committee under the Civil engineering department of the Bureau. However, adoption of the standards by implementing agencies would be voluntary and intends to complement internationally available documents in this area. Also, The Global Cities Institute (GCI) has undertaken a mission in the year 2015 to align with the Bureau of Indian Standards regarding development of standards of smart cities and also to forge relationships with Indian cities in light of ISO 37120. It can be said that India has currently not yet adopted international standards, but is in the process of developing national standards and adopting key international standards. Unlike other cities,which are adopting standards - national, ISO, or ITU, Indian cities are yet to adopt standards for regulation of the future smart cities.</p>
<h3><strong>Notes for India</strong></h3>
<p style="text-align: justify;">India is in the nascent stages of developing smart cities across the country. Drawing from the practices adopted by cities across the world, smart cities in India should adopt strong regulatory and governance frameworks regarding technical standards, open data and data security and data protection policies. These policies will be essential in ensuring the sustainability and efficiency of smart cities while safeguarding individual rights. Some of these policies are already in place - such as India’s Open Data Policy and India’s data protection standards under section 43A of the ITA. It will be important to see how these policies are adopted and applied to the context of smart cities.</p>
<p> </p>
<h2>References</h2>
<p><a name="_ftn1">[1]</a> Smart Cities and Transparent Evolution, <a href="http://www.posterheroes.org/Posterheroes3/_mat/PH3_eng.pdf">http://www.posterheroes.org/Posterheroes3/_mat/PH3_eng.pdf</a>.</p>
<p><a name="_ftn2">[2]</a> "Data, Data Everywhere." The Economist, February 25, 2010. Accessed March 17, 2016, <a href="http://www.economist.com/node/15557443">http://www.economist.com/node/15557443</a>.</p>
<p><a name="_ftn3">[3]</a> "Smart Cities." ISO. 2015. Accessed March 17, 2016, <a href="http://www.iso.org/iso/smart_cities_report-jtc1.pdf">http://www.iso.org/iso/smart_cities_report-jtc1.pdf</a>.</p>
<p><a name="_ftn4">[4]</a> Transcript of Prime Minister Lee Hsien Loong's speech at Smart Nation launch on 24 November, <a href="http://www.pmo.gov.sg/mediacentre/transcript-prime-minister-lee-hsien-loongs-speech-smart-nation-launch-24-november">http://www.pmo.gov.sg/mediacentre/transcript-prime-minister-lee-hsien-loongs-speech-smart-nation-launch-24-november</a>.</p>
<p><a name="_ftn5">[5]</a> Smart Nation Vision, <a href="https://www.ida.gov.sg/Tech-Scene-News/Smart-Nation-Vision">https://www.ida.gov.sg/Tech-Scene-News/Smart-Nation-Vision</a>.</p>
<p><a name="_ftn6">[6]</a> Smart Nation, <a href="http://www.pmo.gov.sg/smartnation">http://www.pmo.gov.sg/smartnation</a>.</p>
<p><a name="_ftn7">[7]</a> Smart Nation Platform, <a href="https://www.ida.gov.sg/~/media/Files/About%20Us/Newsroom/Media%20Releases/2014/0617_smartnation/AnnexA_sn.pdf">https://www.ida.gov.sg/~/media/Files/About%20Us/Newsroom/Media%20Releases/2014/0617_smartnation/AnnexA_sn.pdf</a>.</p>
<p><a name="_ftn8">[8]</a> Transcript of Prime Minister Lee Hsien Loong's speech at Smart Nation launch on 24 November, <a href="https://www.ida.gov.sg/blog/insg/featured/singapore-lays-groundwork-to-be-worlds-first-smart-nation/">https://www.ida.gov.sg/blog/insg/featured/singapore-lays-groundwork-to-be-worlds-first-smart-nation/</a>.</p>
<p><a name="_ftn9">[9]</a> Prime Ministers’ Office Singapore-Smart Nation, <a href="http://www.pmo.gov.sg/smartnation">http://www.pmo.gov.sg/smartnation</a>.</p>
<p><a name="_ftn10">[10]</a> Prime Ministers’ Office Singapore-Smart Nation, <a href="http://www.pmo.gov.sg/smartnation">http://www.pmo.gov.sg/smartnation</a>.</p>
<p><a name="_ftn11">[11]</a> Constitution of the Republic of Singapore (Responsibility of the Prime Minister) Notification 2015, <a href="http://statutes.agc.gov.sg/aol/search/display/view.w3p;page=0;query=Status%3Acurinforce%20Type%3Aact,sl%20Content%3A%22smart%22;rec=4;resUrl=http%3A%2F%2Fstatutes.agc.gov.sg%2Faol%2Fsearch%2Fsummary%2Fresults.w3p%3Bquery%3DStatus%253Acurinforce%2520Type%253Aact,sl%2520Content%253A%2522smart%2522;whole=yes">http://statutes.agc.gov.sg/aol/search/display/view.w3p;page=0;query=Status%3Acurinforce%20Type%3Aact,sl%20Content%3A%22smart%22;rec=4;resUrl=http%3A%2F%2Fstatutes.agc.gov.sg%2Faol%2Fsearch%2Fsummary%2Fresults.w3p%3Bquery%3DStatus%253Acurinforce%2520Type%253Aact,sl%2520Content%253A%2522smart%2522;whole=yes</a>.</p>
<p><a name="_ftn12">[12]</a> Personal Data Protection Singapore-Annual Report 2014-15, <a href="https://www.pdpc.gov.sg/docs/default-source/Reports/pdpc-ar-fy14---online.pdf">https://www.pdpc.gov.sg/docs/default-source/Reports/pdpc-ar-fy14---online.pdf</a>.</p>
<p><a name="_ftn13">[13]</a> Balancing Innovation and Personal Data Protection, <a href="https://www.ida.gov.sg/Tech-Scene-News/Tech-News/Digital-Government/2015/9/Balancing-innovation-and-personal-data-protection">https://www.ida.gov.sg/Tech-Scene-News/Tech-News/Digital-Government/2015/9/Balancing-innovation-and-personal-data-protection</a>.</p>
<p><a name="_ftn14">[14]</a> Department of Statistics Singapore- Free Access to More Data on the SingStat Website from 1 March 2015, <a href="http://www.singstat.gov.sg/docs/default-source/default-document-library/news/press_releases/press27022015.pdf">http://www.singstat.gov.sg/docs/default-source/default-document-library/news/press_releases/press27022015.pdf</a>.</p>
<p><a name="_ftn15">[15]</a> Singapore Marks 50th Birthday With Open Data Contest, <a href="https://blog.hootsuite.com/singapore-open-data/">https://blog.hootsuite.com/singapore-open-data/</a>.</p>
<p><a name="_ftn16">[16]</a> Virtual Singapore - a 3D city model platform for knowledge sharing and community collaboration, <a href="http://www.sla.gov.sg/News/tabid/142/articleid/572/category/Press%20Releases/parentId/97/year/2014/Default.aspx">http://www.sla.gov.sg/News/tabid/142/articleid/572/category/Press%20Releases/parentId/97/year/2014/Default.aspx</a>.</p>
<p><a name="_ftn17">[17]</a> Internet of Things (IoT) Standards Outline to Support Smart Nation Initiative Unveiled, <a href="http://www.spring.gov.sg/NewsEvents/PR/Pages/Internet-of-Things-(IoT)-Standards-Outline-to-Support-Smart-Nation-Initiative-Unveiled-20150812.aspx">http://www.spring.gov.sg/NewsEvents/PR/Pages/Internet-of-Things-(IoT)-Standards-Outline-to-Support-Smart-Nation-Initiative-Unveiled-20150812.aspx</a>.</p>
<p><a name="_ftn18">[18]</a> Information Technology Standards Committee, <a href="https://www.itsc.org.sg/technical-committees/internet-of-things-technical-committee-iottc">https://www.itsc.org.sg/technical-committees/internet-of-things-technical-committee-iottc</a> and <a href="https://www.ida.gov.sg/~/media/Files/Infocomm%20Landscape/iN2015/Reports/realisingthevisionin2015.pdf">https://www.ida.gov.sg/~/media/Files/Infocomm%20Landscape/iN2015/Reports/realisingthevisionin2015.pdf</a>.</p>
<p><a name="_ftn19">[19]</a> Government of Dubai-2021 Dubai Plan-Purpose, <a href="http://www.dubaiplan2021.ae/the-purpose/">http://www.dubaiplan2021.ae/the-purpose/</a>.</p>
<p style="text-align: justify;"><a name="_ftn20">[20]</a> Government of Dubai-2021 Dubai Plan, <a href="http://www.dubaiplan2021.ae/dubai-plan-2021/">http://www.dubaiplan2021.ae/dubai-plan-2021/</a>.</p>
<p><a name="_ftn21">[21]</a> Smart Dubai, <a href="http://www.smartdubai.ae/foundation_layers.php">http://www.smartdubai.ae/foundation_layers.php</a>.</p>
<p><a name="_ftn22">[22]</a> The Internet of Things: Connections for People’s happiness, <a href="http://www.smartdubai.ae/story021002.php">http://www.smartdubai.ae/story021002.php</a>.</p>
<p><a name="_ftn23">[23]</a> Smart Dubai - Current State, <a href="http://www.smartdubai.ae/current_state.php">http://www.smartdubai.ae/current_state.php</a>.</p>
<p><a name="_ftn24">[24]</a> Smart Dubai - District Guidelines, <a href="http://smartdubai.ae/districtguidelines/Smart_Dubai_District_Guidelines_Public_Brief.pdf">http://smartdubai.ae/districtguidelines/Smart_Dubai_District_Guidelines_Public_Brief.pdf</a>.</p>
<p><a name="_ftn25">[25]</a> See; <a href="http://roadmap.smartdubai.ae/search-services-public.php">http://roadmap.smartdubai.ae/search-services-public.php</a> and <a href="http://roadmap.smartdubai.ae/search-initiatives-public.php">http://roadmap.smartdubai.ae/search-initiatives-public.php</a>.</p>
<p><a name="_ftn26">[26]</a> Smart Dubai-Smart District Guidelines, <a href="http://smartdubai.ae/districtguidelines/Smart_Dubai_District_Guidelines_Public_Brief.pdf">http://smartdubai.ae/districtguidelines/Smart_Dubai_District_Guidelines_Public_Brief.pdf</a>.</p>
<p><a name="_ftn27">[27]</a> Dubai Ruler issues new laws to further enhance the organisational structure and legal framework of Dubai Smart City, <a href="https://www.wam.ae/en/news/emirates/1395288828473.html">https://www.wam.ae/en/news/emirates/1395288828473.html</a>.</p>
<p><a name="_ftn28">[28]</a> See: <a href="http://slc.dubai.gov.ae/en/AboutDepartment/News/Lists/NewsCentre/DispForm.aspx?ID=147&ContentTypeId=0x01001D47EB13C23E544893300E8367A23439">http://slc.dubai.gov.ae/en/AboutDepartment/News/Lists/NewsCentre/DispForm.aspx?ID=147&ContentTypeId=0x01001D47EB13C23E544893300E8367A23439</a> and <a href="http://www.smartdubai.ae/dubai_data.php">http://www.smartdubai.ae/dubai_data.php</a>.</p>
<p><a name="_ftn29">[29]</a> Dubai first city to trial ITU key performance indicators for smart sustainable cities, <a href="http://www.itu.int/net/pressoffice/press_releases/2015/12.aspx#.VtaYtlt97IU">http://www.itu.int/net/pressoffice/press_releases/2015/12.aspx#.VtaYtlt97IU</a>.</p>
<p><a name="_ftn30">[30]</a> Smart Dubai Benchmark Report 2015 Executive Summary, <a href="http://smartdubai.ae/bmr2015/methodology-public.php">http://smartdubai.ae/bmr2015/methodology-public.php</a>.</p>
<p><a name="_ftn31">[31]</a> Building a Smart + Equitable City, <a href="http://www1.nyc.gov/assets/forward/documents/NYC-Smart-Equitable-City-Final.pdf">http://www1.nyc.gov/assets/forward/documents/NYC-Smart-Equitable-City-Final.pdf</a></p>
<p><a name="_ftn32">[32]</a> Building a Smart + Equitable City, <a href="http://www1.nyc.gov/site/forward/innovations/smartnyc.page">http://www1.nyc.gov/site/forward/innovations/smartnyc.page</a>.</p>
<p><a name="_ftn33">[33]</a> One New York: The Plan for a Strong and Just City, <a href="http://www1.nyc.gov/html/onenyc/about.html">http://www1.nyc.gov/html/onenyc/about.html</a></p>
<p><a name="_ftn34">[34]</a> Open Data for All, <a href="http://www1.nyc.gov/assets/home/downloads/pdf/reports/2015/NYC-Open-Data-Plan-2015.pdf">http://www1.nyc.gov/assets/home/downloads/pdf/reports/2015/NYC-Open-Data-Plan-2015.pdf</a>.</p>
<p><a name="_ftn35">[35]</a> 7 public projects that are turning New York into a “smart city”, <a href="http://www.builtinnyc.com/2015/11/24/7-projects-are-turning-new-york-futuristic-technology-hub">http://www.builtinnyc.com/2015/11/24/7-projects-are-turning-new-york-futuristic-technology-hub</a>.</p>
<p><a name="_ftn36">[36]</a> LinkNYC, <a href="https://www.link.nyc/faq.html#privacy">https://www.link.nyc/faq.html#privacy</a>.</p>
<p><a name="_ftn37">[7]</a> ANSI Network on Smart and Sustainable Cities, <a href="http://www.ansi.org/standards_activities/standards_boards_panels/anssc/overview.aspx?menuid=3">http://www.ansi.org/standards_activities/standards_boards_panels/anssc/overview.aspx?menuid=3</a></p>
<p><a name="_ftn38">[38]</a> IoT-Enabled Smart City Framework, <a href="http://publicaa.ansi.org/sites/apdl/Documents/News%20and%20Publications/Links%20Within%20Stories/IoT-EnabledSmartCityFrameworkWP20160213.pdf">http://publicaa.ansi.org/sites/apdl/Documents/News%20and%20Publications/Links%20Within%20Stories/IoT-EnabledSmartCityFrameworkWP20160213.pdf</a>.</p>
<p><a name="_ftn39">[39]</a> Smart London (UK) Plan: Digital Technologies, London and Londoners, <a href="http://munkschool.utoronto.ca/ipl/files/2015/03/KleinmanM_Smart-London-UK-v5_30AP2015.pdf">http://munkschool.utoronto.ca/ipl/files/2015/03/KleinmanM_Smart-London-UK-v5_30AP2015.pdf</a>.</p>
<p><a name="_ftn40">[40]</a> Smart London Plan, <a href="http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf">http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf</a>.</p>
<p><a name="_ftn41">[41]</a> Smart London Plan, <a href="http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf">http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf</a>.</p>
<p><a name="_ftn42">[42]</a> Open Data White Paper, <a href="https://data.gov.uk/sites/default/files/Open_data_White_Paper.pdf">https://data.gov.uk/sites/default/files/Open_data_White_Paper.pdf</a>.</p>
<p><a name="_ftn43">[43]</a> London Datastore-Privacy, <a href="http://data.london.gov.uk/about/privacy/">http://data.london.gov.uk/about/privacy/</a>.</p>
<p><a name="_ftn44">[44]</a> Future Cities Standards Centre in London, <a href="https://eu-smartcities.eu/commitment/5937">https://eu-smartcities.eu/commitment/5937</a>.</p>
<p><a name="_ftn45">[45]</a> Smart London Plan, <a href="http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf">http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf</a>.</p>
<p><a name="_ftn46">[46]</a> Smart Cities background paper, October 2013, <a href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/246019/bis-13-1209-smart-cities-background-paper-digital.pdf">https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/246019/bis-13-1209-smart-cities-background-paper-digital.pdf</a>.</p>
<p><a name="_ftn47">[47]</a> Presentation of 2015 Blueprint of Seoul as ‘State-of-the-art Smart City’, <a href="http://english.seoul.go.kr/presentation-of-2015-blueprint-of-seoul-as-%E2%80%98state-of-the-art-smart-city%E2%80%99/">http://english.seoul.go.kr/presentation-of-2015-blueprint-of-seoul-as-%E2%80%98state-of-the-art-smart-city%E2%80%99/</a>.</p>
<p><a name="_ftn48">[48]</a> “Policy Where There is Demand,” Seoul Utilizes Big Data, <a href="http://english.seoul.go.kr/policy-demand-seoul-utilizes-big-data/">http://english.seoul.go.kr/policy-demand-seoul-utilizes-big-data/</a></p>
<p><a name="_ftn49">[49]</a> Seoul’s “Owl Bus” Based on Big Data Technology, <a href="http://www.citiesalliance.org/sites/citiesalliance.org/files/Seoul-Owl-Bus-11052014.pdf">http://www.citiesalliance.org/sites/citiesalliance.org/files/Seoul-Owl-Bus-11052014.pdf</a></p>
<p><a name="_ftn50">[50]</a> Seoul Launches “Global Digital Seoul 2020”, <a href="http://english.seoul.go.kr/seoul-launches-global-digital-seoul-2020/">http://english.seoul.go.kr/seoul-launches-global-digital-seoul-2020/</a></p>
<p><a name="_ftn51">[51]</a> Smart Seoul 2015, <a href="http://english.seoul.go.kr/wp-content/uploads/2014/02/SMART_SEOUL_2015_41.pdf">http://english.seoul.go.kr/wp-content/uploads/2014/02/SMART_SEOUL_2015_41.pdf</a></p>
<p><a name="_ftn52">[52]</a> Disclosing public data through the Seoul Open Data Plaza, <a href="http://english.seoul.go.kr/policy-information/key-policies/informatization/seoul-open-data-plaza/">http://english.seoul.go.kr/policy-information/key-policies/informatization/seoul-open-data-plaza/</a></p>
<p><a name="_ftn53">[53]</a> Data protection in South Korea: overview, <a href="http://uk.practicallaw.com/2-579-7926">http://uk.practicallaw.com/2-579-7926</a>.</p>
<p><a name="_ftn54">[54]</a>Smart Cities Seoul: a case study, <a href="https://www.itu.int/dms_pub/itu-t/oth/23/01/T23010000190001PDFE.pdf">https://www.itu.int/dms_pub/itu-t/oth/23/01/T23010000190001PDFE.pdf</a></p>
<p><a name="_ftn55">[55]</a> Smart Cities-ISO, <a href="http://www.iso.org/iso/livelinkgetfile-isocs?nodeid=16193764">http://www.iso.org/iso/livelinkgetfile-isocs?nodeid=16193764</a>.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/policies-and-standards-overview-of-five-international-smart-cities'>https://cis-india.org/internet-governance/blog/policies-and-standards-overview-of-five-international-smart-cities</a>
</p>
No publisherKiran A. B., Elonnai Hickok and Vanya RakeshBig DataInternet GovernanceFeaturedSmart CitiesPoliciesHomepage2016-06-11T13:29:04ZBlog Entry