Centre for Internet and Society

The 2010 Special 301 Report Is More of the Same, Slightly Less Shrill

pranesh — 2011-10-03T05:37:27Z

Pranesh Prakash examines the numerous flaws in the Special 301 from the Indian perspective, to come to the conclusion that the Indian government should openly refuse to acknowledge such a flawed report. He notes that the Consumers International survey, to which CIS contributed the India report, serves as an effective counter to the Special 301 report.

Special 301 Report: Unbalanced Hypocrisy

The United States Trade Representative has put yet another edition of the Special 301 report which details the copyright law and policy wrongdoings of the US's trading partners. Jeremy Malcolm of Consumers International notes that the report this year claims to be "well-balanced assessment of intellectual property protection and enforcement ... taking into account diverse factors", but:

[I]n fact, the report largely continues to be very one-sided. As in previous editions, it lambasts developing countries for failing to meet unrealistically stringent standards of IP protection that exceed their obligations under international law.

More the report changes, the more it stays the same. Despite having wider consultations than just the International Intellectual Property Alliance (IIPA, consisting of US-based IP-maximalist lobbyists like the Motion Picture Association of America, Recording Industry Association of America, National Music Publishers Association, Association of American Publishers, and Business Software Alliance) and the Pharmaceutical Research and Manufacturers of America (PhRMA, consisting of US-based pharma multinationals), things haven't really changed much in terms of the shoddiness of the Special 301 report.

India and the 2010 Special 301 Report

The Special 301 report for 2010 contains the following assessment of India:

India will remain on the Priority Watch List in 2010. India continues to make gradual progress on efforts to improve its legislative, administrative, and enforcement infrastructure for IPR. India has made incremental improvements on enforcement, and its IP offices continued to pursue promising modernization efforts. Among other steps, the United States is encouraged by the Indian government’s consideration of possible trademark law amendments that would facilitate India’s accession to the Madrid Protocol. The United States encourages the continuation of efforts to reduce patent application backlogs and streamline patent opposition proceedings. Some industries report improved engagement and commitment from enforcement officials on key enforcement challenges such as optical disc and book piracy. However, concerns remain over India’s inadequate legal framework and ineffective enforcement. Piracy and counterfeiting, including the counterfeiting of medicines, remains widespread and India’s enforcement regime remains ineffective at addressing this problem. Amendments are needed to bring India’s copyright law in line with international standards, including by implementing the provisions of the WIPO Internet Treaties. Additionally, a law designed to address the unauthorized manufacture and distribution of optical discs remains in draft form and should be enacted in the near term. The United States continues to urge India to improve its IPR regime by providing stronger protection for patents. One concern in this regard is a provision in India’s Patent Law that prohibits patents on certain chemical forms absent a showing of increased efficacy. While the full import of this provision remains unclear, it appears to limit the patentability of potentially beneficial innovations, such as temperature-stable forms of a drug or new means of drug delivery. The United States also encourages India to provide protection against unfair commercial use, as well as unauthorized disclosure, of undisclosed test or other data generated to obtain marketing approval for pharmaceutical and agricultural chemical products. The United States encourages India to improve its criminal enforcement regime by providing for expeditious judicial disposition of IPR infringement cases as well as deterrent sentences, and to change the perception that IPR offenses are low priority crimes. The United States urges India to strengthen its IPR regime and will continue to work with India on these issues in the coming year.

This short dismissal of the Indian IPR regime, and subsequent classification of India as a "Priority Watch List" country reveals the great many problems with the Special 301.

On Copyrights

The report notes that there are "concerns over India's inadequate legal framework and ineffective enforcement". However, nowhere does it bother to point out precisely how India's legal framework is inadequate, and how this is negatively affecting authors and creators, consumers, or even the industry groups (MPAA, RIAA, BSA, etc.) that give input to the USTR via the IPAA. Nor does it acknowledge the well-publicised fact that the statistics put out by these bodies have time and again proven to be wrong:
Apart from this bald allegation which has not backing, there is a bald statement about India needing to bring its copyright law "in line with international standards" including "the WIPO Internet Treaties". The WIPO Internet Treaties given that more than half the countries of the world are not signatories to either of the WIPO Internet Treaties (namely the WIPO Copyright Treaty and the WIPO Performance and Phonograms Treaty), calling them 'international standards' is suspect. That apart, both those treaties are TRIPS-plus treaties (requiring protections greater than the already-high standards of the TRIPS Agreement). India has not signed either of them. It should not be obligated to do so. Indeed, Ruth Okediji, a noted copyright scholar, states:

Consistent with their predecessors, the WIPO Internet Treaties marginalize collaborative forms of creative engagement with which citizens in the global South have long identified and continue in the tradition of assuming that copyright’s most enduring cannons are culturally neutral. [...] The Treaties do not provide a meaningful basis for a harmonized approach to encourage new creative forms in much the same way the Berne Convention fell short of embracing diversity in patterns and modes of authorial expression.

Some of the of the 'problems' noted in the report are actually seen as being beneficial by many researchers and scholars such as Lawrence Liang, Achal Prabhala, Perihan Abou Zeid and others, who argue that lax enforcement has enabled access to knowledge and promotion of innovation. In a panel on 'Access to Knowledge' at the Internet Governance Forum, Lea Shaver, Jeremy Malcolm and others who have been involved in that Access to Knowledge movement noted that lack of strict enforcement played a positive role in many developing countries. However, they also noted, with a fair bit of trepidation, that this was sought to be changed at the international level through treaties such as the Anti-Counterfeiting Treaty Agreement (ACTA).
The scope of an optical disc law are quite different from copyright law. The report condemns "unauthorized manufacture and distribution of optical discs", however it does not make it clear that what it is talking about is not just unlicensed copying of films (which is already prohibited under the Copyright Act) but the manufacture and distribution of blank CDs and DVDs as well. The need for such a law is assumed, but never demonstrated. It is onerous for CD and DVD manufacturers (such as the Indian company Moserbaer), and is an overbearing means of attacking piracy.
The report calls for "improve[ment] [of India's] criminal enforcement regime" and for "deterrent" sentences and expeditious judicial disposition of IPR infringement cases. While we agree with the last suggestion, the first two are most unacceptable. Increased criminal enforcement of a what is essentially a private monopoly right is undesirable. Copyright infringment on non-commercial scales should not be criminal offences at all. What would deter people from infringing copyright laws are not "deterrent sentences" but more convenient and affordable access to the copyright work being infringed.

On Patents

Thankfully, this year the Special 301 report does not criticise the Indian Patent Act for providing for post-grant opposition to patent filings, as it has in previous years. However, it still criticises section 3(d) of the Patent Act which ensures that 'evergreening' of drug patents is not allowed by requiring for new forms of known substances to be patented only if "the enhancement of the known efficacy of [the known] substance" is shown. Thus, the US wishes India to change its domestic law to enable large pharma companies to patent new forms of known substances that aren't even better ("enhancement of the known efficacy"). For instance, "new means of drug delivery" will not, contrary to the assertions of the Special 301 report and the worries of PhRMA, be deemed unpatentable.

The United States has been going through much turmoil over its patent system. Reform of the patent system is currently underway in the US through administrative means, judicial means, as well as legislative means. One of the main reasons for this crumbling of the patent system has been the low bar for patentability (most notably the 'obviousness' test) in the United States and the subsequent over-patenting. An American judgment even noted that "anything under the sun that is made by man" is patentable subject matter. It is well-nigh impossible to take American concerns regarding our high patent standards seriously, given this context.

Miscellanea

The harms of counterfeit medicine, as we have noted earlier, are separate issues that are best dealt under health safety regulations and consumer laws, rather than trademark law.

Data exclusivity has been noted to be harmful to the progress of generics, and seeks to extend proprietary rights over government-mandated test data. It is [clear from the TRIPS Agreement][de-trips] that data exclusivity is not mandatory. There are clear rationale against it, and the Indian pharmaceutical industry [is dead-set against it][de-india]. Still, the United States Trade Representative persists in acting as a corporate shill, calling on countries such as India to implement such detrimental laws.

Conclusion

Michael Geist, professor at University of Ottowa astutely notes:

Looking beyond just Canada, the list [of countries condemned by the Special 301 report] is so large, that it is rendered meaningless. According to the report, approximately 4.3 billion people live in countries without effective intellectual property protection. Since the report does not include any African countries outside of North Africa, the U.S. is effectively saying that only a small percentage of the world meet its standard for IP protection. Canada is not outlier, it's in good company with the fastest growing economies in the world (the BRIC countries are there) and European countries like Norway, Italy, and Spain. In other words, the embarrassment is not Canadian law. Rather, the embarrassment falls on the U.S. for promoting this bullying exercise and on the Canadian copyright lobby groups who seemingly welcome the chance to criticize their own country.

His comments apply equally well for India as well.

IIPA's Recommendation for the Special 301 Report

Thankfully, this year IIPA's recommendations have not been directly copied into the Special 301 report. (They couldn't be incorporated, as seen below.) For instance, the IIPA report notes:

The industry is also concerned about moves by the government to consider mandating the use of open source software and software of only domestic origin. Though such policies have not yet been implemented, IIPA and BSA urge that this area be carefully monitored.

Breaking that into two bit:

Open Source

Firstly, it is curious to see industry object to legal non-pirated software. Secondly, many of BSA's members (if not most) use open source software, and a great many of them also produce open source software. HP and IBM have been huge supporters of open source software. Even Microsoft has an open source software division. [Intel][intel], SAP, Cisco, Dell, Sybase, Entrust, Intuit, Synopsys, Apple, Borland, Cadence, Autodesk, and Siemens are all members of BSA which support open source software / produce at least some open source software. And all BSA members rely on open source software (as part of their core products, their web-server, their content management system, etc.) to a lesser or greater extent. BSA's left hand doesn't seem to know what its right hand -- its members -- are doing. Indeed, the IIPA does not seem to realise that the United States' government itself uses [open source software], and has been urged to look at FOSS very seriously and is doing so, especially under CIO Vivek Kundra. And that may well be the reason why the USTR could not include this cautionary message in the Special 301 report.

Domestic Software

As this insightful article by Nate Anderson in Ars Technica notes:

Open source is bad enough, but a "buy Indian" law? That would be an outrage and surely something the US government would not itself engage in as recently as last year. Err, right?

Furthermore, the IIPA submission do not provide any reference for their claim that "domestic origin" software is being thought of being made a mandatory requirement in governmental software procurement.

WCT, WPPT, Camcording, and Statutory Damages

The IIPA submission also wish that India would:

Adopt a system of statutory damages in civil cases; allow compensation to be awarded in criminal cases;
Adopt an optical disc law;
Enact Copyright Law amendments consistent with the WCT and WPPT;
Adopt an anti-camcording criminal provision.

Quick counters:

Statutory damages (that is, an amount based on statute rather than actual loss) would result in ridiculousness such as the $1.92 million damages that the jury (based on the statutory damages) slapped on Jammie Thomas. The judge in that case called the damage award "monstrous and shocking" and said that veered into "the realm of gross injustice."
The reasons against an optical disc law are given above. Quick recap: it is a) unnecessary and b) harmful.
India has not signed the WCT and the WPPT. Indian law satisfies all our international obligations. Thus enacting amendments consistent with the WCT and the WPPT is not required.
Camcording of a film is in any case a violation of the Copyright Act, 1957, and one would be hard-pressed to find a single theatre that allows for / does not prohibit camcorders. Given this, the reason for an additional law is, quite frankly, puzzling. At any rate, IIPA in its submission does not go into such nuances.

Further conclusions

Shamnad Basheer, an IP professor at NUJS, offer the following as a response:

"Dear USA,

India encourages you to mind your own business. We respect your sovereignty to frame IP laws according to your national priorities and suggest that you show us the same courtesy. If your grouse is that we haven't complied with TRIPS, please feel free to take us to the WTO dispute panel. Our guess is that panel members familiar with the English language will ultimately inform you that section 3(d) is perfectly compatible with TRIPS. And that Article 39.3 does not mandate pharmaceutical data exclusivity, as you suggest! More importantly, at that point, we might even think of hauling you up before the very same body for rampant violations, including your refusal to grant TRIPS mandated copyright protection to our record companies, despite a WTO ruling (Irish music case) against you.

Yours sincerely,

India."

Basheer's suggestion seems to be in line with that Michael Geist who believes that other countries should join Canada and Israel in openly refusing to acknowledge the validity of the Special 301 Reports because they lack ['reliable and objective analysis'][geist-reliable]. And that thought serves as a good coda.

For more details visit https://cis-india.org/a2k/blogs/2010-special-301

China Club instead of Bombay Club?

Shyam Ponappa — 2012-05-10T10:35:05Z

Emulate China's coordinated policies for strategic sectors, and we'll rely less on commodity exports, says Shyam Ponappa in his article in the Business Standard on May 13, 2010.

With the momentum of the past few years, India’s potential for growth is enormous, despite the chaotic loose linkages. In sectors like power and telecommunications, this translates to demand far outstripping capacity. Some contend that domestic inability to build capacity — i.e., being able to actually pull it off, as against the perpetual potential — will conscribe not only these sectors, but also limit overall growth. So the argument goes, e.g., let China build India’s power plants, because we need the power and don’t have capacity/they do it cheaper.

Comparative advantage notwithstanding, this reasoning is fallacious given the realities of national interests and self-interest. To understand why, consider the naïveté of the underlying assumptions — about “rational man”, that capitalism is fair, capital is immobile, surplus value accrues to countries and not to companies, or that the pursuit of self-interest maximises societal benefits.

Our quandary is aggravated by our inability so far to orchestrate supportive policies for even a level playing field. Ironically, one need only consider India’s approach to IT and IT-enabled services (ITeS) in the initial growth years to realise this. India’s policies in IT and ITeS, while far from perfect — in fact, sneaked through by stealth, as in the preferential 64 kbps communications lifeline, and the tax breaks for software service exporters — provided the foundations for transforming IT and then ITeS/BPO/KPO (Business Process and Knowledge Process Outsourcing).

These sectors also benefited from a controlled exchange rate, as the Reserve Bank of India (RBI) managed a steady depreciation during those years. But they did not have another vital ingredient of coordinated policies as did the Asian tigers: low borrowing rates (see the diagram)

This is one reason why, for instance, India’s machine tool manufacturers or shipbuilders have not matched the growth of knowledge-based services. The former need inexpensive, long-term capital for production and marketing, as well as for continuous innovation, upgrade and scale.

Why labour arbitrage and not products

This is also one reason why we lack product orientation, because product design, development and marketing require the support of easy access to cheap capital for a long period. Labour arbitrage needs little capital. Therefore, we have been better mercenaries than producers of products, compared with the chaebols (Samsung, Hyundai) or keiretsu (Mitsubishi, Dai-Ichi/Mizuho). There are, of course, many additional reasons: their education, training, work practices, our policies against large corporations, etc.

With growth in domestic markets across a broad range — telecom equipment, engineering goods, power — there are domestic manufacturing initiatives, such as L&T and Bharat Forge in power generation joining Bhel, or Tejas Networks in optical switching. But for the transformational changes we have witnessed in IT, we need coordinated industrial policies that support domestic manufacturing, because that’s the competition. Unthinking acceptance of “open markets” without heed to how others — including developed economies — cosseted and built their manufacturing capacity will ensure that India stays a raw materials and commodities exporter, while importing trains, aircraft, machine tools, and equipment for power generation, telecommunications and defence.

Integrated policies work

Ideally, supportive policies comprise a coordinated range, such as state and central taxes, favoured locations with good infrastructure — energy, transport and communications, subsidised land, favourable exchange and interest rates, preferred access to domestic markets, and barriers to unfair competition, like import tariffs not below the WTO floor, and safeguard duties. Without this orchestration, the victors are companies and countries that have understood these principles, and have these systems in place. (This applies equally to farm products.)

Many are apprehensive that what works elsewhere will not work in India because of malpractices, as seen in recurring scams. There is every need for systems with integrity, and for enforcement with penalties. But just as corruption in government or civil society does not do away with the need for either, misuse does not negate the need for incentives. It would be self-damaging to lose the opportunity to try and get our act together simply because of apprehensions of corruption and/or incompetence. That would be like not subsidising food for the poor; it’s a different matter that we need better methods to prevent gross misappropriation.

The consequence of heedless, ad hoc muddling through instead of orchestrated strategies is that manufactured imports will dominate our markets, while domestic manufacturing is fragmented, hamstrung or absent. Having said that, consider India’s needs in electricity or communications — telecom, Internet and broadcasting — and it is apparent that crafting policies is not simple. So many conflicting images, some based on facts, others, mere impressions, which are often more important than facts. What should policy-makers do for our needs on such a massive scale with growing shortfalls?

Emulate China

The short answer: learn from China. In the power sector, Chinese suppliers have the following advantages:

Low-cost access to capital.
An exchange rate advantage (10-30 per cent).
No sales tax and octroi, aggregating to about 11 per cent.
Zero customs duty on equipment for large plants (China imposes a 30 per cent import duty)

Corrective action discussed for years has not resulted in concrete steps. The power ministry, citing supposed user benefits, opposes the planning commission’s recommendation of a safeguard duty. This is as shortsighted as “free electricity” that undercuts investments in power.

In telecommunications, consider Huawei, with revenues of over $20 billion, nurtured for 20 years with the People’s Liberation Army (PLA) as an R&D partner and guaranteed customer, vis-à-vis, say, Tejas Networks from Bangalore, with no government support.

Our policies need to focus on our long-term interests with strategic intent and execution, as in other countries, balancing costs with the benefits of domestic capabilities. These sectors need government procurement support, not criteria that disqualify Indian companies in strategic sectors like power and communications. They also need interim methods for Chinese companies to contribute while upgrading our skills and processes. Our aim needs to be a level playing field.

Read the original article in the Business Standard

For more details visit https://cis-india.org/telecom/blog/China-club-Bombay-club

Biometry Is Watching

praskrishna — 2011-04-02T12:08:26Z

In its first steps, the UID drive encounters practical problems, raises ethical questions, reports Sugata Srinivasaraju in Outlook.

Three women are fighting to take one chair in a classroom of a government school in Chelur village, in Gubbi taluka of Tumkur district. One sits on the lap of another and the third tries to push them both off the chair. What all three want is to be the first to be profiled under the Centre’s ambitious Aadhaar or unique identity number (UID) project. Their squabbling holds up the documentation by nearly 20 minutes, and the crowd outside, standing in line in the afternoon sun, grows restless. To calm them, the village revenue secretary orders the distribution of another round of buttermilk.

Chelur is one of four villages in the district picked for field trials before the 12-digit UIDs are assigned to people later in the year. Besides Tumkur, the pilot project is simultaneously running in seven villages of Mysore district. Each village has been given a target of 2,400-2,500 profiles to be completed in 20 days. This involves photographing the face, imaging the iris and scanning all ten digits of each person profiled and assigned a UID.

Villagers are enthusiastic about this rigorous profiling process even though there’s little awareness about the true purpose of the exercise. This is because of some falsehoods that have somehow spread in these areas. Nagamma, an elderly woman coming out after being profiled, thinks her eyes had been tested and found to be in perfect condition. Another middle-aged woman thought the exercise would bring her a new ration card—one that would entitle her family to an extra four kilos of rice. Some others were in a tizzy that if they didn’t undergo this “photography” their BPL cards would be taken away. Most, however, had queued up because they didn’t want to be left out of a sarkari exercise their neighbours were submitting to. Of the dozen people Outlook spoke to, only Muniswamy could tell us that this process would ensure that no one had more than one voter ID card or ration card—the way it should be, unlike some in his village who had illegally acquired two of each.

The village authorities have been doing little to counter the misinformation because their attention is focused on other compelling matters, like meeting the assigned target. This is an important issue because gram panchayat elections have been declared in Karnataka and lots of youngsters set off for campaigning early in the morning and would be difficult to locate for profiling.

According to official figures, Chelur has a population of 5,000, with 3,640 people above the age of 18. A random selection of 2,400 has been made from this to meet the UID target. The number seems small, but handling it at the village level can be demanding for the local authorities—there’s no police for crowd control, refreshments have to be distributed and the computerised work has to be done despite the power outages. Using generators has become inevitable, for the villages get hardly four or five hours’ power supply.

Another problem lies in obtaining the fingerprints of rural folk: most of them are engaged in manual labour or farm work and arrive with dirty palms that defeat the biometric reading machines. Pails of water, detergent and towels are provided for cleaning up. Much time is lost in such rescanning and it goes against the official estimate of five minutes for the young, nine for the elderly.

Prasanna Kumar, the village secretary, admits to the problems. “We did not make an open announcement for the UID pilot because we didn’t want to attract large crowds. We quietly prepared a random list of 2,400 people from the ration card database and went door-to-door to invite them,” he says. “We have left out people above the age of 80 and under 18. We told people this identity number will help them access various government schemes. Fingerprinting is the toughest problem. Initially people were reluctant, but suddenly they have become curious.”

H. Gnanesh, the tehsildar, says the ongoing step is only “concept testing”; the next will be rechecking, in which those already profiled will verify their identity details against what has been stored. Only after that will the UID be issued. In Chelur village, the concept testing ended on May 4; rechecking began the very next day.

Some NGOs observing the process have noted the lack of awareness in villagers. “They are clueless about what they are taking part in,” say Mahadev Prasad and Murthy, of the Basava Seva Trust. Murthy says fingerprinting is a big problem. He speaks of Hommaragalli, in Mysore district, where some foreign experts had to be called in to take a look at the scanning machines.

Then there are larger issues. Away from the surging crowds in Chelur, civil society organisations like the Centre for Internet & Society, the Alternative Law Forum and PUCL have been demanding greater dialogue. In fact, they have even suggested a review of the scheme. They argue there is no clarity on how the government proposes to store and secure personal and biometric data, given the fact that various agencies such as banks, telecom companies and government departments would potentially access it. Security is a huge concern also because the software, hardware and expertise of foreign companies is being used. These NGOs say the UID data, the National Population Registry and the NATGRID, when connected, could prove a grave threat to civil liberties.

“First, a centralised database, like the UID will create, has never been safe,” says Sunil Abraham of CIS. “It needs to be decentralised like our various mail servers. Second, we feel the collection of biometric data is happening at the wrong end of the pyramid. Instead of putting the poor through the process first, why not start with those with financial dealings of Rs 1 crore and above. Third, one study says 48 per cent of our people cannot remember a 12-digit ID. Fourth, we need privacy laws in place before the UID regime sets in.”

Those problems apart, even raising the level of the current exercise—from small samples of a few thousand each to profiling the billion-plus population of India—could place severe demands on our shaky administration. There’s a mountain to be moved.

Read the original article in the Outlook

For more details visit https://cis-india.org/news/biometry-is-watching

What Women Want: The ability debates

praskrishna — 2011-04-02T12:08:44Z

In this article published in the Hindu, Deepa Alexander argues that the proposed amendments to the Copyright Act (1957) are restrictive and discriminatory.

The triumphs and disasters of the differently-abled in India are two ends of the spectrum. Among the 70 million disabled in our country are those who have conquered peaks, won gold at the Paralympics, and raced in Himalayan and desert car rallies. But, millions more struggle to meet daily challenges in a society that tends to portray the disabled as either heroes or victims with little or no access to their rightful resources. The proposed amendments to the Copyright Act (1957) are seen as restrictive and discriminatory, as the copyright exception, which aims at allowing persons with disability easy access to copyrighted material, applies only to certain types of disability. We spoke to activists who address these issues, not as charity or welfare but as matters of development and dignity.

Change in attitude

National Trust's programmes work on building capacity, changing patronising attitudes, building trust in the abilities of people with developmental disability and creating an equal playing field. Unfortunately, deeply entrenched attitudes continue to exclude people with disabilities. Even if an opportunity is given, it is given only once; if a person with disability fails, incapacity is assumed.

But, in the recent case of a young woman with intellectual disability who had been raped in a women's home, the Supreme Court upheld her right to ‘choose' to keep her baby, and she has proved to be a competent mother. However, the disapproval of the intelligentsia in the media is an indicator of the social prejudices people with disabilities have to live with.

Poonam Natarajan, Chairperson, National Trust (Ministry of Social Justice and Empowerment), New Delhi

Implement their rights

Ability Foundation's thrust is on creating an equitable society. Through our magazine Success & Ability, we spread this message at a time when service to the disabled was seen only at the physical, and not at the emotional level. Persons with disabilities need access to inclusive education, employment and public places. Being ‘accounted' in the Census 2011 will open up a plethora of possibilities. Accurate data will enable Government intervention at various levels, leading to proactive action. We need ramps for wheelchair users, audio announcements in bus / train stations for the visually-impaired, and video announcements for the hearing-impaired. Floor numbers in Braille for lifts, sign language interpreters in every hospital, police station and court of law, slip-proof flooring in malls, and large-print books in public libraries for those with low vision are the other needs. The implementation of the rights of persons with disabilities as per the United Nations convention and the Persons with Disabilities Act (PWD), in letter and spirit, is also essential.

Jaysheree Ravindran, Founder and Honorary Executive Director, Ability Foundation, Chennai

A development issue

My daughter Tamana was born with cerebral palsy. It pushed me to found an organisation in 1984 to fulfil the dreams of children with special needs and those of their parents. Therapy and counselling for children and their families is essential for optimum adult rehabilitation. Since Independence, the disabled have been categorised along with sections such as women, Scheduled Castes and Scheduled Tribes. While these have had powerful political lobbies, there has been no spokesperson for the disabled. The dichotomies between the Ministries of Education and Social Justice further worsen the exclusion. Most policy-makers look at disability as a welfare, not a development issue. Disability should be jointly addressed by the Ministries of Health, Women and Child Development, HRD, Social Justice and Empowerment. The definition of disability in the PWD Act does not include autism, which leaves out nearly two million autistic persons in India. Admitting disabled children in normal schools is not enough — you need to have professionally trained staff, who are sensitised. I also hope for a different curriculum for special children, even as they are being integrated in the mainstream. Better pay scales will also bring in more jobs in the disability sector.

Dr. Shyama Chona, President, Tamana, New Delhi

Public-private partnership

NGO-run establishments provide free schooling for disabled children. The Government has provided legislative intent through the Inclusive Education Act, which makes it mandatory to include all kinds of impaired children. However, Government schools that cater to the poor are generally marked by grossly inadequate infrastructure and teaching aids, so imagine the predicament of the disabled.

I would like a public-private partnership for day-care and residential institutions which provide educational and recreational service on a long-term basis. This needs to be supported by research institutions which focus on technology, communication and teaching aids. We need to benefit from global expertise, and customise them to local needs.

As Childline's primary mandate is child protection, I feel that the Government must compulsorily provide for a child protection policy in any institution that deals with disabled children, as, such children are more vulnerable to abuse.

Kajol Menon, Executive Director, Childline India Foundation, Mumbai

The copyright angle

The Centre for Internet and Society is associated with the copyright amendment movement for persons with disabilities, and is one of the founding organisations for the Indian Right to Read campaign. At present, the proposed copyright amendment is detrimental to the disability sector's needs. The exception extends only to ‘specially designed' formats such as Braille and sign language, and does not benefit the millions who have cerebral palsy, dyslexia and low vision, and the visually-impaired persons who do not know Braille. Such persons require audio, reading material with large fonts and electronic texts, which are not ‘specially designed' formats. For conversion to non-specialised formats, the amendment proposes a licensing system, which will permit only organisations working for the benefit of the disabled to undertake conversion and distribution. This will prevent educational institutions, SHGs, other NGOs and print-disabled individuals from undertaking conversion. The licensing system will also require approaching the Copyright Board for each work, which will be extremely time-consuming. The waiting period for obtaining permissions and subsequent conversion will result in students losing academic years, a violation of their right to education.

The proposed amendment violates the Constitutional guarantee of equality under Article 14 since it discriminates between those visually-impaired persons who know Braille and those print-disabled persons who do not. It is important for the nation as a whole to take the concern of persons with disabilities as a mainstream concern.

Nirmita Narasimhan, Programme Manager, Centre for Internet and Society, Bangalore

Read the original article in the Hindu

For more details visit https://cis-india.org/news/what-women-want

Technological Protection Measures in the Copyright (Amendment) Bill, 2010

pranesh — 2012-05-17T16:51:38Z

In this post Pranesh Prakash conducts a legal exegesis of section 65A of the Copyright (Amendment) Bill, 2010, which deals with the stuff that enables 'Digital Rights/Restrictions Management', i.e., Technological Protection Measures. He notes that while the provision avoids some mistakes of the American law, it still poses grave problems to consumers, and that there are many uncertainties in it still.

Technological Protection Measures are sought to be introduced in India via the Copyright (Amendment) Bill, 2010. This should be quite alarming for consumers for reasons that will be explained in a separate blog post on TPMs that will follow shortly.

In this post, I will restrict myself to a legal exegesis of section 65A of the Bill, which talks of "protection of technological measures". (Section 65B, which talks of Right Management Information will, similarly, be tackled in a later blog post.)

First off, this provision is quite unnecessary. There has been no public demand in India for TPMs to be introduced, and the pressure has come mostly from the United States in the form of the annual "Special 301" report prepared by the United States Trade Representative with input coming (often copied verbatim) from the International Intellectual Property Alliance. India is not a signatory to the WIPO Copyright Treaty (WCT) which requires technological protection measures be safeguarded by law. That provision, interestingly, was pushed for by the United States in 1996 when even it did not give legal sanctity to TPMs via its copyright law (which was amended in 2000 by citing the need to comply with the WCT).

TPMs have been roundly criticised, have been shown to be harmful for consumers, creators, and publishers, and there is also evidence that TPMs do not really decrease copyright infringement (but instead, quite perversely through unintended consequences, end up increasing it). Why then would India wish to introduce it?

Leaving that question aside for now, what does the proposed law itself say?

65A. Protection of Technological Measures

    (1) Any person who circumvents an effective technological measure applied for the purpose of protecting any of the rights conferred by this Act, with the intention of infringing such rights, shall be punishable with imprisonment which may extend to two years and shall also be liable to fine.

    (2) Nothing in sub-section (1) shall prevent any person from:

        (a) doing anything referred to therein for a purpose not expressly prohibited by this Act:

          Provided that any person facilitating circumvention by another person of a technological measure for such a purpose shall maintain a complete record of such other person including his name, address and all relevant particulars necessary to identify him and the purpose for which he has been facilitated; or

        (b) doing anything necessary to conduct encryption research using a lawfully obtained encrypted copy; or

        (c) conducting any lawful investigation; or

        (d) doing anything necessary for the purpose of testing the security of a computer system or a computer network with the authorisation of its owner; or

        (e) operator; or [sic]

        (f) doing anything necessary to circumvent technological measures intended for identification or surveillance of a user; or

        (g) taking measures necessary in the interest of national security.

Implications: The Good Part

This provision clearly takes care of two of the major problems with the way TPMs have been implemented by the Digital Millennium Copyright Act (DMCA) in the United States:

In s.65A(1) it aligns the protection offered by TPMs to that offered by copyright law itself (since it has to be "applied for the purpose of protecting any of the rights conferred by this Act"). Thus, presumably, TPMs could not be used to restrict access, only to restrict copying, communication to the public, and that gamut of rights.
In s.65A(1) and 65A(2) it aligns the exceptions granted by copyright law with the exceptions to the TPM provision. Section 65A(1) states that the act of circumvention has to be done "with the intention of infringing ... rights", and s.52(1) clearly states that those exceptions cannot be regarded as infringement of copyright. And s.65A(2)(a) states that circumventing for "a purpose not expressly prohibited by this Act" will be allowed.

A third important difference from the DMCA is that

It does not criminalise the manufacture and distribution of circumvention tools (including code, devices, etc.). (More on this below.)

Implications: The Bad Part

This provision, despite the seeming fair-handed manner in which it has been drafted, still fails to maintain the balance that copyright seeks to promote:

TPM-placers (presumably, just copyright holders, because of point 1. above) have been given the ability to restrict the activities of consumers, but they have not been given any corresponding duties. Thus, copyright holders do not have to do anything to ensure that the Film & Telivision Institute of India professor who wishes to use a video clip from a Blu-Ray disc can actually do so. Or that the blind student who wishes to circumvent TPMs because she has no other way of making it work with her screen reader is actually enabled to take advantage of the leeway the law seeks to provide her through s.52(1)(a) (s.52(1)(zb) is another matter!). Thus, while there are many such exceptions that the law allows for, the technological locks themselves prevent the use of those exceptions. Another way of putting that would be to say:
The Bill presumes that every one has access to all circumvention technology. This is simply not true. In fact, Spanish law (in Article 161 of their law) expressly requires that copyright holders facilitate access to works protected by TPM to beneficiaries of limitations of copyright. Thus, copyright holders who employ TPMs should be required to:
- tell their customers how they can be contacted if the customer wishes to circumvent the TPM for a legitimate purpose
- upon being contacted, aid their customer in making use of their rights / the exceptions and limitations in copyright law
How seriously can you take a Bill that has been introduced in Parliament that includes a provision that states: "Nothing in sub-section (1) shall prevent any person from operator; or" (as s.65A(2)(e), read in its entirety, does)?

Uncertainties

As mentioned above, the provisions are not all that clear regarding manufacture and distribution of circumvention tools. Thus, the proviso to s.65A(2)(a) deserves a closer reading. What is clear is that there are no penalties mentioned for manufacture or dissemination of TPMs, and that only those who circumvent are penalised in 65A(1), and not those who produce the circumvention devices. However:

On "shall maintain" and penalties

In the proviso to s.65B(2)(a), there is an imperative ("shall maintain") requiring "any person facilitating circumvention" to keep records. It is unclear what the implications of not maintaining such records are.

The obvious one is that the exemption contained in s.65(1)(a) will not apply if one were facilitated without the facilitator keeping records. Thus, under this interpretation, there is no independent legal (albeit penalty-less) obligation on facilitators. This interpretation runs into the problem that if this was the intention, then the drafters would have written "Provided that any person facilitating circumvention ... for such a purpose maintain/maintained a complete record ...". Instead, shall maintain is used, and an independent legal obligation seems, thus, to be implied. But can a proviso create an independent legal obligation? And is there any way a penalty could possibly be attached to violation of this proviso despite it not coming within 65A(1)?

On "facilitating" and remoteness

The next question is who all can be said to "facilitate", and how remote can the connection be? Is the coder who broke the circumvention a facilitator? The distributor/trafficker? The website which provided you the software? Or is it (as is more likely) a more direct "the friend who sat at your computer and installed the circumvention software" / "the technician who unlocked your DVD player for you while installing it in your house"?

While such a record-keeping requirement is observable by people those who very directly help you (the last two examples above), it would be more difficult to do so the further up you get on the chain of remoteness. Importantly, such record-keeping is absolutely not possible in decentralized distribution models (such as those employed by most free/open source software), and could seriously harm fair and legitimate circumvention.

More uncertainties

It is slightly unclear which exception the bypassing of Sony's dangerous "Rootkit" copy protection technology would fall under if I wish to get rid of it simply because it makes my computer vulnerable to malicious attacks (and not to exercise one of the exceptions under s.52(1)). Will such circumvention come under s.65A(2)(a)? Because it does not quite fall under any of the others, including s.65(2)(b) or (f).

On "purpose" as a criterion in 65A(2)(a)

A last point, which is somewhat of an aside is that 65A(2)(a) states:

Nothing in sub-section (1) shall prevent any person from doing anything referred to therein for a purpose not expressly prohibited by this Act.

There's something curious about the wording, since the Copyright Act generally does not prohibit any acts based on purposes (i.e., the prohibitions by ss.14 r/w s.51 are not based on why someone reproduces, etc., but on the act of reproduction). In fact, it allows acts based on purposes (via s.52(1)). The correct way of reading 65A(2)(a) might then be:

Nothing in sub-section (1) shall prevent any person from doing anything referred to therein for a purpose expressly allowed by this Act.

But that might make it slightly redundant as s.65A(1) covers that by having the requirement of the circumvention being done "with the intention of infringing such right" (since the s.52(1) exceptions are clearly stated as not being infringements of the rights granted under the Act).

Conclusion

It would be interesting to note how leading copyright lawyers understand this provision, and we will be tracking such opinions. But it is clear that TPMs, as a private, non-human enforcement of copyright law, are harmful and that we should not introduce them in India. And we should be especially wary of doing so without introducing additional safeguards, such as duties on copyright holder to aid access to TPM'ed works for legitimate purposes, and remove burdensome record-keeping provisions.

For more details visit https://cis-india.org/a2k/blogs/tpm-copyright-amendment

When Copyright Goes Bad

praskrishna — 2011-08-04T04:37:21Z

A part of the Access to Knowledge Project, this short film by Consumers International is available on DVD and online at A2Knetwork.org/film.

For centuries, copyright law has existed to protect creative production whilst promoting public access. But the digital age is challenging this balance and fundamentally changing how we produce, access and distribute content. Suddenly, copyright rules no longer do what they are supposed to do. They have gone bad.

This is a film about how copyright has become one of the most important consumer issues of the digital age; why corporate lobbying risks criminalising the actions of hundreds of thousands of people; and what the future holds for the fight for fairer copyright laws.

When Copyright Goes Bad is an introduction to the renegotiation of copyright and is for anyone interested in how copyright is affecting consumers. It features some of the key players in the copyright debate, including: Fred Von Lohmann - Electronic Frontier Foundation; Michael Geist - University of Ottawa Law School; Jim Killock - Open Rights Group; and Hank Shocklee - Co-founder of Public Enemy.

Quotes from When Copyright Goes Bad

“People have realised that copyright affects them every day and the direction that we’ve seen over the last few years really troubles them. That’s why so many people are speaking out.” Michael Geist

“In the U.S, over 35,000 Americans were targeted for lawsuits for downloading music. In ten years time, everyone will look back at that as incredibly unjust and ridiculous. No-one thinks that suing music fans one at a time is the business model of the future.” Fred Von Lohmann

“The industry is trying to demonise consumer behaviour. They’re trying to create the idea that it’s a moral debate: is downloading something wrong or right? Is it theft or not? These are the wrong questions and they will only ever produce the wrong answers.” Jim Killock

Making copyright, right

When Copyright Goes Bad is being released under a Creative Commons (CC) licence, which means it’s free to copy and adapt, as long as content is attributed and the same CC licence is used.
We will also be making available extended interviews with all the contributors, as well as with other experts not featured in the film, under the same CC licence at A2Knetwork.org/film. By providing access in this way we are allowing others to go on and create further work around the issue.

View it on youtube

For more details visit https://cis-india.org/a2k/blogs/when-copyright-goes-bad

April 2010 Bulletin

praskrishna — 2012-08-13T04:51:19Z

Greetings from the Centre for Internet and Society! We bring you updates of our research, events and news for the month of April 2010.

News Updates

Worries voiced over ID Project
The Government of India's Unique Identification (UID) Project came under flak at a workshop organised jointly by the Citizen Action Forum (CAF), the People's Union of Civil Liberties - Karnataka, the Alternative Law Forum and the Centre for Internet and Society - An article in The Hindu - 17th April.
http://cis-india.org/news/worries-voiced-over-id-project

UID: A debate on the Fundamental Rights
UID: A debate on the Fundamental Rights - was jointly organized by the Citizen Action Forum, People's Union for Civil Liberties - Karnataka, Alternative Law Forum and the Centre for Internet and Society on April 16th at IAT, Queens Road, Bangalore - An article in the Prajavani news paper - April 17th.
http://cis-india.org/news/uid-a-debate-on-fundamental-rights

UID is an invasion of Privacy: Experts
The Nandan Nilekani headed Unique Identification Authority of India (UIDAI) came in for much criricism at the first of a series of debates on the issue organised in the city on Friday - Deccan Chronicle, April 17th.
http://cis-india.org/news/uid-is-an-invasion-of-privacy-experts

Experts debate on UID and rights
Bangalore, Apr 16, DHNS: A debate on ‘UID and Fundamental Rights’ organised by several city-based organisations, discussed the social, ethical issues, economic and legal issues that accompanies the UID.
http://cis-india.org/news/experts-debate-on-uid-and-rights

Amendment to Copyright Act opposed
A report on the press conference held on 15th April, at the Press Club, Bangalore: The Hindu
http://cis-india.org/news/amendment-to-copyright-act-opposed

They fight for the visually challenged
Times News Network - A report on the press conference held at the Press Club, Bangalore on 15th April, 2010.
http://cis-india.org/news/they-fight-for-the-visually-challenged

Digital Natives Research Project Coordinator
The Centre for Internet and Society, Bangalore, in collaboration with Hivos Netherlands, is looking for a Research Project Coordinator to help develop a knowledge network and coordinate international workshops for the project "Digital Natives with a Cause?"
http://cis-india.org/news/research-coordinator

Expel or not? That is the question
The decision of an international school to expel 14 students for their alleged ‘promiscuous’ behaviour has led to much debate and discussion.
http://cis-india.org/news/expel-or-not

Nokia eyes GeNext to tap mobile email mkt
Finnish handset giant banks on youth to be in the technology race
http://cis-india.org/news/nokia-eyes-genNext

Research

Critical Point of View: Videos
The Second event for the Critical Point of View reader on Wikipedia was held in Amsterdam, by the Institute of Network Cultures and the Centre for Internet and Society. A wide range of scholars, academics, researchers, practitioners, artists and users came together to discuss questions on design, analytics, access, education, theory, art, history and processes of knowledge production. The videos for the full event are now available for free viewing and dissemination.

Colour Me Political
What are the tools that Digital Natives use to mobilise groups towards a particular cause? How do they engage with crises in their immediate environments? Are they using their popular social networking sites and web 2.0 applications for merely entertainment? Or are these tools actually helping them to re-articulate the realm of the political? Nishant Shah looks at the recent Facebook Colour Meme to see how new forms of political participation and engagement are being initiated by young people across the world.
http://cis-india.org/research/dn/dn2

Meet the Web 2.0 Suicide Machine
Digital Natives live their lives differently. But sometimes, they also die their lives differently! What happens when we die online? Can the digital avatar die? What is digital life? The Web 2.0 Suicide machine that has now popularly been called the 'anti-social-networking' application brings some of these questions to the fore. As a part of the Hivos-CIS "Digital Natives with a Cause?" research programme, Nishant Shah writes about how Life on the Screen is much more than just a series of games.
http://cis-india.org/research/dn/dn1

Digital Natives with a Cause?
Digital Natives With A Cause? - a product of the Hivos-CIS collaboration charts the scholarship and practice of youth and technology with a specific attention for developing countries to create a framework that consolidates existing paradigms and informs further research and intervention within diverse contexts and cultures.
http://cis-india.org/research/dn/dnrep

Advocacy

Accessibility

e-Accessibility: A Wiki Project
Envisaged and funded by the National Internet Exchange of India, and executed by the Centre for Internet and Society, a Wiki site pertaining to issues of disability and e-accessibility has recently been launched.
http://cis-india.org/advocacy/accessibility/blog/e-accessibility-a-wiki-project

Copyright Law as a tool for Inclusion
Can Copyright Law be used as a tool for Inclusion? Rahul Cherian examines this in his blog on copyright.
http://cis-india.org/advocacy/accessibility/blog/copyright-law-as-tool-for-inclusion

Web Accessibility as a Government Mandate?
Is Web accessibility just a Government Mandate? Should private sites be ignored? Wesolowski examines this in light of the steps taken by ictQATAR to make its website accessible to W3C standards, and hopes that Qatar and eventually all other Arab nations will follow suit and make Web accessibility much more of a mandate.
http://cis-india.org/advocacy/accessibility/blog/web-accessibility-government-mandate

Intellectual Property

When Copyright Goes Bad
A part of the Access to Knowledge Project, this short film by Consumers International is available on DVD and online at A2Knetwork.org/film.
http://cis-india.org/advocacy/ipr/blog/when-copyright-goes-bad

Openness

Research Project on Open Video in India
Open Video Alliance and the Centre for Internet and Society are calling for researchers for a project on open video in India, its potentials, limitations, and recommendations on policy interventions.
http://cis-india.org/advocacy/openness/blog/open-video-research

Does the Social Web need a Googopoly?
While the utility of the new social tool Buzz is still under question, the bold move into social space taken last week by the Google Buzz team has Gmail users questioning privacy implications of the new feature. In this post, I posit that Buzz highlights two privacy challenges of the social web. First, the application has sidestepped the consensual and contextual qualities desirable of social spaces. Secondly, Google’s move highlights the increasingly competitive and convergent nature of the social media landscape.
http://cis-india.org/advocacy/openness/blog/does-the-social-web-need-a-googopoly

The (in)Visible Subject: Power, Privacy and Social Networking
In this entry, I will argue that the interplay between privacy and power on social network sites works ultimately to subject individuals to the gaze of others, or to alternatively render them invisible. Individual choices concerning privacy preferences must, therefore, be informed by the intrinsic relationship which exists between publicness/privateness and subjectivity/obscurity.
http://cis-india.org/advocacy/openness/blog/the-in-visible-subject-power-privacy-and-social-networking

Internet Governance

Does the Safe-Harbor Program Adequately Address Third Parties Online?
While many citizens outside of the US and EU benefit from the data privacy provisions the Safe Harbor Program, it remains unclear how successfully the program can govern privacy practices when third-parties continue to gain more rights over personal data. Using Facebook as a site of analysis, I will attempt to shed light on the deficiencies of the framework for addressing the complexity of data flows in the online ecosystem.
http://cis-india.org/advocacy/igov/blog/does-the-safe-harbor-program-adequately-address-third-parties-online

Sense and censorship
Sunil Abraham examines Google's crusade against censorship in China in wake of the attacks on its servers in this article published in the Indian Express.
http://cis-india.org/advocacy/igov/blog/sense-and-censorship

Report on the Fourth Internet Governance Forum for Commonwealth IGF
This report by Pranesh Prakash reflects on the question of how useful is the IGF in the light of meetings on the themes of intellectual property, freedom of speech and privacy.
http://cis-india.org/advocacy/igov/blog/report-on-fourth-IGF

Telecom

The Right Ring Tone
Focus on improving service quality with a strong partner, and not on one-shot stake sales, says Shyam Ponappa in his article published in the Business Standard on April 1, 2010.
http://cis-india.org/advocacy/telecom/blog/ring-tone

Other Advocacy

Maps for Making Change Wiki Now Open to the Public
Since December 2009, CIS has been coordinating and nurturing the Maps for Making Change project, organised in collaboration with Tactical Tech. During the past four months, participants have been on a challenging yet fertile and inspiring journey that is now slowly coming to an end. Would you like to know more about what has happened in the time that has passed? The Maps for Making Change wiki is a good place to start.
http://cis-india.org/advocacy/others/maps-for-making-change-wiki-now-open-to-the-public

For more details visit https://cis-india.org/about/newsletters/april-2010-bulletin

Does the Safe-Harbor Program Adequately Address Third Parties Online?

rebecca — 2011-08-02T07:19:34Z

While many citizens outside of the US and EU benefit from the data privacy provisions the Safe Harbor Program, it remains unclear how successfully the program can govern privacy practices when third-parties continue to gain more rights over personal data. Using Facebook as a site of analysis, I will attempt to shed light on the deficiencies of the framework for addressing the complexity of data flows in the online ecosystem.

To date, the EU-US Safe Harbor Program leads in governing the complex and multi-directional flows of personal information online. As commerce began to thrive in the online context, the European Union was faced with the challenge of ensuring that personal information exchanged through online services were granted levels of protect on par with provisions set out in EU privacy law. This was important, notably as the piecemeal and sectoral approach to privacy legislation in the United states was deemed incompatible with the EU approach. While the Safe Harbor program did not aim to protect the privacy of citizens outside of the European Union per say, the program has in practice set minimum standards for online data privacy due to the international success of American online services.

While many citizens outside of the US and EU benefit from the Safe Harbor Program, it remains unclear how successful the program will be in an online ecosystem where third-parties are being granted increasingly more rights over the data they receive from first parties. Using Facebook as a site of analysis, I will attempt to shed light on the deficiencies of the framework for addressing the complexity of data flows in the online ecosystem. First, I will argue that the safe harbor program does not do enough to ensure that participants are held reasonably responsible third party privacy practices. Second, I will argue that the information asymmetries created between first party sites, citizens, and governance bodies vis-à-vis third parties obscures the application of the Safe Harbor Model.

The EU-US Safe-Harbor Agreement

In 1995, and based on earlier OECD guidelines, the EU Data Directive on the “protection of individuals with regard to the processing of personal data and the free movement of such data” was passed [1]. The original purpose of the EU Privacy Directive was not only to increase privacy protection within the European Union, but to also promote trade liberalization and a single integrated market in the EU. After the Data Directive was passed, each member state of the EU incorporated the principles of the directive into national laws accordingly.

While the Directive was successful in harmonizing data privacy in the European Union, it also embodied extraterritorial provisions, giving in reach beyond the EU. Article 25 of the Directive states that the EU commission may ban data transfers to third countries that do not ensure “an adequate level of protect’ of data privacy rights [2]. Also, Article 26 of the Directive, expanding on Article 25, states that personal data cannot be transferred to a country that “does not ensure an adequate level of protection” if the data controller does not enter into a contract that adduces adequate privacy safeguards [3].

In light of the increased occurrence of cross-border information flows, the Data Directive itself was not effective enough to ensure that privacy principles were enforced outside of the EU. Articles 25 and 26 of the Directive had essentially deemed all cross-border data-flows to the US in contravention of EU privacy law. Therefor, the EU-US Safe-Harbor was established by the EU Council and the US Department of Commerce as a way of mending the variant levels of privacy protection set out in these jurisdictions, while also promoting online commerce.

Social Networking Sites and the Safe-Harbor Principles

The case of social networking sites exemplifies the ease with which data is transferred, processed, and stored between jurisdictionas. While many of the top social networking sites are registered American entities, they continue to attract users not only from the EU, but also internationally. In agreement to the EU law, many social networking sites, including LinkedIn, Facebook, Myspace, and Bebo, now adhere to the principles of the program. The enforcement of the Safe Harbor takes place in the United States in accordance with U.S. law and relies, to a great degree, on enforcement by the private sector. TRUSTe, an independent certification program and dispute mechanism, has become the most popular governance mechanism for the safe harbor program among social networking sites.

Drawing broadly on the principles embodied within the EU Data Directive and the OECD Guidelines, the seven principles of the Safe-Harbor were developed. These principles include Notice, Choice, Onward Transfer, Access and Accuracy, Security, Data Integrity and Enforcement. The principle of “Notice” sets out that organizations must inform individuals about the purposes for which it collects and uses information about them, how to contact the organization with any inquiries or complaints, the types of third parties to which it disclosures the information, and the choices and means the organization offers individuals for limiting its use and disclosure.

“Choice” ensures that individuals have the opportunity to choose to opt out whether their personal information is disclosed to a third party, and to ensure that information is not used for purposes incompatible with the purposes for which it was originally collected. The “Onward Transfer” principle ensures that third parties receiving information subscribes to the Safe Harbor principles, is subject to the Directive, or enters into a written agreement which requires that the third party provide at least the same level of privacy protection as is requires by the relevant principles.

The principles of “Security” and “Data Integrity” seek to ensure that reasonable precautions are taken to protect the loss or misuse of data, and that information is not used in a manner which is incompatible with the purposes for it is has been collected—minimizing the risk that personal information would be misused or abused. Individuals are also granted the right, through the access principle, to view the personal information about them that an organization holds, and to ensure that it is up-to-date and accurate. The “Enforcement” principle works to ensure that an effective mechanism for assuring compliance with the principles, and that there are consequences for the organization when the principles are not followed.

The principles of the program are rather quite clear and enforceable in the first party context, despite some prevailing ambiguities. The privacy policies of most social networking services have become increasingly clear and straightforward since their inception. Facebook, for example, has revamped its privacy regime several times, and gives explicit notice to users how their information is being used. The privacy policy also explains the relationship between third parties and your personal information—including how it may be used by advertisers, search engines, and fellow members.

With respect to third party advertisers, principles of “choice” are clearly granted by most social networking services. For example, the Network Advertising Initiative, a self-regulatory initiative of the online advertising industry, clearly lists its member websites and allows individuals to opt out of any targeted advertising conducted by its members. In Facebook’s description of “cookies” in their privacy policy, a direct link to NAI’s opt out features is given, allowing individuals to make somewhat informed choices about their participation in such programs. This point is, of course, in light of the fact that most users do not read or understand the privacy policies provided by social networking sites [4]. It is also important to note that Google—a major player in the online advertising business, does not grant users of Buzz and Orkut the same “opt-out” options as sites such as Facebook and Bebo.

Under the auspices of the US Federal Trade Commission, the Safe Harbor Program has also successfully investigated and settled several privacy-related breaches which have taken place on social networking sites. Of the most famous cases is Lane et al. v. Facebook et al., which was a class action suit brought against Facebook’s Beacon Advertising program. The US Federal Trade Commission was quick to insight an investigation of the program after many privacy groups and individuals became critical of its questionable advertising practices. The Beacon program was designed to allow Facebook users to share information with their friends about actions taken on affiliated, third party sites. This had included, for example, the movie rentals a user had made through the Blockbuster website.

The Plaintiffs filed a suit, alleging that Facebook and its affiliates did not give users adequate notice and choice about Beacon and the collection and use of users’ personal information. The Beacon program was ultimately found to be in breach of US law, including the Video Privacy Protection Act, which bans the disclosure of personally identifiable rental information. Facebook has announced the settlement of the lawsuit, not bringing individual settlements, but a marked end to the program and the development of a 9.5 million dollar Facebook Privacy Fund dedicated to privacy and data-related issues. Other privacy related investigations of social networking sites launched by the FTC under the Safe Harbor Program include Facebook’s privacy changes in late 2009, and the Google’s recently released Buzz application.

Despite the headway the Safe Harbor is making, many privacy related questions remain ambiguous with respect to the responsibilities social networking sites through the program. For example, Bebo reserves the right to supplement a social profile with addition information collected from publicly available information and information from other companies. Bebo’s does adhere to the “notice principle”—as it makes know to users how their information will be used through their privacy policy. However, it remains unclear if appropriate disclosures are given by Bebo as required by Safe Harbor Framework, notably as the sources of “publicly available information” as a concept remains broad and obscured in the privacy policy. It is also unclear whether or not Bebo users are able to, under the “Choice” principle, refuse to having their profiles from being supplemented by other information sources. Also, under the “access principle”, do individuals have the right to review all information held about them as “Bebo users”? The right to review information held by a social networking site is an important one that should be upheld. This is most notable as supplementary information from outside social networking services is employed to profile individual users in ways which may work to categorize individuals in undesirable ways.

The Third Party Problem

Cooperation between social networking sites and the Safe Harbor has improved, and most of these sites now have privacy policies which explicitly address the principles of the Program. It should also be noted that public interest groups, such as Epic, the Center for Digital Democracy, and The Electronic Frontier Foundation, have played a key role in ensuring that data privacy breaches are brought to the attention of the FTC under the program. While the program has somewhat adequately addressed the privacy practices of first party participants, the number of third parties on social networking sites calls into question the comprehensiveness and effectiveness of the Safe Harbor program. Facebook itself as a first party site may adhere to the Safe Harbor Program. However, its growing number third party platform members may not always adhere to best practices in the field, nor can Facebook or the Safe Harbor Program guarantee that they do so.

The Safe Harbor Program does require that all participants take certain security measures when transferring data to a third party. Third parties must either subscribe to the safe harbor principles, or be subject to the EU Data Directive. Alternatively, an organization can may also enter into a written agreement with a third party requiring that they provide at least the same level of privacy protection as is required by program principles. Therefore, third parties of participating program sites are, de facto, bound by the safe harbor principles by the way of entering into agreement with a first party participant of the program. This is the approach taken by most social networking sites and their third parties.

It is important to note, however, that third parties are not governed directly by the regulatory bodies, such as the FTC. The safe harbor website also explicitly notes that the program does not apply to third parties. Therefore, as per these provisions, Facebook must adhere to the principles of the program, while its third party platform members (such as social gaming companies), only must do so indirectly as per a separate contract with Facebook. The effectiveness of this indirect mode of governing of third party privacy practices is questionable for numerous reasons.

Firstly, while Facebook does take steps to ensure that third parties use information from Facebook in a manner which is consistent to the safe harbor principles, the company explicitly waives any guarantee that third parties will “follow their rules”. Prior to allowing third parties to access any information about users, Facebook requires third parties to agree to terms that limit their use of information, and also use technical measures to ensure that they only obtain authorized information. Facebook also warns users to “always review the policies of third party applications and websites to make sure you are comfortable with the ways in which they use information”. Not only are users required to read the privacy policies of every third party application, but are also expected to report applications which may be in violation of privacy principles. In this sense, Facebook not only waives responsibility for third party privacy breaches, but also places further regulatory onus upon the user.

As the program guidelines express, the safe harbor relies to a great degree on enforcement by the private sector. However, it is likely that a self-regulatory framework may lead the industry into a state of regulatory malaise. Under the safe harbor program, Facebook must ensure that the privacy practices of third parties are adequate. However, at the same time, the company may simultaneously waiver their responsibility for third party compliance with safe harbor principles. Therefore, it remains questionable as to where responsibility for third parties exactly lies. When third parties are not directly answerable to the governing bodies of safe harbor program, and when first parties can to waive responsibility for their practices, from where does the incentive to effectively regulate third parties to come from?

While Facbeook may in fact take reasonable legal and technical measures to ensure third party compliance, the room for potential dissonance between speech and deed is worrisome. Facebook is required to ensure that third parties provide “at least the same level of privacy protection” as they do. However, in practice, this has yet to become the case. A quick survey of twelve of the most popular Platform Applications in the gaming category showed that third parties are not granting their users the “same level of privacy protection”[5]. For example, section 9.2.3 of Facebooks “Rights and Responsibilities” for Developers/Operators of applications/sites states that they must “have a privacy policy or otherwise make it clear to users what user data you are going to use and how you will use, display, or share that data”.

However, out of the 12 gaming applications surveyed, four companies failed to make privacy policies available to users before they granted the application access to the personal information, including that of their friends [6]. After searching for the privacy policies on the websites of each of the four social gaming companies, two completely failed to post privacy policies on their central websites. This practice is in direct breach of the contract made between these companies and Facebook, as mentioned above. In addition to many applications failing to clearly post privacy policies, many of provisions set out in these policies were questionable vis-à-vis safe harbor principles.

For example Zynga, makes of popular games Mafia Wars and Farmville, reserve the right to “maintain copies of your content indefinitely”. This practice remains contrary to Safe Harbor principles which states that information should not be kept for longer than required to run a service. Electronic Arts also maintains similar provisions for data retention in its privacy policy. Such practices are rather worrisome also in light of the fact that both companies also reserve the right to collect information on users from other sources to supplement profiles held. This includes (but is not limited to) newspapers and Internet sources such as blogs, instant messaging services, and other games. It is also notable to mention that only one of the twelve social gaming companies surveyed directly participates in the safe harbor program.

In addition to the difficulties of ensuring that safe harbor principles are adhered to by third parties, the information asymmetries which exist between first party sites, citizens, and governance bodies vis-à-vis third parties complicate this model. Foremost, it is clear that Facebook, despite its resources, cannot keep tabs on the practices of all of their applications. This puts into question if industry self-regulation can really guarantee that privacy is respected by third parties in this context. Furthermore, the lack of knowledge or understanding held by citizens about how third parties user their information is particularly problematic when a system relies so heavily on users to report suspected privacy breaches. The same is likely to be true for governments, too. As one legal scholar, promoting a more laisse-fair approach to third party regulation, notes—multiple and invisible third party relationships presents challenges to traditional forms of legal regulation [7].

In an “open “social ecosystem, the sheer volume of data flows between users of social networking sites and third party players appears to have become increasingly difficult to effectively regulate. While the safe harbor program has been successful in establishing best practices and minimum standards for data privacy, it is also clear that governance bodies, and public interest groups, have focused most attention on large industry players such as Facebook. This has left smaller third party players on social networking sites in the shadows of any substantive regulatory concern. If one this has become clear, it is the fact that governments may no longer be able to effectively govern the flows of data in the burgeoning context of “open data”.

As I have demonstrated, it remains questionable whether or not Facebook can regulate third parties data collection practices effectively. Imposing more stringent responsibilities on safe harbor participants could be a positive step. It is reasonable to assume that it would be undue to impose liability on social networking sites for the data breaches of third parties. However, it is not unreasonable to require sites like Facebook go beyond setting “minimum standards” for data privacy, towards taking a more active enforcement, if even through TRUSTe or another regulatory body. If the safe harbor is to be effective, it cannot allow program participants to simply wave the liability for third party privacy practices. The indemnity granted to third parties on social networking sites may deem the safe harbor program more effective in sustaining the non-liability of third parties, rather than protecting the data privacy of citizens.

[1] Official Directive 95/46/EC

[2] 95/46/EC

[3] Ibid

[4] See Acquisit, A. a. (n.d.). Imagined Communities: Awareness, Information Sharing, and Privacy on Facebook. PET 2006

[5] Of the Privacy Policy browsed include, Zynga, Rock You!, Crowdstar, Mind Jolt, Electronic Arts, Pop Cap Games, Slash Key, Playdom, Meteor Games, Broken Bulb Studios, Wooga, and American Global Network.

[6] By adding an application, users are also sharing with third parties the information of their friends if they do not specifically opt out of this practice.

[7]See Milina, S. (2003). Let the Market Do its Job: Advocating an Integrated Laissez-Faire Approach to Online Profiling. Cardozo Arts and Entertainment Law Journal .

For more details visit https://cis-india.org/internet-governance/blog/does-the-safe-harbor-program-adequately-address-third-parties-online

March 2010 Bulletin

praskrishna — 2012-08-13T05:02:42Z

Greetings from the Centre for Internet and Society! We bring you updates of our research, news, and events for the month of March 2010 in this bulletin.

News Updates

An Open Answer to Office
OpenOffice with its new features is giving Microsoft Word tough competition, says Deepa Kurup in this article published in The Hindu.
http://cis-india.org/news/open-office

Upcoming Events

CPOV: Wikipedia Research Initiative
The second WikiWars conference will be held in Amsterdam from 26 to 27 March 2010
http://cis-india.org/research/conferences/conference-blogs/cpov

CI Global Meeting on A2K
CIS is a co-sponsor of the Consumers International Meeting on A2K to be held in Kuala Lumpur, Malaysia on April 21 and 22, 2010.
http://cis-india.org/events/ci-global-meeting-a2k

Research

India Game Developer Summit Bangalore 2010
The India Game Developer Conference held at Nimhans Convention Centre on the 27th of February, 2010 was attended by Arun Menon who is working on The Gaming and Gold Project at The Centre for Internet and Society. The Developer forum brought together game developers from different sectors of the Game Production Cycle, with hardware manufacturers like Nvidia demonstrating their latest 3d technology and Software developers like Crytek and Adobe demonstrating the latest in developer tools for creating and editing games on multiple platforms.
http://cis-india.org/research/cis-raw/histories/gaming/india-game-developer-summit-in-bangalore-2010

10 Legendary Obscene Beasts
Nishant Shah analyses a peculiar event of vandalism which has now become the core of free speech and anti-censorship debates in mainland China. Looking at the structure of user generated knowledge websites and the specific event on the Chinese language encyclopaedia, 'Baidu Baike', he shows how, in cities where spaces of political spectacle and public protest are quickly diminishing, the Internet has become a tool for producing new public spaces of demonstration and protest.
http://cis-india.org/research/grants/ISShanghai/itcity4

WikiWars - A report
In this blog, Nishant Shah analyses about the WikiWars, the first of the three events held in Bangalore on January 12 and 13.
http://cis-india.org/research/conferences/conference-blogs/wwrep

Telecom

Understanding Spectrum
What is spectrum and how do government and commercial decisions on this scientific phenomenon affect public facilities and costs? Shyam Ponappa examines this in his latest blog published in the Business Standard on March 4, 2010.
http://cis-india.org/advocacy/telecom/blog/understanding-spectrum

For more details visit https://cis-india.org/about/newsletters/march-2010-bulletin

CI Global Meeting on A2K

praskrishna — 2011-04-05T04:08:06Z

CIS is a co-sponsor of the Consumers International Meeting on A2K

The Consumers International Global Meeting on A2K 2010 is to be held at the Holiday Villa hotel in Subang, Kuala Lumpur, Malaysia on 21 and 22 April 2010.

The meeting will bring together CI members and other NGOs from around the world to discuss and collaborate on issues of access to knowledge (A2K) and communications rights. Highlights will include the launch of the Consumers International IP Watch List for 2010, the launch of CI's new film on A2K, and a preview of the results of our access barrier survey.

Don't miss the most important day on the A2K calendar for the global consumer movement!

For more details visit https://cis-india.org/events/ci-global-meeting-a2k

CPOV : Wikipedia Research Initiative

nishant — 2011-08-23T02:52:25Z

The Second event, towards building the Critical Point of View Reader on Wikipedia, brings a range of scholars, practitioners, theorists and activists to critically reflect on the state of Wikipedia in our contemporary Information Societies. Organised in Amsterdam, Netherlands, by the Institute of Network Cultures, in collaboration with the Centre for Internet and Society, Bangalore, the event builds on the debates and discussions initiated at the WikiWars that launched off the knowledge network in Bangalore in January 2010. Follow the Live Tweets at #CPOV

Second international conference of the CPOV Wikipedia Research Initiative :: March 26-27, 2010 :: OBA (Public Library Amsterdam, next to Amsterdam central station), Oosterdokskade 143, Amsterdam.

Wikipedia is at the brink of becoming the de facto global reference of dynamic knowledge. The heated debates over its accuracy, anonymity, trust, vandalism and expertise only seem to fuel further growth of Wikipedia and its user base. Apart from leaving its modern counterparts Britannica and Encarta in the dust, such scale and breadth places Wikipedia on par with such historical milestones as Pliny the Elder’s Naturalis Historia, the Ming Dynasty’s Wen-hsien ta- ch’ eng, and the key work of French Enlightenment, the Encyclopedie. The multilingual Wikipedia as digital collaborative and fluid knowledge production platform might be said to be the most visible and successful example of the migration of FLOSS (Free/ Libre/ Open Source Software) principles into mainstream culture. However, such celebration should contain critical insights, informed by the changing realities of the Internet at large and the Wikipedia project in particular.

The CPOV Research Initiative was founded from the urge to stimulate critical Wikipedia research: quantitative and qualitative research that could benefit both the wide user-base and the active Wikipedia community itself. On top of this, Wikipedia offers critical insights into the contemporary status of knowledge, its organizing principles, function, and impact; its production styles, mechanisms for conflict resolution and power (re-)constitution. The overarching research agenda is at once a philosophical, epistemological and theoretical investigation of knowledge artifacts, cultural production and social relations, and an empirical investigation of the specific phenomenon of the Wikipedia.

Conference Themes: Wiki Theory, Encyclopedia Histories, Wiki Art, Wikipedia Analytics, Designing Debate and Global Issues and Outlooks.

Follow the live tweets on http://twitter.com/#search?q=%23CPOV

Confirmed speakers: Florian Cramer (DE/NL), Andrew Famiglietti (UK), Stuart Geiger (USA), Hendrik-Jan Grievink (NL), Charles van den Heuvel (NL), Jeanette Hofmann (DE), Athina Karatzogianni (UK), Scott Kildall (USA), Patrick Lichty (USA), Hans Varghese Mathews (IN), Teemu Mikkonen (FI), Mayo Fuster Morell (IT), Mathieu O’Neil (AU), Felipe Ortega (ES), Dan O’Sullivan (UK), Joseph Reagle (USA), Ramón Reichert (AU), Richard Rogers (USA/NL), Alan Shapiro (USA/DE), Maja van der Velden (NL/NO), Gérard Wormser (FR).

Editorial team: Sabine Niederer and Geert Lovink (Amsterdam), Nishant Shah and Sunil Abraham (Bangalore), Johanna Niesyto (Siegen), Nathaniel Tkacz (Melbourne). Project manager CPOV Amsterdam: Margreet Riphagen. Research intern: Juliana Brunello. Production intern: Serena Westra.

The CPOV conference in Amsterdam will be the second conference of the CPOV Wikipedia Research Initiative. The launch of the initiative took place in Bangalore India, with the conference WikiWars in January 2010. After the first two events, the CPOV organization will work on producing a reader, to be launched early 2011. For more information or submitting a reader contribution.

Buy your ticket online (with iDeal), or register by sending an email to: info (at) networkcultures.org. One day ticket: €25, students and OBA members: €12,50. Full conference pass (2 days): €40, students and OBA members: 25.

Organized by the Institute of Network Cultures Amsterdam, in cooperation with the Centre for Internet and Society in Bangalore, India.

For more details visit https://cis-india.org/research/conferences/conference-blogs/cpov

Does the Social Web need a Googopoly?

rebecca — 2011-08-18T05:06:37Z

While the utility of the new social tool Buzz is still under question, the bold move into social space taken last week by the Google Buzz team has Gmail users questioning privacy implications of the new feature. In this post, I posit that Buzz highlights two privacy challenges of the social web. First, the application has sidestepped the consensual and contextual qualities desirable of social spaces. Secondly, Google’s move highlights the increasingly competitive and convergent nature of the social media landscape.

Last week, and for many a surprise, Google launched its new social networking platform, Buzz. The new service is Google’s effort to amplify the “social nature” of their services by integrating them under one platform, and adding some extra social utility. The social application runs from the Gmail interface, but also links other Google accounts a user may have, including albums on Picasa, and Google Reader. The service also allows for the sharing from external sources, such as photos on Flickr, and videos from YouTube. The service also allows users to post, like, or dislike the status updates of others which may be publicly searchable if the user opts. Before a Gmail user may fully participate in Google Buzz service, a unique Google Personal Profile must be created.

User Consent

Much of the buzz surrounding the new social networking service last week wasn’t paying much lip service to the new application. Instead, an uproar of privacy concerns continued to dominate the Buzz scene, with many critics quickly labeling Buzz a “privacy nightmare”. A formal complaint has been already filed with the US Federal Trade Commission in response to Google’s new privacy violating service. A second-year Harvard Law student has also filed a class-action suit against the company for its privacy malpractices.

Much of the privacy talk thus far has focused on issues of consent, or lack thereof, in this case. Upon Buzz’s launch, Gmail users were automatically subscribed as “opting in” for the service. Google has used the private address books of millions of Gmail accounts to build social networks from the contacts users email and chat with most. To entice users into using the service, Gmail users were set to auto-follow all of their contacts, and in turn, to be followed by them, too. Furthermore, all new Buzz users had been set to automatically share all public Picasa albums and Google Reader items with their new social graph. It is argued that social network services should be opt-in, rather than opt-out, and that Buzz has violated the consensual nature of the social web.

Illuminating the complications of building a social graph from ones inbox is the story of an Australian women, who remains anonymous. As she claims, most of the emails currently received through her Gmail account, are those from her abusive ex-boyfriend. Due to Google’s assumption that Gmail users would like to be “auto-followed” by their Gmail contacts (mirroring Twitters friendship protocol), items shared between herself and new boyfriend through her Google reader account had become public to her broader social graph, including her ex-boyfriend and his harassing friends.

In a blog response directed to Google’s Buzz team, the woman scornfully wrote- “F*ck you, Google. My privacy concerns are not trite. They are linked to my actual physical safety, and I will now have to spend the next few days maintaining that safety by continually knocking down followers as they pop up. A few days is how long I expect it will take before you either knock this shit off, or I delete every Google account I have ever had and use Bing out of f*cking spite”. As this case demonstrates, the people we mail most often may not be our closest friends. As email has replaced the telephone for many as the dominate mode of communication--some contacts may be friends, however, many others may not be.

In response to the uproar, tweaks to Buzz’s privacy features have since been made. Todd Jackson, Buzz’s product manager, has also posted a public apology to the official Gmail Blog late last week for not “getting everything quite right”. The service will now assume the more user-centric “auto-suggest” model, allowing users to selectively choose the contacts they wish to follow, and will also no longer auto-link Picasa and Reader content. However, as the EPIC’s complaint notes, many are still unsatisfied with the opt-out nature of the service, arguing that users should be able to opt-into the service if they so choose, rather than having to delist themselves for a service they didn’t necessarily sign up. Ethical quandaries also still loom over Google’s misuse of the users’ private contact lists to jumpstart their new service.

Contextual Integrity

The attacks on personal privacy resulting from Google’s model are vast. As the case of the Australian woman illuminates, the concept of the “online friend” has completely taken out of context with Buzz’s initial auto-follow model. Many of the contacts we make on a daily basis need not be made public through the Google profile. For most, this Buzz’s privacy breach may be benign or annoying at most. However, those who are engaged in sensitive social or political relationships via their Gmail chat or email accounts, the revelation of common contact could have been potentially damaging for many. A reporter from CNET has cleverly labeled Buzz’ as a “socially awkward networking”, as bringing diverse contacts under one umbrella doesn’t exactly make the most social sense. In response, Gmail users are required to sort through and filter their Buzz followers according, or choose to disable the service all together.

Besides questions of who is stalking whom, the assumptive and public nature of Google’s new move has cast a shadow of doubt among Gmail users regarding the ability of Google to maintain the privacy and contextual integrity of the Gmail account. Should one account be the place to socialize, and “do business”? Gmail is, and should remain, an email service. However, Buzz takes the email experience into new and questionable grounds. Do Gmail users feel entirely comfortable having their personal email, social graph, and chat functions all coming under the auspices of one platform? Many users felt they had been lured into using a social networking service that they didn’t sign up for in the first place.

Social Media Competition

In addition to Google’s attempt to integrate their various service offerings, Buzz is seen as an obvious attempt to bolster competitiveness in the social media market. In 2004, Google released Orkut. While the service has become big in countries such as Brazil and India, it has been overshadowed by sites such as Facebook in other jurisdictions, and has not been able to prove itself as a mainstream space for networking. In the past year, Google had also launched Google Wave, a tool that mixes e-mail, with instant messaging and the ability for several people to collaborate on documents. However, the application failed to completely win over audiences, and was considered one of the top failures of 2009.

With Google unable to effectively saturate the social media ecosystem, Buzz is an attempt to compete with the searchable and real time experiences provided by social media giants, Facebook and Twitter. Increased competition within the social media market could be a positive development for privacy, as social media companies could arguably be compete on their ability to provide users with preferable privacy architectures. To the contrary, however, such competition has thus far had negative ramifications for user privacy, as the recent Buzz and Facebook moves illustrates. Facebook’s loosened privacy settings were a competitive knee-jerk to Twitters searchable and real time experience. Through a Twitter search, individuals can come to know what people are saying about a certain topic, event, or product, and as a result, the service has received a great deal attention from users, and non-users such as advertisers, alike.

In an attempt to one-up, their competition, the “Twitterization” of Facebook followed in two distinct stages. First was with the implementation of the Facebook News Feed, which gave users a real time account of actions their friends on the site. Many argued that this feature invaded user privacy. However, it was argued by Facebook that they only were making available information that was already accessible through individual profile pages. The News Feed, as it happens, effectively took user information and actions on the site out of original context by streaming this information live for others easy viewing. Information users once had to rummage for had become accessible in real time on the homepage of the service.

Secondly, Facebooks’ recent privacy scandal was a step towards making profile information more searchable and accessible to third parties, as is most often the case with the more public feeds on Twitter. As one commentator notes, “Facebook used to be very private but private is not great for search, to have great search you need all of the data to be publicly available as it mostly is on Twitter. Facebook have not quite nailed real time search yet but they are getting there and it will soon be a great way of examining sentiment across different demographics”. As a result, information on Facebook, such as name, profile picture, friends list, location and fan pages have become open access information. In addition, users on Facebook have been subjected to new privacy regime without notice, leaving their profile pages generally more open, and searchable through Google.

Converging the Online Self

The impact Buzz alone can make on the social media landscape remains questionable (Gmail heralds only 140 million accounts, which is a deficient cry from Facebooks’ 400+ million dedicated users). However, despite Googles’ in/ability to become claim hegemony over the social web landscape, the abuse of private information to launch a new service has raised serious debate over the privacy and the future of social networking. The Buzz service marks more than yet another new social networking service that brushes aside the privacy of users. As user control and privacy becomes an increasingly peripheral concern, Google’s shift toward privacy decontrol also signifies a worrisome supply-side shift towards the “convergence” of online identity.

Within this new dominant paradigm, privacy concerns are often interpreted as antithetical to competitiveness in the social media marketplace. Instead of an imagined ecosystem based on user control and privacy preference, it can now be inferred that the competiveness of social networking services will continue to disrupt the delicate balance between the public and private online. Regardless that greater visibility and searchability of the social profile may not be in the public interest, Google’s recent move works to reinforcement of the new status quo of “openness”. Furthermore, it is questionable as to how concentrated and integrated a user may want their online activities to become. A critical discourse of online privacy must, therefore, take into account the ways in which the social web has renders the user increasingly transparent through networks of networking services.

Google’s Buzz illustrates this point quite well. Initially, Gmail was a straightforward email service. Next, the AdWords advertising service and Gmail chat had become integrated into the Gmail experience. Because Google was using the confidential emails of its Gmail users, privacy concerns began to mount upon the launch of the the AdWords service. However, turmoil surrounding AdWords died down, notably as Google continues to reassert that is is bots, not humans, that are scanning the emails in order to provide the AdWords service. Next, there gradually occurred a convergence of Google services under the single social profile, or “email address”. A single Gmail account potentially includes use of with Google reader, calendar, chat, groups and an Orkut account. In terms of behavioral targeted advertising, Google has recently announced that they will be providing personalized search results even to users who have not signed up for Google services. This will be done through the placement a cookie on all machines to provide targeted advertising seamlessly through each Google search and browsing session.

While many argue that the collection of non-personally identifiable information poses no privacy harm, this assumption needs reassessment. As Google comes to offer us more, they also come to learn more, and Buzz signifies this trend towards a Googopolized social web. To add another layer of complexity to Googles hegemony, users of the Buzz service are also required to create a “Google Profile”, which is searchable online and displays real time status updates, comments, and connections from other social network services, such as Facebook and Twitter. As Google recently launched the beta version of the new Social Search, Buzz was just the service required to increase the relevance to the new service by encouraging Gmail users to publish even more personal information. The creation of a personal Google profile, which is indexed and searchable, raises many concerns about privacy and identity, and doubts are continually raised over how much Google should come to know about us.

While Google’s services have arguably made the online social experience more seamless and tailored, it is questionable as to how relevant, or even desirable, such a shift may be. At present, it may appear that Google is wearing far too many hats, and users should be wary of placing all eggs into one basket. As the launch of Buzz has shown us, user consent and the contextual integrity of private personal information can be compromised when a diverse number of online services are integrated and given a social spin. When competition among social web providers drives users to lose control of the private information which is inherently theirs, critical questions surrounding competition, convergence and privacy require critical exploration.

For more details visit https://cis-india.org/openness/blog-old/does-the-social-web-need-a-googopoly

The (in)Visible Subject: Power, Privacy and Social Networking

rebecca — 2011-08-18T05:06:52Z

In this entry, I will argue that the interplay between privacy and power on social network sites works ultimately to subject individuals to the gaze of others, or to alternatively render them invisible. Individual choices concerning privacy preferences must, therefore, be informed by the intrinsic relationship which exists between publicness/privateness and subjectivity/obscurity.
The Architecture of Openness

Through a Google search or a quick scan of Facebook, people today are able to gain “knowledge” on others in a way never once possible. The ability to search and collect information on individuals online only continues to improve as online social networks grow and search engines become more comprehensive. Social networks, and the social web more broadly, has worked to fundamentally alter the nature of personal information made available online. Social networking services today enable the average person, with web access, to publish information through a “social profile”. Personal information made available online is now communicative, narrative and biographic. Consequentially, social profiles have become rich containers of personal information that can be searched, indexed and analyzed.

The architecture of the social web further encourages users to enclose volumes of personally identifiable information. Most social network sites embrace the “ethos of openness” as, by default, most have relaxed privacy settings. While most sites give users relative control over the disclosure of personal information, services such as MySpace, Facebook and Live Journal are far ahead of the black and white public/private privacy models of sites such as Bebo and Orkut. Bebo, for example, only allows users to disclose information to “friends” or “everyone”, granting little granularity for diverse privacy preferences. MySpace and Facebook, on the other hand, have made room for “friends of friends”, among other customizable group preferences. All networking sites also consider certain pieces of basic information publicly available, without privacy controls. On most sites, this includes name, photograph, gender and location, and list of friends. Okrut, however, considers far more information to public—leaving the political views and religions of its’ members public. This openness leaves the individual with little knowledge or control over how their information is viewed, and subsequently used.

Search functionality has also increased the visibility of individuals outside their immediate social network. For example, sites such Facebook and LinkedIn index user profiles through Google search. Furthermore, all social network sites index their users, effectively allowing profiles to be searched by other users through basic registration data, such as first and last name or registered email address. While most services allow users to remove their profiles from external search engines, they are often not able to effectively control internal searches. Orkut, for example, does not allow users to disable internal searches according to their first and last names. LinkedIn and MySpace also maintains that users be searchable by their email addresses.

Through this open architecture and search functionality, social network sites have rendered individuals more “visible” vis-à-vis one another. The social web has effectively altered the spatial dimensions of our social lives as grounded, embodied experience becomes ubiquitous and multiply experienced. Privacy, in the online social milieu, assumes greater fluidity and varied meaning—transcending spatially constructed understandings of the notion.

While the architecture of social networking sites encourages users to be more “public”, heightened control, or “more privacy” is generally suggested as the panacea to privacy concerns. However, the public/private binary of privacy talk often fails to capture the complex nexus which exists between privacy and power in the networked ecosystem. Privacy preferences on social networks, and the consequences thereof, are effectively shaped and influenced by structures of power. In this entry, I will argue that the interplay between privacy and power works ultimately to expose individuals to the subjective gaze of others, or to render them invisible. In this respect, individual choices concerning privacy preferences must be informed by the intrinsic relationship between notions of publicness/privateness and subjectivity/obscurity.

Power and Subjectivity

The searchable nature of the social profile allows others to quickly and easily aggregate information on one another. As privacy scholar Daniel Solve notes, social searching may be of genuine intent – individuals use social networking services to locate old friends, and to connect with current colleagues. However, curiosity does not always assume such innocence, as fishing expeditions for personal information may serve the purpose of judging individuals based perception of the social profile. The relatively power of search and open information can be harnessed to weed out potential job applicants, or to rank college applicants. Made possible through the architecture of the web and social constructions of power, individuals may be subjected to the deconstructive gaze of superiors.

The architecture of social networking sites significantly compliments this nexus between privacy and power. As individual behavior and preferences become more transparent, the act of surveillance is masked behind the ubiquity and anonymity of online browsing. Drawing on Foucault’s panopticism, social networks make for the “containerization” of social space –allowing the powerful to subjectively hierarchize and classify individuals in relation to one another [1]. This practice becomes particularly troublesome online, as individuals are often unable to control how they are constructed by others in cyberspace.

Perfect control is difficult to guarantee in an ecosystem where personal information is easily searched, stored, copied, indexed, and shared. In this respect, the privacy controls of social networking sites are greatly illusory. Googling an individual’s name, for example, may not reveal the full social profile of an individual, but may unveil dialogue involving the individual in a public discussion group. The searchable nature of personal information on the web has both complicated and undesirable consequences for privacy of the person for, what I believe, to be two main reasons.

The first point refers to what Daniel J. Solve describes as the “virtue of knowing less”. Individuals may be gaining more “information” on others through the internet, but this information is often insufficient for judging one’s character as it only communicates one dimension of an individual. In her work, Helen Nissenbaum emphasizes the importance contextual integrity holds for personal information. When used outside its intended context, information gathered online may not be useful for accurately assessing an individual. In addition, the virtual gaze is void of the essential components of human interaction necessary to effectively understand and situate each other. As Solve notes, certain information may distort judgment of another person, rather than increasing its accuracy.

Secondly, the act of surveillance through social networks work to undermine privacy and personhood, as individuals seek to situate others as “fixed texts” [2]. Due to the complex nature of the social self, such practice is undesirable. Online social networks are socially constructed spaces, with diverse meanings assigned by varied users. One may utilize a social network service to build and maintain professional relationships, while another may use it as an intimate space to share with close friends and family. James Rachels’ theory of privacy notes that privacy is important, as it allows individuals to selectively disclose information and to engage in behaviors appropriate and necessary for maintaining diverse personal relationships. Drawing on the work of performance theorists such as Judith Butler, we can assert that identity is not fixed or unitary, but is constituted by performances that are directed at different audiences [3]. Sociologist Erving Goffman also notes that we “live our lives as performers… [and] play many different roles and wear many different masks” [4]. Individuals, therefore, are inclined to perform themselves online according to their perceived audiences. It is the audience, or the social graph, which constructs the context that, in turn, informs individual behavior.

Any attempt to situate and categorize the individual becomes particularly problematic in the context of social networks, where information is often not intended for the purpose for which it is being used. Due to the complex nature of human behavior, judgments of character based on online observation only effectively capture one side of the “complicated self”. As Julie Cohen writes, the “law often fails to capture the mutually constitutive interactions between self and culture, the social constructions of systems of knowledge, and the interplay between systems of knowledge and systems of power”. Because the panoptic gaze is decentralized and anonymous in the networked ecosystem, individuals will often bear little knowledge on how their identities are being digitally deconstructed and rewired. Most importantly, much of this judgment will occur without individual consent or knowledge—emphasizing the transparent nature of the digital self.

Power and (in)visibility

In response to the notion that the architecture of the social web may render individuals transparent to the gaze of others, the need for more “control” over privacy on social network sites has captured the public imagination. Facebook’s abrupt privacy changes, for example, have received widespread attention in the blogosphere and even by governments. While popular privacy discourse often continues to fixate on the public/private binary—Facebook’s questionable move towards privacy decontrol has raised important questions of power and privilege.

A recent blog post by danah boyd nicely touches upon the dynamics of power, public-ness, and privilege in the context of online social networking. As she notes, “Public-ness has always been a privilege… but now we've changed the equation and anyone can theoretically be public… and seen by millions. However, there are still huge social costs to being public…the privileged don’t have to worry about the powerful observing them online…but most everyone else does –forcing people into the public eye doesn’t dismantle the structures of privilege and power, but only works to reinforce them” (emphasis added).

This point touches upon an important idea —that publicity has value. This nexus between visibility and power is one which unfolds quite clearly in the social media ecosystem. One’s relevance or significance could, arguably, be measured relative to online visibility. Many individuals who are seen as “leaders” within their own professional or social circles often maintain public blogs, maintain a herd of followers on Twitter, and often manage large numbers of connections on social network sites. The more information written by or on an individual online, arguably, the more relevant they appear to in the eyes of their peers and superiors alike.

Power and privilege, however experienced, will be mirrored in the online context. While the participatory and decentralized nature of Web 2.0 arguably works challenge traditional structures of power, systemic hierarchies and are often reinforced online –as Facebook’s privacy blunders clearly illustrates. The privileged need not worry about the subjective gaze of their superiors, as boyd notes. Those who may be compromised due to the lack of privateness, however, do. As boyd goes on to argue, “the privileged get more privileged, gaining from being exposed… and those struggling to keep their lives together are forced to create walls that are constantly torn down around them”. As public exposure may over often equate to power, we must critically challenge the assumption that the move towards more privacy control on social networks will best empower its members.

If publicity can potentially have great value for the individual, the opposite also rings true. Privacy, as polemic to publicness, alternatively works to diminish the presence of the individual, rendering them invisible or irrelevant within hyper-linked networks. With greater personal protectionism online, an individual may go unnoticed or unrecognized, fizzling out dully behind their more public peers. Drawing on social network theory, powerful people can be understood as “supernodes” as they connect more peripheral members of a network. As Lior Strahilevitz notes, supernodes tend to be better informed than the peripherals, and are most likely to be perceived as “leaders”.

As the power of the supernode relates to privacy, Strahilevitz states that that “supernodes maintain their privileged status by continuing to serve as information clearinghouses….and, in certain contexts, become supernodes based in part on their willingness to share previously private information about themselves”. It is within the context of visibility and power that the idea of (in)visibility and powerlessness online unfold. Those who have most at risk by going public, may chose not to do so. Those with in comfortable positions with considerably less to lose by going public may be inclined to “open up”. Heightened privacy controls on social network services, therefore, can work to reinforce the very structures of power they seek to dismantle.

This is not to argue, however, that more privacy is necessarily bad, and that less privacy is good, or that users shouldn’t be selective in their disclosures – to the contrary. As personal information has become ubiquitous and tools for aggregating information improve, maintaining privacy online becomes more pertinent than ever. However, the concept of privacy will only continue to become increasingly complex as digital networks continue to deconstruct and reconfigure the spatial dimensions of the public and private. How are we to effectively understand privacy in a social environment which values openness and publicity? Can the fluid and dynamic self gain visibility online without becoming subject to the gaze of superiors? Will those who selectively choose friends and carefully disclose personal information fizzle out, while the powerful and less inhibited continue to reassert privilege? The interplay between power and privacy on the social web is a multiply constitutive and reinforcing synergy –understanding how to effectively strike balance between the right to privacy and self-determination is the challenge ahead.

1. see “Foucault in Cyberspace” by James Boyle

2. Julie Cohen

3. Cohen citing Butler

4. Solve citing Goffman

Document Actions

For more details visit https://cis-india.org/openness/blog-old/the-in-visible-subject-power-privacy-and-social-networking

WikiWars - A report

nishant — 2010-10-06T11:21:56Z

The Centre for Internet and Society, Bangalore and the Institute of Network Cultures, Amsterdam, hosted WikiWars – an international event that brought together scholars, researchers, academics, artists and practitioners from various disciplines, to discuss the emergence and growth of Wikipedia and what it means for the information societies we inhabit. With participants from 15 countries making presentations about Wikipedia and the knowledge ecology within which it exists, the event saw a vigorous set of debates and discussions as questions about education, pedagogy, language, access, geography, resistance, art and subversion were raised by the presenters. The 2 day event marked the beginning of the process that hopes to produce the first critical reader – Critical Point of View (CPOV) - that collects key resources for research and inquiry around Wikipedia.

The debates around Wikipedia, the de facto dynamic knowledge production system online, are very fairly divided into two competing camps. There is a group of people who swear by Wikipedia – celebrating its democratic processes of knowledge production, ease of access, and the de-canonisation of knowledge to produce the ‘WikiWay’; And then there is a group of people who swear at Wikipedia – raising concerns over authenticity, reliability, vulgarisation of knowledge and the de-hierarchisation of knowledge systems that Wikipedia seems to embody. The debates between the two groups are often passionate and situated in wildly speculative and often personal interests and investments in Wikipedia and the Web 2.0 Information Revolution that it seems to be a symptom of. The debates also play out in various international locations, most of them relying on personal anecdotes, experiences and half hearted data that does not stand the tests of rigour.

WikiWars, then, concentrated on things which are about Wikipedia but also not about Wikipedia. In many ways, as Geert Lovink, the Director of INC suggested, WikiWars was a recognition of the fact that Wikipedia has come of age and can now be systematically and philosophically examined as a work in progress that has long-term implications about our future. It was the ambition of the Editorial team (consisting of Geert Lovink, Sabine Nerdeer, Nathaniel Tkacz, Johanna Niyesito, Sunil Abraham and Nishant Shah) to veer away from the recognised battle-lines drawn in, around and about Wikipedia, and instead examine the fault-lines that run under many of our assumptions, prejudices and imaginations of Wikipedia. And Wikiwars, through careful screening and invested interests, became one of the first platforms in the world to initiate a critical discourse on Wikipedia, seeking to engage with its histories, it contemporary manifestations and practices, and the futures that it seeks to inhabit.

The different presentations brought in located debates, theoretical and philosophical concepts and personal experiences to build frameworks that explain and contextualise Wikipedia as one of the most contested spaces online. The eight panels across two days dealt with four major thematic areas which need to be summarised in brief:

1. Education, Pedagogy and Knowledge: At the very basis of Wikipedia (and other structures like it) is the question of knowledge production, the possibility of using it as an educational tool and the potentials it has for introducing new pedagogies and learning practices in and outside of institutionalised education. Presenters from various disciplines engaged with these questions in interesting ways.

Usha Raman from Teacher Plus in Hyderabad, brought in the question of primary education, the need for teacher training programmes and the ways by which infrastructure development needs to be thought through when talking of Wikipedia and education in the Indian context. The necessity of locating Wikipedia in a much larger debates on learning were also echoed by Noopur Rawal and Srikeit Tadepalli, students from Christ University who brought their experience of Wikipedia and the expectations from classroom education and learning in their presentation.

In the same field, but from a different approach, a panel examined Wikipedia as a site to critique Western Knowledge production systems. Stian Haklev and Johanna Niyesito concentrated on the questions of language and knowledge production. Haklev made an impassioned argument deconstructing the utopian idea of Wikipedia’s multilingual dreams and instead made a call for recognising the black-holes when it comes to non-English production and consumption of knowledge on Wikipedia. He further explored the implications that linguistic imbalance has on the very governance structure of Wikipedia and its communities. Niyesito challenged the ‘global’ and ‘cosmopolitan’ image that Wikipedia has built for itself and posited the idea of Wikipedia as a translingual space where different languages and cultures negotiate common understandings and processes of producing knowledge. HanTeng Liao explored knowledge production through the market economy of key-words to see how the linguistic biases of search engines that harvest these keywords, determines the access and visibility of different Wikipedia pages.

Resistance, Diversity and Representation: While these questions were present as undercurrents to most of the presentations at WikWars, they were perhaps most fiercely present in the debates that followed the presentations by Eric Ilya Lee (Academia Sinica, Taiwan), YiPing Tsou (National Central University, Taiwan), William Beutler and Eric Zimmerman (IDC, Israel).

For Lee and Tsou, the responses to the Chinese language Wikipedia from popular media and personal experiences, were demonstrative of the fact that the lack of diverse means of representation and participation lead to a strong resistance of Wikipedia in Taiwan. Beutler looked at the heavily contested editorial space and policies of Wikipedia to make a point about how lack of effective governance systems based on mutual tolerance and diversity lead to stressful and often traumatic experiences for users who might not be represented through the mainstream ideas and ideologies of an English speaking populace.

Zimmerman took a startling position, calling for a regime of attribution and dissolving the pseudonymous structures of knowledge production in Wikipedia in order to build designs of trust and verification into the system, thus leading to better and more credible research tools and representations.

The tone of debates was altered with presentations by Mark Graham (Oxford Research Institute) and the team of artists Nathaniel Stern and Scott Kildal, the team responsible for the Wikipedia Art Project. Graham showed the complexity of visualising space and how the production of space (or physical geography) on Wikipedia often reflects the virtual density of access and presence online. Showing a nuanced set of images that help mapping these new geographies for a richer diversity and representation, Graham showed how systems like Wikipedia ‘cannot know what they cannot know’ despite the reliance on the wisdom of crowds.

Stern and Kildall, in giving an account of their project which used Wikipedia’s policies to undermine and challenge it, show how the institutionalisation of a space and its ‘canonisation’ can quickly lead to a new set of problems where the space becomes the very thing it had set itself against.

3. Politics of Free, Open and Exclusion: The rhetoric of free and open have been built into all popular discourses around Wikipedia. However, the presentations at WikiWars showed that these need to be taken with at least a pinch of salt and further examined for what they signify. Alok Nandi of Architempo made a dramatic and creative revisit of these guiding principles of Wikipedia. He showed how an inquiry into rituals of participation, distortion and access on Wikipedia can promote, not merely looking at the politics of exclusion but also at the politics of inclusion and the problems therein.

Dror Kamir’s evocative narrative of ‘Your side, my side and Wikipedia’ illustrated how the question of boundaries, of knowledges, of facts and truths get distorted as language, community, nationality, etc. come into play in recording and documenting knowledge on Wikipedia. Concentrating on conflict zones in the Middle East, he talked about the lack and perhaps the impossibility of producing neutrality the way in which Wikipedia demands of its users. These ideas resonated with the propositions that ShunLing Chen from Harvard had floated in the opening panel to explore the ‘boundary work’ of Wikipedia and how it defines and produces itself in relation to external forces and controversies. These discussions on the politics of presence, absence, inclusion and exclusion were further layered by presentations by Linda Gross, Elad Weider, Heather Ford and Nathaniel Tkacz who produced a critique of the Free and Open, taking a cautionary step away from accepting these as inherently good.

While Gross explored the structure of egalitarianism that Wikipedia builds for itself, Ford presented an analysis of the licensing regimes of the knowledge produced within Wikipedia and the problems they pose to traditional knowledges and non-mainstream information. Weider, trained as a lawyer, critiqued the neo-liberal discourse around Wikipedia and tried to correlate the communities with markets. Tkacz’s historical overview of Free and Open, resulted in a compelling inquiry into the very structures that inform the shape and functioning of objects like Wikipedia.

Twitter: #WikiWars http://twitter.com/wikiwars and www.twitter.com/jackerhack/wikiwars

Flickr: http://www.flickr.com/photos/30479432@N03/sets/72157623193288710/

CPOV blog : http://networkcultures.org/wpmu/cpov/

The videos fom the Wikiwars event are embedded below:

For more details visit https://cis-india.org/research/conferences/conference-blogs/wwrep

Arguments Against Software Patents in India

pranesh — 2012-03-13T10:43:12Z

CIS believes that software patents are harmful for the software industry and for consumers. In this post, Pranesh Prakash looks at the philosophical, legal and practical reasons for holding such a position in India. This is a slightly modified version of a presentation made by Pranesh Prakash at the iTechLaw conference in Bangalore on February 5, 2010, as part of a panel discussing software patents in India, the United States, and the European Union.

This blog post is based on a presentation made at the iTechLaw conference held on February 5, 2010. The audience consisted of lawyers from various corporations and corporate law firms. As is their wont, most lawyers when dealing with software patents get straight to an analysis of law governing the patenting of computer programmes in India and elsewhere, and seeing whether any loopholes exist and can be exploited to patent software. It was refreshing to see at least some lawyers actually going into questions of the need for patents to cover computer programs. In my presentation, I made a multi-pronged case against software patents: (1) philosophical justification against software patents based on the nature of software; (2) legal case against software patents; (3) practical reasons against software patents.

Preamble

Through these arguments, it is sought to be shown that patentability of software is not some arcane, technical question of law, but is a real issue that affect the continued production of new software and the everyday life of the coder/hacker/software programmer/engineer as well as consumers of software (which is, I may remind you, everywhere from your pacemaker to your phone). A preamble to the arguments would note that the main question to ask is: why should we allow for patenting of software? Answering this question will lead us to ask: who benefits from patenting of software. The conclusion that I come to is that patenting of software helps three categories of people: (1) those large software corporations that already have a large number of software patents; (2) those corporations that do not create software, but only trade in patents / sue on the basis of patents ("patent trolls"); (3) patent lawyers. How they don't help small and medium enterprises nor society at large (since they deter, rather than further invention) will be borne out by the rest of these arguments, especially the section on practical reasons against software patents.

What are Patents?

Patents are a twenty-year monopoly granted by the State on any invention. An invention has to have at least four characteristics: (0) patentable subject matter; (1) novelty (it has to be new); (2) inventive step / non-obviousness (even if new, it should not be obvious); (3) application to industry. A monopoly over that invention, thus means that if person X has invented something, then I may not use the core parts of that invention ("the essential claims") in my own invention. This prohibition applies even if I have come upon my invention without having known about X's invention. (Thus, independent creation is not a defence to patent infringement. This distinguishes it, for instance, from copyright law in which two people who created the same work independently of each other can both assert copyright.) Patents cover non-abstract ideas/functionality while copyright covers specific expressions of ideas. To clarify: imagine I make a drawing of a particular machine and describe the procedure of making it. Under patent law, no one else can make that particular machine, while under copyright law, no one can copy that drawing.

Philosophical Justification Against Software Patents

Even without going into the case against patents per se (lack of independent creation as a defence; lack of 'harm' as a criterion leading to internalization of all positive externalities; lack of effective disclosure and publication; etc.), which has been done much more ably by others like Bessen & Meurer (especially in their book Patent Failure) and Boldrin & Levine (in their book Against Intellectual Monopoly, the full text of which is available online).

But there is one essentially philosophical argument against software as subject matter of a patent. Software/computer programs ("instructions for a computer"), as any software engineer would tell you, are merely algorithms ("an effective method for solving a problem using a finite sequence of instructions") that are meant to be understood by a computer or a human who knows how to read that code.

Algorithms are not patentable subject matter, as they are mere expressions of abstract ideas, and not inventions in themselves. Computer programs, similarly, are abstract ideas. They only stop being abstract ideas when embodied in a machine or a process in which it is the machine/process that is the essential claim and not the software. That machine or process being patented would not grant protection to the software itself, but to the whole machine or process. Thus the abstract part of that machine/process (i.e., the computer program) could be used in any other machine/process, as it it is not the subject matter of the patent. Importantly, just because software is required to operate some machine would then not mean that the machine itself is not patentable, just that the software cannot be patented in guise of patenting a machine.

Legal Case Against Software Patents

In India, section 3(k) of the Patent Act reads:

(3) The following are not inventions within the meaning of this Act: (k) a mathematical or business method or computer programme (sic) per se or algorithms.

As one can see, computer programs are place in the same category as "mathematical methods", "algorithms", and "business methods", hence giving legal validity to the idea propounded in the previous section that computer programs are a kind of algorithms (just as algorithms are a kind of mathematical method).

Be that as it may, the best legal minds in India have had to work hard at understanding what exactly "computer programme per se" means. They have cited U.S. case law, U.K. case law, E.U. precedents, and sought to arrive at an understanding of how per se should be understood. While understanding what per se means might be a difficult job, it is much easier to see what it does not mean. For that, we can look at the 2004 Patent Ordinance that Parliament rejected in 2005. In that ordinance, sections 3(k) and (ka) read as follows:

(3) The following are not inventions within the meaning of this Act: (k) a computer programme per se other than its technical application to industry or a combination with hardware; (ka) a mathematical method or a business method or algorithms.

Thus, it is clear that the interpretation that "computer programme per se" excludes "a computer programme that has technical application to industry" and "a computer programme in combination with hardware" is wrong. By rejecting the 2004 Ordinance wording, Parliament has clearly shown that "technical application to industry" and "combination with hardware" do not make a computer programme patentable subject matter.

Indeed, what exactly is "technical application to industry"? "Technical" has various definitions, and a perusal through those definitions would show that barely any computer program can be said not to relate to a technique, not involve "specialized knowledge of applied arts and sciences" (it is code, after all; not everyone can write good algorithms), or not relate to "a practical subject that is organized according to scientific principles" or is "technological". Similarly, all software is, by definition, meant to be used in combination with hardware. Thus, it being used in combination with hardware must not, as argued above, give rise to patentability of otherwise unpatentable subject matter category.

In 2008, the Patent Office published a new 'Draft Manual Of Patent Practice And Procedure' in which it sought to allow patenting of certain method claims for software inventions (while earlier the Patent Office objected to method claims, allowing only device claims with hardware components). This Draft Manual was withdrawn from circulation, with Shri N.N. Prasad (then Joint Secretary of DIPP, the department administering the Patent Office) noting that the parts of the Manual on sections 3(d) and 3(k) had generated a lot of controversy, and were ultra vires the scope of the Manual (which could not override the Patent Act). He promised that those parts would be dropped and the Manual would be re-written. A revised draft of the Manual has not yet been released. Thus the interpretation provided in the Draft Manual (which was based heavily on the interpretation of the U.K. courts) cannot not be relied upon as a basis for arguments in favour of the patentability of software in India.

In October 2008, CIS helped organize a National Public Meeting on Software Patents in which Indian academics, industry, scientists, and FOSS enthusiasts all came to the conclusion that software patents are harmful for both the industry as well as consumers.

Practical Reasons Against Software Patents

This is going to be an attempt at distilling and simplifying some of the main practical arguments against patenting of software.

There are traditionally four incentives that the patent system caters to: (1) incentive to invent; (2) incentive to disclose; (3) incentive to commercialize; and (4) incentive to invent substitutes. Apart from the last, patenting of software does not really aid any of them.

Patent Landmines / Submarine Patents / Patent Gridlocks / No Exception for Independent Creation

Given that computer programs are algorithms, having monopolies over such abstract ideas is detrimental to innovation. Just the metaphors say a lot about software patents: landmines (they cannot be seen/predicted); submarines (they surface out of the blue); gridlocks (because there are so many software patents around the same area of computing, they prevent further innovation in that area, since no program can be written without violating one patent or the other).

Imagine the madness that would have ensued had patents been granted when computer programming was in its infancy. Imagine different methods of sorting (quick sort, bubble sort) that are part of Computer Science 101 had been patented. While those particular instances aren't, similar algorithms, such as data compression algorithms (including the infamous LZW compression method), have been granted patents. Most importantly, even if one codes certain functionality into software independently of the patent holder, that is still violative of the patent. Computer programs being granted patents makes it extremely difficult to create other computer programs that are based on the same abstract ideas. Thus incentives # (1) and (3) are not fulfilled, and indeed, they are harmed. There is no incentive to invent, as one would always be violating one patent or the other. Given that, there is no incentive to commercialize what one has invented, because of fear of patent infringement suits.

An apt illustration of this is the current difficulty of choosing a royalty-free video format for HTML 5, as it shows, in practical terms, how difficult it is to create a video format without violating one patent or the other. While the PNG image format was created to side-step the patent over the LZW compression method used in the GIF image format, bringing Ogg Theora or Dirac (both patent-free video format) to surpass the levels of H.264/MPEG-4 AVC or VC-1 will be very difficult without infringing dozens if not hundreds of software patents. Chris DiBona of Google, while talking about improving Ogg Theora as part of its inclusion in HTML 5 specifications said, "Here’s the challenge: Can Theora move forward without infringing on the other video compression patents?" Just the number of companies and organization that hold patents over H.264 is astounding, and includes: Columbia University, Electronics and Telecommunications Research Institute of Korea (ETRI), France Télécom, Fujitsu, LG Electronics, Matsushita, Mitsubishi, Microsoft, Motorola, Nokia, Philips, Robert Bosch GmbH, Samsung, Sharp, Sony, Toshiba, and Victor Company of Japan (JVC). As is the amount of royalties to be paid ("[t]he maximum royalty for these rights payable by an Enterprise (company and greater than 50% owned subsidiaries) is $3.5 million per year in 2005-2006, $4.25 million per year in 2007-08 and $5 million per year in 2009-10"; with royalty per unit of a decoder-encoder costing upto USD 0.20.)

Indeed, even the most diligent companies cannot guard themselves against software patents. FFII estimates that a very simple online shopping website would violate twenty different patents at the very least. Microsoft recently lost a case against i4i when i4i surfaced with a patent covering custom XML as implemented in MS Office 2003 and MS Office 2007. As a result Microsoft had to ship patches to its millions of customers, to disable the functionality and bypass that patent. The manufacturers of BlackBerry, the Canadian company Research in Motion, had to shell out USD 617 million as settlement to NTP over wireless push e-mail, as it was otherwise faced with the possibility of the court shutting down the BlackBerry service in the U.S. This happened despite there being a well-known method of doing so pre-dating the NTP patents. NTP has also filed cases against AT&T, Sprint Nextel, T-Mobile, Verizon Wireless, and Palm Inc. Microsoft was also hit by Visto Corporation over those same NTP patents, which had been licensed to Visto (a startup).
- Don't These Cases Show How Software Patents Help Small Companies?
  
  The astute reader might be tempted to ask: are not all of these examples of small companies getting their dues from larger companies? Doesn't all of this show that software patents actually help small and medium enterprises (SMEs)? The answer to that is: no. To see why, we need to note the common thread binding i4i, NTP, and Visto. None of them were, at the time of their lawsuits, actually creating new software, and NTP was an out-and-out "non-practising entity"/"patent holding company" AKA, patent troll. i4i was in the process of closing shop, and Visto had just started up. None of these were actually practising the patent. None of these were producing any other software. Thus, none of these companies had anything to lose by going after big companies. In other words, the likes of Microsoft, RIM, Verizon, AT&T, etc., could not file counter-suits of patent infringement, which is normally what happens when SMEs try to assert patent rights against larger corporations. For every patent that the large corporation violates of the smaller corporation, the smaler corporation would be violating at least ten of the larger corporation's. Software patents are more helpful for software companies as a tool for cross-licensing rather than as a way of earning royalties. Even this does not work as a strategy against patent trolls.
Thus, the assertion that was made at the beginning is borne out: software patents help only patent trolls, large corporations that already have large software patent portfolios, and the lawyers who draft these patents and later argue them out in court.
Term of Patents

Twenty years of monopoly rights is outright ludicrous in an industry where the rate of turnover of technology is much faster -- anywhere between two years and five months.
Software Industry Progressed Greatly Without Patents

In India, software patents have never been asserted in courts (even though many have been illegally granted), yet the software industry in India is growing in leaps and bounds. Similarly, most of the big (American) giants of the software industry today grew to their stature by using copyright to "protect" their software, and not patents.
Copyright Exists for Software

As noted above, the code/expression of any software is internationally protected by copyright law. There is no reason to protect the ideas/functionality of that software as well.
Insufficient Disclosure

When ordinary computer programmers cannot understand what a particular software patent covers (which is the overwhelming case), then the patent is of no use. One of the main incentives of the patent system is to encourage gifted inventors to share their genius with the world. It is not about gifted inventors paying equally gifted lawyers to obfuscate their inventions into gobbledygook so that other gifted inventors can at best hazard a guess as to precisely what is and is not covered by that patent. Thus, this incentive (#2) is not fulfilled by the current system of patents either -- not unless there is a major overhaul of the system. This ties in with the impossibility of ensuring that one is not violating a software patent. If a reasonably smart software developer (who are often working as individuals, and as part of SMEs) cannot quickly ascertain whether one is violating patents, then there is a huge disincentive against developing software in that area at all.
Software Patents Work Against Free/Libre/Open Source Software

Software patents hinder the development of software and FOSS licences, as the licensee is not allowed to restrict the rights of the sub-licensees over and above the restrictions that the licensee has to observe. Thus, all patent clearances obtained by the licensee must be passed on to the sub-licensees. Thus, patented software, though most countries around the world do not recognize them, are generally not included in the default builds of many FOSS operating systems. This inhabits the general adoption of FOSS, since many of the software patents, even though not enforceable in India, are paid heed to by the software that Indians download, and the MP3 and DivX formats are not enabled by default in standard installations of a Linux OS such as Ubuntu.

Conclusion

Currently, the U.S. patent system is being reviewed at the administrative level, the legislative level, as well as the judicial level. At the judicial level, the question of business method patents (and, by extension, software patents) is before the Supreme Court of the United States of America in the form of Bilski v. Kappos. Judge Mayer of the Court of Appeals for the Federal Circuit (CAFC, which heard In re Bilksi) noted that "the patent system has run amok". The Free Software Foundation submitted a most extensive amicus curiae brief to the U.S. Supreme Court, filled with brilliant analysis of software patents and arguments against the patentability of software that is well worth a read.

For more details visit https://cis-india.org/a2k/blogs/arguments-against-software-patents

Centre for Internet and Society

The 2010 Special 301 Report Is More of the Same, Slightly Less Shrill

Special 301 Report: Unbalanced Hypocrisy

India and the 2010 Special 301 Report

On Copyrights

On Patents

Miscellanea

Conclusion

IIPA's Recommendation for the Special 301 Report

Open Source

Domestic Software

WCT, WPPT, Camcording, and Statutory Damages

Further conclusions

China Club instead of Bombay Club?

Why labour arbitrage and not products

Integrated policies work

Emulate China

Biometry Is Watching

What Women Want: The ability debates

Change in attitude

Implement their rights

A development issue

Public-private partnership

The copyright angle

Technological Protection Measures in the Copyright (Amendment) Bill, 2010

Implications: The Good Part

Implications: The Bad Part

Uncertainties

On "shall maintain" and penalties

On "facilitating" and remoteness

More uncertainties

On "purpose" as a criterion in 65A(2)(a)

Conclusion

When Copyright Goes Bad

Quotes from When Copyright Goes Bad

Making copyright, right

April 2010 Bulletin

News Updates

Research

Advocacy

Accessibility

Intellectual Property

Openness

Internet Governance

Telecom

Other Advocacy

Does the Safe-Harbor Program Adequately Address Third Parties Online?

March 2010 Bulletin

News Updates

Upcoming Events

Research

Telecom

CI Global Meeting on A2K

CPOV : Wikipedia Research Initiative

Does the Social Web need a Googopoly?

The (in)Visible Subject: Power, Privacy and Social Networking

Bookmark & Share:

Document Actions

WikiWars - A report

Arguments Against Software Patents in India

Preamble

What are Patents?

Philosophical Justification Against Software Patents

Legal Case Against Software Patents

Practical Reasons Against Software Patents

Patent Landmines / Submarine Patents / Patent Gridlocks / No Exception for Independent Creation

Don't These Cases Show How Software Patents Help Small Companies?

Term of Patents

Software Industry Progressed Greatly Without Patents

Copyright Exists for Software

Insufficient Disclosure

Software Patents Work Against Free/Libre/Open Source Software

Conclusion