Centre for Internet and Society

Computer Related Offences

pranesh — 2013-06-07T10:47:36Z

If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.

Explanation
For the purposes of this section,

the word “dishonestly” shall have the meaning assigned to it in section 24 of the Indian Penal Code;
the word “fraudulently” shall have the meaning assigned to it in section 25 of the Indian Penal Code.

For more details visit https://cis-india.org/internet-governance/resources/section-66-it-act.txt

Comparative Analysis of Comments Submitted on Draft IT Rules

pranesh — 2012-04-23T05:47:43Z

An RTI was filed asking the DIT to provide all the feedback received on its call for comments on the Draft Information Technology Rules. The feedback on the Due Diligence Rules / Intermediary Guidelines Rules have been compiled in this comparative table.

For more details visit https://cis-india.org/internet-governance/resources/comparative-analysis-draft-it-rules-comments

Comments to the Ministry on WIPO Broadcast Treaty (March 2011)

pranesh — 2012-12-14T10:29:20Z

As a follow up to a stakeholder meeting called by the MHRD on the WIPO Broadcast Treaty, CIS provided written comments on the April 2007 Non-Paper of the WIPO Broadcast Treaty, emphasising the need for a signal-based approach to be taken on the Broadcast Treaty, and making it clear that India should continue to oppose the creation of new rights for webcasters.

On February 22, 2011, the Ministry of Human Resource Development held a meeting to decide on the Indian position on the WIPO Broadcast Treaty. The Ministry asked the participants at the meeting to send in written submissions on four matters. We sent in submissions on those four issues, as well as a few others.

Comments on the non-paper for the WIPO Broadcast Treaty by the Centre for Internet and Society

On February 23, 2011, the Ministry of HRD had asked for comments on four matters:

Article 3 of the Non-paper which was circulated earlier
Term of protection for signal
Nature of limitations and exceptions
Protection of signal and retransmission

We have made submissions on those and a few other matters as well. Unless noted otherwise, all comments made in this note pertain to the final non-paper (April 2007) and not the draft non-paper (March 2007).

Article 3

Article 3 of the draft non-paper that was circulated (March 2007) for comments from country delegates stated:

3. Scope of Application

The provisions of this Treaty shall not provide any protection in respect of

(i) mere retransmissions;

(ii) any transmissions where the time of the transmission and the place of its reception may be individually chosen by members of the public (on-demand transmissions); or

(iii) any transmissions over computer networks (transmissions using the Internet

Protocol, “webcasting”, or “netcasting”).

A number of people present at the recent MHRD-organized meeting noted that “mere retransmissions” is a confusing term. In the revised non-paper (April 2007), it has been clarified that protection is not granted to third parties for merely retransmitting another’s signal (Art. 3(4)(i)).

3. Specific Scope and Object of Protection

(4) The provisions of this Treaty shall not provide any protection

(i) to retransmitting third parties in respect of their mere retransmissions by any means of broadcasts by broadcasting organizations;

(ii) to any person for transmissions where the time of the transmission and the place of its reception may be individually chosen by members of the public (on-demand transmissions); or

(iii) to any person for transmissions over computer networks

In addition, Art. 3(4)(iii) is currently ambiguous since it is not clear whether “retransmissions” are subsumed under the word transmission. By allowing for separate rights for retransmission over computer networks, the Treaty allows for the creation of two classes: traditional broadcasters who will have rights over retransmissions over computer networks, and all other persons who will have no rights over transmissions. Thus, if “retransmission” is not subsumed under the word “transmission”, it would be advisable to alter that clause to read “to any person for transmissions or retransmissions over computer networks”.

Lastly, Art. 3(4) should additional prevent protection for persons broadcasting materials for which they have not acquired copyright, or for broadcasting materials in the public domain.

Term of Protection of Signals

No term of protection should be provided. As was noted by the US government in its response to the draft non-paper, it is questionable “whether a 20-year term of protection is consistent with a signal-based approach”. The Brazilian delegation also states: “Article 13 should be deleted. A twenty-year term of protection is unnecessary. The agreed “signal-based” approach to the Treaty implies that the objected of protection is the signal, and therefore duration of protection must be linked with the ephemeral life of the signal itself.” Thus, a term is only needed if we stray away from a signal-based approach. As we do not wish to do so, there should be no term of protection.

Limitations and Exceptions

The limitations and exceptions (L&E) currently provided for allow for mirroring of copyright L&E limited by a Berne-like three-step test.

However, reasons for providing protection over broadcasting are not the same as those for copyright. For instance, a country may wish to make exceptions to signal protection for cases such as broadcast of a national sport, as India has done with the Sports Broadcasting Signals (Mandatory Sharing with Prasar Bharati) Act.

This might well afoul of the three-step test proposed in Article 10(2). Furthermore, a country may wish to limit the application of broadcasters rights for national broadcasters (whose programming is paid for by taxpayers, and thus should be available to them), but may not be able to do so under the provisions of Article 10(2). Thus, Article 10(2) should be deleted, and Article 10(1) should be expanded to include issues of national interest and for free-to-air broadcast signals.

Protection of Signal and Retransmission

It should be a sine qua non condition of India’s that that this be a purely signal-based treaty with no fixation or post-fixation rights. Thus, it should restrict itself to protection of signals, and simultaneous retransmission.

As a result, no separate right to prevent unauthorized “decryption” should be granted, since signal-theft is already a crime. For instance, this provision would also cover decrypting an unauthorized retransmission without authorization from the retransmitter. This provides the unauthorized retransmitter rights, even though s/he has no right to retransmit. This leads to an absurd situation.

As stated by the Brazilian government:

“[Article 10 of the draft non-paper and Article 9 of the non-paper] is inconsistent with a “signal-based approach”. It creates unwarranted obstacles to technological development, to access to legitimate uses, flexibilities and exceptions and to access to the public domain. It does not focus on securing effective protection against an illicit act, but rather creates new exclusive rights so that they cover areas unrelated with the objective of the treaty, such as control by holder of industrial production of goods, the development and use of encryption technologies, and private uses. The prohibition of mere decryption of encrypted signals, without there having been unauthorized broadcasting activity, is abusive.”

Other comments

Article 7

Article 7 of the non-paper provides broadcasters rights post-fixation (“Broadcasting organizations shall enjoy the exclusive right of authorizing … the deferred transmission by any means to the public of their fixed broadcasts. ”). This is contrary to a signal-based approach. A signal-based approach would necessarily mean that it is only signal theft (which happens only via unauthorized simultaneous retransmission) that should be protected. Deferred transmission should implicate the rights of the owner of copyright, but not of the broadcasting organization.

Article 4

As suggested by the Brazilian government, Article 4(1) which proposes a non-prejudice clause should be amended to add the words “and access to the public domain” at its end. This is consistent with the WIPO Development Agenda.

Article 5

India should re-iterate its suggestion to add the following to the definition of “broadcast” under Art. 5(a): “‘broadcast’ shall not be understood as including transmission of such a set of signals over computer networks. ”

Further, the phrase “general public ” should be retained in Art.5 (as was present in the draft non-paper), and should not be made into “public”. The danger is that a limited public (say family members) could possibly be covered by the term “public”, while they will be excluded from “general public”, which in any case is the target audience of all broadcast.

For more details visit https://cis-india.org/a2k/blogs/wipo-broadcast-treaty-comments-march-2011

Comments to the MHRD on WIPO Broadcast Treaty (March 2013)

pranesh — 2013-04-23T06:39:36Z

The Centre for Internet and Society would like to make the following comments on the draft legal text of SCCR/24/10 (Working Document for a Treaty on the Protection of Broadcasting Organizations) at the stakeholders meeting to be held on March 21, 2013.

Article 1 – Preamble: The draft legal text of SCCR/24/10 (“Treaty”) in the Preamble should in clear terms capture the intent of the WIPO General Assembly as to the object of the Treaty. The SCCR reiterated the General Assembly’s mandate for a signal based approach treaty for the protection of broadcasting and cablecasting organizations. In this regard, the SCCR in its report to the 50th Session of the WIPO General Assembly (Oct. 1-9, 2012) noted:

“The Committee reaffirmed its commitment to continue work on a signal based approach, consistent with the 2007 General Assembly mandate, towards developing an international treaty to update the protection of broadcasting and cablecasting organizations in the traditional sense. The Committee also agreed to recommend to the WIPO General Assembly that the Committee continue its work toward a text that will enable a decision on whether to convene a diplomatic conference in 2014.” [emphasis added]

Therefore it is submitted that the Preamble should at the very outset establish that the Treaty aims at
- protection of a related right and a signal based approach is adopted to protect such a related right
- protection of the broadcasting and cablecasting organizations in the traditional sense.
Article 2 – General Principles: It is submitted that the Development Agenda under TRIPS should be declared as general principle under the Treaty where as a balance must be struck between the rights of the broadcasting organizations and the larger public interest.
Article 5 – Definitions: The Treaty in its current form proposes alternatives to the definitions. On a general observation, it is submitted that the alternatives are unsatisfactory and waivers from the WIPO General Assembly mandate to adopt a signal based approach.

In precise terms, the definition section attributes a broad definition to the “broadcast” and fails to define the means of broadcast. The alternative to 5(b) does reintroduce the phrase, “general public” instead of “public”, as anything lesser would not constitute a broadcast as it was in the Article 5 of the March, 2007 draft non-paper, but fails to adopt a signal based approach by adding the words, “and specific program”.

Similarly definition of “retransmission” under the Alternative A for Article 5 clause (d) uses the words, “transmission by any means” which is again in conflict with the signal based approach.

Apart from the instances mentions above there are many other inconsistencies in the definition section and therefore it is submitted that none of the alternatives to the definition section can be implements within the mandate of the General Assembly.
Article 6 – Scope of Application: We agree with the Alternative A of Article 6, insofar as the alternative to clause 1 is adopted.
Article 9 – Protection for Broadcasting Organizations: In reference to Alternative A for Article 9 it is submitted that the public performance of broadcast signals should not be covered. In many countries, especially lower-income countries, shared viewing of televisions and shared listening to radio are culturally established and it should not be equated with signal theft, which should be the primary focus of this Treaty. Further, free-to-air TV and radio channels and state-sponsored TV and radio channels depend on advertisements and other forms of income, not subscriber payments. Given this, there is no reason why public performance, the wrongfulness of which is very business-model dependent, should be included in this treaty.

We strongly suggest that Alternative B to Article 9 should struck down as it is in contravention of the mandate of the WIPO General Assembly to adopt a signal based approach for the development of the text of the Treaty. There cannot be any fixation or post fixation rights be given to the broadcasting organization if a signal based approach is adopted for the Treaty.
Article 10 – Limitations and Exception: The limitations and exceptions should be mandatory as well, as not balancing limitations and exceptions with the rights granted to the broadcasters would be violating the spirit of the WIPO Development Agenda.

Further, it will also in contravention of Article 3 of the Treaty in its current form. The UNESCO Convention on the Protection and Promotion of the Diversity of Cultural Expression recognizes the principles of equitable access and openness and balance. It also mandates implementation of “measures aimed at enhancing diversity of the media, including through public service broadcasting.

It is also reiterated that, reasons for providing exceptions for over broadcast rights are not the same as those for copyright. For instance, a country may wish to make exceptions to signal protection for cases such as broadcast of a national sport, as India has done with the Sports Broadcasting Signals (Mandatory Sharing with Prasar Bharati) Act. This might well afoul of the three-step test proposed in Article 7(2), especially as it says “provide for the same or further limitations or exceptions...”.

Furthermore, a country may wish to limit the application of broadcasters rights for national broadcasters (whose programming is paid for by taxpayers, and thus should be available to them), but may not be able to do so under the provisions of Article 7(2). Thus, Article 10(2) should be deleted, and Article 10(1) should be expanded to include issues of national interest and for free-to-air broadcast signals.
Article 11 – Term of Protection: As submitted earlier by CIS, it is reiterated that no term of protection should be provided. As was noted by the US government in its response to the draft non-paper, it is questionable “whether a 20-year term of protection is consistent with a signal-based approach”. The Brazilian delegation also states: “Article 13 [of the previous draft treaty] should be deleted. A twenty-year term of protection is unnecessary. The agreed “signal-based” approach to the Treaty implies that the objected of protection is the signal, and therefore duration of protection must be linked with the ephemeral life of the signal itself.” Thus, a term is only needed if we stray away from a signal-based approach. As we do not wish to do so, there should be no term of protection.
Article 12 – Protection of Encryption and Rights Management Information: From our previous submission on this issue we reiterate that, No separate right to prevent unauthorized “decryption” should be granted, since signal-theft is already a crime. For instance, this provision would also cover decrypting an unauthorized retransmission without authorization from the retransmitter. This provides the unauthorized retransmitter rights, even though s/he has no right to retransmit. This leads to an absurd situation.

As stated by the Brazilian government with respect to the April 2007 non-paper:
“[Article 10 of the draft non-paper and Article 9 of the non-paper] is inconsistent with a “signal-based approach”. It creates unwarranted obstacles to technological development, to access to legitimate uses, flexibilities and exceptions and to access to the public domain. It does not focus on securing effective protection against an illicit act, but rather creates new exclusive rights so that they cover areas unrelated with the objective of the treaty, such as control by holder of industrial production of goods, the development and use of encryption technologies, and private uses. The prohibition of mere decryption of encrypted signals, without there having been unauthorized broadcasting activity, is abusive.”

If even the provision is to be retained, it should not grant the broadcasters any rights over and above that which is otherwise granted by the law, thus the following line is over-broad: “that are not authorized by the broadcasting organizations concerned or are not permitted by law.”

For more details visit https://cis-india.org/a2k/blogs/comments-on-wipo-broadcast-treaty

Comments on the Draft Rules under the Information Technology Act

pranesh — 2011-09-21T06:13:42Z

The Centre for Internet and Society commissioned an advocate, Ananth Padmanabhan, to produce a comment on the Draft Rules that have been published by the government under the Information Technology Act. In his comments, Mr. Padmanabhan highlights the problems with each of the rules and presents specific recommendations on how they can be improved. These comments were sent to the Department of Information and Technology.

Comments on the Draft Rules under the Information Technology Act as Amended by the Information Technology (Amendment) Act, 2008

Submitted by the Centre for Internet and Society, Bangalore

Prepared by Ananth Padmanabhan, Advocate in the Madras High Court

Interception, Monitoring and Decryption

Section 69

The section says:

Where the Central Government or a State Government or any of its officer specially authorised by the Central Government or the State Government, as the case may be, in this behalf may, if satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource.
The procedure and safeguards subject to which such interception or monitoring or decryption may be carried out, shall be such as may be prescribed.
The subscriber or intermediary or any person in-charge of the computer resource shall, when called upon by any agency referred to in sub-section (1), extend all facilities and technical assistance to-

(a) provide access to or secure access to the computer resource generating transmitting, receiving or storing such information; or

(b) intercept, monitor, or decrypt the information, as the case may be; or

The subscriber or intermediary or any person who fails to assist the agency referred to in sub-section (3) shall be punished with imprisonment for a term which may extend to seven years and shall also be liable to fine.

Recommendation #1
Section 69(3) should be amended and the following proviso be inserted:

Provided that only those intermediaries with respect to any information or computer resource that is sought to be monitored, intercepted or decrypted, shall be subject to the obligations contained in this sub-section, who are, in the opinion of the appropriate authority, prima facie in control of such transmission of the information or computer resource. The nexus between the intermediary and the information or the computer resource that is sought to be intercepted, monitored or decrypted should be clearly indicated in the direction referred to in sub-section (1) of this section.

Reasons for the Recommendation
In the case of any information or computer resource, there may be more than one intermediary who is associated with such information. This is because “intermediary” is defined in section 2(w) of the amended Act as,

“with respect to any electronic record means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record, including telecom service providers, network service providers, internet service providers, webhosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes”.

The State or Central Government should not be given wide-ranging powers to enforce cooperation on the part of any such intermediary without there being a clear nexus between the information that is sought to be decrypted or monitored by the competent authority, and the control that any particular intermediary may have over such information.

To give an illustration, merely because some information may have been posted on an online portal, the computer resources in the office of the portal should not be monitored unless the portal has some concrete control over the nature of information posted in it. This has to be stipulated in the order of the Central or State Government which authorizes interception of the intermediary.

Recommendation #2
Section 69(4) should be repealed.

Reasons for the Recommendation
The closest parallels to Section 69 of the Act are the provisions in the Telegraph Rules which were brought in after the decision in PUCL v. Union of India, (1997) 1 SCC 301, famously known as the telephone tapping case.

Section 69(4) fixes tremendous liability on the intermediary for non-cooperation. This is violative of Article 14. Similar provisions in the Indian Penal Code and Code of Criminal Procedure, which demand cooperation from members of the public as regards production of documents, letters etc., and impose punishment for non-cooperation on their part, impose a maximum punishment of one month. It is bewildering why the punishment is 7 years imprisonment for an intermediary, when the only point of distinction between an intermediary under the IT Act and a member of the public under the IPC and CrPC is the difference in the media which contains the information.

Section 69(3) is akin to the duty cast upon members of the public to extend cooperation under Section 39 of the Code of Criminal Procedure by way of providing information as to commission of any offence, or the duty, when a summons is issued by the Court or the police, to produce documents under Sections 91 and 92 of the Code of Criminal Procedure. The maximum punishment for non-cooperation prescribed by the Indian Penal Code for omission to cooperate or wilful breach of summons is only a month under Sections 175 and 176 of the Indian Penal Code. Even the maximum punishment for furnishing false information to the police is only six months under Section 177 of the IPC. When this is the case with production of documents required for the purpose of trial or inquiry, it is wholly arbitrary to impose a punishment of six years in the case of intermediaries who do not extend cooperation for providing access to a computer resource which is merely apprehended as being a threat to national security etc. A mere apprehension, however reasonable it may be, should not be used to pin down a liability of such extreme nature on the intermediary.

This would also amount to a violation of Articles 19(1)(a) as well as 19(1)(g) of the Constitution, not to mention Article 20(3). To give an example, much of the information received from confidential sources by members of the press would be stored in computer resources. By coercing them, through the 7 year imprisonment threat, to allow access to this computer resource and thereby part with this information, the State is directly infringing on their right under Article 19(1)(a). Furthermore, if the “subscriber” is the accused, then section 69(4) goes against Article 20(3) by forcing the accused to bear witness against himself.

Draft Rules under Section 69

Rule 3
Directions for interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource under sub- section (2) of section 69 of the Information Technology (Amendment) Act, 2008 (hereinafter referred to as the said Act) shall not be issued except by an order made by the concerned competent authority who is Union Home Secretary in case of Government of India; the Secretary in-charge of Home Department in a State Government or Union Territory as the case may be. In unavoidable circumstances, such order may be made by an officer, not below the rank of a Joint Secretary to the Government of India, who has been duly authorised by the Union Home Secretary or by an officer equivalent to rank of Joint Secretary to Government of India duly authorised by the Secretary in-charge of Home Department in the State Government or Union Territory, as the case may be:

Provided that in emergency cases –
(i) in remote areas, where obtaining of prior directions for interception or monitoring or decryption of information is not feasible; or
(ii) for operational reasons, where obtaining of prior directions for interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource is not feasible;

the required interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource shall be carried out with the prior approval of the Head or the second senior most officer of the Security and Law Enforcement Agencies (hereinafter referred to as the said Security Agencies) at the Central Level and the officers authorised in this behalf, not below the rank of Inspector General of Police or an officer of equivalent rank, at the State and Union Territory level. The concerned competent authority, however, shall be informed of such interceptions or monitoring or decryption by the approving authority within three working days and that such interceptions or monitoring or decryption shall be got confirmed by the concerned competent authority within a period of seven working days. If the confirmation from the concerned competent authority is not received within the stipulated seven working days, such interception or monitoring or decryption shall cease and the same information shall not be intercepted or monitored or decrypted thereafter without the prior approval of the concerned competent authority, as the case may be.

Recommendation #3
In Rule 3, the following proviso may be inserted:

“Provided that in the event of cooperation by any intermediary being required for the purpose of interception, monitoring or decryption of such information as is referred to in this Rule, prior permission from a Supervisory Committee headed by a retired Judge of the Supreme Court or the High Courts shall be obtained before seeking to enforce the Order mentioned in this Rule against such intermediary.”

Reasons for the Recommendation
Section 69 and the draft rules suffer from absence of essential procedural safeguards. This has come in due to the blanket emulation of the Telegraph Rules. Additional safeguards should have been prescribed to ensure that the intermediary is put to minimum hardship when carrying on the monitoring or being granted access to a computer resource. Those are akin to a raid, in the sense that it can stop an online e-commerce portal from carrying out operations for a day or even more, thus affecting their revenue. It is therefore recommended that in any situation where cooperation from the intermediary is sought, prior judicial approval has to be taken. The Central or State Government cannot be the sole authority in such cases.

Furthermore, since access to the computer resource is required, an executive order should not suffice, and a search warrant or an equivalent which results from a judicial application of the mind (by the Supervisory Committee, for instance) should be required.

Recommendation #4
The following should be inserted after the last line in Rule 22:

The Review Committee shall also have the power to award compensation to the intermediary in cases where the intermediary has suffered loss or damage due to the actions of the competent authority while implementing the order issued under Rule 3.

Reasons for the Recommendation
The Review Committee should be given the power to award compensation to the loss suffered by the intermediary in cases where the police use equipment or software for monitoring/decryption that causes damage to the intermediary’s computer resources / networks. The Review Committee should also be given the power to award compensation in the case of monitoring directions which are later found to be frivolous or even worse, borne out of mala fide considerations. These provisions will act as a disincentive against the abuse of power contained in Section 69.

Blocking of Access to Information

Section 69A

The section provides for blocking of websites if the government is satisfied that it is in the interests of the purposes enlisted in the section. It also provides for penalty of up to seven years for intermediaries who fail to comply with the directions under this section.
The rules under this section describe the procedure which have to be followed barring which the review committee may, after due examination of the procedural defects, order an unblocking of the website.

Section 69A(3)
The intermediary who fails to comply with the direction issued under sub-section (1) shall be punished with an imprisonment for a term which may extend to seven years and also be liable to fine.

Recommendation #5
The penalty for intermediaries must be lessened.

Reasons for Recommendations
The penal provision in this section which prescribes up to seven years imprisonment and a fine on an intermediary who fails to comply with the directions so issued is also excessively harsh. Considering the fact that various mechanisms are available to escape the blocking of websites, the intermediaries must be given enough time and space to administer the block effectively and strict application of the penal provisions must be avoided in bona fide cases.

The criticism about Section 69 and the draft rules in so far as intermediary liability is concerned, will also apply mutatis mutandis to these rules as well as Section 69A.

Draft Rules under Section 69A

Rule 22: Review Committee
The Review Committee shall meet at least once in two months and record its findings whether the directions issued under Rule (16) are in accordance with the provisions of sub-section (2) of section 69A of the Act. When the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and order for unblocking of said information generated, transmitted, received, stored or hosted in a computer resource for public access.

Recommendation #6
A permanent Review Committee should be specially for the purposes of examining procedural lapses.

Reasons for Recommendation
Rule 22 provides for a review committee which shall meet a minimum of once in every two months and order for the unblocking of a site of due procedures have not been followed. This would mean that if a site is blocked, there could take up to two months for a procedural lapse to be corrected and it to be unblocked. Even a writ filed against the policing agencies for unfair blocking would probably take around the same time. Also, it could well be the case that the review committee will be overborne by cases and may fall short of time to inquire into each. Therefore, it is recommended that a permanent Review Committee be set up which will monitor procedural lapses and ensure that there is no blocking in the first place before all the due procedural requirements are met.

Monitoring and Collection of Traffic Data

Draft Rules under Section 69B

The section provides for monitoring of computer networks or resources if the Central Government is satisfied that conditions so mentioned are satisfied.

The rules provide for the manner in which the monitoring will be done, the process by which the directions for the same will be issued and the liabilities of the intermediaries and monitoring officers with respect to confidentiality of the information so monitored.

Grounds for Monitoring
Rule 4
The competent authority may issue directions for monitoring and collection of traffic data or information generated, transmitted, received or stored in any computer resource for any or all of the following purposes related to cyber security:
(a) forecasting of imminent cyber incidents;
(b) monitoring network application with traffic data or information on computer resource;
(c) identification and determination of viruses/computer contaminant;
(d) tracking cyber security breaches or cyber security incidents;
(e) tracking computer resource breaching cyber security or spreading virus/computer contaminants;
(f) identifying or tracking of any person who has contravened, or is suspected of having contravened or being likely to contravene cyber security;
(g) undertaking forensic of the concerned computer resource as a part of investigation or internal audit of information security practices in the computer resource;
(h) accessing a stored information for enforcement of any provisions of the laws relating to cyber security for the time being in force;
(i) any other matter relating to cyber security.

Rule 6
No direction for monitoring and collection of traffic data or information generated, transmitted, received or stored in any computer resource shall be given for purposes other than those specified in Rule (4).

Recommendation #7
Clauses (a), (b), (c), and (i) of Rule 4 must be repealed.

Reasons for Recommendations
The term “cyber incident” has not been defined, and “cyber security” has been provided a circular definition. Rule 6 clearly states that no direction for monitoring and collection of traffic data or information generated, transmitted, received or stored in any computer resource shall be given for purposes other than those specified in Rule 4. Therefore, it may prima facie appear that the government is trying to lay down clear and strict safeguards when it comes to monitoring at the expense of a citizens' privacy. However, Rule 4(i) allows the government to monitor if it is satisfied that it is “any matter related to cyber security”. This may well play as a ‘catch all’ clause to legalise any kind of monitoring and collection and therefore defeats the purported intention of Rule 6 of safeguarding citizen’s interests against arbitrary and groundless intrusion of privacy. Also, the question of degree of liability of the intermediaries or persons in charge of the computer resources for leak of secret and confidential information remains unanswered.

Rule 24: Disclosure of monitored data
Any monitoring or collection of traffic data or information in computer resource by the employee of an intermediary or person in-charge of computer resource or a person duly authorised by the intermediary, undertaken in course of his duty relating to the services provided by that intermediary, shall not be unlawful, if such activities are reasonably necessary for the discharge his duties as per the prevailing industry practices, in connection with :
(vi) Accessing or analysing information from a computer resource for the purpose of tracing a computer resource or any person who has contravened, or is suspected of having contravened or being likely to contravene, any provision of the Act that is likely to have an adverse impact on the services provided by the intermediary.

Recommendation #8
Safeguards must be introduced with respect to exercise of powers conferred by Rule 24(vi).

Reasons for Recommendations
Rule 24(vi) provides for access, collection and monitoring of information from a computer resource for the purposes of tracing another computer resource which has or is likely to contravened provisions of the Act and this is likely to have an adverse impact on the services provided by the intermediary. Analysis of a computer resource may reveal extremely confidential and important data, the compromise of which may cause losses worth millions. Therefore, the burden of proof for such an intrusion of privacy of the computer resource, which is first used to track another computer resource which is likely to contravene the Act, should be heavy. Also, this violation of privacy should be weighed against the benefits accruing to the intermediary. The framing of sub rules under this clearly specifying the same is recommended.

The disclosure of sensitive information by a monitoring agency for purposes of ‘general trends’ and ‘general analysis of cyber information’ is uncalled for as it dissipates information among lesser bodies that are not governed by sufficient safeguards and this could result in outright violation of citizen’s privacy.

Manner of Functioning of CERT-In

Draft Rules under Section 70B(5)

Section 70B provides for an Indian Computer Emergency Response Team (CERT-In) which shall serve as a national agency for performing duties as prescribed by clause 4 of this section in accordance to the rules as prescribed.
The rules provide for CERT-In’s authority, composition of advisory committee, constituency, functions and responsibilities, services, stakeholders, policies and procedures, modus operandi, disclosure of information and measures to deal with non compliance of orders so issued. However, there are a few issues which need to be addressed as under:

Definitions
In these Rules, unless the context otherwise requires, “Cyber security incident” means any real or suspected adverse event in relation to cyber security that violates an explicit or implied security policy resulting in unauthorized access, denial of service/ disruption, unauthorized use of a computer resource for processing or storage of information or changes to data, information without authorization.

Recommendation #9
The words ‘or implied’’ must be excluded from rule 2(g) which defines ‘cyber security incident’, and the term ‘security policy’ must be qualified to state what security policy is being referred to.

Reasons for Recommendation
“Cyber security incident” means any real or suspected adverse event in relation to cyber security that violates an explicit or implied security policy resulting in unauthorized access, denial of service/disruption, unauthorized use of a computer resource for processing or storage of information or changes to data, information without authorization.

Thus, the section defines any circumstance where an explicit or implied security policy is contravened as a ‘cyber security incident’. Without clearly stating what the security policy is, an inquiry into its contravention is against an individual’s civil rights. If an individual’s actions are to be restricted for reasons of security, then the restrictions must be expressly defined and such restrictions cannot be said to be implied.

Rule 13(4): Disclosure of Information
Save as provided in sub-rules (1), (2), (3) of rule 13, it may be necessary or expedient to so to do, for CERT-In to disclose all relevant information to the stakeholders, in the interest of sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of an offence relating to cognizable offence or enhancing cyber security in the country.

Recommendation #10
Burden of necessity for disclosure of information should be made heavier.

Reasons for the Recommendation
Rule 13(4) allows the disclosure of information by CERT-In in the interests of ‘enhancing cyber security’. This enhancement however needs to be weighed against the detriment caused to the individual and the burden of proof must be on the CERT-In to show that this was the only way of achieving the required.

Rule 19: Protection for actions taken in Good Faith
All actions of CERT-In and its staff acting on behalf of CERT-In are taken in good faith in fulfillment of its mandated roles and functions, in pursuance of the provisions of the Act or any rule, regulations or orders made thereunder. CERT-In and its staff acting on behalf of CERT-In shall not be held responsible for any unintended fallout of their actions.

Recommendation #11
CERT-In should be made liable for their negligent action and no presumption of good faith should be as such provided for.

Reasons for the Recommendation
Rule 19 provides for the protection of CERT-In members for the actions taken in ‘good faith’. It defines such actions as ‘unintended fallouts’. Clearly, if information has been called for and the same is highly confidential, then this rule bars the remedy for any leak of the same due to the negligence of the CERT-In members. This is clearly not permissible as an agency that calls for delicate information should also be held responsible for mishandling the same, intentionally or negligently. Good faith can be established if the need arises, and no presumption as to good faith needs to be provided.

Draft Rules under Section 52

These rules, entitled the “Cyber Appellate Tribunal (Salary, Allowances and Other Terms and Conditions of Service of Chairperson and Members) Rules, 2009” are meant to prescribe the framework for the independent and smooth functioning of the Cyber Appellate Tribunal. This is so because of the specific functions entrusted to this Appellate Tribunal. Under the IT Act, 2000 as amended by the IT (Amendment) Act, 2008, this Tribunal has the power to entertain appeals against orders passed by the adjudicating officer under Section 47.

Recommendation #12
Amend qualifications Information Technology (Qualification and Experience of Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003, to require judicial training and experience.

Reasons for the Recommendation
It is submitted that an examination of these rules governing the Appellate Tribunal cannot be made independent of the powers and qualifications of Adjudicating Officers who are the original authority to decide on contravention of provisions in the IT Act dealing with damage to computer system and failure to furnish information. Even as per the Information Technology (Qualification and Experience of Adjudicating Officers and Manner of Holding Enquiry) Rules, 2003, persons who did not possess judicial experience and training, such as those holding the post of Director in the Central Government, were qualified to perform functions under Section 46 and decide whether there has been unauthorized access to a computer system. This involves appreciation of evidence and is not a merely administrative function that could be carried on by any person who has basic knowledge of information technology.

Viewed from this angle, the qualifications of the Cyber Appellate Tribunal members should have been made much tighter as per the new draft rules. The above rules when read with Section 50 of the IT Act, as amended in 2008, do not say anything about the qualification of the technical members apart from the fact that such person shall not be appointed as a Member, unless he is, or has been, in the service of the Central Government or a State Government, and has held the post of Additional Secretary or Joint Secretary or any equivalent post. Though special knowledge of, and professional experience in, information technology, telecommunication, industry, management or consumer affairs, has been prescribed in the Act as a requirement for any technical member.

Draft Rules under Section 54

These Rules do not suffer any defect and provide for a fair and reasonable enquiry in so far as allegations made against the Chairperson or the members of the Cyber Appellate Tribunal are concerned.

Penal Provisions

Section 66A

Any person who sends, by means of a computer resource or a communication device,
    (a) any information that is grossly offensive or has menacing character; or
    (b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device,
    (c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages,
shall be punishable with imprisonment for a term which may extend to three years and with fine.
Sec. 32 of the 2008 Act inserts Sec. 66A which provides for penal measures for mala fide use of electronic resources to send information detrimental to the receiver. For the section to be attracted the ‘information’ needs to be grossly offensive, menacing, etc. and the sender needs to have known it to be false.

While the intention of the section – to prevent activities such as spam-sending – might be sound and even desirable, there is still a strong argument to be made that words is submitted that the use of words such as ‘annoyance’ and ‘inconvenience’ (in s.66A(c)) are highly problematic. Further, something can be grossly offensive without touching upon any of the conditions laid down in Article 19(2). Without satisfying the conditions of Article 19(2), this provision would be ultra vires the Constitution.

Recommendation #13
The section should be amended and words which lead to ambiguity must be excluded.

Reasons for the Recommendation
A clearer phrasing as to what exactly could convey ‘ill will’ or cause annoyance in the electronic forms needs to be clarified. It is possible in some electronic forms for the receiver to know the content of the information. In such circumstances, if such a possibility is ignored and annoyance does occur, is the sender still liable? Keeping in mind the complexity of use of electronic modes of transmitting information, it can be said that several such conditions arise which the section has vaguely covered. Therefore, a stricter and more clinical approach is necessary.

Recommendation #14
A proviso should be inserted to this section providing for specific exceptions to the offence contained in this section for reasons such as fair comment, truth, criticism of actions of public officials etc.

Reasons for the Recommendation
The major problem with Section 66A lies in clause (c) as per which any electronic mail or electronic mail message sent with the purpose of causing annoyance or inconvenience is covered within the ambit of offensive messages. This does not pay heed to the fact that even a valid and true criticism of the actions of an individual, when brought to his notice, can amount to annoyance. Indeed, it may be brought to his attention with the sole purpose of causing annoyance to him. When interpreting the Information Technology Act, it is to be kept in mind that the offences created under this Act should not go beyond those prescribed in the Indian Penal Code except where there is a wholly new activity or conduct, such as hacking for instance, which is sought to be criminalized.

Offensive messages have been criminalized in the Indian Penal Code subject to the conditions specified in Chapter XXII being present. It is not an offence to verbally insult or annoy someone without anything more being done such as a threat to commit an offence, etc. When this is the case with verbal communications, there is no reason to make an exception for those made through the electronic medium and bring any electronic mail or message sent with the purpose of causing annoyance or inconvenience within the purview of an offensive message.

Section 66F

The definition of cyber-terrorism under this provision is too wide and can cover several activities which are not actually of a “terrorist” character.
Section 66F(1)(B) is particularly harsh and goes much beyond acts of “terrorism” to include various other activities within its purview. As per this provision,
“[w]hoever knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons for the security of the State or foreign relations, or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or is likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism.”

This provision suffers from several defects and hence ought to be repealed.

Recommendation #15
Section 66F(1)(B) has to be repealed or suitably amended to water down the excessively harsh operation of this provision. The restrictive nature of the information that is unauthorisedly accessed must be confined to those that are restricted on grounds of security of the State or foreign relations. The use to which such information may be put should again be confined to injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order. A mere advantage to a foreign nation cannot render the act of unauthorized access one of cyber-terrorism as long as such advantage is not injurious or harmful in any manner to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order. A mens rea requirement should also be introduced whereby mere knowledge that the information which is unauthorisedly accessed can be put to such uses as given in this provision should not suffice for the unauthorised access to amount to cyber-terrorism. The unauthorised access should be with the intention to put such information to this use. The amended provision would read as follows:

“[w]hoever knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons for the security of the State or foreign relations, with the intention that such information, data or computer database so obtained may be used to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order, commits the offence of cyber terrorism.”

Reasons for the Recommendation
The ambit of this provision goes much beyond information, data or computer database which is restricted only on grounds of security of the State or foreign relations and extends to “any restricted information, data or computer database”. This expression covers any government file which is marked as confidential or saved in a computer used exclusively by the government. It also covers any file saved in a computer exclusively used by a private corporation or enterprise. Even the use to which such information can be put need not be confined to those that cause or are likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, or friendly relations with foreign States. Information or data which is defamatory, amounting to contempt of court, or against decency / morality, are all covered within the scope of this provision. This goes way beyond the idea of a terrorist activity and poses serious questions. While there is no one globally accepted definition of cyberterrorism, it is tough to conceive of slander as a terrorist activity.

To give an illustration, if a journalist managed to unauthorisedly break into a restricted database, even one owned by a private corporation, and stumbled upon information that is defamatory in character, he would have committed an act of “cyber-terrorism.” Various kinds of information pertaining to corruption in the judiciary may be precluded from being unauthorisedly accessed on the ground that such information may be put to use for committing contempt of court. Any person who gains such access would again qualify as a cyber-terrorist. The factual situations are numerous where this provision can be put to gross misuse with the ulterior motive of muzzling dissent or freezing access to information that may be restricted in nature but nonetheless have a bearing on probity in public life etc. It is therefore imperative that this provision may be toned down as recommended above.

For more details visit https://cis-india.org/internet-governance/blog/comments-draft-rules

Comments on the draft National Data Sharing and Accessibility Policy

pranesh — 2011-08-24T06:32:55Z

A draft of the 'National Data Sharing and Accessibility Policy', which some hope will be the open data policy of India, was made available for public comments in early May. This is what the Centre for Internet and Society submitted.

These are the comments that we at the Centre for Internet and Society submitted to the National Spatial Data Infrastructure on the draft National Data Sharing and Accessibility Policy.

Comments on the National Data Sharing and Accessibility Policy by the Centre for Internet and Society

We would like to begin by noting our appreciation for the forward-thinking nature of the government that is displayed by its pursuit of a policy on sharing of governmental data and enabling its use by citizens. We believe such a policy is a necessity in all administratively and technologically mature democracies. In particular, we applaud the efforts to make this applicable through a negative list of data that shall not be shared rather than a positive list of data that shall be shared, hence making sharing the default position. However, we believe that there are many ways in which this policy can be made even better than it already is.

1. Name

We believe that nomenclature of the policy must accurately reflect both the content of the policy as well as prevailing usage of terms. Given that 'accessibility' is generally used to mean accessibility for persons with disabilities, it is advisable to change the name of the policy.

Recommendation:

A. We would recommend calling this the "National Open Data Policy" to reflect the nomenclature already established for similar policies in other nations like the UK. In the alternative, it could be called a "National Public Sector Information Reuse Policy". If neither of those are acceptable, then it could be re-titled the "National Data Sharing and Access Policy".

2. Scope and Enforceability

It is unclear from the policy what all departments it covers, and whether it is enforceable.

Recommendation:

A. This policy should cover the same scope as the Right to Information (RTI) Act: all 'public authorities' as defined under the RTI Act should be covered by this policy.

B. Its enforceability should be made clear by including provisions on consequences of non-compliance.

3. Categorization

The rationale for the three-fold categorization is unclear. In particular, it is unclear why the category of 'registered access' exists, and on what basis the categorization into 'open access' and 'registered access' is to be done. If the purpose of registration is to track usage, there are many better ways of doing so without requiring registration.

Recommendation:

A. Having three categories of:

Open data
Partially restricted data
Restricted data

B. Data that is classified as non-shareable (as per a reading of s.8 and s.9 of RTI Act as informed by the decisions of the Central Information Commission) should be classified as ‘restricted’.

C. The rationale for classifying data as 'open' or 'partially restricted' should be how the data collection body is funded. If it depends primarily on public funds, then the data it outputs should necessarily be made fully open. If it is funded primarily through private fees, then the data may be classified as 'partially restricted'. 'Partially restricted' data may be restricted for non-commercial usage, with registration and/or a licence being required for commercial usage.

4. Licence

No licence has been prescribed in the policy for the data. Despite India not allowing for database rights, it still allows for copyright over original literary works, which includes original databases. All governmental works are copyrighted by default in India, just as they are in the UK. To ensure that this policy goes beyond merely providing access to data to ensure that people are able to use that data, it must provide for a conducive copyright licence.

Recommendation:

A. The licence that has been created by the UK government (another country in which all governmental works are copyrighted by default) may be referred to: http://www.nationalarchives.gov.uk/doc/open-government-licence/

B. However, the UK needed to draft its own licence because the concept of database rights are recognized in the EU, which is not an issue here in India. Thus, it would be preferable to use the Open Data Commons - Attribution licence:

http://www.opendatacommons.org/licenses/by/

The UK licence is compatible with both the above-mentioned licence as well as with the Creative Commons - Attribution licence, and includes many aspects that are common with Indian law, e.g., bits on usage of governmental emblems, etc.

5. Integrity of the data

Currently, there is no way of ensuring that the data that is put out by the data provider is indeed the data that has been downloaded by a citizen.

Recommendation:

It is imperative to require data providers to provide integrity checks (via an MD5 hash of the data files, for instance) to ensure that technological corruption of the data can be detected.

6. Authenticity of the data

Currently, there is no way of ensuring that the data that is put out by the data provider indeed comes from the data provider.

Recommendation:

It is preferable to require data providers to authenticate the data by using a digital signature.

7. Archival and versioning

The policy is silent on how long data must be made available.

Recommendation:

There must be a system of archival that is prescribed to enable citizens to access older data. Further, a versioning and nomenclature system is required alongside the metadata to ensure that citizens know the period that the data pertains to, and have access to the latest data by default.

8. Open standards

While the document does mention standards-compliance, it is preferable to require open standards to the greatest extent possible, and require that the data that is put out be compliant with the Interoperability Framework for e-Governance (IFEG) that the government is currently in the process of drafting and finalizing.

Recommendation:

A. The policy should reference the National Open Standards Policy that was finalised by the Department of Information Technology in November 2010, as well as to the IFEG.

B. The data should be made available, insofar as possible, in structured documents with semantic markup, which allows for intelligent querying of the content of the document itself. Before settling upon a usage-specific semantic markup schema, well-established XML schemas should be examined for their suitability and used wherever appropriate. It must be ensured that the metadata are also in a standardized and documented format.

9. Citizen interaction

One of the most notable failings of other governments' data stores has been the fact that they don't have adequate interaction with the citizen projects that emerge from that data. For instance, it is sometimes seen that citizens may point out flaws in the data put out by the government. At other times, citizens may create very useful and interesting projects on the basis of the data made public by the government.

Recommendation:

A. The government's primary datastore (data.gov.in) should catalogue such citizen projects, including open and documented APIs that the have been made available for easy access to that data.

B. Additionally the primary datastore should act as a conduit for citizen's comments and corrections to the data provider. Data providers should be required to take efforts to keep the data up-to-date.

C. Multiple forms of access should preferably be provided to data, to allow non-technical users interactive use of the data through the Web.

10. Principles, including 'Protection of Intellectual Property'

It is unclear why ‘protection of intellectual property’ is one of the guiding principles of this policy. Only those ideals which are promoted by this policy should be designated as ‘principles’. This policy, insofar as we can see, has no relation whatsoever with protection of intellectual property. The government is not seeking to enforce copyright over the data through this policy. Indeed, it is seeking to encourage the use of public data. Indeed, the RTI Act makes it clear in s.9 that government copyright shall not act as a barrier to access to information.

Given that, it makes no sense to include ‘protection of intellectual property’ amongst the principles guiding this policy. Further, there are some other principles that may be removed without affecting the purpose or aim of this document: ‘legal conformity’ (this is a given since a policy wouldn’t wish to violate laws); ‘formal responsibility’ (‘accountability’ encapsulates this); ‘professionalism’ (‘accountability’ encapsulates this); ‘security’ (this policy isn’t about promoting security, though it needs to take into account security concerns).

Recommendation:

A. Remove ‘protection of intellectual property’, ‘legal conformity’, ‘formal responsibility’, ‘professionalism’, and ‘security’ from the list of principles in para 1.2.

For more details visit https://cis-india.org/openness/blog-old/draft-ndsap-comments

Comments on the DoT Panel Report via MyGov

pranesh — 2015-09-26T10:16:44Z

On behalf of the Centre for Internet and Society, I must commend the Department of Telecom Panel on its report. Overall, it displays a far better understanding of the underlying issues than the TRAI consultation paper did, and is overall a good effort at balancing the different sides. However, some of its most important recommendations are completely off-mark and would be disastrous if accepted by the government.

It is praiseworthy that the panel emphasizes the separation in regulatory terms between the network layer and the service layer. This also means that telecom carriers should be regulated differently from OTT services.

Licensing of Communication OTT Services

The proposal by the DoT panel of a licensing regime for communication OTT services is a terrible idea. It would presumptively hold all licence non-holders to be unlawful, and that should not be the case; as the panel itself notes, apps that lower the cost of communication are a welcome development and should be encouraged by the government and not made presumptively unlawful.

While it is in India's national interest to want to hold VoIP services to account if they do not follow legitimate regulations, it is far better to do this through ex-post regulations rather than an ex-ante licensing scheme.

A licensing scheme would benefit Indian VoIP companies (including services like Hike, which Airtel has invested in) over foreign companies like Viber, or free/open source technologies like WebRTC. The Universal Licence is designed for a world where all the licencees have an operational presence in India. This is not true of communications OTT services. Therefore a licensing regime would unjustly favour some services over others.

Further, VoIP services need not be provided by a company: a person can choose to run XMPP, SIP, or Mumble — all of which are protocol that support VoIP — on their own computers. Will a licensing regime force such individuals' many of whom may not be Indian nationals — to become licence-holders if they facilitate domestic communications within India? The DoT panel report doesn't say. This would also result in a licensing regime unjustly favouring some services over others.

The report also doesn't say how one would distinguish between OTT communication services and OTT application services, when many apps such as personal assistance apps like HelpChat, are centred around communications. It also does not mention what regulatory distinction exists between text communication services and video/voice communication services, or between purely domestic and international video/voice communications. Stating that certain telecom companies are currently earning most of their revenue from domestic voice traffic will not suffice as a regulatory, just as it did not suffice to say that VSNL's international telephony monopoly earned it a lot of money. Regulatory fairness is the important issue and not protecting specific business models. Thus, there is no rational distinction to be drawn. Even if the panel has some regulatory distinction that it has not stated, this is an impossibility to enforce. Much domestic IP traffic is 'round-tripped', with traffic leaving India and coming back in. How would the regulator propose to regulate that?

Will there be a revenue-sharing mechanism, as is currently the case under the Unified Licence? If so, how will it be calculated in case of services like WhatsApp? These questions too find no answer in the report.

Given these numerous objections and unanswered questions, the government would be well-advised not seek to license OTT communications services. Instead, it would be useful for the government to hold public consultations about:

1. What Universal Licence conditions makes sense in the world of IP-based services, and international services?
2. How can we frame ex-post regulations that address legitimate concerns? Is there overlap with provisions of the IT Act such as s.69, s.69B, s.79, and others?
3. How can we ensure that the regulatory burden for telecom players with respect to their being able to provide IP-based services that are equivalent to OTT communication services?

Net neutrality

While the DoT panel reiterates a number of times that the core principles of Net neutrality should be adhered to, it nowhere defines what these core tenets are. We suggest the following definition:

net neutrality is the principle that we should regulate gatekeepers to ensure they do not use their power to unjustly discriminate between similarly situated persons, content or traffic.

The above definition applies to the way the ISPs treat consumers, treat interconnecting networks, as well as the way they treat traffic internally.
We agree with the panel that in that while Net neutrality should find place in a new law, for the time being Net neutrality principles can be enforced through the licence agreement between the DoT and telecom providers.

Traffic Management

It is unclear what precisely the DoT panel means by "application-agnostic" and "application-specific" network management. Different scholars on this issue — such as Barbara van Schewick and Christopher Yoo — mean different things when they use the word "application". Without a definition, it is difficult to say whether the panel's recommendation on that front are sound.
Instead, we suggest the following tests:
Discrimination between classes of traffic for the sake of network management should only be permissible if:

there is an intelligible differentia between the classes which are to be treated differently, and
there is a rational nexus between the differential treatment and the aim of such differentiation, and
the aim sought to be furthered is legitimate, and is related to the security, stability, or efficient functioning of the network, or is a technical limitation outside the control of the ISP, and
the network management practice is the least harmful manner in which to achieve the aim.

As for the provision of enterprise and managed services, which we more broadly term "specialized services", we would recommend:

Provision of specialized services is permitted if and only if it is shown that
The service is available to the user only upon request, and not without their active choice, and
The service cannot be reasonably provided with "best efforts" delivery guarantee that is available over the Internet, and hence requires discriminatory treatment, or
The discriminatory treatment does not unduly harm the provision of the rest of the Internet to other customers.

Lastly, we would recommend that the above regulatory guidlines only be applied against ISPs, and not against public providers of Internet connectivity, such as a library, a school, an airport, a hotel, etc.

Zero-rating

On the contentious issue of zero-rating, a process that involves both ex-ante and ex-post regulation is envisaged to prevent harmful zero-rating, while allowing beneficial zero-rating. Further, the report notes that the supposed altruistic or "public interest" motives of the zero-rating scheme do not matter if they result in harm to competition, distort consumer markets, violate the core tenets of Net neutrality, or unduly benefit an Internet "gatekeeper".

Much of the discussion around zero-rating has been happening around an assumption of common understanding of the phrase. Unfortunately, that is not true. There is no consensus as to whether a "special Facebok pack of 200MB for Rs.20" offered by a telecom company constitutes zero-rating or not. Without a working definition of zero-rating, not much progress can be made.

We propose the following as a definition:

Zero-rating is the practice of not counting (aka "zero-rating") certain traffic towards a subscriber's regular Internet usage.

The zero-rated traffic could be zero-priced or fixed-price; capped or uncapped; subscriber-paid, Internet service-paid, paid for by both, or unpaid; content- or source/destination-based, or agnostic to content or source/destination; automatically provided by the ISP or chosen by the customer.

We believe that zero-rating can be non-discriminatory in nature, and such zero-rating should not be prohibited. Having a system with both ex-ante and ex-post checks is rather heavy-handed regulation, but since the issue is very contentious in India, we believe it might be merited.

We thank you for giving us this opportunity to comment.
Pranesh Prakash, Policy Director at the Centre for Internet and Society

For more details visit https://cis-india.org/telecom/blog/comments-on-dot-panel-report-via-mygov

Comments on Technical Standards for Interoperability Framework for E-Governance in India (Phase II)

pranesh — 2012-02-29T09:44:07Z

The e-Governance Standards Division has called for public comments on the draft of the Technical Standards IFEG Phase II. We from the Centre for Internet and Society have given our comments.

The present document is — as the draft IFEG Phase I document was — an excellent step in the right direction, following very ably the policy guidelines laid down in the National Policy on Open Standards for e-Governance.

The Expert Committee and other contributors have made excellent choices as to the 29 standards that have been laid down in this phase of the IFEG. It is praiseworthy that the majority of these (20) are designated as mandatory, and only nine are designated as interim standards. Furthermore, the system has been quite transparent with the selection of standards, providing concise descriptions for each.

That said, the document could be improved by providing greater detail for those standards which are said to violate the National Open Standards Policy. In the current document, every interim standard is said to violate “clause 2”, rather than providing the more specific details (sub-clause, one-line explanation) about the violation.

It is unfortunate that yet again accessibility-related standards have been passed over in the presentation and archival domain.

As we have mentioned in earlier feedback, many other governmental interoperability frameworks are going beyond merely listing technical standards. Some governments, such as Germany and the EU, go beyond technical interoperability, and also have documents dealing with organizational, informational, and legal interoperability. These are equally important components of an interoperability framework. Other governments also also lay down best practice guides, and other aids to implementation, sometimes even including application recommendations. Further, there are many which lay out standards for the the semantic layer, business services layer, etc.

We at the Centre for Internet and Society are currently advising the government of Iraq on development of their e-Governance Interoperability Framework, and would be glad to extend any support that the Department of IT may require of us, including comments on all further phases.

Section-specific Comments

Section 5.2.8

It is unclear whether by IEEE 802.11-2007, the base version is being referred to or the amended version, since IEEE 802.11-2007 has been amended by IEEE 802.11n-2009 to include the IEEE 802.11n standard. As IEEE 802.11n has also become an established standard, it is suggested that section 5.2.28 make it clear that the amended standard is being referred to.

Section 5.2.13

It is recommended that IMAP v4rev1 (IETF RFC 3501, updated by RFCs 4466, 4469, 4551, 5032, 5182, 5738, 6186, supplemented by RFCs 2177, 4550) be used instead of POP3 (IETF RFC 1939). It is critical that governmental messages be preserved on government servers, and should not simply be downloaded and then deleted as is the default with POP3 implementations. IMAP allows for downloading and offline access to mails as well. Any deletion on the server from the client would be recorded in the server logs, hence allowing for transparency. Given this, and the more advanced features available in IMAP, it should be preferred to POP3. In other government interoperability frameworks where an e-mail access protocol is specified, including those of Germany, Malaysia, and Hong Kong, IMAP is provided as a standard and never is POP3 provided as the sole standard.

Section 5.2.15

SAML 2.0 is a standard for exchanging authentication and authorization data between security domains, and is not a ‘Wireless LAN Authentication’ standard. Indeed, section 5.2.8 (IEEE 802.11-2007) talks about ‘Wireless LAN Security’.

Section 5.2.23

WML v1.3, as noted, is a declining standard that is deprecated due to the recommendation by W3C of XHTML Basic v1.1. If it is at all included, it should be included not as “Mandatory – Watchlist”, but as “Additional Standard”, as it is a direct competitor to XHTML Basic v1.1.

For more details visit https://cis-india.org/openness/interoperability-framework-for-e-governance

Comment by CIS at ACE on Presentation on French Charter on the Fight against Cyber-Counterfeiting

pranesh — 2011-12-01T11:59:45Z

The seventh session of the World Intellectual Property Organization's Advisory Committee on Enforcement is being held in Geneva on November 30 and December 1, 2011. Pranesh Prakash responded to a presentation by Prof. Pierre Sirinelli of the École de droit de la Sorbonne, Université Paris 1 on 'The French Charter on the Fight against Cyber-Counterfeiting of December 16, 2009' with this comment.

Thank you, Chair. I speak on behalf of the Centre for Internet and Society. First, I would like to congratulate you on your re-election.

And I would like to congratulate Prof. Sirenelli on his excellent presentation.

I would like to flag a few points, though:

One of the benefits of normal laws, as opposed to the soft/plastic laws, which he champions, is that normal laws are bound by procedures established by law, due process requirements, and principles of natural justice. Unfortunately, the soft/plastic laws, which in essence are private agreements, are not.
The report of the UN Special Rapporteur on the Freedom of Expression and Opinion made it clear in his report to the UN Human Rights Council that the Internet is now an intergral part of citizens exercising their right of freedom of speech under national constitutions and under the Universal Declaration of Human Rights. That report highlights that many initiatives on copyright infringement, including that of the French government with HADOPI and the UK, actually contravene the Universal Declaration of Human Rights
The right of privacy is also flagged by many as something that will have to be compromised if such private enforcement of copyright is encouraged.

I'd like to know Prof. Sirinelli's views on these three issues: due process, right of freedom of speech, and the right to privacy.

For more details visit https://cis-india.org/a2k/blogs/ace-7-french-charter-cis-comment

Co-organisers

pranesh — 2008-10-01T13:56:24Z

These organisations are involved in organizing the event, in funding it, or just as a partner organisation wishing to share the platform. Some of them are tentatively being included in this list as their involvement is hoped for.

Centre for Internet and Society, Bangalore
Free Software Users Group, Bangalore
Free Software Foundation of India, Mumbai
Society For Promotion of Alternative Computing and Employment, Trivandrum
IT for Change, Bangalore
Alternative Law Forum, Bangalore
Delhi Science Forum, Delhi
Movingrepublic, Kerala
Sarai/CSDS, Delhi
OpenSpace, Bangalore
Swathanthra Malayalam Computing, Kerala
Servelots - Janastu, Bangalore
Mahiti, Bangalore
DeepRoot Linux, Bangalore
Wiki Ocean, Pune [TBC]
Turtle Linux Lab, Bangalore
Zyxware Technologies, Trivandrum
INSAF (Indian Social Action Forum)
Aneka, Bangalore

For more details visit https://cis-india.org/openness/publications/software-patents/co-organisers

Clearing Misconceptions: What the DoT Panel Report on Net Neutrality Says (and Doesn't)

pranesh — 2015-07-21T12:36:26Z

There have been many misconceptions about what the DoT Panel Report on Net Neutrality says: the most popular ones being that they have recommended higher charges for services like WhatsApp and Viber, and that the report is an anti-Net neutrality report masquerading as a pro-Net neutrality report. Pranesh Prakash clears up these and other incorrect notions about the report in this brief analysis.

Background of the DoT panel

In January 2015, the Department of Telecommunication (DoT) formed a panel to look into "net neutrality from public policy objective, its advantages and limitations," as well the impact of a "regulated telecom services sector and unregulated content and applications sector". After spending a few months collecting both oral and written testimony from a number of players in this debate, and analysing it, on July 16 that panel submitted its report to the DoT and released it to the public for comments (till August 15, 2015). At the same time, independently, the Telecom Regulatory Authority of India (TRAI) is also considering the same set of issues. TRAI received more than a million responses in response to its consultation paper — the most TRAI has ever received on any topic — the vast majority of of them thanks in part to the great work of the Save the Internet campaign. TRAI is yet to submit its recommendations to the DoT. Once those recommendations are in, the DoT will have to take its call on how to go ahead with these two sets of issues: regulation of certain Internet-based communications services, and net neutrality.

Summary of the DoT panel report

The DoT panel had the tough job of synthesising the feedback from dozens of people and organizations. In this, they have done an acceptable job. Although, in multiple places, the panel has wrongly summarised the opinions of the "civil society" deponents: I was one of the deponents on the day that civil society actors presented their oral submissions, so I know. For instance, the panel report notes in 4.2.9.c that "According to civil society, competing applications like voice OTT services were eroding revenues of the government and the TSPs, creating security and privacy concerns, causing direct as well as indirect losses." I do not recall that being the main thrust of any civil society participant's submission before the panel. That having been said, one might still legitimately claim that none of these or other mistakes (which include errors like "emergency" instead of "emergence", "Tim Burners Lee" instead of "Tim Berners-Lee", etc.) are such that they have radically altered the report's analysis or recommendations.

The report makes some very important points that are worth noting, which can be broken into two broad headings:

On governmental regulation of OTTs

Internet-based (i.e., over-the-top, or "OTT") communications services (like WhatsApp, Viber, and the like) are currently taking advantage of "regulatory arbitrage": meaning that the regulations that apply to non-IP communications services and IP communications services are different. Under the current "unified licence" regime, WhatsApp, Viber, and other such services don't have to get a licence from the government, don't have to abide by anti-spam Do-Not-Disturb regulations, do not have to share any part of their revenue with the government, do not have to abide by national security terms in the licence, and in general are treated differently from other telecom services. The report wishes to bring these within a licensing regime.
The report distinguishes between Internet-based voice calls (voice over IP, or VoIP) and messaging services, and doesn't wish to interfere with the latter. It also distinguishes between domestic and international VoIP calls, and believes only the former need regulation. It is unclear on what bases these distinctions are made.
OTT "application services" do not need special telecom-oriented regulation.
There should a separation in regulatory terms between the network layer and the service layer. While this doesn't mean much in the short-term for Net neutrality, it will be very important in the long-term for ICT regulation, and is very welcome.

On Net neutrality

The core principles of Net neutrality — which are undefined in the report, though definitions proposed in submissions they've received are quoted — should be adhered to. In the long-run, these should find place in a new law, but for the time being they can be enforced through the licence agreement between the DoT and telecom providers.
On the contentious issue of zero-rating, a process that involves both ex-ante and ex-post regulation is envisaged to prevent harmful zero-rating, while allowing beneficial zero-rating. Further, the report notes that the supposed altruistic or "public interest" motives of the zero-rating scheme do not matter if they result in harm to competition, distort consumer markets, violate the core tenets of Net neutrality, or unduly benefit an Internet "gatekeeper".

Where does the DoT panel report go wrong?

The proposal by the DoT panel of a licensing regime for VoIP services is a terrible idea. It would presumptively hold all licence non-holders to be unlawful, and that should not be the case. While it is in India's national interest to want to hold VoIP services to account if they do not follow legitimate regulations, it is far better to do this through ex-post regulations rather than an ex-ante licensing scheme. A licensing scheme would benefit Indian VoIP companies (including services like Hike, which Airtel has invested in) over foreign companies like Viber. The report also doesn't say how one would distinguish between OTT communication services and OTT application services, when many apps such as food ordering apps, including text chat facilities. Further, VoIP need not be provided by a company: I run my own XMPP servers, which is a protocol used for both text and video/voice. Will a licensing regime force me to become a licence-holder or will it set a high bar? The DoT panel report doesn't say. Will there be a revenue-sharing mechanism, as is currently the case under the Unified Licence? If so, how will it be calculated in case of services like WhatsApp? These questions too find no answer in the report. All in all, this part of the report's analysis is found to be sadly wanting.
Many important terms are left undefined, and many distinctions that the report draws are left unexplained. For instance, it is unclear on what regulatory basis the report distinguishes between domestic and international VoIP calls — which is an unenforceable (not to mention regulatorily unimportant) distinction — or between regulation of messaging services and VoIP services, or what precisely they mean by "application-agnostic" and "application-specific" network management (since different scholars on this issue mean different things when they say "application").

What does the DoT panel report mean for consumers?

Not too much currently, since the DoT panel report is still just a set of recommendations by an expert body based on (invited) public consultations.
Does it uphold Net neutrality? The DoT panel report is clear that they strongly endorse the "core principles of Net neutrality". On the issue of "zero-rating", the panel proposes some sound measures, saying that there should be a two-part mechanism for ensuring that harmful zero-rating doesn't go through: First, telecom services need to submit zero-rating tariff proposals to an expert body constituted by DoT; and second consumers will be able to complain about the harmful usage of zero-rating by any service provider, which may result in a fine. What constitutes harm / violation of Net neutrality? The panel suggests that any tariff scheme that may harm competition, distorts the consumer market, or violates the core principles of Net neutrality is harmful. This makes sense.
Will it increase cost of access to WhatsApp and Viber? Well, one the one hand, zero-rating of those services could decrease the cost of access to WhatsApp and Viber, but that might not be allowed if the DoT panel recommendations are accepted, since that would possibly be judged to harm competition and distort the consumer markets. The DoT panel has also recommended bringing such services within a licensing framework to bridge the "regulatory arbitrage" that they are able benefit from (meaning that these services don't have to abide by many regulations that a telecom provider has to follow). Whether this will lead to WhatsApp and similar services charging depends on what kinds of regulations are placed on them, and if any costs are imposed on them. If the government decides to take the approach they took to ISPs in the late 90s (essentially, charging them Re. 1 as the licence fee), doesn't impose any revenue sharing (as they currently require of all telecom services), etc., then there needn't be any overly burdensome costs that WhatsApp-like services will need to pass on to consumers.

What misunderstandings do people have?

There are multiple news reports that the DoT panel has recommended increased charges for domestic VoIP calls, or that ISPs will now be able to double-charge. Both of these are untrue. The DoT panel's recommendations are about "regulatory arbitrage" and licensing, which need not be related to cost.
There is a fear that the exception from net neutrality of "managed services and enterprise services" is a "loophole", or that exceptions for "emergency services" and "desirable public or government services" are too vague and carry the potential of misuse. If one goes by the examples that the panel cites of managed services (e.g., services an ISP provides for a private company separately from the rest of the Internet, etc.), these fear seems largely misplaced. We must also realize the the panel report is a report, and not legislation, and the rationale for wanting exemptions from Net neutrality are clear.
The DoT panel has given the go-ahead for zero-rating. Once again, this is untrue. The panel cites instances of zero-rating that aren't discriminatory, violative of Net neutrality and don't harm competition or distort consumer markets (such as zero-rating of all Internet traffic for a limited time period). Then it goes on to state that the regulator should not allow zero-rating that violates the core principles of Net neutrality.

What's missing in the Net neutrality debate is nuance. It's become a debate in which you are either for Net neutrality or against it. However, none of the underlying components of Net neutrality — a complex mix of competition policy, innovation policy, the right to freedom of expression, etc. — are absolutes; therefore, it is clear that Net neutrality cannot be an absolute either.

For more details visit https://cis-india.org/internet-governance/blog/clearing-misconceptions-dot-panel-net-neutrality

Civil Society Letter Against TRIPS-Plus IP Enforcement

pranesh — 2011-09-22T12:48:51Z

This open letter was sent to the president of Confederation of Indian Industry (CII) and high-level government officials on the eve of the Third International Conference on Counterfeiting & Piracy organized by CII. This conference aims to strengthen the enforcement of intellectual property rights and thus creating an imbalance in the protection that intellectual property offers to both those who own it as well as those who don't.

An Open Letter to the President of Confederation of Indian Industry (CII) on the Third International Conference on Counterfeiting & Piracy

To
Mr. Venu Srinivasan
The President
Confederation of Indian Industry (CII)
The Mantosh Sondhi Centre, 23,
Institutional Area, Lodi Road
New Delhi - 110 003

Dear Mr. Srinivasan,

We understand that Confederation of Indian Industry (CII) is hosting the Third International Conference on Counterfeiting and Piracy from 19-20th August 2009 in partnership with the Embassy of the United States and the Quality Brand Protection Committee (QBPC), China. As stated in the invitation letter the primary objectives of the conference are: 1) to initiate coordinated action for cross border enforcement; 2) to highlight the importance of protection of intellectual property rights (IPRs); 3) to combat the growing threat of piracy and counterfeiting; 4) to facilitate a global meeting of customs officials across the globe; 5) to recommend the creation and setting up of a governmental “National Brand Protection” group; 6) to serve as a forum to discuss legal guidelines related to the prosecution of IPR infringement and to eliminate ‘loopholes’ within the existing laws; and 7) to strengthen cooperation between enforcement agencies and chalk out strategies for enforcement agencies a industry action both at national & international level. We also understand that this international conference is part of CII Intellectual Property Division’s special initiative on enforcement of IPRs. As part of this special initiative CII aims at “engaging government to create conducive legislative measures, policy levels reform and impressing [upon them] to adopt stringent enforcement initiatives and exemplary punitive and monetary measures to further safeguard and secure the interest of industry”. CII also wants to “create a global partnership to synergise efforts of international community and to support and participate in India's efforts in combating counterfeiting both at domestic and international levels”. We, the undersigned, representing various civil society organizations in India, write this letter to express our strong reservation on the conference as well as on CII’s special initiative on IP enforcement. Without raising any question on CII’s right to organize events we would like to convey the following concerns with regard to the conference and CII’s initiative on IP enforcement.

Many of the above mentioned objectives of the conference and the special initiative are directed towards the enhancement of intellectual property (IP) standards like coordinated action on border measures, common guidelines for prosecution of IP infringement, exemplary punitive and monetary measures, etc. In other words, enhancement of IP standards means using more public money to protect private rights; very often protecting the monopoly over intangible property rights of multi-national corporations (MNCs).

As you may be aware, MNCs and their developed country hosts are currently engaged in the implementation of a multi-pronged strategy to enhance IP enforcement standards.[1] This is similar to the MNC’s initiatives in the mid 80s to enhance international IP protection, which resulted in the Agreement on Trade-Related aspects of Intellectual Property Rights (TRIPS). Unlike the 80s, now MNCs and developed countries use multiple forums to pursue the objective of enhancement of IP enforcement standards. Some developed countries have unilaterally enhanced their IP enforcement strategy to force other countries, especially developing countries, to accept the same through various multilateral organizations, namely the World Customs Organization (WCO), World Health Organization (WHO), Universal Postal Union (UPU), Interpol, WIPO and WTO. Developed countries are also using Free Trade Agreements (FTAs), Bilateral Agreements on IP Enforcements as well as financing lobbyist studies, conferences and policy recommendations to impose higher IP enforcement standards. These efforts for the enhancement of IP enforcement standards are a matter of grave concern for the people of developing countries and their governments. By partnering with the US Embassy and Quality Brand Protection Committee of China (QBPC)[2] in the organization of this conference, CII is allowing itself to play in the hands of MNCs and some developed countries, whose interests do not match with that of India industries and that of the Indian people.

As you are aware, the Government of India is taking a very strong position in resisting enhancement of IP enforcement standards in all the multilateral forums. India along with like-minded developing countries successfully pushed back TRIPS-plus[3] IP enforcement agenda at WCO and WHO. India is also trying its level best to convince other developing countries the need to stick to TRIPS-compliant standards rather than adopting TRIPS-plus enforcement standards. In the wake of the controversial generic drug seizures by EU customs authorities, India has also raised the issue of TRIPS-plus IP enforcement standards contained in the EU IP Enforcement Directive at least two times at the TRIPS Council.[4] The Indian political leadership has unequivocally raised its concern over the enhancement of IP enforcement standards at other forums also.[5] In adopting this stance, the Government of India has cited public interest as well as the operating freedom of Indian industry as its justifications.[6] By partnering at this vital stage with an MNC lobby group and a heeding to developed country governments, CII is not acting in furtherance of the legitimate public interests of Indian domestic industry and the Indian people.

It is a well-evidenced fact that TRIPS-plus enforcement standards adversely impact not only legitimate trade between nations (as shown by the EU seizures) but also the day-to-day life of millions of people especially in India and other developing countries.[7] Unfounded IP enforcement measures would adversely impact access to life saving medicines and educational materials. Thus the IP enforcement measures also have the potential to deny right to development to people in the global South. Hence an organization like CII should not view IP as only a business tool but should look at the larger scheme of things especially in the social and economic realities of India. In fact, by promoting enhancement of IP enforcement standards CII is advocating a policy, which would violate the right to health, the right to knowledge, as also the right to development.

We would also like to point out that Indian pharmaceutical industry is one of the victims of TRIPS-plus IP enforcement standards. In 2008 alone, 17 consignments[8] were seized in transit at Europe using the EU Directive on IP Enforcement, which allows seizure of goods in transit.[9] These consignments were being exported from developing countries (such as India and Brazil) to other developing countries, and the contents of the consignments are perfectly legal in both the exporting as well as the importing nations. These highly questionable seizures resulted in the crisis of health programmes as it resulted in delays in and prohibitive costs of access to life-saving medicines in developing countries of Africa and Latin America. CII can barely claim to be representative of the interests of Indian industry if it ignores such episodes and partners with self-promoting MNCs and developed countries’ governments to advocate for the enhancement of IP enforcement standards.

In the light of above-mentioned issues, we request you to consider the following:

Rejecting the TRIPS-plus enforcement agenda in toto. We demand CII, Federation of Indian Chambers of Commerce and Industry (FICCI), Associated Chambers of Commerce and Industry(ASSOCHAM) and other Indian business associations to reject any and all attempts of bringing in a TRIPS-plus enforcement agenda in India, in the interests of Indian industry and the Indian people.
Completely disengaging from any collaborative efforts with foreign institutions to further TRIPS-plus standards of IP protection in India and also abstaining from any engagements on the anti-counterfeiting efforts with foreign agencies. CII should attempt to engage with domestic institutions and build national consensus before engaging with foreign institutions with the claim of representatives of Indian industry.
Taking necessary proactive steps to safeguard the interests of access to medicine and access to knowledge along with interest of the Indian domestic industry.
Participating in a more creative discussion on IP and development rather than simply accepting the simplistic and largely discredited view that stronger IP regime leads to more innovation and is a necessary condition for socio-economic development.

CC:
Shri Anjan Das
Senior Director & Head
Technology, Innovation, IPR & Life Sciences
Confederation of Indian Industry (CII)
Plot No. 249-F, Sector-18; Udyog Vihar, Phase-IV,
Gurgaon-122015, Haryana

Shri. P. Chidambaram
Minister
Ministry of Home Affairs
Government of India
North Block, Central Secretariat
New Delhi 110001

Shri G. K. Pillai
Secretary Justice
Department of Justice
Ministry of Home Affairs
Government of India
North Block, Central Secretariat
New Delhi 110001

Shri Naresh Dayal,
Secretary, Dept. of Health and Family Welfare
Ministry of Health and Family Welfare
Government of India
149-A, Nirman Bhawan, New Delhi – 110 011

Shri Ajay Shankar
Secretary
Department Of Industrial Policy & Promotion
Ministry of Commerce and Industry
Room 153, Udyog Bhavan,
New Delhi – 110 011

Signatories to this letter

Centre for Trade and Development (Centad), New Delhi
Centre for Internet and Society, Bangalore
National Working Group on Patent Laws, New Delhi
Lawyers Collective (HIV/AIDS Unit)
All India Drug Action Network (AIDAN)
International Treatment Preparedness Coalition (ITPC), India
Consumers Association of India, Chennai
IndoJuris Law Offices, Chennai
All Indian People’s Science Network, New Delhi
Delhi Science Forum
Alternative Law Forum, Bangalore
Knowledge Commons
Moving Republic
IT for Change
Centre for Health and Social Justice(CHSJ), New Delhi
Navdanya, New Delhi
Support for Advocacy and Training to Health Initiatives (SATHI)
Centre for Enquiry Into Health and Allied Themes (CEHAT)
Initiative for Health Equity & Society
International Peoples Health Council (South Asia)
Drug Action Forum – Dharwad, Karnataka
Dr. Mira Shiva, New Delhi
Tina Kuriakose, PhD Scholar, Jawaharlal Nehru University, New Delhi
Dr Gopal Dabade, Dharwad
Dinesh Abrol, Scientist NISTADS, CSIR, New Delhi
Madhavi Rahirkar, Lawyer/Consultant, Pune
Gautam John, Bangalore
Achal Prabhala, Bangalore

Endnotes

[1] See Susan K Sell, The Global IP Upward Ratchet, Anti-counterfeiting and Piracy Enforcement Efforts: The State of Play.
[2] QBPC barely qualifies as a representative of Chinese interest, as it comprises more than 180 multinational member companies.
[3] ‘TRIPS-plus’ refers to any protection of IPRs that surpasses the standards and requirements spelt out in WTO-TRIPS provisions.
[4] See Jonathan Lyn, India Brazil raise EU drug Seizures issue at WTO, available at http://www.livemint.com/2009/02/04232721/India-Brazil-raise-EU-drug-se.html
[5] Indian Minister of State for External Affairs Broaches Seizures of Generics at ECOSOC, available at http://www.keionline.org/blogs/2009/07/08/india-ecosoc-seizures/#more-2404
[6] Indian Commerce Secretary’s Speech to the African Community Ambassadors. available at http://www.centad.org/focus_77.asp.
[7] For two very recent examples, see Intellectual Property Enforcement: International Perspectives, Xuan Li & Carlos Correa (eds.) (2009); Anand Grover, Report of the Special Rapporteur on the Right of Everyone to the Enjoyment of the Highest Attainable Standard of Physical and Mental Health, A/HRC/11/12 (2009).
[8] Jyoti Datta, 16 out of 17 drug consignment seizures in the Dutch were from India available at http://www.thehindubusinessline.com/2009/06/08/stories/2009060851700300.htm
[9] The EC Regulation No 1383/2003 allows for seizure of goods in transit.

For more details visit https://cis-india.org/a2k/blogs/civil-society-letter-against-trips-plus-ip-enforcement

Civic Hacking Workshop

pranesh — 2011-08-23T03:14:03Z

CIS, with the UK Government's Foreign Office and the Cabinet Office Team for Digital Engagement, and Google India, is organizing a workshop on open data (or the lack thereof) and 'civic hacking'.

The UK Government's Foreign Office and the Cabinet Office Team for Digital Engagement, Google India and the Centre for Internet and Society, Bangalore are organizing a 'Civic Hacking Workshop' on Wednesday, July 28, 2010, bringing together civic-minded technologists who've been working with governmental data in India and Britain.

The workshop will discuss the problems of obtaining data, especially in India, the technological solutions that these various groups have encountered, the difficulties of technology as a mass-based civic solution, and the visions that these groups have for a more engaged civil society and the contributions they seek to make to the public.

The people attending are, from India (Bangalore):

Alok Singh (Akshara Foundation)
Shivangi Desai (Akshara Foundation)
Arun Ganesh (Geohackers / National Institute of Design)
A. Pandian (Mapunity)
Sridhar Raman (Mapunity)
S. Raghavan Kandala (Mapunity)
Thejesh GN (Janaagraha / Infosys)
Sushant Sinha (IndianKanoon.com / Yahoo)
Vijay Rasquinha (Mahiti)
P.G. Bhat (SmartVote.in)
Pranesh Prakash (CIS)
Raman Jit Singh Chima (Google)

And from Britain:

David McCandless (Information Is Beautiful)
Harry Metcalfe (TellThemWhatYouThink.org / Open Rights Group)
Tim Green (Democracy Club)
Edmund von der Burg (YourNextMP)
Rohan Silva (Special Adviser to the PM)

For more details visit https://cis-india.org/openness/blog-old/civic-hacking-workshop

CIS-TWN Analysis of WIPO Treaty for the Print Disabled (SCCR/22/15)

pranesh — 2011-10-12T08:29:01Z

CIS and the Third World Network (TWN) conducted a quick analysis of the "Consensus document on an international instrument on limitations and exceptions for persons with print disabilities presented by Argentina, Australia, Brazil, Chile, Ecuador, Mexico, Paraguay, and the United States of America" presented as WIPO document numbered SCCR/22/15.

SCCR/22/15

ORIGINAL: English

DATE: June 20, 2011

Standing Committee on Copyright and Related Rights

Twenty-Second Session Geneva, June 15 to 24, 2011

Consensus document on an international instrument on limitations and exceptions for persons with print disabilities presented by Argentina, Australia, Brazil, Chile, Ecuador, Mexico, Paraguay, and the United States of America

PREAMBLE

Recalling the principles of non-discrimination, equal opportunity and access, proclaimed in the United Nations Convention on the Rights of Persons with Disabilities,

Mindful of the obstacles that are prejudicial to human development and the fulfillment of disabled persons with regard to education, research, access to information and communication,

Emphasizing the importance of copyright protection as an incentive for literary and artistic creation and enhancing opportunities for everyone to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits,

Recognizing the importance of both accessibility to the achievement of equal opportunities in all spheres of society and of the protection of the rights of authors in their literary and artistic works in a manner as effective and uniform as possible,

Aware of the many barriers to access to information and communication experienced by persons who are blind or have limited vision, or have other disabilities regarding access to published works,

Aware that the majority of visually impaired persons/persons with a print disability live in countries of low or moderate incomes,

Desiring to provide full and equal access to information, culture and communication for the visually impaired persons/persons with a print disability and, towards that end, considering the need both to expand the number of works in accessible formats and to improve access to those works,

Recognizing the opportunities and challenges for the visually impaired/persons with a print disability presented by the development of new information and communication technologies, including technological publishing and communication platforms that are transnational in nature,

Recognizing the need to seek, receive and impart information and ideas through any media and regardless of frontiers,

Aware that national copyright legislation is territorial in nature, and where activity is undertaken across jurisdictions, uncertainty regarding the legality of activity undermines the development and use of new technologies and services that can potentially improve the lives of the visually impaired/persons with print disabilities,

Recognizing the large number of Members who, to that end, have established exceptions and limitations in their national copyright laws for visually impaired persons/persons with a print disability, yet the continuing shortage of works in ~~special~~accessible formats for such persons,

Recognizing that the preference is for works to be made accessible by rightholders to people with disabilities at publication and that, to the extent that the market is unable to provide appropriate access to works for visually impaired persons/persons with a print disability, it is recognized that alternative measures are needed to improve such access,

Recognizing the need to maintain a balance between the rights of authors and the larger public interest, particularly education, research and access to information, and that such a balance must facilitate effective and timely access to works for the benefit of visually impaired persons/persons with a print disability,

Emphasizing the importance and flexibility of the three-step test for limitations and exceptions established in Article 9(2) of the Berne Convention and other international instruments,

Considering the discussions within the WIPO Standing Committee on Copyright and Related Rights on the issue of exceptions and limitations for the benefit of visually impaired persons/persons with a print disability and the various proposals tabled by Member States,

Prompted by a desire to contribute to the implementation of the relevant recommendations of the Development Agenda of the World Intellectual Property Organization,

Taking into account the importance of an international legal instrument/joint recommendation/treaty both to increase the number and range of accessible format works available to visually impaired persons/persons with a print disability in the world and to provide the necessary minimum flexibilities in copyright laws that are needed to ensure full and equal access to information and communication for persons who are visually impaired/have a print disability in order to support their full and effective participation in society on an equal basis with others and to ensure the opportunity to develop and utilize their creative, artistic and intellectual potential, for their own benefit and for the enrichment of society,

Have agreed as follows:

ARTICLE A

DEFINITIONS

For purposes of these provisions

"work" means a work in which copyright subsists, whether published or otherwise made publicly available in any media.

"accessible format copy" means a copy of a work in an alternative manner or form which gives a beneficiary person access to the work, including to permit the person to have access as feasibly and comfortably as a person without a print disability. The accessible format copy must respect the integrity of the original work and be used exclusively by beneficiary persons~~persons with print disabilities~~.¹

[Possible enumeration of different formats.]²

"authorized entity" means a governmental agency, a non-profit entity or an~~non-profit~~ organization³ that has as one of its ~~primary missions~~activities to assist persons with print disabilities by providing them with services relating to education, training, adaptive reading, or information access.

An authorized entity maintains policies and procedures to establish the bona fide nature of persons with print disabilities that they serve.

An authorized entity has the trust of both persons with print disabilities and copyright rights holders. It is understood that to obtain the trust of rightholders and beneficiary persons, it is not necessary to require the prior permission of said rightholders or beneficiary persons.⁴

~~If an authorized entity is a nation-wide network of organizations, then all organizations, institutions, and entities that participate in the network must adhere to these characteristics.~~

"reasonable price for developed countries" means that the accessible format copy of the work is available at a similar or lower price than the price of the work available to persons without print disabilities in that market.

"reasonable price for developing countries" means that the accessible format copy of the work is available at prices that are affordable in that market, taking into account the humanitarian needs of persons with print disabilities.

References to 'copyright' include copyright and any relevant rights related to copyright that are provided by a Contracting Party in compliance with ~~the Rome Convention, the TRIPS Agreement, the WPPT or otherwise~~any applicable international treaties or otherwise.⁵

ARTICLE B

BENEFICIARY PERSONS

A beneficiary person is a person who

is blind;
has a visual impairment or a perceptual or reading disability, such as dyslexia, which cannot be improved by the use of corrective lenses to give visual function substantially equivalent to that of a person who has no such impairment or disability and so is unable to read printed works to substantially the same degree as a person without an impairment or disability; or
is unable, through physical disability, to hold or manipulate a book or to focus or move the eyes to the extent that would be normally acceptable for reading.

ARTICLE C

NATIONAL LAW EXCEPTIONS ON ACCESSIBLE FORMAT COPIES

Member State/Contracting Party should/shall provide in their national copyright law for an exception or limitation to the right of reproduction, the right of distribution and the right of making available to the public, as defined in article 8 of the WCT, for beneficiary persons as defined herein.
A Member State/Contracting Party may fulfill Article C (1) by providing an exception or limitation in its national copyright law such that
1. Authorized entities shall be permitted without the authorization of the owner of copyright to make an accessible format copy of a work, supply that accessible format copy or an accessible format copy obtained from another authorized entity to a beneficiary person by any means, including by non-commercial lending or by electronic communication by wire or wireless means, and undertake any intermediate steps to achieve these objectives, when all of the following conditions are met:
  1. the authorized entity wishing to undertake said activity has lawful access to that work or a copy of that work;
  2. the work is converted to an accessible format copy, which may include any means needed to navigate information in the accessible format, but does not introduce changes other than those needed to make the work accessible to the beneficiary person;
  3. copies of the work in the accessible format are supplied exclusively to be used by beneficiary persons; and
  4. ~~4. the activity is undertaken on a non-profit basis.~~ ⁶
  5. A beneficiary person or someone acting on his or her behalf may make an accessible format copy of a work for the personal use of the beneficiary person where the beneficiary person has lawful access to that work or a copy of that work.
2. A Member State/Contracting Party may fulfill Article C (1) by providing any other exception or limitation in its national copyright law that is limited to certain special cases which do not conflict with a normal exploitation of the work and do not unreasonably prejudice the legitimate interests of the right holder.
3. The Member State/Contracting Party may limit said exceptions or limitations to published works which, in the applicable ~~special~~accessible format, cannot be otherwise obtained within a reasonable time and at a reasonable price.
4. It shall be a matter for national law to determine whether exceptions or limitations referred to in this Article are subject to remuneration.
ARTICLE D

CROSS-BORDER EXCHANGE OF ACCESSIBLE FORMAT COPIES
1. Member States/Contracting Parties should/shall provide that if an accessible format copy of a work is made under an exception or limitation or export license in their national law, that accessible format copy may be distributed or made available to a beneficiary person in another Member State/Contracting Party by an authorized entity ~~where that other Member State/Contracting Party would permit that beneficiary person to make or import that accessible copy~~.⁷
2. A Member State/Contracting Party may fulfill Article D(1) by providing an exception or limitation in its national copyright law such that:
  1. Authorized entities shall be permitted without the authorization of the owner of copyright to distribute or make available accessible format copies to authorized entities in other Member States/Contracting Parties for the exclusive use of persons with print disabilities, where such activity is undertaken on a non-profit basis.⁸
  2. Authorized entities shall be permitted without the authorization of the owner of copyright to distribute or make available accessible format copies to persons with print disabilities in other Member States/Contracting Parties where the authorized entity has verified the individual is properly entitled to receive such accessible format copies under that other Member State/Contracting Party's national law.⁹
The Member State/Contracting Party may limit said distribution or making available to published works which, in the applicable ~~special~~accessible format, cannot be otherwise obtained within a reasonable time and at a reasonable price, in the country of importation.
1. Without prejudice to other exceptions to the exclusive rights of authors that are otherwise permitted by the Berne Convention or the TRIPS Agreement, a Member State/Contracting Party may fulfill Article D(1) by providing any other exception or limitation in its national copyright law that is limited to certain special cases which do not conflict with a normal exploitation of the work and do not unreasonably prejudice the legitimate interests of the right holder.
ARTICLE E

IMPORTATION OF ACCESSIBLE FORMAT COPIES

To the extent that national law would permit a beneficiary person or an authorized entity acting on the beneficiary person’s behalf to make an accessible format copy of a work, the national law should/shall permit a beneficiary person or an authorized entity acting on that person's behalf to import an accessible format copy.¹⁰

ARTICLE F

CIRCUMVENTION OF TECHNOLOGICAL PROTECTION MEASURES

Member States/Contracting Parties should/shall ensure that beneficiaries of the exception provided by Article C have the means to enjoy the exception where technological protection measures have been applied to a work.

In the absence of voluntary measures by rightholders and to the extent that copies of the work in the accessible format are not available commercially at a reasonable price or via authorized entities, Member States/Contracting Parties should/shall take appropriate measures to ensure that beneficiaries of the exception provided by Article C have the means of benefiting from that exception when technical protection measures have been applied to a work, to the extent necessary to benefit from that exception.¹¹

~~ARTICLE G~~

~~RELATIONSHIP WITH CONTRACTS~~

~~Nothing herein shall prevent Member States/Contracting Parties from addressing the relationship of contract law and statutory exceptions and limitations for beneficiary persons.~~

ARTICLE H

RESPECT FOR PRIVACY

In the implementation of these exceptions and limitations, Member States/Contracting Parties should/shall endeavour to protect the privacy of beneficiary persons on an equal basis with others.

[End of document]
1. This change must be replicated everywhere where appropriate. ↩
2. Formats should not be enumerated, since even the disabilities are not enumerated. ↩
3. Non-profit organizations alone cannot cope with the needs of visually impaired people in the developing world. Thus, while it may sound like the ideal, it is impractical given the realities of the situation in the developing world. ↩
4. A "trust" system would make it impossible for developing countries to actualize these provisions. If despite this, copyright infringement happens, then national remedies exist for such infringement. ↩
5. To clarify: what is the purpose of these and not mentioning WCT, Berne, etc.? ↩
6. To be deleted for the same reasons as above. Non-profit basis, if insisted upon, can be retained in Article D(2)(A), but not here. ↩
7. Import law provisions are already there in Article E, and should remain there. In Art. E, it states, “shall permit” import, and here, “would permit”. ↩
8. This instance of "non-profit basis" may be retained if necessary. ↩
9. To clarify: what would such verification require? Would self-certification suffice? ↩
10. It should be clarified, possibly through an agreed statement, that nothing in this article shall derogate from the flexibility provided in Art. 6 of the TRIPS Agreement, which allows for countries to provide international exhaustion.
  
  Thus, if the principle of international exhaustion is in place (i.e., parallel importation is allowed), then importation can be carried out by anyone, and not just by a beneficiary person or an authorized entity. ↩
11. This second paragraph weakens the principle established in the first by adding more conditions. They are almost phrased as alternatives, and the first alternative (paragraph) is the better one. ↩

For more details visit https://cis-india.org/a2k/blogs/cis-analysis-july2011-treaty-print-disabilities

CIS's Statement at SCCR 24 on the WIPO Broadcast Treaty

pranesh — 2012-07-23T15:02:11Z

This was the statement read out by Pranesh Prakash at the 24th meeting of the WIPO Standing Committee for Copyright and Related Rights in Geneva, on Monday, July 23, 2012, specifically on the Chair's Non Paper on the Protection of Broadcasters which was released this morning.

Thank you, Madam Chair.

The Centre for Internet and Society would like to thank the Japanese, South African and Mexican delegations, as well as the Chair for their hard work on this text before us.

We wish to reiterate the statement on principles provided in the 22nd SCCR by many civil society non-governmental organizations, cable casters and technology companies opposing a rights-based Broadcast Treaty, and would like to associate ourselves with the statements made today by the CCIA, EFF, IFLA, LCA, eIFL, KEI, and the Internet Society.

I have a longer statement, which I will mail in later, but will read a shorter version now.

Why Do We Need Protection for Broadcasters?

Broadcasters make three kinds of investments for which they are protected. They invest in broadcasting infrastructure, they invest in licensing copyrighted works, and they at times invest in creating copyrighted works. The first investment is protected by 'broadcast rights', and the latter two investments are already protected by copyright law. So it is probably the first investment alone that needs to be protected, but the Rome Convention already does precisely that.

Broadcasters Already Protected Online

Importantly, the investments to be made in infrastructure for Internet-based transmission is insignificant, and hence Internet-based transmission should not be covered by this treaty, even if it is retransmission over the Internet, and even if it is traditional broadcaster which is transmitting over the Internet. Technology-neutrality should not be taken to such an extent as to forget why we are granting additional protection to broadcasters, which is to protect their investments.

Broadcasters Can Already Sue for Copyright Violation

The Motion Pictures Association in its statement just now mentioned "cause of action" as something that this treaty seeks to protect: that is, to allow broadcasters to have a standing to sue for copyright violation. The fact is that most, if not all, legal systems already allow for licensees — like broadcasters — to have cause of action for infringement. A global treaty is not needed for that.

Inconsistencies in Chair's Non Paper

Lastly, there are many inconsistencies in the Chair's non-paper: while it proclaims that it only extends protection to broadcast signals, and not the subject matter carried by such signals, the rest of the document does not follow that principle. Fixation cannot be covered in a signals-based treaty, nor does it make any logical sense to provide 20 years of protection for a signal that lasts for milliseconds. As the delegates would recall, the General Assembly's mandate was for a signals-based approach, and not for a rights-based approach.

Thank you, Madam Chair.

For more details visit https://cis-india.org/a2k/blogs/cis-statement-sccr24-broadcast-treaty