We are anonymous, we are legion

Under Modi government, foreign funding of NGOs has come down

praskrishna — 2016-06-14T16:37:26Z

Information obtained under RTI from the Home Ministry suggests NGOs have had to take a serious hit in the last 2 years.

This was published by Newslaundry on May 20, 2016. Sunil Abraham gave inputs.

It was in 2015 that reports started coming in of non-governmental organisations (NGOs) being targeted by the Indian government. However, according to data from the Ministry of Home Affairs, the state’s crackdown onNGOs’ foreign funding appears to have started within weeks of Prime Minister Narendra Modi taking charge in 2014.

During 2014-15, foreign contributions to NGOs in India came down by more than 30 per cent compared to the previous year. The number of organisations receiving foreign funding too declined. Foreign contributions came down from Rs 13,115 crore in 2013-14 to Rs 8,756 crore in 2014-15, according to information obtained under the Right to Information Act by 101reporters for Newslaundry.

In 2013-14, Delhi had received the highest amount of funding from the foreign donors, but in 2014-15, it registered a dramatic decline by almost 50 per cent in 2014-15. Other states that registered massive declines include Tamil Nadu and Andhra Pradesh.

“The cutting down on funding for NGOs are mostly a political step to shut up the voice of certain section in the society,” a senior official at Indian Audits and Accounts Service, with the Comptroller and Auditor General of India’s office. “But sometimes irregularities are found in NGOs working and violate certain rules prescribed by the law.” The official shared this view on condition of anonymity.

While the newly-installed government led by Modi has clamped down on foreign funding to NGOs, it wasn’t acting any differently than other governments. The Economist wrote on Sept 13, 2014, soon after the Modi government took charge, “Indian NGOs have needed government approval for foreign donations since 1976, in response to what Indira Gandhi, then prime minister, thought was the “foreign hand” of the Federal Bureau of Investigation (FBI) of US meddling in her country’s affairs.” Anxieties about the role of foreign donors is evidently an Indian tradition. The Economist further wrote, “Recent reports of an intelligence dossier claiming that the activities of foreign-funded NGOs had cut India’s growth rate have sparked fears that Narendra Modi, the nationalistic new prime minister, will tighten the rules further.” It did however note that these restrictions “sit alongside a thriving civil society”.

In the second half of 2015, the Indian government cancelled registrations of more than 10,117 NGOs across the country.

The union government alleged that due to not filing of annual returns for the financial years 2009-2010, 2010-11 and 2011-12, the government had cancelled the registration of these NGOs in 2015. Most number of registrations were cancelled from state of Andhra Pradesh (1,420), followed by Uttar Pradesh (1,147) and Tamil Nadu (10,068).

The most prominent of the cancellations was Greenpeace, an organisation that campaigns to protect the environment, whose licence was cancelled by the Ministry of Home Affairs (MHA) on September 3, 2015.

Following the clampdown on NGOs, the global charity the Ford Foundation, which is based in America, froze $4 million of funding to India. The US Ambassador to India Richard Verma said that the tougher approach may have a “chilling effect” on civil society and democratic traditions.

The Ford Foundation has donated more than $500 million to India since opening its first overseas office in Delhi in 1952. It has also funded a number of NGOs and institutions across the country, including Bengaluru-based National Law School of India University (NLSIU) and Centre for Internet and Society.

Executive director of Centre for Internet and Society (CIS), Sunil Abraham, explained that unconventional intuitions — which work in fields other than health, education and social security — like CIS are mostly funded by foreign philanthropy entities. “Foreign funding cut on NGOs is a step to restrain institutions from debating and questioning government policies,” said Abraham.

An Indian Express report from this time stated that the National Democratic Alliance government had proposed a series of amendments to the Foreign Contribution Regulation Act (FCRA) in order to strengthen its scrutiny of financial transactions involving NGOs. The most important change was that government would equate “economic security” for NGOs under the FCRA with the definition provided in Section 2 of the Unlawful Activities Prevention Act (UAPA).

An analysis of data for the past eight years shows that the number of organisations receiving foreign funding is on decline. In 2006-07, the total number of NGOs that received foreign funding was 22,261. By 2014-15, the number had declined to 12,014 across the country.

However, in terms of amounts, there has been an overall increase in funding. In the fiscal year of 2006-07, foreign contributions to NGOs in India amounted to Rs 11, 260 crore, which went up to Rs 13,115 crore by 2013-14.

Both the amount of funding received and the number of NGOs have no schematic patterns that establish how funding went down or that NGO registrations were revoked during any particular government until 2014-15, but the considerable decline in funding for NGOs since 2014-15 has raised concern.

In the last nine years, Delhi (Rs 20,033 crore) received the highest foreign funding, followed by Tamil Nadu (Rs 15,589 crore), Karnataka (Rs 10,110 crore) and Maharashtra (Rs 9,952 crore). This figure clearly shows that funding for NGOs has nothing to do with political parties, as the above states have been governed by different governments at different time periods.

However, the data does suggest that states run by BJP have fewer NGO registrations compared to NGO registrations in non-BJP ruled states. Barring Maharashtra, BJP-ruled states such as Madhya Pradesh, Chhattisgarh and Gujarat have small numbers of registered NGOs in comparison to those ruled by either Congress or regional parties. Tamil Nadu, Andhra Pradesh, Uttar Pradesh and Karnataka have more registered NGOs.

And among them Tamil Nadu with 4,938 has the highest number of registered NGOs. In Tamil Nadu, during the Dravida Munnetra Kazhagam reign from 2006-2011, foreign funding to NGOs declined drastically, rising again after 2012-13, only to decline substantially in 2014-15.

Fearing harassment, most of the NGOs contacted declined to comment on the reduced funding. And those who did speak sought anonymity.

A director of a Mumbai-based educational welfare society, working in the field of education said, “I didn’t understand the reason for reducing our foreign funding. We were receiving foreign funding for the last four years, but received the least in 2014-15, over 32% less than from the previous year.” The society received Rs 8 crore as foreign funding in 2012-13, which was cut down to Rs 5 crore in 2014-15.

A senior member of the Yesuraja Trust in Dharmapuri, which works in the fields of health and education in Tamil Nadu, at first declined to comment but later declared, “We’re a private entity and not an NGO.” The FCRA website reveal that the trust has zero funding in financial year in 2013-14 and 2014-15.

The unprecedented crackdown was not peculiar to India alone. Human rights  organisations have been facing restrictions in a number of countries, which have passed or were in the process of passing laws to curtail NGO activities. A Guardian report stated that over the past three years, more than 60 countries have passed or drafted laws that curtail the activity of non-governmental and civil society organisations. India is on this list along with countries like China, Russia and Egypt. It’s not a particularly august list of which to be part.

James Savage of Amnesty International said, “This global wave of restrictions has rapidity and breadth to its spread we’ve not seen before, that arguably represents a seismic shift and closing down of human rights space not seen in a generation.” Onno Ruhl, country director for World Bank, India, agreed with Savage and said to Indian Express, “NGOs are quite inconvenient at times. But I would still rather have an inconvenient NGO than people not having the right to speak.”

The serious question that these numbers raise is the effect that the reduced foreign funding will have on philanthropic work and social welfare in India. NGOs have a long history of being development partners of the state and the government’s decision to restrict their finances could have a serious impact upon the work done as well as increase their dependence upon the state. Is that what the country needs?

For more details visit https://cis-india.org/internet-governance/news/newslaundry-may-20-2016-himadri-ghosh-under-modi-government-foreign-funding-of-ngos-has-come-down

Stand up for Digital Rights

elonnai — 2016-06-13T15:30:12Z

The Centre for Internet & Society (CIS) invites you to a discussion on a set of recommendations for Ethical Tech, a report on human rights and private online intermediaries which describes key areas where such actors have responsibilities. The event will be held at CIS office in Bangalore on June 15, 2016 from 5 p.m. to 7 p.m.

The discussion intends to launch a report on human rights and private online intermediaries, which describes key areas where such actors have responsibilities and provides a detailed set of recommendations for Ethical Tech. This work is the culmination of a year long research project led by the Centre for Law and Democracy (CLD), in collaboration with the Arabic Network for Human Rights Information (ANHRI), the Centre for Internet and Society (CIS), Open Net Korea, the Center for Studies on Freedom of Expression and Access to Information at the University of Palermo (CELE) and researchers with the University of Ottawa and the Munk School of Global Affairs at the University of Toronto. The key themes for discussion would include:

General Human Rights Responsibilities and Private Online Intermediaries
Expanding Access
Net Neutrality
Content Moderation
Privacy
Transparency and Informed Consent
Responding to State Interferences

We look forward to meeting you and making this forum for knowledge exchange a success.

For more details visit https://cis-india.org/internet-governance/events/stand-up-for-digital-rights

UN Special Rapporteur Report on Freedom of Expression and the Private Sector: A Significant Step Forward

vidushi — 2016-06-08T17:27:22Z

On 6 June 2016, the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, David Kaye, released a report on the Information and Communications Technology (“ICT”) sector and freedom of expression in the digital age. Vidushi Marda and Pranesh Prakash highlight the most important aspects of the report.

Background

Today, the private sector is more closely linked to the freedom of expression than it has ever been before. The ability to speak to a mass audience was at one time a privilege restricted to those who had access to mass media. However, with digital technologies, that privilege is available to far more people than was ever possible in the pre-digital era. As private content created on these digital networks is becoming increasingly subject to state regulation, it is crucial to examine the role of the private sector in respect of the freedom of speech and expression.

The first foray by the Special Rapporteur into this broad area has resulted in a sweeping report, that covers almost every aspect of freedom of expression within the ICT sector, except competition which we will elaborate on later in this post.

Introduction

The report aims to “provide guidance on how private actors should protect and promote freedom of expression in a digital age”. It identifies the relevant international legal framework as Article 19 of the International Covenant on Civil and Political Rights, and Article 19 of the Universal Declaration of Human Rights. The UN “Protect, Respect and Remedy” Framework and Guiding Principles, also known as the Ruggie Principles provide the framework for private sector responsibilities on business and human rights.

The report categorises different roles of the private sector in organising, accessing, regulating and populating the internet. This is important because the manner in which the ICT sector affects the freedom of expression is far more complicated than traditional communication industries. The report identifies the distinct impact of internet service providers, hardware and software companies, domain name registries and registrars, search engines, platforms, web hosting services, platforms, data brokers and e-commerce facilities on the freedom of expression.

Legal and Policy Issues

The Special Rapporteur discusses four distinct legal and policy issues that find relevance in respect of this problem statement: Content Regulation, Surveillance and Digital Security, Transparency and Remedies.

Content Regulation

The report identifies two main channels through which content regulation takes place: the state, and internal processes.

Noting that digital content made on private networks is increasingly subject to State regulation, the report highlights the competing interests of intermediaries who manage platforms and States which demand for regulation of this content on grounds of defamation, blasphemy, protection of national security etc. This tension is demonstrated through vague laws that compel individuals and private corporations to over-comply and err on the side of caution “in order to avoid onerous penalties, filtering content of uncertain legal status and engaging in other modes of censorship and self-censorship.” Excessive intermediary liability forces intermediaries to over-comply with requests in order to ensure that local access to their platforms are not blocked. States attempt at regulating content outside the law through extra legal restrictions, and push private actors to take down content on their own initiative. Filtering content is another method, wherein States block and filter content through the private sector. Government blacklists, illegal content and suspended accounts are methods employed, and these have sometimes raised concerns of necessity and proportionality. Network or service shutdowns are classified as a “particularly pernicious” method of content regulation. Non neutral networks also are a method of content regulation with the possibilities of internet service providers throttling traffic. Zero rating is a potential issue, although the report acknowledges that “it remains a subject of debate whether they may be permissible in areas genuinely lacking Internet access”.

The other node of content regulation has been identified as internal policies and practices of the private sector. Terms of service restrictions are often tailored to the jurisdiction’s laws and policies and don’t always address the needs and interests of vulnerable groups. Further, the report notes, design and engineering choices of how private players choose to curate content are algorithmically determined and increasingly control the information that we consume.

Transparency

The report notes that transparency enables those entities subject to internet regulation to take informed decisions about their responsibilities and liabilities in a digital sphere and points out, that there is a severe lack of transparency about government requests to restrict or remove content. Some states even prohibit the publication of such information, with India being one example. In respect of the private sector, content hosting platforms sometimes at least reveal the circumstances under which content is removed due to a government request, although this is rather erratic. The report recognises the need to balance transparency with competing concerns like security and trade secrecy, and this is a matter of continued debate.

Surveillance and Digital Security

Freedom of expression concerns arise as data transmitted on private networks is gradually being subjected to surveillance and interference from the State and private actors. The report finds that several internet companies have reported an increase in government requests for customer data and user information. According to the Special Rapporteur, effective resistance strategies include inclusion of human rights guarantees, restrictively interpreting government requests negotiations. Private players also make surveillance and censorship equipment that enable States to intercept communications. Covert surveillance has been previously reported, with States tapping into communications as and when necessary. When private entities become aware of interception and covert surveillance, their human rights responsibilities arise. As private entities work towards enhancing encryption, anonymity and user security, states respond by compelling companies to create loopholes for them to circumvent such privacy and security enhancing technology.

Remedies

Unlawful content removal, opaque suspensions, data security breaches are commonplace occurrences in the digital sphere. The ICCPR guarantees that all people whose rights have been violated must have an effective remedy, and similarly, the Ruggie principles require that remedial and grievance mechanisms must be provided by corporations. There is some ambiguity on how these complaint or appeal mechanisms should be designed and implemented, and the nature and structure of these mechanisms is also unclear. The report states that it is necessary to investigate the role of the state in supplementing/regulating corporate mechanisms, its role in ensuring that there is a mechanism for remedies, and its responsibility to make sure that more easily and financially accessible alternatives exist for remedial measures.

Special Rapporteur’s priorities for future work and thematic developments

Investigating laws, policies and extralegal measures that equip governments to impose restrictions on the provision of telecommunications and internet services. Examining the responsibility of companies to respond in a way that respects human rights, mitigates harm, and provides avenues for redress.
Evaluating content restrictions under terms of service and community standards. Private actors face substantial pressure from governments and individuals to restrict expression, and a priority is to evaluate the interplay of private and state actions on freedom of expression in light of human rights obligations and responsibilities.
Focusing on the legitimacy of rationales for intermediary liability for content hosting, restrictions, conditions for removing third party content.
Exploring censorship and surveillance within the human rights framework, and encouraging greater scrutiny before using these technologies for purposes that undermine the freedom of expression.
Identifying ways to balance an increasing scope of freedom of expression with the need to address governmental interests in national security and public order.
Internet access - Future work will explore issues around access and private sector engagement and investment in ensuring affordability and accessibility, particularly considering marginalized groups.
Internet governance - Internet governance frameworks and reform efforts are sensitive to the needs of women, sexual minorities and other vulnerable communities. Throughout this future work, the Special Rapporteur will pay particular attention to legal developments (legislative, regulatory, and judicial) at national and regional levels.

Conclusions and Recommendations

States: The report recommends that states should not pressurise the private sector to interfere with the freedom of speech and expression in a manner that does not meet the condition of necessary and proportionate principles. Any request to take down content or access customer information must be based on validly enacted law, subject to oversight, and demonstrate necessary and proportionate means of achieving the aims laid down in Article 19(3) of the ICCPR.
Private Actors: The Special Rapporteur recommends that private actors develop and implement transparent human rights assessment procedures, and develop policies keeping in mind their human rights impact. Apart from this, private entities should integrate commitments to the freedom of expression into internal processes and ensure the “greatest possible transparency”.
International Organisations: The report recommends that organisations make resources and educational material on internet governance publicly accessible. The Special Rapporteur also recommends encouraging meaningful civil society participation in multi-stakeholder policy making and standard setting processes, with an increased focus on sensitivity to human rights.

CIS Comments

CIS strongly agrees with the expansion of the Special Rapporteur’s scope that this report represents. He is no longer looking solely at states but at the private sector too.
CIS also notes that competition is an important aspect of the freedom of expression, but has not been discussed in this report. Viable alternatives to platforms, networks, internet service providers etc., will ensure a healthy, competitive marketplace, and will have a positive impact in resolving the issues identified above.
Our work has called for maintaining a balanced approach to liability of intermediaries for their users’ actions, since excessive liability or strict liability would lead to over-caution and removal of legitimate speech, while having no liability at all would make it difficult to act effectively against harmful speech, e.g., revenge porn.
CIS’ work on network neutrality has highlighted the importance of neutrality for freedom of speech, and has advocated for an evidence-based approach that ensures there is neither under-regulation, nor over-regulation. The Special Rapporteur suggests that ‘Zero-Rating’ practices always violate Net Neutrality, but the majority of the definitions of Net Neutrality proposed by academics and followed by regulators across the world often do not include Zero-Rating. Similarly, he suggests that the main exception for Zero-Rating is for areas genuinely lacking access to the Internet, whereas the potential for some forms of Zero-Rating to further freedom of expression, especially of minorities, even in areas with access to the Internet, provides sufficient reason for the issue to merit greater debate.

(Pranesh Prakash was invited by the Special Rapporteur to provide his views and took part in a meeting that contributed to this report)

For more details visit https://cis-india.org/internet-governance/un-special-rapporteur-report-on-freedom-of-expression-and-the-private-sector-a-significant-step-forward

Smart City Policies and Standards: Overview of Projects, Data Policies, and Standards across Five International Smart Cities

Kiran A. B., Elonnai Hickok and Vanya Rakesh — 2016-06-11T13:29:04Z

This blog post aims to review five Smart Cities across the globe, namely Singapore, Dubai, New York City, London and Seoul, the Data Policies and Standards adopted. Also, the research seeks to point the similarities, differences and best practices in the development of smart cities across jurisdictions.

Download the brief: PDF.

Introduction

Smart City as a concept is evolutionary in nature, and the key elements like Information and Communication Technology (ICT), digitization of services, Internet of Things (IoT), open data, big data, social innovation, knowledge, etc., would be intrinsic to defining a Smart City [1].

A Smart City, as a “system of systems”, can potentially generate vast amounts of data, especially as cities install more sensors, gain access to data from sources such as mobile devices, and government and other agencies make more data accessible. Consequently, Big Data techniques and concepts are highly relevant to the future of Smart Cities. It was noted by Kenneth Cukier, Senior Editor of Digital Products at The Economist, that Big Data techniques can be used to enhance a number of processes essential to cities - for example, big data can be used to spot business trends, determine quality of research, prevent diseases, tack legal citations, combat crime, and determine real-time roadway traffic conditions [2]. Having said this, data is deemed to be the lifeblood of a Smart City and its availability, use, cost, quality, analysis, associated business models and governance are all areas of interest for a range of actors within a smart city [3]

This blog reviews five Smart Cities namely Singapore, Dubai, New York City, London and Seoul. In doing so, the research seeks to point the similarities, differences and best practices in the development of smart cities across jurisdictions. To achieve this, the research reviews:

The definition of a Smart City in a given context or project (if any).
Existing policy/regulations around data or notes the lack thereof.
The cities adherence to the International standards and providing an update on the current status of the Smart City programme.

Singapore

Introduction

The Smart Nation programme in Singapore was launched on 24th November, 2014. The programme is being driven by the Infocomm Development Authority of Singapore, through which Singapore seeks to harness ICT, networks and data to support improved livelihoods, stronger communities and creation of new opportunities for its residents [4] According to the IDA, a Smart Nation is a city where “people and businesses are empowered through increased access to data, more participatory through the contribution of innovative ideas and solutions, and a more anticipatory government that utilises technology to better serve citizens’ needs” [5]. The Smart Nation programme is driven by a designated Office in the Prime Minister’s Office [6]. As a core component to the Smart Nation Programme, the Smart Nation Platform has been developed as the technical architecture to support the Programme. This Platform enables greater pervasive connectivity, better situational awareness through data collection, and efficient sharing and access to collected sensor data, allowing public bodies to use such data to develop policy and practical interventions [7] Such access would allow for anticipatory governance - a goal of the Smart Nation Programme as noted by Dr. Yaacob Ibrahim, Minister for Communications and Information stating “Insights gained from this data would enable us to better anticipate citizens’ needs and help in better delivery of services” [8].

Status of the Project

The Smart Nation Programme is an ongoing initiative, being built on the past programme Intelligent Nation 2015 (iN2015 masterplan). The plan involves putting in place the infrastructure, policies, ecosystem and capabilities to enable a Smart Nation, by adopting a people-centric approach [9]. A number of co-creating solutions adopted by the Government include:

Development of Mobile Apps to facilitate communication between the public and the providers of public services.
Organization of Hackathons by government agencies or corporations in collaboration with schools and industry partners to ideate and develop solutions to tackle real-world challenges.
Adopt measure for smart mobility to create a more seamless transport experience and providing greater access to real-time transport information so that citizens can better plan their journeys.
Smart technologies are also being introduced to the housing estates [10].

Policies and Regulations

The Smart Nation plan derives its legitimacy from the constitution of Singapore, holding the Prime Minister responsible to take charge of the subject ‘Smart Nation’ blueprint under the Statutory body of ‘Smart Nation’ Programme Office [11]. Singapore has a comprehensive data protection law – the Personal Data Protection Act 2012, rules governing the collection, use, disclosure and care of personal data. The Personal Data Protection Commission of Singapore has committed to work closely with the private sector, and also to support the Smart Nation vision on data privacy and cyber security ecosystem [12] [13].

Towards achieving the Smart Nation vision the government has also promoted the use of open data. In 2015 the Department of Statistics has made a vast amount of data available (across multiple themes say transport, infocomm, population, etc.) for free to the public in order to encourage innovation and facilitate the Smart Nation [14]. Prior to this initiative, the government had adopted the Open Data Policy in 2011, enabling public data for analysis, research and application development [15]. The concept of Virtual Singapore, which is a part of the Smart Nation Initiative, has been developed to adopt and simulate solutions on a virtual platform using big data analytics [16].

Adoption of International Standards

The Smart Nation initiative follows the standards laid under the purview of the Singapore Standards Council (SSC). It specifies three types of Internet of Things (IoT) Standards – sensor network standards (TR38 - for public areas & TR40 - for homes), IoT foundational standards (common set of guidelines for IoT requirements and architecture, information and service interoperability, security and data integrity) and domain-specific standards (healthcare, mobility, urban living, etc.) [17].

Singapore is part of ISO/IEC JTC 1/WG7 Sensor Networks and ISO/IEC JTC 1/WG10 Internet of Things (IoT) [18]. Singapore IT standards abides to the international standards as defined by ISO, ITU, etc.Singapore is a member of many international standards forums (see Singapore International Standards Committee) which includes JTC1/WG9 - Big Data; JTC1/WG10 - Internet of Things; JTC1/WG11 - Smart Cities.

Dubai, United Arab Emirates

Introduction

The Dubai Smart City strategy was launched as part of the Dubai Plan 2021 vision, in the year 2015 [19]. Dubai Plan 2021 describes the future of Dubai evolving through holistic and complementary perspectives, starting with the people and the society and places the government as the custodian of the city’s development. Within the Plan, the smart city theme envisions a platform that is fully connected and integrated infrastructure that enables easy mobility for all residents and tourists, and provides easy access to all economic centers and social services, in line with the world’s best cities [20]. Center to the smart city platform is data and data analytics, particularly cross functional data and big data techniques to give a complete view of the city [21] As envisioned, the Dubai Data portal would provide a gateway to empower relevant stakeholders to understand the nuances of the city and pursue questions that will result in the greatest impact from the city’s data [22]. The platform will be based on current data and existing services, initiatives, and networks to identify opportunities for a smart city [23]. The Smart City Plan also includes a framework for aligning districts of Dubai with the Smart City vision and dimensions [24].

The Smart Dubai roadmap 2015 provides a consolidated report and planned smart city services, its status and the stage of its implementation, for e.g. Smart Grid, Mobile Payment, Smart Water, Health applications, Public Wi-Fi, Municipality, E-Traffic solutions, etc [25].

Status of the Project

The Smart Dubai strategy is envisioned to be completed by the year 2020, and currently it’s ongoing. The first phase of Smart Dubai masterplan is expected to end by 2016. Between 2017 and 2019, the plan aims to deliver new initiatives and services. The second phase of the masterplan is expected to be completed by the year 2020 [26].

Policies and Regulations

The Smart City Plan is being driven by the Dubai Smart City Office – which has been established under Law No. (29) of 2015 on the establishment of Dubai Smart City Office; Law No. (30) of 2015 on the establishment of Dubai Smart City Establishment; Decree No. (37) of 2015 on the formation of the Board of the Dubai Smart City Office; and Decree No (38) of 2015- appointing a Director General for the Office, which will develop overall policies and strategic plans, supervise the smart transformation process and approve joint initiatives, projects and services [27]. Also, an open data law called Dubai Open Data Law was issued to complete the legislative framework for transforming Dubai into a Smart City [28]. This law will enable the sharing of non-confidential data between public entities and other stakeholders.

Adoption of International Standards

In 2015 the Smart Dubai Executive Committee has collaborated through an agreement with the International Telecommunications Union (ITU) adopt the performance indicators by the ITU Focus Group on Smart Sustainable Cities to evaluate the feasibility of the indicators [29]. The Focus Group is working towards identifying global best practices for the development of smart cities [30].

New York City, United States of America

Introduction

The ‘One New York Plan’ announced in the year 2015 is a comprehensive plan for a sustainable and resilient city. It includes the adoption of digital technology and considers the importance of the role of data in transforming every aspect of the economy, communications, politics, and individual and family life [31]. Furthermore, through a publication on 'Building a Smart+Equitable City', the Mayor’s Office of Technology and Innovation (MOTI) describes efforts to leverage new technologies to build Smart city.

Accordingly, the plan seeks to establish better lives through establishing principles and strategic frameworks to guide connected device and Internet of Things (IoT) implementation; MOTI serving as the coordinating entity for new technology and IoT deployments across all City agencies; collaborating with academia and the private sector on innovative pilot projects, and partnering with municipal governments and organizations around the world to share best practices and leverage the impact of technological advancements [32].

Status of the Project

OneNYC represents a unified vision for a sustainable, resilient, and equitable city developed with cross-cutting interagency collaboration, public engagement, and consultation with leading experts in their respective fields. The Mayor’s Office of Sustainability oversees the development of OneNYC and now shares responsibility with the Mayor’s Office of Recovery and Resiliency for ensuring its implementation [33].

Policies and Regulations

As per the Local Law 11 of 2012, each City entity must identify and ultimately publish all of its digital public data for citywide aggregation and publication by 2018. In adherence to this law, there exists a NYC Open Data Plan which requires annual data updation [34].

The LinkNYC initiative, one of the key projects to make New York a ‘smart’ city, aims to connect everyone through a city wide wi-fi network. The LinkNYC initiative will retrofit payphones with kiosks to provide high-speed WiFi hotspots and charging stations for increased connectivity [35]. Data Privacy in the initiative is addressed through the customer first privacy policy, which considers user’s privacy on priority and will not sell any personal information or share with third parties for their own use. LinkNYC will use anonymized, aggregate data to make the system more efficient and to develop insights to improve your Link experience [36].

Adoption of International Standards

The ANSI Network on Smart and Sustainable Cities (ANSSC) is a forum for information sharing and coordination on voluntary standards, conformity assessment and related activities for smart and sustainable cities in the US [37]. The US is a signatory of the ISO/ITU defined standards on smart cities [38].

London, United Kingdom

Introduction

The Smart London Plan was unveiled in the year 2013 by the Mayor of London. The plan is being driven through the Greater London Authority, with the advice of the Smart London Board. The Smart London Plan envisions ‘Using the creative power of new technologies to serve London and improve Londoner’s lives’ [39]. ‘Smart London’ is about harnessing new technology and data so that businesses, Londoners and visitors experience the city in a better way, and do not face bureaucratic hassle and congestion. Smart London seeks to improve the city as a whole and focuses on city macro functions that result from the interplay between city subsystems - such as local labour markets to financial markets, from local government to education, healthcare, transportation and utilities. According to strategy documents, a smarter London recognises and employs data as a service and will leverage data to enable informed decision making and the design of new activities.

Status of the Project

This project is currently ongoing. Since its formation in March 2013, the Smart London Board has been advising the Greater London Authority.The Plan sits within the overarching framework of the Mayor’s Vision 2020 [40].

Policies and Regulations

The Smart London Plan incorporates the existing open data platform called ‘London DataStore’. The rules and guidelines for this platform are defined by the Greater London Authority, which includes working with public and private sector organisations to create, maintain and utilise it, enabling common data standards, identify and prioritise which data are needed to address London’s growth challenges, establish a Smart London Borough Partnership to encourage boroughs to free up London’s local level data. Also, privacy is protected and there is transparent use of data - to ensure data use is managed in the best interests of the public rather than private enterprise.⁴² The Smart London Plan aims to build on this existing datastore to identify and publish data that addresses specific growth challenges, with an emphasis on working with companies and communities to create, maintain, and use this data [41].

The Open Data White Paper, issued by the Office of Paymaster General, seeks to build a transparent society by releasing public data through open data platforms and leveraging the potential of emerging technologies [42]. The Greater London Authority processes personal data in accordance with the Data Protection Act 1998 [43].

Adoption of International Standards

The British Standards Institution (BSI) has already established Smart City standards and has associated with the ISO Advisory Group on smart city standards. The UK subscribes to the BSI standards for smart cities and has adopted the same [44]. The following standards and publications help address various issues for a city to become a smart city:

The development of a standard on Smart city terminology (PAS 180)
The development of a Smart city framework standard (PAS 181)
The development of a Data concept model for smart cities (PAS 182)
A Smart city overview document (PD 8100)
A Smart city planning guidelines document (PD 8101)
BS 8904 Guidance for community sustainable development provides a decision-making framework that will help setting objectives in response to the needs and aspirations of city stakeholders
BS 11000 Collaborative relationship management
BSI BIP 2228:2013 Inclusive urban design - A guide to creating accessible public spaces.

Further, the Smart London Plan incorporates open data standards in accordance with London DataStore [45]. Various government reports – Smart Cities background paper, Open Data White Paper, etc., have suggested the use of standards related to Internet of Things (IoT), open data standards, etc [46].

Seoul, Korea

Introduction

Smart Seoul 2015 was announced in June 2011 by the Seoul Metropolitan Government, which envisions integrating IT services into every field, including administration, welfare, industry and living. Through this, the Seoul Metropolitan Government plans to create a Seoul that uses smart technologies by 2015 [47]. Towards this, the Seoul Metropolitan Government plans to make use of Big Data in policy development, and through scientific analytics, will provide customized administrative services and reduce wasteful spending. Also, the government is utilising Big Data to analyse trends emerging from existing services [48]. Examples of projects that leverage big data that the government has undertaken include the Taxi Matchmaking Project – analyzes the data related to taxi stands and passengers, the Owl Bus [49] - maps the bus routes, etc.

Status of the Project

Building on the Smart Seoul 2015, the Seoul Metropolitan Government plans to establish 'Global Digital Seoul 2020 – New Connections, Different Experiences' vision in next five-years. In this multi-objective plan, it aims to establish a ’Big Data campus’ providing win-win cooperation among public, private, industry and university [50].

Policies and Regulations

The Smart Seoul 2015 aims to create a ‘Seoul Data Mart’, which will be an open platform that makes public information available for data processing [51]. Furthermore, Seoul has opened the Seoul Open Data Plaza [52], an online channel to share and provide citizens with all of Seoul’s public data, such as real-time bus operation schedules, subway schedules, non-smoking areas, locations of public Wi-Fi services, shoeshine shops, and facilities for disabled people, and the information registered in Seoul Open Data Plaza is provided in the open API format.⁴⁵

South Korea has a comprehensive law governing data privacy – Personal Information Protection Act, 2011. The law includes data protection rules and principles, including obligations on the data controller and the consent of data subjects, rights to access personal data or object to its collection, and security requirements. It also covers cookies and spam, data processing by third parties and the international transfer of data [53].

International Standards

The smart city standards are adopted in the development of smart cities in Korea [54]. Korea has adopted the ISO/TC 268, which is focused on sustainable development in communities. Korea also has one working group developing city indicators and another working group developing metrics for smart community infrastructures [55].

Conclusion

The smart city projects studied are at different levels of implementation and have both similarities and differences. Below is an analysis of some of the key similarities and differences between smart city projects, a comparison of these points to India’s 100 Smart City Mission, and a summary of best practices around the development of smart city frameworks.

Nodal Agency

All cities studied have nodal agencies driving the smart city initiatives and many have policies in place backing these initiatives. For example, while the Smart Nation programme in Singapore is being driven by the Infocomm Development Authority, in London the smart city project is governed by the Great London Authority. The Smart Seoul Project in Korea is governed by the Seoul Metropolitan Government and New York has the Mayor’s Office of Technology and Innovation serving as the coordinating entity for new technology and IoT deployments across all City agencies. In India, the nodal agency driving the 100 Smart Cities Project is the Ministry of Urban Development under the Indian Government. In India, the implementation of the Mission at the City level will be done by a Special Purpose Vehicle (SPV), which will be a limited company and will plan, appraise, approve, release funds, implement, manage, operate, monitor and evaluate the Smart City development projects.

Policies

Many of the cities had open data policies and data protection policies that pertain to the Smart City initiatives. In Dubai, an open data law called Dubai Open Data Law has been issued to complete the legislative framework for transforming Dubai into a Smart City and the Smart City Establishment will develop policies for the project. New York also has an Open Data Plan in place and LinkNYC will use anonymized, aggregate data to address data privacy of users. In London, the Smart London Plan incorporates the existing open data platform called ‘London DataStore’, the rules for which are defined by the Greater London Authority, which also ensures privacy and transparent use of data by processing personal data in accordance with the Data Protection Act 1998. For regulation of data in Seoul, a ‘Seoul Data Mart’ will be established to make public information available for data processing and the Seoul Open Data Plaza is an existing online channel to share and provide citizens with all of Seoul’s public data. South Korea has a comprehensive law governing data privacy in place as well. In Singapore, the Personal Data Protection Commission has committed to work and support the Smart Nation vision on data privacy and cyber security ecosystem. To achieve the vision of the project, the government has also promoted the use of open data. It can be said the these countries , with clearly laid out policies to support and guide the project, have well planned ecosystem for regulation and governance of systems, technologies and cities. All cities have incorporated open data into smart cities and many have developed guidelines for its use. All cities have similar goals of enhancing the lives of citizens and developing anticipatory regulation, however, there appears to be little discussion on the need to amend existing law or enable new law around privacy and data protection in light of data collection through smart cities. In India, no enabling legislation or policy has been formulated by the Government, apart from releasing “Mission Statement and Guidelines”, which provides details about the Project and vision, excluding a definition of a ‘smart city’ or the relevant applicable laws and policies. No information is publicly available regarding deployment of open data, use of specific technologies like cloud, big data, etc., the relevant policies and applicability of laws. Unlike India, all cities recognize the importance of big data techniques in enabling smart city visions, technology and policies. On the lines of these cities, India must work towards addressing the need for an open data framework in light of the 100 Smart Cities Mission to enable the sharing of non-confidential data between public entities and other stakeholders. This requires co-ordination to incorporate, enable and draw upon open data architecture in the cities by the Government with the existing open data framework in India, like the National Data Sharing and Accessibility Policy, 2012. Use of technology in the form of IoT and Big Data entails access to open data, bringing another policy area in its ambit which needs consideration. Also, identification and development of open standards for IoT must be looked at. Also, as data in smart cities will be generated, collected, used, and shared by both the public and private sector. It is essential that India’s existing data protection standards and regime must be amended to extend the data regulation beyond a body corporate and oversee the collection and use of data by the Government, and its agencies.

Standards

In Singapore, the Smart Nation initiative follows the standards laid under the purview of the Singapore Standards Council (SSC)and the Singapore IT standards abides to the international standards as defined by ISO, ITU, etc. The Country is also a member of many international standards forums (see Singapore International Standards Committee) which includes JTC1/WG9- Big Data; JTC1/WG10 - Internet of Things; JTC1/WG11 - Smart Cities. In Dubai, the Smart Dubai Executive Committee with the International Telecommunications Union (ITU) to adopt the performance indicators by the ITU Focus Group on Smart Sustainable Cities to evaluate the feasibility of the indicators. For the purpose of standards, the ANSI Network on Smart and Sustainable Cities (ANSSC) in New York is a forum smart and sustainable cities, along with US being a signatory of the ISO/ITU defined standards on smart cities. Also, The British Standards Institution (BSI) has already established Smart City standards and has associated with the ISO Advisory Group on smart city standards. The UK subscribes to the BSI standards for smart cities and has adopted the same and the Smart London Plan incorporates open data standards in accordance with London DataStore. For development of smart cities, Korea has adopted the ISO/TC 268, which is focused on sustainable development in communities and also has one working group developing city indicators and another working group developing metrics for smart community infrastructures. However, in India, the Bureau of Indian Standards (BIS) has undertaken the task to formulate standardised guidelines for central and state authorities in planning, design and construction of smart cities by setting up a technical committee under the Civil engineering department of the Bureau. However, adoption of the standards by implementing agencies would be voluntary and intends to complement internationally available documents in this area. Also, The Global Cities Institute (GCI) has undertaken a mission in the year 2015 to align with the Bureau of Indian Standards regarding development of standards of smart cities and also to forge relationships with Indian cities in light of ISO 37120. It can be said that India has currently not yet adopted international standards, but is in the process of developing national standards and adopting key international standards. Unlike other cities,which are adopting standards - national, ISO, or ITU, Indian cities are yet to adopt standards for regulation of the future smart cities.

Notes for India

India is in the nascent stages of developing smart cities across the country. Drawing from the practices adopted by cities across the world, smart cities in India should adopt strong regulatory and governance frameworks regarding technical standards, open data and data security and data protection policies. These policies will be essential in ensuring the sustainability and efficiency of smart cities while safeguarding individual rights. Some of these policies are already in place - such as India’s Open Data Policy and India’s data protection standards under section 43A of the ITA. It will be important to see how these policies are adopted and applied to the context of smart cities.

References

[1] Smart Cities and Transparent Evolution, http://www.posterheroes.org/Posterheroes3/_mat/PH3_eng.pdf.

[2] "Data, Data Everywhere." The Economist, February 25, 2010. Accessed March 17, 2016, http://www.economist.com/node/15557443.

[3] "Smart Cities." ISO. 2015. Accessed March 17, 2016, http://www.iso.org/iso/smart_cities_report-jtc1.pdf.

[4] Transcript of Prime Minister Lee Hsien Loong's speech at Smart Nation launch on 24 November, http://www.pmo.gov.sg/mediacentre/transcript-prime-minister-lee-hsien-loongs-speech-smart-nation-launch-24-november.

[5] Smart Nation Vision, https://www.ida.gov.sg/Tech-Scene-News/Smart-Nation-Vision.

[6] Smart Nation, http://www.pmo.gov.sg/smartnation.

[7] Smart Nation Platform, https://www.ida.gov.sg/~/media/Files/About%20Us/Newsroom/Media%20Releases/2014/0617_smartnation/AnnexA_sn.pdf.

[8] Transcript of Prime Minister Lee Hsien Loong's speech at Smart Nation launch on 24 November, https://www.ida.gov.sg/blog/insg/featured/singapore-lays-groundwork-to-be-worlds-first-smart-nation/.

[9] Prime Ministers’ Office Singapore-Smart Nation, http://www.pmo.gov.sg/smartnation.

[10] Prime Ministers’ Office Singapore-Smart Nation, http://www.pmo.gov.sg/smartnation.

[11] Constitution of the Republic of Singapore (Responsibility of the Prime Minister) Notification 2015, http://statutes.agc.gov.sg/aol/search/display/view.w3p;page=0;query=Status%3Acurinforce%20Type%3Aact,sl%20Content%3A%22smart%22;rec=4;resUrl=http%3A%2F%2Fstatutes.agc.gov.sg%2Faol%2Fsearch%2Fsummary%2Fresults.w3p%3Bquery%3DStatus%253Acurinforce%2520Type%253Aact,sl%2520Content%253A%2522smart%2522;whole=yes.

[12] Personal Data Protection Singapore-Annual Report 2014-15, https://www.pdpc.gov.sg/docs/default-source/Reports/pdpc-ar-fy14---online.pdf.

[13] Balancing Innovation and Personal Data Protection, https://www.ida.gov.sg/Tech-Scene-News/Tech-News/Digital-Government/2015/9/Balancing-innovation-and-personal-data-protection.

[14] Department of Statistics Singapore- Free Access to More Data on the SingStat Website from 1 March 2015, http://www.singstat.gov.sg/docs/default-source/default-document-library/news/press_releases/press27022015.pdf.

[15] Singapore Marks 50th Birthday With Open Data Contest, https://blog.hootsuite.com/singapore-open-data/.

[16] Virtual Singapore - a 3D city model platform for knowledge sharing and community collaboration, http://www.sla.gov.sg/News/tabid/142/articleid/572/category/Press%20Releases/parentId/97/year/2014/Default.aspx.

[17] Internet of Things (IoT) Standards Outline to Support Smart Nation Initiative Unveiled, http://www.spring.gov.sg/NewsEvents/PR/Pages/Internet-of-Things-(IoT)-Standards-Outline-to-Support-Smart-Nation-Initiative-Unveiled-20150812.aspx.

[18] Information Technology Standards Committee, https://www.itsc.org.sg/technical-committees/internet-of-things-technical-committee-iottc and https://www.ida.gov.sg/~/media/Files/Infocomm%20Landscape/iN2015/Reports/realisingthevisionin2015.pdf.

[19] Government of Dubai-2021 Dubai Plan-Purpose, http://www.dubaiplan2021.ae/the-purpose/.

[20] Government of Dubai-2021 Dubai Plan, http://www.dubaiplan2021.ae/dubai-plan-2021/.

[21] Smart Dubai, http://www.smartdubai.ae/foundation_layers.php.

[22] The Internet of Things: Connections for People’s happiness, http://www.smartdubai.ae/story021002.php.

[23] Smart Dubai - Current State, http://www.smartdubai.ae/current_state.php.

[24] Smart Dubai - District Guidelines, http://smartdubai.ae/districtguidelines/Smart_Dubai_District_Guidelines_Public_Brief.pdf.

[25] See; http://roadmap.smartdubai.ae/search-services-public.php and http://roadmap.smartdubai.ae/search-initiatives-public.php.

[26] Smart Dubai-Smart District Guidelines, http://smartdubai.ae/districtguidelines/Smart_Dubai_District_Guidelines_Public_Brief.pdf.

[27] Dubai Ruler issues new laws to further enhance the organisational structure and legal framework of Dubai Smart City, https://www.wam.ae/en/news/emirates/1395288828473.html.

[28] See: http://slc.dubai.gov.ae/en/AboutDepartment/News/Lists/NewsCentre/DispForm.aspx?ID=147&ContentTypeId=0x01001D47EB13C23E544893300E8367A23439 and http://www.smartdubai.ae/dubai_data.php.

[29] Dubai first city to trial ITU key performance indicators for smart sustainable cities, http://www.itu.int/net/pressoffice/press_releases/2015/12.aspx#.VtaYtlt97IU.

[30] Smart Dubai Benchmark Report 2015 Executive Summary, http://smartdubai.ae/bmr2015/methodology-public.php.

[31] Building a Smart + Equitable City, http://www1.nyc.gov/assets/forward/documents/NYC-Smart-Equitable-City-Final.pdf

[32] Building a Smart + Equitable City, http://www1.nyc.gov/site/forward/innovations/smartnyc.page.

[33] One New York: The Plan for a Strong and Just City, http://www1.nyc.gov/html/onenyc/about.html

[34] Open Data for All, http://www1.nyc.gov/assets/home/downloads/pdf/reports/2015/NYC-Open-Data-Plan-2015.pdf.

[35] 7 public projects that are turning New York into a “smart city”, http://www.builtinnyc.com/2015/11/24/7-projects-are-turning-new-york-futuristic-technology-hub.

[36] LinkNYC, https://www.link.nyc/faq.html#privacy.

[7] ANSI Network on Smart and Sustainable Cities, http://www.ansi.org/standards_activities/standards_boards_panels/anssc/overview.aspx?menuid=3

[38] IoT-Enabled Smart City Framework, http://publicaa.ansi.org/sites/apdl/Documents/News%20and%20Publications/Links%20Within%20Stories/IoT-EnabledSmartCityFrameworkWP20160213.pdf.

[39] Smart London (UK) Plan: Digital Technologies, London and Londoners, http://munkschool.utoronto.ca/ipl/files/2015/03/KleinmanM_Smart-London-UK-v5_30AP2015.pdf.

[40] Smart London Plan, http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf.

[41] Smart London Plan, http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf.

[42] Open Data White Paper, https://data.gov.uk/sites/default/files/Open_data_White_Paper.pdf.

[43] London Datastore-Privacy, http://data.london.gov.uk/about/privacy/.

[44] Future Cities Standards Centre in London, https://eu-smartcities.eu/commitment/5937.

[45] Smart London Plan, http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf.

[46] Smart Cities background paper, October 2013, https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/246019/bis-13-1209-smart-cities-background-paper-digital.pdf.

[47] Presentation of 2015 Blueprint of Seoul as ‘State-of-the-art Smart City’, http://english.seoul.go.kr/presentation-of-2015-blueprint-of-seoul-as-%E2%80%98state-of-the-art-smart-city%E2%80%99/.

[48] “Policy Where There is Demand,” Seoul Utilizes Big Data, http://english.seoul.go.kr/policy-demand-seoul-utilizes-big-data/

[49] Seoul’s “Owl Bus” Based on Big Data Technology, http://www.citiesalliance.org/sites/citiesalliance.org/files/Seoul-Owl-Bus-11052014.pdf

[50] Seoul Launches “Global Digital Seoul 2020”, http://english.seoul.go.kr/seoul-launches-global-digital-seoul-2020/

[51] Smart Seoul 2015, http://english.seoul.go.kr/wp-content/uploads/2014/02/SMART_SEOUL_2015_41.pdf

[52] Disclosing public data through the Seoul Open Data Plaza, http://english.seoul.go.kr/policy-information/key-policies/informatization/seoul-open-data-plaza/

[53] Data protection in South Korea: overview, http://uk.practicallaw.com/2-579-7926.

[54]Smart Cities Seoul: a case study, https://www.itu.int/dms_pub/itu-t/oth/23/01/T23010000190001PDFE.pdf

[55] Smart Cities-ISO, http://www.iso.org/iso/livelinkgetfile-isocs?nodeid=16193764.

For more details visit https://cis-india.org/internet-governance/blog/policies-and-standards-overview-of-five-international-smart-cities

Criminal Defamation and the Supreme Court’s Loss of Reputation

bhairav — 2016-06-03T03:05:14Z

The Supreme Court’s refusal, in Subramanian Swamy v. Union of India, to strike down the anachronistic colonial offence of criminal defamation is wrong. Criminalising defamation serves no legitimate public purpose; the vehicle of criminalisation – sections 499 and 500 of the Indian Penal Code, 1860 (IPC) – is unconstitutional; and the court’s reasoning is woolly at best.

The article was published in the Wire on May 14, 2016.

Politics and censorship

Two kinds of defamation actions have emerged to capture popular attention. First, political interests have adopted defamation law to settle scores and engage in performative posturing for their constituents. And, second, powerful entities such as large corporations have exploited weaknesses in defamation law to threaten, harass, and intimidate journalists and critics.

The former phenomenon is not new. Colonial India saw an explosion of litigation as traditional legal structures were swept away and native disputes successfully migrated to the colonial courts. These included politically-motivated defamation actions that had little to do with protecting reputations. In fact, defamation litigation has long become an extension of politics, in many cases a new front for political manoeuvring.

The latter type of defamation action is far more sinister. Powerful elites, both individuals and corporations, have cynically misused the law of defamation to silence criticism and chill the free press. By filing excessive and often unfounded complaints that are dispersed across the country, which threaten journalists with imprisonment, powerful elites frighten journalists into submission and vindictively hound those who refuse to back down. Such actions are called Strategic Lawsuits against Public Participation (SLAPPs) which Rajeev Dhavan warns have created a new system of censorship.

Petitions and politicians

Defamation originates from the concept of scandalum magnatum – the slander of great men – which protected the reputations of aristocrats. The crime was linked to sedition, so insulting a lord was akin to treason. In today’s neo-feudal India, political leaders are contemporary aristocrats. Investigating them can invite devastating consequences, even death. Most of the time, they retaliate through defamation law. Since the criminal justice system is most compromised at its base, where the police and magistrates directly interact with people, the misuse of criminal defamation law hurts ordinary citizens.

This is different from politicians prosecuting each other since they rarely, if ever, suffer punishment. Of all the petitions before the Supreme Court concerning the decriminalisation of defamation, the three that received the most news coverage were those of Subramanian Swamy, Rahul Gandhi, and Arvind Kejriwal. They are all politicians, their petitions were made in response to defamation complaints filed by rival politicians. On the other hand, there are numerous cases which politicians have filed against private members of civil society to silence them. When presented with these concerns, the Supreme Court simply failed to seriously engage with them.

The architecture of defamation

Defamation has many species, a convoluted history, and complex defences. Defamation can be committed by the spoken word, which is slander, or the written word, which is libel. The historical distinction between these two modes of defamation is based on the permanence of written words. Before the invention of the printing press, the law was chiefly concerned with slander. But as written ideas proliferated through mass publication technologies, libel came to be viewed as more malevolent and the law visited serious punishments on writers and publishers.

Such a distinction presumes a literate readership. In largely illiterate societies, the spoken word was more potent. This is why films and radio have long attracted censorship and state control in India. Before mass publishing forked defamation into libel and slander, there existed only the historical crime of libel. Historical libel had four species: seditious libel, blasphemous libel, obscene libel, and defamatory libel.

Seditious libel, which has been repealed in Britain, prospers in India as the offence of sedition which is criminalised by section 124A of the IPC. Blasphemous libel, repealed in Britain, fares well in India as the offence of blasphemy under section 295A of the IPC. Obscene libel, as the offence of obscenity, is criminalised by section 294 of the IPC. And defamatory libel, repealed in Britain, which is the offence of criminal defamation that the Subramanian Swamy case upheld, continues to exist under section 499 of the IPC.

Confusing harms

Of the many errors that litter the Supreme Court’s May 13, 2016 judgment in the Subramanian Swamy case, perhaps the most egregious is the failure to recognise the harm that criminal defamation poses to a healthy civil society in a free democracy. At the crux of this mistake is the Supreme Court’s failure to distinguish between private injury and social harm. Two people may, in their private capacities, litigate a civil suit to recover damages if one feels the other has injured her reputation. This private action of defamation was not in issue before the court.

On the other hand, by criminalising defamation, why should the state protect the reputations of individuals while expending public resources to do so? This goes to the concept of crime. When an action is serious enough to harm society it is criminalised. Rape strikes at the root of public safety, human dignity, equality, and peace, so it is a crime. A breach of contract only injures the party who was expecting the performance of contractual duties; it does not harm society, so it is not a crime. Similarly, a loss of reputation, which is by itself difficult to quantify, does no harm to society and so it should not be a crime.

Truth and the public good

It may be argued, and the Supreme Court hints, that at its fundament, society is premised on the need for truth; so lies should be penalised. This is where defamation law wanders into moral policing. In Indian and European philosophies, truth is consecrated as a moral good. The Supreme Court quotes from the Bhagavad Gita on the virtue of truth. But while quotes like these are undoubtedly meaningful, they have no utility in a constitutional challenge. In reality, society is composed of truth, lies, untruths, half-truths, rumour, satire, and a lot more. In fact, the more shades of opinion there are, the livelier that society is. So lies should not invite criminal liability.

If we concede the moral debate and arrive at a consensus that the law must privilege truth over lies, then truth alone should be a complete defence to defamation. If the law criminalises untruth, then it must sanctify truth. That means when tried for the crime of defamation, a journalist must be acquitted if her writing is true. But the law and the Supreme Court require more. In addition to proving the truth, the journalist must prove that her writing serves the public good. So speaking truth is illegal if it does not serve the public good.

In fact, truth has only recently been recognised as a defence to defamation, albeit not a complete defence. This belies the social foundations of criminal defamation law. The purpose of the offence is not to uphold truth, it is to protect the reputations of the powerful. But what is reputation? The Supreme Court spends 25 pages trying to answer this question with no success. Instead, the court declares that reputation is protected by the right to life guaranteed by Article 21 of the Indian Constitution but it offers no sound reasoning to support this claim. The court also fails to explain why the private civil action of defamation is insufficient to protect reputation.

The constitution and constitutionalism

There are two core constitutional questions posed by the Subramanian Swamy case. They are:

Does the crime of defamation fall within one of the nine grounds listed in Article 19(2) of the constitution; and
Are sections 499 and 500 of the IPC which criminalise and punish defamation reasonable restrictions on the right to free speech?

Article 19(2) contains nine grounds in the interests of which a law may reasonably restrict the right to free speech. Defamation is one of the nine grounds, but the provision is silent as to which type of defamation, civil or criminal, it considers. However, B.R. Ambedkar’s comments in the Constituent Assembly arguably indicate that criminal defamation was intended to be a ground to restrict free speech.

The answer to the second question lies in measuring the reasonableness of the restriction criminal defamation places on free speech. If the restriction is proportionate to the social harm caused by defamation, then it is reasonable. However, restating an earlier point, criminalising defamation serves no legitimate public purpose because society is unconcerned with the reputations of a few individuals. Even if society is concerned with private reputations, the private civil action of defamation is more than sufficient to protect private interests. Further, the danger that current criminal defamation law poses to India’s free speech environment is considerable. Dhavan says: “Defamation cases [are] a weapon by which the rich and powerful silence their critics and censor a democracy.”

The Subramanian Swamy case highlights several worrying trends in India’s constitutional jurisprudence. The judgment is delivered by one judge speaking for a bench of two. Such critically significant constitutional challenges cannot be left to the whims of two unelected and unaccountable men. Moreover, from its position as the guarantor of individual freedoms, the Supreme Court appears to be in retreat. This will have far-reaching and negative consequences for India’s citizenry. If the court fails to enhance individual freedoms, what is its constitutional role? The judiciary would do well to stay away from policy mundanities and focus on promoting India’s democratic project, lest it injure its own reputation.

For more details visit https://cis-india.org/internet-governance/blog/criminal-defamation-and-the-supreme-court2019s-loss-of-reputation

Internet L@w

praskrishna — 2016-05-30T02:07:00Z

Vanya Rakesh will attend the Internet law course organized by the University of Geneva from 20 June 2016 to 1 July 2016 as part of the Geneva Summer School.

Study Internet Law in Geneva, where the World Wide Web was born!

Topics that will be covered include cybersecurity, digital privacy and online surveillance, free speech, consumer protection, legal issues of social media, dangers of cloud computing, Internet and telecom infrastructure, intellectual property, antitrust, and much more...

This is a unique opportunity to gain hands-on experience in the framework of an Internet law clinic and to discuss cutting edge Internet law and policy issues with academics, practitioners, representatives of global policy makers, international organizations and leading institutions, including the Berkman Center for Internet and Society at Harvard University, the International Telecommunication Union (ITU) and the World Intellectual Property Organization (WIPO).

For its first and second sessions (in June 2014 and 2015), the Internet l@w summer school welcomed participants from very diverse background and countries including Argentina, China, Egypt, Germany, India, Italy, Lithuania, Ukraine and the US.

Discover an international city in the heart of Europe. Participate in an exciting social programme, including excursions and social gatherings, and build a global network of new friends as well as of Internet law and policy experts.

A video testimony of participants to the 2014 edition is available here!

Equivalence of 6 ECTS credits.

Please note: Changes to the draft program may be made at any time prior to the start of the course.

More Info, click here.

For more details visit https://cis-india.org/internet-governance/news/internet-l-w

CPRsouth 2016 – Young Scholars Programme

praskrishna — 2016-05-30T02:01:21Z

Rohini Lakshané, Amber Sinha and Vidushi Marda have been selected to attend the two-day Young Scholars' Programme to be held in Zanzibar, Tanzania in early September this year. The programme is a part of the CPRSouth conference.

Read the original announcement published by CPRSouth here.

Following highly successful joint Afro-Asian CPR conferences in Mauritius in 2012, and India in 2013, CPRafrica and CPRsouth formally merged under the banner of CPRsouth in 2014. Since then, CPRsouth has hosted conferences in the Cradle of Humankind in South Africa (2014), and at the Innovation Center for Big Data and Digital Convergence at Yuan Ze University, Taiwan (2015).

This year’s conference is co-hosted by COSTECH and TCRA in Zanzibar, and will include sessions on cutting-edge developments on ICT policy and regulation in the South and discussion of the research-policy interface.

30 Young Scholars from Africa and the Asia-Pacific region will be selected to participate in a tutorial programme taught by recognised scholars and practitioners from Africa and Asia, and they will attend the main conference thereafter.

Tutorials are scheduled to be held on the 6^th and 7^th of September 2016, prior to the main CPRsouth conference.

Who will qualify?

Masters/PhD students in Economics, Public policy, Communications and Journalism
Officers of government/regulatory agencies undertaking ICT policy research, developing/gathering indicators (monitoring and evaluation)
Staff of private companies in the communication industries working in regulatory affairs
Officers in NGOs/INGOs working in policy and regulation
Researchers from think tanks, university research centres
Journalists covering communication public policy and regulation

Seminar

The seminar will cover a number of topics of the two days, such as:

policy analysis using supply-side or demand-side data;
ICT impact analysis;
convergence, net neutrality;
funding broadband network extension, open access networks, spectrum;
sector and competition regulation;
research to policy interventions;
Internet governance – privacy, surveillance, human rights online; and
introduction to big data, open data.

(2016 tutorial programme still to be confirmed)

Previous tutorial presentations can be accessed at http://www.cprsouth.org/

Application deadline: 22 April 2016

Application guidelines

Applications should be submitted via this link by 22 April 2016, and must contain the following:

one-page curriculum vitae; and
one-page write-up outlining why you wish to become an African or Asia-Pacific based expert capable of contributing to ICT related policy and regulatory reform in the region

Applicants’ write-ups and biographies should be in a single word document, and named: CPRsouth2016_YoungScholar_ApplicantLastName.

Kindly note: Late applications and applications that do not conform to the prescribed format above will automatically be disqualified.

Review Criteria

Applications will be reviewed according to the following criteria:

content of application;
evidence of interest in, and commitment to, policy-relevant research for Africa or the Asia-Pacific region;
quality of writing; and
gender and country representation

The selection committee may contact your supervisor or mentor before making the final selections.

Candidates selected to participate in the tutorial programme must:

provide a one-page research proposal upon acceptance onto the tutorial programme
participate in all tutorial sessions
participate in the entire CPRsouth 2016 conference

Funding

Selected young scholars who are passport holders of, and travelling from, low and middle income countries within the Asia Pacific and Africa (as classified by the World Bank http://data.worldbank.org/about/country-classifications/country-and-lending-groups#Low_income) will be provided with:

lowest-cost economy airfare to conference destination (less USD 150 registration fee);
ground transfers between the conference venue and airport; and
twin sharing accommodation on bed and breakfast basis, 5 lunches and 1 dinner for the duration of the conference and tutorials (6 – 10 September 2016). Not all meals are covered.

The registration fee for young scholars to attend the conference and tutorials is USD150, and airfares will be reimbursed less this registration fee. Participants will be required to cover:

transport to and from airports in their home countries;
visa fees (if any);
meals not provided; and
any other incidental costs

As the registration fee is so low and should be met personally even if there is no institutional support for attendance of the course and conference, please note that only under exceptional circumstances of extreme financial hardship may the organisers consider a waiver of the conference registration fee. Such waivers will be considered on a case-by-case basis and only where a scholar would otherwise be prevented from attending the YS programme and conference.

Visas

Letters of invitation will be provided for purposes of visa applications after participant selections have been made. Participants are responsible for securing their own visas to enter Tanzania, and are strongly advised to initiate visa approval procedures immediately on receipt of confirmation of their participation.

Kindly direct all enquiries to Ondine Bello: admin@researchictafrica.net orinfo@CPRsouth.org

For more details visit https://cis-india.org/internet-governance/news/cprsouth-2016-2013-young-scholars-programme

Submission by the Centre for Internet and Society on Draft New ICANN By-laws

vidushi — 2016-05-31T02:49:45Z

The Centre for Internet & Society sent its comments on the Draft New ICANN Bylaws. The submission was prepared by Pranesh Prakash, Vidushi Marda, Udbhav Tiwari and Swati Muthukumar. Special thanks to Sunil Abraham for his input and feedback.

We at the Centre for Internet and Society are grateful for the opportunity to comment on the draft new ICANN by-laws. Before we comment on specific aspects of the Draft by-laws, we would like to make a few general observations:

Broadly, there are significant differences between the final form of the by-laws and that which has been recommended by the participants in the IANA transition process through the ICG and the CCWG. They have been shown to be unnecessarily complicated, lopsided, and skewed towards U.S.-based businesses in their past form, which continues to reflect in the current form of the draft by-laws.

The draft by-laws are overwrought, but some of that is not the fault of the by-laws, but of the CCWG process itself. Instead of producing a broad constitutional document for ICANN, the by-laws read like the worst of governmental regulations that go into unnecessary minutiae and create more problems than they solve. Things that ought not to be part of fundamental by-laws — such as the incorporating jurisdiction of PTI, on which no substantive agreement emerged in the ICG — have been included as such.

Simplicity has been seen as a sin and has made participation in this complicated endeavour an even more difficult proposition for those who don’t choose to participate in the dozens of calls held every month. On specific substantive issues, we have the following comments:

Jurisdiction of ICANN’s Principal Office

Maintaining by-law Article XVIII, which states that ICANN has its principal office in Los Angeles, California, USA, these Draft by-laws make an assumption that ICANN’s jurisdiction will not change post transition, even though the jurisdiction of ICANN and its subsidiary bodies is one of the key aspects of post transition discussion to be carried out in Work Stream 2 (WS2). Despite repeated calls to establish ICANN as an international community based organisation (such as the International Red Cross or International Monetary Fund), the question of ICANN's future jurisdiction was deferred to WS2 of the CCWG-Accountability process. All of the new proposed by-laws have been drafted with certainty upon ICANN's jurisdiction remaining in California. Examples of this include the various references to the California Civil Code in the by-laws and repeated references to entities and structures (such as public benefit corporations) in the fundamental by-laws of the ICANN that can only be found in California.

This would make redundant any discussion in WS2 regarding jurisdiction, since they cannot be implemented without upending the decisions relating to accountability structures made in WS1, and embedded in the by-laws.

CIS suggests an provision expressly be inserted in the by-laws to allow changes to the by-laws in WS2 insofar as matters relating to jurisdiction and other WS2 issues are concerned, to make it clear that there is a shared understanding that WS2 decisions on jurisdiction are not meant to be redundant.

Jurisdiction of the Post-Transition IANA Authority (PTI)

The structure of the by-laws and the nature of the PTI in Article 16 make its Californian jurisdiction integral to the very organisation as a whole and control all its operations, rights and obligations. This is so despite this issue not having been included in the CWG report (except for footnote 59 in the CWG report, and as a requirement proposed by ICANN’s lawyers, to be negotiated with PTI’s lawyers, in Annex S of the CWG report). The U.S. government’s requirement that the IANA Functions Operator be a U.S.-based body is a requirement that has historically been a cause for concern amongst civil society and governments. Keeping this requirement in the form of a fundamental by-law is antithetical to the very idea of internationalizing ICANN, and is not something that can be addressed in Work Stream 2.

CIS expressed its disagreement with the inclusion of the U.S-jurisdiction requirement in Annex S in its comments to the ICG. Nothing in the main text of the CWG or ICG recommendations actually necessitate Californian jurisdiction for the PTI. Thus, clearly the draft by-laws include this as a fundamental by-law despite it not having achieved any form of documented consensus in any prior process. This being a fundamental by-law would make shifting the PTI’s registered and principal office almost impossible once the by-laws are passed.

No reasoning or discussion has been provided to justify the structure, location and legal nature of the PTI. The fact that the revenue structure, by-laws and other details have not even been hinted at in the current document, indicate that the true rights and obligations of PTI have been left at the sole discretion of the ICANN while simultaneously granting it fundamental by-law protection. This is not only deeply problematic on front of delegation of excessive responsibility for a key ICANN function without due oversight but also leads to situation where the community is agreeing to be bound to a body whose fundamental details have not even been created yet, and yet is a fundamental by-law.

CIS would therefore suggest that the PTI related clauses in the by-laws be solely those on which existing global Internet community consensus can be shown, and the PTI’s jurisdiction is not something on which such consensus can be shown to exist. Therefore the by-laws should be rewritten to make them agnostic to PTI’s jurisdiction. Further, CIS suggests that the law firm appointed for PTI be non-American, since U.S.-based law firms capable law firms in Brazil, France, and India.

We would also like to note that we have previously proposed that PTI’s registered office and ICANN’s registered office be in different jurisdictions to increase jurisdictional resilience against governmental and court-based actions.

Grandfathering Agreements Clause

A fair amount of discussion has taken place both in the CCWG mailing list about Section 1.1 (d)(ii), which concerns the inclusion of certain agreements into the scope of protection granted to ICANN from its Mission and Objective statement goals. CIS largely agrees with the positions taken by the IAB and CCWG in their comments of demanding the removal of parts B, C, D E and F of Section 1.1(d)(ii) as all of these are agreements that were not included in the scope of the CCWG Proposal and a fair few of these agreements (such as the PTI agreement) have not even been created yet. This leads to practical and legal issues for the ICANN as well as the community as it restricts possible accountability and transparency measures that may be taken in the future.
CIS as its suggestion therefore agrees with the IAB and CCWG in this regard and supports the request by them that demand by these grandfathering provisions be removed.

Inspection Rights

Section 22.7 severely limits the transparency of ICANN’s functioning, and we believe it should be amended.

(a) It limits Inspection Requests to Decisional Participants and does not allow for any other interested party to make a request for inspection. While the argument has been made that Californian law requires inspection rights for decisional participants, neither the law nor CCWG’s recommendations require restricting the inspection rights to decisional participants. CIS’s suggestion is to allow for any person in the public to make a request for examination, but to have to declare the nature of the public interest behind requests for non-decisional participants, so that an undue number of requests are not made for the purpose of impairing the operations of the organisation.

(b) The unclear but extremely limited definition of ‘permitted scope’, which does not allow one to question any ‘small or isolated aspect’ of ICANN’s functioning, where there is no explicit definition of what constitutes the scope of matters relevant to operation of ICANN as a whole, leaving a loophole for potential exploitation. CIS suggests the removal of this statement and to allow only for limitations listed in Section 22.7 (b) for Inspection Requests.

(3) There is no hard deadline provided for the information to be made available to the querying body, thus allowing for inordinate delays on the part of the ICANN, which is open to abuse. CIS suggests the removal of the clause ‘or as soon as reasonably practicable thereafter’ in this section.

(4) The need for insisting that the material be used only for restricted purposes. CIS suggests that as a step towards ICANN’s transparency, it is essential that they allow the use of the information for any reason deemed necessary by the person demanding inspection. There is no clear reason to require restriction to EC proceedings for non-confidential material. This requirement should be removed.

Work Stream 2 Topics

Section 27.2, which covers necessary topics for WS2, currently does not include key aspects such as PTI documents, jurisdictional issues, etc. In this light, we suggest that they be included and a clause be inserted to indicate that this list of topics is indicative and the CCWG can expand the scope of items to be worked on in WS2 as well as make changes to work completed in WS1 (such as these by-laws) to meet WS2 needs as well.

FOI-HR

Section 27.3 (a) requires the FOI-HR to be approved by "(ii) each of the CCWG-Accountability’s chartering organizations..” which is inconsistent with the CCWG proposal that forms the basis for these by-laws. The requirement of formal approval from every Chartering Organisation in the current draft is inconsistent with Annex 6 of the CCWG proposal, that has no such requirement.

CIS strongly advocates for a change in the bylaw text to align with the intent of the CCWG Accountability report, and to reflect that the process of developing the FOI-HR shall follow the same procedure as Work Stream 1.

Contracts with ICANN

Section 27.5 currently states that “Notwithstanding the adoption or effectiveness of the New by-laws, all agreements, including employment and consulting agreements, entered by ICANN shall continue in effect according to their terms.”

As the section currently stands, there is a possibility that prior to the creation of by-laws, agreements that may be in contravention of the by-laws may be brought forth intentionally before the commencement of the operation of ICANN’s Mission statement in the said by-laws. The clause may be updated as follows to avoid this —

“Notwithstanding the adoption or effectiveness of the New by-laws, all agreements, including employment and consulting agreements, entered by ICANN shall continue in effect according to their terms, provided that they are in accordance with ICANN’s Mission Statement.”

For more details visit https://cis-india.org/internet-governance/blog/comments-on-the-draft-new-icann-bylaws

India's Proposed Map Law Prompts Outcry

praskrishna — 2016-05-29T09:30:31Z

In India, proposed legislation to ban use of maps or satellite images of the country without approval from the government has led to an outcry and triggered an online campaign called “Save The Map.”

The article by Anjana Pasricha was published in Voice of America on May 17, 2016. Pranesh Prakash was quoted.

The controversy is not just over stiff penalties of up to $15 million for a wrong depiction of India’s borders, but that in a digital era, the law would potentially disrupt a host of businesses and start-ups such as taxi-hailing services.

Reasons

The draft Geospatial Information Regulation Bill seeks to regulate the use of mapping and satellite data for two reasons: secure the country’s strategic installations from enemies and terrorists and ensure that its political boundaries are correctly depicted. The government says it will not create barriers to business.

But Internet experts say the sweeping proposed law will affect ordinary people using mobiles and laptops, all new-age companies such as food-delivery and e-commerce, apps, as well as Apple and Google map products.

Nikhil Pahwa, founder of the website MediaNama, calls location data the core fabric of all digital services.

“What the government has ended up doing is making pretty much every single app illegal because they all use geospatial data and they wont have a license. If you take a photograph, it has location data. If you use Uber to hail a cab, it uses maps and it shows taxi cabs on the map. If I WhatsApp my location to a friend to pick me from a particular location, I am generating geospatial information,” he said.

Nikhil Pahwa, founder of the website MediaNama, calls location data the core fabric of all digital services.

Complications for ordinary citizens

The draft law requires anyone wanting to use, publish or own maps or geospatial data to apply for a license, which will be considered by a security vetting committee.

The Bangalore-based Center for Internet and Society (CIS) has also slammed the new bill, saying it takes India back more than three decades when businesses were governed by a maze of bureaucratic licenses and permits.

“What it does, it puts in place a license raj for all use of mapping technologies. That just does not make sense. No other country in the world has this regressive mapping law,” said Pranesh Prakash at CIS.

Internet opposition

A volunteer-led internet campaign called “Save The Map” led by Bangalore-based tech experts, is steadily gathering momentum. It is calling on people to petition the government against the bill in its present form. It seeks to replicate an extremely successful campaign called “SavetheInternet” which built public opinion and put pressure on the government to ensure equal access to the internet.

The government has sought to calm the growing concerns, saying the bill is only in a preliminary stage and it has invited feedback and suggestions from the public until June 4.

Officials point to India’s growing security concerns, specially since an armed attack at a strategic air base in Pathankot in northern India earlier this year, allegedly mounted by Pakistan-based terrorists. Speaking to an Indian newspaper, Junior Home Minister Kiren Rijiju said the bill is necessary because “India as a responsible country must have provisions to secure its boundary and territory.

However Prakash of CIS points out that the new bill will not necessarily prevent terror groups from getting hold of geospatial data to target Indian installations because they don’t need maps generated inside India to access such information.

“They need satellite imagery and they need maps, period. Now this law does not actually prevent such maps from being created, it does not prevent satellite images of India being captured. What it does is prevent Indians from doing so. So it won't prevent foreign-based terrorists, especially state-backed terrorists, from attacking India,” he said.

Internet and public policy experts agree that the government could impose restrictions on mapping and satellite images of strategic and sensitive locations in the country.

Huge fines

The eye-popping fines of up to $15 million and jail terms of up to seven years proposed for incorrect depiction of India’s borders have also caused surprise.

India has always insisted maps should show Kashmir in the north, which is claimed by both India and Pakistan and the state of Arunachal Pradesh in the northeast, which China claims, within Indian political boundaries.

Foreign magazines and newspapers which failed to do so were only allowed to circulate in the country after the words “Boundaries of India shown in this map are not correct” were stamped over maps that did not conform to India’s interpretations of its borders.

Google already offers slightly altered versions of its maps inside India, showing the disputed regions of Kashmir and Arunachal Pradesh as part of India.

Independent political analyst Ajoy Bose said New Delhi has long been very sensitive over how these two territories are depicted. “It has always been a source of annoyance to successive governments, but this government being ultranationalist in nature is very particular about India’s geographical boundaries being correctly shown, and therefore it is taking much more drastic action,” he said.

For more details visit https://cis-india.org/internet-governance/news/voice-of-america-may-17-2016-anjana-pasricha-india-proposed-map-law-prompts-outcry

Suckfly Attacks National Stock Exchange Tech Vendor, Among Others

praskrishna — 2016-05-29T08:07:00Z

A cyber espionage group attacked an Indian IT firm that provides support to India’s largest stock exchange. It’s one of many attacks in the recent past.

The blog post by Rohit Pathak was published in the Quint on May 21, 2016. Pranesh Prakash was quoted.

For 24 months now, several Indian government and private organisations have been victims of highly-targeted and sustained cyberattacks by Suckfly. Cyber security firm Symantec has been tracking Suckfly since April 2014 and believes it is a Chinese cyber-espionage group. According to Symantec, Suckfly uses stolen digital certificates to breach the internal networks of Indian organisations.

While Symantec has declined to name any of the victims, it says the high-profile targets include one of India’s largest financial institutions, an e-commerce company and its primary shipping vendor, a leading Indian IT company, two government organisations, and an American health care provider’s Indian business unit.

So far, the highest infection rate has been at a government organisation responsible for implementing network software across various ministries and departments of the Indian central government. Symantec’s investigation report says Suckfly uses custom malware called Backdoor.Nidiran to orchestrate the attacks. While Suckfly had used the same backdoor in its previous campaigns in other countries, in India the post-infection activity was significantly higher.

“We should be aware that this attack isn’t yet over. Suckfly has been targeting organisations since at least May 2014, and it very likely continues to have access to governmental and corporate servers in India thanks to the Nidiran backdoor,” says Pranesh Prakash, Policy Director, Centre for Internet and Society.

He added that, “Depending on what access Suckfly got, the damage could be anything from them having conducted fraudulent financial transactions to obtaining classified governmental secrets.”

It is as yet unclear what data has been exfiltrated by Suckfly, but the fact that no organisations have reported this to their customers shows that the current laws with regard to data security and data breaches are inadequate.

Pranesh Prakash, Policy Director, Centre for Internet and Society

In a detailed email exchange with Bloomberg Quint, Symantec’s security experts describe how Suckfly operates, its motives, and what Indian entities can do to protect themselves.

Suckfly’s Modus Operandi

In 2015, between 22 April and 4 May, Suckfly conducted a multistage attack on an Indian e-commerce company.

It first identified a user – an employee of the e-commerce company – to attempt its initial breach into the e-commerce company’s internal network.

Symantec says, “We don’t have hard evidence of how Suckfly obtained information on the targeted user, but we did find a large open-source presence on the initial target. The target’s job function, corporate email address, information on work-related projects, and publicly accessible personal blog could all be freely found online.’

Suckfly then exploited a vulnerability in the employee’s operating system (Windows) that allowed it to bypass the User Account Control and install the malware. It’s likely that Suckfly used a spear-phishing email to gain entry.

Having entered the employee’s system, Suckfly gained access to the employee’s account credentials and then used them to access the victim’s account and navigate the e-commerce company’s internal corporate network as though it were the employee.

Suckfly’s final step was to exfiltrate data off the victim’s network and onto Suckfly’s infrastructure.

Weekends Off

The attack took place over 13 days, but Symantec discovered that Suckfly was active only Monday to Friday. There was no activity from the group on weekends. This could be because the attackers’ hacktools are command line driven and can provide insight into when operators are behind keyboards actively working.

Suckfly’s Motives?

According to Symantec, “Suckfly targeted one of India’s largest e-commerce companies, a major Indian shipping company, one of India’s largest financial organizations, and an IT firm that provides support for India’s largest stock exchange. All of these targets are large corporations that play a major role in India’s economy. By targeting all of these organisations together, Suckfly could have had a much larger impact on India and its economy. While we don’t know the motivations behind the attacks, the targeted commercial organisations, along with the targeted government organisations, may point in this direction. Symantec’s research shows that Suckfly is well-equipped to carry out targeted attacks for years while staying off the radar of security organisations.”

Symantec refused to name the victims and when contacted, the National Stock Exchange (NSE) said its systems were secure and that it had not heard of any such attack on any of its tech vendors.

In the last two years, from 2013 to 2015, the total number of reported cyber breaches worldwide have increased 25%. India is amongst the most vulnerable – ranking third on the list of countries that have faced financial intrusion.

Smokescreen is a cybersecurity firm and CEO Sahir Hidayatullah claims virtually every large company in India has been compromised to varying degrees already.

Strategic economic advantage and intellectual property theft are the primary motivators for nation state attackers targeting energy, pharma, and manufacturing. Attacks against the financial sector are more commonly done by financially-motivated cybercriminals, however, nation state attackers have an interest here as well – being deeply embedded into critical systems affords opportunities for both mass data collection as well as the ability to cripple financial systems if required. All major governments aspire to have this offensive capability and are in various stages of having developed it already.Sahir Hidayatullah, CEO, Smokescreen

Over the last few months, our decoy detection network in India has seen an up-tick in targeted attacks specifically aimed at companies in banking, energy, pharmaceuticals and manufacturing. Manufacturing has seen the single largest increase in targeted attempts to compromise infrastructure. We have seen a large increase in ‘malware-less’ attacks including the use of stolen credentials on VPN systems.

More worrisome is that over the last year, we have conducted breach-readiness assessments for many of the large names in these verticals, and in every instance, the internal controls were unable to detect and respond to our simulated attacks in time. According to our assessment, none of them are prepared to withstand a targeted attack.

According to a 2015 survey conducted by PWC spanning 250 Indian companies, 72% of the respondents claimed they faced some sort of cyberattack over the last year. 63% claimed intrusions lead to financial losses and 55% claimed there was loss of sensitive information. But the worrying number is this – 78% have no cyber incident response plan. That’s good news for Suckfly and its comrades.

For more details visit https://cis-india.org/internet-governance/news/the-quint-rohit-pathak-may-21-2016-suckly-attacks-national-stock-exchange-tech-vendor-among-others

India Seeks to Limit Use of Maps and Satellite Images

praskrishna — 2016-05-28T12:38:45Z

Indians are discussing a plan to ban use of maps or satellite images of the country without approval from the government.

The plan’s critics have launched an online campaign called “Save The Map.” They say the proposed ban could affect many new businesses and services that use technology. The Geospatial Information Regulation Bill would require anyone who wants to use, publish or own maps or geospatial data to seek official permission. A special security committee would consider such requests. Indian officials say the proposed law would help protect military bases from enemies and terrorists. They deny it would cause problems for businesses.

But Internet experts say the law would affect anyone who uses mobile phones, laptop computers and online companies, such as ride services. They also fear that the ban would affect computer software programs and Apple or Google Map products. The Center for Internet and Society (CIS) in Bangalore also has criticized the bill. It says the measure would return India to where it was more than 30 years ago -- when businesses were forced to get licenses from government officials before they could begin to operate. Pranesh Prakash works at the center.

“What it does (is) it puts in place a license raj for all use of mapping technologies. That just does not make sense. No other country in the world has this regressive mapping law.” Technology experts from Bangalore launched the “Save The Map” campaign. It is calling on Indians to demand that the government change the planned law. The campaign is hoping to copy a successful campaign called “Save The Internet,” which pressured the government to ensure equal access to the Internet.

Indian officials have sought to calm critics, saying the bill is not final. The government has asked people to give ideas on how it should be changed by June 4. Officials note the country is dealing with an increasing number of security issues, including an attack at an air base in northern India earlier this year. Terrorists based in Pakistan were said to have carried out the attack. Junior Home Minister Kiren Rijiju told a newspaper that the law is needed because India must have ways to “secure its boundary and territory.”

But Prakash notes that the measure would not stop terrorists from using geospatial data from sources outside India. “They need satellite imagery and they need maps, period. Now this law doesn’t actually prevent such maps from being created, it doesn’t actually prevent satellite images of India being captured. What it does is prevent Indians from doing so. So it actually won’t prevent foreign-based terrorists -- especially state-backed terrorists -- from attacking India.” Internet and policy experts say the government would not be able to stop others from creating maps or satellite images of sensitive locations in the country.

I’m Anne Ball.

Anjana Pasricha reported this story from New Delhi for VOANews.com. Christopher Jones-Cruise adapted it for Learning English. George Grow was the editor. Read the original published by Voice of America on May 27, 2016

For more details visit https://cis-india.org/internet-governance/news/voice-of-america-may-27-2016-india-seeks-to-limit-use-of-maps-and-satellite-images

Comments on Draft Electronic Health Records Standards

Amber Sinha — 2016-12-15T08:45:07Z

The Centre for Internet & Society submitted its comments on the Draft Electronic Health Records Standards to the Ministry of Health and Family Welfare.

To,
Ministry of Health and Family Welfare,
Room 307 D,
Nirman Bhavan,
New Delhi 110108

Subject: Comments on the Electronic Health Record (EHR) Standards of India

The Electronic Health Record (EHR) Standards (hereinafter “EHR Standards”) were publicly circulated on March 18, 2016 seeking comments and views from stakeholders and the general public. Having reviewed the EHR Standards and referred to other robust standards dealing with the same subject matter, we wish to submit the following comments on the EHR Standards.

Standards and Interoperability

The EHR Standards state that the "primary aim of interoperability standards is to ensure syntactic (structural) and semantic (inherent meaning) interoperability of data amongst systems at all times" [1]. It is mentioned that set of standards outlined in this document represents an incremental approach to adopting standards and that they need to be flexible and modifiable to adapt to the demographic and resource diversity in India.

Comments:

The EHR Standards make a reference to syntactic and semantic interoperability without really defining these terms or stipulating clear steps for how they may be achieved. It is suggested that these terms are clearly defined. Syntactic interoperability can be defined as ensuring the preservation of the clinical purpose of the data during transmission among healthcare systems. Similarly, semantic interoperability can defined as enabling multiple systems to interpret the information that has been exchanged in a similar way through pre-defined shared meaning of concepts [2].
Inadequate human resource capacity remains a critical challenge to the adoption of e-health standards. The WHO and ITU eHealth Strategy Toolkit [3] recommends the development of effective health ICT workforce, capable of designing, building, operating and supporting e-health services. This workforce could participate in standards development, as well as the localization of international standards to fit a country's specific need. The EHR Standards should also include mechanisms and solutions to address these issues.

Ownership of Data

The physical or electronic records, which are generated by the healthcare provider are held in trust by them on behalf of the patient [4]. It is stated that the contained data which is sensitive personal data or personal information of the patient as per the Information Technology Act, 2000 is owned by the patients, however the medium for storage or transmission of such data is owned by the healthcare provider.

Comments:

Currently, the EHR Standards state that the contained data which are the sensitive personal data of the patient is owned by the patient. While medical records and history is included within the scope of sensitive personal data under the Information Technology Act, 2000, the definition of "Personal Health Information" under the EHR Standards is more expansive. Therefore, it is recommended that all Personal Health Information is deemed to be owned by the patient.
Currently, the EHR Standards do not clearly specify the bodies and individuals who would be subject to the requirements under this document. A definition similar to that of "covered entities" under the US Health Insurance Portability and Accountability Act (HIPAA) could be used [5].

Privileges of Patient

Currently, the privileges of the patient include the rights to inspect and view their medical records. Further, the patient can request a healthcare organization that stores/maintains their medical records, to withhold specific information that they do not want disclosed to other

organizations or individuals. Also, patients can demand information from a healthcare provider on the details of disclosures performed on the patient's medical records [6].

Comments:

Currently, the EHR Standards only refer to "medical records" as being available for inspection and review of the patients. This should be expanded to also include information about enrollment, payment, claims adjudication, case or medical management record systems maintained by or for a health plan; or Other records that are used, to make decisions about individuals by healthcare providers or other bodies [7].
The EHR standards do not currently stipulate that the upon request by a patient, healthcare providers must exercise timeliness in providing the information to them. A time-limit such 30 calendar days should be clearly stated within which the healthcare provider must process the request.
The right of patients to request information from a healthcare provider on the details of disclosures should include within its scope the rights to receive the date of the disclosure; the name and address of the entity or person who received the information; a brief description of the medical information disclosed; and; a brief summary of the purpose of the disclosure [8].
A right to seek amendment of the one's medical records should also be provided to patients in cases where the information is incomplete.

Patient Identifying Information

Under the Standards, Personal identifiers include the following: Name, Address (all geographic subdivisions smaller than street address, and PIN code) All elements (except years) of dates related to an individual (including date of birth, date of death, etc.), Telephone, cell (mobile) phone and/or Fax numbers, Email address, Bank Account and/or Credit Card Number, Medical record number, Health plan beneficiary number, Certificate/license number, Any vehicle or other any other device identifier or serial numbers, PAN number, Passport number, AADHAAR card, Voter ID card, Fingerprints/Biometrics, Voice recordings that are non-clinical in nature, Photographic images and that possibly can individually identify the person, Any other unique identifying number, characteristic, or code [9].

Comments:

The above mentioned list is not adequate and exhaustive such as the definition and scope of Protected Health Information under the HIPAA [10]. The following identifiers must be included within the scope of Patient Identifying Information: Device identifiers and serial numbers, Web Universal Resource Locators (URLs), Internet Protocol (IP) address numbers.

Disclosure of Protected/Sensitive Information

The EHR Standards state that disclosure of protected/sensitive information for use in treatment, payments and other healthcare operations must be only done after obtaining a general consent of the patient. On the other hand, disclosures for for non-routine and most non-health care purposes must be done only after obtaining the specific consent of the patient. Only for certain specified national priority activities, such as notifiable/communicable diseases, it is stated that "the health information may be disclosed to appropriate authority as mandated by law without the patient's prior authorization."

Comments:

The terms "specific consent" and "general consent" need to be clearly defined.
In cases of disclosures for for non-routine and most non-health care purposes, a written authorisation should be mandatory. It should be clearly specified that a healthcare provider may not condition treatment, payment, enrollment, or benefits eligibility on an individual granting an authorization.
There is confusion due to the use of numerous terms such as "health information", "protected health information", "sensitive personal data", "personal information" and "protected/sensitive information" in the EHR Standards for the same purpose. Some of these above terms are defined while the others are not. In order to remove the ambiguity caused due to this, it is recommended that the term "protected health information" is used throughout the document.
All bodies dealing with medical data should be required to abide by the principle of "data minimisation" in use and disclosure. They must take reasonable efforts to use, disclose, and request only the minimum amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request.
For internal uses, healthcare providers and other entities must develop and implement policies and procedures that restrict access and uses of protected health information based on the specific roles of the members of their workforce.

Amber Sinha,
Centre for Internet and Society,
No. 194, 2nd 'C' Cross,
Domlur, 2nd Stage,
Bengaluru, 560071

[1] Page 7 of the EHR Standards.

[2] Funmi Adebesin, Rosemary Foster, Paula Kotze, Darelle van Greunen, "A review of interoperability standards in e-Health and imperatives for their adoption in Africa", Research Article - SACJ No. 50, July 2013; L. E. Whitman and H. Panetto. "The missing link: Culture and language barriers to interoperability", Annual Reviews in Control, vol. 30, no. 2, 2006.

[3] WHO and ITU. "National eHealth Strategy Toolkit", available at http://goo.gl/uxMvE.

[4] Page 19 of the EHR Standards.

[5] Covered Entity includes a healthcare provider ( Doctors, Clinics, Psychologists, Dentists, Chiropractors, Nursing Homes, Pharmacies), a health plan (Insurance companies, HMOs, Company Health Plans, Government programs that pay for health care) and Healthcare Clearinghouse.

[6] Page 20 of the EHR Standards.

[7] Individuals' Right under HIPAA to Access their Health Information 45 CFR § 164.524, available at http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/ .

[8] Patient Rights Under HIPAA Accounting of Disclosures of Health Information, available at http://uthscsa.edu/hipaa/patientrights/accountingofdisclosures.pdf.

[9] Page 21 of the EHR Standards.

[10] See: http://cphs.berkeley.edu/hipaa/hipaa18.html.

For more details visit https://cis-india.org/internet-governance/blog/comments-on-draft-electronic-health-records-standards

Understanding Aadhaar and its New Challenges, May 26-27, 2016

sumandro — 2016-05-26T10:29:43Z

A workshop on “Understanding Aadhaar and its New Challenges” is being organised by the Centre for Studies in Science Policy, Jawaharlal Nehru University, and the Centre for Internet and Society, during May 26-27. It is also supported by the Centre for Communication Governance at NLU Delhi, Free Software Movement of India, Knowledge Commons, PEACE, and Center for Advancement of Public Understanding of Science & Technology. This is a legal and technical workshop to be attended by various key researchers and practitioners to discuss the current status of the implementation of the project, in the context of the passing of the Act and the various ongoing cases.

Workshop Programme

First Day, May 26

9:00-9:30	Registration
9:30-10:00	Prof. Dinesh Abrol - Welcome Self-introduction and expectations of participants Dr. Usha Ramanathan - Overview of the Workshop
10:00-11:00	Current Status of Aadhaar Dr. Usha Ramanathan, Legal Researcher, New Delhi - What the 2016 Law Says, and How it Came into Being S. Prasanna, Advocate, New Delhi - Status and Force of Supreme Court Orders on Aadhaar Discussion
11:00-11:30	Tea Break
11:30-13:30	Direct Benefits Transfers Prof. Reetika Khera, Indian Institute of Technology, Delhi - Welfare Needs Aadhaar like a Fish Needs a Bicycle Prof. Ram Kumar, Tata Institute of Social Sciences, Mumbai - Aadhaar and the Social Sector: A critical analysis of the claims of benefits and inclusion Ashok Rao, Delhi Science Forum - Cash Transfers Study Discussion
13:30-14:30	Lunch
14:30-16:00	Aadhaar: Science, Technology, and Security Prof. Subashis Banerjee, Deptt of Computer Science & Engineering, IIT, Delhi - Privacy and Security Issues Related to the Aadhaar Act Pukhraj Singh, former National Cyber Security Manager, Aadhaar, New Delhi - Aadhaar: Security and Surveillance Dimensions Discussion
16:00-16:30	Tea Break
16:30-17:30	Aadhaar - International Dimensions Prof. Chinmayi Arun, Center for Communication Governance, National Law University, Delhi - Biometrics and Mandatory IDs in other parts of the world Dr. Gopal Krishna, Citizens Forum for Civil Liberties - International Dimensions of Aadhaar Discussion
17:30-18:00	High Tea
18:00-19:00	Video Presentations

Second Day, May 27

9:30-11:00	Privacy, Surveillance, and Ethical Dimensions of Aadhaar Prabir Purkayastha, Free Software Movement of India, New Delhi - Surveillance Capitalism and the Commodification of Personal Data Arjun Jayakumar, SFLC - Surveillance Projects Amalgamated Col Mathew Thomas, Bengaluru - The Deceit of Aadhaar Discussion
11:00-11:30	Tea Break
11:30-10:30	Aadhaar: Broad Issues - I Prof. G Nagarjuna, Homi Bhabha Center for Science Education, Tata Institute of Fundamental Research, Mumbai - How to prevent linked data in the context of Aadhaar Dr. Anupam Saraph, Pune - Aadhaar and Moneylaundering Discussion
13:00-13:30	Video Presentations
13:30-14:30	Lunch
14:30-15:30	Aadhaar: Broad Issues - II Prof. MS Sriram, Visiting Faculty, Indian Institute of Management, Bangalore - Financial lnclusion Nikhil Dey, MKSS, Rajasthan (TBC) - Field witness: Technology on the Ground Prof. Himanshu, Centre for Economic Studies & Planning, JNU - UID Process and Financial Inclusion Discussion
15:30-16:00	Conclusion

For more details visit https://cis-india.org/internet-governance/events/understanding-aadhaar-and-its-new-challenges-may-26-27-2016

Women's Safety? There is an App for That

rohini — 2017-01-10T02:48:34Z

“After locking ourselves in a room for more than 6 days, this is what we came out [sic] with. Join us in helping make WOMEN feel SAFE,” read a gloating press release about a smartphone app for women to notify their near ones that they were in distress. It was one among many such PRs frequently landing in my mailbox after the rape and murder of a young student on board a private bus in Delhi in 2012.

The article by Rohini Lakshané was published in Gender IT.org on May 19, 2016. This was also mirrored by Feminism in India on January 9, 2017.

The incident had spurred protests across the country and made international headlines. Along with all this came a slew of new “women’s safety” apps. Existing ones, many of which had fizzled out, were conveniently relaunched. My own experience of user-testing such apps in India back then was that they were unreliable at best and dangerously counterproductive at worst. Some of them were endorsed by governments and celebrities and ended up being glorified despite their flaws, their technical and systemic handicaps never acknowledged at all.

There are myriad mobile phone apps meant to be deployed for personal safety, but their basic functioning is more or less the same: the user activates the app (by pressing a button, shaking the device or similar cue), which sends a distress message containing the users’ location to pre-defined contacts. Some apps include additional artefacts such as a short audio or video recording of the situation. Some others augment this mechanism by alerting the police and other agencies best placed to respond to the emergency. For example, the Companion app for students living on campus notifies the university along with police. The SOS buttons in taxi-hailing apps such as Uber enable the user’s contacts to follow the cab’s GPS trail and notify them and the cab company’s “incident response team” of emergencies. Apps such as Kitestring would treat the lack of the user’s response within a time-window as the trigger for a distress message. All their technical wizardry perhaps makes it easy to lose sight of the fact that technology is not a saviour but a tool or an enabler, that technology alone cannot be the panacea of a problem that is deeply complex and, in reality, rooted in society and governance.

The Indian government announced last month that every phone sold in the country from January 2017 should be equipped with a panic button that sends distress flares to the police and a trusted set of contacts. Nearly half the phones sold in India cost USD 100 or less. Prices are kept so low by sacrificing features and the quality of the hardware; there are a lot of phones with substandard GPS modules, poor touchscreens, slow processors, bad cameras, tiny memory, and dismal battery life. They run on different versions of different operating systems, some of them outdated. All of these factors would determine if someone is able to use the app at all and how quickly they and their phone would be able to respond to an emergency. Additionally, mobile phone signals become thin or shaky in areas with a high number of users and buildings located cheek-by-jowl. Even when the mobile hardware is good and the mobile signal usable, GPS accuracy can be spotty and constant location tracking would hog battery. These issues would affect the efficacy of any app. Besides, there is too much uncertainty for an app developer to factor in. (Two years ago, I learnt about an app called Pukar, then operational in collaboration with police departments in four cities in India. Pukar solved the problem of potential inaccuracy of the GPS location by getting the user’s contacts to tell the police where the person in distress might be.) Designing a one-size-fits-all safety app is almost impossible. The app that rings a loud alarm when triggered may save someone’s life or spoil the chances of someone who is trying to get help while hiding. Different people may be vulnerable to different kinds of distress situations and an app can at best be optimised for some target user groups.

An app that does not work in tandem with existing machinery for law enforcement and public safety is a bad idea.

In the end, the “technical” problems may actually be problems of economic disparity. Making it mandatory for people to own phones equipped with certain hardware or requiring them to upgrade to more reliable devices would drive the phones out of the financial reach of many. Indian manufacturers have expressed concerns that the proposed panic button would raise costs for them as well the end buyers. Popularising a downloadable app and informing its target users how to install and work it correctly needs a marketing blitzkrieg, which is something only the state or well-funded developers can afford. The New Delhi police department runs a dedicated control room for reports arriving from its safety app, Himmat (the word for courage in many Indian languages). It’s an expensive affair.

An app that does not work in tandem with existing machinery for law enforcement and public safety is a bad idea. It puts the onus of “keeping women safe” on members of their social circles or on intermediaries and private parties such as cab companies, while absolving law enforcement agencies of their failing to provide security. It opens doors to victim blaming in case someone is unable to use the app at the right time in the right way, or if the app fails.

On the contrary, an app that does loop in the police raises concerns about surveillance and protection of data available to the police, which is especially problematic in places such as India where there is no law for privacy or data protection. Alwar, one of the cities where Pukar was implemented, is super-populated with a large geographical area and a high crime rate. Police departments in such places tend to be overworked and understaffed. Without significant policing reforms, it is questionable whether they will be able to respond in time. A sting operation done by two media outlets on 30 senior officials of the New Delhi police department in 2012 showed the cops blaming victims of sexual violence with gay abandon. “If girls don't stay within their boundaries, if they don't wear appropriate clothes, then naturally there is attraction. This attraction makes men aggressive, prompting them to just do it [sexual assault]," reads one of their nuggets. “It's never easy for the victim [to complain to the police]. Everyone is scared of humiliation. Everyone's wary of media and society. In reality, the ones who complain are only those who have turned rape into a business," goes another. An app that lets known people monitor someone’s location also poses the risk of abuse, coercion and surveillance by intimate partners or members of the family.

Unfortunately, there is no app for reforming a morass in law enforcement or dismantling patriarchy.

For more details visit https://cis-india.org/internet-governance/blog/gender-it-rohini-lakshane-may-19-2016-womens-safety-there-is-an-app-for-that

Draft Law Would Prohibit Showing ‘Disputed Areas’ on Maps of India

subha — 2016-05-15T13:05:41Z

Maps that label geographic areas of conflict as “disputed” territories in India could put one behind bars for seven years with 1B Indian Rupees (US$15M) penalty if a recently proposed bill becomes law.

The article was published in Global Voices on May 11, 2016.

The controversial bill, also known as Geospatial Information Regulation Bill 2016 would make it illegal to “depict, disseminate, publish or distribute any wrong or false topographic information of India including international boundaries through internet platforms or online services or in any electronic or physical form.”

If approved, it could put large corporations like Google (with its Google map), free and open source projects like Wikipedia and Open Street Map, and several other organizations in trouble for showing areas of conflict as disputed. Pakistan-Occupied Kashmir (PoK) and Arunachal Pradesh near the China border are two well-known examples of such areas.

The Indian government ruled by Bharatiya Janata Party (BJP) under the leadership of Prime Minister Narendra Modi has been quite critical of the depiction of the PoK and China border in Arunachal Pradesh.

If passed in the parliament as law, it could prevent Indians and foreigners, government employees and people traveling in ships and aircrafts that are registered in India, to acquire geospatial imagery or data. To acquire such data, one needs to obtain permissions from the security vetting authority.

In recent years, the Indian government has targeted numerous foreign publications including Al Jazeera for showing distorted maps of India that excluded parts of the state of Jammu and Kashmir and even another state Arunachal Pradesh. While the bill does not explicitly mention these efforts, it seems to fall in line with these previous attempts to control the free flow of geospatial information.

A news article about the proposed bill published on the portal MediaNama explains how the potential law could affect map portals like Open Street Map and Google Maps, taxi, e-commerce and public safety sites and many other services that allow marking and sharing coordinates. “Most digital photographs contain location meta-data, and by sharing your photos online, you’re adding to a repository of data related to man-made phenomenon,” suggests the same article. Open data advocates also have published list of 25 different services, seven major news portals, and 14 nonprofits that would be affected if the bill is approved.

The Open Data community of India also has come up with a campaign “SaveTheMap” to draft a request to the government to not pass the bill. The draft request states:

Request for comments / suggestions on draft “The Geospatial Information Regulation Bill, 2016” To regulate the acquisition, dissemination, publication and distribution of geospatial information of India which is likely to affect the security, sovereignty and integrity of India, a draft “The Geospatial Information Regulation Bill, 2016” has been prepared. Copy of the draft “The Geospatial Information Regulation Bill, 2016” is attached herewith for comments/suggestions. The comments/suggestions on the draft Bill may be forwarded to the Joint Secretary (Internal Security-I), Ministry of Home Affairs, North Block, New Delhi at email id: jsis@nic.in within 30 days.

There has been a lot of discussion with hashtag #GeoSpatialBill and humorous comments on social media:

Many have already started tweeting with the hashtag #savethemap:

Twitter user Prasanto Roy explained the implications of geospatial bill for various companies including Google, Uber and Open street maps:

Here's what other experts have to say:

Arup. R writes in Geospatial World:

This Act needs to be dropped. In its attempt to cover all bases it has been made so broadband and all encompassing that it may actually impede the progress of work on Geospatial systems and therefore on key Government programmes and projects. The Act does not take into account the fact that with the advent of the Cloud, Data as a Service, Software as a Service and Platform as a Service there is no need for ‘persons’ to possess data. They can just access data, do their work and retain only the final results. This Act does not, in fact cannot, even begin to comprehend the paradigm shift in geospatial technologies which makes it a non-starter.

India does need a Geospatial Information Act, but it has to be an enabling and encouraging Act that makes for faster and better implementation of programmes, not a regressive and punitive Act as the proposed one.

Devdutta Tengshe writes about the overreaching ambit of Geospatial bill on Medium:

Worst of all, it (the bill) is trying to implement Security by Obscurity, which is expecting the country to become secure by hiding information from its citizens. This is dangerous, because the real mischief creators, be they terrorists, Foreign government agencies, or domestic criminals, will most likely have access to kind of data from foreign sources, and will not even think about getting permits and licenses from these Indian Authorities.

Cyber law expert Pavan Duggal told The Wire:

The draft legislation has the intrinsic problem that it has been given extra-territorial applicability in terms of jurisdiction. It is applicable to any person anywhere in the world. We have historically seen that such jurisdiction does not work well in practical terms. What if global players do not want to take your licence or subject themselves to your jurisdiction?

Duggal further spoke about how the law could impact the growth of e-commerce and m-commerce in India.

Under this law, Google Maps will be illegal without a licence, which means that all mobile or e-commerce applications working on Google Maps will also become illegal. The licence will also only be applicable to the concerned person. So if I am a taxi aggregator like Ola or Uber, I will have to get a separate licence over and above what Google Map has.

Indian Express calls the Geospatial bill a death note for Cartography:

The draft Geospatial Information Regulation Bill of 2016 is so perfectly ridiculous that one can only hope that it falls off the map before it can be tabled in the House. Publishers the world over have learned, to their bewildered amusement, that India censors maps of itself. Now, to strike fear into their anti-national gizzards, the government has invoked an official map censor, a babu-led organisation whose prior permission will be required to publish geospatial information, which is newspeak for maps. Failure to correctly depict the borders of India could attract a fine of up to Rs 100 crore, before the poor offending bozo is dragged away to the cooler for seven years. With this draft, the government has embarked on a journey without maps, which must rapidly become directionless.

Not the first time around?

Meanwhile, this clearly isn't the first time that services such as Google Maps have come under the federal scanner in India. In 2014, India's prime investigation agency Central Bureau of Investigation (CBI) had launched a probe into Google Maps’ irregularities in Mapathon 2013 and had accused the company of running the competition without procuring proper governmental permissions. But the agency had called off the case citing lack of ‘adequate evidence to corroborate the allegations’.

For more details visit https://cis-india.org/a2k/blogs/draft-law-would-prohibit-showing-2018disputed-areas2019-on-maps-of-india

We are anonymous, we are legion

Under Modi government, foreign funding of NGOs has come down

Stand up for Digital Rights

UN Special Rapporteur Report on Freedom of Expression and the Private Sector: A Significant Step Forward

Background

Introduction

Legal and Policy Issues

Content Regulation

Transparency

Surveillance and Digital Security

Remedies

Special Rapporteur’s priorities for future work and thematic developments

Conclusions and Recommendations

CIS Comments

Smart City Policies and Standards: Overview of Projects, Data Policies, and Standards across Five International Smart Cities

Download the brief: PDF.

Introduction

Singapore

Introduction

Status of the Project

Policies and Regulations

Adoption of International Standards

Dubai, United Arab Emirates

Introduction

Status of the Project

Policies and Regulations

Adoption of International Standards

New York City, United States of America

Introduction

Status of the Project

Policies and Regulations

Adoption of International Standards

London, United Kingdom

Introduction

Status of the Project

Policies and Regulations

Adoption of International Standards

Seoul, Korea

Introduction

Status of the Project

Policies and Regulations

International Standards

Conclusion

Nodal Agency

Policies

Standards

Notes for India

References

Criminal Defamation and the Supreme Court’s Loss of Reputation

Internet L@w

CPRsouth 2016 – Young Scholars Programme

﻿Submission by the Centre for Internet and Society on Draft New ICANN By-laws

Jurisdiction of ICANN’s Principal Office

Jurisdiction of the Post-Transition IANA Authority (PTI)

Grandfathering Agreements Clause

Inspection Rights

Work Stream 2 Topics

FOI-HR

Contracts with ICANN

India's Proposed Map Law Prompts Outcry

Reasons

Complications for ordinary citizens

Internet opposition

Huge fines

Suckfly Attacks National Stock Exchange Tech Vendor, Among Others

Suckfly’s Modus Operandi

Weekends Off

Suckfly’s Motives?

India Seeks to Limit Use of Maps and Satellite Images

Comments on Draft Electronic Health Records Standards

Standards and Interoperability

Ownership of Data

Privileges of Patient

Patient Identifying Information

Disclosure of Protected/Sensitive Information

Understanding Aadhaar and its New Challenges, May 26-27, 2016

Workshop Programme

First Day, May 26

Second Day, May 27

Women's Safety? There is an App for That

Submission by the Centre for Internet and Society on Draft New ICANN By-laws